projects / exim.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Fix previous attempt to remove "memory" from debug "all".
[exim.git] / src / src / verify.c
CommitLineData
5417f6d1 1/* $Cambridge: exim/src/src/verify.c,v 1.21 2005/06/23 10:02:13 ph10 Exp $ */
059ec3d9
PH		 2
3/*************************************************
4* Exim - an Internet mail transport agent *
5*************************************************/
6
c988f1f4 7/* Copyright (c) University of Cambridge 1995 - 2005 */
059ec3d9
PH		 8/* See the file NOTICE for conditions of use and distribution. */
9
10/* Functions concerned with verifying things. The original code for callout
11caching was contributed by Kevin Fleming (but I hacked it around a bit). */
12
13
14#include "exim.h"
15
16
17/* Structure for caching DNSBL lookups */
18
19typedef struct dnsbl_cache_block {
20 dns_address *rhs;
21 uschar *text;
22 int rc;
23 BOOL text_set;
24} dnsbl_cache_block;
25
26
27/* Anchor for DNSBL cache */
28
29static tree_node *dnsbl_cache = NULL;
30
31
32
33/*************************************************
34* Retrieve a callout cache record *
35*************************************************/
36
37/* If a record exists, check whether it has expired.
38
39Arguments:
40 dbm_file an open hints file
41 key the record key
42 type "address" or "domain"
43 positive_expire expire time for positive records
44 negative_expire expire time for negative records
45
46Returns: the cache record if a non-expired one exists, else NULL
47*/
48
49static dbdata_callout_cache *
50get_callout_cache_record(open_db *dbm_file, uschar *key, uschar *type,
51 int positive_expire, int negative_expire)
52{
53BOOL negative;
54int length, expire;
55time_t now;
56dbdata_callout_cache *cache_record;
57
58cache_record = dbfn_read_with_length(dbm_file, key, &length);
59
60if (cache_record == NULL)
61 {
62 HDEBUG(D_verify) debug_printf("callout cache: no %s record found\n", type);
63 return NULL;
64 }
65
66/* We treat a record as "negative" if its result field is not positive, or if
67it is a domain record and the postmaster field is negative. */
68
69negative = cache_record->result != ccache_accept ||
70 (type[0] == 'd' && cache_record->postmaster_result == ccache_reject);
71expire = negative? negative_expire : positive_expire;
72now = time(NULL);
73
74if (now - cache_record->time_stamp > expire)
75 {
76 HDEBUG(D_verify) debug_printf("callout cache: %s record expired\n", type);
77 return NULL;
78 }
79
80/* If this is a non-reject domain record, check for the obsolete format version
81that doesn't have the postmaster and random timestamps, by looking at the
82length. If so, copy it to a new-style block, replicating the record's
83timestamp. Then check the additional timestamps. (There's no point wasting
84effort if connections are rejected.) */
85
86if (type[0] == 'd' && cache_record->result != ccache_reject)
87 {
88 if (length == sizeof(dbdata_callout_cache_obs))
89 {
90 dbdata_callout_cache *new = store_get(sizeof(dbdata_callout_cache));
91 memcpy(new, cache_record, length);
92 new->postmaster_stamp = new->random_stamp = new->time_stamp;
93 cache_record = new;
94 }
95
96 if (now - cache_record->postmaster_stamp > expire)
97 cache_record->postmaster_result = ccache_unknown;
98
99 if (now - cache_record->random_stamp > expire)
100 cache_record->random_result = ccache_unknown;
101 }
102
103HDEBUG(D_verify) debug_printf("callout cache: found %s record\n", type);
104return cache_record;
105}
106
107
108
109/*************************************************
110* Do callout verification for an address *
111*************************************************/
112
113/* This function is called from verify_address() when the address has routed to
114a host list, and a callout has been requested. Callouts are expensive; that is
115why a cache is used to improve the efficiency.
116
117Arguments:
118 addr the address that's been routed
119 host_list the list of hosts to try
120 tf the transport feedback block
121
122 ifstring "interface" option from transport, or NULL
123 portstring "port" option from transport, or NULL
124 protocolstring "protocol" option from transport, or NULL
125 callout the per-command callout timeout
4deaf07d
PH		 126 callout_overall the overall callout timeout (if < 0 use 4*callout)
127 callout_connect the callout connection timeout (if < 0 use callout)
059ec3d9
PH		 128 options the verification options - these bits are used:
129 vopt_is_recipient => this is a recipient address
130 vopt_callout_no_cache => don't use callout cache
2a4be8f9 131 vopt_callout_fullpm => if postmaster check, do full one
059ec3d9
PH		 132 vopt_callout_random => do the "random" thing
133 vopt_callout_recipsender => use real sender for recipient
134 vopt_callout_recippmaster => use postmaster for recipient
135 se_mailfrom MAIL FROM address for sender verify; NULL => ""
136 pm_mailfrom if non-NULL, do the postmaster check with this sender
137
138Returns: OK/FAIL/DEFER
139*/
140
141static int
142do_callout(address_item *addr, host_item *host_list, transport_feedback *tf,
8e669ac1 143 int callout, int callout_overall, int callout_connect, int options,
4deaf07d 144 uschar *se_mailfrom, uschar *pm_mailfrom)
059ec3d9
PH		 145{
146BOOL is_recipient = (options & vopt_is_recipient) != 0;
147BOOL callout_no_cache = (options & vopt_callout_no_cache) != 0;
148BOOL callout_random = (options & vopt_callout_random) != 0;
149
150int yield = OK;
151BOOL done = FALSE;
152uschar *address_key;
153uschar *from_address;
154uschar *random_local_part = NULL;
8e669ac1 155uschar **failure_ptr = is_recipient?
2c7db3f5 156 &recipient_verify_failure : &sender_verify_failure;
059ec3d9
PH		 157open_db dbblock;
158open_db *dbm_file = NULL;
159dbdata_callout_cache new_domain_record;
160dbdata_callout_cache_address new_address_record;
161host_item *host;
162time_t callout_start_time;
163
164new_domain_record.result = ccache_unknown;
165new_domain_record.postmaster_result = ccache_unknown;
166new_domain_record.random_result = ccache_unknown;
167
168memset(&new_address_record, 0, sizeof(new_address_record));
169
170/* For a recipient callout, the key used for the address cache record must
171include the sender address if we are using the real sender in the callout,
172because that may influence the result of the callout. */
173
174address_key = addr->address;
175from_address = US"";
176
177if (is_recipient)
178 {
179 if ((options & vopt_callout_recipsender) != 0)
180 {
181 address_key = string_sprintf("%s/<%s>", addr->address, sender_address);
182 from_address = sender_address;
183 }
184 else if ((options & vopt_callout_recippmaster) != 0)
185 {
186 address_key = string_sprintf("%s/<postmaster@%s>", addr->address,
187 qualify_domain_sender);
188 from_address = string_sprintf("postmaster@%s", qualify_domain_sender);
189 }
190 }
191
192/* For a sender callout, we must adjust the key if the mailfrom address is not
193empty. */
194
195else
196 {
197 from_address = (se_mailfrom == NULL)? US"" : se_mailfrom;
198 if (from_address[0] != 0)
199 address_key = string_sprintf("%s/<%s>", addr->address, from_address);
200 }
201
202/* Open the callout cache database, it it exists, for reading only at this
203stage, unless caching has been disabled. */
204
205if (callout_no_cache)
206 {
207 HDEBUG(D_verify) debug_printf("callout cache: disabled by no_cache\n");
208 }
209else if ((dbm_file = dbfn_open(US"callout", O_RDWR, &dbblock, FALSE)) == NULL)
210 {
211 HDEBUG(D_verify) debug_printf("callout cache: not available\n");
212 }
213
214/* If a cache database is available see if we can avoid the need to do an
215actual callout by making use of previously-obtained data. */
216
217if (dbm_file != NULL)
218 {
219 dbdata_callout_cache_address *cache_address_record;
220 dbdata_callout_cache *cache_record = get_callout_cache_record(dbm_file,
221 addr->domain, US"domain",
222 callout_cache_domain_positive_expire,
223 callout_cache_domain_negative_expire);
224
225 /* If an unexpired cache record was found for this domain, see if the callout
226 process can be short-circuited. */
227
228 if (cache_record != NULL)
229 {
230 /* If an early command (up to and including MAIL FROM:<>) was rejected,
231 there is no point carrying on. The callout fails. */
232
233 if (cache_record->result == ccache_reject)
234 {
235 setflag(addr, af_verify_nsfail);
236 HDEBUG(D_verify)
237 debug_printf("callout cache: domain gave initial rejection, or "
238 "does not accept HELO or MAIL FROM:<>\n");
239 setflag(addr, af_verify_nsfail);
240 addr->user_message = US"(result of an earlier callout reused).";
241 yield = FAIL;
8e669ac1 242 *failure_ptr = US"mail";
059ec3d9
PH		 243 goto END_CALLOUT;
244 }
245
246 /* If a previous check on a "random" local part was accepted, we assume
247 that the server does not do any checking on local parts. There is therefore
248 no point in doing the callout, because it will always be successful. If a
249 random check previously failed, arrange not to do it again, but preserve
250 the data in the new record. If a random check is required but hasn't been
251 done, skip the remaining cache processing. */
252
253 if (callout_random) switch(cache_record->random_result)
254 {
255 case ccache_accept:
256 HDEBUG(D_verify)
257 debug_printf("callout cache: domain accepts random addresses\n");
258 goto END_CALLOUT; /* Default yield is OK */
259
260 case ccache_reject:
261 HDEBUG(D_verify)
262 debug_printf("callout cache: domain rejects random addresses\n");
263 callout_random = FALSE;
264 new_domain_record.random_result = ccache_reject;
265 new_domain_record.random_stamp = cache_record->random_stamp;
266 break;
267
268 default:
269 HDEBUG(D_verify)
270 debug_printf("callout cache: need to check random address handling "
271 "(not cached or cache expired)\n");
272 goto END_CACHE;
273 }
274
275 /* If a postmaster check is requested, but there was a previous failure,
276 there is again no point in carrying on. If a postmaster check is required,
277 but has not been done before, we are going to have to do a callout, so skip
278 remaining cache processing. */
279
280 if (pm_mailfrom != NULL)
281 {
282 if (cache_record->postmaster_result == ccache_reject)
283 {
284 setflag(addr, af_verify_pmfail);
285 HDEBUG(D_verify)
286 debug_printf("callout cache: domain does not accept "
287 "RCPT TO:<postmaster@domain>\n");
288 yield = FAIL;
8e669ac1 289 *failure_ptr = US"postmaster";
059ec3d9
PH		 290 setflag(addr, af_verify_pmfail);
291 addr->user_message = US"(result of earlier verification reused).";
292 goto END_CALLOUT;
293 }
294 if (cache_record->postmaster_result == ccache_unknown)
295 {
296 HDEBUG(D_verify)
297 debug_printf("callout cache: need to check RCPT "
298 "TO:<postmaster@domain> (not cached or cache expired)\n");
299 goto END_CACHE;
300 }
301
302 /* If cache says OK, set pm_mailfrom NULL to prevent a redundant
303 postmaster check if the address itself has to be checked. Also ensure
304 that the value in the cache record is preserved (with its old timestamp).
305 */
306
307 HDEBUG(D_verify) debug_printf("callout cache: domain accepts RCPT "
308 "TO:<postmaster@domain>\n");
309 pm_mailfrom = NULL;
310 new_domain_record.postmaster_result = ccache_accept;
311 new_domain_record.postmaster_stamp = cache_record->postmaster_stamp;
312 }
313 }
314
315 /* We can't give a result based on information about the domain. See if there
316 is an unexpired cache record for this specific address (combined with the
317 sender address if we are doing a recipient callout with a non-empty sender).
318 */
319
320 cache_address_record = (dbdata_callout_cache_address *)
321 get_callout_cache_record(dbm_file,
322 address_key, US"address",
323 callout_cache_positive_expire,
324 callout_cache_negative_expire);
325
326 if (cache_address_record != NULL)
327 {
328 if (cache_address_record->result == ccache_accept)
329 {
330 HDEBUG(D_verify)
331 debug_printf("callout cache: address record is positive\n");
332 }
333 else
334 {
335 HDEBUG(D_verify)
336 debug_printf("callout cache: address record is negative\n");
337 addr->user_message = US"Previous (cached) callout verification failure";
8e669ac1 338 *failure_ptr = US"recipient";
059ec3d9
PH		 339 yield = FAIL;
340 }
341 goto END_CALLOUT;
342 }
343
344 /* Close the cache database while we actually do the callout for real. */
345
346 END_CACHE:
347 dbfn_close(dbm_file);
348 dbm_file = NULL;
349 }
350
351/* The information wasn't available in the cache, so we have to do a real
352callout and save the result in the cache for next time, unless no_cache is set,
353or unless we have a previously cached negative random result. If we are to test
354with a random local part, ensure that such a local part is available. If not,
355log the fact, but carry on without randomming. */
356
357if (callout_random && callout_random_local_part != NULL)
358 {
359 random_local_part = expand_string(callout_random_local_part);
360 if (random_local_part == NULL)
361 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand "
362 "callout_random_local_part: %s", expand_string_message);
363 }
364
4deaf07d
PH		 365/* Default the connect and overall callout timeouts if not set, and record the
366time we are starting so that we can enforce it. */
059ec3d9
PH		 367
368if (callout_overall < 0) callout_overall = 4 * callout;
4deaf07d 369if (callout_connect < 0) callout_connect = callout;
059ec3d9
PH		 370callout_start_time = time(NULL);
371
372/* Now make connections to the hosts and do real callouts. The list of hosts
373is passed in as an argument. */
374
375for (host = host_list; host != NULL && !done; host = host->next)
376 {
377 smtp_inblock inblock;
378 smtp_outblock outblock;
379 int host_af;
380 int port = 25;
8e669ac1 381 BOOL send_quit = TRUE;
059ec3d9
PH		 382 uschar *helo = US"HELO";
383 uschar *interface = NULL; /* Outgoing interface to use; NULL => any */
384 uschar inbuffer[4096];
385 uschar outbuffer[1024];
386 uschar responsebuffer[4096];
387
388 clearflag(addr, af_verify_pmfail); /* postmaster callout flag */
389 clearflag(addr, af_verify_nsfail); /* null sender callout flag */
390
391 /* Skip this host if we don't have an IP address for it. */
392
393 if (host->address == NULL)
394 {
395 DEBUG(D_verify) debug_printf("no IP address for host name %s: skipping\n",
396 host->name);
397 continue;
398 }
399
400 /* Check the overall callout timeout */
401
402 if (time(NULL) - callout_start_time >= callout_overall)
403 {
404 HDEBUG(D_verify) debug_printf("overall timeout for callout exceeded\n");
405 break;
406 }
407
408 /* Set IPv4 or IPv6 */
409
410 host_af = (Ustrchr(host->address, ':') == NULL)? AF_INET:AF_INET6;
411
412 /* Expand and interpret the interface and port strings. This has to
413 be delayed till now, because they may expand differently for different
414 hosts. If there's a failure, log it, but carry on with the defaults. */
415
416 deliver_host = host->name;
417 deliver_host_address = host->address;
418 if (!smtp_get_interface(tf->interface, host_af, addr, NULL, &interface,
419 US"callout") ||
420 !smtp_get_port(tf->port, addr, &port, US"callout"))
421 log_write(0, LOG_MAIN|LOG_PANIC, "<%s>: %s", addr->address,
422 addr->message);
423 deliver_host = deliver_host_address = NULL;
424
425 /* Set HELO string according to the protocol */
426
427 if (Ustrcmp(tf->protocol, "lmtp") == 0) helo = US"LHLO";
428
429 HDEBUG(D_verify) debug_printf("interface=%s port=%d\n", interface, port);
430
431 /* Set up the buffer for reading SMTP response packets. */
432
433 inblock.buffer = inbuffer;
434 inblock.buffersize = sizeof(inbuffer);
435 inblock.ptr = inbuffer;
436 inblock.ptrend = inbuffer;
437
438 /* Set up the buffer for holding SMTP commands while pipelining */
439
440 outblock.buffer = outbuffer;
441 outblock.buffersize = sizeof(outbuffer);
442 outblock.ptr = outbuffer;
443 outblock.cmd_count = 0;
444 outblock.authenticating = FALSE;
445
446 /* Connect to the host; on failure, just loop for the next one, but we
4deaf07d 447 set the error for the last one. Use the callout_connect timeout. */
059ec3d9
PH		 448
449 inblock.sock = outblock.sock =
4deaf07d 450 smtp_connect(host, host_af, port, interface, callout_connect, TRUE);
059ec3d9
PH		 451 if (inblock.sock < 0)
452 {
453 addr->message = string_sprintf("could not connect to %s [%s]: %s",
454 host->name, host->address, strerror(errno));
455 continue;
456 }
457
458 /* Wait for initial response, and then run the initial SMTP commands. The
459 smtp_write_command() function leaves its command in big_buffer. This is
460 used in error responses. Initialize it in case the connection is
461 rejected. */
462
463 Ustrcpy(big_buffer, "initial connection");
464
465 done =
466 smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
467 '2', callout) &&
468
469 smtp_write_command(&outblock, FALSE, "%s %s\r\n", helo,
470 smtp_active_hostname) >= 0 &&
471 smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
472 '2', callout) &&
473
474 smtp_write_command(&outblock, FALSE, "MAIL FROM:<%s>\r\n",
475 from_address) >= 0 &&
476 smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
477 '2', callout);
478
479 /* If the host gave an initial error, or does not accept HELO or MAIL
480 FROM:<>, arrange to cache this information, but don't record anything for an
481 I/O error or a defer. Do not cache rejections when a non-empty sender has
482 been used, because that blocks the whole domain for all senders. */
483
484 if (!done)
485 {
8e669ac1 486 *failure_ptr = US"mail";
059ec3d9
PH		 487 if (errno == 0 && responsebuffer[0] == '5')
488 {
489 setflag(addr, af_verify_nsfail);
490 if (from_address[0] == 0) new_domain_record.result = ccache_reject;
491 }
492 }
493
494 /* Otherwise, proceed to check a "random" address (if required), then the
495 given address, and the postmaster address (if required). Between each check,
496 issue RSET, because some servers accept only one recipient after MAIL
497 FROM:<>. */
498
499 else
500 {
501 new_domain_record.result = ccache_accept;
502
503 /* Do the random local part check first */
504
505 if (random_local_part != NULL)
506 {
507 uschar randombuffer[1024];
508 BOOL random_ok =
509 smtp_write_command(&outblock, FALSE,
510 "RCPT TO:<%.1000s@%.1000s>\r\n", random_local_part,
511 addr->domain) >= 0 &&
512 smtp_read_response(&inblock, randombuffer,
513 sizeof(randombuffer), '2', callout);
514
515 /* Remember when we last did a random test */
516
517 new_domain_record.random_stamp = time(NULL);
518
519 /* If accepted, we aren't going to do any further tests below. */
520
521 if (random_ok)
522 {
523 new_domain_record.random_result = ccache_accept;
524 }
525
526 /* Otherwise, cache a real negative response, and get back to the right
527 state to send RCPT. Unless there's some problem such as a dropped
528 connection, we expect to succeed, because the commands succeeded above. */
529
530 else if (errno == 0)
531 {
532 if (randombuffer[0] == '5')
533 new_domain_record.random_result = ccache_reject;
534
535 done =
536 smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0 &&
537 smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
538 '2', callout) &&
539
90e9ce59
PH		 540 smtp_write_command(&outblock, FALSE, "MAIL FROM:<%s>\r\n",
541 from_address) >= 0 &&
059ec3d9
PH		 542 smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
543 '2', callout);
544 }
545 else done = FALSE; /* Some timeout/connection problem */
546 } /* Random check */
547
548 /* If the host is accepting all local parts, as determined by the "random"
549 check, we don't need to waste time doing any further checking. */
550
551 if (new_domain_record.random_result != ccache_accept && done)
552 {
5417f6d1
PH		 553 /* Get the rcpt_include_affixes flag from the transport if there is one,
554 but assume FALSE if there is not. */
555
059ec3d9
PH		 556 done =
557 smtp_write_command(&outblock, FALSE, "RCPT TO:<%.1000s>\r\n",
c688b954 558 transport_rcpt_address(addr,
5417f6d1
PH		 559 (addr->transport == NULL)? FALSE :
560 addr->transport->rcpt_include_affixes)) >= 0 &&
059ec3d9
PH		 561 smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
562 '2', callout);
563
564 if (done)
565 new_address_record.result = ccache_accept;
566 else if (errno == 0 && responsebuffer[0] == '5')
2c7db3f5 567 {
8e669ac1 568 *failure_ptr = US"recipient";
059ec3d9 569 new_address_record.result = ccache_reject;
8e669ac1 570 }
059ec3d9 571
2a4be8f9
PH		 572 /* Do postmaster check if requested; if a full check is required, we
573 check for RCPT TO:<postmaster> (no domain) in accordance with RFC 821. */
059ec3d9
PH		 574
575 if (done && pm_mailfrom != NULL)
576 {
577 done =
578 smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0 &&
579 smtp_read_response(&inblock, responsebuffer,
580 sizeof(responsebuffer), '2', callout) &&
581
582 smtp_write_command(&outblock, FALSE,
583 "MAIL FROM:<%s>\r\n", pm_mailfrom) >= 0 &&
584 smtp_read_response(&inblock, responsebuffer,
585 sizeof(responsebuffer), '2', callout) &&
586
2a4be8f9
PH		 587 /* First try using the current domain */
588
589 ((
059ec3d9
PH		 590 smtp_write_command(&outblock, FALSE,
591 "RCPT TO:<postmaster@%.1000s>\r\n", addr->domain) >= 0 &&
592 smtp_read_response(&inblock, responsebuffer,
2a4be8f9
PH		 593 sizeof(responsebuffer), '2', callout)
594 )
595
596 ||
597
598 /* If that doesn't work, and a full check is requested,
599 try without the domain. */
600
601 (
602 (options & vopt_callout_fullpm) != 0 &&
603 smtp_write_command(&outblock, FALSE,
604 "RCPT TO:<postmaster>\r\n") >= 0 &&
605 smtp_read_response(&inblock, responsebuffer,
606 sizeof(responsebuffer), '2', callout)
607 ));
608
609 /* Sort out the cache record */
059ec3d9
PH		 610
611 new_domain_record.postmaster_stamp = time(NULL);
612
613 if (done)
614 new_domain_record.postmaster_result = ccache_accept;
615 else if (errno == 0 && responsebuffer[0] == '5')
616 {
8e669ac1 617 *failure_ptr = US"postmaster";
059ec3d9
PH		 618 setflag(addr, af_verify_pmfail);
619 new_domain_record.postmaster_result = ccache_reject;
620 }
621 }
622 } /* Random not accepted */
90e9ce59 623 } /* MAIL FROM: accepted */
059ec3d9
PH		 624
625 /* For any failure of the main check, other than a negative response, we just
626 close the connection and carry on. We can identify a negative response by the
627 fact that errno is zero. For I/O errors it will be non-zero
628
629 Set up different error texts for logging and for sending back to the caller
630 as an SMTP response. Log in all cases, using a one-line format. For sender
631 callouts, give a full response to the caller, but for recipient callouts,
632 don't give the IP address because this may be an internal host whose identity
633 is not to be widely broadcast. */
634
635 if (!done)
636 {
637 if (errno == ETIMEDOUT)
638 {
639 HDEBUG(D_verify) debug_printf("SMTP timeout\n");
8e669ac1 640 send_quit = FALSE;
059ec3d9
PH		 641 }
642 else if (errno == 0)
643 {
644 if (*responsebuffer == 0) Ustrcpy(responsebuffer, US"connection dropped");
645
646 addr->message =
647 string_sprintf("response to \"%s\" from %s [%s] was: %s",
648 big_buffer, host->name, host->address,
649 string_printing(responsebuffer));
650
651 addr->user_message = is_recipient?
652 string_sprintf("Callout verification failed:\n%s", responsebuffer)
653 :
654 string_sprintf("Called: %s\nSent: %s\nResponse: %s",
655 host->address, big_buffer, responsebuffer);
656
657 /* Hard rejection ends the process */
658
659 if (responsebuffer[0] == '5') /* Address rejected */
660 {
661 yield = FAIL;
662 done = TRUE;
663 }
664 }
665 }
666
667 /* End the SMTP conversation and close the connection. */
668
c9bdd01c 669 if (send_quit) (void)smtp_write_command(&outblock, FALSE, "QUIT\r\n");
059ec3d9
PH		 670 close(inblock.sock);
671 } /* Loop through all hosts, while !done */
672
673/* If we get here with done == TRUE, a successful callout happened, and yield
674will be set OK or FAIL according to the response to the RCPT command.
675Otherwise, we looped through the hosts but couldn't complete the business.
676However, there may be domain-specific information to cache in both cases.
677
678The value of the result field in the new_domain record is ccache_unknown if
90e9ce59 679there was an error before or with MAIL FROM:, and errno was not zero,
059ec3d9
PH		 680implying some kind of I/O error. We don't want to write the cache in that case.
681Otherwise the value is ccache_accept or ccache_reject. */
682
683if (!callout_no_cache && new_domain_record.result != ccache_unknown)
684 {
685 if ((dbm_file = dbfn_open(US"callout", O_RDWR|O_CREAT, &dbblock, FALSE))
686 == NULL)
687 {
688 HDEBUG(D_verify) debug_printf("callout cache: not available\n");
689 }
690 else
691 {
692 (void)dbfn_write(dbm_file, addr->domain, &new_domain_record,
693 (int)sizeof(dbdata_callout_cache));
694 HDEBUG(D_verify) debug_printf("wrote callout cache domain record:\n"
695 " result=%d postmaster=%d random=%d\n",
696 new_domain_record.result,
697 new_domain_record.postmaster_result,
698 new_domain_record.random_result);
699 }
700 }
701
702/* If a definite result was obtained for the callout, cache it unless caching
703is disabled. */
704
705if (done)
706 {
707 if (!callout_no_cache && new_address_record.result != ccache_unknown)
708 {
709 if (dbm_file == NULL)
710 dbm_file = dbfn_open(US"callout", O_RDWR|O_CREAT, &dbblock, FALSE);
711 if (dbm_file == NULL)
712 {
713 HDEBUG(D_verify) debug_printf("no callout cache available\n");
714 }
715 else
716 {
717 (void)dbfn_write(dbm_file, address_key, &new_address_record,
718 (int)sizeof(dbdata_callout_cache_address));
719 HDEBUG(D_verify) debug_printf("wrote %s callout cache address record\n",
720 (new_address_record.result == ccache_accept)? "positive" : "negative");
721 }
722 }
723 } /* done */
724
725/* Failure to connect to any host, or any response other than 2xx or 5xx is a
726temporary error. If there was only one host, and a response was received, leave
727it alone if supplying details. Otherwise, give a generic response. */
728
729else /* !done */
730 {
731 uschar *dullmsg = string_sprintf("Could not complete %s verify callout",
732 is_recipient? "recipient" : "sender");
733 yield = DEFER;
734
735 if (host_list->next != NULL || addr->message == NULL) addr->message = dullmsg;
736
737 addr->user_message = (!smtp_return_error_details)? dullmsg :
738 string_sprintf("%s for <%s>.\n"
739 "The mail server(s) for the domain may be temporarily unreachable, or\n"
740 "they may be permanently unreachable from this server. In the latter case,\n%s",
741 dullmsg, addr->address,
742 is_recipient?
743 "the address will never be accepted."
744 :
745 "you need to change the address or create an MX record for its domain\n"
746 "if it is supposed to be generally accessible from the Internet.\n"
747 "Talk to your mail administrator for details.");
748
749 /* Force a specific error code */
750
751 addr->basic_errno = ERRNO_CALLOUTDEFER;
752 }
753
754/* Come here from within the cache-reading code on fast-track exit. */
755
756END_CALLOUT:
757if (dbm_file != NULL) dbfn_close(dbm_file);
758return yield;
759}
760
761
762
763/*************************************************
764* Copy error to toplevel address *
765*************************************************/
766
767/* This function is used when a verify fails or defers, to ensure that the
768failure or defer information is in the original toplevel address. This applies
769when an address is redirected to a single new address, and the failure or
770deferral happens to the child address.
771
772Arguments:
773 vaddr the verify address item
774 addr the final address item
775 yield FAIL or DEFER
776
777Returns: the value of YIELD
778*/
779
780static int
781copy_error(address_item *vaddr, address_item *addr, int yield)
782{
783if (addr != vaddr)
784 {
785 vaddr->message = addr->message;
786 vaddr->user_message = addr->user_message;
787 vaddr->basic_errno = addr->basic_errno;
788 vaddr->more_errno = addr->more_errno;
789 }
790return yield;
791}
792
793
794
795
796/*************************************************
797* Verify an email address *
798*************************************************/
799
800/* This function is used both for verification (-bv and at other times) and
801address testing (-bt), which is indicated by address_test_mode being set.
802
803Arguments:
804 vaddr contains the address to verify; the next field in this block
805 must be NULL
806 f if not NULL, write the result to this file
807 options various option bits:
808 vopt_fake_sender => this sender verify is not for the real
809 sender (it was verify=sender=xxxx or an address from a
810 header line) - rewriting must not change sender_address
811 vopt_is_recipient => this is a recipient address, otherwise
812 it's a sender address - this affects qualification and
813 rewriting and messages from callouts
814 vopt_qualify => qualify an unqualified address; else error
815 vopt_expn => called from SMTP EXPN command
816
817 These ones are used by do_callout() -- the options variable
818 is passed to it.
819
2a4be8f9 820 vopt_callout_fullpm => if postmaster check, do full one
059ec3d9
PH		 821 vopt_callout_no_cache => don't use callout cache
822 vopt_callout_random => do the "random" thing
823 vopt_callout_recipsender => use real sender for recipient
824 vopt_callout_recippmaster => use postmaster for recipient
825
826 callout if > 0, specifies that callout is required, and gives timeout
4deaf07d 827 for individual commands
059ec3d9
PH		 828 callout_overall if > 0, gives overall timeout for the callout function;
829 if < 0, a default is used (see do_callout())
8e669ac1 830 callout_connect the connection timeout for callouts
059ec3d9
PH		 831 se_mailfrom when callout is requested to verify a sender, use this
832 in MAIL FROM; NULL => ""
833 pm_mailfrom when callout is requested, if non-NULL, do the postmaster
834 thing and use this as the sender address (may be "")
835
836 routed if not NULL, set TRUE if routing succeeded, so we can
837 distinguish between routing failed and callout failed
838
839Returns: OK address verified
840 FAIL address failed to verify
841 DEFER can't tell at present
842*/
843
844int
845verify_address(address_item *vaddr, FILE *f, int options, int callout,
8e669ac1 846 int callout_overall, int callout_connect, uschar *se_mailfrom,
4deaf07d 847 uschar *pm_mailfrom, BOOL *routed)
059ec3d9
PH		 848{
849BOOL allok = TRUE;
850BOOL full_info = (f == NULL)? FALSE : (debug_selector != 0);
851BOOL is_recipient = (options & vopt_is_recipient) != 0;
852BOOL expn = (options & vopt_expn) != 0;
059ec3d9
PH		 853int i;
854int yield = OK;
855int verify_type = expn? v_expn :
856 address_test_mode? v_none :
857 is_recipient? v_recipient : v_sender;
858address_item *addr_list;
859address_item *addr_new = NULL;
860address_item *addr_remote = NULL;
861address_item *addr_local = NULL;
862address_item *addr_succeed = NULL;
8e669ac1 863uschar **failure_ptr = is_recipient?
2c7db3f5 864 &recipient_verify_failure : &sender_verify_failure;
059ec3d9
PH		 865uschar *ko_prefix, *cr;
866uschar *address = vaddr->address;
867uschar *save_sender;
868uschar null_sender[] = { 0 }; /* Ensure writeable memory */
869
2c7db3f5
PH		 870/* Clear, just in case */
871
872*failure_ptr = NULL;
873
059ec3d9
PH		 874/* Set up a prefix and suffix for error message which allow us to use the same
875output statements both in EXPN mode (where an SMTP response is needed) and when
876debugging with an output file. */
877
878if (expn)
879 {
880 ko_prefix = US"553 ";
881 cr = US"\r";
882 }
883else ko_prefix = cr = US"";
884
885/* Add qualify domain if permitted; otherwise an unqualified address fails. */
886
887if (parse_find_at(address) == NULL)
888 {
889 if ((options & vopt_qualify) == 0)
890 {
891 if (f != NULL)
892 fprintf(f, "%sA domain is required for \"%s\"%s\n", ko_prefix, address,
893 cr);
8e669ac1 894 *failure_ptr = US"qualify";
059ec3d9
PH		 895 return FAIL;
896 }
897 address = rewrite_address_qualify(address, is_recipient);
898 }
899
900DEBUG(D_verify)
901 {
902 debug_printf(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n");
903 debug_printf("%s %s\n", address_test_mode? "Testing" : "Verifying", address);
904 }
905
906/* Rewrite and report on it. Clear the domain and local part caches - these
907may have been set by domains and local part tests during an ACL. */
908
909if (global_rewrite_rules != NULL)
910 {
911 uschar *old = address;
912 address = rewrite_address(address, is_recipient, FALSE,
913 global_rewrite_rules, rewrite_existflags);
914 if (address != old)
915 {
916 for (i = 0; i < (MAX_NAMED_LIST * 2)/32; i++) vaddr->localpart_cache[i] = 0;
917 for (i = 0; i < (MAX_NAMED_LIST * 2)/32; i++) vaddr->domain_cache[i] = 0;
918 if (f != NULL && !expn) fprintf(f, "Address rewritten as: %s\n", address);
919 }
920 }
921
922/* If this is the real sender address, we must update sender_address at
923this point, because it may be referred to in the routers. */
924
925if ((options & (vopt_fake_sender|vopt_is_recipient)) == 0)
926 sender_address = address;
927
928/* If the address was rewritten to <> no verification can be done, and we have
929to return OK. This rewriting is permitted only for sender addresses; for other
930addresses, such rewriting fails. */
931
932if (address[0] == 0) return OK;
933
934/* Save a copy of the sender address for re-instating if we change it to <>
935while verifying a sender address (a nice bit of self-reference there). */
936
937save_sender = sender_address;
938
939/* Update the address structure with the possibly qualified and rewritten
940address. Set it up as the starting address on the chain of new addresses. */
941
942vaddr->address = address;
943addr_new = vaddr;
944
945/* We need a loop, because an address can generate new addresses. We must also
946cope with generated pipes and files at the top level. (See also the code and
947comment in deliver.c.) However, it is usually the case that the router for
948user's .forward files has its verify flag turned off.
949
950If an address generates more than one child, the loop is used only when
951full_info is set, and this can only be set locally. Remote enquiries just get
952information about the top level address, not anything that it generated. */
953
954while (addr_new != NULL)
955 {
956 int rc;
957 address_item *addr = addr_new;
958
959 addr_new = addr->next;
960 addr->next = NULL;
961
962 DEBUG(D_verify)
963 {
964 debug_printf(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n");
965 debug_printf("Considering %s\n", addr->address);
966 }
967
968 /* Handle generated pipe, file or reply addresses. We don't get these
969 when handling EXPN, as it does only one level of expansion. */
970
971 if (testflag(addr, af_pfr))
972 {
973 allok = FALSE;
974 if (f != NULL)
975 {
976 BOOL allow;
977
978 if (addr->address[0] == '>')
979 {
980 allow = testflag(addr, af_allow_reply);
981 fprintf(f, "%s -> mail %s", addr->parent->address, addr->address + 1);
982 }
983 else
984 {
985 allow = (addr->address[0] == '|')?
986 testflag(addr, af_allow_pipe) : testflag(addr, af_allow_file);
987 fprintf(f, "%s -> %s", addr->parent->address, addr->address);
988 }
989
990 if (addr->basic_errno == ERRNO_BADTRANSPORT)
991 fprintf(f, "\n*** Error in setting up pipe, file, or autoreply:\n"
992 "%s\n", addr->message);
993 else if (allow)
994 fprintf(f, "\n transport = %s\n", addr->transport->name);
995 else
996 fprintf(f, " *** forbidden ***\n");
997 }
998 continue;
999 }
1000
1001 /* Just in case some router parameter refers to it. */
1002
1003 return_path = (addr->p.errors_address != NULL)?
1004 addr->p.errors_address : sender_address;
1005
1006 /* Split the address into domain and local part, handling the %-hack if
1007 necessary, and then route it. While routing a sender address, set
1008 $sender_address to <> because that is what it will be if we were trying to
1009 send a bounce to the sender. */
1010
1011 if (routed != NULL) *routed = FALSE;
1012 if ((rc = deliver_split_address(addr)) == OK)
1013 {
1014 if (!is_recipient) sender_address = null_sender;
1015 rc = route_address(addr, &addr_local, &addr_remote, &addr_new,
1016 &addr_succeed, verify_type);
1017 sender_address = save_sender; /* Put back the real sender */
1018 }
1019
1020 /* If routing an address succeeded, set the flag that remembers, for use when
1021 an ACL cached a sender verify (in case a callout fails). Then if routing set
1022 up a list of hosts or the transport has a host list, and the callout option
1023 is set, and we aren't in a host checking run, do the callout verification,
1024 and set another flag that notes that a callout happened. */
1025
1026 if (rc == OK)
1027 {
1028 if (routed != NULL) *routed = TRUE;
1029 if (callout > 0)
1030 {
1031 host_item *host_list = addr->host_list;
1032
1033 /* Default, if no remote transport, to NULL for the interface (=> any),
1034 "smtp" for the port, and "smtp" for the protocol. */
1035
1036 transport_feedback tf = { NULL, US"smtp", US"smtp", NULL, FALSE, FALSE };
1037
1038 /* If verification yielded a remote transport, we want to use that
1039 transport's options, so as to mimic what would happen if we were really
1040 sending a message to this address. */
1041
1042 if (addr->transport != NULL && !addr->transport->info->local)
1043 {
1044 (void)(addr->transport->setup)(addr->transport, addr, &tf, NULL);
1045
1046 /* If the transport has hosts and the router does not, or if the
1047 transport is configured to override the router's hosts, we must build a
1048 host list of the transport's hosts, and find the IP addresses */
1049
1050 if (tf.hosts != NULL && (host_list == NULL || tf.hosts_override))
1051 {
1052 uschar *s;
1053
1054 host_list = NULL; /* Ignore the router's hosts */
1055
1056 deliver_domain = addr->domain;
1057 deliver_localpart = addr->local_part;
1058 s = expand_string(tf.hosts);
1059 deliver_domain = deliver_localpart = NULL;
1060
1061 if (s == NULL)
1062 {
1063 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand list of hosts "
1064 "\"%s\" in %s transport for callout: %s", tf.hosts,
1065 addr->transport->name, expand_string_message);
1066 }
1067 else
1068 {
1069 uschar *canonical_name;
d8ef3577 1070 host_item *host, *nexthost;
059ec3d9
PH		 1071 host_build_hostlist(&host_list, s, tf.hosts_randomize);
1072
1073 /* Just ignore failures to find a host address. If we don't manage
8e669ac1
PH		 1074 to find any addresses, the callout will defer. Note that more than
1075 one address may be found for a single host, which will result in
1076 additional host items being inserted into the chain. Hence we must
d8ef3577 1077 save the next host first. */
059ec3d9 1078
d8ef3577 1079 for (host = host_list; host != NULL; host = nexthost)
059ec3d9 1080 {
d8ef3577 1081 nexthost = host->next;
8e669ac1 1082 if (tf.gethostbyname ||
a5a28604 1083 string_is_ip_address(host->name, NULL) > 0)
059ec3d9
PH		 1084 (void)host_find_byname(host, NULL, &canonical_name, TRUE);
1085 else
1086 {
1087 int flags = HOST_FIND_BY_A;
1088 if (tf.qualify_single) flags |= HOST_FIND_QUALIFY_SINGLE;
1089 if (tf.search_parents) flags |= HOST_FIND_SEARCH_PARENTS;
1090 (void)host_find_bydns(host, NULL, flags, NULL, NULL, NULL,
1091 &canonical_name, NULL);
1092 }
1093 }
1094 }
1095 }
1096 }
1097
8e669ac1 1098 /* Can only do a callout if we have at least one host! If the callout
2c7db3f5 1099 fails, it will have set ${sender,recipient}_verify_failure. */
059ec3d9
PH		 1100
1101 if (host_list != NULL)
1102 {
1103 HDEBUG(D_verify) debug_printf("Attempting full verification using callout\n");
1104 if (host_checking && !host_checking_callout)
1105 {
1106 HDEBUG(D_verify)
1107 debug_printf("... callout omitted by default when host testing\n"
1108 "(Use -bhc if you want the callouts to happen.)\n");
1109 }
1110 else
1111 {
1112 rc = do_callout(addr, host_list, &tf, callout, callout_overall,
4deaf07d 1113 callout_connect, options, se_mailfrom, pm_mailfrom);
059ec3d9
PH		 1114 }
1115 }
1116 else
1117 {
1118 HDEBUG(D_verify) debug_printf("Cannot do callout: neither router nor "
1119 "transport provided a host list\n");
1120 }
1121 }
1122 }
8e669ac1 1123
2c7db3f5 1124 /* Otherwise, any failure is a routing failure */
8e669ac1
PH		 1125
1126 else *failure_ptr = US"route";
059ec3d9
PH		 1127
1128 /* A router may return REROUTED if it has set up a child address as a result
1129 of a change of domain name (typically from widening). In this case we always
1130 want to continue to verify the new child. */
1131
1132 if (rc == REROUTED) continue;
8e669ac1 1133
059ec3d9
PH		 1134 /* Handle hard failures */
1135
1136 if (rc == FAIL)
1137 {
1138 allok = FALSE;
1139 if (f != NULL)
1140 {
1141 fprintf(f, "%s%s %s", ko_prefix, address,
1142 address_test_mode? "is undeliverable" : "failed to verify");
1143 if (!expn && admin_user)
1144 {
1145 if (addr->basic_errno > 0)
1146 fprintf(f, ": %s", strerror(addr->basic_errno));
1147 if (addr->message != NULL)
1148 fprintf(f, ":\n %s", addr->message);
1149 }
1150 fprintf(f, "%s\n", cr);
1151 }
1152
1153 if (!full_info) return copy_error(vaddr, addr, FAIL);
1154 else yield = FAIL;
1155 }
1156
1157 /* Soft failure */
1158
1159 else if (rc == DEFER)
1160 {
1161 allok = FALSE;
1162 if (f != NULL)
1163 {
1164 fprintf(f, "%s%s cannot be resolved at this time", ko_prefix, address);
1165 if (!expn && admin_user)
1166 {
1167 if (addr->basic_errno > 0)
1168 fprintf(f, ":\n %s", strerror(addr->basic_errno));
1169 if (addr->message != NULL)
1170 fprintf(f, ":\n %s", addr->message);
1171 else if (addr->basic_errno <= 0)
1172 fprintf(f, ":\n unknown error");
1173 }
1174
1175 fprintf(f, "%s\n", cr);
1176 }
1177 if (!full_info) return copy_error(vaddr, addr, DEFER);
1178 else if (yield == OK) yield = DEFER;
1179 }
1180
1181 /* If we are handling EXPN, we do not want to continue to route beyond
1182 the top level. */
1183
1184 else if (expn)
1185 {
1186 uschar *ok_prefix = US"250-";
1187 if (addr_new == NULL)
1188 {
1189 if (addr_local == NULL && addr_remote == NULL)
1190 fprintf(f, "250 mail to <%s> is discarded\r\n", address);
1191 else
1192 fprintf(f, "250 <%s>\r\n", address);
1193 }
1194 else while (addr_new != NULL)
1195 {
1196 address_item *addr2 = addr_new;
1197 addr_new = addr2->next;
1198 if (addr_new == NULL) ok_prefix = US"250 ";
1199 fprintf(f, "%s<%s>\r\n", ok_prefix, addr2->address);
1200 }
1201 return OK;
1202 }
1203
1204 /* Successful routing other than EXPN. */
1205
1206 else
1207 {
1208 /* Handle successful routing when short info wanted. Otherwise continue for
1209 other (generated) addresses. Short info is the operational case. Full info
1210 can be requested only when debug_selector != 0 and a file is supplied.
1211
1212 There is a conflict between the use of aliasing as an alternate email
1213 address, and as a sort of mailing list. If an alias turns the incoming
1214 address into just one address (e.g. J.Caesar->jc44) you may well want to
1215 carry on verifying the generated address to ensure it is valid when
1216 checking incoming mail. If aliasing generates multiple addresses, you
1217 probably don't want to do this. Exim therefore treats the generation of
1218 just a single new address as a special case, and continues on to verify the
1219 generated address. */
1220
1221 if (!full_info && /* Stop if short info wanted AND */
1222 (addr_new == NULL || /* No new address OR */
1223 addr_new->next != NULL || /* More than one new address OR */
1224 testflag(addr_new, af_pfr))) /* New address is pfr */
1225 {
1226 if (f != NULL) fprintf(f, "%s %s\n", address,
1227 address_test_mode? "is deliverable" : "verified");
1228
1229 /* If we have carried on to verify a child address, we want the value
1230 of $address_data to be that of the child */
1231
1232 vaddr->p.address_data = addr->p.address_data;
1233 return OK;
1234 }
1235 }
1236 } /* Loop for generated addresses */
1237
1238/* Display the full results of the successful routing, including any generated
1239addresses. Control gets here only when full_info is set, which requires f not
1240to be NULL, and this occurs only when a top-level verify is called with the
1241debugging switch on.
1242
1243If there are no local and no remote addresses, and there were no pipes, files,
1244or autoreplies, and there were no errors or deferments, the message is to be
1245discarded, usually because of the use of :blackhole: in an alias file. */
1246
1247if (allok && addr_local == NULL && addr_remote == NULL)
1248 fprintf(f, "mail to %s is discarded\n", address);
1249
1250else for (addr_list = addr_local, i = 0; i < 2; addr_list = addr_remote, i++)
1251 {
1252 while (addr_list != NULL)
1253 {
1254 address_item *addr = addr_list;
1255 address_item *p = addr->parent;
1256 addr_list = addr->next;
1257
1258 fprintf(f, "%s", CS addr->address);
384152a6
TK		 1259#ifdef EXPERIMENTAL_SRS
1260 if(addr->p.srs_sender)
1261 fprintf(f, " [srs = %s]", addr->p.srs_sender);
1262#endif
059ec3d9
PH		 1263 while (p != NULL)
1264 {
1265 fprintf(f, "\n <-- %s", p->address);
1266 p = p->parent;
1267 }
1268 fprintf(f, "\n ");
1269
1270 /* Show router, and transport */
1271
1272 fprintf(f, "router = %s, ", addr->router->name);
1273 fprintf(f, "transport = %s\n", (addr->transport == NULL)? US"unset" :
1274 addr->transport->name);
1275
1276 /* Show any hosts that are set up by a router unless the transport
1277 is going to override them; fiddle a bit to get a nice format. */
1278
1279 if (addr->host_list != NULL && addr->transport != NULL &&
1280 !addr->transport->overrides_hosts)
1281 {
1282 host_item *h;
1283 int maxlen = 0;
1284 int maxaddlen = 0;
1285 for (h = addr->host_list; h != NULL; h = h->next)
1286 {
1287 int len = Ustrlen(h->name);
1288 if (len > maxlen) maxlen = len;
1289 len = (h->address != NULL)? Ustrlen(h->address) : 7;
1290 if (len > maxaddlen) maxaddlen = len;
1291 }
1292 for (h = addr->host_list; h != NULL; h = h->next)
1293 {
1294 int len = Ustrlen(h->name);
1295 fprintf(f, " host %s ", h->name);
1296 while (len++ < maxlen) fprintf(f, " ");
1297 if (h->address != NULL)
1298 {
1299 fprintf(f, "[%s] ", h->address);
1300 len = Ustrlen(h->address);
1301 }
1302 else if (!addr->transport->info->local) /* Omit [unknown] for local */
1303 {
1304 fprintf(f, "[unknown] ");
1305 len = 7;
1306 }
1307 else len = -3;
1308 while (len++ < maxaddlen) fprintf(f," ");
1309 if (h->mx >= 0) fprintf(f, "MX=%d", h->mx);
1310 if (h->port != PORT_NONE) fprintf(f, " port=%d", h->port);
1311 if (h->status == hstatus_unusable) fprintf(f, " ** unusable **");
1312 fprintf(f, "\n");
1313 }
1314 }
1315 }
1316 }
1317
8e669ac1 1318/* Will be DEFER or FAIL if any one address has, only for full_info (which is
2c7db3f5
PH		 1319the -bv or -bt case). */
1320
8e669ac1 1321return yield;
059ec3d9
PH		 1322}
1323
1324
1325
1326
1327/*************************************************
1328* Check headers for syntax errors *
1329*************************************************/
1330
1331/* This function checks those header lines that contain addresses, and verifies
1332that all the addresses therein are syntactially correct.
1333
1334Arguments:
1335 msgptr where to put an error message
1336
1337Returns: OK
1338 FAIL
1339*/
1340
1341int
1342verify_check_headers(uschar **msgptr)
1343{
1344header_line *h;
1345uschar *colon, *s;
1346
1347for (h = header_list; h != NULL; h = h->next)
1348 {
1349 if (h->type != htype_from &&
1350 h->type != htype_reply_to &&
1351 h->type != htype_sender &&
1352 h->type != htype_to &&
1353 h->type != htype_cc &&
1354 h->type != htype_bcc)
1355 continue;
1356
1357 colon = Ustrchr(h->text, ':');
1358 s = colon + 1;
1359 while (isspace(*s)) s++;
1360
1361 parse_allow_group = TRUE; /* Allow group syntax */
1362
1363 /* Loop for multiple addresses in the header */
1364
1365 while (*s != 0)
1366 {
1367 uschar *ss = parse_find_address_end(s, FALSE);
1368 uschar *recipient, *errmess;
1369 int terminator = *ss;
1370 int start, end, domain;
1371
1372 /* Temporarily terminate the string at this point, and extract the
1373 operative address within. */
1374
1375 *ss = 0;
1376 recipient = parse_extract_address(s,&errmess,&start,&end,&domain,FALSE);
1377 *ss = terminator;
1378
1379 /* Permit an unqualified address only if the message is local, or if the
1380 sending host is configured to be permitted to send them. */
1381
1382 if (recipient != NULL && domain == 0)
1383 {
1384 if (h->type == htype_from || h->type == htype_sender)
1385 {
1386 if (!allow_unqualified_sender) recipient = NULL;
1387 }
1388 else
1389 {
1390 if (!allow_unqualified_recipient) recipient = NULL;
1391 }
1392 if (recipient == NULL) errmess = US"unqualified address not permitted";
1393 }
1394
1395 /* It's an error if no address could be extracted, except for the special
1396 case of an empty address. */
1397
1398 if (recipient == NULL && Ustrcmp(errmess, "empty address") != 0)
1399 {
1400 uschar *verb = US"is";
1401 uschar *t = ss;
1402 int len;
1403
1404 /* Arrange not to include any white space at the end in the
1405 error message. */
1406
1407 while (t > s && isspace(t[-1])) t--;
1408
1409 /* Add the address which failed to the error message, since in a
1410 header with very many addresses it is sometimes hard to spot
1411 which one is at fault. However, limit the amount of address to
1412 quote - cases have been seen where, for example, a missing double
1413 quote in a humungous To: header creates an "address" that is longer
1414 than string_sprintf can handle. */
1415
1416 len = t - s;
1417 if (len > 1024)
1418 {
1419 len = 1024;
1420 verb = US"begins";
1421 }
1422
1423 *msgptr = string_printing(
1424 string_sprintf("%s: failing address in \"%.*s\" header %s: %.*s",
1425 errmess, colon - h->text, h->text, verb, len, s));
1426
1427 return FAIL;
1428 }
1429
1430 /* Advance to the next address */
1431
1432 s = ss + (terminator? 1:0);
1433 while (isspace(*s)) s++;
1434 } /* Next address */
1435 } /* Next header */
1436
1437return OK;
1438}
1439
1440
1441
1442
1443/*************************************************
1444* Find if verified sender *
1445*************************************************/
1446
1447/* Usually, just a single address is verified as the sender of the message.
1448However, Exim can be made to verify other addresses as well (often related in
1449some way), and this is useful in some environments. There may therefore be a
1450chain of such addresses that have previously been tested. This function finds
1451whether a given address is on the chain.
1452
1453Arguments: the address to be verified
1454Returns: pointer to an address item, or NULL
1455*/
1456
1457address_item *
1458verify_checked_sender(uschar *sender)
1459{
1460address_item *addr;
1461for (addr = sender_verified_list; addr != NULL; addr = addr->next)
1462 if (Ustrcmp(sender, addr->address) == 0) break;
1463return addr;
1464}
1465
1466
1467
1468
1469
1470/*************************************************
1471* Get valid header address *
1472*************************************************/
1473
1474/* Scan the originator headers of the message, looking for an address that
1475verifies successfully. RFC 822 says:
1476
1477 o The "Sender" field mailbox should be sent notices of
1478 any problems in transport or delivery of the original
1479 messages. If there is no "Sender" field, then the
1480 "From" field mailbox should be used.
1481
1482 o If the "Reply-To" field exists, then the reply should
1483 go to the addresses indicated in that field and not to
1484 the address(es) indicated in the "From" field.
1485
1486So we check a Sender field if there is one, else a Reply_to field, else a From
1487field. As some strange messages may have more than one of these fields,
1488especially if they are resent- fields, check all of them if there is more than
1489one.
1490
1491Arguments:
1492 user_msgptr points to where to put a user error message
1493 log_msgptr points to where to put a log error message
1494 callout timeout for callout check (passed to verify_address())
1495 callout_overall overall callout timeout (ditto)
8e669ac1 1496 callout_connect connect callout timeout (ditto)
059ec3d9
PH		 1497 se_mailfrom mailfrom for verify; NULL => ""
1498 pm_mailfrom sender for pm callout check (passed to verify_address())
1499 options callout options (passed to verify_address())
8e669ac1 1500 verrno where to put the address basic_errno
059ec3d9
PH		 1501
1502If log_msgptr is set to something without setting user_msgptr, the caller
1503normally uses log_msgptr for both things.
1504
1505Returns: result of the verification attempt: OK, FAIL, or DEFER;
1506 FAIL is given if no appropriate headers are found
1507*/
1508
1509int
1510verify_check_header_address(uschar **user_msgptr, uschar **log_msgptr,
8e669ac1 1511 int callout, int callout_overall, int callout_connect, uschar *se_mailfrom,
fe5b5d0b 1512 uschar *pm_mailfrom, int options, int *verrno)
059ec3d9
PH		 1513{
1514static int header_types[] = { htype_sender, htype_reply_to, htype_from };
1515int yield = FAIL;
1516int i;
1517
1518for (i = 0; i < 3; i++)
1519 {
1520 header_line *h;
1521 for (h = header_list; h != NULL; h = h->next)
1522 {
1523 int terminator, new_ok;
1524 uschar *s, *ss, *endname;
1525
1526 if (h->type != header_types[i]) continue;
1527 s = endname = Ustrchr(h->text, ':') + 1;
1528
1529 while (*s != 0)
1530 {
1531 address_item *vaddr;
1532
1533 while (isspace(*s) || *s == ',') s++;
1534 if (*s == 0) break; /* End of header */
1535
1536 ss = parse_find_address_end(s, FALSE);
1537
1538 /* The terminator is a comma or end of header, but there may be white
1539 space preceding it (including newline for the last address). Move back
1540 past any white space so we can check against any cached envelope sender
1541 address verifications. */
1542
1543 while (isspace(ss[-1])) ss--;
1544 terminator = *ss;
1545 *ss = 0;
1546
1547 HDEBUG(D_verify) debug_printf("verifying %.*s header address %s\n",
1548 (int)(endname - h->text), h->text, s);
1549
1550 /* See if we have already verified this address as an envelope sender,
1551 and if so, use the previous answer. */
1552
1553 vaddr = verify_checked_sender(s);
1554
1555 if (vaddr != NULL && /* Previously checked */
1556 (callout <= 0 || /* No callout needed; OR */
1557 vaddr->special_action > 256)) /* Callout was done */
1558 {
1559 new_ok = vaddr->special_action & 255;
1560 HDEBUG(D_verify) debug_printf("previously checked as envelope sender\n");
1561 *ss = terminator; /* Restore shortened string */
1562 }
1563
1564 /* Otherwise we run the verification now. We must restore the shortened
1565 string before running the verification, so the headers are correct, in
1566 case there is any rewriting. */
1567
1568 else
1569 {
1570 int start, end, domain;
1571 uschar *address = parse_extract_address(s, log_msgptr, &start,
1572 &end, &domain, FALSE);
1573
1574 *ss = terminator;
1575
1576 /* If verification failed because of a syntax error, fail this
1577 function, and ensure that the failing address gets added to the error
1578 message. */
1579
1580 if (address == NULL)
1581 {
1582 new_ok = FAIL;
1583 if (*log_msgptr != NULL)
1584 {
1585 while (ss > s && isspace(ss[-1])) ss--;
1586 *log_msgptr = string_sprintf("syntax error in '%.*s' header when "
1587 "scanning for sender: %s in \"%.*s\"",
1588 endname - h->text, h->text, *log_msgptr, ss - s, s);
1589 return FAIL;
1590 }
1591 }
1592
2f6603e1 1593 /* Else go ahead with the sender verification. But it isn't *the*
059ec3d9
PH		 1594 sender of the message, so set vopt_fake_sender to stop sender_address
1595 being replaced after rewriting or qualification. */
1596
1597 else
1598 {
1599 vaddr = deliver_make_addr(address, FALSE);
1600 new_ok = verify_address(vaddr, NULL, options | vopt_fake_sender,
8e669ac1 1601 callout, callout_overall, callout_connect, se_mailfrom,
4deaf07d 1602 pm_mailfrom, NULL);
059ec3d9
PH		 1603 }
1604 }
1605
1606 /* We now have the result, either newly found, or cached. If we are
1607 giving out error details, set a specific user error. This means that the
1608 last of these will be returned to the user if all three fail. We do not
1609 set a log message - the generic one below will be used. */
1610
fe5b5d0b 1611 if (new_ok != OK)
059ec3d9 1612 {
8e669ac1 1613 *verrno = vaddr->basic_errno;
fe5b5d0b
PH		 1614 if (smtp_return_error_details)
1615 {
1616 *user_msgptr = string_sprintf("Rejected after DATA: "
1617 "could not verify \"%.*s\" header address\n%s: %s",
1618 endname - h->text, h->text, vaddr->address, vaddr->message);
1619 }
8e669ac1 1620 }
059ec3d9
PH		 1621
1622 /* Success or defer */
1623
1624 if (new_ok == OK) return OK;
1625 if (new_ok == DEFER) yield = DEFER;
1626
1627 /* Move on to any more addresses in the header */
1628
1629 s = ss;
1630 }
1631 }
1632 }
1633
1634if (yield == FAIL && *log_msgptr == NULL)
1635 *log_msgptr = US"there is no valid sender in any header line";
1636
1637if (yield == DEFER && *log_msgptr == NULL)
1638 *log_msgptr = US"all attempts to verify a sender in a header line deferred";
1639
1640return yield;
1641}
1642
1643
1644
1645
1646/*************************************************
1647* Get RFC 1413 identification *
1648*************************************************/
1649
1650/* Attempt to get an id from the sending machine via the RFC 1413 protocol. If
1651the timeout is set to zero, then the query is not done. There may also be lists
1652of hosts and nets which are exempt. To guard against malefactors sending
1653non-printing characters which could, for example, disrupt a message's headers,
1654make sure the string consists of printing characters only.
1655
1656Argument:
1657 port the port to connect to; usually this is IDENT_PORT (113), but when
1658 running in the test harness with -bh a different value is used.
1659
1660Returns: nothing
1661
1662Side effect: any received ident value is put in sender_ident (NULL otherwise)
1663*/
1664
1665void
1666verify_get_ident(int port)
1667{
1668int sock, host_af, qlen;
1669int received_sender_port, received_interface_port, n;
1670uschar *p;
1671uschar buffer[2048];
1672
1673/* Default is no ident. Check whether we want to do an ident check for this
1674host. */
1675
1676sender_ident = NULL;
1677if (rfc1413_query_timeout <= 0 || verify_check_host(&rfc1413_hosts) != OK)
1678 return;
1679
1680DEBUG(D_ident) debug_printf("doing ident callback\n");
1681
1682/* Set up a connection to the ident port of the remote host. Bind the local end
1683to the incoming interface address. If the sender host address is an IPv6
1684address, the incoming interface address will also be IPv6. */
1685
1686host_af = (Ustrchr(sender_host_address, ':') == NULL)? AF_INET : AF_INET6;
1687sock = ip_socket(SOCK_STREAM, host_af);
1688if (sock < 0) return;
1689
1690if (ip_bind(sock, host_af, interface_address, 0) < 0)
1691 {
1692 DEBUG(D_ident) debug_printf("bind socket for ident failed: %s\n",
1693 strerror(errno));
1694 goto END_OFF;
1695 }
1696
1697if (ip_connect(sock, host_af, sender_host_address, port, rfc1413_query_timeout)
1698 < 0)
1699 {
1700 if (errno == ETIMEDOUT && (log_extra_selector & LX_ident_timeout) != 0)
1701 {
1702 log_write(0, LOG_MAIN, "ident connection to %s timed out",
1703 sender_host_address);
1704 }
1705 else
1706 {
1707 DEBUG(D_ident) debug_printf("ident connection to %s failed: %s\n",
1708 sender_host_address, strerror(errno));
1709 }
1710 goto END_OFF;
1711 }
1712
1713/* Construct and send the query. */
1714
1715sprintf(CS buffer, "%d , %d\r\n", sender_host_port, interface_port);
1716qlen = Ustrlen(buffer);
1717if (send(sock, buffer, qlen, 0) < 0)
1718 {
1719 DEBUG(D_ident) debug_printf("ident send failed: %s\n", strerror(errno));
1720 goto END_OFF;
1721 }
1722
1723/* Read a response line. We put it into the rest of the buffer, using several
1724recv() calls if necessary. */
1725
1726p = buffer + qlen;
1727
1728for (;;)
1729 {
1730 uschar *pp;
1731 int count;
1732 int size = sizeof(buffer) - (p - buffer);
1733
1734 if (size <= 0) goto END_OFF; /* Buffer filled without seeing \n. */
1735 count = ip_recv(sock, p, size, rfc1413_query_timeout);
1736 if (count <= 0) goto END_OFF; /* Read error or EOF */
1737
1738 /* Scan what we just read, to see if we have reached the terminating \r\n. Be
1739 generous, and accept a plain \n terminator as well. The only illegal
1740 character is 0. */
1741
1742 for (pp = p; pp < p + count; pp++)
1743 {
1744 if (*pp == 0) goto END_OFF; /* Zero octet not allowed */
1745 if (*pp == '\n')
1746 {
1747 if (pp[-1] == '\r') pp--;
1748 *pp = 0;
1749 goto GOT_DATA; /* Break out of both loops */
1750 }
1751 }
1752
1753 /* Reached the end of the data without finding \n. Let the loop continue to
1754 read some more, if there is room. */
1755
1756 p = pp;
1757 }
1758
1759GOT_DATA:
1760
1761/* We have received a line of data. Check it carefully. It must start with the
1762same two port numbers that we sent, followed by data as defined by the RFC. For
1763example,
1764
1765 12345 , 25 : USERID : UNIX :root
1766
1767However, the amount of white space may be different to what we sent. In the
1768"osname" field there may be several sub-fields, comma separated. The data we
1769actually want to save follows the third colon. Some systems put leading spaces
1770in it - we discard those. */
1771
1772if (sscanf(CS buffer + qlen, "%d , %d%n", &received_sender_port,
1773 &received_interface_port, &n) != 2 ||
1774 received_sender_port != sender_host_port ||
1775 received_interface_port != interface_port)
1776 goto END_OFF;
1777
1778p = buffer + qlen + n;
1779while(isspace(*p)) p++;
1780if (*p++ != ':') goto END_OFF;
1781while(isspace(*p)) p++;
1782if (Ustrncmp(p, "USERID", 6) != 0) goto END_OFF;
1783p += 6;
1784while(isspace(*p)) p++;
1785if (*p++ != ':') goto END_OFF;
1786while (*p != 0 && *p != ':') p++;
1787if (*p++ == 0) goto END_OFF;
1788while(isspace(*p)) p++;
1789if (*p == 0) goto END_OFF;
1790
1791/* The rest of the line is the data we want. We turn it into printing
1792characters when we save it, so that it cannot mess up the format of any logging
1793or Received: lines into which it gets inserted. We keep a maximum of 127
1794characters. */
1795
1796sender_ident = string_printing(string_copyn(p, 127));
1797DEBUG(D_ident) debug_printf("sender_ident = %s\n", sender_ident);
1798
1799END_OFF:
1800close(sock);
1801return;
1802}
1803
1804
1805
1806
1807/*************************************************
1808* Match host to a single host-list item *
1809*************************************************/
1810
1811/* This function compares a host (name or address) against a single item
1812from a host list. The host name gets looked up if it is needed and is not
1813already known. The function is called from verify_check_this_host() via
1814match_check_list(), which is why most of its arguments are in a single block.
1815
1816Arguments:
1817 arg the argument block (see below)
1818 ss the host-list item
1819 valueptr where to pass back looked up data, or NULL
1820 error for error message when returning ERROR
1821
1822The block contains:
32d668a5
PH		 1823 host_name (a) the host name, or
1824 (b) NULL, implying use sender_host_name and
1825 sender_host_aliases, looking them up if required, or
1826 (c) the empty string, meaning that only IP address matches
1827 are permitted
059ec3d9
PH		 1828 host_address the host address
1829 host_ipv4 the IPv4 address taken from an IPv6 one
1830
1831Returns: OK matched
1832 FAIL did not match
1833 DEFER lookup deferred
32d668a5
PH		 1834 ERROR (a) failed to find the host name or IP address, or
1835 (b) unknown lookup type specified, or
1836 (c) host name encountered when only IP addresses are
1837 being matched
059ec3d9
PH		 1838*/
1839
32d668a5 1840int
059ec3d9
PH		 1841check_host(void *arg, uschar *ss, uschar **valueptr, uschar **error)
1842{
1843check_host_block *cb = (check_host_block *)arg;
32d668a5 1844int mlen = -1;
059ec3d9 1845int maskoffset;
32d668a5 1846BOOL iplookup = FALSE;
059ec3d9 1847BOOL isquery = FALSE;
32d668a5
PH		 1848BOOL isiponly = cb->host_name != NULL && cb->host_name[0] == 0;
1849uschar *t = ss;
1850uschar *semicolon;
059ec3d9
PH		 1851uschar **aliases;
1852
1853/* Optimize for the special case when the pattern is "*". */
1854
1855if (*ss == '*' && ss[1] == 0) return OK;
1856
1857/* If the pattern is empty, it matches only in the case when there is no host -
1858this can occur in ACL checking for SMTP input using the -bs option. In this
1859situation, the host address is the empty string. */
1860
1861if (cb->host_address[0] == 0) return (*ss == 0)? OK : FAIL;
1862if (*ss == 0) return FAIL;
1863
32d668a5
PH		 1864/* If the pattern is precisely "@" then match against the primary host name,
1865provided that host name matching is permitted; if it's "@[]" match against the
1866local host's IP addresses. */
059ec3d9
PH		 1867
1868if (*ss == '@')
1869 {
32d668a5
PH		 1870 if (ss[1] == 0)
1871 {
1872 if (isiponly) return ERROR;
1873 ss = primary_hostname;
1874 }
059ec3d9
PH		 1875 else if (Ustrcmp(ss, "@[]") == 0)
1876 {
1877 ip_address_item *ip;
1878 for (ip = host_find_interfaces(); ip != NULL; ip = ip->next)
1879 if (Ustrcmp(ip->address, cb->host_address) == 0) return OK;
1880 return FAIL;
1881 }
1882 }
1883
1884/* If the pattern is an IP address, optionally followed by a bitmask count, do
1885a (possibly masked) comparision with the current IP address. */
1886
a5a28604 1887if (string_is_ip_address(ss, &maskoffset) > 0)
059ec3d9
PH		 1888 return (host_is_in_net(cb->host_address, ss, maskoffset)? OK : FAIL);
1889
32d668a5 1890/* See if there is a semicolon in the pattern */
059ec3d9 1891
32d668a5
PH		 1892semicolon = Ustrchr(ss, ';');
1893
1894/* If we are doing an IP address only match, then all lookups must be IP
1895address lookups. */
1896
1897if (isiponly)
059ec3d9 1898 {
32d668a5
PH		 1899 iplookup = semicolon != NULL;
1900 }
059ec3d9 1901
32d668a5
PH		 1902/* Otherwise, if the item is of the form net[n]-lookup;<file|query> then it is
1903a lookup on a masked IP network, in textual form. The net- stuff really only
1904applies to single-key lookups where the key is implicit. For query-style
1905lookups the key is specified in the query. From release 4.30, the use of net-
1906for query style is no longer needed, but we retain it for backward
1907compatibility. */
059ec3d9 1908
32d668a5
PH		 1909else if (Ustrncmp(ss, "net", 3) == 0 && semicolon != NULL)
1910 {
1911 mlen = 0;
1912 for (t = ss + 3; isdigit(*t); t++) mlen = mlen * 10 + *t - '0';
1913 if (mlen == 0 && t == ss+3) mlen = -1; /* No mask supplied */
1914 iplookup = (*t++ == '-');
1915 }
059ec3d9 1916
32d668a5 1917/* Do the IP address lookup if that is indeed what we have */
059ec3d9 1918
32d668a5
PH		 1919if (iplookup)
1920 {
1921 int insize;
1922 int search_type;
1923 int incoming[4];
1924 void *handle;
1925 uschar *filename, *key, *result;
1926 uschar buffer[64];
059ec3d9 1927
32d668a5 1928 /* Find the search type */
059ec3d9 1929
32d668a5 1930 search_type = search_findtype(t, semicolon - t);
059ec3d9 1931
32d668a5
PH		 1932 if (search_type < 0) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s",
1933 search_error_message);
059ec3d9 1934
32d668a5
PH		 1935 /* Adjust parameters for the type of lookup. For a query-style
1936 lookup, there is no file name, and the "key" is just the query. For
1937 a single-key lookup, the key is the current IP address, masked
1938 appropriately, and reconverted to text form, with the mask appended.
1939 For IPv6 addresses, specify dot separators instead of colons. */
059ec3d9 1940
32d668a5
PH		 1941 if (mac_islookup(search_type, lookup_querystyle))
1942 {
1943 filename = NULL;
1944 key = semicolon + 1;
1945 }
1946 else
1947 {
1948 insize = host_aton(cb->host_address, incoming);
1949 host_mask(insize, incoming, mlen);
1950 (void)host_nmtoa(insize, incoming, mlen, buffer, '.');
1951 key = buffer;
1952 filename = semicolon + 1;
059ec3d9 1953 }
32d668a5
PH		 1954
1955 /* Now do the actual lookup; note that there is no search_close() because
1956 of the caching arrangements. */
1957
1958 handle = search_open(filename, search_type, 0, NULL, NULL);
1959 if (handle == NULL) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s",
1960 search_error_message);
1961 result = search_find(handle, filename, key, -1, NULL, 0, 0, NULL);
1962 if (valueptr != NULL) *valueptr = result;
1963 return (result != NULL)? OK : search_find_defer? DEFER: FAIL;
059ec3d9
PH		 1964 }
1965
1966/* The pattern is not an IP address or network reference of any kind. That is,
32d668a5
PH		 1967it is a host name pattern. If this is an IP only match, there's an error in the
1968host list. */
1969
1970if (isiponly)
1971 {
1972 *error = US"cannot match host name in match_ip list";
1973 return ERROR;
1974 }
1975
1976/* Check the characters of the pattern to see if they comprise only letters,
1977digits, full stops, and hyphens (the constituents of domain names). Allow
1978underscores, as they are all too commonly found. Sigh. Also, if
1979allow_utf8_domains is set, allow top-bit characters. */
059ec3d9
PH		 1980
1981for (t = ss; *t != 0; t++)
1982 if (!isalnum(*t) && *t != '.' && *t != '-' && *t != '_' &&
1983 (!allow_utf8_domains || *t < 128)) break;
1984
1985/* If the pattern is a complete domain name, with no fancy characters, look up
1986its IP address and match against that. Note that a multi-homed host will add
1987items to the chain. */
1988
1989if (*t == 0)
1990 {
1991 int rc;
1992 host_item h;
1993 h.next = NULL;
1994 h.name = ss;
1995 h.address = NULL;
1996 h.mx = MX_NONE;
1997 rc = host_find_byname(&h, NULL, NULL, FALSE);
1998 if (rc == HOST_FOUND || rc == HOST_FOUND_LOCAL)
1999 {
2000 host_item *hh;
2001 for (hh = &h; hh != NULL; hh = hh->next)
2002 {
2003 if (Ustrcmp(hh->address, (Ustrchr(hh->address, ':') == NULL)?
2004 cb->host_ipv4 : cb->host_address) == 0)
2005 return OK;
2006 }
2007 return FAIL;
2008 }
2009 if (rc == HOST_FIND_AGAIN) return DEFER;
2010 *error = string_sprintf("failed to find IP address for %s", ss);
2011 return ERROR;
2012 }
2013
2014/* Almost all subsequent comparisons require the host name, and can be done
2015using the general string matching function. When this function is called for
2016outgoing hosts, the name is always given explicitly. If it is NULL, it means we
2017must use sender_host_name and its aliases, looking them up if necessary. */
2018
2019if (cb->host_name != NULL) /* Explicit host name given */
2020 return match_check_string(cb->host_name, ss, -1, TRUE, TRUE, TRUE,
2021 valueptr);
2022
2023/* Host name not given; in principle we need the sender host name and its
2024aliases. However, for query-style lookups, we do not need the name if the
2025query does not contain $sender_host_name. From release 4.23, a reference to
2026$sender_host_name causes it to be looked up, so we don't need to do the lookup
2027on spec. */
2028
2029if ((semicolon = Ustrchr(ss, ';')) != NULL)
2030 {
2031 uschar *affix;
2032 int partial, affixlen, starflags, id;
2033
2034 *semicolon = 0;
2035 id = search_findtype_partial(ss, &partial, &affix, &affixlen, &starflags);
2036 *semicolon=';';
2037
2038 if (id < 0) /* Unknown lookup type */
2039 {
2040 log_write(0, LOG_MAIN|LOG_PANIC, "%s in host list item \"%s\"",
2041 search_error_message, ss);
2042 return DEFER;
2043 }
2044 isquery = mac_islookup(id, lookup_querystyle);
2045 }
2046
2047if (isquery)
2048 {
2049 switch(match_check_string(US"", ss, -1, TRUE, TRUE, TRUE, valueptr))
2050 {
2051 case OK: return OK;
2052 case DEFER: return DEFER;
2053 default: return FAIL;
2054 }
2055 }
2056
2057/* Not a query-style lookup; must ensure the host name is present, and then we
2058do a check on the name and all its aliases. */
2059
2060if (sender_host_name == NULL)
2061 {
2062 HDEBUG(D_host_lookup)
2063 debug_printf("sender host name required, to match against %s\n", ss);
2064 if (host_lookup_failed || host_name_lookup() != OK)
2065 {
2066 *error = string_sprintf("failed to find host name for %s",
2067 sender_host_address);;
2068 return ERROR;
2069 }
2070 host_build_sender_fullhost();
2071 }
2072
2073/* Match on the sender host name, using the general matching function */
2074
2075switch(match_check_string(sender_host_name, ss, -1, TRUE, TRUE, TRUE,
2076 valueptr))
2077 {
2078 case OK: return OK;
2079 case DEFER: return DEFER;
2080 }
2081
2082/* If there are aliases, try matching on them. */
2083
2084aliases = sender_host_aliases;
2085while (*aliases != NULL)
2086 {
2087 switch(match_check_string(*aliases++, ss, -1, TRUE, TRUE, TRUE, valueptr))
2088 {
2089 case OK: return OK;
2090 case DEFER: return DEFER;
2091 }
2092 }
2093return FAIL;
2094}
2095
2096
2097
2098
2099/*************************************************
2100* Check a specific host matches a host list *
2101*************************************************/
2102
2103/* This function is passed a host list containing items in a number of
2104different formats and the identity of a host. Its job is to determine whether
2105the given host is in the set of hosts defined by the list. The host name is
2106passed as a pointer so that it can be looked up if needed and not already
2107known. This is commonly the case when called from verify_check_host() to check
2108an incoming connection. When called from elsewhere the host name should usually
2109be set.
2110
2111This function is now just a front end to match_check_list(), which runs common
2112code for scanning a list. We pass it the check_host() function to perform a
2113single test.
2114
2115Arguments:
2116 listptr pointer to the host list
2117 cache_bits pointer to cache for named lists, or NULL
2118 host_name the host name or NULL, implying use sender_host_name and
2119 sender_host_aliases, looking them up if required
2120 host_address the IP address
2121 valueptr if not NULL, data from a lookup is passed back here
2122
2123Returns: OK if the host is in the defined set
2124 FAIL if the host is not in the defined set,
2125 DEFER if a data lookup deferred (not a host lookup)
2126
2127If the host name was needed in order to make a comparison, and could not be
2128determined from the IP address, the result is FAIL unless the item
2129"+allow_unknown" was met earlier in the list, in which case OK is returned. */
2130
2131int
2132verify_check_this_host(uschar **listptr, unsigned int *cache_bits,
2133 uschar *host_name, uschar *host_address, uschar **valueptr)
2134{
d4eb88df 2135int rc;
059ec3d9 2136unsigned int *local_cache_bits = cache_bits;
d4eb88df 2137uschar *save_host_address = deliver_host_address;
059ec3d9
PH		 2138check_host_block cb;
2139cb.host_name = host_name;
2140cb.host_address = host_address;
2141
2142if (valueptr != NULL) *valueptr = NULL;
2143
2144/* If the host address starts off ::ffff: it is an IPv6 address in
2145IPv4-compatible mode. Find the IPv4 part for checking against IPv4
2146addresses. */
2147
2148cb.host_ipv4 = (Ustrncmp(host_address, "::ffff:", 7) == 0)?
2149 host_address + 7 : host_address;
2150
8e669ac1
PH		 2151/* During the running of the check, put the IP address into $host_address. In
2152the case of calls from the smtp transport, it will already be there. However,
2153in other calls (e.g. when testing ignore_target_hosts), it won't. Just to be on
d4eb88df
PH		 2154the safe side, any existing setting is preserved, though as I write this
2155(November 2004) I can't see any cases where it is actually needed. */
2156
2157deliver_host_address = host_address;
2158rc = match_check_list(
2159 listptr, /* the list */
2160 0, /* separator character */
2161 &hostlist_anchor, /* anchor pointer */
2162 &local_cache_bits, /* cache pointer */
2163 check_host, /* function for testing */
2164 &cb, /* argument for function */
2165 MCL_HOST, /* type of check */
8e669ac1 2166 (host_address == sender_host_address)?
d4eb88df
PH		 2167 US"host" : host_address, /* text for debugging */
2168 valueptr); /* where to pass back data */
2169deliver_host_address = save_host_address;
8e669ac1 2170return rc;
059ec3d9
PH		 2171}
2172
2173
2174
2175
2176/*************************************************
2177* Check the remote host matches a list *
2178*************************************************/
2179
2180/* This is a front end to verify_check_this_host(), created because checking
2181the remote host is a common occurrence. With luck, a good compiler will spot
2182the tail recursion and optimize it. If there's no host address, this is
2183command-line SMTP input - check against an empty string for the address.
2184
2185Arguments:
2186 listptr pointer to the host list
2187
2188Returns: the yield of verify_check_this_host(),
2189 i.e. OK, FAIL, or DEFER
2190*/
2191
2192int
2193verify_check_host(uschar **listptr)
2194{
2195return verify_check_this_host(listptr, sender_host_cache, NULL,
2196 (sender_host_address == NULL)? US"" : sender_host_address, NULL);
2197}
2198
2199
2200
2201
2202
2203/*************************************************
2204* Invert an IP address for a DNS black list *
2205*************************************************/
2206
2207/*
2208Arguments:
2209 buffer where to put the answer
2210 address the address to invert
2211*/
2212
2213static void
2214invert_address(uschar *buffer, uschar *address)
2215{
2216int bin[4];
2217uschar *bptr = buffer;
2218
2219/* If this is an IPv4 address mapped into IPv6 format, adjust the pointer
2220to the IPv4 part only. */
2221
2222if (Ustrncmp(address, "::ffff:", 7) == 0) address += 7;
2223
2224/* Handle IPv4 address: when HAVE_IPV6 is false, the result of host_aton() is
2225always 1. */
2226
2227if (host_aton(address, bin) == 1)
2228 {
2229 int i;
2230 int x = bin[0];
2231 for (i = 0; i < 4; i++)
2232 {
2233 sprintf(CS bptr, "%d.", x & 255);
2234 while (*bptr) bptr++;
2235 x >>= 8;
2236 }
2237 }
2238
2239/* Handle IPv6 address. Actually, as far as I know, there are no IPv6 addresses
2240in any DNS black lists, and the format in which they will be looked up is
2241unknown. This is just a guess. */
2242
2243#if HAVE_IPV6
2244else
2245 {
2246 int i, j;
2247 for (j = 3; j >= 0; j--)
2248 {
2249 int x = bin[j];
2250 for (i = 0; i < 8; i++)
2251 {
2252 sprintf(CS bptr, "%x.", x & 15);
2253 while (*bptr) bptr++;
2254 x >>= 4;
2255 }
2256 }
2257 }
2258#endif
2259}
2260
2261
2262
0bcb2a0e
PH		 2263/*************************************************
2264* Perform a single dnsbl lookup *
2265*************************************************/
2266
2267/* This function is called from verify_check_dnsbl() below.
2268
2269Arguments:
2270 domain the outer dnsbl domain (for debug message)
8e669ac1 2271 keydomain the current keydomain (for debug message)
0bcb2a0e 2272 query the domain to be looked up
8e669ac1
PH		 2273 iplist the list of matching IP addresses
2274 bitmask true if bitmask matching is wanted
2275 invert_result true if result to be inverted
2276 defer_return what to return for a defer
0bcb2a0e
PH		 2277
2278Returns: OK if lookup succeeded
2279 FAIL if not
2280*/
2281
2282static int
8e669ac1 2283one_check_dnsbl(uschar *domain, uschar *keydomain, uschar *query,
0bcb2a0e 2284 uschar *iplist, BOOL bitmask, BOOL invert_result, int defer_return)
8e669ac1 2285{
0bcb2a0e
PH		 2286dns_answer dnsa;
2287dns_scan dnss;
2288tree_node *t;
2289dnsbl_cache_block *cb;
2290int old_pool = store_pool;
2291
2292/* Look for this query in the cache. */
2293
2294t = tree_search(dnsbl_cache, query);
2295
2296/* If not cached from a previous lookup, we must do a DNS lookup, and
2297cache the result in permanent memory. */
2298
2299if (t == NULL)
2300 {
2301 store_pool = POOL_PERM;
2302
2303 /* Set up a tree entry to cache the lookup */
2304
2305 t = store_get(sizeof(tree_node) + Ustrlen(query));
2306 Ustrcpy(t->name, query);
2307 t->data.ptr = cb = store_get(sizeof(dnsbl_cache_block));
2308 (void)tree_insertnode(&dnsbl_cache, t);
2309
2310 /* Do the DNS loopup . */
2311
2312 HDEBUG(D_dnsbl) debug_printf("new DNS lookup for %s\n", query);
2313 cb->rc = dns_basic_lookup(&dnsa, query, T_A);
2314 cb->text_set = FALSE;
2315 cb->text = NULL;
2316 cb->rhs = NULL;
2317
2318 /* If the lookup succeeded, cache the RHS address. The code allows for
2319 more than one address - this was for complete generality and the possible
2320 use of A6 records. However, A6 records have been reduced to experimental
2321 status (August 2001) and may die out. So they may never get used at all,
2322 let alone in dnsbl records. However, leave the code here, just in case.
2323
2324 Quite apart from one A6 RR generating multiple addresses, there are DNS
2325 lists that return more than one A record, so we must handle multiple
2326 addresses generated in that way as well. */
2327
2328 if (cb->rc == DNS_SUCCEED)
2329 {
2330 dns_record *rr;
2331 dns_address **addrp = &(cb->rhs);
2332 for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);
2333 rr != NULL;
2334 rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT))
2335 {
2336 if (rr->type == T_A)
2337 {
2338 dns_address *da = dns_address_from_rr(&dnsa, rr);
2339 if (da != NULL)
2340 {
2341 *addrp = da;
2342 while (da->next != NULL) da = da->next;
2343 addrp = &(da->next);
2344 }
2345 }
2346 }
2347
2348 /* If we didn't find any A records, change the return code. This can
2349 happen when there is a CNAME record but there are no A records for what
2350 it points to. */
2351
2352 if (cb->rhs == NULL) cb->rc = DNS_NODATA;
2353 }
2354
2355 store_pool = old_pool;
2356 }
2357
2358/* Previous lookup was cached */
2359
2360else
2361 {
2362 HDEBUG(D_dnsbl) debug_printf("using result of previous DNS lookup\n");
2363 cb = t->data.ptr;
2364 }
2365
2366/* We now have the result of the DNS lookup, either newly done, or cached
2367from a previous call. If the lookup succeeded, check against the address
2368list if there is one. This may be a positive equality list (introduced by
2369"="), a negative equality list (introduced by "!="), a positive bitmask
2370list (introduced by "&"), or a negative bitmask list (introduced by "!&").*/
2371
2372if (cb->rc == DNS_SUCCEED)
2373 {
2374 dns_address *da = NULL;
2375 uschar *addlist = cb->rhs->address;
2376
2377 /* For A and AAAA records, there may be multiple addresses from multiple
2378 records. For A6 records (currently not expected to be used) there may be
2379 multiple addresses from a single record. */
2380
2381 for (da = cb->rhs->next; da != NULL; da = da->next)
2382 addlist = string_sprintf("%s, %s", addlist, da->address);
2383
2384 HDEBUG(D_dnsbl) debug_printf("DNS lookup for %s succeeded (yielding %s)\n",
2385 query, addlist);
2386
2387 /* Address list check; this can be either for equality, or via a bitmask.
2388 In the latter case, all the bits must match. */
2389
2390 if (iplist != NULL)
2391 {
2392 int ipsep = ',';
2393 uschar ip[46];
2394 uschar *ptr = iplist;
2395
2396 while (string_nextinlist(&ptr, &ipsep, ip, sizeof(ip)) != NULL)
2397 {
2398 /* Handle exact matching */
2399 if (!bitmask)
2400 {
2401 for (da = cb->rhs; da != NULL; da = da->next)
2402 {
2403 if (Ustrcmp(CS da->address, ip) == 0) break;
2404 }
2405 }
2406 /* Handle bitmask matching */
2407 else
2408 {
2409 int address[4];
2410 int mask = 0;
2411
2412 /* At present, all known DNS blocking lists use A records, with
2413 IPv4 addresses on the RHS encoding the information they return. I
2414 wonder if this will linger on as the last vestige of IPv4 when IPv6
2415 is ubiquitous? Anyway, for now we use paranoia code to completely
2416 ignore IPv6 addresses. The default mask is 0, which always matches.
2417 We change this only for IPv4 addresses in the list. */
2418
2419 if (host_aton(ip, address) == 1) mask = address[0];
2420
2421 /* Scan the returned addresses, skipping any that are IPv6 */
2422
2423 for (da = cb->rhs; da != NULL; da = da->next)
2424 {
2425 if (host_aton(da->address, address) != 1) continue;
2426 if ((address[0] & mask) == mask) break;
2427 }
2428 }
2429
2430 /* Break out if a match has been found */
2431
2432 if (da != NULL) break;
2433 }
2434
2435 /* If either
2436
2437 (a) No IP address in a positive list matched, or
2438 (b) An IP address in a negative list did match
2439
2440 then behave as if the DNSBL lookup had not succeeded, i.e. the host is
2441 not on the list. */
2442
2443 if (invert_result != (da == NULL))
2444 {
2445 HDEBUG(D_dnsbl)
2446 {
2447 debug_printf("=> but we are not accepting this block class because\n");
2448 debug_printf("=> there was %s match for %c%s\n",
2449 invert_result? "an exclude":"no", bitmask? '&' : '=', iplist);
2450 }
8e669ac1 2451 return FAIL;
0bcb2a0e
PH		 2452 }
2453 }
2454
2455 /* Either there was no IP list, or the record matched. Look up a TXT record
2456 if it hasn't previously been done. */
2457
2458 if (!cb->text_set)
2459 {
2460 cb->text_set = TRUE;
2461 if (dns_basic_lookup(&dnsa, query, T_TXT) == DNS_SUCCEED)
2462 {
2463 dns_record *rr;
2464 for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);
2465 rr != NULL;
2466 rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT))
2467 if (rr->type == T_TXT) break;
2468 if (rr != NULL)
2469 {
2470 int len = (rr->data)[0];
2471 if (len > 511) len = 127;
2472 store_pool = POOL_PERM;
2473 cb->text = string_sprintf("%.*s", len, (const uschar *)(rr->data+1));
2474 store_pool = old_pool;
2475 }
2476 }
2477 }
2478
2479 dnslist_value = addlist;
2480 dnslist_text = cb->text;
2481 return OK;
2482 }
2483
2484/* There was a problem with the DNS lookup */
2485
2486if (cb->rc != DNS_NOMATCH && cb->rc != DNS_NODATA)
2487 {
2488 log_write(L_dnslist_defer, LOG_MAIN,
2489 "DNS list lookup defer (probably timeout) for %s: %s", query,
2490 (defer_return == OK)? US"assumed in list" :
2491 (defer_return == FAIL)? US"assumed not in list" :
2492 US"returned DEFER");
2493 return defer_return;
2494 }
2495
2496/* No entry was found in the DNS; continue for next domain */
2497
2498HDEBUG(D_dnsbl)
2499 {
2500 debug_printf("DNS lookup for %s failed\n", query);
2501 debug_printf("=> that means %s is not listed at %s\n",
2502 keydomain, domain);
2503 }
2504
2505return FAIL;
2506}
2507
2508
2509
2510
059ec3d9
PH		 2511/*************************************************
2512* Check host against DNS black lists *
2513*************************************************/
2514
2515/* This function runs checks against a list of DNS black lists, until one
2516matches. Each item on the list can be of the form
2517
2518 domain=ip-address/key
2519
2520The domain is the right-most domain that is used for the query, for example,
2521blackholes.mail-abuse.org. If the IP address is present, there is a match only
2522if the DNS lookup returns a matching IP address. Several addresses may be
2523given, comma-separated, for example: x.y.z=127.0.0.1,127.0.0.2.
2524
2525If no key is given, what is looked up in the domain is the inverted IP address
2526of the current client host. If a key is given, it is used to construct the
2527domain for the lookup. For example,
2528
2529 dsn.rfc-ignorant.org/$sender_address_domain
2530
2531After finding a match in the DNS, the domain is placed in $dnslist_domain, and
2532then we check for a TXT record for an error message, and if found, save its
2533value in $dnslist_text. We also cache everything in a tree, to optimize
2534multiple lookups.
2535
2536Note: an address for testing RBL is 192.203.178.39
2537Note: an address for testing DUL is 192.203.178.4
2538Note: a domain for testing RFCI is example.tld.dsn.rfc-ignorant.org
2539
2540Arguments:
2541 listptr the domain/address/data list
2542
2543Returns: OK successful lookup (i.e. the address is on the list), or
2544 lookup deferred after +include_unknown
2545 FAIL name not found, or no data found for the given type, or
2546 lookup deferred after +exclude_unknown (default)
2547 DEFER lookup failure, if +defer_unknown was set
2548*/
2549
2550int
2551verify_check_dnsbl(uschar **listptr)
2552{
2553int sep = 0;
2554int defer_return = FAIL;
059ec3d9
PH		 2555BOOL invert_result = FALSE;
2556uschar *list = *listptr;
2557uschar *domain;
2558uschar *s;
2559uschar buffer[1024];
2560uschar query[256]; /* DNS domain max length */
2561uschar revadd[128]; /* Long enough for IPv6 address */
2562
2563/* Indicate that the inverted IP address is not yet set up */
2564
2565revadd[0] = 0;
2566
0bcb2a0e
PH		 2567/* In case this is the first time the DNS resolver is being used. */
2568
2569dns_init(FALSE, FALSE);
2570
059ec3d9
PH		 2571/* Loop through all the domains supplied, until something matches */
2572
2573while ((domain = string_nextinlist(&list, &sep, buffer, sizeof(buffer))) != NULL)
2574 {
0bcb2a0e 2575 int rc;
059ec3d9
PH		 2576 BOOL frc;
2577 BOOL bitmask = FALSE;
059ec3d9
PH		 2578 uschar *iplist;
2579 uschar *key;
059ec3d9
PH		 2580
2581 HDEBUG(D_dnsbl) debug_printf("DNS list check: %s\n", domain);
2582
2583 /* Deal with special values that change the behaviour on defer */
2584
2585 if (domain[0] == '+')
2586 {
2587 if (strcmpic(domain, US"+include_unknown") == 0) defer_return = OK;
2588 else if (strcmpic(domain, US"+exclude_unknown") == 0) defer_return = FAIL;
2589 else if (strcmpic(domain, US"+defer_unknown") == 0) defer_return = DEFER;
2590 else
2591 log_write(0, LOG_MAIN|LOG_PANIC, "unknown item in dnslist (ignored): %s",
2592 domain);
2593 continue;
2594 }
2595
2596 /* See if there's explicit data to be looked up */
2597
2598 key = Ustrchr(domain, '/');
2599 if (key != NULL) *key++ = 0;
2600
2601 /* See if there's a list of addresses supplied after the domain name. This is
2602 introduced by an = or a & character; if preceded by ! we invert the result.
2603 */
2604
2605 iplist = Ustrchr(domain, '=');
2606 if (iplist == NULL)
2607 {
2608 bitmask = TRUE;
2609 iplist = Ustrchr(domain, '&');
2610 }
2611
2612 if (iplist != NULL)
2613 {
2614 if (iplist > domain && iplist[-1] == '!')
2615 {
2616 invert_result = TRUE;
2617 iplist[-1] = 0;
2618 }
2619 *iplist++ = 0;
2620 }
2621
2622 /* Check that what we have left is a sensible domain name. There is no reason
2623 why these domains should in fact use the same syntax as hosts and email
2624 domains, but in practice they seem to. However, there is little point in
2625 actually causing an error here, because that would no doubt hold up incoming
2626 mail. Instead, I'll just log it. */
2627
2628 for (s = domain; *s != 0; s++)
2629 {
2630 if (!isalnum(*s) && *s != '-' && *s != '.')
2631 {
2632 log_write(0, LOG_MAIN, "dnslists domain \"%s\" contains "
2633 "strange characters - is this right?", domain);
2634 break;
2635 }
2636 }
2637
8e669ac1 2638 /* If there is no key string, construct the query by adding the domain name
0bcb2a0e 2639 onto the inverted host address, and perform a single DNS lookup. */
8e669ac1 2640
059ec3d9
PH		 2641 if (key == NULL)
2642 {
2643 if (sender_host_address == NULL) return FAIL; /* can never match */
2644 if (revadd[0] == 0) invert_address(revadd, sender_host_address);
2645 frc = string_format(query, sizeof(query), "%s%s", revadd, domain);
8e669ac1 2646
0bcb2a0e 2647 if (!frc)
059ec3d9 2648 {
0bcb2a0e
PH		 2649 log_write(0, LOG_MAIN|LOG_PANIC, "dnslist query is too long "
2650 "(ignored): %s...", query);
2651 continue;
059ec3d9 2652 }
8e669ac1
PH		 2653
2654 rc = one_check_dnsbl(domain, sender_host_address, query, iplist, bitmask,
0bcb2a0e 2655 invert_result, defer_return);
8e669ac1 2656
0bcb2a0e
PH		 2657 if (rc == OK)
2658 {
2659 dnslist_domain = string_copy(domain);
8e669ac1 2660 HDEBUG(D_dnsbl) debug_printf("=> that means %s is listed at %s\n",
0bcb2a0e
PH		 2661 sender_host_address, domain);
2662 }
8e669ac1 2663
0bcb2a0e 2664 if (rc != FAIL) return rc; /* OK or DEFER */
059ec3d9 2665 }
8e669ac1
PH		 2666
2667 /* If there is a key string, it can be a list of domains or IP addresses to
0bcb2a0e 2668 be concatenated with the main domain. */
8e669ac1 2669
059ec3d9
PH		 2670 else
2671 {
0bcb2a0e 2672 int keysep = 0;
8e669ac1
PH		 2673 BOOL defer = FALSE;
2674 uschar *keydomain;
0bcb2a0e 2675 uschar keybuffer[256];
8e669ac1
PH		 2676
2677 while ((keydomain = string_nextinlist(&key, &keysep, keybuffer,
0bcb2a0e 2678 sizeof(keybuffer))) != NULL)
8e669ac1 2679 {
a5a28604 2680 if (string_is_ip_address(keydomain, NULL) > 0)
059ec3d9 2681 {
0bcb2a0e
PH		 2682 uschar keyrevadd[128];
2683 invert_address(keyrevadd, keydomain);
8e669ac1 2684 frc = string_format(query, sizeof(query), "%s%s", keyrevadd, domain);
0bcb2a0e
PH		 2685 }
2686 else
8e669ac1 2687 {
0bcb2a0e 2688 frc = string_format(query, sizeof(query), "%s.%s", keydomain, domain);
059ec3d9
PH		 2689 }
2690
0bcb2a0e 2691 if (!frc)
059ec3d9 2692 {
0bcb2a0e
PH		 2693 log_write(0, LOG_MAIN|LOG_PANIC, "dnslist query is too long "
2694 "(ignored): %s...", query);
2695 continue;
059ec3d9 2696 }
8e669ac1
PH		 2697
2698 rc = one_check_dnsbl(domain, keydomain, query, iplist, bitmask,
0bcb2a0e 2699 invert_result, defer_return);
8e669ac1 2700
0bcb2a0e 2701 if (rc == OK)
059ec3d9 2702 {
0bcb2a0e 2703 dnslist_domain = string_copy(domain);
8e669ac1 2704 HDEBUG(D_dnsbl) debug_printf("=> that means %s is listed at %s\n",
0bcb2a0e 2705 keydomain, domain);
8e669ac1 2706 return OK;
059ec3d9 2707 }
8e669ac1 2708
c38d6da9
PH		 2709 /* If the lookup deferred, remember this fact. We keep trying the rest
2710 of the list to see if we get a useful result, and if we don't, we return
2711 DEFER at the end. */
059ec3d9 2712
c38d6da9 2713 if (rc == DEFER) defer = TRUE;
0bcb2a0e 2714 } /* continue with next keystring domain/address */
c38d6da9
PH		 2715
2716 if (defer) return DEFER;
8e669ac1 2717 }
0bcb2a0e 2718 } /* continue with next dnsdb outer domain */
059ec3d9
PH		 2719
2720return FAIL;
2721}
2722
2723/* End of verify.c */
Unnamed repository; edit this file 'description' to name the repository.