projects / exim.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Add log_reject_target as an ACL modifier.
[exim.git] / src / src / verify.c
CommitLineData
2b1c6e3a 1/* $Cambridge: exim/src/src/verify.c,v 1.38 2006/09/05 13:24:10 ph10 Exp $ */
059ec3d9
PH		 2
3/*************************************************
4* Exim - an Internet mail transport agent *
5*************************************************/
6
d7d7b7b9 7/* Copyright (c) University of Cambridge 1995 - 2006 */
059ec3d9
PH		 8/* See the file NOTICE for conditions of use and distribution. */
9
10/* Functions concerned with verifying things. The original code for callout
11caching was contributed by Kevin Fleming (but I hacked it around a bit). */
12
13
14#include "exim.h"
15
16
17/* Structure for caching DNSBL lookups */
18
19typedef struct dnsbl_cache_block {
20 dns_address *rhs;
21 uschar *text;
22 int rc;
23 BOOL text_set;
24} dnsbl_cache_block;
25
26
27/* Anchor for DNSBL cache */
28
29static tree_node *dnsbl_cache = NULL;
30
31
32
33/*************************************************
34* Retrieve a callout cache record *
35*************************************************/
36
37/* If a record exists, check whether it has expired.
38
39Arguments:
40 dbm_file an open hints file
41 key the record key
42 type "address" or "domain"
43 positive_expire expire time for positive records
44 negative_expire expire time for negative records
45
46Returns: the cache record if a non-expired one exists, else NULL
47*/
48
49static dbdata_callout_cache *
50get_callout_cache_record(open_db *dbm_file, uschar *key, uschar *type,
51 int positive_expire, int negative_expire)
52{
53BOOL negative;
54int length, expire;
55time_t now;
56dbdata_callout_cache *cache_record;
57
58cache_record = dbfn_read_with_length(dbm_file, key, &length);
59
60if (cache_record == NULL)
61 {
62 HDEBUG(D_verify) debug_printf("callout cache: no %s record found\n", type);
63 return NULL;
64 }
65
66/* We treat a record as "negative" if its result field is not positive, or if
67it is a domain record and the postmaster field is negative. */
68
69negative = cache_record->result != ccache_accept ||
70 (type[0] == 'd' && cache_record->postmaster_result == ccache_reject);
71expire = negative? negative_expire : positive_expire;
72now = time(NULL);
73
74if (now - cache_record->time_stamp > expire)
75 {
76 HDEBUG(D_verify) debug_printf("callout cache: %s record expired\n", type);
77 return NULL;
78 }
79
80/* If this is a non-reject domain record, check for the obsolete format version
81that doesn't have the postmaster and random timestamps, by looking at the
82length. If so, copy it to a new-style block, replicating the record's
83timestamp. Then check the additional timestamps. (There's no point wasting
84effort if connections are rejected.) */
85
86if (type[0] == 'd' && cache_record->result != ccache_reject)
87 {
88 if (length == sizeof(dbdata_callout_cache_obs))
89 {
90 dbdata_callout_cache *new = store_get(sizeof(dbdata_callout_cache));
91 memcpy(new, cache_record, length);
92 new->postmaster_stamp = new->random_stamp = new->time_stamp;
93 cache_record = new;
94 }
95
96 if (now - cache_record->postmaster_stamp > expire)
97 cache_record->postmaster_result = ccache_unknown;
98
99 if (now - cache_record->random_stamp > expire)
100 cache_record->random_result = ccache_unknown;
101 }
102
103HDEBUG(D_verify) debug_printf("callout cache: found %s record\n", type);
104return cache_record;
105}
106
107
108
109/*************************************************
110* Do callout verification for an address *
111*************************************************/
112
113/* This function is called from verify_address() when the address has routed to
114a host list, and a callout has been requested. Callouts are expensive; that is
115why a cache is used to improve the efficiency.
116
117Arguments:
118 addr the address that's been routed
119 host_list the list of hosts to try
120 tf the transport feedback block
121
122 ifstring "interface" option from transport, or NULL
123 portstring "port" option from transport, or NULL
124 protocolstring "protocol" option from transport, or NULL
125 callout the per-command callout timeout
4deaf07d
PH		 126 callout_overall the overall callout timeout (if < 0 use 4*callout)
127 callout_connect the callout connection timeout (if < 0 use callout)
059ec3d9
PH		 128 options the verification options - these bits are used:
129 vopt_is_recipient => this is a recipient address
130 vopt_callout_no_cache => don't use callout cache
2a4be8f9 131 vopt_callout_fullpm => if postmaster check, do full one
059ec3d9
PH		 132 vopt_callout_random => do the "random" thing
133 vopt_callout_recipsender => use real sender for recipient
134 vopt_callout_recippmaster => use postmaster for recipient
135 se_mailfrom MAIL FROM address for sender verify; NULL => ""
136 pm_mailfrom if non-NULL, do the postmaster check with this sender
137
138Returns: OK/FAIL/DEFER
139*/
140
141static int
142do_callout(address_item *addr, host_item *host_list, transport_feedback *tf,
8e669ac1 143 int callout, int callout_overall, int callout_connect, int options,
4deaf07d 144 uschar *se_mailfrom, uschar *pm_mailfrom)
059ec3d9
PH		 145{
146BOOL is_recipient = (options & vopt_is_recipient) != 0;
147BOOL callout_no_cache = (options & vopt_callout_no_cache) != 0;
148BOOL callout_random = (options & vopt_callout_random) != 0;
149
150int yield = OK;
2b1c6e3a 151int old_domain_cache_result = ccache_accept;
059ec3d9
PH		 152BOOL done = FALSE;
153uschar *address_key;
154uschar *from_address;
155uschar *random_local_part = NULL;
750af86e 156uschar *save_deliver_domain = deliver_domain;
8e669ac1 157uschar **failure_ptr = is_recipient?
2c7db3f5 158 &recipient_verify_failure : &sender_verify_failure;
059ec3d9
PH		 159open_db dbblock;
160open_db *dbm_file = NULL;
161dbdata_callout_cache new_domain_record;
162dbdata_callout_cache_address new_address_record;
163host_item *host;
164time_t callout_start_time;
165
166new_domain_record.result = ccache_unknown;
167new_domain_record.postmaster_result = ccache_unknown;
168new_domain_record.random_result = ccache_unknown;
169
170memset(&new_address_record, 0, sizeof(new_address_record));
171
172/* For a recipient callout, the key used for the address cache record must
173include the sender address if we are using the real sender in the callout,
174because that may influence the result of the callout. */
175
176address_key = addr->address;
177from_address = US"";
178
179if (is_recipient)
180 {
181 if ((options & vopt_callout_recipsender) != 0)
182 {
183 address_key = string_sprintf("%s/<%s>", addr->address, sender_address);
184 from_address = sender_address;
185 }
186 else if ((options & vopt_callout_recippmaster) != 0)
187 {
188 address_key = string_sprintf("%s/<postmaster@%s>", addr->address,
189 qualify_domain_sender);
190 from_address = string_sprintf("postmaster@%s", qualify_domain_sender);
191 }
192 }
193
194/* For a sender callout, we must adjust the key if the mailfrom address is not
195empty. */
196
197else
198 {
199 from_address = (se_mailfrom == NULL)? US"" : se_mailfrom;
200 if (from_address[0] != 0)
201 address_key = string_sprintf("%s/<%s>", addr->address, from_address);
202 }
203
204/* Open the callout cache database, it it exists, for reading only at this
205stage, unless caching has been disabled. */
206
207if (callout_no_cache)
208 {
209 HDEBUG(D_verify) debug_printf("callout cache: disabled by no_cache\n");
210 }
211else if ((dbm_file = dbfn_open(US"callout", O_RDWR, &dbblock, FALSE)) == NULL)
212 {
213 HDEBUG(D_verify) debug_printf("callout cache: not available\n");
214 }
215
216/* If a cache database is available see if we can avoid the need to do an
217actual callout by making use of previously-obtained data. */
218
219if (dbm_file != NULL)
220 {
221 dbdata_callout_cache_address *cache_address_record;
222 dbdata_callout_cache *cache_record = get_callout_cache_record(dbm_file,
223 addr->domain, US"domain",
224 callout_cache_domain_positive_expire,
225 callout_cache_domain_negative_expire);
226
227 /* If an unexpired cache record was found for this domain, see if the callout
228 process can be short-circuited. */
229
230 if (cache_record != NULL)
231 {
2b1c6e3a
PH		 232 /* In most cases, if an early command (up to and including MAIL FROM:<>)
233 was rejected, there is no point carrying on. The callout fails. However, if
234 we are doing a recipient verification with use_sender or use_postmaster
235 set, a previous failure of MAIL FROM:<> doesn't count, because this time we
236 will be using a non-empty sender. We have to remember this situation so as
237 not to disturb the cached domain value if this whole verification succeeds
238 (we don't want it turning into "accept"). */
239
240 old_domain_cache_result = cache_record->result;
241
242 if (cache_record->result == ccache_reject ||
243 (*from_address == 0 && cache_record->result == ccache_reject_mfnull))
059ec3d9
PH		 244 {
245 setflag(addr, af_verify_nsfail);
246 HDEBUG(D_verify)
247 debug_printf("callout cache: domain gave initial rejection, or "
248 "does not accept HELO or MAIL FROM:<>\n");
249 setflag(addr, af_verify_nsfail);
250 addr->user_message = US"(result of an earlier callout reused).";
251 yield = FAIL;
8e669ac1 252 *failure_ptr = US"mail";
059ec3d9
PH		 253 goto END_CALLOUT;
254 }
255
256 /* If a previous check on a "random" local part was accepted, we assume
257 that the server does not do any checking on local parts. There is therefore
258 no point in doing the callout, because it will always be successful. If a
259 random check previously failed, arrange not to do it again, but preserve
260 the data in the new record. If a random check is required but hasn't been
261 done, skip the remaining cache processing. */
262
263 if (callout_random) switch(cache_record->random_result)
264 {
265 case ccache_accept:
266 HDEBUG(D_verify)
267 debug_printf("callout cache: domain accepts random addresses\n");
268 goto END_CALLOUT; /* Default yield is OK */
269
270 case ccache_reject:
271 HDEBUG(D_verify)
272 debug_printf("callout cache: domain rejects random addresses\n");
273 callout_random = FALSE;
274 new_domain_record.random_result = ccache_reject;
275 new_domain_record.random_stamp = cache_record->random_stamp;
276 break;
277
278 default:
279 HDEBUG(D_verify)
280 debug_printf("callout cache: need to check random address handling "
281 "(not cached or cache expired)\n");
282 goto END_CACHE;
283 }
284
285 /* If a postmaster check is requested, but there was a previous failure,
286 there is again no point in carrying on. If a postmaster check is required,
287 but has not been done before, we are going to have to do a callout, so skip
288 remaining cache processing. */
289
290 if (pm_mailfrom != NULL)
291 {
292 if (cache_record->postmaster_result == ccache_reject)
293 {
294 setflag(addr, af_verify_pmfail);
295 HDEBUG(D_verify)
296 debug_printf("callout cache: domain does not accept "
297 "RCPT TO:<postmaster@domain>\n");
298 yield = FAIL;
8e669ac1 299 *failure_ptr = US"postmaster";
059ec3d9
PH		 300 setflag(addr, af_verify_pmfail);
301 addr->user_message = US"(result of earlier verification reused).";
302 goto END_CALLOUT;
303 }
304 if (cache_record->postmaster_result == ccache_unknown)
305 {
306 HDEBUG(D_verify)
307 debug_printf("callout cache: need to check RCPT "
308 "TO:<postmaster@domain> (not cached or cache expired)\n");
309 goto END_CACHE;
310 }
311
312 /* If cache says OK, set pm_mailfrom NULL to prevent a redundant
313 postmaster check if the address itself has to be checked. Also ensure
314 that the value in the cache record is preserved (with its old timestamp).
315 */
316
317 HDEBUG(D_verify) debug_printf("callout cache: domain accepts RCPT "
318 "TO:<postmaster@domain>\n");
319 pm_mailfrom = NULL;
320 new_domain_record.postmaster_result = ccache_accept;
321 new_domain_record.postmaster_stamp = cache_record->postmaster_stamp;
322 }
323 }
324
325 /* We can't give a result based on information about the domain. See if there
326 is an unexpired cache record for this specific address (combined with the
327 sender address if we are doing a recipient callout with a non-empty sender).
328 */
329
330 cache_address_record = (dbdata_callout_cache_address *)
331 get_callout_cache_record(dbm_file,
332 address_key, US"address",
333 callout_cache_positive_expire,
334 callout_cache_negative_expire);
335
336 if (cache_address_record != NULL)
337 {
338 if (cache_address_record->result == ccache_accept)
339 {
340 HDEBUG(D_verify)
341 debug_printf("callout cache: address record is positive\n");
342 }
343 else
344 {
345 HDEBUG(D_verify)
346 debug_printf("callout cache: address record is negative\n");
347 addr->user_message = US"Previous (cached) callout verification failure";
8e669ac1 348 *failure_ptr = US"recipient";
059ec3d9
PH		 349 yield = FAIL;
350 }
351 goto END_CALLOUT;
352 }
353
354 /* Close the cache database while we actually do the callout for real. */
355
356 END_CACHE:
357 dbfn_close(dbm_file);
358 dbm_file = NULL;
359 }
360
361/* The information wasn't available in the cache, so we have to do a real
362callout and save the result in the cache for next time, unless no_cache is set,
363or unless we have a previously cached negative random result. If we are to test
364with a random local part, ensure that such a local part is available. If not,
365log the fact, but carry on without randomming. */
366
367if (callout_random && callout_random_local_part != NULL)
368 {
369 random_local_part = expand_string(callout_random_local_part);
370 if (random_local_part == NULL)
371 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand "
372 "callout_random_local_part: %s", expand_string_message);
373 }
374
4deaf07d
PH		 375/* Default the connect and overall callout timeouts if not set, and record the
376time we are starting so that we can enforce it. */
059ec3d9
PH		 377
378if (callout_overall < 0) callout_overall = 4 * callout;
4deaf07d 379if (callout_connect < 0) callout_connect = callout;
059ec3d9
PH		 380callout_start_time = time(NULL);
381
382/* Now make connections to the hosts and do real callouts. The list of hosts
383is passed in as an argument. */
384
385for (host = host_list; host != NULL && !done; host = host->next)
386 {
387 smtp_inblock inblock;
388 smtp_outblock outblock;
389 int host_af;
390 int port = 25;
8e669ac1 391 BOOL send_quit = TRUE;
059ec3d9
PH		 392 uschar *helo = US"HELO";
393 uschar *interface = NULL; /* Outgoing interface to use; NULL => any */
394 uschar inbuffer[4096];
395 uschar outbuffer[1024];
396 uschar responsebuffer[4096];
397
398 clearflag(addr, af_verify_pmfail); /* postmaster callout flag */
399 clearflag(addr, af_verify_nsfail); /* null sender callout flag */
400
401 /* Skip this host if we don't have an IP address for it. */
402
403 if (host->address == NULL)
404 {
405 DEBUG(D_verify) debug_printf("no IP address for host name %s: skipping\n",
406 host->name);
407 continue;
408 }
409
410 /* Check the overall callout timeout */
411
412 if (time(NULL) - callout_start_time >= callout_overall)
413 {
414 HDEBUG(D_verify) debug_printf("overall timeout for callout exceeded\n");
415 break;
416 }
417
418 /* Set IPv4 or IPv6 */
419
420 host_af = (Ustrchr(host->address, ':') == NULL)? AF_INET:AF_INET6;
421
de3a88fb
PH		 422 /* Expand and interpret the interface and port strings. The latter will not
423 be used if there is a host-specific port (e.g. from a manualroute router).
424 This has to be delayed till now, because they may expand differently for
425 different hosts. If there's a failure, log it, but carry on with the
426 defaults. */
059ec3d9
PH		 427
428 deliver_host = host->name;
429 deliver_host_address = host->address;
750af86e 430 deliver_domain = addr->domain;
de3a88fb 431
059ec3d9
PH		 432 if (!smtp_get_interface(tf->interface, host_af, addr, NULL, &interface,
433 US"callout") ||
434 !smtp_get_port(tf->port, addr, &port, US"callout"))
435 log_write(0, LOG_MAIN|LOG_PANIC, "<%s>: %s", addr->address,
436 addr->message);
de3a88fb 437
059ec3d9 438 deliver_host = deliver_host_address = NULL;
750af86e 439 deliver_domain = save_deliver_domain;
059ec3d9
PH		 440
441 /* Set HELO string according to the protocol */
442
443 if (Ustrcmp(tf->protocol, "lmtp") == 0) helo = US"LHLO";
444
445 HDEBUG(D_verify) debug_printf("interface=%s port=%d\n", interface, port);
446
447 /* Set up the buffer for reading SMTP response packets. */
448
449 inblock.buffer = inbuffer;
450 inblock.buffersize = sizeof(inbuffer);
451 inblock.ptr = inbuffer;
452 inblock.ptrend = inbuffer;
453
454 /* Set up the buffer for holding SMTP commands while pipelining */
455
456 outblock.buffer = outbuffer;
457 outblock.buffersize = sizeof(outbuffer);
458 outblock.ptr = outbuffer;
459 outblock.cmd_count = 0;
460 outblock.authenticating = FALSE;
461
462 /* Connect to the host; on failure, just loop for the next one, but we
4deaf07d 463 set the error for the last one. Use the callout_connect timeout. */
059ec3d9
PH		 464
465 inblock.sock = outblock.sock =
4deaf07d 466 smtp_connect(host, host_af, port, interface, callout_connect, TRUE);
059ec3d9
PH		 467 if (inblock.sock < 0)
468 {
469 addr->message = string_sprintf("could not connect to %s [%s]: %s",
470 host->name, host->address, strerror(errno));
471 continue;
472 }
473
2b1c6e3a
PH		 474 /* Wait for initial response, and send HELO. The smtp_write_command()
475 function leaves its command in big_buffer. This is used in error responses.
476 Initialize it in case the connection is rejected. */
059ec3d9
PH		 477
478 Ustrcpy(big_buffer, "initial connection");
479
480 done =
481 smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
482 '2', callout) &&
059ec3d9
PH		 483 smtp_write_command(&outblock, FALSE, "%s %s\r\n", helo,
484 smtp_active_hostname) >= 0 &&
485 smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
2b1c6e3a 486 '2', callout);
059ec3d9 487
2b1c6e3a
PH		 488 /* Failure to accept HELO is cached; this blocks the whole domain for all
489 senders. I/O errors and defer responses are not cached. */
490
491 if (!done)
492 {
493 *failure_ptr = US"mail"; /* At or before MAIL */
494 if (errno == 0 && responsebuffer[0] == '5')
495 {
496 setflag(addr, af_verify_nsfail);
497 new_domain_record.result = ccache_reject;
498 }
499 }
500
501 /* Send the MAIL command */
502
503 else done =
059ec3d9
PH		 504 smtp_write_command(&outblock, FALSE, "MAIL FROM:<%s>\r\n",
505 from_address) >= 0 &&
506 smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
507 '2', callout);
508
2b1c6e3a
PH		 509 /* If the host does not accept MAIL FROM:<>, arrange to cache this
510 information, but again, don't record anything for an I/O error or a defer. Do
511 not cache rejections of MAIL when a non-empty sender has been used, because
512 that blocks the whole domain for all senders. */
059ec3d9
PH		 513
514 if (!done)
515 {
2b1c6e3a 516 *failure_ptr = US"mail"; /* At or before MAIL */
059ec3d9
PH		 517 if (errno == 0 && responsebuffer[0] == '5')
518 {
519 setflag(addr, af_verify_nsfail);
2b1c6e3a
PH		 520 if (from_address[0] == 0)
521 new_domain_record.result = ccache_reject_mfnull;
059ec3d9
PH		 522 }
523 }
524
525 /* Otherwise, proceed to check a "random" address (if required), then the
526 given address, and the postmaster address (if required). Between each check,
527 issue RSET, because some servers accept only one recipient after MAIL
2b1c6e3a
PH		 528 FROM:<>.
529
530 Before doing this, set the result in the domain cache record to "accept",
531 unless its previous value was ccache_reject_mfnull. In that case, the domain
532 rejects MAIL FROM:<> and we want to continue to remember that. When that is
533 the case, we have got here only in the case of a recipient verification with
534 a non-null sender. */
059ec3d9
PH		 535
536 else
537 {
2b1c6e3a
PH		 538 new_domain_record.result =
539 (old_domain_cache_result == ccache_reject_mfnull)?
540 ccache_reject_mfnull: ccache_accept;
059ec3d9
PH		 541
542 /* Do the random local part check first */
543
544 if (random_local_part != NULL)
545 {
546 uschar randombuffer[1024];
547 BOOL random_ok =
548 smtp_write_command(&outblock, FALSE,
549 "RCPT TO:<%.1000s@%.1000s>\r\n", random_local_part,
550 addr->domain) >= 0 &&
551 smtp_read_response(&inblock, randombuffer,
552 sizeof(randombuffer), '2', callout);
553
554 /* Remember when we last did a random test */
555
556 new_domain_record.random_stamp = time(NULL);
557
558 /* If accepted, we aren't going to do any further tests below. */
559
560 if (random_ok)
561 {
562 new_domain_record.random_result = ccache_accept;
563 }
564
565 /* Otherwise, cache a real negative response, and get back to the right
566 state to send RCPT. Unless there's some problem such as a dropped
567 connection, we expect to succeed, because the commands succeeded above. */
568
569 else if (errno == 0)
570 {
571 if (randombuffer[0] == '5')
572 new_domain_record.random_result = ccache_reject;
573
574 done =
575 smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0 &&
576 smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
577 '2', callout) &&
578
90e9ce59
PH		 579 smtp_write_command(&outblock, FALSE, "MAIL FROM:<%s>\r\n",
580 from_address) >= 0 &&
059ec3d9
PH		 581 smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
582 '2', callout);
583 }
584 else done = FALSE; /* Some timeout/connection problem */
585 } /* Random check */
586
587 /* If the host is accepting all local parts, as determined by the "random"
588 check, we don't need to waste time doing any further checking. */
589
590 if (new_domain_record.random_result != ccache_accept && done)
591 {
5417f6d1
PH		 592 /* Get the rcpt_include_affixes flag from the transport if there is one,
593 but assume FALSE if there is not. */
594
059ec3d9
PH		 595 done =
596 smtp_write_command(&outblock, FALSE, "RCPT TO:<%.1000s>\r\n",
c688b954 597 transport_rcpt_address(addr,
5417f6d1
PH		 598 (addr->transport == NULL)? FALSE :
599 addr->transport->rcpt_include_affixes)) >= 0 &&
059ec3d9
PH		 600 smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
601 '2', callout);
602
603 if (done)
604 new_address_record.result = ccache_accept;
605 else if (errno == 0 && responsebuffer[0] == '5')
2c7db3f5 606 {
8e669ac1 607 *failure_ptr = US"recipient";
059ec3d9 608 new_address_record.result = ccache_reject;
8e669ac1 609 }
059ec3d9 610
2a4be8f9
PH		 611 /* Do postmaster check if requested; if a full check is required, we
612 check for RCPT TO:<postmaster> (no domain) in accordance with RFC 821. */
059ec3d9
PH		 613
614 if (done && pm_mailfrom != NULL)
615 {
616 done =
617 smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0 &&
618 smtp_read_response(&inblock, responsebuffer,
619 sizeof(responsebuffer), '2', callout) &&
620
621 smtp_write_command(&outblock, FALSE,
622 "MAIL FROM:<%s>\r\n", pm_mailfrom) >= 0 &&
623 smtp_read_response(&inblock, responsebuffer,
624 sizeof(responsebuffer), '2', callout) &&
625
2a4be8f9
PH		 626 /* First try using the current domain */
627
628 ((
059ec3d9
PH		 629 smtp_write_command(&outblock, FALSE,
630 "RCPT TO:<postmaster@%.1000s>\r\n", addr->domain) >= 0 &&
631 smtp_read_response(&inblock, responsebuffer,
2a4be8f9
PH		 632 sizeof(responsebuffer), '2', callout)
633 )
634
635 ||
636
637 /* If that doesn't work, and a full check is requested,
638 try without the domain. */
639
640 (
641 (options & vopt_callout_fullpm) != 0 &&
642 smtp_write_command(&outblock, FALSE,
643 "RCPT TO:<postmaster>\r\n") >= 0 &&
644 smtp_read_response(&inblock, responsebuffer,
645 sizeof(responsebuffer), '2', callout)
646 ));
647
648 /* Sort out the cache record */
059ec3d9
PH		 649
650 new_domain_record.postmaster_stamp = time(NULL);
651
652 if (done)
653 new_domain_record.postmaster_result = ccache_accept;
654 else if (errno == 0 && responsebuffer[0] == '5')
655 {
8e669ac1 656 *failure_ptr = US"postmaster";
059ec3d9
PH		 657 setflag(addr, af_verify_pmfail);
658 new_domain_record.postmaster_result = ccache_reject;
659 }
660 }
661 } /* Random not accepted */
90e9ce59 662 } /* MAIL FROM: accepted */
059ec3d9
PH		 663
664 /* For any failure of the main check, other than a negative response, we just
665 close the connection and carry on. We can identify a negative response by the
666 fact that errno is zero. For I/O errors it will be non-zero
667
668 Set up different error texts for logging and for sending back to the caller
669 as an SMTP response. Log in all cases, using a one-line format. For sender
670 callouts, give a full response to the caller, but for recipient callouts,
671 don't give the IP address because this may be an internal host whose identity
672 is not to be widely broadcast. */
673
674 if (!done)
675 {
676 if (errno == ETIMEDOUT)
677 {
678 HDEBUG(D_verify) debug_printf("SMTP timeout\n");
8e669ac1 679 send_quit = FALSE;
059ec3d9
PH		 680 }
681 else if (errno == 0)
682 {
683 if (*responsebuffer == 0) Ustrcpy(responsebuffer, US"connection dropped");
684
685 addr->message =
686 string_sprintf("response to \"%s\" from %s [%s] was: %s",
687 big_buffer, host->name, host->address,
688 string_printing(responsebuffer));
689
690 addr->user_message = is_recipient?
691 string_sprintf("Callout verification failed:\n%s", responsebuffer)
692 :
693 string_sprintf("Called: %s\nSent: %s\nResponse: %s",
694 host->address, big_buffer, responsebuffer);
695
696 /* Hard rejection ends the process */
697
698 if (responsebuffer[0] == '5') /* Address rejected */
699 {
700 yield = FAIL;
701 done = TRUE;
702 }
703 }
704 }
705
706 /* End the SMTP conversation and close the connection. */
707
c9bdd01c 708 if (send_quit) (void)smtp_write_command(&outblock, FALSE, "QUIT\r\n");
f1e894f3 709 (void)close(inblock.sock);
059ec3d9
PH		 710 } /* Loop through all hosts, while !done */
711
712/* If we get here with done == TRUE, a successful callout happened, and yield
713will be set OK or FAIL according to the response to the RCPT command.
714Otherwise, we looped through the hosts but couldn't complete the business.
715However, there may be domain-specific information to cache in both cases.
716
717The value of the result field in the new_domain record is ccache_unknown if
90e9ce59 718there was an error before or with MAIL FROM:, and errno was not zero,
059ec3d9 719implying some kind of I/O error. We don't want to write the cache in that case.
2b1c6e3a 720Otherwise the value is ccache_accept, ccache_reject, or ccache_reject_mfnull. */
059ec3d9
PH		 721
722if (!callout_no_cache && new_domain_record.result != ccache_unknown)
723 {
724 if ((dbm_file = dbfn_open(US"callout", O_RDWR|O_CREAT, &dbblock, FALSE))
725 == NULL)
726 {
727 HDEBUG(D_verify) debug_printf("callout cache: not available\n");
728 }
729 else
730 {
731 (void)dbfn_write(dbm_file, addr->domain, &new_domain_record,
732 (int)sizeof(dbdata_callout_cache));
733 HDEBUG(D_verify) debug_printf("wrote callout cache domain record:\n"
734 " result=%d postmaster=%d random=%d\n",
735 new_domain_record.result,
736 new_domain_record.postmaster_result,
737 new_domain_record.random_result);
738 }
739 }
740
741/* If a definite result was obtained for the callout, cache it unless caching
742is disabled. */
743
744if (done)
745 {
746 if (!callout_no_cache && new_address_record.result != ccache_unknown)
747 {
748 if (dbm_file == NULL)
749 dbm_file = dbfn_open(US"callout", O_RDWR|O_CREAT, &dbblock, FALSE);
750 if (dbm_file == NULL)
751 {
752 HDEBUG(D_verify) debug_printf("no callout cache available\n");
753 }
754 else
755 {
756 (void)dbfn_write(dbm_file, address_key, &new_address_record,
757 (int)sizeof(dbdata_callout_cache_address));
758 HDEBUG(D_verify) debug_printf("wrote %s callout cache address record\n",
759 (new_address_record.result == ccache_accept)? "positive" : "negative");
760 }
761 }
762 } /* done */
763
764/* Failure to connect to any host, or any response other than 2xx or 5xx is a
765temporary error. If there was only one host, and a response was received, leave
766it alone if supplying details. Otherwise, give a generic response. */
767
768else /* !done */
769 {
770 uschar *dullmsg = string_sprintf("Could not complete %s verify callout",
771 is_recipient? "recipient" : "sender");
772 yield = DEFER;
773
774 if (host_list->next != NULL || addr->message == NULL) addr->message = dullmsg;
775
776 addr->user_message = (!smtp_return_error_details)? dullmsg :
777 string_sprintf("%s for <%s>.\n"
778 "The mail server(s) for the domain may be temporarily unreachable, or\n"
779 "they may be permanently unreachable from this server. In the latter case,\n%s",
780 dullmsg, addr->address,
781 is_recipient?
782 "the address will never be accepted."
783 :
784 "you need to change the address or create an MX record for its domain\n"
785 "if it is supposed to be generally accessible from the Internet.\n"
786 "Talk to your mail administrator for details.");
787
788 /* Force a specific error code */
789
790 addr->basic_errno = ERRNO_CALLOUTDEFER;
791 }
792
793/* Come here from within the cache-reading code on fast-track exit. */
794
795END_CALLOUT:
796if (dbm_file != NULL) dbfn_close(dbm_file);
797return yield;
798}
799
800
801
802/*************************************************
803* Copy error to toplevel address *
804*************************************************/
805
806/* This function is used when a verify fails or defers, to ensure that the
807failure or defer information is in the original toplevel address. This applies
808when an address is redirected to a single new address, and the failure or
809deferral happens to the child address.
810
811Arguments:
812 vaddr the verify address item
813 addr the final address item
814 yield FAIL or DEFER
815
816Returns: the value of YIELD
817*/
818
819static int
820copy_error(address_item *vaddr, address_item *addr, int yield)
821{
822if (addr != vaddr)
823 {
824 vaddr->message = addr->message;
825 vaddr->user_message = addr->user_message;
826 vaddr->basic_errno = addr->basic_errno;
827 vaddr->more_errno = addr->more_errno;
b37c4101 828 vaddr->p.address_data = addr->p.address_data;
059ec3d9
PH		 829 }
830return yield;
831}
832
833
834
835
836/*************************************************
837* Verify an email address *
838*************************************************/
839
840/* This function is used both for verification (-bv and at other times) and
841address testing (-bt), which is indicated by address_test_mode being set.
842
843Arguments:
844 vaddr contains the address to verify; the next field in this block
845 must be NULL
846 f if not NULL, write the result to this file
847 options various option bits:
848 vopt_fake_sender => this sender verify is not for the real
849 sender (it was verify=sender=xxxx or an address from a
850 header line) - rewriting must not change sender_address
851 vopt_is_recipient => this is a recipient address, otherwise
852 it's a sender address - this affects qualification and
853 rewriting and messages from callouts
854 vopt_qualify => qualify an unqualified address; else error
855 vopt_expn => called from SMTP EXPN command
eafd343b
TK		 856 vopt_success_on_redirect => when a new address is generated
857 the verification instantly succeeds
059ec3d9
PH		 858
859 These ones are used by do_callout() -- the options variable
860 is passed to it.
861
2a4be8f9 862 vopt_callout_fullpm => if postmaster check, do full one
059ec3d9
PH		 863 vopt_callout_no_cache => don't use callout cache
864 vopt_callout_random => do the "random" thing
865 vopt_callout_recipsender => use real sender for recipient
866 vopt_callout_recippmaster => use postmaster for recipient
867
868 callout if > 0, specifies that callout is required, and gives timeout
4deaf07d 869 for individual commands
059ec3d9
PH		 870 callout_overall if > 0, gives overall timeout for the callout function;
871 if < 0, a default is used (see do_callout())
8e669ac1 872 callout_connect the connection timeout for callouts
059ec3d9
PH		 873 se_mailfrom when callout is requested to verify a sender, use this
874 in MAIL FROM; NULL => ""
875 pm_mailfrom when callout is requested, if non-NULL, do the postmaster
876 thing and use this as the sender address (may be "")
877
878 routed if not NULL, set TRUE if routing succeeded, so we can
879 distinguish between routing failed and callout failed
880
881Returns: OK address verified
882 FAIL address failed to verify
883 DEFER can't tell at present
884*/
885
886int
887verify_address(address_item *vaddr, FILE *f, int options, int callout,
8e669ac1 888 int callout_overall, int callout_connect, uschar *se_mailfrom,
4deaf07d 889 uschar *pm_mailfrom, BOOL *routed)
059ec3d9
PH		 890{
891BOOL allok = TRUE;
892BOOL full_info = (f == NULL)? FALSE : (debug_selector != 0);
893BOOL is_recipient = (options & vopt_is_recipient) != 0;
894BOOL expn = (options & vopt_expn) != 0;
eafd343b 895BOOL success_on_redirect = (options & vopt_success_on_redirect) != 0;
059ec3d9
PH		 896int i;
897int yield = OK;
898int verify_type = expn? v_expn :
899 address_test_mode? v_none :
900 is_recipient? v_recipient : v_sender;
901address_item *addr_list;
902address_item *addr_new = NULL;
903address_item *addr_remote = NULL;
904address_item *addr_local = NULL;
905address_item *addr_succeed = NULL;
8e669ac1 906uschar **failure_ptr = is_recipient?
2c7db3f5 907 &recipient_verify_failure : &sender_verify_failure;
059ec3d9
PH		 908uschar *ko_prefix, *cr;
909uschar *address = vaddr->address;
910uschar *save_sender;
911uschar null_sender[] = { 0 }; /* Ensure writeable memory */
912
2c7db3f5
PH		 913/* Clear, just in case */
914
915*failure_ptr = NULL;
916
059ec3d9
PH		 917/* Set up a prefix and suffix for error message which allow us to use the same
918output statements both in EXPN mode (where an SMTP response is needed) and when
919debugging with an output file. */
920
921if (expn)
922 {
923 ko_prefix = US"553 ";
924 cr = US"\r";
925 }
926else ko_prefix = cr = US"";
927
928/* Add qualify domain if permitted; otherwise an unqualified address fails. */
929
930if (parse_find_at(address) == NULL)
931 {
932 if ((options & vopt_qualify) == 0)
933 {
934 if (f != NULL)
935 fprintf(f, "%sA domain is required for \"%s\"%s\n", ko_prefix, address,
936 cr);
8e669ac1 937 *failure_ptr = US"qualify";
059ec3d9
PH		 938 return FAIL;
939 }
940 address = rewrite_address_qualify(address, is_recipient);
941 }
942
943DEBUG(D_verify)
944 {
945 debug_printf(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n");
946 debug_printf("%s %s\n", address_test_mode? "Testing" : "Verifying", address);
947 }
948
949/* Rewrite and report on it. Clear the domain and local part caches - these
950may have been set by domains and local part tests during an ACL. */
951
952if (global_rewrite_rules != NULL)
953 {
954 uschar *old = address;
955 address = rewrite_address(address, is_recipient, FALSE,
956 global_rewrite_rules, rewrite_existflags);
957 if (address != old)
958 {
959 for (i = 0; i < (MAX_NAMED_LIST * 2)/32; i++) vaddr->localpart_cache[i] = 0;
960 for (i = 0; i < (MAX_NAMED_LIST * 2)/32; i++) vaddr->domain_cache[i] = 0;
961 if (f != NULL && !expn) fprintf(f, "Address rewritten as: %s\n", address);
962 }
963 }
964
965/* If this is the real sender address, we must update sender_address at
966this point, because it may be referred to in the routers. */
967
968if ((options & (vopt_fake_sender|vopt_is_recipient)) == 0)
969 sender_address = address;
970
971/* If the address was rewritten to <> no verification can be done, and we have
972to return OK. This rewriting is permitted only for sender addresses; for other
973addresses, such rewriting fails. */
974
975if (address[0] == 0) return OK;
976
977/* Save a copy of the sender address for re-instating if we change it to <>
978while verifying a sender address (a nice bit of self-reference there). */
979
980save_sender = sender_address;
981
982/* Update the address structure with the possibly qualified and rewritten
983address. Set it up as the starting address on the chain of new addresses. */
984
985vaddr->address = address;
986addr_new = vaddr;
987
988/* We need a loop, because an address can generate new addresses. We must also
989cope with generated pipes and files at the top level. (See also the code and
990comment in deliver.c.) However, it is usually the case that the router for
991user's .forward files has its verify flag turned off.
992
993If an address generates more than one child, the loop is used only when
994full_info is set, and this can only be set locally. Remote enquiries just get
995information about the top level address, not anything that it generated. */
996
997while (addr_new != NULL)
998 {
999 int rc;
1000 address_item *addr = addr_new;
1001
1002 addr_new = addr->next;
1003 addr->next = NULL;
1004
1005 DEBUG(D_verify)
1006 {
1007 debug_printf(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n");
1008 debug_printf("Considering %s\n", addr->address);
1009 }
1010
1011 /* Handle generated pipe, file or reply addresses. We don't get these
1012 when handling EXPN, as it does only one level of expansion. */
1013
1014 if (testflag(addr, af_pfr))
1015 {
1016 allok = FALSE;
1017 if (f != NULL)
1018 {
1019 BOOL allow;
1020
1021 if (addr->address[0] == '>')
1022 {
1023 allow = testflag(addr, af_allow_reply);
1024 fprintf(f, "%s -> mail %s", addr->parent->address, addr->address + 1);
1025 }
1026 else
1027 {
1028 allow = (addr->address[0] == '|')?
1029 testflag(addr, af_allow_pipe) : testflag(addr, af_allow_file);
1030 fprintf(f, "%s -> %s", addr->parent->address, addr->address);
1031 }
1032
1033 if (addr->basic_errno == ERRNO_BADTRANSPORT)
1034 fprintf(f, "\n*** Error in setting up pipe, file, or autoreply:\n"
1035 "%s\n", addr->message);
1036 else if (allow)
1037 fprintf(f, "\n transport = %s\n", addr->transport->name);
1038 else
1039 fprintf(f, " *** forbidden ***\n");
1040 }
1041 continue;
1042 }
1043
1044 /* Just in case some router parameter refers to it. */
1045
1046 return_path = (addr->p.errors_address != NULL)?
1047 addr->p.errors_address : sender_address;
1048
1049 /* Split the address into domain and local part, handling the %-hack if
1050 necessary, and then route it. While routing a sender address, set
1051 $sender_address to <> because that is what it will be if we were trying to
1052 send a bounce to the sender. */
1053
1054 if (routed != NULL) *routed = FALSE;
1055 if ((rc = deliver_split_address(addr)) == OK)
1056 {
1057 if (!is_recipient) sender_address = null_sender;
1058 rc = route_address(addr, &addr_local, &addr_remote, &addr_new,
1059 &addr_succeed, verify_type);
1060 sender_address = save_sender; /* Put back the real sender */
1061 }
1062
1063 /* If routing an address succeeded, set the flag that remembers, for use when
1064 an ACL cached a sender verify (in case a callout fails). Then if routing set
1065 up a list of hosts or the transport has a host list, and the callout option
1066 is set, and we aren't in a host checking run, do the callout verification,
1067 and set another flag that notes that a callout happened. */
1068
1069 if (rc == OK)
1070 {
1071 if (routed != NULL) *routed = TRUE;
1072 if (callout > 0)
1073 {
1074 host_item *host_list = addr->host_list;
1075
1076 /* Default, if no remote transport, to NULL for the interface (=> any),
1077 "smtp" for the port, and "smtp" for the protocol. */
1078
1079 transport_feedback tf = { NULL, US"smtp", US"smtp", NULL, FALSE, FALSE };
1080
1081 /* If verification yielded a remote transport, we want to use that
1082 transport's options, so as to mimic what would happen if we were really
1083 sending a message to this address. */
1084
1085 if (addr->transport != NULL && !addr->transport->info->local)
1086 {
929ba01c 1087 (void)(addr->transport->setup)(addr->transport, addr, &tf, 0, 0, NULL);
059ec3d9
PH		 1088
1089 /* If the transport has hosts and the router does not, or if the
1090 transport is configured to override the router's hosts, we must build a
1091 host list of the transport's hosts, and find the IP addresses */
1092
1093 if (tf.hosts != NULL && (host_list == NULL || tf.hosts_override))
1094 {
1095 uschar *s;
750af86e
PH		 1096 uschar *save_deliver_domain = deliver_domain;
1097 uschar *save_deliver_localpart = deliver_localpart;
059ec3d9
PH		 1098
1099 host_list = NULL; /* Ignore the router's hosts */
1100
1101 deliver_domain = addr->domain;
1102 deliver_localpart = addr->local_part;
1103 s = expand_string(tf.hosts);
750af86e
PH		 1104 deliver_domain = save_deliver_domain;
1105 deliver_localpart = save_deliver_localpart;
059ec3d9
PH		 1106
1107 if (s == NULL)
1108 {
1109 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand list of hosts "
1110 "\"%s\" in %s transport for callout: %s", tf.hosts,
1111 addr->transport->name, expand_string_message);
1112 }
1113 else
1114 {
1115 uschar *canonical_name;
d8ef3577 1116 host_item *host, *nexthost;
059ec3d9
PH		 1117 host_build_hostlist(&host_list, s, tf.hosts_randomize);
1118
1119 /* Just ignore failures to find a host address. If we don't manage
8e669ac1
PH		 1120 to find any addresses, the callout will defer. Note that more than
1121 one address may be found for a single host, which will result in
1122 additional host items being inserted into the chain. Hence we must
d8ef3577 1123 save the next host first. */
059ec3d9 1124
d8ef3577 1125 for (host = host_list; host != NULL; host = nexthost)
059ec3d9 1126 {
d8ef3577 1127 nexthost = host->next;
8e669ac1 1128 if (tf.gethostbyname ||
7e66e54d 1129 string_is_ip_address(host->name, NULL) != 0)
059ec3d9
PH		 1130 (void)host_find_byname(host, NULL, &canonical_name, TRUE);
1131 else
1132 {
1133 int flags = HOST_FIND_BY_A;
1134 if (tf.qualify_single) flags |= HOST_FIND_QUALIFY_SINGLE;
1135 if (tf.search_parents) flags |= HOST_FIND_SEARCH_PARENTS;
1136 (void)host_find_bydns(host, NULL, flags, NULL, NULL, NULL,
1137 &canonical_name, NULL);
1138 }
1139 }
1140 }
1141 }
1142 }
1143
8e669ac1 1144 /* Can only do a callout if we have at least one host! If the callout
2c7db3f5 1145 fails, it will have set ${sender,recipient}_verify_failure. */
059ec3d9
PH		 1146
1147 if (host_list != NULL)
1148 {
1149 HDEBUG(D_verify) debug_printf("Attempting full verification using callout\n");
1150 if (host_checking && !host_checking_callout)
1151 {
1152 HDEBUG(D_verify)
1153 debug_printf("... callout omitted by default when host testing\n"
1154 "(Use -bhc if you want the callouts to happen.)\n");
1155 }
1156 else
1157 {
1158 rc = do_callout(addr, host_list, &tf, callout, callout_overall,
4deaf07d 1159 callout_connect, options, se_mailfrom, pm_mailfrom);
059ec3d9
PH		 1160 }
1161 }
1162 else
1163 {
1164 HDEBUG(D_verify) debug_printf("Cannot do callout: neither router nor "
1165 "transport provided a host list\n");
1166 }
1167 }
1168 }
8e669ac1 1169
2c7db3f5 1170 /* Otherwise, any failure is a routing failure */
8e669ac1
PH		 1171
1172 else *failure_ptr = US"route";
059ec3d9
PH		 1173
1174 /* A router may return REROUTED if it has set up a child address as a result
1175 of a change of domain name (typically from widening). In this case we always
1176 want to continue to verify the new child. */
1177
1178 if (rc == REROUTED) continue;
8e669ac1 1179
059ec3d9
PH		 1180 /* Handle hard failures */
1181
1182 if (rc == FAIL)
1183 {
1184 allok = FALSE;
1185 if (f != NULL)
1186 {
1187 fprintf(f, "%s%s %s", ko_prefix, address,
1188 address_test_mode? "is undeliverable" : "failed to verify");
1189 if (!expn && admin_user)
1190 {
1191 if (addr->basic_errno > 0)
1192 fprintf(f, ": %s", strerror(addr->basic_errno));
1193 if (addr->message != NULL)
1194 fprintf(f, ":\n %s", addr->message);
1195 }
1196 fprintf(f, "%s\n", cr);
1197 }
1198
1199 if (!full_info) return copy_error(vaddr, addr, FAIL);
1200 else yield = FAIL;
1201 }
1202
1203 /* Soft failure */
1204
1205 else if (rc == DEFER)
1206 {
1207 allok = FALSE;
1208 if (f != NULL)
1209 {
1210 fprintf(f, "%s%s cannot be resolved at this time", ko_prefix, address);
1211 if (!expn && admin_user)
1212 {
1213 if (addr->basic_errno > 0)
1214 fprintf(f, ":\n %s", strerror(addr->basic_errno));
1215 if (addr->message != NULL)
1216 fprintf(f, ":\n %s", addr->message);
1217 else if (addr->basic_errno <= 0)
1218 fprintf(f, ":\n unknown error");
1219 }
1220
1221 fprintf(f, "%s\n", cr);
1222 }
1223 if (!full_info) return copy_error(vaddr, addr, DEFER);
1224 else if (yield == OK) yield = DEFER;
1225 }
1226
1227 /* If we are handling EXPN, we do not want to continue to route beyond
1228 the top level. */
1229
1230 else if (expn)
1231 {
1232 uschar *ok_prefix = US"250-";
1233 if (addr_new == NULL)
1234 {
1235 if (addr_local == NULL && addr_remote == NULL)
1236 fprintf(f, "250 mail to <%s> is discarded\r\n", address);
1237 else
1238 fprintf(f, "250 <%s>\r\n", address);
1239 }
1240 else while (addr_new != NULL)
1241 {
1242 address_item *addr2 = addr_new;
1243 addr_new = addr2->next;
1244 if (addr_new == NULL) ok_prefix = US"250 ";
1245 fprintf(f, "%s<%s>\r\n", ok_prefix, addr2->address);
1246 }
1247 return OK;
1248 }
1249
1250 /* Successful routing other than EXPN. */
1251
1252 else
1253 {
1254 /* Handle successful routing when short info wanted. Otherwise continue for
1255 other (generated) addresses. Short info is the operational case. Full info
1256 can be requested only when debug_selector != 0 and a file is supplied.
1257
1258 There is a conflict between the use of aliasing as an alternate email
1259 address, and as a sort of mailing list. If an alias turns the incoming
1260 address into just one address (e.g. J.Caesar->jc44) you may well want to
1261 carry on verifying the generated address to ensure it is valid when
1262 checking incoming mail. If aliasing generates multiple addresses, you
1263 probably don't want to do this. Exim therefore treats the generation of
1264 just a single new address as a special case, and continues on to verify the
1265 generated address. */
1266
1267 if (!full_info && /* Stop if short info wanted AND */
eafd343b
TK		 1268 (((addr_new == NULL || /* No new address OR */
1269 addr_new->next != NULL || /* More than one new address OR */
1270 testflag(addr_new, af_pfr))) /* New address is pfr */
1271 || /* OR */
1272 (addr_new != NULL && /* At least one new address AND */
1273 success_on_redirect))) /* success_on_redirect is set */
059ec3d9
PH		 1274 {
1275 if (f != NULL) fprintf(f, "%s %s\n", address,
1276 address_test_mode? "is deliverable" : "verified");
1277
1278 /* If we have carried on to verify a child address, we want the value
1279 of $address_data to be that of the child */
1280
1281 vaddr->p.address_data = addr->p.address_data;
1282 return OK;
1283 }
1284 }
1285 } /* Loop for generated addresses */
1286
1287/* Display the full results of the successful routing, including any generated
1288addresses. Control gets here only when full_info is set, which requires f not
1289to be NULL, and this occurs only when a top-level verify is called with the
1290debugging switch on.
1291
1292If there are no local and no remote addresses, and there were no pipes, files,
1293or autoreplies, and there were no errors or deferments, the message is to be
1294discarded, usually because of the use of :blackhole: in an alias file. */
1295
1296if (allok && addr_local == NULL && addr_remote == NULL)
dbcef0ea 1297 {
059ec3d9 1298 fprintf(f, "mail to %s is discarded\n", address);
dbcef0ea
PH		 1299 return yield;
1300 }
059ec3d9 1301
dbcef0ea 1302for (addr_list = addr_local, i = 0; i < 2; addr_list = addr_remote, i++)
059ec3d9
PH		 1303 {
1304 while (addr_list != NULL)
1305 {
1306 address_item *addr = addr_list;
1307 address_item *p = addr->parent;
1308 addr_list = addr->next;
1309
1310 fprintf(f, "%s", CS addr->address);
384152a6
TK		 1311#ifdef EXPERIMENTAL_SRS
1312 if(addr->p.srs_sender)
1313 fprintf(f, " [srs = %s]", addr->p.srs_sender);
1314#endif
dbcef0ea
PH		 1315
1316 /* If the address is a duplicate, show something about it. */
1317
1318 if (!testflag(addr, af_pfr))
1319 {
1320 tree_node *tnode;
1321 if ((tnode = tree_search(tree_duplicates, addr->unique)) != NULL)
1322 fprintf(f, " [duplicate, would not be delivered]");
1323 else tree_add_duplicate(addr->unique, addr);
1324 }
1325
1326 /* Now show its parents */
1327
059ec3d9
PH		 1328 while (p != NULL)
1329 {
1330 fprintf(f, "\n <-- %s", p->address);
1331 p = p->parent;
1332 }
1333 fprintf(f, "\n ");
1334
1335 /* Show router, and transport */
1336
1337 fprintf(f, "router = %s, ", addr->router->name);
1338 fprintf(f, "transport = %s\n", (addr->transport == NULL)? US"unset" :
1339 addr->transport->name);
1340
1341 /* Show any hosts that are set up by a router unless the transport
1342 is going to override them; fiddle a bit to get a nice format. */
1343
1344 if (addr->host_list != NULL && addr->transport != NULL &&
1345 !addr->transport->overrides_hosts)
1346 {
1347 host_item *h;
1348 int maxlen = 0;
1349 int maxaddlen = 0;
1350 for (h = addr->host_list; h != NULL; h = h->next)
1351 {
1352 int len = Ustrlen(h->name);
1353 if (len > maxlen) maxlen = len;
1354 len = (h->address != NULL)? Ustrlen(h->address) : 7;
1355 if (len > maxaddlen) maxaddlen = len;
1356 }
1357 for (h = addr->host_list; h != NULL; h = h->next)
1358 {
1359 int len = Ustrlen(h->name);
1360 fprintf(f, " host %s ", h->name);
1361 while (len++ < maxlen) fprintf(f, " ");
1362 if (h->address != NULL)
1363 {
1364 fprintf(f, "[%s] ", h->address);
1365 len = Ustrlen(h->address);
1366 }
1367 else if (!addr->transport->info->local) /* Omit [unknown] for local */
1368 {
1369 fprintf(f, "[unknown] ");
1370 len = 7;
1371 }
1372 else len = -3;
1373 while (len++ < maxaddlen) fprintf(f," ");
1374 if (h->mx >= 0) fprintf(f, "MX=%d", h->mx);
1375 if (h->port != PORT_NONE) fprintf(f, " port=%d", h->port);
1376 if (h->status == hstatus_unusable) fprintf(f, " ** unusable **");
1377 fprintf(f, "\n");
1378 }
1379 }
1380 }
1381 }
1382
8e669ac1 1383/* Will be DEFER or FAIL if any one address has, only for full_info (which is
2c7db3f5
PH		 1384the -bv or -bt case). */
1385
8e669ac1 1386return yield;
059ec3d9
PH		 1387}
1388
1389
1390
1391
1392/*************************************************
1393* Check headers for syntax errors *
1394*************************************************/
1395
1396/* This function checks those header lines that contain addresses, and verifies
1397that all the addresses therein are syntactially correct.
1398
1399Arguments:
1400 msgptr where to put an error message
1401
1402Returns: OK
1403 FAIL
1404*/
1405
1406int
1407verify_check_headers(uschar **msgptr)
1408{
1409header_line *h;
1410uschar *colon, *s;
1411
1412for (h = header_list; h != NULL; h = h->next)
1413 {
1414 if (h->type != htype_from &&
1415 h->type != htype_reply_to &&
1416 h->type != htype_sender &&
1417 h->type != htype_to &&
1418 h->type != htype_cc &&
1419 h->type != htype_bcc)
1420 continue;
1421
1422 colon = Ustrchr(h->text, ':');
1423 s = colon + 1;
1424 while (isspace(*s)) s++;
1425
1426 parse_allow_group = TRUE; /* Allow group syntax */
1427
1428 /* Loop for multiple addresses in the header */
1429
1430 while (*s != 0)
1431 {
1432 uschar *ss = parse_find_address_end(s, FALSE);
1433 uschar *recipient, *errmess;
1434 int terminator = *ss;
1435 int start, end, domain;
1436
1437 /* Temporarily terminate the string at this point, and extract the
1438 operative address within. */
1439
1440 *ss = 0;
1441 recipient = parse_extract_address(s,&errmess,&start,&end,&domain,FALSE);
1442 *ss = terminator;
1443
1444 /* Permit an unqualified address only if the message is local, or if the
1445 sending host is configured to be permitted to send them. */
1446
1447 if (recipient != NULL && domain == 0)
1448 {
1449 if (h->type == htype_from || h->type == htype_sender)
1450 {
1451 if (!allow_unqualified_sender) recipient = NULL;
1452 }
1453 else
1454 {
1455 if (!allow_unqualified_recipient) recipient = NULL;
1456 }
1457 if (recipient == NULL) errmess = US"unqualified address not permitted";
1458 }
1459
1460 /* It's an error if no address could be extracted, except for the special
1461 case of an empty address. */
1462
1463 if (recipient == NULL && Ustrcmp(errmess, "empty address") != 0)
1464 {
1465 uschar *verb = US"is";
1466 uschar *t = ss;
1ab95fa6 1467 uschar *tt = colon;
059ec3d9
PH		 1468 int len;
1469
1470 /* Arrange not to include any white space at the end in the
1ab95fa6 1471 error message or the header name. */
059ec3d9
PH		 1472
1473 while (t > s && isspace(t[-1])) t--;
1ab95fa6 1474 while (tt > h->text && isspace(tt[-1])) tt--;
059ec3d9 1475
1ab95fa6 1476 /* Add the address that failed to the error message, since in a
059ec3d9
PH		 1477 header with very many addresses it is sometimes hard to spot
1478 which one is at fault. However, limit the amount of address to
1479 quote - cases have been seen where, for example, a missing double
1480 quote in a humungous To: header creates an "address" that is longer
1481 than string_sprintf can handle. */
1482
1483 len = t - s;
1484 if (len > 1024)
1485 {
1486 len = 1024;
1487 verb = US"begins";
1488 }
1489
1490 *msgptr = string_printing(
1ab95fa6
PH		 1491 string_sprintf("%s: failing address in \"%.*s:\" header %s: %.*s",
1492 errmess, tt - h->text, h->text, verb, len, s));
059ec3d9
PH		 1493
1494 return FAIL;
1495 }
1496
1497 /* Advance to the next address */
1498
1499 s = ss + (terminator? 1:0);
1500 while (isspace(*s)) s++;
1501 } /* Next address */
1502 } /* Next header */
1503
1504return OK;
1505}
1506
1507
1508
1c41c9cc
PH		 1509/*************************************************
1510* Check for blind recipients *
1511*************************************************/
1512
1513/* This function checks that every (envelope) recipient is mentioned in either
1514the To: or Cc: header lines, thus detecting blind carbon copies.
1515
1516There are two ways of scanning that could be used: either scan the header lines
1517and tick off the recipients, or scan the recipients and check the header lines.
1518The original proposed patch did the former, but I have chosen to do the latter,
1519because (a) it requires no memory and (b) will use fewer resources when there
1520are many addresses in To: and/or Cc: and only one or two envelope recipients.
1521
1522Arguments: none
1523Returns: OK if there are no blind recipients
1524 FAIL if there is at least one blind recipient
1525*/
1526
1527int
1528verify_check_notblind(void)
1529{
1530int i;
1531for (i = 0; i < recipients_count; i++)
1532 {
1533 header_line *h;
1534 BOOL found = FALSE;
1535 uschar *address = recipients_list[i].address;
1536
1537 for (h = header_list; !found && h != NULL; h = h->next)
1538 {
1539 uschar *colon, *s;
1540
1541 if (h->type != htype_to && h->type != htype_cc) continue;
1542
1543 colon = Ustrchr(h->text, ':');
1544 s = colon + 1;
1545 while (isspace(*s)) s++;
1546
1547 parse_allow_group = TRUE; /* Allow group syntax */
1548
1549 /* Loop for multiple addresses in the header */
1550
1551 while (*s != 0)
1552 {
1553 uschar *ss = parse_find_address_end(s, FALSE);
1554 uschar *recipient,*errmess;
1555 int terminator = *ss;
1556 int start, end, domain;
1557
1558 /* Temporarily terminate the string at this point, and extract the
1559 operative address within. */
1560
1561 *ss = 0;
1562 recipient = parse_extract_address(s,&errmess,&start,&end,&domain,FALSE);
1563 *ss = terminator;
1564
1565 /* If we found a valid recipient that has a domain, compare it with the
1566 envelope recipient. Local parts are compared case-sensitively, domains
1567 case-insensitively. By comparing from the start with length "domain", we
1568 include the "@" at the end, which ensures that we are comparing the whole
1569 local part of each address. */
1570
1571 if (recipient != NULL && domain != 0)
1572 {
1573 found = Ustrncmp(recipient, address, domain) == 0 &&
1574 strcmpic(recipient + domain, address + domain) == 0;
1575 if (found) break;
1576 }
1577
1578 /* Advance to the next address */
1579
1580 s = ss + (terminator? 1:0);
1581 while (isspace(*s)) s++;
1582 } /* Next address */
1583 } /* Next header (if found is false) */
1584
1585 if (!found) return FAIL;
1586 } /* Next recipient */
1587
1588return OK;
1589}
1590
1591
059ec3d9
PH		 1592
1593/*************************************************
1594* Find if verified sender *
1595*************************************************/
1596
1597/* Usually, just a single address is verified as the sender of the message.
1598However, Exim can be made to verify other addresses as well (often related in
1599some way), and this is useful in some environments. There may therefore be a
1600chain of such addresses that have previously been tested. This function finds
1601whether a given address is on the chain.
1602
1603Arguments: the address to be verified
1604Returns: pointer to an address item, or NULL
1605*/
1606
1607address_item *
1608verify_checked_sender(uschar *sender)
1609{
1610address_item *addr;
1611for (addr = sender_verified_list; addr != NULL; addr = addr->next)
1612 if (Ustrcmp(sender, addr->address) == 0) break;
1613return addr;
1614}
1615
1616
1617
1618
1619
1620/*************************************************
1621* Get valid header address *
1622*************************************************/
1623
1624/* Scan the originator headers of the message, looking for an address that
1625verifies successfully. RFC 822 says:
1626
1627 o The "Sender" field mailbox should be sent notices of
1628 any problems in transport or delivery of the original
1629 messages. If there is no "Sender" field, then the
1630 "From" field mailbox should be used.
1631
1632 o If the "Reply-To" field exists, then the reply should
1633 go to the addresses indicated in that field and not to
1634 the address(es) indicated in the "From" field.
1635
1636So we check a Sender field if there is one, else a Reply_to field, else a From
1637field. As some strange messages may have more than one of these fields,
1638especially if they are resent- fields, check all of them if there is more than
1639one.
1640
1641Arguments:
1642 user_msgptr points to where to put a user error message
1643 log_msgptr points to where to put a log error message
1644 callout timeout for callout check (passed to verify_address())
1645 callout_overall overall callout timeout (ditto)
8e669ac1 1646 callout_connect connect callout timeout (ditto)
059ec3d9
PH		 1647 se_mailfrom mailfrom for verify; NULL => ""
1648 pm_mailfrom sender for pm callout check (passed to verify_address())
1649 options callout options (passed to verify_address())
8e669ac1 1650 verrno where to put the address basic_errno
059ec3d9
PH		 1651
1652If log_msgptr is set to something without setting user_msgptr, the caller
1653normally uses log_msgptr for both things.
1654
1655Returns: result of the verification attempt: OK, FAIL, or DEFER;
1656 FAIL is given if no appropriate headers are found
1657*/
1658
1659int
1660verify_check_header_address(uschar **user_msgptr, uschar **log_msgptr,
8e669ac1 1661 int callout, int callout_overall, int callout_connect, uschar *se_mailfrom,
fe5b5d0b 1662 uschar *pm_mailfrom, int options, int *verrno)
059ec3d9
PH		 1663{
1664static int header_types[] = { htype_sender, htype_reply_to, htype_from };
1665int yield = FAIL;
1666int i;
1667
1668for (i = 0; i < 3; i++)
1669 {
1670 header_line *h;
1671 for (h = header_list; h != NULL; h = h->next)
1672 {
1673 int terminator, new_ok;
1674 uschar *s, *ss, *endname;
1675
1676 if (h->type != header_types[i]) continue;
1677 s = endname = Ustrchr(h->text, ':') + 1;
1678
1679 while (*s != 0)
1680 {
1681 address_item *vaddr;
1682
1683 while (isspace(*s) || *s == ',') s++;
1684 if (*s == 0) break; /* End of header */
1685
1686 ss = parse_find_address_end(s, FALSE);
1687
1688 /* The terminator is a comma or end of header, but there may be white
1689 space preceding it (including newline for the last address). Move back
1690 past any white space so we can check against any cached envelope sender
1691 address verifications. */
1692
1693 while (isspace(ss[-1])) ss--;
1694 terminator = *ss;
1695 *ss = 0;
1696
1697 HDEBUG(D_verify) debug_printf("verifying %.*s header address %s\n",
1698 (int)(endname - h->text), h->text, s);
1699
1700 /* See if we have already verified this address as an envelope sender,
1701 and if so, use the previous answer. */
1702
1703 vaddr = verify_checked_sender(s);
1704
1705 if (vaddr != NULL && /* Previously checked */
1706 (callout <= 0 || /* No callout needed; OR */
1707 vaddr->special_action > 256)) /* Callout was done */
1708 {
1709 new_ok = vaddr->special_action & 255;
1710 HDEBUG(D_verify) debug_printf("previously checked as envelope sender\n");
1711 *ss = terminator; /* Restore shortened string */
1712 }
1713
1714 /* Otherwise we run the verification now. We must restore the shortened
1715 string before running the verification, so the headers are correct, in
1716 case there is any rewriting. */
1717
1718 else
1719 {
1720 int start, end, domain;
1721 uschar *address = parse_extract_address(s, log_msgptr, &start,
1722 &end, &domain, FALSE);
1723
1724 *ss = terminator;
1725
1726 /* If verification failed because of a syntax error, fail this
1727 function, and ensure that the failing address gets added to the error
1728 message. */
1729
1730 if (address == NULL)
1731 {
1732 new_ok = FAIL;
1733 if (*log_msgptr != NULL)
1734 {
1735 while (ss > s && isspace(ss[-1])) ss--;
1736 *log_msgptr = string_sprintf("syntax error in '%.*s' header when "
1737 "scanning for sender: %s in \"%.*s\"",
1738 endname - h->text, h->text, *log_msgptr, ss - s, s);
1739 return FAIL;
1740 }
1741 }
1742
2f6603e1 1743 /* Else go ahead with the sender verification. But it isn't *the*
059ec3d9
PH		 1744 sender of the message, so set vopt_fake_sender to stop sender_address
1745 being replaced after rewriting or qualification. */
1746
1747 else
1748 {
1749 vaddr = deliver_make_addr(address, FALSE);
1750 new_ok = verify_address(vaddr, NULL, options | vopt_fake_sender,
8e669ac1 1751 callout, callout_overall, callout_connect, se_mailfrom,
4deaf07d 1752 pm_mailfrom, NULL);
059ec3d9
PH		 1753 }
1754 }
1755
1756 /* We now have the result, either newly found, or cached. If we are
1757 giving out error details, set a specific user error. This means that the
1758 last of these will be returned to the user if all three fail. We do not
1759 set a log message - the generic one below will be used. */
1760
fe5b5d0b 1761 if (new_ok != OK)
059ec3d9 1762 {
8e669ac1 1763 *verrno = vaddr->basic_errno;
fe5b5d0b
PH		 1764 if (smtp_return_error_details)
1765 {
1766 *user_msgptr = string_sprintf("Rejected after DATA: "
1767 "could not verify \"%.*s\" header address\n%s: %s",
1768 endname - h->text, h->text, vaddr->address, vaddr->message);
1769 }
8e669ac1 1770 }
059ec3d9
PH		 1771
1772 /* Success or defer */
1773
1774 if (new_ok == OK) return OK;
1775 if (new_ok == DEFER) yield = DEFER;
1776
1777 /* Move on to any more addresses in the header */
1778
1779 s = ss;
1780 }
1781 }
1782 }
1783
1784if (yield == FAIL && *log_msgptr == NULL)
1785 *log_msgptr = US"there is no valid sender in any header line";
1786
1787if (yield == DEFER && *log_msgptr == NULL)
1788 *log_msgptr = US"all attempts to verify a sender in a header line deferred";
1789
1790return yield;
1791}
1792
1793
1794
1795
1796/*************************************************
1797* Get RFC 1413 identification *
1798*************************************************/
1799
1800/* Attempt to get an id from the sending machine via the RFC 1413 protocol. If
1801the timeout is set to zero, then the query is not done. There may also be lists
1802of hosts and nets which are exempt. To guard against malefactors sending
1803non-printing characters which could, for example, disrupt a message's headers,
1804make sure the string consists of printing characters only.
1805
1806Argument:
1807 port the port to connect to; usually this is IDENT_PORT (113), but when
1808 running in the test harness with -bh a different value is used.
1809
1810Returns: nothing
1811
1812Side effect: any received ident value is put in sender_ident (NULL otherwise)
1813*/
1814
1815void
1816verify_get_ident(int port)
1817{
1818int sock, host_af, qlen;
1819int received_sender_port, received_interface_port, n;
1820uschar *p;
1821uschar buffer[2048];
1822
1823/* Default is no ident. Check whether we want to do an ident check for this
1824host. */
1825
1826sender_ident = NULL;
1827if (rfc1413_query_timeout <= 0 || verify_check_host(&rfc1413_hosts) != OK)
1828 return;
1829
1830DEBUG(D_ident) debug_printf("doing ident callback\n");
1831
1832/* Set up a connection to the ident port of the remote host. Bind the local end
1833to the incoming interface address. If the sender host address is an IPv6
1834address, the incoming interface address will also be IPv6. */
1835
1836host_af = (Ustrchr(sender_host_address, ':') == NULL)? AF_INET : AF_INET6;
1837sock = ip_socket(SOCK_STREAM, host_af);
1838if (sock < 0) return;
1839
1840if (ip_bind(sock, host_af, interface_address, 0) < 0)
1841 {
1842 DEBUG(D_ident) debug_printf("bind socket for ident failed: %s\n",
1843 strerror(errno));
1844 goto END_OFF;
1845 }
1846
1847if (ip_connect(sock, host_af, sender_host_address, port, rfc1413_query_timeout)
1848 < 0)
1849 {
1850 if (errno == ETIMEDOUT && (log_extra_selector & LX_ident_timeout) != 0)
1851 {
1852 log_write(0, LOG_MAIN, "ident connection to %s timed out",
1853 sender_host_address);
1854 }
1855 else
1856 {
1857 DEBUG(D_ident) debug_printf("ident connection to %s failed: %s\n",
1858 sender_host_address, strerror(errno));
1859 }
1860 goto END_OFF;
1861 }
1862
1863/* Construct and send the query. */
1864
1865sprintf(CS buffer, "%d , %d\r\n", sender_host_port, interface_port);
1866qlen = Ustrlen(buffer);
1867if (send(sock, buffer, qlen, 0) < 0)
1868 {
1869 DEBUG(D_ident) debug_printf("ident send failed: %s\n", strerror(errno));
1870 goto END_OFF;
1871 }
1872
1873/* Read a response line. We put it into the rest of the buffer, using several
1874recv() calls if necessary. */
1875
1876p = buffer + qlen;
1877
1878for (;;)
1879 {
1880 uschar *pp;
1881 int count;
1882 int size = sizeof(buffer) - (p - buffer);
1883
1884 if (size <= 0) goto END_OFF; /* Buffer filled without seeing \n. */
1885 count = ip_recv(sock, p, size, rfc1413_query_timeout);
1886 if (count <= 0) goto END_OFF; /* Read error or EOF */
1887
1888 /* Scan what we just read, to see if we have reached the terminating \r\n. Be
1889 generous, and accept a plain \n terminator as well. The only illegal
1890 character is 0. */
1891
1892 for (pp = p; pp < p + count; pp++)
1893 {
1894 if (*pp == 0) goto END_OFF; /* Zero octet not allowed */
1895 if (*pp == '\n')
1896 {
1897 if (pp[-1] == '\r') pp--;
1898 *pp = 0;
1899 goto GOT_DATA; /* Break out of both loops */
1900 }
1901 }
1902
1903 /* Reached the end of the data without finding \n. Let the loop continue to
1904 read some more, if there is room. */
1905
1906 p = pp;
1907 }
1908
1909GOT_DATA:
1910
1911/* We have received a line of data. Check it carefully. It must start with the
1912same two port numbers that we sent, followed by data as defined by the RFC. For
1913example,
1914
1915 12345 , 25 : USERID : UNIX :root
1916
1917However, the amount of white space may be different to what we sent. In the
1918"osname" field there may be several sub-fields, comma separated. The data we
1919actually want to save follows the third colon. Some systems put leading spaces
1920in it - we discard those. */
1921
1922if (sscanf(CS buffer + qlen, "%d , %d%n", &received_sender_port,
1923 &received_interface_port, &n) != 2 ||
1924 received_sender_port != sender_host_port ||
1925 received_interface_port != interface_port)
1926 goto END_OFF;
1927
1928p = buffer + qlen + n;
1929while(isspace(*p)) p++;
1930if (*p++ != ':') goto END_OFF;
1931while(isspace(*p)) p++;
1932if (Ustrncmp(p, "USERID", 6) != 0) goto END_OFF;
1933p += 6;
1934while(isspace(*p)) p++;
1935if (*p++ != ':') goto END_OFF;
1936while (*p != 0 && *p != ':') p++;
1937if (*p++ == 0) goto END_OFF;
1938while(isspace(*p)) p++;
1939if (*p == 0) goto END_OFF;
1940
1941/* The rest of the line is the data we want. We turn it into printing
1942characters when we save it, so that it cannot mess up the format of any logging
1943or Received: lines into which it gets inserted. We keep a maximum of 127
1944characters. */
1945
1946sender_ident = string_printing(string_copyn(p, 127));
1947DEBUG(D_ident) debug_printf("sender_ident = %s\n", sender_ident);
1948
1949END_OFF:
f1e894f3 1950(void)close(sock);
059ec3d9
PH		 1951return;
1952}
1953
1954
1955
1956
1957/*************************************************
1958* Match host to a single host-list item *
1959*************************************************/
1960
1961/* This function compares a host (name or address) against a single item
1962from a host list. The host name gets looked up if it is needed and is not
1963already known. The function is called from verify_check_this_host() via
1964match_check_list(), which is why most of its arguments are in a single block.
1965
1966Arguments:
1967 arg the argument block (see below)
1968 ss the host-list item
1969 valueptr where to pass back looked up data, or NULL
1970 error for error message when returning ERROR
1971
1972The block contains:
32d668a5
PH		 1973 host_name (a) the host name, or
1974 (b) NULL, implying use sender_host_name and
1975 sender_host_aliases, looking them up if required, or
1976 (c) the empty string, meaning that only IP address matches
1977 are permitted
059ec3d9
PH		 1978 host_address the host address
1979 host_ipv4 the IPv4 address taken from an IPv6 one
1980
1981Returns: OK matched
1982 FAIL did not match
1983 DEFER lookup deferred
32d668a5
PH		 1984 ERROR (a) failed to find the host name or IP address, or
1985 (b) unknown lookup type specified, or
1986 (c) host name encountered when only IP addresses are
1987 being matched
059ec3d9
PH		 1988*/
1989
32d668a5 1990int
059ec3d9
PH		 1991check_host(void *arg, uschar *ss, uschar **valueptr, uschar **error)
1992{
1993check_host_block *cb = (check_host_block *)arg;
32d668a5 1994int mlen = -1;
059ec3d9 1995int maskoffset;
32d668a5 1996BOOL iplookup = FALSE;
059ec3d9 1997BOOL isquery = FALSE;
32d668a5 1998BOOL isiponly = cb->host_name != NULL && cb->host_name[0] == 0;
1688f43b 1999uschar *t;
32d668a5 2000uschar *semicolon;
059ec3d9
PH		 2001uschar **aliases;
2002
2003/* Optimize for the special case when the pattern is "*". */
2004
2005if (*ss == '*' && ss[1] == 0) return OK;
2006
2007/* If the pattern is empty, it matches only in the case when there is no host -
2008this can occur in ACL checking for SMTP input using the -bs option. In this
2009situation, the host address is the empty string. */
2010
2011if (cb->host_address[0] == 0) return (*ss == 0)? OK : FAIL;
2012if (*ss == 0) return FAIL;
2013
32d668a5
PH		 2014/* If the pattern is precisely "@" then match against the primary host name,
2015provided that host name matching is permitted; if it's "@[]" match against the
2016local host's IP addresses. */
059ec3d9
PH		 2017
2018if (*ss == '@')
2019 {
32d668a5
PH		 2020 if (ss[1] == 0)
2021 {
2022 if (isiponly) return ERROR;
2023 ss = primary_hostname;
2024 }
059ec3d9
PH		 2025 else if (Ustrcmp(ss, "@[]") == 0)
2026 {
2027 ip_address_item *ip;
2028 for (ip = host_find_interfaces(); ip != NULL; ip = ip->next)
2029 if (Ustrcmp(ip->address, cb->host_address) == 0) return OK;
2030 return FAIL;
2031 }
2032 }
2033
2034/* If the pattern is an IP address, optionally followed by a bitmask count, do
2035a (possibly masked) comparision with the current IP address. */
2036
7e66e54d 2037if (string_is_ip_address(ss, &maskoffset) != 0)
059ec3d9
PH		 2038 return (host_is_in_net(cb->host_address, ss, maskoffset)? OK : FAIL);
2039
1688f43b
PH		 2040/* The pattern is not an IP address. A common error that people make is to omit
2041one component of an IPv4 address, either by accident, or believing that, for
2042example, 1.2.3/24 is the same as 1.2.3.0/24, or 1.2.3 is the same as 1.2.3.0,
2043which it isn't. (Those applications that do accept 1.2.3 as an IP address
2044interpret it as 1.2.0.3 because the final component becomes 16-bit - this is an
2045ancient specification.) To aid in debugging these cases, we give a specific
2046error if the pattern contains only digits and dots or contains a slash preceded
2047only by digits and dots (a slash at the start indicates a file name and of
2048course slashes may be present in lookups, but not preceded only by digits and
2049dots). */
2050
2051for (t = ss; isdigit(*t) || *t == '.'; t++);
2052if (*t == 0 || (*t == '/' && t != ss))
2053 {
2054 *error = US"malformed IPv4 address or address mask";
2055 return ERROR;
2056 }
2057
32d668a5 2058/* See if there is a semicolon in the pattern */
059ec3d9 2059
32d668a5
PH		 2060semicolon = Ustrchr(ss, ';');
2061
2062/* If we are doing an IP address only match, then all lookups must be IP
df199fec 2063address lookups, even if there is no "net-". */
32d668a5
PH		 2064
2065if (isiponly)
059ec3d9 2066 {
32d668a5
PH		 2067 iplookup = semicolon != NULL;
2068 }
059ec3d9 2069
32d668a5 2070/* Otherwise, if the item is of the form net[n]-lookup;<file|query> then it is
df199fec
PH		 2071a lookup on a masked IP network, in textual form. We obey this code even if we
2072have already set iplookup, so as to skip over the "net-" prefix and to set the
2073mask length. The net- stuff really only applies to single-key lookups where the
2074key is implicit. For query-style lookups the key is specified in the query.
2075From release 4.30, the use of net- for query style is no longer needed, but we
2076retain it for backward compatibility. */
2077
2078if (Ustrncmp(ss, "net", 3) == 0 && semicolon != NULL)
32d668a5
PH		 2079 {
2080 mlen = 0;
2081 for (t = ss + 3; isdigit(*t); t++) mlen = mlen * 10 + *t - '0';
2082 if (mlen == 0 && t == ss+3) mlen = -1; /* No mask supplied */
2083 iplookup = (*t++ == '-');
2084 }
1688f43b 2085else t = ss;
059ec3d9 2086
32d668a5 2087/* Do the IP address lookup if that is indeed what we have */
059ec3d9 2088
32d668a5
PH		 2089if (iplookup)
2090 {
2091 int insize;
2092 int search_type;
2093 int incoming[4];
2094 void *handle;
2095 uschar *filename, *key, *result;
2096 uschar buffer[64];
059ec3d9 2097
32d668a5 2098 /* Find the search type */
059ec3d9 2099
32d668a5 2100 search_type = search_findtype(t, semicolon - t);
059ec3d9 2101
32d668a5
PH		 2102 if (search_type < 0) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s",
2103 search_error_message);
059ec3d9 2104
13b685f9
PH		 2105 /* Adjust parameters for the type of lookup. For a query-style lookup, there
2106 is no file name, and the "key" is just the query. For query-style with a file
2107 name, we have to fish the file off the start of the query. For a single-key
2108 lookup, the key is the current IP address, masked appropriately, and
2109 reconverted to text form, with the mask appended. For IPv6 addresses, specify
2110 dot separators instead of colons. */
059ec3d9 2111
13b685f9
PH		 2112 if (mac_islookup(search_type, lookup_absfilequery))
2113 {
2114 filename = semicolon + 1;
2115 key = filename;
2116 while (*key != 0 && !isspace(*key)) key++;
2117 filename = string_copyn(filename, key - filename);
2118 while (isspace(*key)) key++;
2119 }
2120 else if (mac_islookup(search_type, lookup_querystyle))
32d668a5
PH		 2121 {
2122 filename = NULL;
2123 key = semicolon + 1;
2124 }
2125 else
2126 {
2127 insize = host_aton(cb->host_address, incoming);
2128 host_mask(insize, incoming, mlen);
2129 (void)host_nmtoa(insize, incoming, mlen, buffer, '.');
2130 key = buffer;
2131 filename = semicolon + 1;
059ec3d9 2132 }
32d668a5
PH		 2133
2134 /* Now do the actual lookup; note that there is no search_close() because
2135 of the caching arrangements. */
2136
2137 handle = search_open(filename, search_type, 0, NULL, NULL);
2138 if (handle == NULL) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s",
2139 search_error_message);
2140 result = search_find(handle, filename, key, -1, NULL, 0, 0, NULL);
2141 if (valueptr != NULL) *valueptr = result;
2142 return (result != NULL)? OK : search_find_defer? DEFER: FAIL;
059ec3d9
PH		 2143 }
2144
2145/* The pattern is not an IP address or network reference of any kind. That is,
32d668a5
PH		 2146it is a host name pattern. If this is an IP only match, there's an error in the
2147host list. */
2148
2149if (isiponly)
2150 {
2151 *error = US"cannot match host name in match_ip list";
2152 return ERROR;
2153 }
2154
2155/* Check the characters of the pattern to see if they comprise only letters,
2156digits, full stops, and hyphens (the constituents of domain names). Allow
2157underscores, as they are all too commonly found. Sigh. Also, if
2158allow_utf8_domains is set, allow top-bit characters. */
059ec3d9
PH		 2159
2160for (t = ss; *t != 0; t++)
2161 if (!isalnum(*t) && *t != '.' && *t != '-' && *t != '_' &&
2162 (!allow_utf8_domains || *t < 128)) break;
2163
2164/* If the pattern is a complete domain name, with no fancy characters, look up
2165its IP address and match against that. Note that a multi-homed host will add
2166items to the chain. */
2167
2168if (*t == 0)
2169 {
2170 int rc;
2171 host_item h;
2172 h.next = NULL;
2173 h.name = ss;
2174 h.address = NULL;
2175 h.mx = MX_NONE;
9b8fadde 2176
059ec3d9
PH		 2177 rc = host_find_byname(&h, NULL, NULL, FALSE);
2178 if (rc == HOST_FOUND || rc == HOST_FOUND_LOCAL)
2179 {
2180 host_item *hh;
2181 for (hh = &h; hh != NULL; hh = hh->next)
2182 {
96776534 2183 if (host_is_in_net(hh->address, cb->host_address, 0)) return OK;
059ec3d9
PH		 2184 }
2185 return FAIL;
2186 }
2187 if (rc == HOST_FIND_AGAIN) return DEFER;
2188 *error = string_sprintf("failed to find IP address for %s", ss);
2189 return ERROR;
2190 }
2191
2192/* Almost all subsequent comparisons require the host name, and can be done
2193using the general string matching function. When this function is called for
2194outgoing hosts, the name is always given explicitly. If it is NULL, it means we
2195must use sender_host_name and its aliases, looking them up if necessary. */
2196
2197if (cb->host_name != NULL) /* Explicit host name given */
2198 return match_check_string(cb->host_name, ss, -1, TRUE, TRUE, TRUE,
2199 valueptr);
2200
2201/* Host name not given; in principle we need the sender host name and its
2202aliases. However, for query-style lookups, we do not need the name if the
2203query does not contain $sender_host_name. From release 4.23, a reference to
2204$sender_host_name causes it to be looked up, so we don't need to do the lookup
2205on spec. */
2206
2207if ((semicolon = Ustrchr(ss, ';')) != NULL)
2208 {
2209 uschar *affix;
2210 int partial, affixlen, starflags, id;
2211
2212 *semicolon = 0;
2213 id = search_findtype_partial(ss, &partial, &affix, &affixlen, &starflags);
2214 *semicolon=';';
2215
2216 if (id < 0) /* Unknown lookup type */
2217 {
2218 log_write(0, LOG_MAIN|LOG_PANIC, "%s in host list item \"%s\"",
2219 search_error_message, ss);
2220 return DEFER;
2221 }
13b685f9 2222 isquery = mac_islookup(id, lookup_querystyle|lookup_absfilequery);
059ec3d9
PH		 2223 }
2224
2225if (isquery)
2226 {
2227 switch(match_check_string(US"", ss, -1, TRUE, TRUE, TRUE, valueptr))
2228 {
2229 case OK: return OK;
2230 case DEFER: return DEFER;
2231 default: return FAIL;
2232 }
2233 }
2234
2235/* Not a query-style lookup; must ensure the host name is present, and then we
2236do a check on the name and all its aliases. */
2237
2238if (sender_host_name == NULL)
2239 {
2240 HDEBUG(D_host_lookup)
2241 debug_printf("sender host name required, to match against %s\n", ss);
2242 if (host_lookup_failed || host_name_lookup() != OK)
2243 {
2244 *error = string_sprintf("failed to find host name for %s",
2245 sender_host_address);;
2246 return ERROR;
2247 }
2248 host_build_sender_fullhost();
2249 }
2250
2251/* Match on the sender host name, using the general matching function */
2252
2253switch(match_check_string(sender_host_name, ss, -1, TRUE, TRUE, TRUE,
2254 valueptr))
2255 {
2256 case OK: return OK;
2257 case DEFER: return DEFER;
2258 }
2259
2260/* If there are aliases, try matching on them. */
2261
2262aliases = sender_host_aliases;
2263while (*aliases != NULL)
2264 {
2265 switch(match_check_string(*aliases++, ss, -1, TRUE, TRUE, TRUE, valueptr))
2266 {
2267 case OK: return OK;
2268 case DEFER: return DEFER;
2269 }
2270 }
2271return FAIL;
2272}
2273
2274
2275
2276
2277/*************************************************
2278* Check a specific host matches a host list *
2279*************************************************/
2280
2281/* This function is passed a host list containing items in a number of
2282different formats and the identity of a host. Its job is to determine whether
2283the given host is in the set of hosts defined by the list. The host name is
2284passed as a pointer so that it can be looked up if needed and not already
2285known. This is commonly the case when called from verify_check_host() to check
2286an incoming connection. When called from elsewhere the host name should usually
2287be set.
2288
2289This function is now just a front end to match_check_list(), which runs common
2290code for scanning a list. We pass it the check_host() function to perform a
2291single test.
2292
2293Arguments:
2294 listptr pointer to the host list
2295 cache_bits pointer to cache for named lists, or NULL
2296 host_name the host name or NULL, implying use sender_host_name and
2297 sender_host_aliases, looking them up if required
2298 host_address the IP address
2299 valueptr if not NULL, data from a lookup is passed back here
2300
2301Returns: OK if the host is in the defined set
2302 FAIL if the host is not in the defined set,
2303 DEFER if a data lookup deferred (not a host lookup)
2304
2305If the host name was needed in order to make a comparison, and could not be
2306determined from the IP address, the result is FAIL unless the item
2307"+allow_unknown" was met earlier in the list, in which case OK is returned. */
2308
2309int
2310verify_check_this_host(uschar **listptr, unsigned int *cache_bits,
2311 uschar *host_name, uschar *host_address, uschar **valueptr)
2312{
d4eb88df 2313int rc;
059ec3d9 2314unsigned int *local_cache_bits = cache_bits;
d4eb88df 2315uschar *save_host_address = deliver_host_address;
059ec3d9
PH		 2316check_host_block cb;
2317cb.host_name = host_name;
2318cb.host_address = host_address;
2319
2320if (valueptr != NULL) *valueptr = NULL;
2321
2322/* If the host address starts off ::ffff: it is an IPv6 address in
2323IPv4-compatible mode. Find the IPv4 part for checking against IPv4
2324addresses. */
2325
2326cb.host_ipv4 = (Ustrncmp(host_address, "::ffff:", 7) == 0)?
2327 host_address + 7 : host_address;
2328
8e669ac1
PH		 2329/* During the running of the check, put the IP address into $host_address. In
2330the case of calls from the smtp transport, it will already be there. However,
2331in other calls (e.g. when testing ignore_target_hosts), it won't. Just to be on
d4eb88df
PH		 2332the safe side, any existing setting is preserved, though as I write this
2333(November 2004) I can't see any cases where it is actually needed. */
2334
2335deliver_host_address = host_address;
2336rc = match_check_list(
2337 listptr, /* the list */
2338 0, /* separator character */
2339 &hostlist_anchor, /* anchor pointer */
2340 &local_cache_bits, /* cache pointer */
2341 check_host, /* function for testing */
2342 &cb, /* argument for function */
2343 MCL_HOST, /* type of check */
8e669ac1 2344 (host_address == sender_host_address)?
d4eb88df
PH		 2345 US"host" : host_address, /* text for debugging */
2346 valueptr); /* where to pass back data */
2347deliver_host_address = save_host_address;
8e669ac1 2348return rc;
059ec3d9
PH		 2349}
2350
2351
2352
2353
2354/*************************************************
2355* Check the remote host matches a list *
2356*************************************************/
2357
2358/* This is a front end to verify_check_this_host(), created because checking
2359the remote host is a common occurrence. With luck, a good compiler will spot
2360the tail recursion and optimize it. If there's no host address, this is
2361command-line SMTP input - check against an empty string for the address.
2362
2363Arguments:
2364 listptr pointer to the host list
2365
2366Returns: the yield of verify_check_this_host(),
2367 i.e. OK, FAIL, or DEFER
2368*/
2369
2370int
2371verify_check_host(uschar **listptr)
2372{
2373return verify_check_this_host(listptr, sender_host_cache, NULL,
2374 (sender_host_address == NULL)? US"" : sender_host_address, NULL);
2375}
2376
2377
2378
2379
2380
2381/*************************************************
2382* Invert an IP address for a DNS black list *
2383*************************************************/
2384
2385/*
2386Arguments:
2387 buffer where to put the answer
2388 address the address to invert
2389*/
2390
2391static void
2392invert_address(uschar *buffer, uschar *address)
2393{
2394int bin[4];
2395uschar *bptr = buffer;
2396
2397/* If this is an IPv4 address mapped into IPv6 format, adjust the pointer
2398to the IPv4 part only. */
2399
2400if (Ustrncmp(address, "::ffff:", 7) == 0) address += 7;
2401
2402/* Handle IPv4 address: when HAVE_IPV6 is false, the result of host_aton() is
2403always 1. */
2404
2405if (host_aton(address, bin) == 1)
2406 {
2407 int i;
2408 int x = bin[0];
2409 for (i = 0; i < 4; i++)
2410 {
2411 sprintf(CS bptr, "%d.", x & 255);
2412 while (*bptr) bptr++;
2413 x >>= 8;
2414 }
2415 }
2416
2417/* Handle IPv6 address. Actually, as far as I know, there are no IPv6 addresses
2418in any DNS black lists, and the format in which they will be looked up is
2419unknown. This is just a guess. */
2420
2421#if HAVE_IPV6
2422else
2423 {
2424 int i, j;
2425 for (j = 3; j >= 0; j--)
2426 {
2427 int x = bin[j];
2428 for (i = 0; i < 8; i++)
2429 {
2430 sprintf(CS bptr, "%x.", x & 15);
2431 while (*bptr) bptr++;
2432 x >>= 4;
2433 }
2434 }
2435 }
2436#endif
2437}
2438
2439
2440
0bcb2a0e
PH		 2441/*************************************************
2442* Perform a single dnsbl lookup *
2443*************************************************/
2444
2445/* This function is called from verify_check_dnsbl() below.
2446
2447Arguments:
2448 domain the outer dnsbl domain (for debug message)
8e669ac1 2449 keydomain the current keydomain (for debug message)
0bcb2a0e 2450 query the domain to be looked up
8e669ac1
PH		 2451 iplist the list of matching IP addresses
2452 bitmask true if bitmask matching is wanted
2453 invert_result true if result to be inverted
2454 defer_return what to return for a defer
0bcb2a0e
PH		 2455
2456Returns: OK if lookup succeeded
2457 FAIL if not
2458*/
2459
2460static int
8e669ac1 2461one_check_dnsbl(uschar *domain, uschar *keydomain, uschar *query,
0bcb2a0e 2462 uschar *iplist, BOOL bitmask, BOOL invert_result, int defer_return)
8e669ac1 2463{
0bcb2a0e
PH		 2464dns_answer dnsa;
2465dns_scan dnss;
2466tree_node *t;
2467dnsbl_cache_block *cb;
2468int old_pool = store_pool;
2469
2470/* Look for this query in the cache. */
2471
2472t = tree_search(dnsbl_cache, query);
2473
2474/* If not cached from a previous lookup, we must do a DNS lookup, and
2475cache the result in permanent memory. */
2476
2477if (t == NULL)
2478 {
2479 store_pool = POOL_PERM;
2480
2481 /* Set up a tree entry to cache the lookup */
2482
2483 t = store_get(sizeof(tree_node) + Ustrlen(query));
2484 Ustrcpy(t->name, query);
2485 t->data.ptr = cb = store_get(sizeof(dnsbl_cache_block));
2486 (void)tree_insertnode(&dnsbl_cache, t);
2487
2488 /* Do the DNS loopup . */
2489
2490 HDEBUG(D_dnsbl) debug_printf("new DNS lookup for %s\n", query);
2491 cb->rc = dns_basic_lookup(&dnsa, query, T_A);
2492 cb->text_set = FALSE;
2493 cb->text = NULL;
2494 cb->rhs = NULL;
2495
2496 /* If the lookup succeeded, cache the RHS address. The code allows for
2497 more than one address - this was for complete generality and the possible
2498 use of A6 records. However, A6 records have been reduced to experimental
2499 status (August 2001) and may die out. So they may never get used at all,
2500 let alone in dnsbl records. However, leave the code here, just in case.
2501
2502 Quite apart from one A6 RR generating multiple addresses, there are DNS
2503 lists that return more than one A record, so we must handle multiple
2504 addresses generated in that way as well. */
2505
2506 if (cb->rc == DNS_SUCCEED)
2507 {
2508 dns_record *rr;
2509 dns_address **addrp = &(cb->rhs);
2510 for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);
2511 rr != NULL;
2512 rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT))
2513 {
2514 if (rr->type == T_A)
2515 {
2516 dns_address *da = dns_address_from_rr(&dnsa, rr);
2517 if (da != NULL)
2518 {
2519 *addrp = da;
2520 while (da->next != NULL) da = da->next;
2521 addrp = &(da->next);
2522 }
2523 }
2524 }
2525
2526 /* If we didn't find any A records, change the return code. This can
2527 happen when there is a CNAME record but there are no A records for what
2528 it points to. */
2529
2530 if (cb->rhs == NULL) cb->rc = DNS_NODATA;
2531 }
2532
2533 store_pool = old_pool;
2534 }
2535
2536/* Previous lookup was cached */
2537
2538else
2539 {
2540 HDEBUG(D_dnsbl) debug_printf("using result of previous DNS lookup\n");
2541 cb = t->data.ptr;
2542 }
2543
2544/* We now have the result of the DNS lookup, either newly done, or cached
2545from a previous call. If the lookup succeeded, check against the address
2546list if there is one. This may be a positive equality list (introduced by
2547"="), a negative equality list (introduced by "!="), a positive bitmask
2548list (introduced by "&"), or a negative bitmask list (introduced by "!&").*/
2549
2550if (cb->rc == DNS_SUCCEED)
2551 {
2552 dns_address *da = NULL;
2553 uschar *addlist = cb->rhs->address;
2554
2555 /* For A and AAAA records, there may be multiple addresses from multiple
2556 records. For A6 records (currently not expected to be used) there may be
2557 multiple addresses from a single record. */
2558
2559 for (da = cb->rhs->next; da != NULL; da = da->next)
2560 addlist = string_sprintf("%s, %s", addlist, da->address);
2561
2562 HDEBUG(D_dnsbl) debug_printf("DNS lookup for %s succeeded (yielding %s)\n",
2563 query, addlist);
2564
2565 /* Address list check; this can be either for equality, or via a bitmask.
2566 In the latter case, all the bits must match. */
2567
2568 if (iplist != NULL)
2569 {
2570 int ipsep = ',';
2571 uschar ip[46];
2572 uschar *ptr = iplist;
2573
2574 while (string_nextinlist(&ptr, &ipsep, ip, sizeof(ip)) != NULL)
2575 {
2576 /* Handle exact matching */
2577 if (!bitmask)
2578 {
2579 for (da = cb->rhs; da != NULL; da = da->next)
2580 {
2581 if (Ustrcmp(CS da->address, ip) == 0) break;
2582 }
2583 }
2584 /* Handle bitmask matching */
2585 else
2586 {
2587 int address[4];
2588 int mask = 0;
2589
2590 /* At present, all known DNS blocking lists use A records, with
2591 IPv4 addresses on the RHS encoding the information they return. I
2592 wonder if this will linger on as the last vestige of IPv4 when IPv6
2593 is ubiquitous? Anyway, for now we use paranoia code to completely
2594 ignore IPv6 addresses. The default mask is 0, which always matches.
2595 We change this only for IPv4 addresses in the list. */
2596
2597 if (host_aton(ip, address) == 1) mask = address[0];
2598
2599 /* Scan the returned addresses, skipping any that are IPv6 */
2600
2601 for (da = cb->rhs; da != NULL; da = da->next)
2602 {
2603 if (host_aton(da->address, address) != 1) continue;
2604 if ((address[0] & mask) == mask) break;
2605 }
2606 }
2607
2608 /* Break out if a match has been found */
2609
2610 if (da != NULL) break;
2611 }
2612
2613 /* If either
2614
2615 (a) No IP address in a positive list matched, or
2616 (b) An IP address in a negative list did match
2617
2618 then behave as if the DNSBL lookup had not succeeded, i.e. the host is
2619 not on the list. */
2620
2621 if (invert_result != (da == NULL))
2622 {
2623 HDEBUG(D_dnsbl)
2624 {
2625 debug_printf("=> but we are not accepting this block class because\n");
2626 debug_printf("=> there was %s match for %c%s\n",
2627 invert_result? "an exclude":"no", bitmask? '&' : '=', iplist);
2628 }
8e669ac1 2629 return FAIL;
0bcb2a0e
PH		 2630 }
2631 }
2632
2633 /* Either there was no IP list, or the record matched. Look up a TXT record
2634 if it hasn't previously been done. */
2635
2636 if (!cb->text_set)
2637 {
2638 cb->text_set = TRUE;
2639 if (dns_basic_lookup(&dnsa, query, T_TXT) == DNS_SUCCEED)
2640 {
2641 dns_record *rr;
2642 for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);
2643 rr != NULL;
2644 rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT))
2645 if (rr->type == T_TXT) break;
2646 if (rr != NULL)
2647 {
2648 int len = (rr->data)[0];
2649 if (len > 511) len = 127;
2650 store_pool = POOL_PERM;
2651 cb->text = string_sprintf("%.*s", len, (const uschar *)(rr->data+1));
2652 store_pool = old_pool;
2653 }
2654 }
2655 }
2656
2657 dnslist_value = addlist;
2658 dnslist_text = cb->text;
2659 return OK;
2660 }
2661
2662/* There was a problem with the DNS lookup */
2663
2664if (cb->rc != DNS_NOMATCH && cb->rc != DNS_NODATA)
2665 {
2666 log_write(L_dnslist_defer, LOG_MAIN,
2667 "DNS list lookup defer (probably timeout) for %s: %s", query,
2668 (defer_return == OK)? US"assumed in list" :
2669 (defer_return == FAIL)? US"assumed not in list" :
2670 US"returned DEFER");
2671 return defer_return;
2672 }
2673
2674/* No entry was found in the DNS; continue for next domain */
2675
2676HDEBUG(D_dnsbl)
2677 {
2678 debug_printf("DNS lookup for %s failed\n", query);
2679 debug_printf("=> that means %s is not listed at %s\n",
2680 keydomain, domain);
2681 }
2682
2683return FAIL;
2684}
2685
2686
2687
2688
059ec3d9
PH		 2689/*************************************************
2690* Check host against DNS black lists *
2691*************************************************/
2692
2693/* This function runs checks against a list of DNS black lists, until one
2694matches. Each item on the list can be of the form
2695
2696 domain=ip-address/key
2697
2698The domain is the right-most domain that is used for the query, for example,
2699blackholes.mail-abuse.org. If the IP address is present, there is a match only
2700if the DNS lookup returns a matching IP address. Several addresses may be
2701given, comma-separated, for example: x.y.z=127.0.0.1,127.0.0.2.
2702
2703If no key is given, what is looked up in the domain is the inverted IP address
2704of the current client host. If a key is given, it is used to construct the
2705domain for the lookup. For example,
2706
2707 dsn.rfc-ignorant.org/$sender_address_domain
2708
2709After finding a match in the DNS, the domain is placed in $dnslist_domain, and
2710then we check for a TXT record for an error message, and if found, save its
2711value in $dnslist_text. We also cache everything in a tree, to optimize
2712multiple lookups.
2713
2714Note: an address for testing RBL is 192.203.178.39
2715Note: an address for testing DUL is 192.203.178.4
2716Note: a domain for testing RFCI is example.tld.dsn.rfc-ignorant.org
2717
2718Arguments:
2719 listptr the domain/address/data list
2720
2721Returns: OK successful lookup (i.e. the address is on the list), or
2722 lookup deferred after +include_unknown
2723 FAIL name not found, or no data found for the given type, or
2724 lookup deferred after +exclude_unknown (default)
2725 DEFER lookup failure, if +defer_unknown was set
2726*/
2727
2728int
2729verify_check_dnsbl(uschar **listptr)
2730{
2731int sep = 0;
2732int defer_return = FAIL;
059ec3d9
PH		 2733BOOL invert_result = FALSE;
2734uschar *list = *listptr;
2735uschar *domain;
2736uschar *s;
2737uschar buffer[1024];
2738uschar query[256]; /* DNS domain max length */
2739uschar revadd[128]; /* Long enough for IPv6 address */
2740
2741/* Indicate that the inverted IP address is not yet set up */
2742
2743revadd[0] = 0;
2744
0bcb2a0e
PH		 2745/* In case this is the first time the DNS resolver is being used. */
2746
2747dns_init(FALSE, FALSE);
2748
059ec3d9
PH		 2749/* Loop through all the domains supplied, until something matches */
2750
2751while ((domain = string_nextinlist(&list, &sep, buffer, sizeof(buffer))) != NULL)
2752 {
0bcb2a0e 2753 int rc;
059ec3d9
PH		 2754 BOOL frc;
2755 BOOL bitmask = FALSE;
059ec3d9
PH		 2756 uschar *iplist;
2757 uschar *key;
059ec3d9
PH		 2758
2759 HDEBUG(D_dnsbl) debug_printf("DNS list check: %s\n", domain);
2760
2761 /* Deal with special values that change the behaviour on defer */
2762
2763 if (domain[0] == '+')
2764 {
2765 if (strcmpic(domain, US"+include_unknown") == 0) defer_return = OK;
2766 else if (strcmpic(domain, US"+exclude_unknown") == 0) defer_return = FAIL;
2767 else if (strcmpic(domain, US"+defer_unknown") == 0) defer_return = DEFER;
2768 else
2769 log_write(0, LOG_MAIN|LOG_PANIC, "unknown item in dnslist (ignored): %s",
2770 domain);
2771 continue;
2772 }
2773
2774 /* See if there's explicit data to be looked up */
2775
2776 key = Ustrchr(domain, '/');
2777 if (key != NULL) *key++ = 0;
2778
2779 /* See if there's a list of addresses supplied after the domain name. This is
2780 introduced by an = or a & character; if preceded by ! we invert the result.
2781 */
2782
2783 iplist = Ustrchr(domain, '=');
2784 if (iplist == NULL)
2785 {
2786 bitmask = TRUE;
2787 iplist = Ustrchr(domain, '&');
2788 }
2789
2790 if (iplist != NULL)
2791 {
2792 if (iplist > domain && iplist[-1] == '!')
2793 {
2794 invert_result = TRUE;
2795 iplist[-1] = 0;
2796 }
2797 *iplist++ = 0;
2798 }
2799
2800 /* Check that what we have left is a sensible domain name. There is no reason
2801 why these domains should in fact use the same syntax as hosts and email
2802 domains, but in practice they seem to. However, there is little point in
2803 actually causing an error here, because that would no doubt hold up incoming
2804 mail. Instead, I'll just log it. */
2805
2806 for (s = domain; *s != 0; s++)
2807 {
2808 if (!isalnum(*s) && *s != '-' && *s != '.')
2809 {
2810 log_write(0, LOG_MAIN, "dnslists domain \"%s\" contains "
2811 "strange characters - is this right?", domain);
2812 break;
2813 }
2814 }
2815
8e669ac1 2816 /* If there is no key string, construct the query by adding the domain name
0bcb2a0e 2817 onto the inverted host address, and perform a single DNS lookup. */
8e669ac1 2818
059ec3d9
PH		 2819 if (key == NULL)
2820 {
2821 if (sender_host_address == NULL) return FAIL; /* can never match */
2822 if (revadd[0] == 0) invert_address(revadd, sender_host_address);
2823 frc = string_format(query, sizeof(query), "%s%s", revadd, domain);
8e669ac1 2824
0bcb2a0e 2825 if (!frc)
059ec3d9 2826 {
0bcb2a0e
PH		 2827 log_write(0, LOG_MAIN|LOG_PANIC, "dnslist query is too long "
2828 "(ignored): %s...", query);
2829 continue;
059ec3d9 2830 }
8e669ac1
PH		 2831
2832 rc = one_check_dnsbl(domain, sender_host_address, query, iplist, bitmask,
0bcb2a0e 2833 invert_result, defer_return);
8e669ac1 2834
0bcb2a0e
PH		 2835 if (rc == OK)
2836 {
2837 dnslist_domain = string_copy(domain);
8e669ac1 2838 HDEBUG(D_dnsbl) debug_printf("=> that means %s is listed at %s\n",
0bcb2a0e
PH		 2839 sender_host_address, domain);
2840 }
8e669ac1 2841
0bcb2a0e 2842 if (rc != FAIL) return rc; /* OK or DEFER */
059ec3d9 2843 }
8e669ac1
PH		 2844
2845 /* If there is a key string, it can be a list of domains or IP addresses to
0bcb2a0e 2846 be concatenated with the main domain. */
8e669ac1 2847
059ec3d9
PH		 2848 else
2849 {
0bcb2a0e 2850 int keysep = 0;
8e669ac1
PH		 2851 BOOL defer = FALSE;
2852 uschar *keydomain;
0bcb2a0e 2853 uschar keybuffer[256];
8e669ac1
PH		 2854
2855 while ((keydomain = string_nextinlist(&key, &keysep, keybuffer,
0bcb2a0e 2856 sizeof(keybuffer))) != NULL)
8e669ac1 2857 {
7e66e54d 2858 if (string_is_ip_address(keydomain, NULL) != 0)
059ec3d9 2859 {
0bcb2a0e
PH		 2860 uschar keyrevadd[128];
2861 invert_address(keyrevadd, keydomain);
8e669ac1 2862 frc = string_format(query, sizeof(query), "%s%s", keyrevadd, domain);
0bcb2a0e
PH		 2863 }
2864 else
8e669ac1 2865 {
0bcb2a0e 2866 frc = string_format(query, sizeof(query), "%s.%s", keydomain, domain);
059ec3d9
PH		 2867 }
2868
0bcb2a0e 2869 if (!frc)
059ec3d9 2870 {
0bcb2a0e
PH		 2871 log_write(0, LOG_MAIN|LOG_PANIC, "dnslist query is too long "
2872 "(ignored): %s...", query);
2873 continue;
059ec3d9 2874 }
8e669ac1
PH		 2875
2876 rc = one_check_dnsbl(domain, keydomain, query, iplist, bitmask,
0bcb2a0e 2877 invert_result, defer_return);
8e669ac1 2878
0bcb2a0e 2879 if (rc == OK)
059ec3d9 2880 {
0bcb2a0e 2881 dnslist_domain = string_copy(domain);
8e669ac1 2882 HDEBUG(D_dnsbl) debug_printf("=> that means %s is listed at %s\n",
0bcb2a0e 2883 keydomain, domain);
8e669ac1 2884 return OK;
059ec3d9 2885 }
8e669ac1 2886
c38d6da9
PH		 2887 /* If the lookup deferred, remember this fact. We keep trying the rest
2888 of the list to see if we get a useful result, and if we don't, we return
2889 DEFER at the end. */
059ec3d9 2890
c38d6da9 2891 if (rc == DEFER) defer = TRUE;
0bcb2a0e 2892 } /* continue with next keystring domain/address */
c38d6da9
PH		 2893
2894 if (defer) return DEFER;
8e669ac1 2895 }
0bcb2a0e 2896 } /* continue with next dnsdb outer domain */
059ec3d9
PH		 2897
2898return FAIL;
2899}
2900
2901/* End of verify.c */
Unnamed repository; edit this file 'description' to name the repository.