if (smtp_out != NULL && !disable_callout_flush) mac_smtp_fflush();
- /* Precompile some regex that are used to recognize parameters in response
- to an EHLO command, if they aren't already compiled. */
- #ifdef SUPPORT_TLS
- if (regex_STARTTLS == NULL) regex_STARTTLS =
- regex_must_compile(US"\\n250[\\s\\-]STARTTLS(\\s|\\n|$)", FALSE, TRUE);
- #endif
-
/* Now make connections to the hosts and do real callouts. The list of hosts
is passed in as an argument. */
tls_retry_connection:
inblock.sock = outblock.sock =
- smtp_connect(host, host_af, port, interface, callout_connect, TRUE);
+ smtp_connect(host, host_af, port, interface, callout_connect, TRUE, NULL);
/* reconsider DSCP here */
if (inblock.sock < 0)
{
goto SEND_FAILED;
if (!smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), '2', callout))
{
- if (errno != 0 || responsebuffer[0] == 0 || lmtp || !esmtp || tls_out.active >= 0)
- {
- done= FALSE;
- goto RESPONSE_FAILED;
- }
+ if (errno != 0 || responsebuffer[0] == 0 || lmtp || !esmtp || tls_out.active >= 0)
+ {
+ done= FALSE;
+ goto RESPONSE_FAILED;
+ }
#ifdef SUPPORT_TLS
tls_offered = FALSE;
#endif
/* Set tls_offered if the response to EHLO specifies support for STARTTLS. */
#ifdef SUPPORT_TLS
- tls_offered = esmtp && !suppress_tls && tls_out.active < 0 &&
- pcre_exec(regex_STARTTLS, NULL, CS responsebuffer, Ustrlen(responsebuffer), 0,
- PCRE_EOPT, NULL, 0) >= 0;
+ if (esmtp && !suppress_tls && tls_out.active < 0)
+ {
+ if (regex_STARTTLS == NULL) regex_STARTTLS =
+ regex_must_compile(US"\\n250[\\s\\-]STARTTLS(\\s|\\n|$)", FALSE, TRUE);
+
+ tls_offered = pcre_exec(regex_STARTTLS, NULL, CS responsebuffer,
+ Ustrlen(responsebuffer), 0, PCRE_EOPT, NULL, 0) >= 0;
+ }
+ else
+ tls_offered = FALSE;
#endif
}
#ifdef SUPPORT_TLS
if (tls_offered &&
verify_check_this_host(&(ob->hosts_avoid_tls), NULL, host->name,
- host->address, NULL) != OK)
+ host->address, NULL) != OK &&
+ verify_check_this_host(&(ob->hosts_verify_avoid_tls), NULL, host->name,
+ host->address, NULL) != OK
+ )
{
uschar buffer2[4096];
if ( !smtps
ob->tls_certificate, ob->tls_privatekey,
ob->tls_sni,
ob->tls_verify_certificates, ob->tls_crl,
- ob->tls_require_ciphers,
- ob->gnutls_require_mac, ob->gnutls_require_kx, ob->gnutls_require_proto,
+ ob->tls_require_ciphers, ob->tls_dh_min_bits,
callout);
/* TLS negotiation failed; give an error. Try in clear on a new connection,
}
else
{
+#ifdef SUPPORT_TLS
+ deliver_set_expansions(addr);
+#endif
rc = do_callout(addr, host_list, &tf, callout, callout_overall,
callout_connect, options, se_mailfrom, pm_mailfrom);
}