Always do explicit A/AAAA lookups; no longer make use of the additional
[exim.git] / src / src / retry.c
CommitLineData
d7d7b7b9 1/* $Cambridge: exim/src/src/retry.c,v 1.5 2006/02/07 11:19:00 ph10 Exp $ */
059ec3d9
PH
2
3/*************************************************
4* Exim - an Internet mail transport agent *
5*************************************************/
6
d7d7b7b9 7/* Copyright (c) University of Cambridge 1995 - 2006 */
059ec3d9
PH
8/* See the file NOTICE for conditions of use and distribution. */
9
10/* Functions concerned with retrying unsuccessful deliveries. */
11
12
13#include "exim.h"
14
15
16
17/*************************************************
18* Check the ultimate address timeout *
19*************************************************/
20
21/* This function tests whether a message has been on the queue longer than
22the maximum retry time for a particular host.
23
24Arguments:
25 host_key the key to look up a host retry rule
26 domain the domain to look up a domain retry rule
27 basic_errno a specific error number, or zero if none
28 more_errno additional data for the error
29 now the time
30
31Returns: TRUE if the ultimate timeout has been reached
32*/
33
34static BOOL
35ultimate_address_timeout(uschar *host_key, uschar *domain, int basic_errno,
36 int more_errno, time_t now)
37{
38BOOL address_timeout = TRUE; /* no rule => timed out */
39
40retry_config *retry =
41 retry_find_config(host_key+2, domain, basic_errno, more_errno);
42
43if (retry != NULL && retry->rules != NULL)
44 {
45 retry_rule *last_rule;
46 for (last_rule = retry->rules;
47 last_rule->next != NULL;
48 last_rule = last_rule->next);
49 address_timeout = (now - received_time > last_rule->timeout);
50 }
51
52return address_timeout;
53}
54
55
56
57/*************************************************
58* Set status of a host+address item *
59*************************************************/
60
61/* This function is passed a host_item which contains a host name and an
62IP address string. Its job is to set the status of the address if it is not
63already set (indicated by hstatus_unknown). The possible values are:
64
65 hstatus_usable the address is not listed in the unusable tree, and does
66 not have a retry record, OR the time is past the next
67 try time, OR the message has been on the queue for more
68 than the maximum retry time for a failing host
69
70 hstatus_unusable the address is listed in the unusable tree, or does have
71 a retry record, and the time is not yet at the next retry
72 time.
73
74 hstatus_unusable_expired as above, but also the retry time has expired
75 for this address.
76
77The reason a delivery is permitted when a message has been around for a very
78long time is to allow the ultimate address timeout to operate after a delivery
79failure. Otherwise some messages may stick around without being tried for too
80long.
81
82If a host retry record is retrieved from the hints database, the time of last
83trying is filled into the last_try field of the host block. If a host is
84generally usable, a check is made to see if there is a retry delay on this
85specific message at this host.
86
87If a non-standard port is being used, it is added to the retry key.
88
89Arguments:
90 domain the address domain
91 host pointer to a host item
92 portstring "" for standard port, ":xxxx" for a non-standard port
93 include_ip_address TRUE to include the address in the key - this is
94 usual, but sometimes is not wanted
95 retry_host_key where to put a pointer to the key for the host-specific
96 retry record, if one is read and the host is usable
97 retry_message_key where to put a pointer to the key for the message+host
98 retry record, if one is read and the host is usable
99
100Returns: TRUE if the host has expired but is usable because
101 its retry time has come
102*/
103
104BOOL
105retry_check_address(uschar *domain, host_item *host, uschar *portstring,
106 BOOL include_ip_address, uschar **retry_host_key, uschar **retry_message_key)
107{
108BOOL yield = FALSE;
109time_t now = time(NULL);
110uschar *host_key, *message_key;
111open_db dbblock;
112open_db *dbm_file;
113tree_node *node;
114dbdata_retry *host_retry_record, *message_retry_record;
115
116*retry_host_key = *retry_message_key = NULL;
117
118DEBUG(D_transport|D_retry) debug_printf("checking status of %s\n", host->name);
119
120/* Do nothing if status already set; otherwise initialize status as usable. */
121
122if (host->status != hstatus_unknown) return FALSE;
123host->status = hstatus_usable;
124
125/* Generate the host key for the unusable tree and the retry database. Ensure
126host names are lower cased (that's what %S does). */
127
128host_key = include_ip_address?
129 string_sprintf("T:%S:%s%s", host->name, host->address, portstring) :
130 string_sprintf("T:%S%s", host->name, portstring);
131
132/* Generate the message-specific key */
133
134message_key = string_sprintf("%s:%s", host_key, message_id);
135
136/* Search the tree of unusable IP addresses. This is filled in when deliveries
137fail, because the retry database itself is not updated until the end of all
138deliveries (so as to do it all in one go). The tree records addresses that have
139become unusable during this delivery process (i.e. those that will get put into
140the retry database when it is updated). */
141
142node = tree_search(tree_unusable, host_key);
143if (node != NULL)
144 {
145 DEBUG(D_transport|D_retry) debug_printf("found in tree of unusables\n");
146 host->status = (node->data.val > 255)?
147 hstatus_unusable_expired : hstatus_unusable;
148 host->why = node->data.val & 255;
149 return FALSE;
150 }
151
152/* Open the retry database, giving up if there isn't one. Otherwise, search for
153the retry records, and then close the database again. */
154
155if ((dbm_file = dbfn_open(US"retry", O_RDONLY, &dbblock, FALSE)) == NULL)
156 {
157 DEBUG(D_deliver|D_retry|D_hints_lookup)
158 debug_printf("no retry data available\n");
159 return FALSE;
160 }
161host_retry_record = dbfn_read(dbm_file, host_key);
162message_retry_record = dbfn_read(dbm_file, message_key);
163dbfn_close(dbm_file);
164
165/* Ignore the data if it is too old - too long since it was written */
166
167if (host_retry_record == NULL)
168 {
169 DEBUG(D_transport|D_retry) debug_printf("no host retry record\n");
170 }
171else if (now - host_retry_record->time_stamp > retry_data_expire)
172 {
173 host_retry_record = NULL;
174 DEBUG(D_transport|D_retry) debug_printf("host retry record too old\n");
175 }
176
177if (message_retry_record == NULL)
178 {
179 DEBUG(D_transport|D_retry) debug_printf("no message retry record\n");
180 }
181else if (now - message_retry_record->time_stamp > retry_data_expire)
182 {
183 message_retry_record = NULL;
184 DEBUG(D_transport|D_retry) debug_printf("message retry record too old\n");
185 }
186
187/* If there's a host-specific retry record, check for reaching the retry
188time (or forcing). If not, and the host is not expired, check for the message
189having been around for longer than the maximum retry time for this host or
190address. Allow the delivery if it has. Otherwise set the appropriate unusable
191flag and return FALSE. Otherwise arrange to return TRUE if this is an expired
192host. */
193
194if (host_retry_record != NULL)
195 {
196 *retry_host_key = host_key;
197
198 /* We have not reached the next try time. Check for the ultimate address
199 timeout if the host has not expired. */
200
201 if (now < host_retry_record->next_try && !deliver_force)
202 {
203 DEBUG(D_transport|D_retry)
204 debug_printf("host retry time not reached: checking ultimate address "
205 "timeout\n");
206
207 if (!host_retry_record->expired &&
208 ultimate_address_timeout(host_key, domain,
209 host_retry_record->basic_errno, host_retry_record->more_errno, now))
210 {
211 DEBUG(D_transport|D_retry)
212 debug_printf("on queue longer than maximum retry for "
213 "address - allowing delivery\n");
214 return FALSE;
215 }
216
217 /* We have not hit the ultimate address timeout; host is unusable. */
218
219 host->status = (host_retry_record->expired)?
220 hstatus_unusable_expired : hstatus_unusable;
221 host->why = hwhy_retry;
222 host->last_try = host_retry_record->last_try;
223 return FALSE;
224 }
225
226 /* Host is usable; set return TRUE if expired. */
227
228 yield = host_retry_record->expired;
229 }
230
231/* It's OK to try the host. If there's a message-specific retry record, check
232for reaching its retry time (or forcing). If not, mark the host unusable,
233unless the ultimate address timeout has been reached. */
234
235if (message_retry_record != NULL)
236 {
237 *retry_message_key = message_key;
238 if (now < message_retry_record->next_try && !deliver_force)
239 {
240 DEBUG(D_transport|D_retry)
241 debug_printf("host+message retry time not reached: checking ultimate "
242 "address timeout\n");
243 if (!ultimate_address_timeout(host_key, domain, 0, 0, now))
244 {
245 host->status = hstatus_unusable;
246 host->why = hwhy_retry;
247 }
248 else
249 {
250 DEBUG(D_transport|D_retry)
251 debug_printf("on queue longer than maximum retry for "
252 "address - allowing delivery\n");
253 }
254 return FALSE;
255 }
256 }
257
258return yield;
259}
260
261
262
263
264/*************************************************
265* Add a retry item to an address *
266*************************************************/
267
268/* Retry items are chained onto an address when it is deferred either by router
269or by a transport, or if it succeeds or fails and there was a previous retry
270item that now needs to be deleted. Sometimes there can be both kinds of item:
271for example, if routing was deferred but then succeeded, and delivery then
272deferred. In that case there is a delete item for the routing retry, and an
273updating item for the delivery.
274
275(But note that that is only visible at the outer level, because in remote
276delivery subprocesses, the address starts "clean", with no retry items carried
277in.)
278
279These items are used at the end of a delivery attempt to update the retry
280database. The keys start R: for routing delays and T: for transport delays.
281
282Arguments:
283 addr the address block onto which to hang the item
284 key the retry key
285 flags delete, host, and message flags, copied into the block
286
287Returns: nothing
288*/
289
290void
291retry_add_item(address_item *addr, uschar *key, int flags)
292{
293retry_item *rti = store_get(sizeof(retry_item));
294rti->next = addr->retries;
295addr->retries = rti;
296rti->key = key;
297rti->basic_errno = addr->basic_errno;
298rti->more_errno = addr->more_errno;
299rti->message = addr->message;
300rti->flags = flags;
301
302DEBUG(D_transport|D_retry)
303 {
304 int letter = rti->more_errno & 255;
305 debug_printf("added retry item for %s: errno=%d more_errno=", rti->key,
306 rti->basic_errno);
307 if (letter == 'A' || letter == 'M')
308 debug_printf("%d,%c", (rti->more_errno >> 8) & 255, letter);
309 else
310 debug_printf("%d", rti->more_errno);
311 debug_printf(" flags=%d\n", flags);
312 }
313}
314
315
316
317/*************************************************
318* Find retry configuration data *
319*************************************************/
320
321/* Search the in-store retry information for the first retry item that applies
322to a given destination. If the key contains an @ we are probably handling a
323local delivery and have a complete address to search for; this happens when
324retry_use_local_part is set on a router. Otherwise, the key is likely to be a
325host name for a remote delivery, or a domain name for a local delivery. We
326prepend *@ on the front of it so that it will match a retry item whose address
327item pattern is independent of the local part. The alternate key, if set, is
328always just a domain, so we treat it likewise.
329
330Arguments:
331 key key for which retry info is wanted
332 alternate alternative key, always just a domain
333 basic_errno specific error predicate on the retry rule, or zero
334 more_errno additional data for errno predicate
335
336Returns: pointer to retry rule, or NULL
337*/
338
339retry_config *
340retry_find_config(uschar *key, uschar *alternate, int basic_errno,
341 int more_errno)
342{
343int replace;
344uschar *use_key, *use_alternate;
345uschar *colon = Ustrchr(key, ':');
346retry_config *yield;
347
348/* If there's a colon in the key, temporarily replace it with
349a zero to terminate the string there. */
350
351if (colon != NULL)
352 {
353 replace = ':';
354 }
355else
356 {
357 colon = key + Ustrlen(key);
358 replace = 0;
359 }
360*colon = 0;
361
362/* Sort out the keys */
363
364use_key = (Ustrchr(key, '@') != NULL)? key : string_sprintf("*@%s", key);
365use_alternate = (alternate == NULL)? NULL : string_sprintf("*@%s", alternate);
366
367/* Scan the configured retry items. */
368
369for (yield = retries; yield != NULL; yield = yield->next)
370 {
371 uschar *plist = yield->pattern;
372 uschar *slist = yield->senders;
373
374 /* If a specific error is set for this item, check that we are handling that
375 specific error, and if so, check any additional error information if
376 required. */
377
378 if (yield->basic_errno != 0)
379 {
380 /* Special code is required for quota errors, as these can either be system
381 quota errors, or Exim's own quota imposition, which has a different error
382 number. Full partitions are also treated in the same way as quota errors.
383 */
384
385 if (yield->basic_errno == ERRNO_EXIMQUOTA)
386 {
387 if ((basic_errno != ERRNO_EXIMQUOTA && basic_errno != errno_quota &&
388 basic_errno != ENOSPC) ||
389 (yield->more_errno != 0 && yield->more_errno > more_errno))
390 continue;
391 }
392
393 /* Handle 4xx responses to RCPT. The code that was received is in the 2nd
394 least significant byte of more_errno (with 400 subtracted). The required
395 value is coded in the 2nd least significant byte of the yield->more_errno
396 field as follows:
397
398 255 => any 4xx code
399 >= 100 => the decade must match the value less 100
400 < 100 => the exact value must match
401 */
402
403 else if (yield->basic_errno == ERRNO_RCPT4XX)
404 {
405 int wanted;
406 if (basic_errno != ERRNO_RCPT4XX) continue;
407 wanted = (yield->more_errno >> 8) & 255;
408 if (wanted != 255)
409 {
410 int evalue = (more_errno >> 8) & 255;
411 if (wanted >= 100)
412 {
413 if ((evalue/10)*10 != wanted - 100) continue;
414 }
415 else if (evalue != wanted) continue;
416 }
417 }
418
419 /* There are some special cases for timeouts */
420
421 else if (yield->basic_errno == ETIMEDOUT)
422 {
423 if (basic_errno != ETIMEDOUT) continue;
424
425 /* Just RTEF_CTOUT in the rule => don't care about 'A'/'M' addresses */
426 if (yield->more_errno == RTEF_CTOUT)
427 {
428 if ((more_errno & RTEF_CTOUT) == 0) continue;
429 }
430
431 else if (yield->more_errno != 0)
432 {
433 int cf_errno = more_errno;
434 if ((yield->more_errno & RTEF_CTOUT) == 0) cf_errno &= ~RTEF_CTOUT;
435 if (yield->more_errno != cf_errno) continue;
436 }
437 }
438
439 /* Default checks for exact match */
440
441 else
442 {
443 if (yield->basic_errno != basic_errno ||
444 (yield->more_errno != 0 && yield->more_errno != more_errno))
445 continue;
446 }
447 }
448
449 /* If the "senders" condition is set, check it. Note that sender_address may
450 be null during -brt checking, in which case we do not use this rule. */
451
452 if (slist != NULL && (sender_address == NULL ||
453 match_address_list(sender_address, TRUE, TRUE, &slist, NULL, -1, 0,
454 NULL) != OK))
455 continue;
456
457 /* Check for a match between the address list item at the start of this retry
458 rule and either the main or alternate keys. */
459
460 if (match_address_list(use_key, TRUE, TRUE, &plist, NULL, -1, UCHAR_MAX+1,
461 NULL) == OK ||
462 (use_alternate != NULL &&
463 match_address_list(use_alternate, TRUE, TRUE, &plist, NULL, -1,
464 UCHAR_MAX+1, NULL) == OK))
465 break;
466 }
467
468*colon = replace;
469return yield;
470}
471
472
473
474
475/*************************************************
476* Update retry database *
477*************************************************/
478
479/* Update the retry data for any directing/routing/transporting that was
480deferred, or delete it for those that succeeded after a previous defer. This is
481done all in one go to minimize opening/closing/locking of the database file.
482
483Note that, because SMTP delivery involves a list of destinations to try, there
484may be defer-type retry information for some of them even when the message was
485successfully delivered. Likewise if it eventually failed.
486
487This function may move addresses from the defer to the failed queue if the
488ultimate retry time has expired.
489
490Arguments:
491 addr_defer queue of deferred addresses
492 addr_failed queue of failed addresses
493 addr_succeed queue of successful addresses
494
495Returns: nothing
496*/
497
498void
499retry_update(address_item **addr_defer, address_item **addr_failed,
500 address_item **addr_succeed)
501{
502open_db dbblock;
503open_db *dbm_file = NULL;
504time_t now = time(NULL);
505int i;
506
507DEBUG(D_retry) debug_printf("Processing retry items\n");
508
509/* Three-times loop to handle succeeded, failed, and deferred addresses.
510Deferred addresses must be handled after failed ones, because some may be moved
511to the failed chain if they have timed out. */
512
513for (i = 0; i < 3; i++)
514 {
515 address_item *endaddr, *addr;
516 address_item *last_first = NULL;
517 address_item **paddr = (i==0)? addr_succeed :
518 (i==1)? addr_failed : addr_defer;
519 address_item **saved_paddr = NULL;
520
521 DEBUG(D_retry) debug_printf("%s addresses:\n", (i == 0)? "Succeeded" :
522 (i == 1)? "Failed" : "Deferred");
523
524 /* Loop for each address on the chain. For deferred addresses, the whole
525 address times out unless one of its retry addresses has a retry rule that
526 hasn't yet timed out. Deferred addresses should not be requesting deletion
527 of retry items, but just in case they do by accident, treat that case
528 as "not timed out".
529
530 As well as handling the addresses themselves, we must also process any
531 retry items for any parent addresses - these are typically "delete" items,
532 because the parent must have succeeded in order to generate the child. */
533
534 while ((endaddr = *paddr) != NULL)
535 {
536 BOOL timed_out = FALSE;
537 retry_item *rti;
538
539 for (addr = endaddr; addr != NULL; addr = addr->parent)
540 {
541 int update_count = 0;
542 int timedout_count = 0;
543
544 DEBUG(D_retry) debug_printf("%s%s\n", addr->address, (addr->retries == NULL)?
545 ": no retry items" : "");
546
547 /* Loop for each retry item. */
548
549 for (rti = addr->retries; rti != NULL; rti = rti->next)
550 {
551 uschar *message;
552 int message_length, message_space, failing_interval, next_try;
553 retry_rule *rule, *final_rule;
554 retry_config *retry;
555 dbdata_retry *retry_record;
556
557 /* Open the retry database if it is not already open; failure to open
558 the file is logged, but otherwise ignored - deferred addresses will
559 get retried at the next opportunity. Not opening earlier than this saves
560 opening if no addresses have retry items - common when none have yet
561 reached their retry next try time. */
562
563 if (dbm_file == NULL)
564 dbm_file = dbfn_open(US"retry", O_RDWR, &dbblock, TRUE);
565
566 if (dbm_file == NULL)
567 {
568 DEBUG(D_deliver|D_retry|D_hints_lookup)
569 debug_printf("retry database not available for updating\n");
570 return;
571 }
572
573 /* If there are no deferred addresses, that is, if this message is
574 completing, and the retry item is for a message-specific SMTP error,
575 force it to be deleted, because there's no point in keeping data for
576 no-longer-existing messages. This situation can occur when a domain has
577 two hosts and a message-specific error occurs for the first of them,
578 but the address gets delivered to the second one. This optimization
579 doesn't succeed in cleaning out all the dead entries, but it helps. */
580
581 if (*addr_defer == NULL && (rti->flags & rf_message) != 0)
582 rti->flags |= rf_delete;
583
584 /* Handle the case of a request to delete the retry info for this
585 destination. */
586
587 if ((rti->flags & rf_delete) != 0)
588 {
589 (void)dbfn_delete(dbm_file, rti->key);
590 DEBUG(D_retry)
591 debug_printf("deleted retry information for %s\n", rti->key);
592 continue;
593 }
594
595 /* Count the number of non-delete retry items. This is so that we
596 can compare it to the count of timed_out ones, to check whether
597 all are timed out. */
598
599 update_count++;
600
601 /* Get the retry information for this destination and error code, if
602 any. If this item is for a remote host with ip address, then pass
603 the domain name as an alternative to search for. If no retry
604 information is found, we can't generate a retry time, so there is
605 no point updating the database. This retry item is timed out. */
606
607 if ((retry = retry_find_config(rti->key + 2,
608 ((rti->flags & rf_host) != 0)? addr->domain : NULL,
609 rti->basic_errno, rti->more_errno)) == NULL)
610 {
611 DEBUG(D_retry) debug_printf("No configured retry item for %s%s%s\n",
612 rti->key,
613 ((rti->flags & rf_host) != 0)? US" or " : US"",
614 ((rti->flags & rf_host) != 0)? addr->domain : US"");
615 if (addr == endaddr) timedout_count++;
616 continue;
617 }
618
619 DEBUG(D_retry)
620 {
621 if ((rti->flags & rf_host) != 0)
622 debug_printf("retry for %s (%s) = %s\n", rti->key,
623 addr->domain, retry->pattern);
624 else
625 debug_printf("retry for %s = %s\n", rti->key, retry->pattern);
626 }
627
628 /* Set up the message for the database retry record. Because DBM
629 records have a maximum data length, we enforce a limit. There isn't
630 much point in keeping a huge message here, anyway. */
631
632 message = (rti->basic_errno > 0)? US strerror(rti->basic_errno) :
633 (rti->message == NULL)?
634 US"unknown error" : string_printing(rti->message);
635 message_length = Ustrlen(message);
636 if (message_length > 150) message_length = 150;
637
638 /* Read a retry record from the database or construct a new one.
639 Ignore an old one if it is too old since it was last updated. */
640
641 retry_record = dbfn_read(dbm_file, rti->key);
642 if (retry_record != NULL &&
643 now - retry_record->time_stamp > retry_data_expire)
644 retry_record = NULL;
645
646 if (retry_record == NULL)
647 {
648 retry_record = store_get(sizeof(dbdata_retry) + message_length);
649 message_space = message_length;
650 retry_record->first_failed = now;
651 retry_record->last_try = now;
652 retry_record->next_try = now;
653 retry_record->expired = FALSE;
654 retry_record->text[0] = 0; /* just in case */
655 }
656 else message_space = Ustrlen(retry_record->text);
657
658 /* Compute how long this destination has been failing */
659
660 failing_interval = now - retry_record->first_failed;
661
662 /* Search for the current retry rule. The cutoff time of the
663 last rule is handled differently to the others. The rule continues
664 to operate for ever (the global maximum interval will eventually
665 limit the gaps) but its cutoff time determines when an individual
666 destination times out. If there are no retry rules, the destination
667 always times out, but we can't compute a retry time. */
668
669 final_rule = NULL;
670 for (rule = retry->rules; rule != NULL; rule = rule->next)
671 {
672 if (failing_interval <= rule->timeout) break;
673 final_rule = rule;
674 }
675
676 /* If there's an un-timed out rule, the destination has not
677 yet timed out, so the address as a whole has not timed out (but we are
678 interested in this only for the end address). Make sure the expired
679 flag is false (can be forced via fixdb from outside, but ensure it is
680 consistent with the rules whenever we go through here). */
681
682 if (rule != NULL)
683 {
684 retry_record->expired = FALSE;
685 }
686
687 /* Otherwise, set the retry timeout expired, and set the final rule
688 as the one from which to compute the next retry time. Subsequent
689 messages will fail immediately until the retry time is reached (unless
690 there are other, still active, retries). */
691
692 else
693 {
694 rule = final_rule;
695 retry_record->expired = TRUE;
696 if (addr == endaddr) timedout_count++;
697 }
698
699 /* There is a special case to consider when some messages get through
700 to a destination and others don't. This can happen locally when a
701 large message pushes a user over quota, and it can happen remotely
702 when a machine is on a dodgy Internet connection. The messages that
703 get through wipe the retry information, causing those that don't to
704 stay on the queue longer than the final retry time. In order to
705 avoid this, we check, using the time of arrival of the message, to
706 see if it has been on the queue for more than the final cutoff time,
707 and if so, cause this retry item to time out, and the retry time to
708 be set to "now" so that any subsequent messages in the same condition
709 also get tried. We search for the last rule onwards from the one that
710 is in use. If there are no retry rules for the item, rule will be null
711 and timedout_count will already have been updated.
712
713 This implements "timeout this rule if EITHER the host (or routing or
714 directing) has been failing for more than the maximum time, OR if the
715 message has been on the queue for more than the maximum time." */
716
717 if (received_time <= retry_record->first_failed &&
718 addr == endaddr && !retry_record->expired && rule != NULL)
719 {
720 retry_rule *last_rule;
721 for (last_rule = rule;
722 last_rule->next != NULL;
723 last_rule = last_rule->next);
724 if (now - received_time > last_rule->timeout)
725 {
726 DEBUG(D_retry) debug_printf("on queue longer than maximum retry\n");
727 timedout_count++;
728 rule = NULL;
729 }
730 }
731
732 /* Compute the next try time from the rule, subject to the global
733 maximum, and update the retry database. If rule == NULL it means
734 there were no rules at all (and the timeout will be set expired),
735 or we have a message that is older than the final timeout. In this
736 case set the next retry time to now, so that one delivery attempt
737 happens for subsequent messages. */
738
739 if (rule == NULL) next_try = now; else
740 {
741 if (rule->rule == 'F') next_try = now + rule->p1;
6af56900 742 else /* rule = 'G' or 'H' */
059ec3d9
PH
743 {
744 int last_predicted_gap =
745 retry_record->next_try - retry_record->last_try;
746 int last_actual_gap = now - retry_record->last_try;
747 int lastgap = (last_predicted_gap < last_actual_gap)?
748 last_predicted_gap : last_actual_gap;
6af56900
PH
749 int next_gap = (lastgap * rule->p2)/1000;
750 if (rule->rule == 'G')
751 {
752 next_try = now + ((lastgap < rule->p1)? rule->p1 : next_gap);
753 }
754 else /* The 'H' rule */
755 {
756 next_try = now + rule->p1;
757 if (next_gap > rule->p1)
758 next_try += random_number(next_gap - rule->p1);
759 }
059ec3d9
PH
760 }
761 }
762
763 /* Impose a global retry max */
764
765 if (next_try - now > retry_interval_max)
766 next_try = now + retry_interval_max;
767
768 /* If the new message length is greater than the previous one, we
769 have to copy the record first. */
770
771 if (message_length > message_space)
772 {
773 dbdata_retry *newr = store_get(sizeof(dbdata_retry) + message_length);
774 memcpy(newr, retry_record, sizeof(dbdata_retry));
775 retry_record = newr;
776 }
777
778 /* Set up the retry record; message_length may be less than the string
779 length for very long error strings. */
780
781 retry_record->last_try = now;
782 retry_record->next_try = next_try;
783 retry_record->basic_errno = rti->basic_errno;
784 retry_record->more_errno = rti->more_errno;
785 Ustrncpy(retry_record->text, message, message_length);
786 retry_record->text[message_length] = 0;
787
788 DEBUG(D_retry)
789 {
790 int letter = retry_record->more_errno & 255;
791 debug_printf("Writing retry data for %s\n", rti->key);
792 debug_printf(" first failed=%d last try=%d next try=%d expired=%d\n",
793 (int)retry_record->first_failed, (int)retry_record->last_try,
794 (int)retry_record->next_try, retry_record->expired);
795 debug_printf(" errno=%d more_errno=", retry_record->basic_errno);
796 if (letter == 'A' || letter == 'M')
797 debug_printf("%d,%c", (retry_record->more_errno >> 8) & 255,
798 letter);
799 else
800 debug_printf("%d", retry_record->more_errno);
801 debug_printf(" %s\n", retry_record->text);
802 }
803
804 (void)dbfn_write(dbm_file, rti->key, retry_record,
805 sizeof(dbdata_retry) + message_length);
806 } /* Loop for each retry item */
807
808 /* If all the non-delete retry items are timed out, the address is
809 timed out, provided that we didn't skip any hosts because their retry
810 time was not reached (or because of hosts_max_try). */
811
812 if (update_count > 0 && update_count == timedout_count)
813 {
814 if (!testflag(endaddr, af_retry_skipped))
815 {
816 DEBUG(D_retry) debug_printf("timed out: all retries expired\n");
817 timed_out = TRUE;
818 }
819 else
820 {
821 DEBUG(D_retry)
822 debug_printf("timed out but some hosts were skipped\n");
823 }
824 }
825 } /* Loop for an address and its parents */
826
827 /* If this is a deferred address, and retry processing was requested by
828 means of one or more retry items, and they all timed out, move the address
829 to the failed queue, and restart this loop without updating paddr.
830
831 If there were several addresses batched in the same remote delivery, only
832 the original top one will have host retry items attached to it, but we want
833 to handle all the same. Each will have a pointer back to its "top" address,
834 and they will now precede the item with the retries because addresses are
835 inverted when added to these final queues. We have saved information about
836 them in passing (below) so they can all be cut out at once. */
837
838 if (i == 2) /* Handling defers */
839 {
840 if (endaddr->retries != NULL && timed_out)
841 {
842 if (last_first == endaddr) paddr = saved_paddr;
843 addr = *paddr;
844 *paddr = endaddr->next;
845
846 endaddr->next = *addr_failed;
847 *addr_failed = addr;
848
849 for (;; addr = addr->next)
850 {
851 setflag(addr, af_retry_timedout);
852 addr->message = (addr->message == NULL)? US"retry timeout exceeded" :
853 string_sprintf("%s: retry timeout exceeded", addr->message);
fffffe4c
PH
854 addr->user_message = (addr->user_message == NULL)?
855 US"retry timeout exceeded" :
856 string_sprintf("%s: retry timeout exceeded", addr->user_message);
059ec3d9
PH
857 log_write(0, LOG_MAIN, "** %s%s%s%s: retry timeout exceeded",
858 addr->address,
859 (addr->parent == NULL)? US"" : US" <",
860 (addr->parent == NULL)? US"" : addr->parent->address,
861 (addr->parent == NULL)? US"" : US">");
862
863 if (addr == endaddr) break;
864 }
865
866 continue; /* Restart from changed *paddr */
867 }
868
869 /* This address is to remain on the defer chain. If it has a "first"
870 pointer, save the pointer to it in case we want to fail the set of
871 addresses when we get to the first one. */
872
873 if (endaddr->first != last_first)
874 {
875 last_first = endaddr->first;
876 saved_paddr = paddr;
877 }
878 }
879
880 /* All cases (succeed, fail, defer left on queue) */
881
882 paddr = &(endaddr->next); /* Advance to next address */
883 } /* Loop for all addresses */
884 } /* Loop for succeed, fail, defer */
885
886/* Close and unlock the database */
887
888if (dbm_file != NULL) dbfn_close(dbm_file);
889
890DEBUG(D_retry) debug_printf("end of retry processing\n");
891}
892
893/* End of retry.c */