debug tidying
[exim.git] / src / src / smtp_in.c
CommitLineData
059ec3d9
PH
1/*************************************************
2* Exim - an Internet mail transport agent *
3*************************************************/
4
f9ba5e22 5/* Copyright (c) University of Cambridge 1995 - 2018 */
059ec3d9
PH
6/* See the file NOTICE for conditions of use and distribution. */
7
8/* Functions for handling an incoming SMTP call. */
9
10
11#include "exim.h"
2ef7ed08 12#include <assert.h>
059ec3d9
PH
13
14
15/* Initialize for TCP wrappers if so configured. It appears that the macro
16HAVE_IPV6 is used in some versions of the tcpd.h header, so we unset it before
17including that header, and restore its value afterwards. */
18
19#ifdef USE_TCP_WRAPPERS
20
21 #if HAVE_IPV6
22 #define EXIM_HAVE_IPV6
23 #endif
24 #undef HAVE_IPV6
25 #include <tcpd.h>
26 #undef HAVE_IPV6
27 #ifdef EXIM_HAVE_IPV6
28 #define HAVE_IPV6 TRUE
29 #endif
30
31int allow_severity = LOG_INFO;
32int deny_severity = LOG_NOTICE;
5dc43717 33uschar *tcp_wrappers_name;
059ec3d9
PH
34#endif
35
36
8d67ada3
PH
37/* Size of buffer for reading SMTP commands. We used to use 512, as defined
38by RFC 821. However, RFC 1869 specifies that this must be increased for SMTP
39commands that accept arguments, and this in particular applies to AUTH, where
94431adb 40the data can be quite long. More recently this value was 2048 in Exim;
e2ca7082 41however, RFC 4954 (circa 2007) recommends 12288 bytes to handle AUTH. Clients
94431adb
HSHR
42such as Thunderbird will send an AUTH with an initial-response for GSSAPI.
43The maximum size of a Kerberos ticket under Windows 2003 is 12000 bytes, and
e2ca7082
PP
44we need room to handle large base64-encoded AUTHs for GSSAPI.
45*/
46
bd8fbe36 47#define SMTP_CMD_BUFFER_SIZE 16384
059ec3d9
PH
48
49/* Size of buffer for reading SMTP incoming packets */
50
bd8fbe36 51#define IN_BUFFER_SIZE 8192
059ec3d9
PH
52
53/* Structure for SMTP command list */
54
55typedef struct {
1ba28e2b 56 const char *name;
059ec3d9
PH
57 int len;
58 short int cmd;
59 short int has_arg;
60 short int is_mail_cmd;
61} smtp_cmd_list;
62
63/* Codes for identifying commands. We order them so that those that come first
64are those for which synchronization is always required. Checking this can help
65block some spam. */
66
67enum {
68 /* These commands are required to be synchronized, i.e. to be the last in a
69 block of commands when pipelining. */
70
71 HELO_CMD, EHLO_CMD, DATA_CMD, /* These are listed in the pipelining */
72 VRFY_CMD, EXPN_CMD, NOOP_CMD, /* RFC as requiring synchronization */
73 ETRN_CMD, /* This by analogy with TURN from the RFC */
74 STARTTLS_CMD, /* Required by the STARTTLS RFC */
b3ef41c9 75 TLS_AUTH_CMD, /* auto-command at start of SSL */
059ec3d9
PH
76
77 /* This is a dummy to identify the non-sync commands when pipelining */
78
79 NON_SYNC_CMD_PIPELINING,
80
81 /* These commands need not be synchronized when pipelining */
82
83 MAIL_CMD, RCPT_CMD, RSET_CMD,
84
f4630439
JH
85 /* This is a dummy to identify the non-sync commands when not pipelining */
86
87 NON_SYNC_CMD_NON_PIPELINING,
88
6d5c916c
JH
89 /* RFC3030 section 2: "After all MAIL and RCPT responses are collected and
90 processed the message is sent using a series of BDAT commands"
91 implies that BDAT should be synchronized. However, we see Google, at least,
92 sending MAIL,RCPT,BDAT-LAST in a single packet, clearly not waiting for
f4630439
JH
93 processing of the RCPT response(s). We shall do the same, and not require
94 synch for BDAT. Worse, as the chunk may (very likely will) follow the
95 command-header in the same packet we cannot do the usual "is there any
4c04137d 96 follow-on data after the command line" even for non-pipeline mode.
f4630439 97 So we'll need an explicit check after reading the expected chunk amount
4c04137d 98 when non-pipe, before sending the ACK. */
6d5c916c
JH
99
100 BDAT_CMD,
101
059ec3d9
PH
102 /* I have been unable to find a statement about the use of pipelining
103 with AUTH, so to be on the safe side it is here, though I kind of feel
104 it should be up there with the synchronized commands. */
105
106 AUTH_CMD,
107
108 /* I'm not sure about these, but I don't think they matter. */
109
110 QUIT_CMD, HELP_CMD,
111
cee5f132 112#ifdef SUPPORT_PROXY
a3c86431
TL
113 PROXY_FAIL_IGNORE_CMD,
114#endif
115
059ec3d9
PH
116 /* These are specials that don't correspond to actual commands */
117
118 EOF_CMD, OTHER_CMD, BADARG_CMD, BADCHAR_CMD, BADSYN_CMD,
119 TOO_MANY_NONMAIL_CMD };
120
121
b4ed4da0
PH
122/* This is a convenience macro for adding the identity of an SMTP command
123to the circular buffer that holds a list of the last n received. */
124
125#define HAD(n) \
126 smtp_connection_had[smtp_ch_index++] = n; \
127 if (smtp_ch_index >= SMTP_HBUFF_SIZE) smtp_ch_index = 0
128
059ec3d9
PH
129
130/*************************************************
131* Local static variables *
132*************************************************/
133
88752192
JH
134static struct {
135 BOOL auth_advertised :1;
01603eec 136#ifndef DISABLE_TLS
88752192 137 BOOL tls_advertised :1;
059ec3d9 138#endif
88752192
JH
139 BOOL dsn_advertised :1;
140 BOOL esmtp :1;
141 BOOL helo_required :1;
142 BOOL helo_verify :1;
143 BOOL helo_seen :1;
144 BOOL helo_accept_junk :1;
81344b40 145#ifndef DISABLE_PIPE_CONNECT
ee8b8090
JH
146 BOOL pipe_connect_acceptable :1;
147#endif
88752192
JH
148 BOOL rcpt_smtp_response_same :1;
149 BOOL rcpt_in_progress :1;
150 BOOL smtp_exit_function_called :1;
8c5d388a 151#ifdef SUPPORT_I18N
88752192 152 BOOL smtputf8_advertised :1;
d1a13eea 153#endif
88752192
JH
154} fl = {
155 .helo_required = FALSE,
156 .helo_verify = FALSE,
157 .smtp_exit_function_called = FALSE,
158};
159
160static auth_instance *authenticated_by;
161static int count_nonmail;
162static int nonmail_command_count;
059ec3d9
PH
163static int synprot_error_count;
164static int unknown_command_count;
165static int sync_cmd_limit;
166static int smtp_write_error = 0;
167
2679d413 168static uschar *rcpt_smtp_response;
ca86f471
PH
169static uschar *smtp_data_buffer;
170static uschar *smtp_cmd_data;
171
059ec3d9
PH
172/* We need to know the position of RSET, HELO, EHLO, AUTH, and STARTTLS. Their
173final fields of all except AUTH are forced TRUE at the start of a new message
174setup, to allow one of each between messages that is not counted as a nonmail
175command. (In fact, only one of HELO/EHLO is not counted.) Also, we have to
176allow a new EHLO after starting up TLS.
177
178AUTH is "falsely" labelled as a mail command initially, so that it doesn't get
179counted. However, the flag is changed when AUTH is received, so that multiple
180failing AUTHs will eventually hit the limit. After a successful AUTH, another
181AUTH is already forbidden. After a TLS session is started, AUTH's flag is again
182forced TRUE, to allow for the re-authentication that can happen at that point.
183
184QUIT is also "falsely" labelled as a mail command so that it doesn't up the
2f460950
JH
185count of non-mail commands and possibly provoke an error.
186
187tls_auth is a pseudo-command, never expected in input. It is activated
188on TLS startup and looks for a tls authenticator. */
059ec3d9
PH
189
190static smtp_cmd_list cmd_list[] = {
d1a13eea
JH
191 /* name len cmd has_arg is_mail_cmd */
192
059ec3d9
PH
193 { "rset", sizeof("rset")-1, RSET_CMD, FALSE, FALSE }, /* First */
194 { "helo", sizeof("helo")-1, HELO_CMD, TRUE, FALSE },
195 { "ehlo", sizeof("ehlo")-1, EHLO_CMD, TRUE, FALSE },
196 { "auth", sizeof("auth")-1, AUTH_CMD, TRUE, TRUE },
01603eec 197#ifndef DISABLE_TLS
059ec3d9 198 { "starttls", sizeof("starttls")-1, STARTTLS_CMD, FALSE, FALSE },
69d8eed7 199 { "tls_auth", 0, TLS_AUTH_CMD, FALSE, FALSE },
e0574cb5 200#endif
059ec3d9
PH
201
202/* If you change anything above here, also fix the definitions below. */
203
204 { "mail from:", sizeof("mail from:")-1, MAIL_CMD, TRUE, TRUE },
205 { "rcpt to:", sizeof("rcpt to:")-1, RCPT_CMD, TRUE, TRUE },
206 { "data", sizeof("data")-1, DATA_CMD, FALSE, TRUE },
18481de3 207 { "bdat", sizeof("bdat")-1, BDAT_CMD, TRUE, TRUE },
059ec3d9
PH
208 { "quit", sizeof("quit")-1, QUIT_CMD, FALSE, TRUE },
209 { "noop", sizeof("noop")-1, NOOP_CMD, TRUE, FALSE },
210 { "etrn", sizeof("etrn")-1, ETRN_CMD, TRUE, FALSE },
211 { "vrfy", sizeof("vrfy")-1, VRFY_CMD, TRUE, FALSE },
212 { "expn", sizeof("expn")-1, EXPN_CMD, TRUE, FALSE },
213 { "help", sizeof("help")-1, HELP_CMD, TRUE, FALSE }
214};
215
216static smtp_cmd_list *cmd_list_end =
217 cmd_list + sizeof(cmd_list)/sizeof(smtp_cmd_list);
218
219#define CMD_LIST_RSET 0
220#define CMD_LIST_HELO 1
221#define CMD_LIST_EHLO 2
222#define CMD_LIST_AUTH 3
223#define CMD_LIST_STARTTLS 4
b3ef41c9 224#define CMD_LIST_TLS_AUTH 5
059ec3d9 225
b4ed4da0
PH
226/* This list of names is used for performing the smtp_no_mail logging action.
227It must be kept in step with the SCH_xxx enumerations. */
228
229static uschar *smtp_names[] =
230 {
18481de3
JH
231 US"NONE", US"AUTH", US"DATA", US"BDAT", US"EHLO", US"ETRN", US"EXPN",
232 US"HELO", US"HELP", US"MAIL", US"NOOP", US"QUIT", US"RCPT", US"RSET",
233 US"STARTTLS", US"VRFY" };
b4ed4da0 234
e524074d 235static uschar *protocols_local[] = {
981756db
PH
236 US"local-smtp", /* HELO */
237 US"local-smtps", /* The rare case EHLO->STARTTLS->HELO */
238 US"local-esmtp", /* EHLO */
239 US"local-esmtps", /* EHLO->STARTTLS->EHLO */
240 US"local-esmtpa", /* EHLO->AUTH */
241 US"local-esmtpsa" /* EHLO->STARTTLS->EHLO->AUTH */
059ec3d9 242 };
e524074d
JH
243static uschar *protocols[] = {
244 US"smtp", /* HELO */
245 US"smtps", /* The rare case EHLO->STARTTLS->HELO */
246 US"esmtp", /* EHLO */
247 US"esmtps", /* EHLO->STARTTLS->EHLO */
248 US"esmtpa", /* EHLO->AUTH */
249 US"esmtpsa" /* EHLO->STARTTLS->EHLO->AUTH */
250 };
059ec3d9
PH
251
252#define pnormal 0
981756db
PH
253#define pextend 2
254#define pcrpted 1 /* added to pextend or pnormal */
255#define pauthed 2 /* added to pextend */
059ec3d9 256
d27f98fe
TL
257/* Sanity check and validate optional args to MAIL FROM: envelope */
258enum {
2ef7ed08 259 ENV_MAIL_OPT_NULL,
d27f98fe 260 ENV_MAIL_OPT_SIZE, ENV_MAIL_OPT_BODY, ENV_MAIL_OPT_AUTH,
8ccd00b1 261#ifndef DISABLE_PRDR
fd98a5c6
JH
262 ENV_MAIL_OPT_PRDR,
263#endif
6c1c3d1d 264 ENV_MAIL_OPT_RET, ENV_MAIL_OPT_ENVID,
8c5d388a 265#ifdef SUPPORT_I18N
d1a13eea
JH
266 ENV_MAIL_OPT_UTF8,
267#endif
d27f98fe
TL
268 };
269typedef struct {
270 uschar * name; /* option requested during MAIL cmd */
271 int value; /* enum type */
272 BOOL need_value; /* TRUE requires value (name=value pair format)
273 FALSE is a singleton */
274 } env_mail_type_t;
275static env_mail_type_t env_mail_type_list[] = {
276 { US"SIZE", ENV_MAIL_OPT_SIZE, TRUE },
277 { US"BODY", ENV_MAIL_OPT_BODY, TRUE },
278 { US"AUTH", ENV_MAIL_OPT_AUTH, TRUE },
8ccd00b1 279#ifndef DISABLE_PRDR
fd98a5c6
JH
280 { US"PRDR", ENV_MAIL_OPT_PRDR, FALSE },
281#endif
6c1c3d1d
WB
282 { US"RET", ENV_MAIL_OPT_RET, TRUE },
283 { US"ENVID", ENV_MAIL_OPT_ENVID, TRUE },
8c5d388a 284#ifdef SUPPORT_I18N
d1a13eea
JH
285 { US"SMTPUTF8",ENV_MAIL_OPT_UTF8, FALSE }, /* rfc6531 */
286#endif
2ef7ed08
HSHR
287 /* keep this the last entry */
288 { US"NULL", ENV_MAIL_OPT_NULL, FALSE },
d27f98fe
TL
289 };
290
059ec3d9
PH
291/* When reading SMTP from a remote host, we have to use our own versions of the
292C input-reading functions, in order to be able to flush the SMTP output only
293when about to read more data from the socket. This is the only way to get
294optimal performance when the client is using pipelining. Flushing for every
295command causes a separate packet and reply packet each time; saving all the
296responses up (when pipelining) combines them into one packet and one response.
297
298For simplicity, these functions are used for *all* SMTP input, not only when
299receiving over a socket. However, after setting up a secure socket (SSL), input
300is read via the OpenSSL library, and another set of functions is used instead
301(see tls.c).
302
303These functions are set in the receive_getc etc. variables and called with the
304same interface as the C functions. However, since there can only ever be
305one incoming SMTP call, we just use a single buffer and flags. There is no need
306to implement a complicated private FILE-like structure.*/
307
308static uschar *smtp_inbuffer;
309static uschar *smtp_inptr;
310static uschar *smtp_inend;
311static int smtp_had_eof;
312static int smtp_had_error;
313
314
7e3ce68e 315/* forward declarations */
bd8fbe36 316static int smtp_read_command(BOOL check_sync, unsigned buffer_lim);
7e3ce68e
JH
317static int synprot_error(int type, int code, uschar *data, uschar *errmess);
318static void smtp_quit_handler(uschar **, uschar **);
319static void smtp_rset_handler(void);
320
059ec3d9 321/*************************************************
f4630439
JH
322* Recheck synchronization *
323*************************************************/
324
325/* Synchronization checks can never be perfect because a packet may be on its
925ac8e4
JH
326way but not arrived when the check is done. Normally, the checks happen when
327commands are read: Exim ensures that there is no more input in the input buffer.
328In normal cases, the response to the command will be fast, and there is no
329further check.
f4630439
JH
330
331However, for some commands an ACL is run, and that can include delays. In those
332cases, it is useful to do another check on the input just before sending the
333response. This also applies at the start of a connection. This function does
334that check by means of the select() function, as long as the facility is not
335disabled or inappropriate. A failure of select() is ignored.
336
337When there is unwanted input, we read it so that it appears in the log of the
338error.
339
340Arguments: none
341Returns: TRUE if all is well; FALSE if there is input pending
342*/
343
344static BOOL
925ac8e4 345wouldblock_reading(void)
f4630439
JH
346{
347int fd, rc;
348fd_set fds;
349struct timeval tzero;
350
01603eec 351#ifndef DISABLE_TLS
74f1a423 352if (tls_in.active.sock >= 0)
e5de01f0 353 return !tls_could_read();
9067f574 354#endif
f4630439 355
40525d07
JH
356if (smtp_inptr < smtp_inend)
357 return FALSE;
358
f4630439
JH
359fd = fileno(smtp_in);
360FD_ZERO(&fds);
361FD_SET(fd, &fds);
362tzero.tv_sec = 0;
363tzero.tv_usec = 0;
364rc = select(fd + 1, (SELECT_ARG2_TYPE *)&fds, NULL, NULL, &tzero);
365
366if (rc <= 0) return TRUE; /* Not ready to read */
bd8fbe36 367rc = smtp_getc(GETC_BUFFER_UNLIMITED);
f4630439
JH
368if (rc < 0) return TRUE; /* End of file or error */
369
370smtp_ungetc(rc);
f4630439
JH
371return FALSE;
372}
373
925ac8e4
JH
374static BOOL
375check_sync(void)
376{
8768d548 377if (!smtp_enforce_sync || !sender_host_address || f.sender_host_notsocket)
925ac8e4
JH
378 return TRUE;
379
380return wouldblock_reading();
381}
382
383
384/* If there's input waiting (and we're doing pipelineing) then we can pipeline
385a reponse with the one following. */
386
387static BOOL
388pipeline_response(void)
389{
390if ( !smtp_enforce_sync || !sender_host_address
8768d548 391 || f.sender_host_notsocket || !f.smtp_in_pipelining_advertised)
925ac8e4
JH
392 return FALSE;
393
3fc73bdc 394if (wouldblock_reading()) return FALSE;
8768d548 395f.smtp_in_pipelining_used = TRUE;
3fc73bdc 396return TRUE;
925ac8e4
JH
397}
398
f4630439 399
81344b40 400#ifndef DISABLE_PIPE_CONNECT
ee8b8090
JH
401static BOOL
402pipeline_connect_sends(void)
403{
404if (!sender_host_address || f.sender_host_notsocket || !fl.pipe_connect_acceptable)
405 return FALSE;
406
407if (wouldblock_reading()) return FALSE;
408f.smtp_in_early_pipe_used = TRUE;
409return TRUE;
410}
411#endif
f4630439
JH
412
413/*************************************************
414* Log incomplete transactions *
415*************************************************/
416
417/* This function is called after a transaction has been aborted by RSET, QUIT,
418connection drops or other errors. It logs the envelope information received
419so far in order to preserve address verification attempts.
420
421Argument: string to indicate what aborted the transaction
422Returns: nothing
423*/
424
425static void
426incomplete_transaction_log(uschar *what)
427{
d7978c0f
JH
428if (!sender_address /* No transaction in progress */
429 || !LOGGING(smtp_incomplete_transaction))
f4630439
JH
430 return;
431
432/* Build list of recipients for logging */
433
434if (recipients_count > 0)
435 {
f3ebb786 436 raw_recipients = store_get(recipients_count * sizeof(uschar *), FALSE);
d7978c0f 437 for (int i = 0; i < recipients_count; i++)
f4630439
JH
438 raw_recipients[i] = recipients_list[i].address;
439 raw_recipients_count = recipients_count;
440 }
441
442log_write(L_smtp_incomplete_transaction, LOG_MAIN|LOG_SENDER|LOG_RECIPIENTS,
443 "%s incomplete transaction (%s)", host_and_ident(TRUE), what);
444}
445
446
447
448
9723f966
JH
449void
450smtp_command_timeout_exit(void)
451{
452log_write(L_lost_incoming_connection,
453 LOG_MAIN, "SMTP command timeout on%s connection from %s",
74f1a423 454 tls_in.active.sock >= 0 ? " TLS" : "", host_and_ident(FALSE));
9723f966
JH
455if (smtp_batched_input)
456 moan_smtp_batch(NULL, "421 SMTP command timeout"); /* Does not return */
457smtp_notquit_exit(US"command-timeout", US"421",
458 US"%s: SMTP command timeout - closing connection",
459 smtp_active_hostname);
460exim_exit(EXIT_FAILURE, US"receiving");
461}
462
463void
464smtp_command_sigterm_exit(void)
465{
466log_write(0, LOG_MAIN, "%s closed after SIGTERM", smtp_get_connection_info());
467if (smtp_batched_input)
468 moan_smtp_batch(NULL, "421 SIGTERM received"); /* Does not return */
469smtp_notquit_exit(US"signal-exit", US"421",
470 US"%s: Service not available - closing connection", smtp_active_hostname);
471exim_exit(EXIT_FAILURE, US"receiving");
472}
473
474void
475smtp_data_timeout_exit(void)
476{
477log_write(L_lost_incoming_connection,
478 LOG_MAIN, "SMTP data timeout (message abandoned) on connection from %s F=<%s>",
479 sender_fullhost ? sender_fullhost : US"local process", sender_address);
480receive_bomb_out(US"data-timeout", US"SMTP incoming data timeout");
481/* Does not return */
482}
483
484void
485smtp_data_sigint_exit(void)
486{
487log_write(0, LOG_MAIN, "%s closed after %s",
488 smtp_get_connection_info(), had_data_sigint == SIGTERM ? "SIGTERM":"SIGINT");
489receive_bomb_out(US"signal-exit",
490 US"Service not available - SIGTERM or SIGINT received");
491/* Does not return */
492}
493
494
495
0d81dabc
JH
496/* Refill the buffer, and notify DKIM verification code.
497Return false for error or EOF.
498*/
499
500static BOOL
501smtp_refill(unsigned lim)
502{
503int rc, save_errno;
504if (!smtp_out) return FALSE;
505fflush(smtp_out);
c2a1bba0 506if (smtp_receive_timeout > 0) ALARM(smtp_receive_timeout);
0d81dabc 507
ecce6d9a
JH
508/* Limit amount read, so non-message data is not fed to DKIM.
509Take care to not touch the safety NUL at the end of the buffer. */
0d81dabc 510
ecce6d9a 511rc = read(fileno(smtp_in), smtp_inbuffer, MIN(IN_BUFFER_SIZE-1, lim));
0d81dabc 512save_errno = errno;
c2a1bba0 513if (smtp_receive_timeout > 0) ALARM_CLR(0);
0d81dabc
JH
514if (rc <= 0)
515 {
516 /* Must put the error text in fixed store, because this might be during
517 header reading, where it releases unused store above the header. */
518 if (rc < 0)
519 {
9723f966
JH
520 if (had_command_timeout) /* set by signal handler */
521 smtp_command_timeout_exit(); /* does not return */
522 if (had_command_sigterm)
523 smtp_command_sigterm_exit();
524 if (had_data_timeout)
525 smtp_data_timeout_exit();
526 if (had_data_sigint)
527 smtp_data_sigint_exit();
528
0d81dabc 529 smtp_had_error = save_errno;
f3ebb786
JH
530 smtp_read_error = string_copy_perm(
531 string_sprintf(" (error: %s)", strerror(save_errno)), FALSE);
0d81dabc 532 }
9723f966
JH
533 else
534 smtp_had_eof = 1;
0d81dabc
JH
535 return FALSE;
536 }
537#ifndef DISABLE_DKIM
538dkim_exim_verify_feed(smtp_inbuffer, rc);
539#endif
540smtp_inend = smtp_inbuffer + rc;
541smtp_inptr = smtp_inbuffer;
542return TRUE;
543}
544
f4630439 545/*************************************************
059ec3d9
PH
546* SMTP version of getc() *
547*************************************************/
548
549/* This gets the next byte from the SMTP input buffer. If the buffer is empty,
550it flushes the output, and refills the buffer, with a timeout. The signal
551handler is set appropriately by the calling function. This function is not used
4c04137d 552after a connection has negotiated itself into an TLS/SSL state.
059ec3d9 553
bd8fbe36 554Arguments: lim Maximum amount to read/buffer
059ec3d9
PH
555Returns: the next character or EOF
556*/
557
558int
bd8fbe36 559smtp_getc(unsigned lim)
059ec3d9
PH
560{
561if (smtp_inptr >= smtp_inend)
0d81dabc 562 if (!smtp_refill(lim))
059ec3d9 563 return EOF;
059ec3d9
PH
564return *smtp_inptr++;
565}
566
0d81dabc
JH
567uschar *
568smtp_getbuf(unsigned * len)
569{
570unsigned size;
571uschar * buf;
572
573if (smtp_inptr >= smtp_inend)
574 if (!smtp_refill(*len))
575 { *len = 0; return NULL; }
576
577if ((size = smtp_inend - smtp_inptr) > *len) size = *len;
578buf = smtp_inptr;
579smtp_inptr += size;
580*len = size;
581return buf;
582}
583
584e96c6
JH
584void
585smtp_get_cache(void)
586{
9960d1e5 587#ifndef DISABLE_DKIM
584e96c6
JH
588int n = smtp_inend - smtp_inptr;
589if (n > 0)
590 dkim_exim_verify_feed(smtp_inptr, n);
584e96c6 591#endif
9960d1e5 592}
059ec3d9
PH
593
594
7e3ce68e
JH
595/* Get a byte from the smtp input, in CHUNKING mode. Handle ack of the
596previous BDAT chunk and getting new ones when we run out. Uses the
597underlying smtp_getc or tls_getc both for that and for getting the
598(buffered) data byte. EOD signals (an expected) no further data.
599ERR signals a protocol error, and EOF a closed input stream.
600
601Called from read_bdat_smtp() in receive.c for the message body, but also
602by the headers read loop in receive_msg(); manipulates chunking_state
603to handle the BDAT command/response.
604Placed here due to the correlation with the above smtp_getc(), which it wraps,
605and also by the need to do smtp command/response handling.
606
bd8fbe36 607Arguments: lim (ignored)
7e3ce68e
JH
608Returns: the next character or ERR, EOD or EOF
609*/
610
611int
bd8fbe36 612bdat_getc(unsigned lim)
7e3ce68e
JH
613{
614uschar * user_msg = NULL;
615uschar * log_msg;
616
617for(;;)
618 {
79de4f37 619#ifndef DISABLE_DKIM
64b67b65 620 unsigned dkim_save;
79de4f37
JH
621#endif
622
bd8fbe36
JH
623 if (chunking_data_left > 0)
624 return lwr_receive_getc(chunking_data_left--);
7e3ce68e
JH
625
626 receive_getc = lwr_receive_getc;
0d81dabc 627 receive_getbuf = lwr_receive_getbuf;
7e3ce68e 628 receive_ungetc = lwr_receive_ungetc;
bd8fbe36 629#ifndef DISABLE_DKIM
79de4f37 630 dkim_save = dkim_collect_input;
64b67b65 631 dkim_collect_input = 0;
bd8fbe36 632#endif
7e3ce68e 633
f4630439
JH
634 /* Unless PIPELINING was offered, there should be no next command
635 until after we ack that chunk */
636
8768d548 637 if (!f.smtp_in_pipelining_advertised && !check_sync())
f4630439 638 {
40525d07
JH
639 unsigned n = smtp_inend - smtp_inptr;
640 if (n > 32) n = 32;
641
f4630439
JH
642 incomplete_transaction_log(US"sync failure");
643 log_write(0, LOG_MAIN|LOG_REJECT, "SMTP protocol synchronization error "
644 "(next input sent too soon: pipelining was not advertised): "
9e0ed81f 645 "rejected \"%s\" %s next input=\"%s\"%s",
f4630439 646 smtp_cmd_buffer, host_and_ident(TRUE),
9e0ed81f
JH
647 string_printing(string_copyn(smtp_inptr, n)),
648 smtp_inend - smtp_inptr > n ? "..." : "");
649 (void) synprot_error(L_smtp_protocol_error, 554, NULL,
650 US"SMTP synchronization error");
f4630439
JH
651 goto repeat_until_rset;
652 }
653
7e3ce68e
JH
654 /* If not the last, ack the received chunk. The last response is delayed
655 until after the data ACL decides on it */
7e3ce68e
JH
656
657 if (chunking_state == CHUNKING_LAST)
584e96c6
JH
658 {
659#ifndef DISABLE_DKIM
e983e85a 660 dkim_exim_verify_feed(NULL, 0); /* notify EOD */
584e96c6 661#endif
7e3ce68e 662 return EOD;
584e96c6 663 }
7e3ce68e 664
925ac8e4 665 smtp_printf("250 %u byte chunk received\r\n", FALSE, chunking_datasize);
bd8fbe36
JH
666 chunking_state = CHUNKING_OFFERED;
667 DEBUG(D_receive) debug_printf("chunking state %d\n", (int)chunking_state);
7e3ce68e
JH
668
669 /* Expect another BDAT cmd from input. RFC 3030 says nothing about
670 QUIT, RSET or NOOP but handling them seems obvious */
671
672next_cmd:
bd8fbe36 673 switch(smtp_read_command(TRUE, 1))
7e3ce68e
JH
674 {
675 default:
676 (void) synprot_error(L_smtp_protocol_error, 503, NULL,
677 US"only BDAT permissible after non-LAST BDAT");
678
679 repeat_until_rset:
bd8fbe36 680 switch(smtp_read_command(TRUE, 1))
7e3ce68e
JH
681 {
682 case QUIT_CMD: smtp_quit_handler(&user_msg, &log_msg); /*FALLTHROUGH */
683 case EOF_CMD: return EOF;
684 case RSET_CMD: smtp_rset_handler(); return ERR;
685 default: if (synprot_error(L_smtp_protocol_error, 503, NULL,
686 US"only RSET accepted now") > 0)
687 return EOF;
688 goto repeat_until_rset;
689 }
690
691 case QUIT_CMD:
692 smtp_quit_handler(&user_msg, &log_msg);
693 /*FALLTHROUGH*/
694 case EOF_CMD:
695 return EOF;
696
697 case RSET_CMD:
698 smtp_rset_handler();
699 return ERR;
700
701 case NOOP_CMD:
702 HAD(SCH_NOOP);
925ac8e4 703 smtp_printf("250 OK\r\n", FALSE);
7e3ce68e
JH
704 goto next_cmd;
705
706 case BDAT_CMD:
707 {
708 int n;
709
710 if (sscanf(CS smtp_cmd_data, "%u %n", &chunking_datasize, &n) < 1)
711 {
712 (void) synprot_error(L_smtp_protocol_error, 501, NULL,
713 US"missing size for BDAT command");
714 return ERR;
715 }
716 chunking_state = strcmpic(smtp_cmd_data+n, US"LAST") == 0
717 ? CHUNKING_LAST : CHUNKING_ACTIVE;
718 chunking_data_left = chunking_datasize;
bd8fbe36
JH
719 DEBUG(D_receive) debug_printf("chunking state %d, %d bytes\n",
720 (int)chunking_state, chunking_data_left);
7e3ce68e
JH
721
722 if (chunking_datasize == 0)
723 if (chunking_state == CHUNKING_LAST)
724 return EOD;
725 else
726 {
727 (void) synprot_error(L_smtp_protocol_error, 504, NULL,
728 US"zero size for BDAT command");
729 goto repeat_until_rset;
730 }
731
732 receive_getc = bdat_getc;
8b77d27a 733 receive_getbuf = bdat_getbuf; /* r~getbuf is never actually used */
7e3ce68e 734 receive_ungetc = bdat_ungetc;
bd8fbe36 735#ifndef DISABLE_DKIM
79de4f37 736 dkim_collect_input = dkim_save;
bd8fbe36 737#endif
7e3ce68e
JH
738 break; /* to top of main loop */
739 }
740 }
741 }
742}
743
0d81dabc
JH
744uschar *
745bdat_getbuf(unsigned * len)
746{
747uschar * buf;
748
749if (chunking_data_left <= 0)
750 { *len = 0; return NULL; }
751
752if (*len > chunking_data_left) *len = chunking_data_left;
753buf = lwr_receive_getbuf(len); /* Either smtp_getbuf or tls_getbuf */
754chunking_data_left -= *len;
755return buf;
756}
757
1ebe15c3 758void
45bd315d
JH
759bdat_flush_data(void)
760{
e99a3a6c 761while (chunking_data_left)
db57e575 762 {
e99a3a6c 763 unsigned n = chunking_data_left;
8b77d27a 764 if (!bdat_getbuf(&n)) break;
db57e575 765 }
45bd315d
JH
766
767receive_getc = lwr_receive_getc;
0d81dabc 768receive_getbuf = lwr_receive_getbuf;
45bd315d
JH
769receive_ungetc = lwr_receive_ungetc;
770
771if (chunking_state != CHUNKING_LAST)
bd8fbe36 772 {
45bd315d 773 chunking_state = CHUNKING_OFFERED;
bd8fbe36
JH
774 DEBUG(D_receive) debug_printf("chunking state %d\n", (int)chunking_state);
775 }
45bd315d
JH
776}
777
7e3ce68e
JH
778
779
780
059ec3d9
PH
781/*************************************************
782* SMTP version of ungetc() *
783*************************************************/
784
785/* Puts a character back in the input buffer. Only ever
786called once.
787
788Arguments:
789 ch the character
790
791Returns: the character
792*/
793
794int
795smtp_ungetc(int ch)
796{
7e3ce68e 797*--smtp_inptr = ch;
059ec3d9
PH
798return ch;
799}
800
801
7e3ce68e
JH
802int
803bdat_ungetc(int ch)
804{
805chunking_data_left++;
806return lwr_receive_ungetc(ch);
807}
808
059ec3d9
PH
809
810
811/*************************************************
812* SMTP version of feof() *
813*************************************************/
814
815/* Tests for a previous EOF
816
817Arguments: none
818Returns: non-zero if the eof flag is set
819*/
820
821int
822smtp_feof(void)
823{
824return smtp_had_eof;
825}
826
827
828
829
830/*************************************************
831* SMTP version of ferror() *
832*************************************************/
833
834/* Tests for a previous read error, and returns with errno
835restored to what it was when the error was detected.
836
837Arguments: none
838Returns: non-zero if the error flag is set
839*/
840
841int
842smtp_ferror(void)
843{
844errno = smtp_had_error;
845return smtp_had_error;
846}
847
848
849
58eb016e
PH
850/*************************************************
851* Test for characters in the SMTP buffer *
852*************************************************/
853
854/* Used at the end of a message
855
856Arguments: none
857Returns: TRUE/FALSE
858*/
859
860BOOL
861smtp_buffered(void)
862{
863return smtp_inptr < smtp_inend;
864}
865
866
059ec3d9
PH
867
868/*************************************************
869* Write formatted string to SMTP channel *
870*************************************************/
871
872/* This is a separate function so that we don't have to repeat everything for
873TLS support or debugging. It is global so that the daemon and the
874authentication functions can use it. It does not return any error indication,
875because major problems such as dropped connections won't show up till an output
876flush for non-TLS connections. The smtp_fflush() function is available for
877checking that: for convenience, TLS output errors are remembered here so that
878they are also picked up later by smtp_fflush().
879
b2d54f83
JH
880This function is exposed to the local_scan API; do not change the signature.
881
059ec3d9
PH
882Arguments:
883 format format string
925ac8e4 884 more further data expected
059ec3d9
PH
885 ... optional arguments
886
887Returns: nothing
888*/
889
890void
925ac8e4 891smtp_printf(const char *format, BOOL more, ...)
059ec3d9
PH
892{
893va_list ap;
894
925ac8e4
JH
895va_start(ap, more);
896smtp_vprintf(format, more, ap);
ce552449
NM
897va_end(ap);
898}
899
900/* This is split off so that verify.c:respond_printf() can, in effect, call
901smtp_printf(), bearing in mind that in C a vararg function can't directly
b2d54f83
JH
902call another vararg function, only a function which accepts a va_list.
903
904This function is exposed to the local_scan API; do not change the signature.
905*/
f3ebb786 906/*XXX consider passing caller-info in, for string_vformat-onward */
ce552449
NM
907
908void
925ac8e4 909smtp_vprintf(const char *format, BOOL more, va_list ap)
ce552449 910{
d12746bc 911gstring gs = { .size = big_buffer_size, .ptr = 0, .s = big_buffer };
fb08281f
DW
912BOOL yield;
913
f3ebb786
JH
914/* Use taint-unchecked routines for writing into big_buffer, trusting
915that we'll never expand it. */
916
917yield = !! string_vformat(&gs, SVFMT_TAINT_NOCHK, format, ap);
d12746bc 918string_from_gstring(&gs);
ce552449 919
059ec3d9
PH
920DEBUG(D_receive)
921 {
fb08281f 922 uschar *msg_copy, *cr, *end;
d12746bc
JH
923 msg_copy = string_copy(gs.s);
924 end = msg_copy + gs.ptr;
fb08281f 925 while ((cr = Ustrchr(msg_copy, '\r')) != NULL) /* lose CRs */
d12746bc 926 memmove(cr, cr + 1, (end--) - cr);
fb08281f 927 debug_printf("SMTP>> %s", msg_copy);
059ec3d9
PH
928 }
929
fb08281f 930if (!yield)
2679d413
PH
931 {
932 log_write(0, LOG_MAIN|LOG_PANIC, "string too large in smtp_printf()");
933 smtp_closedown(US"Unexpected error");
9bfb7e1b 934 exim_exit(EXIT_FAILURE, NULL);
2679d413 935 }
2679d413
PH
936
937/* If this is the first output for a (non-batch) RCPT command, see if all RCPTs
938have had the same. Note: this code is also present in smtp_respond(). It would
939be tidier to have it only in one place, but when it was added, it was easier to
940do it that way, so as not to have to mess with the code for the RCPT command,
941which sometimes uses smtp_printf() and sometimes smtp_respond(). */
942
88752192 943if (fl.rcpt_in_progress)
2679d413
PH
944 {
945 if (rcpt_smtp_response == NULL)
946 rcpt_smtp_response = string_copy(big_buffer);
88752192 947 else if (fl.rcpt_smtp_response_same &&
2679d413 948 Ustrcmp(rcpt_smtp_response, big_buffer) != 0)
88752192
JH
949 fl.rcpt_smtp_response_same = FALSE;
950 fl.rcpt_in_progress = FALSE;
2679d413 951 }
059ec3d9 952
2679d413 953/* Now write the string */
059ec3d9 954
30398c06 955if (
01603eec 956#ifndef DISABLE_TLS
30398c06 957 tls_in.active.sock >= 0 ? (tls_write(NULL, gs.s, gs.ptr, more) < 0) :
059ec3d9 958#endif
30398c06
JH
959 (fwrite(gs.s, gs.ptr, 1, smtp_out) == 0)
960 )
961 smtp_write_error = -1;
059ec3d9
PH
962}
963
964
965
966/*************************************************
967* Flush SMTP out and check for error *
968*************************************************/
969
970/* This function isn't currently used within Exim (it detects errors when it
971tries to read the next SMTP input), but is available for use in local_scan().
30398c06 972It flushes the output and checks for errors.
059ec3d9
PH
973
974Arguments: none
975Returns: 0 for no error; -1 after an error
976*/
977
978int
979smtp_fflush(void)
980{
74f1a423 981if (tls_in.active.sock < 0 && fflush(smtp_out) != 0) smtp_write_error = -1;
30398c06
JH
982
983if (
984#ifndef DISABLE_TLS
985 tls_in.active.sock >= 0 ? (tls_write(NULL, NULL, 0, FALSE) < 0) :
986#endif
987 (fflush(smtp_out) != 0)
988 )
989 smtp_write_error = -1;
990
059ec3d9
PH
991return smtp_write_error;
992}
993
994
995
996/*************************************************
997* SMTP command read timeout *
998*************************************************/
999
1000/* Signal handler for timing out incoming SMTP commands. This attempts to
1001finish off tidily.
1002
1003Argument: signal number (SIGALRM)
1004Returns: nothing
1005*/
1006
1007static void
1008command_timeout_handler(int sig)
1009{
9723f966 1010had_command_timeout = sig;
059ec3d9
PH
1011}
1012
1013
1014
1015/*************************************************
1016* SIGTERM received *
1017*************************************************/
1018
1019/* Signal handler for handling SIGTERM. Again, try to finish tidily.
1020
1021Argument: signal number (SIGTERM)
1022Returns: nothing
1023*/
1024
1025static void
1026command_sigterm_handler(int sig)
1027{
9723f966 1028had_command_sigterm = sig;
059ec3d9
PH
1029}
1030
1031
1032
a14e5636 1033
cee5f132 1034#ifdef SUPPORT_PROXY
a3c86431 1035/*************************************************
a3bddaa8
TL
1036* Restore socket timeout to previous value *
1037*************************************************/
1038/* If the previous value was successfully retrieved, restore
1039it before returning control to the non-proxy routines
1040
1041Arguments: fd - File descriptor for input
1042 get_ok - Successfully retrieved previous values
1043 tvtmp - Time struct with previous values
1044 vslen - Length of time struct
1045Returns: none
1046*/
1047static void
f267271d 1048restore_socket_timeout(int fd, int get_ok, struct timeval * tvtmp, socklen_t vslen)
a3bddaa8
TL
1049{
1050if (get_ok == 0)
f267271d 1051 (void) setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, CS tvtmp, vslen);
a3bddaa8
TL
1052}
1053
1054/*************************************************
a3c86431
TL
1055* Check if host is required proxy host *
1056*************************************************/
1057/* The function determines if inbound host will be a regular smtp host
1811cb4c
JH
1058or if it is configured that it must use Proxy Protocol. A local
1059connection cannot.
a3c86431
TL
1060
1061Arguments: none
1062Returns: bool
1063*/
1064
1065static BOOL
1066check_proxy_protocol_host()
1067{
1068int rc;
a3c86431 1069
1811cb4c
JH
1070if ( sender_host_address
1071 && (rc = verify_check_this_host(CUSS &hosts_proxy, NULL, NULL,
1072 sender_host_address, NULL)) == OK)
a3c86431
TL
1073 {
1074 DEBUG(D_receive)
1075 debug_printf("Detected proxy protocol configured host\n");
1076 proxy_session = TRUE;
1077 }
1078return proxy_session;
1079}
1080
1081
1082/*************************************************
3f251b3c
PP
1083* Read data until newline or end of buffer *
1084*************************************************/
1085/* While SMTP is server-speaks-first, TLS is client-speaks-first, so we can't
1086read an entire buffer and assume there will be nothing past a proxy protocol
1087header. Our approach normally is to use stdio, but again that relies upon
1088"STARTTLS\r\n" and a server response before the client starts TLS handshake, or
1089reading _nothing_ before client TLS handshake. So we don't want to use the
1090usual buffering reads which may read enough to block TLS starting.
1091
1092So unfortunately we're down to "read one byte at a time, with a syscall each,
1093and expect a little overhead", for all proxy-opened connections which are v1,
1094just to handle the TLS-on-connect case. Since SSL functions wrap the
1095underlying fd, we can't assume that we can feed them any already-read content.
1096
1097We need to know where to read to, the max capacity, and we'll read until we
1098get a CR and one more character. Let the caller scream if it's CR+!LF.
1099
1100Return the amount read.
1101*/
1102
1103static int
da88acae 1104swallow_until_crlf(int fd, uschar *base, int already, int capacity)
3f251b3c 1105{
2c0f3ea1
JH
1106uschar *to = base + already;
1107uschar *cr;
1108int have = 0;
1109int ret;
1110int last = 0;
1111
1112/* For "PROXY UNKNOWN\r\n" we, at time of writing, expect to have read
1113up through the \r; for the _normal_ case, we haven't yet seen the \r. */
da88acae 1114
2c0f3ea1
JH
1115cr = memchr(base, '\r', already);
1116if (cr != NULL)
1117 {
1118 if ((cr - base) < already - 1)
da88acae 1119 {
2c0f3ea1
JH
1120 /* \r and presumed \n already within what we have; probably not
1121 actually proxy protocol, but abort cleanly. */
1122 return 0;
da88acae 1123 }
2c0f3ea1
JH
1124 /* \r is last character read, just need one more. */
1125 last = 1;
1126 }
1127
1128while (capacity > 0)
1129 {
1130 do { ret = recv(fd, to, 1, 0); } while (ret == -1 && errno == EINTR);
1131 if (ret == -1)
1132 return -1;
1133 have++;
1134 if (last)
1135 return have;
1136 if (*to == '\r')
1137 last = 1;
1138 capacity--;
1139 to++;
1140 }
1141
1142/* reached end without having room for a final newline, abort */
1143errno = EOVERFLOW;
1144return -1;
3f251b3c
PP
1145}
1146
1147/*************************************************
a3c86431
TL
1148* Setup host for proxy protocol *
1149*************************************************/
1150/* The function configures the connection based on a header from the
1151inbound host to use Proxy Protocol. The specification is very exact
1152so exit with an error if do not find the exact required pieces. This
1153includes an incorrect number of spaces separating args.
1154
1155Arguments: none
f267271d 1156Returns: Boolean success
a3c86431
TL
1157*/
1158
1811cb4c 1159static void
a3c86431
TL
1160setup_proxy_protocol_host()
1161{
1162union {
1163 struct {
1164 uschar line[108];
1165 } v1;
1166 struct {
1167 uschar sig[12];
36719342
TL
1168 uint8_t ver_cmd;
1169 uint8_t fam;
1170 uint16_t len;
a3c86431
TL
1171 union {
1172 struct { /* TCP/UDP over IPv4, len = 12 */
1173 uint32_t src_addr;
1174 uint32_t dst_addr;
1175 uint16_t src_port;
1176 uint16_t dst_port;
1177 } ip4;
1178 struct { /* TCP/UDP over IPv6, len = 36 */
1179 uint8_t src_addr[16];
1180 uint8_t dst_addr[16];
1181 uint16_t src_port;
1182 uint16_t dst_port;
1183 } ip6;
1184 struct { /* AF_UNIX sockets, len = 216 */
1185 uschar src_addr[108];
1186 uschar dst_addr[108];
1187 } unx;
1188 } addr;
1189 } v2;
1190} hdr;
1191
eb57651e
TL
1192/* Temp variables used in PPv2 address:port parsing */
1193uint16_t tmpport;
1194char tmpip[INET_ADDRSTRLEN];
1195struct sockaddr_in tmpaddr;
1196char tmpip6[INET6_ADDRSTRLEN];
1197struct sockaddr_in6 tmpaddr6;
1198
da88acae
PP
1199/* We can't read "all data until end" because while SMTP is
1200server-speaks-first, the TLS handshake is client-speaks-first, so for
1201TLS-on-connect ports the proxy protocol header will usually be immediately
1202followed by a TLS handshake, and with N TLS libraries, we can't reliably
1203reinject data for reading by those. So instead we first read "enough to be
1204safely read within the header, and figure out how much more to read".
1205For v1 we will later read to the end-of-line, for v2 we will read based upon
1206the stated length.
1207
1208The v2 sig is 12 octets, and another 4 gets us the length, so we know how much
1209data is needed total. For v1, where the line looks like:
1210PROXY TCPn L3src L3dest SrcPort DestPort \r\n
1211
1212However, for v1 there's also `PROXY UNKNOWN\r\n` which is only 15 octets.
1213We seem to support that. So, if we read 14 octets then we can tell if we're
1214v2 or v1. If we're v1, we can continue reading as normal.
1215
1216If we're v2, we can't slurp up the entire header. We need the length in the
121715th & 16th octets, then to read everything after that.
1218
1219So to safely handle v1 and v2, with client-sent-first supported correctly,
1220we have to do a minimum of 3 read calls, not 1. Eww.
1221*/
1222
1223#define PROXY_INITIAL_READ 14
1224#define PROXY_V2_HEADER_SIZE 16
1225#if PROXY_INITIAL_READ > PROXY_V2_HEADER_SIZE
1226# error Code bug in sizes of data to read for proxy usage
1227#endif
1228
eb57651e 1229int get_ok = 0;
f267271d
JH
1230int size, ret;
1231int fd = fileno(smtp_in);
36719342 1232const char v2sig[12] = "\x0D\x0A\x0D\x0A\x00\x0D\x0A\x51\x55\x49\x54\x0A";
9e7e0f6a 1233uschar * iptype; /* To display debug info */
a3c86431 1234struct timeval tv;
a3bddaa8 1235struct timeval tvtmp;
f267271d 1236socklen_t vslen = sizeof(struct timeval);
1811cb4c 1237BOOL yield = FALSE;
a3c86431 1238
a3bddaa8 1239/* Save current socket timeout values */
f267271d 1240get_ok = getsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, CS &tvtmp, &vslen);
a3bddaa8 1241
a3c86431
TL
1242/* Proxy Protocol host must send header within a short time
1243(default 3 seconds) or it's considered invalid */
1244tv.tv_sec = PROXY_NEGOTIATION_TIMEOUT_SEC;
1245tv.tv_usec = PROXY_NEGOTIATION_TIMEOUT_USEC;
f267271d 1246if (setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, CS &tv, sizeof(tv)) < 0)
1811cb4c 1247 goto bad;
a3bddaa8 1248
a3c86431
TL
1249do
1250 {
eb57651e 1251 /* The inbound host was declared to be a Proxy Protocol host, so
2c0f3ea1
JH
1252 don't do a PEEK into the data, actually slurp up enough to be
1253 "safe". Can't take it all because TLS-on-connect clients follow
1254 immediately with TLS handshake. */
3f251b3c 1255 ret = recv(fd, &hdr, PROXY_INITIAL_READ, 0);
a3c86431
TL
1256 }
1257 while (ret == -1 && errno == EINTR);
1258
1259if (ret == -1)
f267271d 1260 goto proxyfail;
a3c86431 1261
da88acae
PP
1262/* For v2, handle reading the length, and then the rest. */
1263if ((ret == PROXY_INITIAL_READ) && (memcmp(&hdr.v2, v2sig, sizeof(v2sig)) == 0))
a3c86431 1264 {
da88acae
PP
1265 int retmore;
1266 uint8_t ver;
1267
1268 /* First get the length fields. */
1269 do
1270 {
1271 retmore = recv(fd, (uschar*)&hdr + ret, PROXY_V2_HEADER_SIZE - PROXY_INITIAL_READ, 0);
1272 } while (retmore == -1 && errno == EINTR);
1273 if (retmore == -1)
3f251b3c 1274 goto proxyfail;
da88acae 1275 ret += retmore;
3f251b3c
PP
1276
1277 ver = (hdr.v2.ver_cmd & 0xf0) >> 4;
36719342
TL
1278
1279 /* May 2014: haproxy combined the version and command into one byte to
2c0f3ea1
JH
1280 allow two full bytes for the length field in order to proxy SSL
1281 connections. SSL Proxy is not supported in this version of Exim, but
1282 must still separate values here. */
36719342
TL
1283
1284 if (ver != 0x02)
1285 {
1286 DEBUG(D_receive) debug_printf("Invalid Proxy Protocol version: %d\n", ver);
1287 goto proxyfail;
1288 }
da88acae 1289
36719342 1290 /* The v2 header will always be 16 bytes per the spec. */
5d036699 1291 size = 16 + ntohs(hdr.v2.len);
da88acae
PP
1292 DEBUG(D_receive) debug_printf("Detected PROXYv2 header, size %d (limit %d)\n",
1293 size, (int)sizeof(hdr));
1294
1295 /* We should now have 16 octets (PROXY_V2_HEADER_SIZE), and we know the total
1296 amount that we need. Double-check that the size is not unreasonable, then
1297 get the rest. */
1298 if (size > sizeof(hdr))
a3c86431 1299 {
da88acae 1300 DEBUG(D_receive) debug_printf("PROXYv2 header size unreasonably large; security attack?\n");
a3c86431
TL
1301 goto proxyfail;
1302 }
da88acae
PP
1303
1304 do
1305 {
1306 do
1307 {
1308 retmore = recv(fd, (uschar*)&hdr + ret, size-ret, 0);
1309 } while (retmore == -1 && errno == EINTR);
1310 if (retmore == -1)
1311 goto proxyfail;
1312 ret += retmore;
1313 DEBUG(D_receive) debug_printf("PROXYv2: have %d/%d required octets\n", ret, size);
1314 } while (ret < size);
1315
1316 } /* end scope for getting rest of data for v2 */
1317
1318/* At this point: if PROXYv2, we've read the exact size required for all data;
1319if PROXYv1 then we've read "less than required for any valid line" and should
1320read the rest". */
1321
1322if (ret >= 16 && memcmp(&hdr.v2, v2sig, 12) == 0)
1323 {
1324 uint8_t cmd = (hdr.v2.ver_cmd & 0x0f);
1325
36719342 1326 switch (cmd)
a3c86431
TL
1327 {
1328 case 0x01: /* PROXY command */
1329 switch (hdr.v2.fam)
1330 {
eb57651e
TL
1331 case 0x11: /* TCPv4 address type */
1332 iptype = US"IPv4";
1333 tmpaddr.sin_addr.s_addr = hdr.v2.addr.ip4.src_addr;
5d036699
JH
1334 inet_ntop(AF_INET, &tmpaddr.sin_addr, CS &tmpip, sizeof(tmpip));
1335 if (!string_is_ip_address(US tmpip, NULL))
eb57651e
TL
1336 {
1337 DEBUG(D_receive) debug_printf("Invalid %s source IP\n", iptype);
f267271d 1338 goto proxyfail;
eb57651e 1339 }
e6d2a989 1340 proxy_local_address = sender_host_address;
eb57651e
TL
1341 sender_host_address = string_copy(US tmpip);
1342 tmpport = ntohs(hdr.v2.addr.ip4.src_port);
e6d2a989 1343 proxy_local_port = sender_host_port;
eb57651e
TL
1344 sender_host_port = tmpport;
1345 /* Save dest ip/port */
1346 tmpaddr.sin_addr.s_addr = hdr.v2.addr.ip4.dst_addr;
5d036699
JH
1347 inet_ntop(AF_INET, &tmpaddr.sin_addr, CS &tmpip, sizeof(tmpip));
1348 if (!string_is_ip_address(US tmpip, NULL))
eb57651e
TL
1349 {
1350 DEBUG(D_receive) debug_printf("Invalid %s dest port\n", iptype);
f267271d 1351 goto proxyfail;
eb57651e 1352 }
7a2fa0bc 1353 proxy_external_address = string_copy(US tmpip);
eb57651e 1354 tmpport = ntohs(hdr.v2.addr.ip4.dst_port);
7a2fa0bc 1355 proxy_external_port = tmpport;
a3c86431 1356 goto done;
eb57651e
TL
1357 case 0x21: /* TCPv6 address type */
1358 iptype = US"IPv6";
1359 memmove(tmpaddr6.sin6_addr.s6_addr, hdr.v2.addr.ip6.src_addr, 16);
5d036699
JH
1360 inet_ntop(AF_INET6, &tmpaddr6.sin6_addr, CS &tmpip6, sizeof(tmpip6));
1361 if (!string_is_ip_address(US tmpip6, NULL))
eb57651e
TL
1362 {
1363 DEBUG(D_receive) debug_printf("Invalid %s source IP\n", iptype);
f267271d 1364 goto proxyfail;
eb57651e 1365 }
e6d2a989 1366 proxy_local_address = sender_host_address;
eb57651e
TL
1367 sender_host_address = string_copy(US tmpip6);
1368 tmpport = ntohs(hdr.v2.addr.ip6.src_port);
e6d2a989 1369 proxy_local_port = sender_host_port;
eb57651e
TL
1370 sender_host_port = tmpport;
1371 /* Save dest ip/port */
1372 memmove(tmpaddr6.sin6_addr.s6_addr, hdr.v2.addr.ip6.dst_addr, 16);
5d036699
JH
1373 inet_ntop(AF_INET6, &tmpaddr6.sin6_addr, CS &tmpip6, sizeof(tmpip6));
1374 if (!string_is_ip_address(US tmpip6, NULL))
eb57651e
TL
1375 {
1376 DEBUG(D_receive) debug_printf("Invalid %s dest port\n", iptype);
f267271d 1377 goto proxyfail;
eb57651e 1378 }
7a2fa0bc 1379 proxy_external_address = string_copy(US tmpip6);
eb57651e 1380 tmpport = ntohs(hdr.v2.addr.ip6.dst_port);
7a2fa0bc 1381 proxy_external_port = tmpport;
a3c86431 1382 goto done;
eb57651e
TL
1383 default:
1384 DEBUG(D_receive)
1385 debug_printf("Unsupported PROXYv2 connection type: 0x%02x\n",
1386 hdr.v2.fam);
1387 goto proxyfail;
a3c86431
TL
1388 }
1389 /* Unsupported protocol, keep local connection address */
1390 break;
1391 case 0x00: /* LOCAL command */
1392 /* Keep local connection address for LOCAL */
9e7e0f6a 1393 iptype = US"local";
a3c86431
TL
1394 break;
1395 default:
eb57651e 1396 DEBUG(D_receive)
36719342 1397 debug_printf("Unsupported PROXYv2 command: 0x%x\n", cmd);
a3c86431
TL
1398 goto proxyfail;
1399 }
1400 }
5d036699 1401else if (ret >= 8 && memcmp(hdr.v1.line, "PROXY", 5) == 0)
a3c86431 1402 {
3f251b3c
PP
1403 uschar *p;
1404 uschar *end;
a3c86431
TL
1405 uschar *sp; /* Utility variables follow */
1406 int tmp_port;
3f251b3c 1407 int r2;
a3c86431
TL
1408 char *endc;
1409
3f251b3c 1410 /* get the rest of the line */
da88acae 1411 r2 = swallow_until_crlf(fd, (uschar*)&hdr, ret, sizeof(hdr)-ret);
3f251b3c
PP
1412 if (r2 == -1)
1413 goto proxyfail;
1414 ret += r2;
1415
1416 p = string_copy(hdr.v1.line);
1417 end = memchr(p, '\r', ret - 1);
1418
da88acae 1419 if (!end || (end == (uschar*)&hdr + ret) || end[1] != '\n')
a3c86431
TL
1420 {
1421 DEBUG(D_receive) debug_printf("Partial or invalid PROXY header\n");
1422 goto proxyfail;
1423 }
1424 *end = '\0'; /* Terminate the string */
a5d4db40 1425 size = end + 2 - p; /* Skip header + CRLF */
a3c86431 1426 DEBUG(D_receive) debug_printf("Detected PROXYv1 header\n");
3f251b3c 1427 DEBUG(D_receive) debug_printf("Bytes read not within PROXY header: %d\n", ret - size);
a3c86431 1428 /* Step through the string looking for the required fields. Ensure
2c0f3ea1 1429 strict adherence to required formatting, exit for any error. */
a3c86431
TL
1430 p += 5;
1431 if (!isspace(*(p++)))
1432 {
1433 DEBUG(D_receive) debug_printf("Missing space after PROXY command\n");
1434 goto proxyfail;
1435 }
1436 if (!Ustrncmp(p, CCS"TCP4", 4))
1437 iptype = US"IPv4";
1438 else if (!Ustrncmp(p,CCS"TCP6", 4))
1439 iptype = US"IPv6";
1440 else if (!Ustrncmp(p,CCS"UNKNOWN", 7))
1441 {
1442 iptype = US"Unknown";
1443 goto done;
1444 }
1445 else
1446 {
1447 DEBUG(D_receive) debug_printf("Invalid TCP type\n");
1448 goto proxyfail;
1449 }
1450
1451 p += Ustrlen(iptype);
1452 if (!isspace(*(p++)))
1453 {
1454 DEBUG(D_receive) debug_printf("Missing space after TCP4/6 command\n");
1455 goto proxyfail;
1456 }
1457 /* Find the end of the arg */
1458 if ((sp = Ustrchr(p, ' ')) == NULL)
1459 {
1460 DEBUG(D_receive)
1461 debug_printf("Did not find proxied src %s\n", iptype);
1462 goto proxyfail;
1463 }
1464 *sp = '\0';
5d036699 1465 if(!string_is_ip_address(p, NULL))
a3c86431
TL
1466 {
1467 DEBUG(D_receive)
1468 debug_printf("Proxied src arg is not an %s address\n", iptype);
1469 goto proxyfail;
1470 }
e6d2a989 1471 proxy_local_address = sender_host_address;
a3c86431
TL
1472 sender_host_address = p;
1473 p = sp + 1;
1474 if ((sp = Ustrchr(p, ' ')) == NULL)
1475 {
1476 DEBUG(D_receive)
1477 debug_printf("Did not find proxy dest %s\n", iptype);
1478 goto proxyfail;
1479 }
1480 *sp = '\0';
5d036699 1481 if(!string_is_ip_address(p, NULL))
a3c86431
TL
1482 {
1483 DEBUG(D_receive)
1484 debug_printf("Proxy dest arg is not an %s address\n", iptype);
1485 goto proxyfail;
1486 }
7a2fa0bc 1487 proxy_external_address = p;
a3c86431
TL
1488 p = sp + 1;
1489 if ((sp = Ustrchr(p, ' ')) == NULL)
1490 {
1491 DEBUG(D_receive) debug_printf("Did not find proxied src port\n");
1492 goto proxyfail;
1493 }
1494 *sp = '\0';
5d036699 1495 tmp_port = strtol(CCS p, &endc, 10);
a3c86431
TL
1496 if (*endc || tmp_port == 0)
1497 {
1498 DEBUG(D_receive)
1499 debug_printf("Proxied src port '%s' not an integer\n", p);
1500 goto proxyfail;
1501 }
e6d2a989 1502 proxy_local_port = sender_host_port;
a3c86431
TL
1503 sender_host_port = tmp_port;
1504 p = sp + 1;
1505 if ((sp = Ustrchr(p, '\0')) == NULL)
1506 {
1507 DEBUG(D_receive) debug_printf("Did not find proxy dest port\n");
1508 goto proxyfail;
1509 }
5d036699 1510 tmp_port = strtol(CCS p, &endc, 10);
a3c86431
TL
1511 if (*endc || tmp_port == 0)
1512 {
1513 DEBUG(D_receive)
1514 debug_printf("Proxy dest port '%s' not an integer\n", p);
1515 goto proxyfail;
1516 }
7a2fa0bc 1517 proxy_external_port = tmp_port;
a3c86431 1518 /* Already checked for /r /n above. Good V1 header received. */
a3c86431
TL
1519 }
1520else
1521 {
1522 /* Wrong protocol */
eb57651e 1523 DEBUG(D_receive) debug_printf("Invalid proxy protocol version negotiation\n");
da88acae 1524 (void) swallow_until_crlf(fd, (uschar*)&hdr, ret, sizeof(hdr)-ret);
a3c86431
TL
1525 goto proxyfail;
1526 }
1527
1811cb4c
JH
1528done:
1529 DEBUG(D_receive)
1530 debug_printf("Valid %s sender from Proxy Protocol header\n", iptype);
1531 yield = proxy_session;
1532
1533/* Don't flush any potential buffer contents. Any input on proxyfail
1534should cause a synchronization failure */
1535
a3c86431 1536proxyfail:
1811cb4c 1537 restore_socket_timeout(fd, get_ok, &tvtmp, vslen);
a3c86431 1538
1811cb4c
JH
1539bad:
1540 if (yield)
1541 {
1542 sender_host_name = NULL;
1543 (void) host_name_lookup();
1544 host_build_sender_fullhost();
1545 }
1546 else
1547 {
8768d548 1548 f.proxy_session_failed = TRUE;
1811cb4c
JH
1549 DEBUG(D_receive)
1550 debug_printf("Failure to extract proxied host, only QUIT allowed\n");
1551 }
1552
1553return;
a3c86431
TL
1554}
1555#endif
1556
059ec3d9
PH
1557/*************************************************
1558* Read one command line *
1559*************************************************/
1560
1561/* Strictly, SMTP commands coming over the net are supposed to end with CRLF.
1562There are sites that don't do this, and in any case internal SMTP probably
1563should check only for LF. Consequently, we check here for LF only. The line
1564ends up with [CR]LF removed from its end. If we get an overlong line, treat as
3ee512ff
PH
1565an unknown command. The command is read into the global smtp_cmd_buffer so that
1566it is available via $smtp_command.
059ec3d9
PH
1567
1568The character reading routine sets up a timeout for each block actually read
1569from the input (which may contain more than one command). We set up a special
1570signal handler that closes down the session on a timeout. Control does not
1571return when it runs.
1572
1573Arguments:
bd8fbe36
JH
1574 check_sync if TRUE, check synchronization rules if global option is TRUE
1575 buffer_lim maximum to buffer in lower layer
059ec3d9
PH
1576
1577Returns: a code identifying the command (enumerated above)
1578*/
1579
1580static int
bd8fbe36 1581smtp_read_command(BOOL check_sync, unsigned buffer_lim)
059ec3d9
PH
1582{
1583int c;
1584int ptr = 0;
059ec3d9
PH
1585BOOL hadnull = FALSE;
1586
9723f966 1587had_command_timeout = 0;
059ec3d9
PH
1588os_non_restarting_signal(SIGALRM, command_timeout_handler);
1589
bd8fbe36 1590while ((c = (receive_getc)(buffer_lim)) != '\n' && c != EOF)
059ec3d9 1591 {
bd8fbe36 1592 if (ptr >= SMTP_CMD_BUFFER_SIZE)
059ec3d9
PH
1593 {
1594 os_non_restarting_signal(SIGALRM, sigalrm_handler);
1595 return OTHER_CMD;
1596 }
1597 if (c == 0)
1598 {
1599 hadnull = TRUE;
1600 c = '?';
1601 }
3ee512ff 1602 smtp_cmd_buffer[ptr++] = c;
059ec3d9
PH
1603 }
1604
1605receive_linecount++; /* For BSMTP errors */
1606os_non_restarting_signal(SIGALRM, sigalrm_handler);
1607
1608/* If hit end of file, return pseudo EOF command. Whether we have a
1609part-line already read doesn't matter, since this is an error state. */
1610
1611if (c == EOF) return EOF_CMD;
1612
1613/* Remove any CR and white space at the end of the line, and terminate the
1614string. */
1615
3ee512ff
PH
1616while (ptr > 0 && isspace(smtp_cmd_buffer[ptr-1])) ptr--;
1617smtp_cmd_buffer[ptr] = 0;
059ec3d9 1618
3ee512ff 1619DEBUG(D_receive) debug_printf("SMTP<< %s\n", smtp_cmd_buffer);
059ec3d9
PH
1620
1621/* NULLs are not allowed in SMTP commands */
1622
1623if (hadnull) return BADCHAR_CMD;
1624
1625/* Scan command list and return identity, having set the data pointer
1626to the start of the actual data characters. Check for SMTP synchronization
1627if required. */
1628
d7978c0f 1629for (smtp_cmd_list * p = cmd_list; p < cmd_list_end; p++)
059ec3d9 1630 {
1811cb4c 1631#ifdef SUPPORT_PROXY
a3c86431 1632 /* Only allow QUIT command if Proxy Protocol parsing failed */
8768d548 1633 if (proxy_session && f.proxy_session_failed && p->cmd != QUIT_CMD)
1811cb4c
JH
1634 continue;
1635#endif
2f460950
JH
1636 if ( p->len
1637 && strncmpic(smtp_cmd_buffer, US p->name, p->len) == 0
1638 && ( smtp_cmd_buffer[p->len-1] == ':' /* "mail from:" or "rcpt to:" */
1639 || smtp_cmd_buffer[p->len] == 0
1640 || smtp_cmd_buffer[p->len] == ' '
1641 ) )
059ec3d9
PH
1642 {
1643 if (smtp_inptr < smtp_inend && /* Outstanding input */
1644 p->cmd < sync_cmd_limit && /* Command should sync */
1645 check_sync && /* Local flag set */
1646 smtp_enforce_sync && /* Global flag set */
1647 sender_host_address != NULL && /* Not local input */
8768d548 1648 !f.sender_host_notsocket) /* Really is a socket */
059ec3d9
PH
1649 return BADSYN_CMD;
1650
ca86f471
PH
1651 /* The variables $smtp_command and $smtp_command_argument point into the
1652 unmodified input buffer. A copy of the latter is taken for actual
1653 processing, so that it can be chopped up into separate parts if necessary,
1654 for example, when processing a MAIL command options such as SIZE that can
1655 follow the sender address. */
059ec3d9 1656
3ee512ff 1657 smtp_cmd_argument = smtp_cmd_buffer + p->len;
ca86f471
PH
1658 while (isspace(*smtp_cmd_argument)) smtp_cmd_argument++;
1659 Ustrcpy(smtp_data_buffer, smtp_cmd_argument);
1660 smtp_cmd_data = smtp_data_buffer;
059ec3d9
PH
1661
1662 /* Count non-mail commands from those hosts that are controlled in this
1663 way. The default is all hosts. We don't waste effort checking the list
1664 until we get a non-mail command, but then cache the result to save checking
1665 again. If there's a DEFER while checking the host, assume it's in the list.
1666
1667 Note that one instance of RSET, EHLO/HELO, and STARTTLS is allowed at the
1668 start of each incoming message by fiddling with the value in the table. */
1669
1670 if (!p->is_mail_cmd)
1671 {
1672 if (count_nonmail == TRUE_UNSET) count_nonmail =
1673 verify_check_host(&smtp_accept_max_nonmail_hosts) != FAIL;
1674 if (count_nonmail && ++nonmail_command_count > smtp_accept_max_nonmail)
1675 return TOO_MANY_NONMAIL_CMD;
1676 }
1677
ca86f471
PH
1678 /* If there is data for a command that does not expect it, generate the
1679 error here. */
059ec3d9 1680
ca86f471 1681 return (p->has_arg || *smtp_cmd_data == 0)? p->cmd : BADARG_CMD;
059ec3d9
PH
1682 }
1683 }
1684
cee5f132 1685#ifdef SUPPORT_PROXY
a3c86431 1686/* Only allow QUIT command if Proxy Protocol parsing failed */
8768d548 1687if (proxy_session && f.proxy_session_failed)
a3c86431
TL
1688 return PROXY_FAIL_IGNORE_CMD;
1689#endif
1690
059ec3d9
PH
1691/* Enforce synchronization for unknown commands */
1692
ecce6d9a
JH
1693if ( smtp_inptr < smtp_inend /* Outstanding input */
1694 && check_sync /* Local flag set */
1695 && smtp_enforce_sync /* Global flag set */
1696 && sender_host_address /* Not local input */
8768d548 1697 && !f.sender_host_notsocket) /* Really is a socket */
059ec3d9
PH
1698 return BADSYN_CMD;
1699
1700return OTHER_CMD;
1701}
1702
1703
1704
1705/*************************************************
1706* Forced closedown of call *
1707*************************************************/
1708
1709/* This function is called from log.c when Exim is dying because of a serious
1710disaster, and also from some other places. If an incoming non-batched SMTP
1711channel is open, it swallows the rest of the incoming message if in the DATA
1712phase, sends the reply string, and gives an error to all subsequent commands
1713except QUIT. The existence of an SMTP call is detected by the non-NULLness of
1714smtp_in.
1715
8f128379
PH
1716Arguments:
1717 message SMTP reply string to send, excluding the code
1718
059ec3d9
PH
1719Returns: nothing
1720*/
1721
1722void
1723smtp_closedown(uschar *message)
1724{
db57e575 1725if (!smtp_in || smtp_batched_input) return;
059ec3d9 1726receive_swallow_smtp();
925ac8e4 1727smtp_printf("421 %s\r\n", FALSE, message);
059ec3d9 1728
bd8fbe36 1729for (;;) switch(smtp_read_command(FALSE, GETC_BUFFER_UNLIMITED))
059ec3d9 1730 {
60d10ce7 1731 case EOF_CMD:
db57e575 1732 return;
059ec3d9 1733
60d10ce7 1734 case QUIT_CMD:
db57e575
JH
1735 smtp_printf("221 %s closing connection\r\n", FALSE, smtp_active_hostname);
1736 mac_smtp_fflush();
1737 return;
059ec3d9 1738
60d10ce7 1739 case RSET_CMD:
db57e575
JH
1740 smtp_printf("250 Reset OK\r\n", FALSE);
1741 break;
059ec3d9 1742
60d10ce7 1743 default:
db57e575
JH
1744 smtp_printf("421 %s\r\n", FALSE, message);
1745 break;
059ec3d9
PH
1746 }
1747}
1748
1749
1750
1751
1752/*************************************************
1753* Set up connection info for logging *
1754*************************************************/
1755
1756/* This function is called when logging information about an SMTP connection.
1757It sets up appropriate source information, depending on the type of connection.
dac79d3e
PH
1758If sender_fullhost is NULL, we are at a very early stage of the connection;
1759just use the IP address.
059ec3d9
PH
1760
1761Argument: none
1762Returns: a string describing the connection
1763*/
1764
1765uschar *
1766smtp_get_connection_info(void)
1767{
f5d25c2b
JH
1768const uschar * hostname = sender_fullhost
1769 ? sender_fullhost : sender_host_address;
dac79d3e 1770
059ec3d9 1771if (host_checking)
dac79d3e 1772 return string_sprintf("SMTP connection from %s", hostname);
059ec3d9 1773
8768d548 1774if (f.sender_host_unknown || f.sender_host_notsocket)
059ec3d9
PH
1775 return string_sprintf("SMTP connection from %s", sender_ident);
1776
8768d548 1777if (f.is_inetd)
dac79d3e 1778 return string_sprintf("SMTP connection from %s (via inetd)", hostname);
059ec3d9 1779
52f12a7c 1780if (LOGGING(incoming_interface) && interface_address)
dac79d3e 1781 return string_sprintf("SMTP connection from %s I=[%s]:%d", hostname,
059ec3d9
PH
1782 interface_address, interface_port);
1783
dac79d3e 1784return string_sprintf("SMTP connection from %s", hostname);
059ec3d9
PH
1785}
1786
1787
1788
01603eec 1789#ifndef DISABLE_TLS
887291d2
JH
1790/* Append TLS-related information to a log line
1791
1792Arguments:
acec9514 1793 g String under construction: allocated string to extend, or NULL
887291d2
JH
1794
1795Returns: Allocated string or NULL
1796*/
acec9514
JH
1797static gstring *
1798s_tlslog(gstring * g)
e45a1c37 1799{
acec9514 1800if (LOGGING(tls_cipher) && tls_in.cipher)
b10c87b3 1801 {
acec9514 1802 g = string_append(g, 2, US" X=", tls_in.cipher);
b10c87b3
JH
1803#ifdef EXPERIMENTAL_TLS_RESUME
1804 if (LOGGING(tls_resumption) && tls_in.resumption & RESUME_USED)
1805 g = string_catn(g, US"*", 1);
1806#endif
1807 }
acec9514
JH
1808if (LOGGING(tls_certificate_verified) && tls_in.cipher)
1809 g = string_append(g, 2, US" CV=", tls_in.certificate_verified? "yes":"no");
1810if (LOGGING(tls_peerdn) && tls_in.peerdn)
1811 g = string_append(g, 3, US" DN=\"", string_printing(tls_in.peerdn), US"\"");
1812if (LOGGING(tls_sni) && tls_in.sni)
1813 g = string_append(g, 3, US" SNI=\"", string_printing(tls_in.sni), US"\"");
1814return g;
e45a1c37
JH
1815}
1816#endif
1817
059ec3d9 1818/*************************************************
b4ed4da0
PH
1819* Log lack of MAIL if so configured *
1820*************************************************/
1821
1822/* This function is called when an SMTP session ends. If the log selector
1823smtp_no_mail is set, write a log line giving some details of what has happened
1824in the SMTP session.
1825
1826Arguments: none
1827Returns: nothing
1828*/
1829
1830void
1831smtp_log_no_mail(void)
1832{
acec9514
JH
1833uschar * sep, * s;
1834gstring * g = NULL;
b4ed4da0 1835
6c6d6e48 1836if (smtp_mailcmd_count > 0 || !LOGGING(smtp_no_mail))
b4ed4da0
PH
1837 return;
1838
db57e575 1839if (sender_host_authenticated)
b4ed4da0 1840 {
acec9514
JH
1841 g = string_append(g, 2, US" A=", sender_host_authenticated);
1842 if (authenticated_id) g = string_append(g, 2, US":", authenticated_id);
b4ed4da0
PH
1843 }
1844
01603eec 1845#ifndef DISABLE_TLS
acec9514 1846g = s_tlslog(g);
3f0945ff 1847#endif
b4ed4da0 1848
acec9514
JH
1849sep = smtp_connection_had[SMTP_HBUFF_SIZE-1] != SCH_NONE ? US" C=..." : US" C=";
1850
d7978c0f 1851for (int i = smtp_ch_index; i < SMTP_HBUFF_SIZE; i++)
b4ed4da0
PH
1852 if (smtp_connection_had[i] != SCH_NONE)
1853 {
acec9514 1854 g = string_append(g, 2, sep, smtp_names[smtp_connection_had[i]]);
b4ed4da0
PH
1855 sep = US",";
1856 }
b4ed4da0 1857
d7978c0f 1858for (int i = 0; i < smtp_ch_index; i++)
b4ed4da0 1859 {
acec9514 1860 g = string_append(g, 2, sep, smtp_names[smtp_connection_had[i]]);
b4ed4da0
PH
1861 sep = US",";
1862 }
1863
acec9514
JH
1864if (!(s = string_from_gstring(g))) s = US"";
1865
a2673768 1866log_write(0, LOG_MAIN, "no MAIL in %sSMTP connection from %s D=%s%s",
ee8b8090 1867 f.tcp_in_fastopen ? f.tcp_in_fastopen_data ? US"TFO* " : US"TFO " : US"",
0f1a8658 1868 host_and_ident(FALSE), string_timesince(&smtp_connection_start), s);
b4ed4da0
PH
1869}
1870
1871
a09f2942
JH
1872/* Return list of recent smtp commands */
1873
1874uschar *
1875smtp_cmd_hist(void)
1876{
acec9514
JH
1877gstring * list = NULL;
1878uschar * s;
a09f2942 1879
d7978c0f 1880for (int i = smtp_ch_index; i < SMTP_HBUFF_SIZE; i++)
a09f2942 1881 if (smtp_connection_had[i] != SCH_NONE)
acec9514
JH
1882 list = string_append_listele(list, ',', smtp_names[smtp_connection_had[i]]);
1883
d7978c0f 1884for (int i = 0; i < smtp_ch_index; i++)
acec9514
JH
1885 list = string_append_listele(list, ',', smtp_names[smtp_connection_had[i]]);
1886
1887s = string_from_gstring(list);
1888return s ? s : US"";
a09f2942
JH
1889}
1890
1891
1892
b4ed4da0
PH
1893
1894/*************************************************
059ec3d9
PH
1895* Check HELO line and set sender_helo_name *
1896*************************************************/
1897
1898/* Check the format of a HELO line. The data for HELO/EHLO is supposed to be
1899the domain name of the sending host, or an ip literal in square brackets. The
4c04137d 1900argument is placed in sender_helo_name, which is in malloc store, because it
059ec3d9
PH
1901must persist over multiple incoming messages. If helo_accept_junk is set, this
1902host is permitted to send any old junk (needed for some broken hosts).
1903Otherwise, helo_allow_chars can be used for rogue characters in general
1904(typically people want to let in underscores).
1905
1906Argument:
1907 s the data portion of the line (already past any white space)
1908
1909Returns: TRUE or FALSE
1910*/
1911
1912static BOOL
1913check_helo(uschar *s)
1914{
1915uschar *start = s;
1916uschar *end = s + Ustrlen(s);
88752192 1917BOOL yield = fl.helo_accept_junk;
059ec3d9
PH
1918
1919/* Discard any previous helo name */
1920
f3ebb786 1921sender_helo_name = NULL;
059ec3d9
PH
1922
1923/* Skip tests if junk is permitted. */
1924
1925if (!yield)
db57e575 1926
059ec3d9
PH
1927 /* Allow the new standard form for IPv6 address literals, namely,
1928 [IPv6:....], and because someone is bound to use it, allow an equivalent
1929 IPv4 form. Allow plain addresses as well. */
1930
1931 if (*s == '[')
1932 {
1933 if (end[-1] == ']')
1934 {
1935 end[-1] = 0;
1936 if (strncmpic(s, US"[IPv6:", 6) == 0)
1937 yield = (string_is_ip_address(s+6, NULL) == 6);
1938 else if (strncmpic(s, US"[IPv4:", 6) == 0)
1939 yield = (string_is_ip_address(s+6, NULL) == 4);
1940 else
1941 yield = (string_is_ip_address(s+1, NULL) != 0);
1942 end[-1] = ']';
1943 }
1944 }
1945
1946 /* Non-literals must be alpha, dot, hyphen, plus any non-valid chars
1947 that have been configured (usually underscore - sigh). */
1948
db57e575
JH
1949 else if (*s)
1950 for (yield = TRUE; *s; s++)
059ec3d9
PH
1951 if (!isalnum(*s) && *s != '.' && *s != '-' &&
1952 Ustrchr(helo_allow_chars, *s) == NULL)
1953 {
1954 yield = FALSE;
1955 break;
1956 }
059ec3d9
PH
1957
1958/* Save argument if OK */
1959
f3ebb786 1960if (yield) sender_helo_name = string_copy_perm(start, TRUE);
059ec3d9
PH
1961return yield;
1962}
1963
1964
1965
1966
1967
1968/*************************************************
1969* Extract SMTP command option *
1970*************************************************/
1971
ca86f471 1972/* This function picks the next option setting off the end of smtp_cmd_data. It
059ec3d9
PH
1973is called for MAIL FROM and RCPT TO commands, to pick off the optional ESMTP
1974things that can appear there.
1975
1976Arguments:
1977 name point this at the name
1978 value point this at the data string
1979
1980Returns: TRUE if found an option
1981*/
1982
1983static BOOL
1984extract_option(uschar **name, uschar **value)
1985{
1986uschar *n;
ca86f471 1987uschar *v = smtp_cmd_data + Ustrlen(smtp_cmd_data) - 1;
059ec3d9
PH
1988while (isspace(*v)) v--;
1989v[1] = 0;
d7a2c833
JH
1990while (v > smtp_cmd_data && *v != '=' && !isspace(*v))
1991 {
1992 /* Take care to not stop at a space embedded in a quoted local-part */
1993
1994 if (*v == '"') do v--; while (*v != '"' && v > smtp_cmd_data+1);
1995 v--;
1996 }
059ec3d9
PH
1997
1998n = v;
fd98a5c6 1999if (*v == '=')
a2673768 2000 {
fd98a5c6
JH
2001 while(isalpha(n[-1])) n--;
2002 /* RFC says SP, but TAB seen in wild and other major MTAs accept it */
2003 if (!isspace(n[-1])) return FALSE;
2004 n[-1] = 0;
a2673768 2005 }
fd98a5c6 2006else
a2673768 2007 {
fd98a5c6
JH
2008 n++;
2009 if (v == smtp_cmd_data) return FALSE;
a2673768 2010 }
059ec3d9 2011*v++ = 0;
fd98a5c6 2012*name = n;
059ec3d9
PH
2013*value = v;
2014return TRUE;
2015}
2016
2017
2018
2019
2020
059ec3d9
PH
2021/*************************************************
2022* Reset for new message *
2023*************************************************/
2024
2025/* This function is called whenever the SMTP session is reset from
e04bfa34 2026within either of the setup functions; also from the daemon loop.
059ec3d9
PH
2027
2028Argument: the stacking pool storage reset point
2029Returns: nothing
2030*/
2031
f3ebb786 2032void *
059ec3d9
PH
2033smtp_reset(void *reset_point)
2034{
059ec3d9
PH
2035recipients_list = NULL;
2036rcpt_count = rcpt_defer_count = rcpt_fail_count =
2037 raw_recipients_count = recipients_count = recipients_list_max = 0;
2e0c1448 2038message_linecount = 0;
059ec3d9 2039message_size = -1;
71fafd95 2040acl_added_headers = NULL;
e7568d51 2041acl_removed_headers = NULL;
8768d548 2042f.queue_only_policy = FALSE;
2679d413 2043rcpt_smtp_response = NULL;
88752192
JH
2044fl.rcpt_smtp_response_same = TRUE;
2045fl.rcpt_in_progress = FALSE;
8768d548 2046f.deliver_freeze = FALSE; /* Can be set by ACL */
6a3f1455 2047freeze_tell = freeze_tell_config; /* Can be set by ACL */
29aba418 2048fake_response = OK; /* Can be set by ACL */
6951ac6c 2049#ifdef WITH_CONTENT_SCAN
8768d548 2050f.no_mbox_unspool = FALSE; /* Can be set by ACL */
8523533c 2051#endif
8768d548
JH
2052f.submission_mode = FALSE; /* Can be set by ACL */
2053f.suppress_local_fixups = f.suppress_local_fixups_default; /* Can be set by ACL */
2054f.active_local_from_check = local_from_check; /* Can be set by ACL */
2055f.active_local_sender_retain = local_sender_retain; /* Can be set by ACL */
90341c71
JH
2056sending_ip_address = NULL;
2057return_path = sender_address = NULL;
2058sender_data = NULL; /* Can be set by ACL */
c679ee08
JH
2059deliver_localpart_parent = deliver_localpart_orig = NULL;
2060deliver_domain_parent = deliver_domain_orig = NULL;
90341c71 2061callout_address = NULL;
2fe1a124 2062submission_name = NULL; /* Can be set by ACL */
059ec3d9
PH
2063raw_sender = NULL; /* After SMTP rewrite, before qualifying */
2064sender_address_unrewritten = NULL; /* Set only after verify rewrite */
2065sender_verified_list = NULL; /* No senders verified */
2066memset(sender_address_cache, 0, sizeof(sender_address_cache));
2067memset(sender_domain_cache, 0, sizeof(sender_domain_cache));
6c1c3d1d 2068
059ec3d9 2069authenticated_sender = NULL;
8523533c
TK
2070#ifdef EXPERIMENTAL_BRIGHTMAIL
2071bmi_run = 0;
2072bmi_verdicts = NULL;
2073#endif
90341c71 2074dnslist_domain = dnslist_matched = NULL;
01067968
JH
2075#ifdef SUPPORT_SPF
2076spf_header_comment = spf_received = spf_result = spf_smtp_comment = NULL;
2077spf_result_guessed = FALSE;
2078#endif
80a47a2c 2079#ifndef DISABLE_DKIM
d342446f 2080dkim_cur_signer = dkim_signers =
b4757e36 2081dkim_signing_domain = dkim_signing_selector = dkim_signatures = NULL;
d342446f 2082dkim_cur_signer = dkim_signers = dkim_signing_domain = dkim_signing_selector = NULL;
8768d548 2083f.dkim_disable_verify = FALSE;
64b67b65 2084dkim_collect_input = 0;
d342446f
JH
2085dkim_verify_overall = dkim_verify_status = dkim_verify_reason = NULL;
2086dkim_key_length = 0;
f7572e5a 2087#endif
1a2e76e1 2088#ifdef SUPPORT_DMARC
8768d548 2089f.dmarc_has_been_checked = f.dmarc_disable_verify = f.dmarc_enable_forensic = FALSE;
8aeef98a 2090dmarc_domain_policy = dmarc_status = dmarc_status_text =
6372d4c9 2091dmarc_used_domain = NULL;
f7572e5a 2092#endif
01067968
JH
2093#ifdef EXPERIMENTAL_ARC
2094arc_state = arc_state_reason = NULL;
1415d1a6 2095arc_received_instance = 0;
b4757e36 2096#endif
aa368db3
JH
2097dsn_ret = 0;
2098dsn_envid = NULL;
90341c71 2099deliver_host = deliver_host_address = NULL; /* Can be set by ACL */
aa368db3
JH
2100#ifndef DISABLE_PRDR
2101prdr_requested = FALSE;
2102#endif
8c5d388a 2103#ifdef SUPPORT_I18N
d1a13eea
JH
2104message_smtputf8 = FALSE;
2105#endif
059ec3d9
PH
2106body_linecount = body_zerocount = 0;
2107
870f6ba8
TF
2108sender_rate = sender_rate_limit = sender_rate_period = NULL;
2109ratelimiters_mail = NULL; /* Updated by ratelimit ACL condition */
2110 /* Note that ratelimiters_conn persists across resets. */
2111
38a0a95f 2112/* Reset message ACL variables */
47ca6d6c 2113
38a0a95f 2114acl_var_m = NULL;
059ec3d9
PH
2115
2116/* The message body variables use malloc store. They may be set if this is
2117not the first message in an SMTP session and the previous message caused them
2118to be referenced in an ACL. */
2119
90341c71 2120if (message_body)
059ec3d9
PH
2121 {
2122 store_free(message_body);
2123 message_body = NULL;
2124 }
2125
90341c71 2126if (message_body_end)
059ec3d9
PH
2127 {
2128 store_free(message_body_end);
2129 message_body_end = NULL;
2130 }
2131
2132/* Warning log messages are also saved in malloc store. They are saved to avoid
2133repetition in the same message, but it seems right to repeat them for different
4e88a19f 2134messages. */
059ec3d9 2135
90341c71 2136while (acl_warn_logged)
059ec3d9
PH
2137 {
2138 string_item *this = acl_warn_logged;
2139 acl_warn_logged = acl_warn_logged->next;
2140 store_free(this);
2141 }
90341c71 2142store_reset(reset_point);
f3ebb786 2143return store_mark();
059ec3d9
PH
2144}
2145
2146
2147
2148
2149
2150/*************************************************
2151* Initialize for incoming batched SMTP message *
2152*************************************************/
2153
2154/* This function is called from smtp_setup_msg() in the case when
2155smtp_batched_input is true. This happens when -bS is used to pass a whole batch
2156of messages in one file with SMTP commands between them. All errors must be
2157reported by sending a message, and only MAIL FROM, RCPT TO, and DATA are
2158relevant. After an error on a sender, or an invalid recipient, the remainder
2159of the message is skipped. The value of received_protocol is already set.
2160
2161Argument: none
2162Returns: > 0 message successfully started (reached DATA)
2163 = 0 QUIT read or end of file reached
2164 < 0 should not occur
2165*/
2166
2167static int
2168smtp_setup_batch_msg(void)
2169{
2170int done = 0;
f3ebb786 2171rmark reset_point = store_mark();
059ec3d9
PH
2172
2173/* Save the line count at the start of each transaction - single commands
2174like HELO and RSET count as whole transactions. */
2175
2176bsmtp_transaction_linecount = receive_linecount;
2177
2178if ((receive_feof)()) return 0; /* Treat EOF as QUIT */
2179
57cc2785 2180cancel_cutthrough_connection(TRUE, US"smtp_setup_batch_msg");
f3ebb786 2181reset_point = smtp_reset(reset_point); /* Reset for start of message */
059ec3d9
PH
2182
2183/* Deal with SMTP commands. This loop is exited by setting done to a POSITIVE
2184value. The values are 2 larger than the required yield of the function. */
2185
2186while (done <= 0)
2187 {
2188 uschar *errmess;
2189 uschar *recipient = NULL;
2190 int start, end, sender_domain, recipient_domain;
2191
bd8fbe36 2192 switch(smtp_read_command(FALSE, GETC_BUFFER_UNLIMITED))
059ec3d9
PH
2193 {
2194 /* The HELO/EHLO commands set sender_address_helo if they have
2195 valid data; otherwise they are ignored, except that they do
2196 a reset of the state. */
2197
2198 case HELO_CMD:
2199 case EHLO_CMD:
2200
db57e575
JH
2201 check_helo(smtp_cmd_data);
2202 /* Fall through */
059ec3d9
PH
2203
2204 case RSET_CMD:
db57e575 2205 cancel_cutthrough_connection(TRUE, US"RSET received");
f3ebb786 2206 reset_point = smtp_reset(reset_point);
db57e575
JH
2207 bsmtp_transaction_linecount = receive_linecount;
2208 break;
059ec3d9
PH
2209
2210
2211 /* The MAIL FROM command requires an address as an operand. All we
2212 do here is to parse it for syntactic correctness. The form "<>" is
2213 a special case which converts into an empty string. The start/end
2214 pointers in the original are not used further for this address, as
2215 it is the canonical extracted address which is all that is kept. */
2216
2217 case MAIL_CMD:
db57e575
JH
2218 smtp_mailcmd_count++; /* Count for no-mail log */
2219 if (sender_address != NULL)
2220 /* The function moan_smtp_batch() does not return. */
2221 moan_smtp_batch(smtp_cmd_buffer, "503 Sender already given");
059ec3d9 2222
db57e575
JH
2223 if (smtp_cmd_data[0] == 0)
2224 /* The function moan_smtp_batch() does not return. */
2225 moan_smtp_batch(smtp_cmd_buffer, "501 MAIL FROM must have an address operand");
059ec3d9 2226
db57e575 2227 /* Reset to start of message */
059ec3d9 2228
db57e575 2229 cancel_cutthrough_connection(TRUE, US"MAIL received");
f3ebb786 2230 reset_point = smtp_reset(reset_point);
059ec3d9 2231
db57e575 2232 /* Apply SMTP rewrite */
059ec3d9 2233
db57e575
JH
2234 raw_sender = ((rewrite_existflags & rewrite_smtp) != 0)?
2235 rewrite_one(smtp_cmd_data, rewrite_smtp|rewrite_smtp_sender, NULL, FALSE,
2236 US"", global_rewrite_rules) : smtp_cmd_data;
059ec3d9 2237
db57e575 2238 /* Extract the address; the TRUE flag allows <> as valid */
059ec3d9 2239
db57e575
JH
2240 raw_sender =
2241 parse_extract_address(raw_sender, &errmess, &start, &end, &sender_domain,
2242 TRUE);
059ec3d9 2243
db57e575
JH
2244 if (!raw_sender)
2245 /* The function moan_smtp_batch() does not return. */
2246 moan_smtp_batch(smtp_cmd_buffer, "501 %s", errmess);
059ec3d9 2247
db57e575 2248 sender_address = string_copy(raw_sender);
059ec3d9 2249
db57e575 2250 /* Qualify unqualified sender addresses if permitted to do so. */
059ec3d9 2251
db57e575
JH
2252 if ( !sender_domain
2253 && sender_address[0] != 0 && sender_address[0] != '@')
8768d548 2254 if (f.allow_unqualified_sender)
db57e575
JH
2255 {
2256 sender_address = rewrite_address_qualify(sender_address, FALSE);
2257 DEBUG(D_receive) debug_printf("unqualified address %s accepted "
2258 "and rewritten\n", raw_sender);
2259 }
2260 /* The function moan_smtp_batch() does not return. */
2261 else
2262 moan_smtp_batch(smtp_cmd_buffer, "501 sender address must contain "
2263 "a domain");
2264 break;
059ec3d9
PH
2265
2266
2267 /* The RCPT TO command requires an address as an operand. All we do
2268 here is to parse it for syntactic correctness. There may be any number
2269 of RCPT TO commands, specifying multiple senders. We build them all into
2270 a data structure that is in argc/argv format. The start/end values
2271 given by parse_extract_address are not used, as we keep only the
2272 extracted address. */
2273
2274 case RCPT_CMD:
db57e575
JH
2275 if (!sender_address)
2276 /* The function moan_smtp_batch() does not return. */
2277 moan_smtp_batch(smtp_cmd_buffer, "503 No sender yet given");
059ec3d9 2278
db57e575
JH
2279 if (smtp_cmd_data[0] == 0)
2280 /* The function moan_smtp_batch() does not return. */
2281 moan_smtp_batch(smtp_cmd_buffer,
2282 "501 RCPT TO must have an address operand");
059ec3d9 2283
db57e575 2284 /* Check maximum number allowed */
059ec3d9 2285
db57e575
JH
2286 if (recipients_max > 0 && recipients_count + 1 > recipients_max)
2287 /* The function moan_smtp_batch() does not return. */
2288 moan_smtp_batch(smtp_cmd_buffer, "%s too many recipients",
2289 recipients_max_reject? "552": "452");
059ec3d9 2290
db57e575
JH
2291 /* Apply SMTP rewrite, then extract address. Don't allow "<>" as a
2292 recipient address */
059ec3d9 2293
db57e575
JH
2294 recipient = rewrite_existflags & rewrite_smtp
2295 ? rewrite_one(smtp_cmd_data, rewrite_smtp, NULL, FALSE, US"",
2296 global_rewrite_rules)
2297 : smtp_cmd_data;
059ec3d9 2298
db57e575
JH
2299 recipient = parse_extract_address(recipient, &errmess, &start, &end,
2300 &recipient_domain, FALSE);
059ec3d9 2301
db57e575
JH
2302 if (!recipient)
2303 /* The function moan_smtp_batch() does not return. */
2304 moan_smtp_batch(smtp_cmd_buffer, "501 %s", errmess);
059ec3d9 2305
db57e575
JH
2306 /* If the recipient address is unqualified, qualify it if permitted. Then
2307 add it to the list of recipients. */
059ec3d9 2308
db57e575 2309 if (!recipient_domain)
8768d548 2310 if (f.allow_unqualified_recipient)
db57e575
JH
2311 {
2312 DEBUG(D_receive) debug_printf("unqualified address %s accepted\n",
2313 recipient);
2314 recipient = rewrite_address_qualify(recipient, TRUE);
2315 }
2316 /* The function moan_smtp_batch() does not return. */
2317 else
2318 moan_smtp_batch(smtp_cmd_buffer,
2319 "501 recipient address must contain a domain");
2320
2321 receive_add_recipient(recipient, -1);
2322 break;
059ec3d9
PH
2323
2324
2325 /* The DATA command is legal only if it follows successful MAIL FROM
2326 and RCPT TO commands. This function is complete when a valid DATA
2327 command is encountered. */
2328
2329 case DATA_CMD:
db57e575
JH
2330 if (!sender_address || recipients_count <= 0)
2331 /* The function moan_smtp_batch() does not return. */
2332 if (!sender_address)
2333 moan_smtp_batch(smtp_cmd_buffer,
2334 "503 MAIL FROM:<sender> command must precede DATA");
2335 else
2336 moan_smtp_batch(smtp_cmd_buffer,
2337 "503 RCPT TO:<recipient> must precede DATA");
059ec3d9 2338 else
db57e575
JH
2339 {
2340 done = 3; /* DATA successfully achieved */
2341 message_ended = END_NOTENDED; /* Indicate in middle of message */
2342 }
2343 break;
059ec3d9
PH
2344
2345
2346 /* The VRFY, EXPN, HELP, ETRN, and NOOP commands are ignored. */
2347
2348 case VRFY_CMD:
2349 case EXPN_CMD:
2350 case HELP_CMD:
2351 case NOOP_CMD:
2352 case ETRN_CMD:
db57e575
JH
2353 bsmtp_transaction_linecount = receive_linecount;
2354 break;
059ec3d9
PH
2355
2356
2357 case EOF_CMD:
2358 case QUIT_CMD:
db57e575
JH
2359 done = 2;
2360 break;
059ec3d9
PH
2361
2362
2363 case BADARG_CMD:
db57e575
JH
2364 /* The function moan_smtp_batch() does not return. */
2365 moan_smtp_batch(smtp_cmd_buffer, "501 Unexpected argument data");
2366 break;
059ec3d9
PH
2367
2368
2369 case BADCHAR_CMD:
db57e575
JH
2370 /* The function moan_smtp_batch() does not return. */
2371 moan_smtp_batch(smtp_cmd_buffer, "501 Unexpected NULL in SMTP command");
2372 break;
059ec3d9
PH
2373
2374
2375 default:
db57e575
JH
2376 /* The function moan_smtp_batch() does not return. */
2377 moan_smtp_batch(smtp_cmd_buffer, "500 Command unrecognized");
2378 break;
059ec3d9
PH
2379 }
2380 }
2381
2382return done - 2; /* Convert yield values */
2383}
2384
2385
2386
2387
01603eec 2388#ifndef DISABLE_TLS
cf0c6164
JH
2389static BOOL
2390smtp_log_tls_fail(uschar * errstr)
2391{
2392uschar * conn_info = smtp_get_connection_info();
2393
2394if (Ustrncmp(conn_info, US"SMTP ", 5) == 0) conn_info += 5;
2395/* I'd like to get separated H= here, but too hard for now */
2396
2397log_write(0, LOG_MAIN, "TLS error on %s %s", conn_info, errstr);
2398return FALSE;
2399}
13c7874e 2400#endif
cf0c6164
JH
2401
2402
a2673768
JH
2403
2404
2405#ifdef TCP_FASTOPEN
2406static void
2407tfo_in_check(void)
2408{
53c7b3a7
JH
2409# ifdef __FreeBSD__
2410int is_fastopen;
2411socklen_t len = sizeof(is_fastopen);
2412
2413/* The tinfo TCPOPT_FAST_OPEN bit seems unreliable, and we don't see state
2414TCP_SYN_RCV (as of 12.1) so no idea about data-use. */
2415
2416if (getsockopt(fileno(smtp_out), IPPROTO_TCP, TCP_FASTOPEN, &is_fastopen, &len) == 0)
2417 {
2418 if (is_fastopen)
2419 {
2420 DEBUG(D_receive)
2421 debug_printf("TFO mode connection (TCP_FASTOPEN getsockopt)\n");
2422 f.tcp_in_fastopen = TRUE;
2423 }
2424 }
2425else DEBUG(D_receive)
2426 debug_printf("TCP_INFO getsockopt: %s\n", strerror(errno));
2427
2428# elif defined(TCP_INFO)
a2673768
JH
2429struct tcp_info tinfo;
2430socklen_t len = sizeof(tinfo);
2431
ee8b8090 2432if (getsockopt(fileno(smtp_out), IPPROTO_TCP, TCP_INFO, &tinfo, &len) == 0)
73a10da9 2433# ifdef TCPI_OPT_SYN_DATA /* FreeBSD 11,12 do not seem to have this yet */
ee8b8090
JH
2434 if (tinfo.tcpi_options & TCPI_OPT_SYN_DATA)
2435 {
73a10da9 2436 DEBUG(D_receive)
53c7b3a7 2437 debug_printf("TFO mode connection (ACKd data-on-SYN)\n");
ee8b8090
JH
2438 f.tcp_in_fastopen_data = f.tcp_in_fastopen = TRUE;
2439 }
dbcb6d0a 2440 else
73a10da9
JH
2441# endif
2442 if (tinfo.tcpi_state == TCP_SYN_RECV) /* Not seen on FreeBSD 12.1 */
ee8b8090 2443 {
73a10da9 2444 DEBUG(D_receive)
53c7b3a7 2445 debug_printf("TFO mode connection (state TCP_SYN_RECV)\n");
ee8b8090
JH
2446 f.tcp_in_fastopen = TRUE;
2447 }
73a10da9
JH
2448else DEBUG(D_receive)
2449 debug_printf("TCP_INFO getsockopt: %s\n", strerror(errno));
a2673768
JH
2450# endif
2451}
2452#endif
2453
2454
059ec3d9
PH
2455/*************************************************
2456* Start an SMTP session *
2457*************************************************/
2458
2459/* This function is called at the start of an SMTP session. Thereafter,
2460smtp_setup_msg() is called to initiate each separate message. This
2461function does host-specific testing, and outputs the banner line.
2462
2463Arguments: none
2464Returns: FALSE if the session can not continue; something has
2465 gone wrong, or the connection to the host is blocked
2466*/
2467
2468BOOL
2469smtp_start_session(void)
2470{
acec9514 2471int esclen;
4e88a19f
PH
2472uschar *user_msg, *log_msg;
2473uschar *code, *esc;
acec9514
JH
2474uschar *p, *s;
2475gstring * ss;
059ec3d9 2476
0f1a8658 2477gettimeofday(&smtp_connection_start, NULL);
b4ed4da0
PH
2478for (smtp_ch_index = 0; smtp_ch_index < SMTP_HBUFF_SIZE; smtp_ch_index++)
2479 smtp_connection_had[smtp_ch_index] = SCH_NONE;
2480smtp_ch_index = 0;
2481
00f00ca5
PH
2482/* Default values for certain variables */
2483
88752192 2484fl.helo_seen = fl.esmtp = fl.helo_accept_junk = FALSE;
b4ed4da0 2485smtp_mailcmd_count = 0;
059ec3d9
PH
2486count_nonmail = TRUE_UNSET;
2487synprot_error_count = unknown_command_count = nonmail_command_count = 0;
2488smtp_delay_mail = smtp_rlm_base;
88752192 2489fl.auth_advertised = FALSE;
8768d548
JH
2490f.smtp_in_pipelining_advertised = f.smtp_in_pipelining_used = FALSE;
2491f.pipelining_enable = TRUE;
059ec3d9 2492sync_cmd_limit = NON_SYNC_CMD_NON_PIPELINING;
88752192 2493fl.smtp_exit_function_called = FALSE; /* For avoiding loop in not-quit exit */
059ec3d9 2494
33d73e3b
PH
2495/* If receiving by -bs from a trusted user, or testing with -bh, we allow
2496authentication settings from -oMaa to remain in force. */
2497
8768d548 2498if (!host_checking && !f.sender_host_notsocket)
c44ff8be 2499 sender_host_auth_pubname = sender_host_authenticated = NULL;
059ec3d9
PH
2500authenticated_by = NULL;
2501
01603eec 2502#ifndef DISABLE_TLS
da40b1ec 2503tls_in.ver = tls_in.cipher = tls_in.peerdn = NULL;
9d1c15ef
JH
2504tls_in.ourcert = tls_in.peercert = NULL;
2505tls_in.sni = NULL;
44662487 2506tls_in.ocsp = OCSP_NOT_REQ;
88752192 2507fl.tls_advertised = FALSE;
059ec3d9 2508#endif
88752192 2509fl.dsn_advertised = FALSE;
8c5d388a 2510#ifdef SUPPORT_I18N
88752192 2511fl.smtputf8_advertised = FALSE;
d1a13eea 2512#endif
059ec3d9
PH
2513
2514/* Reset ACL connection variables */
2515
38a0a95f 2516acl_var_c = NULL;
059ec3d9 2517
f3ebb786 2518/* Allow for trailing 0 in the command and data buffers. Tainted. */
3ee512ff 2519
f3ebb786 2520smtp_cmd_buffer = store_get_perm(2*SMTP_CMD_BUFFER_SIZE + 2, TRUE);
40c90bca 2521
2416c261 2522smtp_cmd_buffer[0] = 0;
bd8fbe36 2523smtp_data_buffer = smtp_cmd_buffer + SMTP_CMD_BUFFER_SIZE + 1;
059ec3d9
PH
2524
2525/* For batched input, the protocol setting can be overridden from the
2526command line by a trusted caller. */
2527
2528if (smtp_batched_input)
2529 {
40c90bca 2530 if (!received_protocol) received_protocol = US"local-bsmtp";
059ec3d9
PH
2531 }
2532
2533/* For non-batched SMTP input, the protocol setting is forced here. It will be
2534reset later if any of EHLO/AUTH/STARTTLS are received. */
2535
2536else
2537 received_protocol =
e524074d 2538 (sender_host_address ? protocols : protocols_local) [pnormal];
059ec3d9
PH
2539
2540/* Set up the buffer for inputting using direct read() calls, and arrange to
ecce6d9a
JH
2541call the local functions instead of the standard C ones. Place a NUL at the
2542end of the buffer to safety-stop C-string reads from it. */
059ec3d9 2543
5903c6ff 2544if (!(smtp_inbuffer = US malloc(IN_BUFFER_SIZE)))
059ec3d9 2545 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "malloc() failed for SMTP input buffer");
ecce6d9a 2546smtp_inbuffer[IN_BUFFER_SIZE-1] = '\0';
40c90bca 2547
059ec3d9 2548receive_getc = smtp_getc;
0d81dabc 2549receive_getbuf = smtp_getbuf;
584e96c6 2550receive_get_cache = smtp_get_cache;
059ec3d9
PH
2551receive_ungetc = smtp_ungetc;
2552receive_feof = smtp_feof;
2553receive_ferror = smtp_ferror;
58eb016e 2554receive_smtp_buffered = smtp_buffered;
059ec3d9
PH
2555smtp_inptr = smtp_inend = smtp_inbuffer;
2556smtp_had_eof = smtp_had_error = 0;
2557
2558/* Set up the message size limit; this may be host-specific */
2559
d45b1de8 2560thismessage_size_limit = expand_string_integer(message_size_limit, TRUE);
db57e575 2561if (expand_string_message)
059ec3d9
PH
2562 {
2563 if (thismessage_size_limit == -1)
2564 log_write(0, LOG_MAIN|LOG_PANIC, "unable to expand message_size_limit: "
2565 "%s", expand_string_message);
2566 else
2567 log_write(0, LOG_MAIN|LOG_PANIC, "invalid message_size_limit: "
2568 "%s", expand_string_message);
2569 smtp_closedown(US"Temporary local problem - please try later");
2570 return FALSE;
2571 }
2572
2573/* When a message is input locally via the -bs or -bS options, sender_host_
2574unknown is set unless -oMa was used to force an IP address, in which case it
2575is checked like a real remote connection. When -bs is used from inetd, this
2576flag is not set, causing the sending host to be checked. The code that deals
2577with IP source routing (if configured) is never required for -bs or -bS and
2578the flag sender_host_notsocket is used to suppress it.
2579
2580If smtp_accept_max and smtp_accept_reserve are set, keep some connections in
2581reserve for certain hosts and/or networks. */
2582
8768d548 2583if (!f.sender_host_unknown)
059ec3d9
PH
2584 {
2585 int rc;
2586 BOOL reserved_host = FALSE;
2587
2588 /* Look up IP options (source routing info) on the socket if this is not an
2589 -oMa "host", and if any are found, log them and drop the connection.
2590
2591 Linux (and others now, see below) is different to everyone else, so there
2592 has to be some conditional compilation here. Versions of Linux before 2.1.15
2593 used a structure whose name was "options". Somebody finally realized that
2594 this name was silly, and it got changed to "ip_options". I use the
2595 newer name here, but there is a fudge in the script that sets up os.h
2596 to define a macro in older Linux systems.
2597
2598 Sigh. Linux is a fast-moving target. Another generation of Linux uses
2599 glibc 2, which has chosen ip_opts for the structure name. This is now
2600 really a glibc thing rather than a Linux thing, so the condition name
2601 has been changed to reflect this. It is relevant also to GNU/Hurd.
2602
2603 Mac OS 10.x (Darwin) is like the later glibc versions, but without the
2604 setting of the __GLIBC__ macro, so we can't detect it automatically. There's
2605 a special macro defined in the os.h file.
2606
2607 Some DGUX versions on older hardware appear not to support IP options at
2608 all, so there is now a general macro which can be set to cut out this
2609 support altogether.
2610
2611 How to do this properly in IPv6 is not yet known. */
2612
e0574cb5 2613#if !HAVE_IPV6 && !defined(NO_IP_OPTIONS)
059ec3d9
PH
2614
2615 #ifdef GLIBC_IP_OPTIONS
2616 #if (!defined __GLIBC__) || (__GLIBC__ < 2)
2617 #define OPTSTYLE 1
2618 #else
2619 #define OPTSTYLE 2
2620 #endif
2621 #elif defined DARWIN_IP_OPTIONS
2622 #define OPTSTYLE 2
2623 #else
2624 #define OPTSTYLE 3
2625 #endif
2626
8768d548 2627 if (!host_checking && !f.sender_host_notsocket)
059ec3d9
PH
2628 {
2629 #if OPTSTYLE == 1
36a3b041 2630 EXIM_SOCKLEN_T optlen = sizeof(struct ip_options) + MAX_IPOPTLEN;
f3ebb786 2631 struct ip_options *ipopt = store_get(optlen, FALSE);
059ec3d9
PH
2632 #elif OPTSTYLE == 2
2633 struct ip_opts ipoptblock;
2634 struct ip_opts *ipopt = &ipoptblock;
36a3b041 2635 EXIM_SOCKLEN_T optlen = sizeof(ipoptblock);
059ec3d9
PH
2636 #else
2637 struct ipoption ipoptblock;
2638 struct ipoption *ipopt = &ipoptblock;
36a3b041 2639 EXIM_SOCKLEN_T optlen = sizeof(ipoptblock);
059ec3d9
PH
2640 #endif
2641
2642 /* Occasional genuine failures of getsockopt() have been seen - for
2643 example, "reset by peer". Therefore, just log and give up on this
2644 call, unless the error is ENOPROTOOPT. This error is given by systems
2645 that have the interfaces but not the mechanism - e.g. GNU/Hurd at the time
2646 of writing. So for that error, carry on - we just can't do an IP options
2647 check. */
2648
2649 DEBUG(D_receive) debug_printf("checking for IP options\n");
2650
5903c6ff 2651 if (getsockopt(fileno(smtp_out), IPPROTO_IP, IP_OPTIONS, US (ipopt),
059ec3d9
PH
2652 &optlen) < 0)
2653 {
2654 if (errno != ENOPROTOOPT)
2655 {
2656 log_write(0, LOG_MAIN, "getsockopt() failed from %s: %s",
2657 host_and_ident(FALSE), strerror(errno));
925ac8e4 2658 smtp_printf("451 SMTP service not available\r\n", FALSE);
059ec3d9
PH
2659 return FALSE;
2660 }
2661 }
2662
2663 /* Deal with any IP options that are set. On the systems I have looked at,
2664 the value of MAX_IPOPTLEN has been 40, meaning that there should never be
2665 more logging data than will fit in big_buffer. Nevertheless, after somebody
2666 questioned this code, I've added in some paranoid checking. */
2667
2668 else if (optlen > 0)
2669 {
2670 uschar *p = big_buffer;
2671 uschar *pend = big_buffer + big_buffer_size;
d7978c0f 2672 uschar *adptr;
059ec3d9
PH
2673 int optcount;
2674 struct in_addr addr;
2675
2676 #if OPTSTYLE == 1
5903c6ff 2677 uschar *optstart = US (ipopt->__data);
059ec3d9 2678 #elif OPTSTYLE == 2
5903c6ff 2679 uschar *optstart = US (ipopt->ip_opts);
059ec3d9 2680 #else
5903c6ff 2681 uschar *optstart = US (ipopt->ipopt_list);
059ec3d9
PH
2682 #endif
2683
2684 DEBUG(D_receive) debug_printf("IP options exist\n");
2685
2686 Ustrcpy(p, "IP options on incoming call:");
2687 p += Ustrlen(p);
2688
d7978c0f 2689 for (uschar * opt = optstart; opt && opt < US (ipopt) + optlen; )
059ec3d9
PH
2690 switch (*opt)
2691 {
2692 case IPOPT_EOL:
2693 opt = NULL;
2694 break;
2695
2696 case IPOPT_NOP:
2697 opt++;
2698 break;
2699
2700 case IPOPT_SSRR:
2701 case IPOPT_LSRR:
2702 if (!string_format(p, pend-p, " %s [@%s",
2703 (*opt == IPOPT_SSRR)? "SSRR" : "LSRR",
2704 #if OPTSTYLE == 1
2705 inet_ntoa(*((struct in_addr *)(&(ipopt->faddr))))))
2706 #elif OPTSTYLE == 2
2707 inet_ntoa(ipopt->ip_dst)))
2708 #else
2709 inet_ntoa(ipopt->ipopt_dst)))
2710 #endif
2711 {
2712 opt = NULL;
2713 break;
2714 }
2715
2716 p += Ustrlen(p);
2717 optcount = (opt[1] - 3) / sizeof(struct in_addr);
2718 adptr = opt + 3;
2719 while (optcount-- > 0)
2720 {
2721 memcpy(&addr, adptr, sizeof(addr));
2722 if (!string_format(p, pend - p - 1, "%s%s",
2723 (optcount == 0)? ":" : "@", inet_ntoa(addr)))
2724 {
2725 opt = NULL;
2726 break;
2727 }
2728 p += Ustrlen(p);
2729 adptr += sizeof(struct in_addr);
2730 }
2731 *p++ = ']';
2732 opt += opt[1];
2733 break;
2734
2735 default:
2736 {
059ec3d9
PH
2737 if (pend - p < 4 + 3*opt[1]) { opt = NULL; break; }
2738 Ustrcat(p, "[ ");
2739 p += 2;
d7978c0f 2740 for (int i = 0; i < opt[1]; i++)
5976eb99 2741 p += sprintf(CS p, "%2.2x ", opt[i]);
059ec3d9
PH
2742 *p++ = ']';
2743 }
2744 opt += opt[1];
2745 break;
2746 }
059ec3d9
PH
2747
2748 *p = 0;
2749 log_write(0, LOG_MAIN, "%s", big_buffer);
2750
2751 /* Refuse any call with IP options. This is what tcpwrappers 7.5 does. */
2752
2753 log_write(0, LOG_MAIN|LOG_REJECT,
2754 "connection from %s refused (IP options)", host_and_ident(FALSE));
2755
925ac8e4 2756 smtp_printf("554 SMTP service not available\r\n", FALSE);
059ec3d9
PH
2757 return FALSE;
2758 }
2759
2760 /* Length of options = 0 => there are no options */
2761
2762 else DEBUG(D_receive) debug_printf("no IP options found\n");
2763 }
e0574cb5 2764#endif /* HAVE_IPV6 && !defined(NO_IP_OPTIONS) */
059ec3d9
PH
2765
2766 /* Set keep-alive in socket options. The option is on by default. This
2767 setting is an attempt to get rid of some hanging connections that stick in
2768 read() when the remote end (usually a dialup) goes away. */
2769
8768d548 2770 if (smtp_accept_keepalive && !f.sender_host_notsocket)
059ec3d9
PH
2771 ip_keepalive(fileno(smtp_out), sender_host_address, FALSE);
2772
2773 /* If the current host matches host_lookup, set the name by doing a
2774 reverse lookup. On failure, sender_host_name will be NULL and
2775 host_lookup_failed will be TRUE. This may or may not be serious - optional
2776 checks later. */
2777
2778 if (verify_check_host(&host_lookup) == OK)
2779 {
2780 (void)host_name_lookup();
2781 host_build_sender_fullhost();
2782 }
2783
2784 /* Delay this until we have the full name, if it is looked up. */
2785
2786 set_process_info("handling incoming connection from %s",
2787 host_and_ident(FALSE));
2788
1ad6489e
JH
2789 /* Expand smtp_receive_timeout, if needed */
2790
2791 if (smtp_receive_timeout_s)
2792 {
2793 uschar * exp;
2794 if ( !(exp = expand_string(smtp_receive_timeout_s))
2795 || !(*exp)
2796 || (smtp_receive_timeout = readconf_readtime(exp, 0, FALSE)) < 0
2797 )
2798 log_write(0, LOG_MAIN|LOG_PANIC,
2799 "bad value for smtp_receive_timeout: '%s'", exp ? exp : US"");
2800 }
2801
059ec3d9
PH
2802 /* Test for explicit connection rejection */
2803
2804 if (verify_check_host(&host_reject_connection) == OK)
2805 {
2806 log_write(L_connection_reject, LOG_MAIN|LOG_REJECT, "refused connection "
2807 "from %s (host_reject_connection)", host_and_ident(FALSE));
925ac8e4 2808 smtp_printf("554 SMTP service not available\r\n", FALSE);
059ec3d9
PH
2809 return FALSE;
2810 }
2811
afb3eaaf
PH
2812 /* Test with TCP Wrappers if so configured. There is a problem in that
2813 hosts_ctl() returns 0 (deny) under a number of system failure circumstances,
2814 such as disks dying. In these cases, it is desirable to reject with a 4xx
2815 error instead of a 5xx error. There isn't a "right" way to detect such
2816 problems. The following kludge is used: errno is zeroed before calling
2817 hosts_ctl(). If the result is "reject", a 5xx error is given only if the
2818 value of errno is 0 or ENOENT (which happens if /etc/hosts.{allow,deny} does
2819 not exist). */
059ec3d9 2820
1811cb4c 2821#ifdef USE_TCP_WRAPPERS
afb3eaaf 2822 errno = 0;
1811cb4c 2823 if (!(tcp_wrappers_name = expand_string(tcp_wrappers_daemon_name)))
5dc43717
JJ
2824 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Expansion of \"%s\" "
2825 "(tcp_wrappers_name) failed: %s", string_printing(tcp_wrappers_name),
2826 expand_string_message);
1811cb4c 2827
5dc43717 2828 if (!hosts_ctl(tcp_wrappers_name,
1811cb4c
JH
2829 sender_host_name ? CS sender_host_name : STRING_UNKNOWN,
2830 sender_host_address ? CS sender_host_address : STRING_UNKNOWN,
2831 sender_ident ? CS sender_ident : STRING_UNKNOWN))
059ec3d9 2832 {
afb3eaaf
PH
2833 if (errno == 0 || errno == ENOENT)
2834 {
2835 HDEBUG(D_receive) debug_printf("tcp wrappers rejection\n");
2836 log_write(L_connection_reject,
2837 LOG_MAIN|LOG_REJECT, "refused connection from %s "
2838 "(tcp wrappers)", host_and_ident(FALSE));
925ac8e4 2839 smtp_printf("554 SMTP service not available\r\n", FALSE);
afb3eaaf
PH
2840 }
2841 else
2842 {
2843 int save_errno = errno;
2844 HDEBUG(D_receive) debug_printf("tcp wrappers rejected with unexpected "
2845 "errno value %d\n", save_errno);
2846 log_write(L_connection_reject,
2847 LOG_MAIN|LOG_REJECT, "temporarily refused connection from %s "
2848 "(tcp wrappers errno=%d)", host_and_ident(FALSE), save_errno);
925ac8e4 2849 smtp_printf("451 Temporary local problem - please try later\r\n", FALSE);
afb3eaaf 2850 }
059ec3d9
PH
2851 return FALSE;
2852 }
1811cb4c 2853#endif
059ec3d9 2854
b01dd148
PH
2855 /* Check for reserved slots. The value of smtp_accept_count has already been
2856 incremented to include this process. */
059ec3d9
PH
2857
2858 if (smtp_accept_max > 0 &&
b01dd148 2859 smtp_accept_count > smtp_accept_max - smtp_accept_reserve)
059ec3d9
PH
2860 {
2861 if ((rc = verify_check_host(&smtp_reserve_hosts)) != OK)
2862 {
2863 log_write(L_connection_reject,
2864 LOG_MAIN, "temporarily refused connection from %s: not in "
2865 "reserve list: connected=%d max=%d reserve=%d%s",
b01dd148 2866 host_and_ident(FALSE), smtp_accept_count - 1, smtp_accept_max,
059ec3d9
PH
2867 smtp_accept_reserve, (rc == DEFER)? " (lookup deferred)" : "");
2868 smtp_printf("421 %s: Too many concurrent SMTP connections; "
925ac8e4 2869 "please try again later\r\n", FALSE, smtp_active_hostname);
059ec3d9
PH
2870 return FALSE;
2871 }
2872 reserved_host = TRUE;
2873 }
2874
2875 /* If a load level above which only messages from reserved hosts are
2876 accepted is set, check the load. For incoming calls via the daemon, the
2877 check is done in the superior process if there are no reserved hosts, to
2878 save a fork. In all cases, the load average will already be available
2879 in a global variable at this point. */
2880
2881 if (smtp_load_reserve >= 0 &&
2882 load_average > smtp_load_reserve &&
2883 !reserved_host &&
2884 verify_check_host(&smtp_reserve_hosts) != OK)
2885 {
2886 log_write(L_connection_reject,
2887 LOG_MAIN, "temporarily refused connection from %s: not in "
2888 "reserve list and load average = %.2f", host_and_ident(FALSE),
2889 (double)load_average/1000.0);
925ac8e4 2890 smtp_printf("421 %s: Too much load; please try again later\r\n", FALSE,
059ec3d9
PH
2891 smtp_active_hostname);
2892 return FALSE;
2893 }
2894
2895 /* Determine whether unqualified senders or recipients are permitted
2896 for this host. Unfortunately, we have to do this every time, in order to
2897 set the flags so that they can be inspected when considering qualifying
2898 addresses in the headers. For a site that permits no qualification, this
2899 won't take long, however. */
2900
8768d548 2901 f.allow_unqualified_sender =
059ec3d9
PH
2902 verify_check_host(&sender_unqualified_hosts) == OK;
2903
8768d548 2904 f.allow_unqualified_recipient =
059ec3d9
PH
2905 verify_check_host(&recipient_unqualified_hosts) == OK;
2906
2907 /* Determine whether HELO/EHLO is required for this host. The requirement
2908 can be hard or soft. */
2909
88752192
JH
2910 fl.helo_required = verify_check_host(&helo_verify_hosts) == OK;
2911 if (!fl.helo_required)
2912 fl.helo_verify = verify_check_host(&helo_try_verify_hosts) == OK;
059ec3d9
PH
2913
2914 /* Determine whether this hosts is permitted to send syntactic junk
2915 after a HELO or EHLO command. */
2916
88752192 2917 fl.helo_accept_junk = verify_check_host(&helo_accept_junk_hosts) == OK;
059ec3d9
PH
2918 }
2919
2920/* For batch SMTP input we are now done. */
2921
2922if (smtp_batched_input) return TRUE;
2923
a3c86431
TL
2924/* If valid Proxy Protocol source is connecting, set up session.
2925 * Failure will not allow any SMTP function other than QUIT. */
1811cb4c
JH
2926
2927#ifdef SUPPORT_PROXY
a3c86431 2928proxy_session = FALSE;
8768d548 2929f.proxy_session_failed = FALSE;
a3c86431 2930if (check_proxy_protocol_host())
1811cb4c
JH
2931 setup_proxy_protocol_host();
2932#endif
2933
2934 /* Start up TLS if tls_on_connect is set. This is for supporting the legacy
2935 smtps port for use with older style SSL MTAs. */
2936
01603eec 2937#ifndef DISABLE_TLS
69d8eed7
JH
2938 if (tls_in.on_connect)
2939 {
2940 if (tls_server_start(tls_require_ciphers, &user_msg) != OK)
2941 return smtp_log_tls_fail(user_msg);
2942 cmd_list[CMD_LIST_TLS_AUTH].is_mail_cmd = TRUE;
2943 }
a3c86431
TL
2944#endif
2945
1811cb4c 2946/* Run the connect ACL if it exists */
059ec3d9 2947
4e88a19f 2948user_msg = NULL;
3cc3f762 2949if (acl_smtp_connect)
059ec3d9
PH
2950 {
2951 int rc;
3cc3f762
JH
2952 if ((rc = acl_check(ACL_WHERE_CONNECT, NULL, acl_smtp_connect, &user_msg,
2953 &log_msg)) != OK)
059ec3d9 2954 {
3cc3f762 2955 (void) smtp_handle_acl_fail(ACL_WHERE_CONNECT, rc, user_msg, log_msg);
059ec3d9
PH
2956 return FALSE;
2957 }
2958 }
2959
2960/* Output the initial message for a two-way SMTP connection. It may contain
2961newlines, which then cause a multi-line response to be given. */
2962
4e88a19f
PH
2963code = US"220"; /* Default status code */
2964esc = US""; /* Default extended status code */
2965esclen = 0; /* Length of esc */
2966
d4ff61d1 2967if (!user_msg)
4e88a19f 2968 {
d4ff61d1 2969 if (!(s = expand_string(smtp_banner)))
4e88a19f
PH
2970 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Expansion of \"%s\" (smtp_banner) "
2971 "failed: %s", smtp_banner, expand_string_message);
2972 }
2973else
2974 {
2975 int codelen = 3;
2976 s = user_msg;
4f6ae5c3 2977 smtp_message_code(&code, &codelen, &s, NULL, TRUE);
d6a96edc 2978 if (codelen > 4)
4e88a19f
PH
2979 {
2980 esc = code + 4;
2981 esclen = codelen - 4;
2982 }
2983 }
059ec3d9
PH
2984
2985/* Remove any terminating newlines; might as well remove trailing space too */
2986
2987p = s + Ustrlen(s);
2988while (p > s && isspace(p[-1])) p--;
2989*p = 0;
2990
2991/* It seems that CC:Mail is braindead, and assumes that the greeting message
2992is all contained in a single IP packet. The original code wrote out the
2993greeting using several calls to fprint/fputc, and on busy servers this could
2994cause it to be split over more than one packet - which caused CC:Mail to fall
2995over when it got the second part of the greeting after sending its first
2996command. Sigh. To try to avoid this, build the complete greeting message
2997first, and output it in one fell swoop. This gives a better chance of it
2998ending up as a single packet. */
2999
acec9514 3000ss = string_get(256);
059ec3d9
PH
3001
3002p = s;
3003do /* At least once, in case we have an empty string */
3004 {
3005 int len;
3006 uschar *linebreak = Ustrchr(p, '\n');
acec9514 3007 ss = string_catn(ss, code, 3);
db57e575 3008 if (!linebreak)
059ec3d9
PH
3009 {
3010 len = Ustrlen(p);
acec9514 3011 ss = string_catn(ss, US" ", 1);
059ec3d9
PH
3012 }
3013 else
3014 {
3015 len = linebreak - p;
acec9514 3016 ss = string_catn(ss, US"-", 1);
059ec3d9 3017 }
acec9514
JH
3018 ss = string_catn(ss, esc, esclen);
3019 ss = string_catn(ss, p, len);
3020 ss = string_catn(ss, US"\r\n", 2);
059ec3d9 3021 p += len;
db57e575 3022 if (linebreak) p++;
059ec3d9 3023 }
db57e575 3024while (*p);
059ec3d9 3025
059ec3d9
PH
3026/* Before we write the banner, check that there is no input pending, unless
3027this synchronisation check is disabled. */
3028
81344b40 3029#ifndef DISABLE_PIPE_CONNECT
ee8b8090
JH
3030fl.pipe_connect_acceptable =
3031 sender_host_address && verify_check_host(&pipe_connect_advertise_hosts) == OK;
3032
a14e5636 3033if (!check_sync())
ee8b8090
JH
3034 if (fl.pipe_connect_acceptable)
3035 f.smtp_in_early_pipe_used = TRUE;
3036 else
3037#else
3038if (!check_sync())
3039#endif
3040 {
3041 unsigned n = smtp_inend - smtp_inptr;
3042 if (n > 32) n = 32;
3043
3044 log_write(0, LOG_MAIN|LOG_REJECT, "SMTP protocol "
3045 "synchronization error (input sent without waiting for greeting): "
3046 "rejected connection from %s input=\"%s\"", host_and_ident(TRUE),
3047 string_printing(string_copyn(smtp_inptr, n)));
3048 smtp_printf("554 SMTP synchronization error\r\n", FALSE);
3049 return FALSE;
3050 }
059ec3d9
PH
3051
3052/* Now output the banner */
ee8b8090 3053/*XXX the ehlo-resp code does its own tls/nontls bit. Maybe subroutine that? */
059ec3d9 3054
ee8b8090 3055smtp_printf("%s",
81344b40 3056#ifndef DISABLE_PIPE_CONNECT
ee8b8090
JH
3057 fl.pipe_connect_acceptable && pipeline_connect_sends(),
3058#else
3059 FALSE,
3060#endif
3061 string_from_gstring(ss));
a2673768
JH
3062
3063/* Attempt to see if we sent the banner before the last ACK of the 3-way
3064handshake arrived. If so we must have managed a TFO. */
3065
3066#ifdef TCP_FASTOPEN
53c7b3a7 3067if (sender_host_address && !f.sender_host_notsocket) tfo_in_check();
a2673768
JH
3068#endif
3069
059ec3d9
PH
3070return TRUE;
3071}
3072
3073
3074
3075
3076
3077/*************************************************
3078* Handle SMTP syntax and protocol errors *
3079*************************************************/
3080
3081/* Write to the log for SMTP syntax errors in incoming commands, if configured
3082to do so. Then transmit the error response. The return value depends on the
3083number of syntax and protocol errors in this SMTP session.
3084
3085Arguments:
3086 type error type, given as a log flag bit
3087 code response code; <= 0 means don't send a response
3088 data data to reflect in the response (can be NULL)
3089 errmess the error message
3090
3091Returns: -1 limit of syntax/protocol errors NOT exceeded
3092 +1 limit of syntax/protocol errors IS exceeded
3093
3094These values fit in with the values of the "done" variable in the main
3095processing loop in smtp_setup_msg(). */
3096
3097static int
3098synprot_error(int type, int code, uschar *data, uschar *errmess)
3099{
3100int yield = -1;
3101
3102log_write(type, LOG_MAIN, "SMTP %s error in \"%s\" %s %s",
3103 (type == L_smtp_syntax_error)? "syntax" : "protocol",
3ee512ff 3104 string_printing(smtp_cmd_buffer), host_and_ident(TRUE), errmess);
059ec3d9
PH
3105
3106if (++synprot_error_count > smtp_max_synprot_errors)
3107 {
3108 yield = 1;
3109 log_write(0, LOG_MAIN|LOG_REJECT, "SMTP call from %s dropped: too many "
3110 "syntax or protocol errors (last command was \"%s\")",
0ebc4d69 3111 host_and_ident(FALSE), string_printing(smtp_cmd_buffer));
059ec3d9
PH
3112 }
3113
3114if (code > 0)
3115 {
925ac8e4
JH
3116 smtp_printf("%d%c%s%s%s\r\n", FALSE, code, yield == 1 ? '-' : ' ',
3117 data ? data : US"", data ? US": " : US"", errmess);
059ec3d9 3118 if (yield == 1)
925ac8e4 3119 smtp_printf("%d Too many syntax or protocol errors\r\n", FALSE, code);
059ec3d9
PH
3120 }
3121
3122return yield;
3123}
3124
3125
3126
3127
3128/*************************************************
059ec3d9
PH
3129* Send SMTP response, possibly multiline *
3130*************************************************/
3131
3132/* There are, it seems, broken clients out there that cannot handle multiline
3133responses. If no_multiline_responses is TRUE (it can be set from an ACL), we
3134output nothing for non-final calls, and only the first line for anything else.
3135
3136Arguments:
a5bd321b 3137 code SMTP code, may involve extended status codes
d6a96edc 3138 codelen length of smtp code; if > 4 there's an ESC
059ec3d9
PH
3139 final FALSE if the last line isn't the final line
3140 msg message text, possibly containing newlines
3141
3142Returns: nothing
3143*/
3144
3145void
a5bd321b 3146smtp_respond(uschar* code, int codelen, BOOL final, uschar *msg)
059ec3d9 3147{
a5bd321b
PH
3148int esclen = 0;
3149uschar *esc = US"";
3150
8768d548 3151if (!final && f.no_multiline_responses) return;
059ec3d9 3152
d6a96edc 3153if (codelen > 4)
a5bd321b
PH
3154 {
3155 esc = code + 4;
3156 esclen = codelen - 4;
3157 }
3158
2679d413
PH
3159/* If this is the first output for a (non-batch) RCPT command, see if all RCPTs
3160have had the same. Note: this code is also present in smtp_printf(). It would
3161be tidier to have it only in one place, but when it was added, it was easier to
3162do it that way, so as not to have to mess with the code for the RCPT command,
3163which sometimes uses smtp_printf() and sometimes smtp_respond(). */
3164
88752192 3165if (fl.rcpt_in_progress)
2679d413
PH
3166 {
3167 if (rcpt_smtp_response == NULL)
3168 rcpt_smtp_response = string_copy(msg);
88752192 3169 else if (fl.rcpt_smtp_response_same &&
2679d413 3170 Ustrcmp(rcpt_smtp_response, msg) != 0)
88752192
JH
3171 fl.rcpt_smtp_response_same = FALSE;
3172 fl.rcpt_in_progress = FALSE;
2679d413
PH
3173 }
3174
e5de01f0 3175/* Now output the message, splitting it up into multiple lines if necessary.
925ac8e4
JH
3176We only handle pipelining these responses as far as nonfinal/final groups,
3177not the whole MAIL/RCPT/DATA response set. */
2679d413 3178
059ec3d9
PH
3179for (;;)
3180 {
3181 uschar *nl = Ustrchr(msg, '\n');
3182 if (nl == NULL)
3183 {
925ac8e4 3184 smtp_printf("%.3s%c%.*s%s\r\n", !final, code, final ? ' ':'-', esclen, esc, msg);
059ec3d9
PH
3185 return;
3186 }
8768d548 3187 else if (nl[1] == 0 || f.no_multiline_responses)
059ec3d9 3188 {
925ac8e4 3189 smtp_printf("%.3s%c%.*s%.*s\r\n", !final, code, final ? ' ':'-', esclen, esc,
a5bd321b 3190 (int)(nl - msg), msg);
059ec3d9
PH
3191 return;
3192 }
3193 else
3194 {
925ac8e4 3195 smtp_printf("%.3s-%.*s%.*s\r\n", TRUE, code, esclen, esc, (int)(nl - msg), msg);
059ec3d9
PH
3196 msg = nl + 1;
3197 while (isspace(*msg)) msg++;
3198 }
3199 }
3200}
3201
3202
3203
3204
3205/*************************************************
4e88a19f
PH
3206* Parse user SMTP message *
3207*************************************************/
3208
3209/* This function allows for user messages overriding the response code details
3210by providing a suitable response code string at the start of the message
3211user_msg. Check the message for starting with a response code and optionally an
3212extended status code. If found, check that the first digit is valid, and if so,
3213change the code pointer and length to use the replacement. An invalid code
3214causes a panic log; in this case, if the log messages is the same as the user
3215message, we must also adjust the value of the log message to show the code that
3216is actually going to be used (the original one).
3217
3218This function is global because it is called from receive.c as well as within
3219this module.
3220
d6a96edc
PH
3221Note that the code length returned includes the terminating whitespace
3222character, which is always included in the regex match.
3223
4e88a19f
PH
3224Arguments:
3225 code SMTP code, may involve extended status codes
d6a96edc 3226 codelen length of smtp code; if > 4 there's an ESC
4e88a19f
PH
3227 msg message text
3228 log_msg optional log message, to be adjusted with the new SMTP code
4f6ae5c3 3229 check_valid if true, verify the response code
4e88a19f
PH
3230
3231Returns: nothing
3232*/
3233
3234void
4f6ae5c3
JH
3235smtp_message_code(uschar **code, int *codelen, uschar **msg, uschar **log_msg,
3236 BOOL check_valid)
4e88a19f
PH
3237{
3238int n;
3239int ovector[3];
3240
4f6ae5c3 3241if (!msg || !*msg) return;
4e88a19f 3242
4f6ae5c3
JH
3243if ((n = pcre_exec(regex_smtp_code, NULL, CS *msg, Ustrlen(*msg), 0,
3244 PCRE_EOPT, ovector, sizeof(ovector)/sizeof(int))) < 0) return;
4e88a19f 3245
4f6ae5c3 3246if (check_valid && (*msg)[0] != (*code)[0])
4e88a19f
PH
3247 {
3248 log_write(0, LOG_MAIN|LOG_PANIC, "configured error code starts with "
3249 "incorrect digit (expected %c) in \"%s\"", (*code)[0], *msg);
3250 if (log_msg != NULL && *log_msg == *msg)
3251 *log_msg = string_sprintf("%s %s", *code, *log_msg + ovector[1]);
3252 }
3253else
3254 {
3255 *code = *msg;
3256 *codelen = ovector[1]; /* Includes final space */
3257 }
3258*msg += ovector[1]; /* Chop the code off the message */
3259return;
3260}
3261
3262
3263
3264
3265/*************************************************
059ec3d9
PH
3266* Handle an ACL failure *
3267*************************************************/
3268
3269/* This function is called when acl_check() fails. As well as calls from within
3270this module, it is called from receive.c for an ACL after DATA. It sorts out
5b6f7658 3271logging the incident, and sends the error response. A message containing
059ec3d9
PH
3272newlines is turned into a multiline SMTP response, but for logging, only the
3273first line is used.
3274
a5bd321b
PH
3275There's a table of default permanent failure response codes to use in
3276globals.c, along with the table of names. VFRY is special. Despite RFC1123 it
3277defaults disabled in Exim. However, discussion in connection with RFC 821bis
3278(aka RFC 2821) has concluded that the response should be 252 in the disabled
3279state, because there are broken clients that try VRFY before RCPT. A 5xx
3280response should be given only when the address is positively known to be
4f6ae5c3
JH
3281undeliverable. Sigh. We return 252 if there is no VRFY ACL or it provides
3282no explicit code, but if there is one we let it know best.
3283Also, for ETRN, 458 is given on refusal, and for AUTH, 503.
a5bd321b
PH
3284
3285From Exim 4.63, it is possible to override the response code details by
3286providing a suitable response code string at the start of the message provided
3287in user_msg. The code's first digit is checked for validity.
059ec3d9
PH
3288
3289Arguments:
4f6ae5c3
JH
3290 where where the ACL was called from
3291 rc the failure code
3292 user_msg a message that can be included in an SMTP response
3293 log_msg a message for logging
059ec3d9
PH
3294
3295Returns: 0 in most cases
3296 2 if the failure code was FAIL_DROP, in which case the
3297 SMTP connection should be dropped (this value fits with the
3298 "done" variable in smtp_setup_msg() below)
3299*/
3300
3301int
3302smtp_handle_acl_fail(int where, int rc, uschar *user_msg, uschar *log_msg)
3303{
059ec3d9 3304BOOL drop = rc == FAIL_DROP;
a5bd321b 3305int codelen = 3;
a5bd321b 3306uschar *smtp_code;
059ec3d9
PH
3307uschar *lognl;
3308uschar *sender_info = US"";
64ffc24f 3309uschar *what =
8523533c 3310#ifdef WITH_CONTENT_SCAN
3cc3f762 3311 where == ACL_WHERE_MIME ? US"during MIME ACL checks" :
8e669ac1 3312#endif
3cc3f762
JH
3313 where == ACL_WHERE_PREDATA ? US"DATA" :
3314 where == ACL_WHERE_DATA ? US"after DATA" :
8ccd00b1 3315#ifndef DISABLE_PRDR
3cc3f762 3316 where == ACL_WHERE_PRDR ? US"after DATA PRDR" :
fd98a5c6 3317#endif
3cc3f762
JH
3318 smtp_cmd_data ?
3319 string_sprintf("%s %s", acl_wherenames[where], smtp_cmd_data) :
3320 string_sprintf("%s in \"connect\" ACL", acl_wherenames[where]);
059ec3d9
PH
3321
3322if (drop) rc = FAIL;
3323
4e88a19f 3324/* Set the default SMTP code, and allow a user message to change it. */
a5bd321b 3325
4f6ae5c3
JH
3326smtp_code = rc == FAIL ? acl_wherecodes[where] : US"451";
3327smtp_message_code(&smtp_code, &codelen, &user_msg, &log_msg,
3328 where != ACL_WHERE_VRFY);
a5bd321b 3329
059ec3d9
PH
3330/* We used to have sender_address here; however, there was a bug that was not
3331updating sender_address after a rewrite during a verify. When this bug was
3332fixed, sender_address at this point became the rewritten address. I'm not sure
3333this is what should be logged, so I've changed to logging the unrewritten
3334address to retain backward compatibility. */
3335
8523533c 3336#ifndef WITH_CONTENT_SCAN
059ec3d9 3337if (where == ACL_WHERE_RCPT || where == ACL_WHERE_DATA)
8523533c
TK
3338#else
3339if (where == ACL_WHERE_RCPT || where == ACL_WHERE_DATA || where == ACL_WHERE_MIME)
3340#endif
059ec3d9 3341 {
b98bb9ac
PP
3342 sender_info = string_sprintf("F=<%s>%s%s%s%s ",
3343 sender_address_unrewritten ? sender_address_unrewritten : sender_address,
3344 sender_host_authenticated ? US" A=" : US"",
3345 sender_host_authenticated ? sender_host_authenticated : US"",
3346 sender_host_authenticated && authenticated_id ? US":" : US"",
3347 sender_host_authenticated && authenticated_id ? authenticated_id : US""
3348 );
059ec3d9
PH
3349 }
3350
3351/* If there's been a sender verification failure with a specific message, and
3352we have not sent a response about it yet, do so now, as a preliminary line for
278c6e6c
PH
3353failures, but not defers. However, always log it for defer, and log it for fail
3354unless the sender_verify_fail log selector has been turned off. */
059ec3d9 3355
02b41d71 3356if (sender_verified_failed &&
059ec3d9
PH
3357 !testflag(sender_verified_failed, af_sverify_told))
3358 {
88752192
JH
3359 BOOL save_rcpt_in_progress = fl.rcpt_in_progress;
3360 fl.rcpt_in_progress = FALSE; /* So as not to treat these as the error */
2679d413 3361
059ec3d9
PH
3362 setflag(sender_verified_failed, af_sverify_told);
3363
6c6d6e48 3364 if (rc != FAIL || LOGGING(sender_verify_fail))
278c6e6c
PH
3365 log_write(0, LOG_MAIN|LOG_REJECT, "%s sender verify %s for <%s>%s",
3366 host_and_ident(TRUE),
3367 ((sender_verified_failed->special_action & 255) == DEFER)? "defer":"fail",
3368 sender_verified_failed->address,
3369 (sender_verified_failed->message == NULL)? US"" :
3370 string_sprintf(": %s", sender_verified_failed->message));
059ec3d9 3371
02b41d71 3372 if (rc == FAIL && sender_verified_failed->user_message)
a5bd321b 3373 smtp_respond(smtp_code, codelen, FALSE, string_sprintf(
059ec3d9
PH
3374 testflag(sender_verified_failed, af_verify_pmfail)?
3375 "Postmaster verification failed while checking <%s>\n%s\n"
3376 "Several RFCs state that you are required to have a postmaster\n"
3377 "mailbox for each mail domain. This host does not accept mail\n"
3378 "from domains whose servers reject the postmaster address."
3379 :
3380 testflag(sender_verified_failed, af_verify_nsfail)?
3381 "Callback setup failed while verifying <%s>\n%s\n"
3382 "The initial connection, or a HELO or MAIL FROM:<> command was\n"
3383 "rejected. Refusing MAIL FROM:<> does not help fight spam, disregards\n"
3384 "RFC requirements, and stops you from receiving standard bounce\n"
3385 "messages. This host does not accept mail from domains whose servers\n"
3386 "refuse bounces."
3387 :
3388 "Verification failed for <%s>\n%s",
3389 sender_verified_failed->address,
3390 sender_verified_failed->user_message));
2679d413 3391
88752192 3392 fl.rcpt_in_progress = save_rcpt_in_progress;
059ec3d9
PH
3393 }
3394
3395/* Sort out text for logging */
3396
3cc3f762
JH
3397log_msg = log_msg ? string_sprintf(": %s", log_msg) : US"";
3398if ((lognl = Ustrchr(log_msg, '\n'))) *lognl = 0;
059ec3d9
PH
3399
3400/* Send permanent failure response to the command, but the code used isn't
3401always a 5xx one - see comments at the start of this function. If the original
3402rc was FAIL_DROP we drop the connection and yield 2. */
3403
ff5929e3
JH
3404if (rc == FAIL)
3405 smtp_respond(smtp_code, codelen, TRUE,
3406 user_msg ? user_msg : US"Administrative prohibition");
059ec3d9
PH
3407
3408/* Send temporary failure response to the command. Don't give any details,
3409unless acl_temp_details is set. This is TRUE for a callout defer, a "defer"
3410verb, and for a header verify when smtp_return_error_details is set.
3411
3412This conditional logic is all somewhat of a mess because of the odd
3413interactions between temp_details and return_error_details. One day it should
3414be re-implemented in a tidier fashion. */
3415
3416else
8768d548 3417 if (f.acl_temp_details && user_msg)
059ec3d9 3418 {
ff5929e3
JH
3419 if ( smtp_return_error_details
3420 && sender_verified_failed
3421 && sender_verified_failed->message
3422 )
a5bd321b 3423 smtp_respond(smtp_code, codelen, FALSE, sender_verified_failed->message);
ff5929e3 3424
a5bd321b 3425 smtp_respond(smtp_code, codelen, TRUE, user_msg);
059ec3d9
PH
3426 }
3427 else
a5bd321b
PH
3428 smtp_respond(smtp_code, codelen, TRUE,
3429 US"Temporary local problem - please try later");
059ec3d9 3430
6ea85e9a
PH
3431/* Log the incident to the logs that are specified by log_reject_target
3432(default main, reject). This can be empty to suppress logging of rejections. If
3433the connection is not forcibly to be dropped, return 0. Otherwise, log why it
3434is closing if required and return 2. */
059ec3d9 3435
6ea85e9a 3436if (log_reject_target != 0)
887291d2 3437 {
01603eec 3438#ifndef DISABLE_TLS
acec9514
JH
3439 gstring * g = s_tlslog(NULL);
3440 uschar * tls = string_from_gstring(g);
fc16abb4 3441 if (!tls) tls = US"";
e45a1c37 3442#else
fc16abb4 3443 uschar * tls = US"";
e45a1c37 3444#endif
3cc3f762
JH
3445 log_write(where == ACL_WHERE_CONNECT ? L_connection_reject : 0,
3446 log_reject_target, "%s%s%s %s%srejected %s%s",
fc16abb4
JH
3447 LOGGING(dnssec) && sender_host_dnssec ? US" DS" : US"",
3448 host_and_ident(TRUE),
3449 tls,
3450 sender_info,
3451 rc == FAIL ? US"" : US"temporarily ",
3452 what, log_msg);
887291d2 3453 }
059ec3d9
PH
3454
3455if (!drop) return 0;
3456
3457log_write(L_smtp_connection, LOG_MAIN, "%s closed by DROP in ACL",
3458 smtp_get_connection_info());
8f128379
PH
3459
3460/* Run the not-quit ACL, but without any custom messages. This should not be a
3461problem, because we get here only if some other ACL has issued "drop", and
3462in that case, *its* custom messages will have been used above. */
3463
3464smtp_notquit_exit(US"acl-drop", NULL, NULL);
059ec3d9
PH
3465return 2;
3466}
3467
3468
3469
3470
3471/*************************************************
8f128379
PH
3472* Handle SMTP exit when QUIT is not given *
3473*************************************************/
3474
3475/* This function provides a logging/statistics hook for when an SMTP connection
3