projects / exim.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Use TLS by default on callouts/cutthroughs
[exim.git] / src / src / transports / smtp.c
CommitLineData
0756eb3c
PH		 1/*************************************************
2* Exim - an Internet mail transport agent *
3*************************************************/
4
5a66c31b 5/* Copyright (c) University of Cambridge 1995 - 2014 */
0756eb3c
PH		 6/* See the file NOTICE for conditions of use and distribution. */
7
8#include "../exim.h"
9#include "smtp.h"
10
11#define PENDING 256
12#define PENDING_DEFER (PENDING + DEFER)
13#define PENDING_OK (PENDING + OK)
14
15
16/* Options specific to the smtp transport. This transport also supports LMTP
17over TCP/IP. The options must be in alphabetic order (note that "_" comes
18before the lower case letters). Some live in the transport_instance block so as
19to be publicly visible; these are flagged with opt_public. */
20
21optionlist smtp_transport_options[] = {
506900af
JH		 22 { "*expand_multi_domain", opt_stringptr | opt_hidden | opt_public,
23 (void *)offsetof(transport_instance, expand_multi_domain) },
9c695f6d
JH		 24 { "*expand_retry_include_ip_address", opt_stringptr | opt_hidden,
25 (void *)(offsetof(smtp_transport_options_block, expand_retry_include_ip_address)) },
26
48c7f9e2
PH		 27 { "address_retry_include_sender", opt_bool,
28 (void *)offsetof(smtp_transport_options_block, address_retry_include_sender) },
0756eb3c
PH		 29 { "allow_localhost", opt_bool,
30 (void *)offsetof(smtp_transport_options_block, allow_localhost) },
31 { "authenticated_sender", opt_stringptr,
32 (void *)offsetof(smtp_transport_options_block, authenticated_sender) },
382afc6b
PH		 33 { "authenticated_sender_force", opt_bool,
34 (void *)offsetof(smtp_transport_options_block, authenticated_sender_force) },
0756eb3c
PH		 35 { "command_timeout", opt_time,
36 (void *)offsetof(smtp_transport_options_block, command_timeout) },
37 { "connect_timeout", opt_time,
38 (void *)offsetof(smtp_transport_options_block, connect_timeout) },
39 { "connection_max_messages", opt_int | opt_public,
40 (void *)offsetof(transport_instance, connection_max_messages) },
41 { "data_timeout", opt_time,
42 (void *)offsetof(smtp_transport_options_block, data_timeout) },
43 { "delay_after_cutoff", opt_bool,
44 (void *)offsetof(smtp_transport_options_block, delay_after_cutoff) },
80a47a2c 45#ifndef DISABLE_DKIM
f7572e5a
TK		 46 { "dkim_canon", opt_stringptr,
47 (void *)offsetof(smtp_transport_options_block, dkim_canon) },
48 { "dkim_domain", opt_stringptr,
49 (void *)offsetof(smtp_transport_options_block, dkim_domain) },
50 { "dkim_private_key", opt_stringptr,
51 (void *)offsetof(smtp_transport_options_block, dkim_private_key) },
52 { "dkim_selector", opt_stringptr,
53 (void *)offsetof(smtp_transport_options_block, dkim_selector) },
54 { "dkim_sign_headers", opt_stringptr,
55 (void *)offsetof(smtp_transport_options_block, dkim_sign_headers) },
56 { "dkim_strict", opt_stringptr,
57 (void *)offsetof(smtp_transport_options_block, dkim_strict) },
80a47a2c 58#endif
0756eb3c
PH		 59 { "dns_qualify_single", opt_bool,
60 (void *)offsetof(smtp_transport_options_block, dns_qualify_single) },
61 { "dns_search_parents", opt_bool,
62 (void *)offsetof(smtp_transport_options_block, dns_search_parents) },
578897ea
JH		 63 { "dnssec_request_domains", opt_stringptr,
64 (void *)offsetof(smtp_transport_options_block, dnssec_request_domains) },
65 { "dnssec_require_domains", opt_stringptr,
66 (void *)offsetof(smtp_transport_options_block, dnssec_require_domains) },
9e4f5962
PP		 67 { "dscp", opt_stringptr,
68 (void *)offsetof(smtp_transport_options_block, dscp) },
0756eb3c
PH		 69 { "fallback_hosts", opt_stringptr,
70 (void *)offsetof(smtp_transport_options_block, fallback_hosts) },
71 { "final_timeout", opt_time,
72 (void *)offsetof(smtp_transport_options_block, final_timeout) },
73 { "gethostbyname", opt_bool,
74 (void *)offsetof(smtp_transport_options_block, gethostbyname) },
80a47a2c 75#ifdef SUPPORT_TLS
b1770b6e 76 /* These are no longer honoured, as of Exim 4.80; for now, we silently
2d571266 77 ignore; 4.83 will warn, and a later-still release will remove
17c76198 78 these options, so that using them becomes an error. */
83da1223
PH		 79 { "gnutls_require_kx", opt_stringptr,
80 (void *)offsetof(smtp_transport_options_block, gnutls_require_kx) },
81 { "gnutls_require_mac", opt_stringptr,
82 (void *)offsetof(smtp_transport_options_block, gnutls_require_mac) },
83 { "gnutls_require_protocols", opt_stringptr,
84 (void *)offsetof(smtp_transport_options_block, gnutls_require_proto) },
80a47a2c 85#endif
0756eb3c
PH		 86 { "helo_data", opt_stringptr,
87 (void *)offsetof(smtp_transport_options_block, helo_data) },
88 { "hosts", opt_stringptr,
89 (void *)offsetof(smtp_transport_options_block, hosts) },
90 { "hosts_avoid_esmtp", opt_stringptr,
91 (void *)offsetof(smtp_transport_options_block, hosts_avoid_esmtp) },
c51b8e75
PH		 92 { "hosts_avoid_pipelining", opt_stringptr,
93 (void *)offsetof(smtp_transport_options_block, hosts_avoid_pipelining) },
80a47a2c 94#ifdef SUPPORT_TLS
0756eb3c
PH		 95 { "hosts_avoid_tls", opt_stringptr,
96 (void *)offsetof(smtp_transport_options_block, hosts_avoid_tls) },
80a47a2c 97#endif
0756eb3c
PH		 98 { "hosts_max_try", opt_int,
99 (void *)offsetof(smtp_transport_options_block, hosts_max_try) },
533244af
PH		 100 { "hosts_max_try_hardlimit", opt_int,
101 (void *)offsetof(smtp_transport_options_block, hosts_max_try_hardlimit) },
80a47a2c 102#ifdef SUPPORT_TLS
0756eb3c
PH		 103 { "hosts_nopass_tls", opt_stringptr,
104 (void *)offsetof(smtp_transport_options_block, hosts_nopass_tls) },
80a47a2c 105#endif
0756eb3c
PH		 106 { "hosts_override", opt_bool,
107 (void *)offsetof(smtp_transport_options_block, hosts_override) },
108 { "hosts_randomize", opt_bool,
109 (void *)offsetof(smtp_transport_options_block, hosts_randomize) },
f2de3a33 110#if defined(SUPPORT_TLS) && !defined(DISABLE_OCSP)
44662487
JH		 111 { "hosts_request_ocsp", opt_stringptr,
112 (void *)offsetof(smtp_transport_options_block, hosts_request_ocsp) },
113#endif
0756eb3c
PH		 114 { "hosts_require_auth", opt_stringptr,
115 (void *)offsetof(smtp_transport_options_block, hosts_require_auth) },
80a47a2c 116#ifdef SUPPORT_TLS
7a31d643
JH		 117# ifdef EXPERIMENTAL_DANE
118 { "hosts_require_dane", opt_stringptr,
119 (void *)offsetof(smtp_transport_options_block, hosts_require_dane) },
120# endif
f2de3a33 121# ifndef DISABLE_OCSP
f5d78688
JH		 122 { "hosts_require_ocsp", opt_stringptr,
123 (void *)offsetof(smtp_transport_options_block, hosts_require_ocsp) },
124# endif
0756eb3c
PH		 125 { "hosts_require_tls", opt_stringptr,
126 (void *)offsetof(smtp_transport_options_block, hosts_require_tls) },
80a47a2c 127#endif
0756eb3c
PH		 128 { "hosts_try_auth", opt_stringptr,
129 (void *)offsetof(smtp_transport_options_block, hosts_try_auth) },
7a31d643 130#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_DANE)
96e47838
TL		 131 { "hosts_try_dane", opt_stringptr,
132 (void *)offsetof(smtp_transport_options_block, hosts_try_dane) },
133#endif
8ccd00b1 134#ifndef DISABLE_PRDR
fd98a5c6
JH		 135 { "hosts_try_prdr", opt_stringptr,
136 (void *)offsetof(smtp_transport_options_block, hosts_try_prdr) },
137#endif
99400968
JH		 138#ifdef SUPPORT_TLS
139 { "hosts_verify_avoid_tls", opt_stringptr,
140 (void *)offsetof(smtp_transport_options_block, hosts_verify_avoid_tls) },
141#endif
0756eb3c
PH		 142 { "interface", opt_stringptr,
143 (void *)offsetof(smtp_transport_options_block, interface) },
144 { "keepalive", opt_bool,
145 (void *)offsetof(smtp_transport_options_block, keepalive) },
f1513293
PH		 146 { "lmtp_ignore_quota", opt_bool,
147 (void *)offsetof(smtp_transport_options_block, lmtp_ignore_quota) },
0756eb3c
PH		 148 { "max_rcpt", opt_int | opt_public,
149 (void *)offsetof(transport_instance, max_addresses) },
506900af 150 { "multi_domain", opt_expand_bool | opt_public,
0756eb3c
PH		 151 (void *)offsetof(transport_instance, multi_domain) },
152 { "port", opt_stringptr,
153 (void *)offsetof(smtp_transport_options_block, port) },
154 { "protocol", opt_stringptr,
155 (void *)offsetof(smtp_transport_options_block, protocol) },
9c695f6d 156 { "retry_include_ip_address", opt_expand_bool,
0756eb3c
PH		 157 (void *)offsetof(smtp_transport_options_block, retry_include_ip_address) },
158 { "serialize_hosts", opt_stringptr,
159 (void *)offsetof(smtp_transport_options_block, serialize_hosts) },
160 { "size_addition", opt_int,
161 (void *)offsetof(smtp_transport_options_block, size_addition) }
7eb6c37c
JH		 162#ifdef EXPERIMENTAL_SOCKS
163 ,{ "socks_proxy", opt_stringptr,
164 (void *)offsetof(smtp_transport_options_block, socks_proxy) }
165#endif
80a47a2c 166#ifdef SUPPORT_TLS
0756eb3c
PH		 167 ,{ "tls_certificate", opt_stringptr,
168 (void *)offsetof(smtp_transport_options_block, tls_certificate) },
169 { "tls_crl", opt_stringptr,
170 (void *)offsetof(smtp_transport_options_block, tls_crl) },
54c90be1
PP		 171 { "tls_dh_min_bits", opt_int,
172 (void *)offsetof(smtp_transport_options_block, tls_dh_min_bits) },
0756eb3c
PH		 173 { "tls_privatekey", opt_stringptr,
174 (void *)offsetof(smtp_transport_options_block, tls_privatekey) },
3f0945ff 175 { "tls_require_ciphers", opt_stringptr,
0756eb3c 176 (void *)offsetof(smtp_transport_options_block, tls_require_ciphers) },
3f0945ff
PP		 177 { "tls_sni", opt_stringptr,
178 (void *)offsetof(smtp_transport_options_block, tls_sni) },
0756eb3c
PH		 179 { "tls_tempfail_tryclear", opt_bool,
180 (void *)offsetof(smtp_transport_options_block, tls_tempfail_tryclear) },
a63be306
WB		 181 { "tls_try_verify_hosts", opt_stringptr,
182 (void *)offsetof(smtp_transport_options_block, tls_try_verify_hosts) },
e51c7be2
JH		 183 { "tls_verify_cert_hostnames", opt_stringptr,
184 (void *)offsetof(smtp_transport_options_block,tls_verify_cert_hostnames)},
0756eb3c 185 { "tls_verify_certificates", opt_stringptr,
a63be306
WB		 186 (void *)offsetof(smtp_transport_options_block, tls_verify_certificates) },
187 { "tls_verify_hosts", opt_stringptr,
188 (void *)offsetof(smtp_transport_options_block, tls_verify_hosts) }
80a47a2c 189#endif
0756eb3c
PH		 190};
191
192/* Size of the options list. An extern variable has to be used so that its
193address can appear in the tables drtables.c. */
194
195int smtp_transport_options_count =
196 sizeof(smtp_transport_options)/sizeof(optionlist);
197
198/* Default private options block for the smtp transport. */
199
200smtp_transport_options_block smtp_transport_option_defaults = {
201 NULL, /* hosts */
202 NULL, /* fallback_hosts */
203 NULL, /* hostlist */
204 NULL, /* fallback_hostlist */
205 NULL, /* authenticated_sender */
206 US"$primary_hostname", /* helo_data */
207 NULL, /* interface */
208 NULL, /* port */
209 US"smtp", /* protocol */
9e4f5962 210 NULL, /* DSCP */
0756eb3c
PH		 211 NULL, /* serialize_hosts */
212 NULL, /* hosts_try_auth */
213 NULL, /* hosts_require_auth */
96e47838
TL		 214#ifdef EXPERIMENTAL_DANE
215 NULL, /* hosts_try_dane */
7a31d643 216 NULL, /* hosts_require_dane */
96e47838 217#endif
8ccd00b1 218#ifndef DISABLE_PRDR
ad07e9ad 219 US"*", /* hosts_try_prdr */
f5d78688 220#endif
f2de3a33 221#ifndef DISABLE_OCSP
0e66b3b6 222 US"*", /* hosts_request_ocsp (except under DANE; tls_client_start()) */
f5d78688 223 NULL, /* hosts_require_ocsp */
fd98a5c6 224#endif
0756eb3c
PH		 225 NULL, /* hosts_require_tls */
226 NULL, /* hosts_avoid_tls */
6c9ed72e 227 NULL, /* hosts_verify_avoid_tls */
c51b8e75 228 NULL, /* hosts_avoid_pipelining */
0756eb3c
PH		 229 NULL, /* hosts_avoid_esmtp */
230 NULL, /* hosts_nopass_tls */
231 5*60, /* command_timeout */
232 5*60, /* connect_timeout; shorter system default overrides */
233 5*60, /* data timeout */
234 10*60, /* final timeout */
235 1024, /* size_addition */
236 5, /* hosts_max_try */
8e669ac1 237 50, /* hosts_max_try_hardlimit */
48c7f9e2 238 TRUE, /* address_retry_include_sender */
0756eb3c 239 FALSE, /* allow_localhost */
382afc6b 240 FALSE, /* authenticated_sender_force */
0756eb3c
PH		 241 FALSE, /* gethostbyname */
242 TRUE, /* dns_qualify_single */
243 FALSE, /* dns_search_parents */
578897ea
JH		 244 NULL, /* dnssec_request_domains */
245 NULL, /* dnssec_require_domains */
0756eb3c
PH		 246 TRUE, /* delay_after_cutoff */
247 FALSE, /* hosts_override */
248 FALSE, /* hosts_randomize */
249 TRUE, /* keepalive */
f1513293 250 FALSE, /* lmtp_ignore_quota */
9c695f6d 251 NULL, /* expand_retry_include_ip_address */
0756eb3c 252 TRUE /* retry_include_ip_address */
7eb6c37c 253#ifdef EXPERIMENTAL_SOCKS
7eb6c37c 254 ,NULL /* socks_proxy */
b8bf753b 255#endif
80a47a2c 256#ifdef SUPPORT_TLS
0756eb3c
PH		 257 ,NULL, /* tls_certificate */
258 NULL, /* tls_crl */
259 NULL, /* tls_privatekey */
260 NULL, /* tls_require_ciphers */
83da1223
PH		 261 NULL, /* gnutls_require_kx */
262 NULL, /* gnutls_require_mac */
263 NULL, /* gnutls_require_proto */
54c90be1 264 NULL, /* tls_sni */
0e0f3f56 265 US"system", /* tls_verify_certificates */
54c90be1
PP		 266 EXIM_CLIENT_DH_DEFAULT_MIN_BITS,
267 /* tls_dh_min_bits */
a63be306
WB		 268 TRUE, /* tls_tempfail_tryclear */
269 NULL, /* tls_verify_hosts */
610ff438 270 US"*", /* tls_try_verify_hosts */
01a4a5c5 271 US"*" /* tls_verify_cert_hostnames */
80a47a2c
TK		 272#endif
273#ifndef DISABLE_DKIM
f7572e5a
TK		 274 ,NULL, /* dkim_canon */
275 NULL, /* dkim_domain */
276 NULL, /* dkim_private_key */
277 NULL, /* dkim_selector */
278 NULL, /* dkim_sign_headers */
279 NULL /* dkim_strict */
80a47a2c 280#endif
0756eb3c
PH		 281};
282
6c1c3d1d
WB		 283/* some DSN flags for use later */
284
285static int rf_list[] = {rf_notify_never, rf_notify_success,
286 rf_notify_failure, rf_notify_delay };
287
45500060 288static uschar *rf_names[] = { US"NEVER", US"SUCCESS", US"FAILURE", US"DELAY" };
6c1c3d1d
WB		 289
290
0756eb3c
PH		 291
292/* Local statics */
293
294static uschar *smtp_command; /* Points to last cmd for error messages */
295static uschar *mail_command; /* Points to MAIL cmd for error messages */
f6c332bd 296static BOOL update_waiting; /* TRUE to update the "wait" database */
0756eb3c
PH		 297
298
299/*************************************************
300* Setup entry point *
301*************************************************/
302
303/* This function is called when the transport is about to be used,
304but before running it in a sub-process. It is used for two things:
305
306 (1) To set the fallback host list in addresses, when delivering.
26da7e20
PH		 307 (2) To pass back the interface, port, protocol, and other options, for use
308 during callout verification.
0756eb3c
PH		 309
310Arguments:
311 tblock pointer to the transport instance block
312 addrlist list of addresses about to be transported
313 tf if not NULL, pointer to block in which to return options
929ba01c
PH		 314 uid the uid that will be set (not used)
315 gid the gid that will be set (not used)
0756eb3c
PH		 316 errmsg place for error message (not used)
317
318Returns: OK always (FAIL, DEFER not used)
319*/
320
321static int
322smtp_transport_setup(transport_instance *tblock, address_item *addrlist,
929ba01c 323 transport_feedback *tf, uid_t uid, gid_t gid, uschar **errmsg)
0756eb3c
PH		 324{
325smtp_transport_options_block *ob =
326 (smtp_transport_options_block *)(tblock->options_block);
327
328errmsg = errmsg; /* Keep picky compilers happy */
929ba01c
PH		 329uid = uid;
330gid = gid;
0756eb3c
PH		 331
332/* Pass back options if required. This interface is getting very messy. */
333
334if (tf != NULL)
335 {
336 tf->interface = ob->interface;
337 tf->port = ob->port;
338 tf->protocol = ob->protocol;
339 tf->hosts = ob->hosts;
340 tf->hosts_override = ob->hosts_override;
341 tf->hosts_randomize = ob->hosts_randomize;
342 tf->gethostbyname = ob->gethostbyname;
343 tf->qualify_single = ob->dns_qualify_single;
344 tf->search_parents = ob->dns_search_parents;
26da7e20 345 tf->helo_data = ob->helo_data;
0756eb3c
PH		 346 }
347
348/* Set the fallback host list for all the addresses that don't have fallback
349host lists, provided that the local host wasn't present in the original host
350list. */
351
352if (!testflag(addrlist, af_local_host_removed))
353 {
354 for (; addrlist != NULL; addrlist = addrlist->next)
355 if (addrlist->fallback_hosts == NULL)
356 addrlist->fallback_hosts = ob->fallback_hostlist;
357 }
358
359return OK;
360}
361
362
363
364/*************************************************
365* Initialization entry point *
366*************************************************/
367
368/* Called for each instance, after its options have been read, to
369enable consistency checks to be done, or anything else that needs
370to be set up.
371
372Argument: pointer to the transport instance block
373Returns: nothing
374*/
375
376void
377smtp_transport_init(transport_instance *tblock)
378{
379smtp_transport_options_block *ob =
380 (smtp_transport_options_block *)(tblock->options_block);
381
382/* Retry_use_local_part defaults FALSE if unset */
383
384if (tblock->retry_use_local_part == TRUE_UNSET)
385 tblock->retry_use_local_part = FALSE;
386
387/* Set the default port according to the protocol */
388
389if (ob->port == NULL)
061b7ebd
PP		 390 ob->port = (strcmpic(ob->protocol, US"lmtp") == 0)? US"lmtp" :
391 (strcmpic(ob->protocol, US"smtps") == 0)? US"smtps" : US"smtp";
0756eb3c
PH		 392
393/* Set up the setup entry point, to be called before subprocesses for this
394transport. */
395
396tblock->setup = smtp_transport_setup;
397
398/* Complain if any of the timeouts are zero. */
399
400if (ob->command_timeout <= 0 || ob->data_timeout <= 0 ||
401 ob->final_timeout <= 0)
402 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
403 "command, data, or final timeout value is zero for %s transport",
404 tblock->name);
405
406/* If hosts_override is set and there are local hosts, set the global
407flag that stops verify from showing router hosts. */
408
409if (ob->hosts_override && ob->hosts != NULL) tblock->overrides_hosts = TRUE;
410
411/* If there are any fallback hosts listed, build a chain of host items
412for them, but do not do any lookups at this time. */
413
414host_build_hostlist(&(ob->fallback_hostlist), ob->fallback_hosts, FALSE);
2d571266 415
32d07012 416#ifdef SUPPORT_TLS
2d571266
JH		 417if ( ob->gnutls_require_kx
418 || ob->gnutls_require_mac
419 || ob->gnutls_require_proto)
420 log_write(0, LOG_MAIN, "WARNING: smtp transport options"
421 " gnutls_require_kx, gnutls_require_mac and gnutls_require_protocols"
422 " are obsolete\n");
32d07012 423#endif
0756eb3c
PH		 424}
425
426
427
428
429
430/*************************************************
431* Set delivery info into all active addresses *
432*************************************************/
433
434/* Only addresses whose status is >= PENDING are relevant. A lesser
435status means that an address is not currently being processed.
436
437Arguments:
447d236c
PH		 438 addrlist points to a chain of addresses
439 errno_value to put in each address's errno field
440 msg to put in each address's message field
441 rc to put in each address's transport_return field
442 pass_message if TRUE, set the "pass message" flag in the address
c562fd30 443 host if set, mark addrs as having used this host
0756eb3c
PH		 444
445If errno_value has the special value ERRNO_CONNECTTIMEOUT, ETIMEDOUT is put in
446the errno field, and RTEF_CTOUT is ORed into the more_errno field, to indicate
447this particular type of timeout.
448
449Returns: nothing
450*/
451
7cd1141b
PH		 452static void
453set_errno(address_item *addrlist, int errno_value, uschar *msg, int rc,
c562fd30 454 BOOL pass_message, host_item * host)
0756eb3c
PH		 455{
456address_item *addr;
457int orvalue = 0;
458if (errno_value == ERRNO_CONNECTTIMEOUT)
459 {
460 errno_value = ETIMEDOUT;
461 orvalue = RTEF_CTOUT;
462 }
463for (addr = addrlist; addr != NULL; addr = addr->next)
168dec3b 464 if (addr->transport_return >= PENDING)
447d236c 465 {
168dec3b
JH		 466 addr->basic_errno = errno_value;
467 addr->more_errno |= orvalue;
468 if (msg != NULL)
469 {
470 addr->message = msg;
471 if (pass_message) setflag(addr, af_pass_message);
472 }
473 addr->transport_return = rc;
474 if (host)
475 addr->host_used = host;
447d236c 476 }
0756eb3c
PH		 477}
478
479
480
481/*************************************************
482* Check an SMTP response *
483*************************************************/
484
485/* This function is given an errno code and the SMTP response buffer
486to analyse, together with the host identification for generating messages. It
487sets an appropriate message and puts the first digit of the response code into
488the yield variable. If no response was actually read, a suitable digit is
489chosen.
490
491Arguments:
447d236c
PH		 492 host the current host, to get its name for messages
493 errno_value pointer to the errno value
494 more_errno from the top address for use with ERRNO_FILTER_FAIL
495 buffer the SMTP response buffer
496 yield where to put a one-digit SMTP response code
497 message where to put an errror message
498 pass_message set TRUE if message is an SMTP response
499
500Returns: TRUE if an SMTP "QUIT" command should be sent, else FALSE
0756eb3c
PH		 501*/
502
a7538db1
JH		 503static BOOL
504check_response(host_item *host, int *errno_value, int more_errno,
447d236c 505 uschar *buffer, int *yield, uschar **message, BOOL *pass_message)
0756eb3c
PH		 506{
507uschar *pl = US"";
508
509if (smtp_use_pipelining &&
510 (Ustrcmp(smtp_command, "MAIL") == 0 ||
511 Ustrcmp(smtp_command, "RCPT") == 0 ||
512 Ustrcmp(smtp_command, "DATA") == 0))
513 pl = US"pipelined ";
514
515*yield = '4'; /* Default setting is to give a temporary error */
516
517/* Handle response timeout */
518
519if (*errno_value == ETIMEDOUT)
520 {
c562fd30
JH		 521 *message = US string_sprintf("SMTP timeout after %s%s",
522 pl, smtp_command);
0756eb3c
PH		 523 if (transport_count > 0)
524 *message = US string_sprintf("%s (%d bytes written)", *message,
525 transport_count);
526 return FALSE;
527 }
528
529/* Handle malformed SMTP response */
530
531if (*errno_value == ERRNO_SMTPFORMAT)
532 {
55414b25 533 const uschar *malfresp = string_printing(buffer);
0756eb3c 534 while (isspace(*malfresp)) malfresp++;
c562fd30
JH		 535 *message = *malfresp == 0
536 ? string_sprintf("Malformed SMTP reply (an empty line) "
537 "in response to %s%s", pl, smtp_command)
538 : string_sprintf("Malformed SMTP reply in response to %s%s: %s",
539 pl, smtp_command, malfresp);
0756eb3c
PH		 540 return FALSE;
541 }
542
543/* Handle a failed filter process error; can't send QUIT as we mustn't
544end the DATA. */
545
546if (*errno_value == ERRNO_FILTER_FAIL)
547 {
35af9f61 548 *message = US string_sprintf("transport filter process failed (%d)%s",
8e669ac1 549 more_errno,
35af9f61 550 (more_errno == EX_EXECFAILED)? ": unable to execute command" : "");
0756eb3c
PH		 551 return FALSE;
552 }
553
554/* Handle a failed add_headers expansion; can't send QUIT as we mustn't
555end the DATA. */
556
557if (*errno_value == ERRNO_CHHEADER_FAIL)
558 {
559 *message =
560 US string_sprintf("failed to expand headers_add or headers_remove: %s",
561 expand_string_message);
562 return FALSE;
563 }
564
565/* Handle failure to write a complete data block */
566
567if (*errno_value == ERRNO_WRITEINCOMPLETE)
568 {
569 *message = US string_sprintf("failed to write a data block");
570 return FALSE;
571 }
572
573/* Handle error responses from the remote mailer. */
574
575if (buffer[0] != 0)
576 {
55414b25 577 const uschar *s = string_printing(buffer);
447d236c 578 *message = US string_sprintf("SMTP error from remote mail server after %s%s: "
c562fd30 579 "%s", pl, smtp_command, s);
447d236c 580 *pass_message = TRUE;
0756eb3c
PH		 581 *yield = buffer[0];
582 return TRUE;
583 }
584
585/* No data was read. If there is no errno, this must be the EOF (i.e.
19b9dc85
PH		 586connection closed) case, which causes deferral. An explicit connection reset
587error has the same effect. Otherwise, put the host's identity in the message,
588leaving the errno value to be interpreted as well. In all cases, we have to
589assume the connection is now dead. */
0756eb3c 590
19b9dc85 591if (*errno_value == 0 || *errno_value == ECONNRESET)
0756eb3c
PH		 592 {
593 *errno_value = ERRNO_SMTPCLOSED;
c562fd30
JH		 594 *message = US string_sprintf("Remote host closed connection "
595 "in response to %s%s", pl, smtp_command);
0756eb3c
PH		 596 }
597else *message = US string_sprintf("%s [%s]", host->name, host->address);
598
599return FALSE;
600}
601
602
603
604/*************************************************
605* Write error message to logs *
606*************************************************/
607
608/* This writes to the main log and to the message log.
609
610Arguments:
611 addr the address item containing error information
612 host the current host
613
614Returns: nothing
615*/
616
617static void
618write_logs(address_item *addr, host_item *host)
619{
c562fd30
JH		 620uschar * message = string_sprintf("H=%s [%s]", host->name, host->address);
621
622if (addr->message)
0756eb3c 623 {
c562fd30 624 message = string_sprintf("%s: %s", message, addr->message);
0756eb3c
PH		 625 if (addr->basic_errno > 0)
626 message = string_sprintf("%s: %s", message, strerror(addr->basic_errno));
627 log_write(0, LOG_MAIN, "%s", message);
628 deliver_msglog("%s %s\n", tod_stamp(tod_log), message);
629 }
630else
631 {
c562fd30
JH		 632 if (log_extra_selector & LX_outgoing_port)
633 message = string_sprintf("%s:%d", message,
634 host->port == PORT_NONE ? 25 : host->port);
635 log_write(0, LOG_MAIN, "%s %s", message, strerror(addr->basic_errno));
636 deliver_msglog("%s %s %s\n", tod_stamp(tod_log), message,
637 strerror(addr->basic_errno));
0756eb3c
PH		 638 }
639}
640
c562fd30
JH		 641static void
642msglog_line(host_item * host, uschar * message)
643{
644 deliver_msglog("%s H=%s [%s] %s\n", tod_stamp(tod_log),
645 host->name, host->address, message);
646}
647
0756eb3c
PH		 648
649
774ef2d7 650#ifdef EXPERIMENTAL_EVENT
d68218c7
JH		 651/*************************************************
652* Post-defer action *
653*************************************************/
654
655/* This expands an arbitrary per-transport string.
656 It might, for example, be used to write to the database log.
657
658Arguments:
d68218c7
JH		 659 addr the address item containing error information
660 host the current host
661
662Returns: nothing
663*/
664
665static void
774ef2d7 666deferred_event_raise(address_item *addr, host_item *host)
d68218c7 667{
774ef2d7 668uschar * action = addr->transport->event_action;
55414b25 669const uschar * save_domain;
a7538db1
JH		 670uschar * save_local;
671
d68218c7 672if (!action)
a7538db1 673 return;
d68218c7 674
a7538db1
JH		 675save_domain = deliver_domain;
676save_local = deliver_localpart;
677
678/*XXX would ip & port already be set up? */
679deliver_host_address = string_copy(host->address);
774ef2d7
JH		 680deliver_host_port = host->port == PORT_NONE ? 25 : host->port;
681event_defer_errno = addr->basic_errno;
d68218c7
JH		 682
683router_name = addr->router->name;
684transport_name = addr->transport->name;
a7538db1
JH		 685deliver_domain = addr->domain;
686deliver_localpart = addr->local_part;
687
774ef2d7 688(void) event_raise(action, US"msg:host:defer",
a7538db1
JH		 689 addr->message
690 ? addr->basic_errno > 0
691 ? string_sprintf("%s: %s", addr->message, strerror(addr->basic_errno))
692 : string_copy(addr->message)
693 : addr->basic_errno > 0
694 ? string_copy(US strerror(addr->basic_errno))
695 : NULL);
696
697deliver_localpart = save_local;
698deliver_domain = save_domain;
d68218c7
JH		 699router_name = transport_name = NULL;
700}
701#endif
702
0756eb3c
PH		 703/*************************************************
704* Synchronize SMTP responses *
705*************************************************/
706
707/* This function is called from smtp_deliver() to receive SMTP responses from
708the server, and match them up with the commands to which they relate. When
709PIPELINING is not in use, this function is called after every command, and is
710therefore somewhat over-engineered, but it is simpler to use a single scheme
711that works both with and without PIPELINING instead of having two separate sets
712of code.
713
714The set of commands that are buffered up with pipelining may start with MAIL
715and may end with DATA; in between are RCPT commands that correspond to the
716addresses whose status is PENDING_DEFER. All other commands (STARTTLS, AUTH,
717etc.) are never buffered.
718
719Errors after MAIL or DATA abort the whole process leaving the response in the
720buffer. After MAIL, pending responses are flushed, and the original command is
721re-instated in big_buffer for error messages. For RCPT commands, the remote is
722permitted to reject some recipient addresses while accepting others. However
723certain errors clearly abort the whole process. Set the value in
724transport_return to PENDING_OK if the address is accepted. If there is a
725subsequent general error, it will get reset accordingly. If not, it will get
726converted to OK at the end.
727
728Arguments:
48c7f9e2
PH		 729 addrlist the complete address list
730 include_affixes TRUE if affixes include in RCPT
731 sync_addr ptr to the ptr of the one to start scanning at (updated)
732 host the host we are connected to
733 count the number of responses to read
734 address_retry_
735 include_sender true if 4xx retry is to include the sender it its key
736 pending_MAIL true if the first response is for MAIL
737 pending_DATA 0 if last command sent was not DATA
738 +1 if previously had a good recipient
739 -1 if not previously had a good recipient
740 inblock incoming SMTP block
741 timeout timeout value
742 buffer buffer for reading response
743 buffsize size of buffer
0756eb3c
PH		 744
745Returns: 3 if at least one address had 2xx and one had 5xx
746 2 if at least one address had 5xx but none had 2xx
747 1 if at least one host had a 2xx response, but none had 5xx
748 0 no address had 2xx or 5xx but no errors (all 4xx, or just DATA)
749 -1 timeout while reading RCPT response
750 -2 I/O or other non-response error for RCPT
751 -3 DATA or MAIL failed - errno and buffer set
752*/
753
754static int
755sync_responses(address_item *addrlist, BOOL include_affixes,
48c7f9e2
PH		 756 address_item **sync_addr, host_item *host, int count,
757 BOOL address_retry_include_sender, BOOL pending_MAIL,
0756eb3c
PH		 758 int pending_DATA, smtp_inblock *inblock, int timeout, uschar *buffer,
759 int buffsize)
760{
761address_item *addr = *sync_addr;
762int yield = 0;
763
764/* Handle the response for a MAIL command. On error, reinstate the original
765command in big_buffer for error message use, and flush any further pending
766responses before returning, except after I/O errors and timeouts. */
767
768if (pending_MAIL)
769 {
770 count--;
771 if (!smtp_read_response(inblock, buffer, buffsize, '2', timeout))
772 {
773 Ustrcpy(big_buffer, mail_command); /* Fits, because it came from there! */
774 if (errno == 0 && buffer[0] != 0)
775 {
776 uschar flushbuffer[4096];
e97957bc
PH		 777 int save_errno = 0;
778 if (buffer[0] == '4')
779 {
780 save_errno = ERRNO_MAIL4XX;
781 addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
782 }
0756eb3c
PH		 783 while (count-- > 0)
784 {
785 if (!smtp_read_response(inblock, flushbuffer, sizeof(flushbuffer),
786 '2', timeout)
787 && (errno != 0 || flushbuffer[0] == 0))
788 break;
789 }
e97957bc 790 errno = save_errno;
0756eb3c 791 }
c562fd30
JH		 792
793 if (pending_DATA) count--; /* Number of RCPT responses to come */
794 while (count-- > 0) /* Mark any pending addrs with the host used */
795 {
796 while (addr->transport_return != PENDING_DEFER) addr = addr->next;
797 addr->host_used = host;
798 addr = addr->next;
799 }
0756eb3c
PH		 800 return -3;
801 }
802 }
803
804if (pending_DATA) count--; /* Number of RCPT responses to come */
805
806/* Read and handle the required number of RCPT responses, matching each one up
807with an address by scanning for the next address whose status is PENDING_DEFER.
808*/
809
810while (count-- > 0)
811 {
812 while (addr->transport_return != PENDING_DEFER) addr = addr->next;
813
814 /* The address was accepted */
c562fd30 815 addr->host_used = host;
0756eb3c
PH		 816
817 if (smtp_read_response(inblock, buffer, buffsize, '2', timeout))
818 {
819 yield |= 1;
820 addr->transport_return = PENDING_OK;
821
822 /* If af_dr_retry_exists is set, there was a routing delay on this address;
09945f1e
PH		 823 ensure that any address-specific retry record is expunged. We do this both
824 for the basic key and for the version that also includes the sender. */
0756eb3c
PH		 825
826 if (testflag(addr, af_dr_retry_exists))
09945f1e
PH		 827 {
828 uschar *altkey = string_sprintf("%s:<%s>", addr->address_retry_key,
829 sender_address);
830 retry_add_item(addr, altkey, rf_delete);
0756eb3c 831 retry_add_item(addr, addr->address_retry_key, rf_delete);
09945f1e 832 }
0756eb3c
PH		 833 }
834
835 /* Timeout while reading the response */
836
837 else if (errno == ETIMEDOUT)
838 {
c562fd30
JH		 839 uschar *message = string_sprintf("SMTP timeout after RCPT TO:<%s>",
840 transport_rcpt_address(addr, include_affixes));
168dec3b 841 set_errno(addrlist, ETIMEDOUT, message, DEFER, FALSE, NULL);
0756eb3c 842 retry_add_item(addr, addr->address_retry_key, 0);
f6c332bd 843 update_waiting = FALSE;
0756eb3c
PH		 844 return -1;
845 }
846
847 /* Handle other errors in obtaining an SMTP response by returning -1. This
848 will cause all the addresses to be deferred. Restore the SMTP command in
849 big_buffer for which we are checking the response, so the error message
850 makes sense. */
851
852 else if (errno != 0 || buffer[0] == 0)
853 {
854 string_format(big_buffer, big_buffer_size, "RCPT TO:<%s>",
855 transport_rcpt_address(addr, include_affixes));
856 return -2;
857 }
858
859 /* Handle SMTP permanent and temporary response codes. */
860
861 else
862 {
863 addr->message =
447d236c 864 string_sprintf("SMTP error from remote mail server after RCPT TO:<%s>: "
c562fd30
JH		 865 "%s", transport_rcpt_address(addr, include_affixes),
866 string_printing(buffer));
447d236c 867 setflag(addr, af_pass_message);
c562fd30 868 msglog_line(host, addr->message);
0756eb3c
PH		 869
870 /* The response was 5xx */
871
872 if (buffer[0] == '5')
873 {
874 addr->transport_return = FAIL;
875 yield |= 2;
876 }
877
878 /* The response was 4xx */
879
880 else
881 {
0756eb3c
PH		 882 addr->transport_return = DEFER;
883 addr->basic_errno = ERRNO_RCPT4XX;
e97957bc 884 addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
0756eb3c 885
c562fd30
JH		 886 /* Log temporary errors if there are more hosts to be tried.
887 If not, log this last one in the == line. */
0756eb3c 888
c562fd30
JH		 889 if (host->next)
890 log_write(0, LOG_MAIN, "H=%s [%s]: %s", host->name, host->address, addr->message);
0756eb3c 891
f6c332bd
PH		 892 /* Do not put this message on the list of those waiting for specific
893 hosts, as otherwise it is likely to be tried too often. */
0756eb3c 894
f6c332bd 895 update_waiting = FALSE;
0756eb3c 896
48c7f9e2
PH		 897 /* Add a retry item for the address so that it doesn't get tried again
898 too soon. If address_retry_include_sender is true, add the sender address
899 to the retry key. */
0756eb3c 900
48c7f9e2
PH		 901 if (address_retry_include_sender)
902 {
903 uschar *altkey = string_sprintf("%s:<%s>", addr->address_retry_key,
904 sender_address);
905 retry_add_item(addr, altkey, 0);
906 }
907 else retry_add_item(addr, addr->address_retry_key, 0);
0756eb3c
PH		 908 }
909 }
910 } /* Loop for next RCPT response */
911
912/* Update where to start at for the next block of responses, unless we
913have already handled all the addresses. */
914
915if (addr != NULL) *sync_addr = addr->next;
916
917/* Handle a response to DATA. If we have not had any good recipients, either
918previously or in this block, the response is ignored. */
919
920if (pending_DATA != 0 &&
921 !smtp_read_response(inblock, buffer, buffsize, '3', timeout))
922 {
923 int code;
924 uschar *msg;
447d236c 925 BOOL pass_message;
e97957bc
PH		 926 if (pending_DATA > 0 || (yield & 1) != 0)
927 {
928 if (errno == 0 && buffer[0] == '4')
929 {
930 errno = ERRNO_DATA4XX;
931 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
932 }
933 return -3;
934 }
447d236c 935 (void)check_response(host, &errno, 0, buffer, &code, &msg, &pass_message);
0756eb3c
PH		 936 DEBUG(D_transport) debug_printf("%s\nerror for DATA ignored: pipelining "
937 "is in use and there were no good recipients\n", msg);
938 }
939
940/* All responses read and handled; MAIL (if present) received 2xx and DATA (if
941present) received 3xx. If any RCPTs were handled and yielded anything other
942than 4xx, yield will be set non-zero. */
943
944return yield;
945}
946
947
948
fcc8e047
JH		 949/* Do the client side of smtp-level authentication */
950/*
951Arguments:
952 buffer EHLO response from server (gets overwritten)
953 addrlist chain of potential addresses to deliver
954 host host to deliver to
955 ob transport options
956 ibp, obp comms channel control blocks
957
958Returns:
959 OK Success, or failed (but not required): global "smtp_authenticated" set
960 DEFER Failed authentication (and was required)
961 ERROR Internal problem
962
963 FAIL_SEND Failed communications - transmit
964 FAIL - response
965*/
966
967int
968smtp_auth(uschar *buffer, unsigned bufsize, address_item *addrlist, host_item *host,
969 smtp_transport_options_block *ob, BOOL is_esmtp,
970 smtp_inblock *ibp, smtp_outblock *obp)
971{
a7538db1
JH		 972int require_auth;
973uschar *fail_reason = US"server did not advertise AUTH support";
fcc8e047 974
a7538db1
JH		 975smtp_authenticated = FALSE;
976client_authenticator = client_authenticated_id = client_authenticated_sender = NULL;
5130845b 977require_auth = verify_check_given_host(&ob->hosts_require_auth, host);
fcc8e047 978
a7538db1
JH		 979if (is_esmtp && !regex_AUTH) regex_AUTH =
980 regex_must_compile(US"\\n250[\\s\\-]AUTH\\s+([\\-\\w\\s]+)(?:\\n|$)",
981 FALSE, TRUE);
fcc8e047 982
a7538db1
JH		 983if (is_esmtp && regex_match_and_setup(regex_AUTH, buffer, 0, -1))
984 {
985 uschar *names = string_copyn(expand_nstring[1], expand_nlength[1]);
986 expand_nmax = -1; /* reset */
fcc8e047 987
a7538db1
JH		 988 /* Must not do this check until after we have saved the result of the
989 regex match above. */
fcc8e047 990
a7538db1 991 if (require_auth == OK ||
5130845b 992 verify_check_given_host(&ob->hosts_try_auth, host) == OK)
a7538db1
JH		 993 {
994 auth_instance *au;
995 fail_reason = US"no common mechanisms were found";
fcc8e047 996
a7538db1 997 DEBUG(D_transport) debug_printf("scanning authentication mechanisms\n");
fcc8e047 998
a7538db1
JH		 999 /* Scan the configured authenticators looking for one which is configured
1000 for use as a client, which is not suppressed by client_condition, and
1001 whose name matches an authentication mechanism supported by the server.
1002 If one is found, attempt to authenticate by calling its client function.
1003 */
fcc8e047 1004
a7538db1
JH		 1005 for (au = auths; !smtp_authenticated && au != NULL; au = au->next)
1006 {
1007 uschar *p = names;
1008 if (!au->client ||
1009 (au->client_condition != NULL &&
1010 !expand_check_condition(au->client_condition, au->name,
1011 US"client authenticator")))
1012 {
1013 DEBUG(D_transport) debug_printf("skipping %s authenticator: %s\n",
1014 au->name,
1015 (au->client)? "client_condition is false" :
1016 "not configured as a client");
1017 continue;
1018 }
fcc8e047 1019
a7538db1 1020 /* Loop to scan supported server mechanisms */
fcc8e047 1021
a7538db1
JH		 1022 while (*p != 0)
1023 {
1024 int rc;
1025 int len = Ustrlen(au->public_name);
1026 while (isspace(*p)) p++;
fcc8e047 1027
a7538db1
JH		 1028 if (strncmpic(au->public_name, p, len) != 0 ||
1029 (p[len] != 0 && !isspace(p[len])))
1030 {
1031 while (*p != 0 && !isspace(*p)) p++;
1032 continue;
1033 }
fcc8e047 1034
a7538db1
JH		 1035 /* Found data for a listed mechanism. Call its client entry. Set
1036 a flag in the outblock so that data is overwritten after sending so
1037 that reflections don't show it. */
fcc8e047 1038
a7538db1
JH		 1039 fail_reason = US"authentication attempt(s) failed";
1040 obp->authenticating = TRUE;
1041 rc = (au->info->clientcode)(au, ibp, obp,
1042 ob->command_timeout, buffer, bufsize);
1043 obp->authenticating = FALSE;
1044 DEBUG(D_transport) debug_printf("%s authenticator yielded %d\n",
1045 au->name, rc);
fcc8e047 1046
a7538db1
JH		 1047 /* A temporary authentication failure must hold up delivery to
1048 this host. After a permanent authentication failure, we carry on
1049 to try other authentication methods. If all fail hard, try to
1050 deliver the message unauthenticated unless require_auth was set. */
fcc8e047 1051
a7538db1
JH		 1052 switch(rc)
1053 {
1054 case OK:
1055 smtp_authenticated = TRUE; /* stops the outer loop */
1056 client_authenticator = au->name;
1057 if (au->set_client_id != NULL)
1058 client_authenticated_id = expand_string(au->set_client_id);
1059 break;
1060
1061 /* Failure after writing a command */
1062
1063 case FAIL_SEND:
1064 return FAIL_SEND;
1065
1066 /* Failure after reading a response */
1067
1068 case FAIL:
1069 if (errno != 0 || buffer[0] != '5') return FAIL;
1070 log_write(0, LOG_MAIN, "%s authenticator failed H=%s [%s] %s",
1071 au->name, host->name, host->address, buffer);
1072 break;
1073
1074 /* Failure by some other means. In effect, the authenticator
1075 decided it wasn't prepared to handle this case. Typically this
1076 is the result of "fail" in an expansion string. Do we need to
1077 log anything here? Feb 2006: a message is now put in the buffer
1078 if logging is required. */
1079
1080 case CANCELLED:
1081 if (*buffer != 0)
1082 log_write(0, LOG_MAIN, "%s authenticator cancelled "
1083 "authentication H=%s [%s] %s", au->name, host->name,
1084 host->address, buffer);
1085 break;
1086
1087 /* Internal problem, message in buffer. */
1088
1089 case ERROR:
168dec3b
JH		 1090 set_errno(addrlist, ERRNO_AUTHPROB, string_copy(buffer),
1091 DEFER, FALSE, NULL);
a7538db1
JH		 1092 return ERROR;
1093 }
fcc8e047 1094
a7538db1
JH		 1095 break; /* If not authenticated, try next authenticator */
1096 } /* Loop for scanning supported server mechanisms */
1097 } /* Loop for further authenticators */
fcc8e047 1098 }
a7538db1 1099 }
fcc8e047 1100
a7538db1 1101/* If we haven't authenticated, but are required to, give up. */
fcc8e047 1102
a7538db1
JH		 1103if (require_auth == OK && !smtp_authenticated)
1104 {
1105 set_errno(addrlist, ERRNO_AUTHFAIL,
1106 string_sprintf("authentication required but %s", fail_reason), DEFER,
c562fd30 1107 FALSE, NULL);
a7538db1
JH		 1108 return DEFER;
1109 }
4d8d62b9 1110
a7538db1 1111return OK;
fcc8e047
JH		 1112}
1113
1114
1115/* Construct AUTH appendix string for MAIL TO */
1116/*
1117Arguments
1118 buffer to build string
1119 addrlist chain of potential addresses to deliver
1120 ob transport options
1121
1122Globals smtp_authenticated
1123 client_authenticated_sender
1124Return True on error, otherwise buffer has (possibly empty) terminated string
1125*/
1126
1127BOOL
1128smtp_mail_auth_str(uschar *buffer, unsigned bufsize, address_item *addrlist,
1129 smtp_transport_options_block *ob)
1130{
1131uschar *local_authenticated_sender = authenticated_sender;
1132
1133#ifdef notdef
1134 debug_printf("smtp_mail_auth_str: as<%s> os<%s> SA<%s>\n", authenticated_sender, ob->authenticated_sender, smtp_authenticated?"Y":"N");
1135#endif
1136
1137if (ob->authenticated_sender != NULL)
1138 {
1139 uschar *new = expand_string(ob->authenticated_sender);
1140 if (new == NULL)
1141 {
1142 if (!expand_string_forcedfail)
1143 {
1144 uschar *message = string_sprintf("failed to expand "
1145 "authenticated_sender: %s", expand_string_message);
168dec3b 1146 set_errno(addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE, NULL);
fcc8e047
JH		 1147 return TRUE;
1148 }
1149 }
1150 else if (new[0] != 0) local_authenticated_sender = new;
1151 }
1152
1153/* Add the authenticated sender address if present */
1154
1155if ((smtp_authenticated || ob->authenticated_sender_force) &&
1156 local_authenticated_sender != NULL)
1157 {
1158 string_format(buffer, bufsize, " AUTH=%s",
1159 auth_xtextencode(local_authenticated_sender,
1160 Ustrlen(local_authenticated_sender)));
1161 client_authenticated_sender = string_copy(local_authenticated_sender);
1162 }
1163else
1164 *buffer= 0;
1165
1166return FALSE;
1167}
1168
1169
1170
0e66b3b6
JH		 1171#ifdef EXPERIMENTAL_DANE
1172int
b8b1b5cb 1173tlsa_lookup(const host_item * host, dns_answer * dnsa,
0e66b3b6
JH		 1174 BOOL dane_required, BOOL * dane)
1175{
1176/* move this out to host.c given the similarity to dns_lookup() ? */
1177uschar buffer[300];
55414b25 1178const uschar * fullname = buffer;
0e66b3b6
JH		 1179
1180/* TLSA lookup string */
1181(void)sprintf(CS buffer, "_%d._tcp.%.256s", host->port, host->name);
1182
1183switch (dns_lookup(dnsa, buffer, T_TLSA, &fullname))
1184 {
1185 case DNS_AGAIN:
1186 return DEFER; /* just defer this TLS'd conn */
1187
1188 default:
1189 case DNS_FAIL:
1190 if (dane_required)
1191 {
1192 log_write(0, LOG_MAIN, "DANE error: TLSA lookup failed");
1193 return FAIL;
1194 }
1195 break;
1196
1197 case DNS_SUCCEED:
1198 if (!dns_is_secure(dnsa))
1199 {
1200 log_write(0, LOG_MAIN, "DANE error: TLSA lookup not DNSSEC");
1201 return DEFER;
1202 }
1203 *dane = TRUE;
1204 break;
1205 }
1206return OK;
1207}
1208#endif
1209
1210
a39bd74d
JB		 1211
1212typedef struct smtp_compare_s
1213{
1214 uschar *current_sender_address;
1215 struct transport_instance *tblock;
1216} smtp_compare_t;
1217
1218/*
1219Create a unique string that identifies this message, it is based on
1220sender_address, helo_data and tls_certificate if enabled. */
1221
1222static uschar *
1223smtp_local_identity(uschar * sender, struct transport_instance * tblock)
1224{
1225address_item * addr1;
1226uschar * if1 = US"";
1227uschar * helo1 = US"";
1228#ifdef SUPPORT_TLS
1229uschar * tlsc1 = US"";
1230#endif
1231uschar * save_sender_address = sender_address;
1232uschar * local_identity = NULL;
1233smtp_transport_options_block * ob =
1234 (smtp_transport_options_block *)tblock->options_block;
1235
1236sender_address = sender;
1237
1238addr1 = deliver_make_addr (sender, TRUE);
1239deliver_set_expansions(addr1);
1240
1241if (ob->interface)
1242 if1 = expand_string(ob->interface);
1243
1244if (ob->helo_data)
1245 helo1 = expand_string(ob->helo_data);
1246
1247#ifdef SUPPORT_TLS
1248if (ob->tls_certificate)
1249 tlsc1 = expand_string(ob->tls_certificate);
1250local_identity = string_sprintf ("%s^%s^%s", if1, helo1, tlsc1);
1251#else
1252local_identity = string_sprintf ("%s^%s", if1, helo1);
1253#endif
1254
1255deliver_set_expansions(NULL);
1256sender_address = save_sender_address;
1257
1258return local_identity;
1259}
1260
1261
1262
1263/* This routine is a callback that is called from transport_check_waiting.
1264This function will evaluate the incoming message versus the previous
1265message. If the incoming message is using a different local identity then
1266we will veto this new message. */
1267
1268static BOOL
1269smtp_are_same_identities(uschar * message_id, smtp_compare_t * s_compare)
1270{
1271uschar * save_sender_address = sender_address;
1272uschar * current_local_identity =
1273 smtp_local_identity(s_compare->current_sender_address, s_compare->tblock);
1274uschar * new_sender_address = deliver_get_sender_address(message_id);
1275uschar * message_local_identity =
1276 smtp_local_identity(new_sender_address, s_compare->tblock);
1277
1278sender_address = save_sender_address;
1279
1280return Ustrcmp(current_local_identity, message_local_identity) == 0;
1281}
1282
1283
1284
0756eb3c
PH		 1285/*************************************************
1286* Deliver address list to given host *
1287*************************************************/
1288
1289/* If continue_hostname is not null, we get here only when continuing to
1290deliver down an existing channel. The channel was passed as the standard
6c512171
PH		 1291input. TLS is never active on a passed channel; the previous process always
1292closes it down before passing the connection on.
0756eb3c
PH		 1293
1294Otherwise, we have to make a connection to the remote host, and do the
1295initial protocol exchange.
1296
1297When running as an MUA wrapper, if the sender or any recipient is rejected,
1298temporarily or permanently, we force failure for all recipients.
1299
1300Arguments:
1301 addrlist chain of potential addresses to deliver; only those whose
1302 transport_return field is set to PENDING_DEFER are currently
1303 being processed; others should be skipped - they have either
1304 been delivered to an earlier host or IP address, or been
1305 failed by one of them.
1306 host host to deliver to
1307 host_af AF_INET or AF_INET6
2d280592 1308 port default TCP/IP port to use, in host byte order
0756eb3c
PH		 1309 interface interface to bind to, or NULL
1310 tblock transport instance block
0756eb3c
PH		 1311 message_defer set TRUE if yield is OK, but all addresses were deferred
1312 because of a non-recipient, non-host failure, that is, a
1313 4xx response to MAIL FROM, DATA, or ".". This is a defer
1314 that is specific to the message.
1315 suppress_tls if TRUE, don't attempt a TLS connection - this is set for
1316 a second attempt after TLS initialization fails
1317
1318Returns: OK - the connection was made and the delivery attempted;
1319 the result for each address is in its data block.
1320 DEFER - the connection could not be made, or something failed
1321 while setting up the SMTP session, or there was a
1322 non-message-specific error, such as a timeout.
1323 ERROR - a filter command is specified for this transport,
1324 and there was a problem setting it up; OR helo_data
1325 or add_headers or authenticated_sender is specified
1326 for this transport, and the string failed to expand
1327*/
1328
1329static int
1330smtp_deliver(address_item *addrlist, host_item *host, int host_af, int port,
d427a7f9 1331 uschar *interface, transport_instance *tblock,
0756eb3c
PH		 1332 BOOL *message_defer, BOOL suppress_tls)
1333{
1334address_item *addr;
1335address_item *sync_addr;
1336address_item *first_addr = addrlist;
1337int yield = OK;
1338int address_count;
1339int save_errno;
1340int rc;
1341time_t start_delivery_time = time(NULL);
1342smtp_transport_options_block *ob =
1343 (smtp_transport_options_block *)(tblock->options_block);
1344BOOL lmtp = strcmpic(ob->protocol, US"lmtp") == 0;
061b7ebd 1345BOOL smtps = strcmpic(ob->protocol, US"smtps") == 0;
0756eb3c
PH		 1346BOOL ok = FALSE;
1347BOOL send_rset = TRUE;
1348BOOL send_quit = TRUE;
1349BOOL setting_up = TRUE;
1350BOOL completed_address = FALSE;
1351BOOL esmtp = TRUE;
1352BOOL pending_MAIL;
447d236c 1353BOOL pass_message = FALSE;
8ccd00b1 1354#ifndef DISABLE_PRDR
fd98a5c6
JH		 1355BOOL prdr_offered = FALSE;
1356BOOL prdr_active;
1357#endif
6c1c3d1d 1358BOOL dsn_all_lasthop = TRUE;
0e66b3b6
JH		 1359#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_DANE)
1360BOOL dane = FALSE;
6ebd79ec 1361BOOL dane_required;
0e66b3b6
JH		 1362dns_answer tlsa_dnsa;
1363#endif
0756eb3c
PH		 1364smtp_inblock inblock;
1365smtp_outblock outblock;
1366int max_rcpt = tblock->max_addresses;
f1513293 1367uschar *igquotstr = US"";
a39bd74d 1368
41c7c167 1369uschar *helo_data = NULL;
a39bd74d 1370
0756eb3c
PH		 1371uschar *message = NULL;
1372uschar new_message_id[MESSAGE_ID_LENGTH + 1];
1373uschar *p;
1374uschar buffer[4096];
1375uschar inbuffer[4096];
98470202 1376uschar outbuffer[4096];
a39bd74d 1377address_item * current_address;
0756eb3c
PH		 1378
1379suppress_tls = suppress_tls; /* stop compiler warning when no TLS support */
1380
1381*message_defer = FALSE;
1382smtp_command = US"initial connection";
1383if (max_rcpt == 0) max_rcpt = 999999;
1384
1385/* Set up the buffer for reading SMTP response packets. */
1386
1387inblock.buffer = inbuffer;
1388inblock.buffersize = sizeof(inbuffer);
1389inblock.ptr = inbuffer;
1390inblock.ptrend = inbuffer;
1391
1392/* Set up the buffer for holding SMTP commands while pipelining */
1393
1394outblock.buffer = outbuffer;
1395outblock.buffersize = sizeof(outbuffer);
1396outblock.ptr = outbuffer;
1397outblock.cmd_count = 0;
1398outblock.authenticating = FALSE;
1399
6c512171
PH		 1400/* Reset the parameters of a TLS session. */
1401
817d9f57
JH		 1402tls_out.bits = 0;
1403tls_out.cipher = NULL; /* the one we may use for this transport */
9d1c15ef
JH		 1404tls_out.ourcert = NULL;
1405tls_out.peercert = NULL;
817d9f57
JH		 1406tls_out.peerdn = NULL;
1407#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
1408tls_out.sni = NULL;
5b456975 1409#endif
018058b2 1410tls_out.ocsp = OCSP_NOT_REQ;
6c512171 1411
35aba663
JH		 1412/* Flip the legacy TLS-related variables over to the outbound set in case
1413they're used in the context of the transport. Don't bother resetting
1414afterward as we're in a subprocess. */
1415
1416tls_modify_variables(&tls_out);
1417
061b7ebd
PP		 1418#ifndef SUPPORT_TLS
1419if (smtps)
1420 {
168dec3b
JH		 1421 set_errno(addrlist, ERRNO_TLSFAILURE, US"TLS support not available",
1422 DEFER, FALSE, NULL);
018058b2 1423 return ERROR;
061b7ebd
PP		 1424 }
1425#endif
1426
0756eb3c
PH		 1427/* Make a connection to the host if this isn't a continued delivery, and handle
1428the initial interaction and HELO/EHLO/LHLO. Connect timeout errors are handled
1429specially so they can be identified for retries. */
1430
1431if (continue_hostname == NULL)
1432 {
a7538db1 1433 /* This puts port into host->port */
0756eb3c 1434 inblock.sock = outblock.sock =
7eb6c37c 1435 smtp_connect(host, host_af, port, interface, ob->connect_timeout, tblock);
4311097e 1436
0756eb3c
PH		 1437 if (inblock.sock < 0)
1438 {
1439 set_errno(addrlist, (errno == ETIMEDOUT)? ERRNO_CONNECTTIMEOUT : errno,
c562fd30 1440 NULL, DEFER, FALSE, NULL);
0756eb3c
PH		 1441 return DEFER;
1442 }
1443
0e66b3b6
JH		 1444#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_DANE)
1445 {
0e66b3b6
JH		 1446 tls_out.dane_verified = FALSE;
1447 tls_out.tlsa_usage = 0;
1448
5130845b 1449 dane_required = verify_check_given_host(&ob->hosts_require_dane, host) == OK;
0e66b3b6
JH		 1450
1451 if (host->dnssec == DS_YES)
1452 {
bf7aabb4
JH		 1453 if( ( dane_required
1454 || verify_check_given_host(&ob->hosts_try_dane, host) == OK
1455 )
1456 && (rc = tlsa_lookup(host, &tlsa_dnsa, dane_required, &dane)) != OK
0e66b3b6 1457 )
bf7aabb4 1458 return rc;
0e66b3b6
JH		 1459 }
1460 else if (dane_required)
1461 {
1462 log_write(0, LOG_MAIN, "DANE error: %s lookup not DNSSEC", host->name);
1463 return FAIL;
1464 }
1465
1466 if (dane)
1467 ob->tls_tempfail_tryclear = FALSE;
1468 }
1469#endif /*DANE*/
1470
41c7c167
PH		 1471 /* Expand the greeting message while waiting for the initial response. (Makes
1472 sense if helo_data contains ${lookup dnsdb ...} stuff). The expansion is
1473 delayed till here so that $sending_interface and $sending_port are set. */
1474
1475 helo_data = expand_string(ob->helo_data);
1476
0756eb3c
PH		 1477 /* The first thing is to wait for an initial OK response. The dreaded "goto"
1478 is nevertheless a reasonably clean way of programming this kind of logic,
1479 where you want to escape on any error. */
1480
061b7ebd
PP		 1481 if (!smtps)
1482 {
1483 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1484 ob->command_timeout)) goto RESPONSE_FAILED;
0756eb3c 1485
774ef2d7 1486#ifdef EXPERIMENTAL_EVENT
b30275b8 1487 {
805c9d53
JH		 1488 uschar * s;
1489 lookup_dnssec_authenticated = host->dnssec==DS_YES ? US"yes"
1490 : host->dnssec==DS_NO ? US"no" : NULL;
1491 s = event_raise(tblock->event_action, US"smtp:connect", buffer);
b30275b8 1492 if (s)
a7538db1 1493 {
168dec3b 1494 set_errno(addrlist, ERRNO_EXPANDFAIL,
b30275b8
JH		 1495 string_sprintf("deferred by smtp:connect event expansion: %s", s),
1496 DEFER, FALSE, NULL);
a7538db1
JH		 1497 yield = DEFER;
1498 goto SEND_QUIT;
1499 }
b30275b8 1500 }
a7538db1
JH		 1501#endif
1502
061b7ebd
PP		 1503 /* Now check if the helo_data expansion went well, and sign off cleanly if
1504 it didn't. */
41c7c167 1505
061b7ebd
PP		 1506 if (helo_data == NULL)
1507 {
1508 uschar *message = string_sprintf("failed to expand helo_data: %s",
1509 expand_string_message);
168dec3b 1510 set_errno(addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE, NULL);
061b7ebd
PP		 1511 yield = DEFER;
1512 goto SEND_QUIT;
1513 }
41c7c167
PH		 1514 }
1515
0756eb3c
PH		 1516/** Debugging without sending a message
1517addrlist->transport_return = DEFER;
1518goto SEND_QUIT;
1519**/
1520
1521 /* Errors that occur after this point follow an SMTP command, which is
1522 left in big_buffer by smtp_write_command() for use in error messages. */
1523
1524 smtp_command = big_buffer;
1525
1526 /* Tell the remote who we are...
1527
1528 February 1998: A convention has evolved that ESMTP-speaking MTAs include the
1529 string "ESMTP" in their greeting lines, so make Exim send EHLO if the
1530 greeting is of this form. The assumption was that the far end supports it
1531 properly... but experience shows that there are some that give 5xx responses,
1532 even though the banner includes "ESMTP" (there's a bloody-minded one that
1533 says "ESMTP not spoken here"). Cope with that case.
1534
1535 September 2000: Time has passed, and it seems reasonable now to always send
1536 EHLO at the start. It is also convenient to make the change while installing
1537 the TLS stuff.
1538
1539 July 2003: Joachim Wieland met a broken server that advertises "PIPELINING"
1540 but times out after sending MAIL FROM, RCPT TO and DATA all together. There
1541 would be no way to send out the mails, so there is now a host list
1542 "hosts_avoid_esmtp" that disables ESMTP for special hosts and solves the
1543 PIPELINING problem as well. Maybe it can also be useful to cure other
1544 problems with broken servers.
1545
1546 Exim originally sent "Helo" at this point and ran for nearly a year that way.
1547 Then somebody tried it with a Microsoft mailer... It seems that all other
1548 mailers use upper case for some reason (the RFC is quite clear about case
1549 independence) so, for peace of mind, I gave in. */
1550
5130845b 1551 esmtp = verify_check_given_host(&ob->hosts_avoid_esmtp, host) != OK;
0756eb3c 1552
061b7ebd
PP		 1553 /* Alas; be careful, since this goto is not an error-out, so conceivably
1554 we might set data between here and the target which we assume to exist
1555 and be usable. I can see this coming back to bite us. */
a7538db1 1556#ifdef SUPPORT_TLS
061b7ebd
PP		 1557 if (smtps)
1558 {
1559 tls_offered = TRUE;
1560 suppress_tls = FALSE;
1561 ob->tls_tempfail_tryclear = FALSE;
1562 smtp_command = US"SSL-on-connect";
1563 goto TLS_NEGOTIATE;
1564 }
a7538db1 1565#endif
061b7ebd 1566
0756eb3c
PH		 1567 if (esmtp)
1568 {
1569 if (smtp_write_command(&outblock, FALSE, "%s %s\r\n",
1570 lmtp? "LHLO" : "EHLO", helo_data) < 0)
1571 goto SEND_FAILED;
1572 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1573 ob->command_timeout))
1574 {
1575 if (errno != 0 || buffer[0] == 0 || lmtp) goto RESPONSE_FAILED;
1576 esmtp = FALSE;
1577 }
1578 }
1579 else
1580 {
1581 DEBUG(D_transport)
1582 debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
1583 }
1584
1585 if (!esmtp)
1586 {
1587 if (smtp_write_command(&outblock, FALSE, "HELO %s\r\n", helo_data) < 0)
1588 goto SEND_FAILED;
1589 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1590 ob->command_timeout)) goto RESPONSE_FAILED;
1591 }
1592
f1513293
PH		 1593 /* Set IGNOREQUOTA if the response to LHLO specifies support and the
1594 lmtp_ignore_quota option was set. */
1595
1596 igquotstr = (lmtp && ob->lmtp_ignore_quota &&
1597 pcre_exec(regex_IGNOREQUOTA, NULL, CS buffer, Ustrlen(CS buffer), 0,
1598 PCRE_EOPT, NULL, 0) >= 0)? US" IGNOREQUOTA" : US"";
1599
0756eb3c
PH		 1600 /* Set tls_offered if the response to EHLO specifies support for STARTTLS. */
1601
a7538db1 1602#ifdef SUPPORT_TLS
0756eb3c
PH		 1603 tls_offered = esmtp &&
1604 pcre_exec(regex_STARTTLS, NULL, CS buffer, Ustrlen(buffer), 0,
1605 PCRE_EOPT, NULL, 0) >= 0;
a7538db1 1606#endif
fd98a5c6 1607
a7538db1 1608#ifndef DISABLE_PRDR
5130845b
JH		 1609 prdr_offered = esmtp
1610 && pcre_exec(regex_PRDR, NULL, CS buffer, Ustrlen(buffer), 0,
1611 PCRE_EOPT, NULL, 0) >= 0
1612 && verify_check_given_host(&ob->hosts_try_prdr, host) == OK;
fd98a5c6
JH		 1613
1614 if (prdr_offered)
1615 {DEBUG(D_transport) debug_printf("PRDR usable\n");}
a7538db1 1616#endif
0756eb3c
PH		 1617 }
1618
1619/* For continuing deliveries down the same channel, the socket is the standard
1620input, and we don't need to redo EHLO here (but may need to do so for TLS - see
1621below). Set up the pointer to where subsequent commands will be left, for
1622error messages. Note that smtp_use_size and smtp_use_pipelining will have been
1623set from the command line if they were set in the process that passed the
1624connection on. */
1625
1626else
1627 {
1628 inblock.sock = outblock.sock = fileno(stdin);
1629 smtp_command = big_buffer;
4311097e 1630 host->port = port; /* Record the port that was used */
0756eb3c
PH		 1631 }
1632
1633/* If TLS is available on this connection, whether continued or not, attempt to
1634start up a TLS session, unless the host is in hosts_avoid_tls. If successful,
1635send another EHLO - the server may give a different answer in secure mode. We
1636use a separate buffer for reading the response to STARTTLS so that if it is
1637negative, the original EHLO data is available for subsequent analysis, should
1638the client not be required to use TLS. If the response is bad, copy the buffer
1639for error analysis. */
1640
1641#ifdef SUPPORT_TLS
5130845b
JH		 1642if ( tls_offered
1643 && !suppress_tls
1644 && verify_check_given_host(&ob->hosts_avoid_tls, host) != OK)
0756eb3c
PH		 1645 {
1646 uschar buffer2[4096];
1647 if (smtp_write_command(&outblock, FALSE, "STARTTLS\r\n") < 0)
1648 goto SEND_FAILED;
1649
1650 /* If there is an I/O error, transmission of this message is deferred. If
1651 there is a temporary rejection of STARRTLS and tls_tempfail_tryclear is
1652 false, we also defer. However, if there is a temporary rejection of STARTTLS
1653 and tls_tempfail_tryclear is true, or if there is an outright rejection of
1654 STARTTLS, we carry on. This means we will try to send the message in clear,
1655 unless the host is in hosts_require_tls (tested below). */
1656
1657 if (!smtp_read_response(&inblock, buffer2, sizeof(buffer2), '2',
1658 ob->command_timeout))
1659 {
0756eb3c
PH		 1660 if (errno != 0 || buffer2[0] == 0 ||
1661 (buffer2[0] == '4' && !ob->tls_tempfail_tryclear))
0dda4340
TK		 1662 {
1663 Ustrncpy(buffer, buffer2, sizeof(buffer));
0756eb3c 1664 goto RESPONSE_FAILED;
0dda4340 1665 }
0756eb3c
PH		 1666 }
1667
1668 /* STARTTLS accepted: try to negotiate a TLS session. */
1669
1670 else
061b7ebd 1671 TLS_NEGOTIATE:
0756eb3c 1672 {
0e66b3b6
JH		 1673 int rc = tls_client_start(inblock.sock, host, addrlist, tblock
1674# ifdef EXPERIMENTAL_DANE
1675 , dane ? &tlsa_dnsa : NULL
1676# endif
1677 );
0756eb3c
PH		 1678
1679 /* TLS negotiation failed; give an error. From outside, this function may
1680 be called again to try in clear on a new connection, if the options permit
1681 it for this host. */
1682
1683 if (rc != OK)
1684 {
6ebd79ec
JH		 1685# ifdef EXPERIMENTAL_DANE
1686 if (rc == DEFER && dane && !dane_required)
1687 {
1688 log_write(0, LOG_MAIN, "DANE attempt failed;"
1689 " trying CA-root TLS to %s [%s] (not in hosts_require_dane)",
1690 host->name, host->address);
1691 dane = FALSE;
1692 goto TLS_NEGOTIATE;
1693 }
1694# endif
1695
0756eb3c
PH		 1696 save_errno = ERRNO_TLSFAILURE;
1697 message = US"failure while setting up TLS session";
1698 send_quit = FALSE;
1699 goto TLS_FAILED;
1700 }
1701
1702 /* TLS session is set up */
1703
1704 for (addr = addrlist; addr != NULL; addr = addr->next)
5ca2a9a1
PH		 1705 if (addr->transport_return == PENDING_DEFER)
1706 {
817d9f57 1707 addr->cipher = tls_out.cipher;
9d1c15ef
JH		 1708 addr->ourcert = tls_out.ourcert;
1709 addr->peercert = tls_out.peercert;
817d9f57 1710 addr->peerdn = tls_out.peerdn;
018058b2 1711 addr->ocsp = tls_out.ocsp;
5ca2a9a1 1712 }
0756eb3c
PH		 1713 }
1714 }
1715
061b7ebd
PP		 1716/* if smtps, we'll have smtp_command set to something else; always safe to
1717reset it here. */
1718smtp_command = big_buffer;
1719
41c7c167
PH		 1720/* If we started TLS, redo the EHLO/LHLO exchange over the secure channel. If
1721helo_data is null, we are dealing with a connection that was passed from
1722another process, and so we won't have expanded helo_data above. We have to
1723expand it here. $sending_ip_address and $sending_port are set up right at the
1724start of the Exim process (in exim.c). */
0756eb3c 1725
817d9f57 1726if (tls_out.active >= 0)
0756eb3c 1727 {
061b7ebd 1728 char *greeting_cmd;
41c7c167
PH		 1729 if (helo_data == NULL)
1730 {
1731 helo_data = expand_string(ob->helo_data);
1732 if (helo_data == NULL)
1733 {
1734 uschar *message = string_sprintf("failed to expand helo_data: %s",
1735 expand_string_message);
168dec3b 1736 set_errno(addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE, NULL);
41c7c167
PH		 1737 yield = DEFER;
1738 goto SEND_QUIT;
1739 }
1740 }
1741
0d0e4455 1742 /* For SMTPS we need to wait for the initial OK response. */
061b7ebd
PP		 1743 if (smtps)
1744 {
1745 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1746 ob->command_timeout)) goto RESPONSE_FAILED;
0d0e4455
PP		 1747 }
1748
1749 if (esmtp)
1750 greeting_cmd = "EHLO";
1751 else
1752 {
1753 greeting_cmd = "HELO";
1754 DEBUG(D_transport)
1755 debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
061b7ebd
PP		 1756 }
1757
1758 if (smtp_write_command(&outblock, FALSE, "%s %s\r\n",
1759 lmtp? "LHLO" : greeting_cmd, helo_data) < 0)
0756eb3c
PH		 1760 goto SEND_FAILED;
1761 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1762 ob->command_timeout))
1763 goto RESPONSE_FAILED;
1764 }
1765
1766/* If the host is required to use a secure channel, ensure that we
1767have one. */
1768
0e66b3b6
JH		 1769else if (
1770# ifdef EXPERIMENTAL_DANE
1771 dane ||
1772# endif
5130845b 1773 verify_check_given_host(&ob->hosts_require_tls, host) == OK
7a31d643 1774 )
0756eb3c
PH		 1775 {
1776 save_errno = ERRNO_TLSREQUIRED;
c562fd30 1777 message = string_sprintf("a TLS session is required, but %s",
0756eb3c
PH		 1778 tls_offered? "an attempt to start TLS failed" :
1779 "the server did not offer TLS support");
1780 goto TLS_FAILED;
1781 }
0e66b3b6 1782#endif /*SUPPORT_TLS*/
0756eb3c
PH		 1783
1784/* If TLS is active, we have just started it up and re-done the EHLO command,
1785so its response needs to be analyzed. If TLS is not active and this is a
1786continued session down a previously-used socket, we haven't just done EHLO, so
1787we skip this. */
1788
1789if (continue_hostname == NULL
a7538db1 1790#ifdef SUPPORT_TLS
817d9f57 1791 || tls_out.active >= 0
a7538db1 1792#endif
0756eb3c
PH		 1793 )
1794 {
f1513293
PH		 1795 /* Set for IGNOREQUOTA if the response to LHLO specifies support and the
1796 lmtp_ignore_quota option was set. */
1797
1798 igquotstr = (lmtp && ob->lmtp_ignore_quota &&
1799 pcre_exec(regex_IGNOREQUOTA, NULL, CS buffer, Ustrlen(CS buffer), 0,
1800 PCRE_EOPT, NULL, 0) >= 0)? US" IGNOREQUOTA" : US"";
1801
0756eb3c
PH		 1802 /* If the response to EHLO specified support for the SIZE parameter, note
1803 this, provided size_addition is non-negative. */
1804
1805 smtp_use_size = esmtp && ob->size_addition >= 0 &&
1806 pcre_exec(regex_SIZE, NULL, CS buffer, Ustrlen(CS buffer), 0,
1807 PCRE_EOPT, NULL, 0) >= 0;
1808
1809 /* Note whether the server supports PIPELINING. If hosts_avoid_esmtp matched
c51b8e75
PH		 1810 the current host, esmtp will be false, so PIPELINING can never be used. If
1811 the current host matches hosts_avoid_pipelining, don't do it. */
0756eb3c 1812
5130845b
JH		 1813 smtp_use_pipelining = esmtp
1814 && verify_check_given_host(&ob->hosts_avoid_pipelining, host) != OK
1815 && pcre_exec(regex_PIPELINING, NULL, CS buffer, Ustrlen(CS buffer), 0,
1816 PCRE_EOPT, NULL, 0) >= 0;
0756eb3c
PH		 1817
1818 DEBUG(D_transport) debug_printf("%susing PIPELINING\n",
1819 smtp_use_pipelining? "" : "not ");
1820
8ccd00b1 1821#ifndef DISABLE_PRDR
5130845b
JH		 1822 prdr_offered = esmtp
1823 && pcre_exec(regex_PRDR, NULL, CS buffer, Ustrlen(CS buffer), 0,
1824 PCRE_EOPT, NULL, 0) >= 0
1825 && verify_check_given_host(&ob->hosts_try_prdr, host) == OK;
fd98a5c6
JH		 1826
1827 if (prdr_offered)
1828 {DEBUG(D_transport) debug_printf("PRDR usable\n");}
1829#endif
1830
6c1c3d1d
WB		 1831 /* Note if the server supports DSN */
1832 smtp_use_dsn = esmtp && pcre_exec(regex_DSN, NULL, CS buffer, (int)Ustrlen(CS buffer), 0,
1833 PCRE_EOPT, NULL, 0) >= 0;
1834 DEBUG(D_transport) debug_printf("use_dsn=%d\n", smtp_use_dsn);
6c1c3d1d 1835
0756eb3c
PH		 1836 /* Note if the response to EHLO specifies support for the AUTH extension.
1837 If it has, check that this host is one we want to authenticate to, and do
1838 the business. The host name and address must be available when the
1839 authenticator's client driver is running. */
1840
fcc8e047
JH		 1841 switch (yield = smtp_auth(buffer, sizeof(buffer), addrlist, host,
1842 ob, esmtp, &inblock, &outblock))
0756eb3c 1843 {
fcc8e047
JH		 1844 default: goto SEND_QUIT;
1845 case OK: break;
1846 case FAIL_SEND: goto SEND_FAILED;
1847 case FAIL: goto RESPONSE_FAILED;
0756eb3c
PH		 1848 }
1849 }
1850
1851/* The setting up of the SMTP call is now complete. Any subsequent errors are
1852message-specific. */
1853
1854setting_up = FALSE;
1855
1856/* If there is a filter command specified for this transport, we can now
1857set it up. This cannot be done until the identify of the host is known. */
1858
1859if (tblock->filter_command != NULL)
1860 {
1861 BOOL rc;
1862 uschar buffer[64];
1863 sprintf(CS buffer, "%.50s transport", tblock->name);
1864 rc = transport_set_up_command(&transport_filter_argv, tblock->filter_command,
1865 TRUE, DEFER, addrlist, buffer, NULL);
9b989985 1866 transport_filter_timeout = tblock->filter_timeout;
0756eb3c
PH		 1867
1868 /* On failure, copy the error to all addresses, abandon the SMTP call, and
1869 yield ERROR. */
1870
1871 if (!rc)
1872 {
447d236c 1873 set_errno(addrlist->next, addrlist->basic_errno, addrlist->message, DEFER,
c562fd30 1874 FALSE, NULL);
0756eb3c
PH		 1875 yield = ERROR;
1876 goto SEND_QUIT;
1877 }
1878 }
1879
1880
1881/* For messages that have more than the maximum number of envelope recipients,
1882we want to send several transactions down the same SMTP connection. (See
1883comments in deliver.c as to how this reconciles, heuristically, with
1884remote_max_parallel.) This optimization was added to Exim after the following
1885code was already working. The simplest way to put it in without disturbing the
1886code was to use a goto to jump back to this point when there is another
1887transaction to handle. */
1888
1889SEND_MESSAGE:
1890sync_addr = first_addr;
1891address_count = 0;
1892ok = FALSE;
1893send_rset = TRUE;
1894completed_address = FALSE;
1895
1896
1897/* Initiate a message transfer. If we know the receiving MTA supports the SIZE
1898qualification, send it, adding something to the message size to allow for
1899imprecision and things that get added en route. Exim keeps the number of lines
1900in a message, so we can give an accurate value for the original message, but we
1901need some additional to handle added headers. (Double "." characters don't get
1902included in the count.) */
1903
1904p = buffer;
1905*p = 0;
1906
1907if (smtp_use_size)
1908 {
1909 sprintf(CS p, " SIZE=%d", message_size+message_linecount+ob->size_addition);
1910 while (*p) p++;
1911 }
1912
8ccd00b1 1913#ifndef DISABLE_PRDR
fd98a5c6
JH		 1914prdr_active = FALSE;
1915if (prdr_offered)
1916 {
1917 for (addr = first_addr; addr; addr = addr->next)
1918 if (addr->transport_return == PENDING_DEFER)
1919 {
1920 for (addr = addr->next; addr; addr = addr->next)
1921 if (addr->transport_return == PENDING_DEFER)
1922 { /* at least two recipients to send */
1923 prdr_active = TRUE;
1924 sprintf(CS p, " PRDR"); p += 5;
a7538db1 1925 break;
fd98a5c6
JH		 1926 }
1927 break;
1928 }
1929 }
fd98a5c6
JH		 1930#endif
1931
6c1c3d1d
WB		 1932/* check if all addresses have lasthop flag */
1933/* do not send RET and ENVID if true */
1934dsn_all_lasthop = TRUE;
1935for (addr = first_addr;
1936 address_count < max_rcpt && addr != NULL;
1937 addr = addr->next)
1938 if ((addr->dsn_flags & rf_dsnlasthop) != 1)
1939 dsn_all_lasthop = FALSE;
1940
1941/* Add any DSN flags to the mail command */
1942
1943if ((smtp_use_dsn) && (dsn_all_lasthop == FALSE))
1944 {
1945 if (dsn_ret == dsn_ret_hdrs)
1946 {
45500060 1947 Ustrcpy(p, " RET=HDRS");
6c1c3d1d
WB		 1948 while (*p) p++;
1949 }
1950 else if (dsn_ret == dsn_ret_full)
1951 {
45500060 1952 Ustrcpy(p, " RET=FULL");
6c1c3d1d
WB		 1953 while (*p) p++;
1954 }
1955 if (dsn_envid != NULL)
1956 {
1957 string_format(p, sizeof(buffer) - (p-buffer), " ENVID=%s", dsn_envid);
1958 while (*p) p++;
1959 }
1960 }
6c1c3d1d 1961
6b62e899
JH		 1962/* If an authenticated_sender override has been specified for this transport
1963instance, expand it. If the expansion is forced to fail, and there was already
1964an authenticated_sender for this message, the original value will be used.
1965Other expansion failures are serious. An empty result is ignored, but there is
1966otherwise no check - this feature is expected to be used with LMTP and other
1967cases where non-standard addresses (e.g. without domains) might be required. */
1968
fcc8e047 1969if (smtp_mail_auth_str(p, sizeof(buffer) - (p-buffer), addrlist, ob))
a7538db1
JH		 1970 {
1971 yield = ERROR;
1972 goto SEND_QUIT;
1973 }
0756eb3c
PH		 1974
1975/* From here until we send the DATA command, we can make use of PIPELINING
1976if the server host supports it. The code has to be able to check the responses
1977at any point, for when the buffer fills up, so we write it totally generally.
1978When PIPELINING is off, each command written reports that it has flushed the
1979buffer. */
1980
1981pending_MAIL = TRUE; /* The block starts with MAIL */
1982
1983rc = smtp_write_command(&outblock, smtp_use_pipelining,
1984 "MAIL FROM:<%s>%s\r\n", return_path, buffer);
1985mail_command = string_copy(big_buffer); /* Save for later error message */
1986
1987switch(rc)
1988 {
1989 case -1: /* Transmission error */
1990 goto SEND_FAILED;
1991
1992 case +1: /* Block was sent */
1993 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
e97957bc
PH		 1994 ob->command_timeout))
1995 {
1996 if (errno == 0 && buffer[0] == '4')
1997 {
1998 errno = ERRNO_MAIL4XX;
1999 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
2000 }
2001 goto RESPONSE_FAILED;
2002 }
0756eb3c
PH		 2003 pending_MAIL = FALSE;
2004 break;
2005 }
2006
2007/* Pass over all the relevant recipient addresses for this host, which are the
2008ones that have status PENDING_DEFER. If we are using PIPELINING, we can send
2009several before we have to read the responses for those seen so far. This
2010checking is done by a subroutine because it also needs to be done at the end.
2011Send only up to max_rcpt addresses at a time, leaving first_addr pointing to
2012the next one if not all are sent.
2013
2014In the MUA wrapper situation, we want to flush the PIPELINING buffer for the
2015last address because we want to abort if any recipients have any kind of
2016problem, temporary or permanent. We know that all recipient addresses will have
2017the PENDING_DEFER status, because only one attempt is ever made, and we know
2018that max_rcpt will be large, so all addresses will be done at once. */
2019
2020for (addr = first_addr;
2021 address_count < max_rcpt && addr != NULL;
2022 addr = addr->next)
2023 {
2024 int count;
2025 BOOL no_flush;
2026
a7538db1 2027 addr->dsn_aware = smtp_use_dsn ? dsn_support_yes : dsn_support_no;
6c1c3d1d 2028
0756eb3c
PH		 2029 if (addr->transport_return != PENDING_DEFER) continue;
2030
2031 address_count++;
2032 no_flush = smtp_use_pipelining && (!mua_wrapper || addr->next != NULL);
2033
6c1c3d1d
WB		 2034 /* Add any DSN flags to the rcpt command and add to the sent string */
2035
2036 p = buffer;
2037 *p = 0;
2038
a7538db1 2039 if (smtp_use_dsn && (addr->dsn_flags & rf_dsnlasthop) != 1)
6c1c3d1d
WB		 2040 {
2041 if ((addr->dsn_flags & rf_dsnflags) != 0)
2042 {
2043 int i;
2044 BOOL first = TRUE;
45500060 2045 Ustrcpy(p, " NOTIFY=");
6c1c3d1d
WB		 2046 while (*p) p++;
2047 for (i = 0; i < 4; i++)
6c1c3d1d
WB		 2048 if ((addr->dsn_flags & rf_list[i]) != 0)
2049 {
2050 if (!first) *p++ = ',';
2051 first = FALSE;
45500060 2052 Ustrcpy(p, rf_names[i]);
6c1c3d1d
WB		 2053 while (*p) p++;
2054 }
6c1c3d1d
WB		 2055 }
2056
a7538db1
JH		 2057 if (addr->dsn_orcpt != NULL)
2058 {
6c1c3d1d
WB		 2059 string_format(p, sizeof(buffer) - (p-buffer), " ORCPT=%s",
2060 addr->dsn_orcpt);
2061 while (*p) p++;
2062 }
2063 }
6c1c3d1d 2064
0756eb3c
PH		 2065 /* Now send the RCPT command, and process outstanding responses when
2066 necessary. After a timeout on RCPT, we just end the function, leaving the
2067 yield as OK, because this error can often mean that there is a problem with
2068 just one address, so we don't want to delay the host. */
2069
6c1c3d1d
WB		 2070 count = smtp_write_command(&outblock, no_flush, "RCPT TO:<%s>%s%s\r\n",
2071 transport_rcpt_address(addr, tblock->rcpt_include_affixes), igquotstr, buffer);
6c1c3d1d 2072
0756eb3c
PH		 2073 if (count < 0) goto SEND_FAILED;
2074 if (count > 0)
2075 {
2076 switch(sync_responses(first_addr, tblock->rcpt_include_affixes,
48c7f9e2
PH		 2077 &sync_addr, host, count, ob->address_retry_include_sender,
2078 pending_MAIL, 0, &inblock, ob->command_timeout, buffer,
2079 sizeof(buffer)))
0756eb3c
PH		 2080 {
2081 case 3: ok = TRUE; /* 2xx & 5xx => OK & progress made */
2082 case 2: completed_address = TRUE; /* 5xx (only) => progress made */
2083 break;
2084
2085 case 1: ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
2086 if (!lmtp) completed_address = TRUE; /* can't tell about progress yet */
2087 case 0: /* No 2xx or 5xx, but no probs */
2088 break;
2089
2090 case -1: goto END_OFF; /* Timeout on RCPT */
2091 default: goto RESPONSE_FAILED; /* I/O error, or any MAIL error */
2092 }
2093 pending_MAIL = FALSE; /* Dealt with MAIL */
2094 }
2095 } /* Loop for next address */
2096
2097/* If we are an MUA wrapper, abort if any RCPTs were rejected, either
2098permanently or temporarily. We should have flushed and synced after the last
2099RCPT. */
2100
2101if (mua_wrapper)
2102 {
2103 address_item *badaddr;
168dec3b
JH		 2104 for (badaddr = first_addr; badaddr; badaddr = badaddr->next)
2105 if (badaddr->transport_return != PENDING_OK)
2106 {
2107 /*XXX could we find a better errno than 0 here? */
2108 set_errno(addrlist, 0, badaddr->message, FAIL,
2109 testflag(badaddr, af_pass_message), NULL);
2110 ok = FALSE;
2111 break;
2112 }
0756eb3c
PH		 2113 }
2114
2115/* If ok is TRUE, we know we have got at least one good recipient, and must now
2116send DATA, but if it is FALSE (in the normal, non-wrapper case), we may still
2117have a good recipient buffered up if we are pipelining. We don't want to waste
2118time sending DATA needlessly, so we only send it if either ok is TRUE or if we
2119are pipelining. The responses are all handled by sync_responses(). */
2120
2121if (ok || (smtp_use_pipelining && !mua_wrapper))
2122 {
2123 int count = smtp_write_command(&outblock, FALSE, "DATA\r\n");
2124 if (count < 0) goto SEND_FAILED;
2125 switch(sync_responses(first_addr, tblock->rcpt_include_affixes, &sync_addr,
48c7f9e2
PH		 2126 host, count, ob->address_retry_include_sender, pending_MAIL,
2127 ok? +1 : -1, &inblock, ob->command_timeout, buffer, sizeof(buffer)))
0756eb3c
PH		 2128 {
2129 case 3: ok = TRUE; /* 2xx & 5xx => OK & progress made */
2130 case 2: completed_address = TRUE; /* 5xx (only) => progress made */
2131 break;
2132
2133 case 1: ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
2134 if (!lmtp) completed_address = TRUE; /* can't tell about progress yet */
2135 case 0: break; /* No 2xx or 5xx, but no probs */
2136
2137 case -1: goto END_OFF; /* Timeout on RCPT */
2138 default: goto RESPONSE_FAILED; /* I/O error, or any MAIL/DATA error */
2139 }
2140 }
2141
2142/* Save the first address of the next batch. */
2143
2144first_addr = addr;
2145
2146/* If there were no good recipients (but otherwise there have been no
2147problems), just set ok TRUE, since we have handled address-specific errors
2148already. Otherwise, it's OK to send the message. Use the check/escape mechanism
2149for handling the SMTP dot-handling protocol, flagging to apply to headers as
2150well as body. Set the appropriate timeout value to be used for each chunk.
2151(Haven't been able to make it work using select() for writing yet.) */
2152
2153if (!ok) ok = TRUE; else
2154 {
2155 sigalrm_seen = FALSE;
2156 transport_write_timeout = ob->data_timeout;
2157 smtp_command = US"sending data block"; /* For error messages */
2158 DEBUG(D_transport|D_v)
2159 debug_printf(" SMTP>> writing message and terminating \".\"\n");
2160 transport_count = 0;
a7538db1 2161
80a47a2c 2162#ifndef DISABLE_DKIM
4cd12fe9
TK		 2163 ok = dkim_transport_write_message(addrlist, inblock.sock,
2164 topt_use_crlf | topt_end_dot | topt_escape_headers |
2165 (tblock->body_only? topt_no_headers : 0) |
2166 (tblock->headers_only? topt_no_body : 0) |
2167 (tblock->return_path_add? topt_add_return_path : 0) |
2168 (tblock->delivery_date_add? topt_add_delivery_date : 0) |
2169 (tblock->envelope_to_add? topt_add_envelope_to : 0),
2170 0, /* No size limit */
2171 tblock->add_headers, tblock->remove_headers,
2172 US".", US"..", /* Escaping strings */
2173 tblock->rewrite_rules, tblock->rewrite_existflags,
2174 ob->dkim_private_key, ob->dkim_domain, ob->dkim_selector,
80a47a2c 2175 ob->dkim_canon, ob->dkim_strict, ob->dkim_sign_headers
4cd12fe9
TK		 2176 );
2177#else
0756eb3c
PH		 2178 ok = transport_write_message(addrlist, inblock.sock,
2179 topt_use_crlf | topt_end_dot | topt_escape_headers |
2180 (tblock->body_only? topt_no_headers : 0) |
2181 (tblock->headers_only? topt_no_body : 0) |
2182 (tblock->return_path_add? topt_add_return_path : 0) |
2183 (tblock->delivery_date_add? topt_add_delivery_date : 0) |
2184 (tblock->envelope_to_add? topt_add_envelope_to : 0),
2185 0, /* No size limit */
2186 tblock->add_headers, tblock->remove_headers,
2187 US".", US"..", /* Escaping strings */
2188 tblock->rewrite_rules, tblock->rewrite_existflags);
4cd12fe9 2189#endif
0756eb3c
PH		 2190
2191 /* transport_write_message() uses write() because it is called from other
2192 places to write to non-sockets. This means that under some OS (e.g. Solaris)
2193 it can exit with "Broken pipe" as its error. This really means that the
2194 socket got closed at the far end. */
2195
2196 transport_write_timeout = 0; /* for subsequent transports */
2197
2198 /* Failure can either be some kind of I/O disaster (including timeout),
2199 or the failure of a transport filter or the expansion of added headers. */
2200
2201 if (!ok)
2202 {
2203 buffer[0] = 0; /* There hasn't been a response */
2204 goto RESPONSE_FAILED;
2205 }
2206
2207 /* We used to send the terminating "." explicitly here, but because of
2208 buffering effects at both ends of TCP/IP connections, you don't gain
2209 anything by keeping it separate, so it might as well go in the final
2210 data buffer for efficiency. This is now done by setting the topt_end_dot
2211 flag above. */
2212
2213 smtp_command = US"end of data";
2214
8ccd00b1 2215#ifndef DISABLE_PRDR
fd98a5c6
JH		 2216 /* For PRDR we optionally get a partial-responses warning
2217 * followed by the individual responses, before going on with
2218 * the overall response. If we don't get the warning then deal
2219 * with per non-PRDR. */
2220 if(prdr_active)
2221 {
2222 ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '3',
2223 ob->final_timeout);
2224 if (!ok && errno == 0)
2225 switch(buffer[0])
2226 {
2227 case '2': prdr_active = FALSE;
2228 ok = TRUE;
2229 break;
2230 case '4': errno = ERRNO_DATA4XX;
2231 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
2232 break;
2233 }
2234 }
2235 else
2236#endif
2237
2238 /* For non-PRDR SMTP, we now read a single response that applies to the
2239 whole message. If it is OK, then all the addresses have been delivered. */
0756eb3c 2240
e97957bc
PH		 2241 if (!lmtp)
2242 {
2243 ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2244 ob->final_timeout);
2245 if (!ok && errno == 0 && buffer[0] == '4')
2246 {
2247 errno = ERRNO_DATA4XX;
2248 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
2249 }
2250 }
0756eb3c
PH		 2251
2252 /* For LMTP, we get back a response for every RCPT command that we sent;
2253 some may be accepted and some rejected. For those that get a response, their
2254 status is fixed; any that are accepted have been handed over, even if later
2255 responses crash - at least, that's how I read RFC 2033.
2256
2257 If all went well, mark the recipient addresses as completed, record which
2258 host/IPaddress they were delivered to, and cut out RSET when sending another
2259 message down the same channel. Write the completed addresses to the journal
2260 now so that they are recorded in case there is a crash of hardware or
2261 software before the spool gets updated. Also record the final SMTP
2262 confirmation if needed (for SMTP only). */
2263
2264 if (ok)
2265 {
2266 int flag = '=';
2267 int delivery_time = (int)(time(NULL) - start_delivery_time);
2268 int len;
0756eb3c
PH		 2269 uschar *conf = NULL;
2270 send_rset = FALSE;
2271
0756eb3c
PH		 2272 /* Set up confirmation if needed - applies only to SMTP */
2273
d68218c7 2274 if (
774ef2d7 2275#ifndef EXPERIMENTAL_EVENT
d68218c7 2276 (log_extra_selector & LX_smtp_confirmation) != 0 &&
a7538db1 2277#endif
d68218c7
JH		 2278 !lmtp
2279 )
0756eb3c 2280 {
55414b25
JH		 2281 const uschar *s = string_printing(buffer);
2282 /* deconst cast ok here as string_printing was checked to have alloc'n'copied */
2283 conf = (s == buffer)? (uschar *)string_copy(s) : US s;
0756eb3c
PH		 2284 }
2285
fd98a5c6 2286 /* Process all transported addresses - for LMTP or PRDR, read a status for
0756eb3c
PH		 2287 each one. */
2288
2289 for (addr = addrlist; addr != first_addr; addr = addr->next)
2290 {
2291 if (addr->transport_return != PENDING_OK) continue;
2292
2293 /* LMTP - if the response fails badly (e.g. timeout), use it for all the
2294 remaining addresses. Otherwise, it's a return code for just the one
75def545
PH		 2295 address. For temporary errors, add a retry item for the address so that
2296 it doesn't get tried again too soon. */
0756eb3c 2297
8ccd00b1 2298#ifndef DISABLE_PRDR
fd98a5c6
JH		 2299 if (lmtp || prdr_active)
2300#else
0756eb3c 2301 if (lmtp)
fd98a5c6 2302#endif
0756eb3c
PH		 2303 {
2304 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2305 ob->final_timeout))
2306 {
2307 if (errno != 0 || buffer[0] == 0) goto RESPONSE_FAILED;
fd98a5c6 2308 addr->message = string_sprintf(
8ccd00b1 2309#ifndef DISABLE_PRDR
fd98a5c6
JH		 2310 "%s error after %s: %s", prdr_active ? "PRDR":"LMTP",
2311#else
2312 "LMTP error after %s: %s",
2313#endif
0756eb3c 2314 big_buffer, string_printing(buffer));
75def545
PH		 2315 setflag(addr, af_pass_message); /* Allow message to go to user */
2316 if (buffer[0] == '5')
2317 addr->transport_return = FAIL;
2318 else
2319 {
e97957bc
PH		 2320 errno = ERRNO_DATA4XX;
2321 addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
75def545 2322 addr->transport_return = DEFER;
8ccd00b1 2323#ifndef DISABLE_PRDR
fd98a5c6
JH		 2324 if (!prdr_active)
2325#endif
2326 retry_add_item(addr, addr->address_retry_key, 0);
75def545 2327 }
0756eb3c
PH		 2328 continue;
2329 }
2330 completed_address = TRUE; /* NOW we can set this flag */
c0ea85ab
TF		 2331 if ((log_extra_selector & LX_smtp_confirmation) != 0)
2332 {
55414b25
JH		 2333 const uschar *s = string_printing(buffer);
2334 /* deconst cast ok here as string_printing was checked to have alloc'n'copied */
2335 conf = (s == buffer)? (uschar *)string_copy(s) : US s;
c0ea85ab 2336 }
0756eb3c
PH		 2337 }
2338
2339 /* SMTP, or success return from LMTP for this address. Pass back the
2d280592 2340 actual host that was used. */
0756eb3c
PH		 2341
2342 addr->transport_return = OK;
2343 addr->more_errno = delivery_time;
d427a7f9 2344 addr->host_used = host;
0756eb3c
PH		 2345 addr->special_action = flag;
2346 addr->message = conf;
8ccd00b1 2347#ifndef DISABLE_PRDR
fd98a5c6
JH		 2348 if (prdr_active) addr->flags |= af_prdr_used;
2349#endif
0756eb3c
PH		 2350 flag = '-';
2351
8ccd00b1 2352#ifndef DISABLE_PRDR
fd98a5c6
JH		 2353 if (!prdr_active)
2354#endif
2355 {
2356 /* Update the journal. For homonymic addresses, use the base address plus
2357 the transport name. See lots of comments in deliver.c about the reasons
2358 for the complications when homonyms are involved. Just carry on after
2359 write error, as it may prove possible to update the spool file later. */
4d8d62b9 2360
fd98a5c6
JH		 2361 if (testflag(addr, af_homonym))
2362 sprintf(CS buffer, "%.500s/%s\n", addr->unique + 3, tblock->name);
2363 else
2364 sprintf(CS buffer, "%.500s\n", addr->unique);
4d8d62b9 2365
fd98a5c6
JH		 2366 DEBUG(D_deliver) debug_printf("journalling %s", buffer);
2367 len = Ustrlen(CS buffer);
2368 if (write(journal_fd, buffer, len) != len)
2369 log_write(0, LOG_MAIN|LOG_PANIC, "failed to write journal for "
2370 "%s: %s", buffer, strerror(errno));
2371 }
0756eb3c
PH		 2372 }
2373
8ccd00b1 2374#ifndef DISABLE_PRDR
fd98a5c6
JH		 2375 if (prdr_active)
2376 {
2377 /* PRDR - get the final, overall response. For any non-success
2378 upgrade all the address statuses. */
2379 ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2380 ob->final_timeout);
2381 if (!ok)
2382 {
2383 if(errno == 0 && buffer[0] == '4')
2384 {
2385 errno = ERRNO_DATA4XX;
2386 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
2387 }
2388 for (addr = addrlist; addr != first_addr; addr = addr->next)
2389 if (buffer[0] == '5' || addr->transport_return == OK)
2390 addr->transport_return = PENDING_OK; /* allow set_errno action */
2391 goto RESPONSE_FAILED;
2392 }
2393
2394 /* Update the journal, or setup retry. */
2395 for (addr = addrlist; addr != first_addr; addr = addr->next)
2396 if (addr->transport_return == OK)
2397 {
2398 if (testflag(addr, af_homonym))
2399 sprintf(CS buffer, "%.500s/%s\n", addr->unique + 3, tblock->name);
2400 else
2401 sprintf(CS buffer, "%.500s\n", addr->unique);
4d8d62b9 2402
fd98a5c6
JH		 2403 DEBUG(D_deliver) debug_printf("journalling(PRDR) %s", buffer);
2404 len = Ustrlen(CS buffer);
2405 if (write(journal_fd, buffer, len) != len)
2406 log_write(0, LOG_MAIN|LOG_PANIC, "failed to write journal for "
2407 "%s: %s", buffer, strerror(errno));
2408 }
2409 else if (addr->transport_return == DEFER)
2410 retry_add_item(addr, addr->address_retry_key, -2);
2411 }
2412#endif
2413
0756eb3c
PH		 2414 /* Ensure the journal file is pushed out to disk. */
2415
54fc8428 2416 if (EXIMfsync(journal_fd) < 0)
0756eb3c
PH		 2417 log_write(0, LOG_MAIN|LOG_PANIC, "failed to fsync journal: %s",
2418 strerror(errno));
2419 }
2420 }
2421
2422
2423/* Handle general (not specific to one address) failures here. The value of ok
2424is used to skip over this code on the falling through case. A timeout causes a
2425deferral. Other errors may defer or fail according to the response code, and
2426may set up a special errno value, e.g. after connection chopped, which is
2427assumed if errno == 0 and there is no text in the buffer. If control reaches
2428here during the setting up phase (i.e. before MAIL FROM) then always defer, as
2429the problem is not related to this specific message. */
2430
2431if (!ok)
2432 {
2433 int code;
2434
2435 RESPONSE_FAILED:
2436 save_errno = errno;
2437 message = NULL;
2438 send_quit = check_response(host, &save_errno, addrlist->more_errno,
447d236c 2439 buffer, &code, &message, &pass_message);
0756eb3c
PH		 2440 goto FAILED;
2441
2442 SEND_FAILED:
2443 save_errno = errno;
2444 code = '4';
2445 message = US string_sprintf("send() to %s [%s] failed: %s",
2446 host->name, host->address, strerror(save_errno));
2447 send_quit = FALSE;
2448 goto FAILED;
2449
2450 /* This label is jumped to directly when a TLS negotiation has failed,
2451 or was not done for a host for which it is required. Values will be set
2452 in message and save_errno, and setting_up will always be true. Treat as
2453 a temporary error. */
2454
a7538db1 2455#ifdef SUPPORT_TLS
0756eb3c
PH		 2456 TLS_FAILED:
2457 code = '4';
a7538db1 2458#endif
0756eb3c
PH		 2459
2460 /* If the failure happened while setting up the call, see if the failure was
2461 a 5xx response (this will either be on connection, or following HELO - a 5xx
2462 after EHLO causes it to try HELO). If so, fail all addresses, as this host is
2463 never going to accept them. For other errors during setting up (timeouts or
2464 whatever), defer all addresses, and yield DEFER, so that the host is not
2465 tried again for a while. */
2466
2467 FAILED:
2468 ok = FALSE; /* For when reached by GOTO */
2469
2470 if (setting_up)
2471 {
2472 if (code == '5')
c562fd30 2473 set_errno(addrlist, save_errno, message, FAIL, pass_message, host);
0756eb3c
PH		 2474 else
2475 {
c562fd30 2476 set_errno(addrlist, save_errno, message, DEFER, pass_message, host);
0756eb3c
PH		 2477 yield = DEFER;
2478 }
2479 }
2480
e97957bc 2481 /* We want to handle timeouts after MAIL or "." and loss of connection after
0756eb3c 2482 "." specially. They can indicate a problem with the sender address or with
e97957bc
PH		 2483 the contents of the message rather than a real error on the connection. These
2484 cases are treated in the same way as a 4xx response. This next bit of code
2485 does the classification. */
0756eb3c 2486
e97957bc 2487 else
0756eb3c 2488 {
e97957bc 2489 BOOL message_error;
0756eb3c 2490
e97957bc
PH		 2491 switch(save_errno)
2492 {
2493 case 0:
2494 case ERRNO_MAIL4XX:
2495 case ERRNO_DATA4XX:
2496 message_error = TRUE;
2497 break;
0756eb3c 2498
e97957bc
PH		 2499 case ETIMEDOUT:
2500 message_error = Ustrncmp(smtp_command,"MAIL",4) == 0 ||
2501 Ustrncmp(smtp_command,"end ",4) == 0;
2502 break;
2503
2504 case ERRNO_SMTPCLOSED:
2505 message_error = Ustrncmp(smtp_command,"end ",4) == 0;
2506 break;
2507
2508 default:
2509 message_error = FALSE;
2510 break;
2511 }
0756eb3c 2512
e97957bc 2513 /* Handle the cases that are treated as message errors. These are:
0756eb3c 2514
e97957bc
PH		 2515 (a) negative response or timeout after MAIL
2516 (b) negative response after DATA
2517 (c) negative response or timeout or dropped connection after "."
0756eb3c 2518
e97957bc
PH		 2519 It won't be a negative response or timeout after RCPT, as that is dealt
2520 with separately above. The action in all cases is to set an appropriate
2521 error code for all the addresses, but to leave yield set to OK because the
2522 host itself has not failed. Of course, it might in practice have failed
2523 when we've had a timeout, but if so, we'll discover that at the next
2524 delivery attempt. For a temporary error, set the message_defer flag, and
2525 write to the logs for information if this is not the last host. The error
2526 for the last host will be logged as part of the address's log line. */
2527
2528 if (message_error)
0756eb3c 2529 {
e97957bc
PH		 2530 if (mua_wrapper) code = '5'; /* Force hard failure in wrapper mode */
2531 set_errno(addrlist, save_errno, message, (code == '5')? FAIL : DEFER,
c562fd30 2532 pass_message, host);
e97957bc
PH		 2533
2534 /* If there's an errno, the message contains just the identity of
2535 the host. */
2536
2537 if (code != '5') /* Anything other than 5 is treated as temporary */
2538 {
2539 if (save_errno > 0)
2540 message = US string_sprintf("%s: %s", message, strerror(save_errno));
2541 if (host->next != NULL) log_write(0, LOG_MAIN, "%s", message);
c562fd30 2542 msglog_line(host, message);
e97957bc
PH		 2543 *message_defer = TRUE;
2544 }
2545 }
2546
2547 /* Otherwise, we have an I/O error or a timeout other than after MAIL or
2548 ".", or some other transportation error. We defer all addresses and yield
2549 DEFER, except for the case of failed add_headers expansion, or a transport
2550 filter failure, when the yield should be ERROR, to stop it trying other
2551 hosts. */
2552
2553 else
2554 {
2555 yield = (save_errno == ERRNO_CHHEADER_FAIL ||
2556 save_errno == ERRNO_FILTER_FAIL)? ERROR : DEFER;
c562fd30 2557 set_errno(addrlist, save_errno, message, DEFER, pass_message, host);
0756eb3c
PH		 2558 }
2559 }
2560 }
2561
2562
2563/* If all has gone well, send_quit will be set TRUE, implying we can end the
2564SMTP session tidily. However, if there were too many addresses to send in one
2565message (indicated by first_addr being non-NULL) we want to carry on with the
2566rest of them. Also, it is desirable to send more than one message down the SMTP
2567connection if there are several waiting, provided we haven't already sent so
2568many as to hit the configured limit. The function transport_check_waiting looks
2569for a waiting message and returns its id. Then transport_pass_socket tries to
2570set up a continued delivery by passing the socket on to another process. The
2571variable send_rset is FALSE if a message has just been successfully transfered.
2572
2573If we are already sending down a continued channel, there may be further
2574addresses not yet delivered that are aimed at the same host, but which have not
2575been passed in this run of the transport. In this case, continue_more will be
2576true, and all we should do is send RSET if necessary, and return, leaving the
2577channel open.
2578
2579However, if no address was disposed of, i.e. all addresses got 4xx errors, we
2580do not want to continue with other messages down the same channel, because that
2581can lead to looping between two or more messages, all with the same,
2582temporarily failing address(es). [The retry information isn't updated yet, so
2583new processes keep on trying.] We probably also don't want to try more of this
2584message's addresses either.
2585
2586If we have started a TLS session, we have to end it before passing the
2587connection to a new process. However, not all servers can handle this (Exim
2588can), so we do not pass such a connection on if the host matches
2589hosts_nopass_tls. */
2590
2591DEBUG(D_transport)
2592 debug_printf("ok=%d send_quit=%d send_rset=%d continue_more=%d "
2593 "yield=%d first_address is %sNULL\n", ok, send_quit, send_rset,
2594 continue_more, yield, (first_addr == NULL)? "":"not ");
2595
2596if (completed_address && ok && send_quit)
2597 {
2598 BOOL more;
a39bd74d
JB		 2599 smtp_compare_t t_compare;
2600
2601 t_compare.tblock = tblock;
2602 t_compare.current_sender_address = sender_address;
2603
5130845b
JH		 2604 if ( first_addr != NULL
2605 || continue_more
2606 || ( ( tls_out.active < 0
2607 || verify_check_given_host(&ob->hosts_nopass_tls, host) != OK
2608 )
0756eb3c
PH		 2609 &&
2610 transport_check_waiting(tblock->name, host->name,
a39bd74d
JB		 2611 tblock->connection_max_messages, new_message_id, &more,
2612 (oicf)smtp_are_same_identities, (void*)&t_compare)
5130845b 2613 ) )
0756eb3c
PH		 2614 {
2615 uschar *msg;
447d236c 2616 BOOL pass_message;
0756eb3c
PH		 2617
2618 if (send_rset)
2619 {
2620 if (! (ok = smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0))
2621 {
2622 msg = US string_sprintf("send() to %s [%s] failed: %s", host->name,
2623 host->address, strerror(save_errno));
2624 send_quit = FALSE;
2625 }
2626 else if (! (ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2627 ob->command_timeout)))
2628 {
2629 int code;
447d236c
PH		 2630 send_quit = check_response(host, &errno, 0, buffer, &code, &msg,
2631 &pass_message);
0756eb3c
PH		 2632 if (!send_quit)
2633 {
c562fd30
JH		 2634 DEBUG(D_transport) debug_printf("H=%s [%s] %s\n",
2635 host->name, host->address, msg);
0756eb3c
PH		 2636 }
2637 }
2638 }
2639
2640 /* Either RSET was not needed, or it succeeded */
2641
2642 if (ok)
2643 {
2644 if (first_addr != NULL) /* More addresses still to be sent */
2645 { /* in this run of the transport */
2646 continue_sequence++; /* Causes * in logging */
2647 goto SEND_MESSAGE;
2648 }
2649 if (continue_more) return yield; /* More addresses for another run */
2650
2651 /* Pass the socket to a new Exim process. Before doing so, we must shut
2652 down TLS. Not all MTAs allow for the continuation of the SMTP session
2653 when TLS is shut down. We test for this by sending a new EHLO. If we
2654 don't get a good response, we don't attempt to pass the socket on. */
2655
a7538db1 2656#ifdef SUPPORT_TLS
817d9f57 2657 if (tls_out.active >= 0)
0756eb3c 2658 {
817d9f57 2659 tls_close(FALSE, TRUE);
061b7ebd
PP		 2660 if (smtps)
2661 ok = FALSE;
2662 else
2663 ok = smtp_write_command(&outblock,FALSE,"EHLO %s\r\n",helo_data) >= 0 &&
2664 smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2665 ob->command_timeout);
0756eb3c 2666 }
a7538db1 2667#endif
0756eb3c
PH		 2668
2669 /* If the socket is successfully passed, we musn't send QUIT (or
2670 indeed anything!) from here. */
2671
2672 if (ok && transport_pass_socket(tblock->name, host->name, host->address,
2673 new_message_id, inblock.sock))
2674 {
2675 send_quit = FALSE;
2676 }
2677 }
2678
2679 /* If RSET failed and there are addresses left, they get deferred. */
2680
c562fd30 2681 else set_errno(first_addr, errno, msg, DEFER, FALSE, host);
0756eb3c
PH		 2682 }
2683 }
2684
2685/* End off tidily with QUIT unless the connection has died or the socket has
2686been passed to another process. There has been discussion on the net about what
2687to do after sending QUIT. The wording of the RFC suggests that it is necessary
2688to wait for a response, but on the other hand, there isn't anything one can do
2689with an error response, other than log it. Exim used to do that. However,
2690further discussion suggested that it is positively advantageous not to wait for
2691the response, but to close the session immediately. This is supposed to move
2692the TCP/IP TIME_WAIT state from the server to the client, thereby removing some
2693load from the server. (Hosts that are both servers and clients may not see much
2694difference, of course.) Further discussion indicated that this was safe to do
2695on Unix systems which have decent implementations of TCP/IP that leave the
2696connection around for a while (TIME_WAIT) after the application has gone away.
2697This enables the response sent by the server to be properly ACKed rather than
2698timed out, as can happen on broken TCP/IP implementations on other OS.
2699
2700This change is being made on 31-Jul-98. After over a year of trouble-free
2701operation, the old commented-out code was removed on 17-Sep-99. */
2702
2703SEND_QUIT:
2704if (send_quit) (void)smtp_write_command(&outblock, FALSE, "QUIT\r\n");
2705
2706END_OFF:
2707
2708#ifdef SUPPORT_TLS
817d9f57 2709tls_close(FALSE, TRUE);
0756eb3c
PH		 2710#endif
2711
2712/* Close the socket, and return the appropriate value, first setting
0756eb3c
PH		 2713works because the NULL setting is passed back to the calling process, and
2714remote_max_parallel is forced to 1 when delivering over an existing connection,
2715
2716If all went well and continue_more is set, we shouldn't actually get here if
2717there are further addresses, as the return above will be taken. However,
2718writing RSET might have failed, or there may be other addresses whose hosts are
2719specified in the transports, and therefore not visible at top level, in which
2720case continue_more won't get set. */
2721
f1e894f3 2722(void)close(inblock.sock);
a7538db1 2723
774ef2d7
JH		 2724#ifdef EXPERIMENTAL_EVENT
2725(void) event_raise(tblock->event_action, US"tcp:close", NULL);
a7538db1
JH		 2726#endif
2727
0756eb3c
PH		 2728continue_transport = NULL;
2729continue_hostname = NULL;
2730return yield;
2731}
2732
2733
2734
2735
2736/*************************************************
2737* Closedown entry point *
2738*************************************************/
2739
2740/* This function is called when exim is passed an open smtp channel
2741from another incarnation, but the message which it has been asked
2742to deliver no longer exists. The channel is on stdin.
2743
2744We might do fancy things like looking for another message to send down
2745the channel, but if the one we sought has gone, it has probably been
2746delivered by some other process that itself will seek further messages,
2747so just close down our connection.
2748
2749Argument: pointer to the transport instance block
2750Returns: nothing
2751*/
2752
2753void
2754smtp_transport_closedown(transport_instance *tblock)
2755{
2756smtp_transport_options_block *ob =
2757 (smtp_transport_options_block *)(tblock->options_block);
2758smtp_inblock inblock;
2759smtp_outblock outblock;
2760uschar buffer[256];
2761uschar inbuffer[4096];
2762uschar outbuffer[16];
2763
2764inblock.sock = fileno(stdin);
2765inblock.buffer = inbuffer;
2766inblock.buffersize = sizeof(inbuffer);
2767inblock.ptr = inbuffer;
2768inblock.ptrend = inbuffer;
2769
2770outblock.sock = inblock.sock;
2771outblock.buffersize = sizeof(outbuffer);
2772outblock.buffer = outbuffer;
2773outblock.ptr = outbuffer;
2774outblock.cmd_count = 0;
2775outblock.authenticating = FALSE;
2776
2777(void)smtp_write_command(&outblock, FALSE, "QUIT\r\n");
2778(void)smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2779 ob->command_timeout);
f1e894f3 2780(void)close(inblock.sock);
0756eb3c
PH		 2781}
2782
2783
2784
2785/*************************************************
2786* Prepare addresses for delivery *
2787*************************************************/
2788
2789/* This function is called to flush out error settings from previous delivery
2790attempts to other hosts. It also records whether we got here via an MX record
2791or not in the more_errno field of the address. We are interested only in
2792addresses that are still marked DEFER - others may have got delivered to a
2793previously considered IP address. Set their status to PENDING_DEFER to indicate
2794which ones are relevant this time.
2795
2796Arguments:
2797 addrlist the list of addresses
2798 host the host we are delivering to
2799
2800Returns: the first address for this delivery
2801*/
2802
2803static address_item *
2804prepare_addresses(address_item *addrlist, host_item *host)
2805{
2806address_item *first_addr = NULL;
2807address_item *addr;
2808for (addr = addrlist; addr != NULL; addr = addr->next)
168dec3b
JH		 2809 if (addr->transport_return == DEFER)
2810 {
2811 if (first_addr == NULL) first_addr = addr;
2812 addr->transport_return = PENDING_DEFER;
2813 addr->basic_errno = 0;
2814 addr->more_errno = (host->mx >= 0)? 'M' : 'A';
2815 addr->message = NULL;
a7538db1 2816#ifdef SUPPORT_TLS
168dec3b
JH		 2817 addr->cipher = NULL;
2818 addr->ourcert = NULL;
2819 addr->peercert = NULL;
2820 addr->peerdn = NULL;
2821 addr->ocsp = OCSP_NOT_REQ;
a7538db1 2822#endif
168dec3b 2823 }
0756eb3c
PH		 2824return first_addr;
2825}
2826
2827
2828
2829/*************************************************
2830* Main entry point *
2831*************************************************/
2832
2833/* See local README for interface details. As this is a remote transport, it is
2834given a chain of addresses to be delivered in one connection, if possible. It
2835always returns TRUE, indicating that each address has its own independent
2836status set, except if there is a setting up problem, in which case it returns
2837FALSE. */
2838
2839BOOL
2840smtp_transport_entry(
2841 transport_instance *tblock, /* data for this instantiation */
2842 address_item *addrlist) /* addresses we are working on */
2843{
2844int cutoff_retry;
2845int port;
2846int hosts_defer = 0;
2847int hosts_fail = 0;
2848int hosts_looked_up = 0;
2849int hosts_retry = 0;
2850int hosts_serial = 0;
2851int hosts_total = 0;
8e669ac1 2852int total_hosts_tried = 0;
0756eb3c
PH		 2853address_item *addr;
2854BOOL expired = TRUE;
2855BOOL continuing = continue_hostname != NULL;
2856uschar *expanded_hosts = NULL;
2857uschar *pistring;
2858uschar *tid = string_sprintf("%s transport", tblock->name);
2859smtp_transport_options_block *ob =
2860 (smtp_transport_options_block *)(tblock->options_block);
2861host_item *hostlist = addrlist->host_list;
2862host_item *host = NULL;
2863
2864DEBUG(D_transport)
2865 {
2866 debug_printf("%s transport entered\n", tblock->name);
2867 for (addr = addrlist; addr != NULL; addr = addr->next)
2868 debug_printf(" %s\n", addr->address);
2869 if (continuing) debug_printf("already connected to %s [%s]\n",
2870 continue_hostname, continue_host_address);
2871 }
2872
f6c332bd
PH		 2873/* Set the flag requesting that these hosts be added to the waiting
2874database if the delivery fails temporarily or if we are running with
2875queue_smtp or a 2-stage queue run. This gets unset for certain
2876kinds of error, typically those that are specific to the message. */
2877
2878update_waiting = TRUE;
2879
0756eb3c
PH		 2880/* If a host list is not defined for the addresses - they must all have the
2881same one in order to be passed to a single transport - or if the transport has
2882a host list with hosts_override set, use the host list supplied with the
2883transport. It is an error for this not to exist. */
2884
2885if (hostlist == NULL || (ob->hosts_override && ob->hosts != NULL))
2886 {
2887 if (ob->hosts == NULL)
2888 {
2889 addrlist->message = string_sprintf("%s transport called with no hosts set",
2890 tblock->name);
2891 addrlist->transport_return = PANIC;
2892 return FALSE; /* Only top address has status */
2893 }
2894
2895 DEBUG(D_transport) debug_printf("using the transport's hosts: %s\n",
2896 ob->hosts);
2897
2898 /* If the transport's host list contains no '$' characters, and we are not
2899 randomizing, it is fixed and therefore a chain of hosts can be built once
2900 and for all, and remembered for subsequent use by other calls to this
2901 transport. If, on the other hand, the host list does contain '$', or we are
2902 randomizing its order, we have to rebuild it each time. In the fixed case,
2903 as the hosts string will never be used again, it doesn't matter that we
2904 replace all the : characters with zeros. */
2905
2906 if (ob->hostlist == NULL)
2907 {
2908 uschar *s = ob->hosts;
2909
2910 if (Ustrchr(s, '$') != NULL)
2911 {
d427a7f9 2912 if (!(expanded_hosts = expand_string(s)))
0756eb3c
PH		 2913 {
2914 addrlist->message = string_sprintf("failed to expand list of hosts "
2915 "\"%s\" in %s transport: %s", s, tblock->name, expand_string_message);
2916 addrlist->transport_return = search_find_defer? DEFER : PANIC;
2917 return FALSE; /* Only top address has status */
2918 }
2919 DEBUG(D_transport) debug_printf("expanded list of hosts \"%s\" to "
2920 "\"%s\"\n", s, expanded_hosts);
2921 s = expanded_hosts;
2922 }
2923 else
2924 if (ob->hosts_randomize) s = expanded_hosts = string_copy(s);
2925
2926 host_build_hostlist(&hostlist, s, ob->hosts_randomize);
2927
e276e04b
TF		 2928 /* Check that the expansion yielded something useful. */
2929 if (hostlist == NULL)
2930 {
2931 addrlist->message =
2932 string_sprintf("%s transport has empty hosts setting", tblock->name);
2933 addrlist->transport_return = PANIC;
2934 return FALSE; /* Only top address has status */
2935 }
2936
0756eb3c
PH		 2937 /* If there was no expansion of hosts, save the host list for
2938 next time. */
2939
d427a7f9 2940 if (!expanded_hosts) ob->hostlist = hostlist;
0756eb3c
PH		 2941 }
2942
2943 /* This is not the first time this transport has been run in this delivery;
2944 the host list was built previously. */
2945
55414b25
JH		 2946 else
2947 hostlist = ob->hostlist;
0756eb3c
PH		 2948 }
2949
2950/* The host list was supplied with the address. If hosts_randomize is set, we
2951must sort it into a random order if it did not come from MX records and has not
2952already been randomized (but don't bother if continuing down an existing
2953connection). */
2954
2955else if (ob->hosts_randomize && hostlist->mx == MX_NONE && !continuing)
2956 {
2957 host_item *newlist = NULL;
2958 while (hostlist != NULL)
2959 {
2960 host_item *h = hostlist;
2961 hostlist = hostlist->next;
2962
2963 h->sort_key = random_number(100);
2964
2965 if (newlist == NULL)
2966 {
2967 h->next = NULL;
2968 newlist = h;
2969 }
2970 else if (h->sort_key < newlist->sort_key)
2971 {
2972 h->next = newlist;
2973 newlist = h;
2974 }
2975 else
2976 {
2977 host_item *hh = newlist;
2978 while (hh->next != NULL)
2979 {
2980 if (h->sort_key < hh->next->sort_key) break;
2981 hh = hh->next;
2982 }
2983 h->next = hh->next;
2984 hh->next = h;
2985 }
2986 }
2987
2988 hostlist = addrlist->host_list = newlist;
2989 }
2990
2d280592 2991/* Sort out the default port. */
0756eb3c
PH		 2992
2993if (!smtp_get_port(ob->port, addrlist, &port, tid)) return FALSE;
0756eb3c 2994
0756eb3c
PH		 2995/* For each host-plus-IP-address on the list:
2996
2997. If this is a continued delivery and the host isn't the one with the
2998 current connection, skip.
2999
3000. If the status is unusable (i.e. previously failed or retry checked), skip.
3001
3002. If no IP address set, get the address, either by turning the name into
3003 an address, calling gethostbyname if gethostbyname is on, or by calling
3004 the DNS. The DNS may yield multiple addresses, in which case insert the
3005 extra ones into the list.
3006
3007. Get the retry data if not previously obtained for this address and set the
3008 field which remembers the state of this address. Skip if the retry time is
3009 not reached. If not, remember whether retry data was found. The retry string
3010 contains both the name and the IP address.
3011
3012. Scan the list of addresses and mark those whose status is DEFER as
3013 PENDING_DEFER. These are the only ones that will be processed in this cycle
3014 of the hosts loop.
3015
3016. Make a delivery attempt - addresses marked PENDING_DEFER will be tried.
3017 Some addresses may be successfully delivered, others may fail, and yet
3018 others may get temporary errors and so get marked DEFER.
3019
3020. The return from the delivery attempt is OK if a connection was made and a
3021 valid SMTP dialogue was completed. Otherwise it is DEFER.
3022
3023. If OK, add a "remove" retry item for this host/IPaddress, if any.
3024
3025. If fail to connect, or other defer state, add a retry item.
3026
3027. If there are any addresses whose status is still DEFER, carry on to the
3028 next host/IPaddress, unless we have tried the number of hosts given
533244af 3029 by hosts_max_try or hosts_max_try_hardlimit; otherwise return. Note that
8e669ac1
PH		 3030 there is some fancy logic for hosts_max_try that means its limit can be
3031 overstepped in some circumstances.
0756eb3c
PH		 3032
3033If we get to the end of the list, all hosts have deferred at least one address,
3034or not reached their retry times. If delay_after_cutoff is unset, it requests a
3035delivery attempt to those hosts whose last try was before the arrival time of
3036the current message. To cope with this, we have to go round the loop a second
3037time. After that, set the status and error data for any addresses that haven't
3038had it set already. */
3039
3040for (cutoff_retry = 0; expired &&
3041 cutoff_retry < ((ob->delay_after_cutoff)? 1 : 2);
3042 cutoff_retry++)
3043 {
3044 host_item *nexthost = NULL;
3045 int unexpired_hosts_tried = 0;
3046
3047 for (host = hostlist;
8e669ac1 3048 host != NULL &&
533244af
PH		 3049 unexpired_hosts_tried < ob->hosts_max_try &&
3050 total_hosts_tried < ob->hosts_max_try_hardlimit;
0756eb3c
PH		 3051 host = nexthost)
3052 {
3053 int rc;
3054 int host_af;
3055 uschar *rs;
3056 BOOL serialized = FALSE;
3057 BOOL host_is_expired = FALSE;
3058 BOOL message_defer = FALSE;
3059 BOOL ifchanges = FALSE;
3060 BOOL some_deferred = FALSE;
3061 address_item *first_addr = NULL;
3062 uschar *interface = NULL;
3063 uschar *retry_host_key = NULL;
3064 uschar *retry_message_key = NULL;
3065 uschar *serialize_key = NULL;
3066
9c4e8f60
PH		 3067 /* Default next host is next host. :-) But this can vary if the
3068 hosts_max_try limit is hit (see below). It may also be reset if a host
3069 address is looked up here (in case the host was multihomed). */
3070
3071 nexthost = host->next;
3072
0756eb3c
PH		 3073 /* If the address hasn't yet been obtained from the host name, look it up
3074 now, unless the host is already marked as unusable. If it is marked as
3075 unusable, it means that the router was unable to find its IP address (in
3076 the DNS or wherever) OR we are in the 2nd time round the cutoff loop, and
3077 the lookup failed last time. We don't get this far if *all* MX records
3078 point to non-existent hosts; that is treated as a hard error.
3079
3080 We can just skip this host entirely. When the hosts came from the router,
3081 the address will timeout based on the other host(s); when the address is
3082 looked up below, there is an explicit retry record added.
3083
3084 Note that we mustn't skip unusable hosts if the address is not unset; they
3085 may be needed as expired hosts on the 2nd time round the cutoff loop. */
3086
3087 if (host->address == NULL)
3088 {
322050c2 3089 int new_port, flags;
7cd1141b 3090 host_item *hh;
0756eb3c
PH		 3091
3092 if (host->status >= hstatus_unusable)
3093 {
3094 DEBUG(D_transport) debug_printf("%s has no address and is unusable - skipping\n",
3095 host->name);
3096 continue;
3097 }
3098
3099 DEBUG(D_transport) debug_printf("getting address for %s\n", host->name);
3100
7cd1141b
PH		 3101 /* The host name is permitted to have an attached port. Find it, and
3102 strip it from the name. Just remember it for now. */
3103
3104 new_port = host_item_get_port(host);
3105
3106 /* Count hosts looked up */
3107
0756eb3c
PH		 3108 hosts_looked_up++;
3109
3110 /* Find by name if so configured, or if it's an IP address. We don't
3111 just copy the IP address, because we need the test-for-local to happen. */
3112
322050c2
PH		 3113 flags = HOST_FIND_BY_A;
3114 if (ob->dns_qualify_single) flags |= HOST_FIND_QUALIFY_SINGLE;
3115 if (ob->dns_search_parents) flags |= HOST_FIND_SEARCH_PARENTS;
3116
7e66e54d 3117 if (ob->gethostbyname || string_is_ip_address(host->name, NULL) != 0)
55414b25 3118 rc = host_find_byname(host, NULL, flags, NULL, TRUE);
0756eb3c 3119 else
0756eb3c 3120 rc = host_find_bydns(host, NULL, flags, NULL, NULL, NULL,
578897ea 3121 ob->dnssec_request_domains, ob->dnssec_require_domains,
55414b25 3122 NULL, NULL);
0756eb3c 3123
7cd1141b
PH		 3124 /* Update the host (and any additional blocks, resulting from
3125 multihoming) with a host-specific port, if any. */
3126
3127 for (hh = host; hh != nexthost; hh = hh->next) hh->port = new_port;
3128
0756eb3c
PH		 3129 /* Failure to find the host at this time (usually DNS temporary failure)
3130 is really a kind of routing failure rather than a transport failure.
3131 Therefore we add a retry item of the routing kind, not to stop us trying
3132 to look this name up here again, but to ensure the address gets timed
3133 out if the failures go on long enough. A complete failure at this point
3134 commonly points to a configuration error, but the best action is still
3135 to carry on for the next host. */
3136
3137 if (rc == HOST_FIND_AGAIN || rc == HOST_FIND_FAILED)
3138 {
3139 retry_add_item(addrlist, string_sprintf("R:%s", host->name), 0);
3140 expired = FALSE;
3141 if (rc == HOST_FIND_AGAIN) hosts_defer++; else hosts_fail++;
3142 DEBUG(D_transport) debug_printf("rc = %s for %s\n", (rc == HOST_FIND_AGAIN)?
3143 "HOST_FIND_AGAIN" : "HOST_FIND_FAILED", host->name);
3144 host->status = hstatus_unusable;
3145
3146 for (addr = addrlist; addr != NULL; addr = addr->next)
3147 {
3148 if (addr->transport_return != DEFER) continue;
3149 addr->basic_errno = ERRNO_UNKNOWNHOST;
3150 addr->message =
3151 string_sprintf("failed to lookup IP address for %s", host->name);
3152 }
3153 continue;
3154 }
3155
3156 /* If the host is actually the local host, we may have a problem, or
3157 there may be some cunning configuration going on. In the problem case,
3158 log things and give up. The default transport status is already DEFER. */
3159
3160 if (rc == HOST_FOUND_LOCAL && !ob->allow_localhost)
3161 {
3162 for (addr = addrlist; addr != NULL; addr = addr->next)
3163 {
3164 addr->basic_errno = 0;
3165 addr->message = string_sprintf("%s transport found host %s to be "
3166 "local", tblock->name, host->name);
3167 }
3168 goto END_TRANSPORT;
3169 }
3170 } /* End of block for IP address lookup */
3171
3172 /* If this is a continued delivery, we are interested only in the host
3173 which matches the name of the existing open channel. The check is put
3174 here after the local host lookup, in case the name gets expanded as a
3175 result of the lookup. Set expired FALSE, to save the outer loop executing
3176 twice. */
3177
3178 if (continuing && (Ustrcmp(continue_hostname, host->name) != 0 ||
3179 Ustrcmp(continue_host_address, host->address) != 0))
3180 {
3181 expired = FALSE;
3182 continue; /* With next host */
3183 }
3184
9c4e8f60
PH		 3185 /* Reset the default next host in case a multihomed host whose addresses
3186 are not looked up till just above added to the host list. */
83364d30
PH		 3187
3188 nexthost = host->next;
3189
0756eb3c
PH		 3190 /* If queue_smtp is set (-odqs or the first part of a 2-stage run), or the
3191 domain is in queue_smtp_domains, we don't actually want to attempt any
3192 deliveries. When doing a queue run, queue_smtp_domains is always unset. If
3193 there is a lookup defer in queue_smtp_domains, proceed as if the domain
3194 were not in it. We don't want to hold up all SMTP deliveries! Except when
3195 doing a two-stage queue run, don't do this if forcing. */
3196
3197 if ((!deliver_force || queue_2stage) && (queue_smtp ||
55414b25
JH		 3198 match_isinlist(addrlist->domain,
3199 (const uschar **)&queue_smtp_domains, 0,
cf39cf57 3200 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK))
0756eb3c
PH		 3201 {
3202 expired = FALSE;
3203 for (addr = addrlist; addr != NULL; addr = addr->next)
3204 {
3205 if (addr->transport_return != DEFER) continue;
3206 addr->message = US"domain matches queue_smtp_domains, or -odqs set";
3207 }
3208 continue; /* With next host */
3209 }
3210
3211 /* Count hosts being considered - purely for an intelligent comment
3212 if none are usable. */
3213
3214 hosts_total++;
3215
3216 /* Set $host and $host address now in case they are needed for the
3217 interface expansion or the serialize_hosts check; they remain set if an
3218 actual delivery happens. */
3219
3220 deliver_host = host->name;
3221 deliver_host_address = host->address;
783b385f
JH		 3222 lookup_dnssec_authenticated = host->dnssec == DS_YES ? US"yes"
3223 : host->dnssec == DS_NO ? US"no"
3224 : US"";
0756eb3c 3225
7cd1141b
PH		 3226 /* Set up a string for adding to the retry key if the port number is not
3227 the standard SMTP port. A host may have its own port setting that overrides
3228 the default. */
3229
3230 pistring = string_sprintf(":%d", (host->port == PORT_NONE)?
3231 port : host->port);
3232 if (Ustrcmp(pistring, ":25") == 0) pistring = US"";
3233
0756eb3c
PH		 3234 /* Select IPv4 or IPv6, and choose an outgoing interface. If the interface
3235 string changes upon expansion, we must add it to the key that is used for
3236 retries, because connections to the same host from a different interface
3237 should be treated separately. */
3238
3239 host_af = (Ustrchr(host->address, ':') == NULL)? AF_INET : AF_INET6;
3240 if (!smtp_get_interface(ob->interface, host_af, addrlist, &ifchanges,
3241 &interface, tid))
3242 return FALSE;
3243 if (ifchanges) pistring = string_sprintf("%s/%s", pistring, interface);
3244
3245 /* The first time round the outer loop, check the status of the host by
3246 inspecting the retry data. The second time round, we are interested only
3247 in expired hosts that haven't been tried since this message arrived. */
3248
3249 if (cutoff_retry == 0)
3250 {
9c695f6d 3251 BOOL incl_ip;
0756eb3c 3252 /* Ensure the status of the address is set by checking retry data if
9c695f6d 3253 necessary. There may be host-specific retry data (applicable to all
0756eb3c
PH		 3254 messages) and also data for retries of a specific message at this host.
3255 If either of these retry records are actually read, the keys used are
3256 returned to save recomputing them later. */
3257
9c695f6d
JH		 3258 if (exp_bool(addrlist, US"transport", tblock->name, D_transport,
3259 US"retry_include_ip_address", ob->retry_include_ip_address,
3260 ob->expand_retry_include_ip_address, &incl_ip) != OK)
3261 continue; /* with next host */
3262
0756eb3c 3263 host_is_expired = retry_check_address(addrlist->domain, host, pistring,
9c695f6d 3264 incl_ip, &retry_host_key, &retry_message_key);
0756eb3c
PH		 3265
3266 DEBUG(D_transport) debug_printf("%s [%s]%s status = %s\n", host->name,
3267 (host->address == NULL)? US"" : host->address, pistring,
3268 (host->status == hstatus_usable)? "usable" :
3269 (host->status == hstatus_unusable)? "unusable" :
3270 (host->status == hstatus_unusable_expired)? "unusable (expired)" : "?");
3271
3272 /* Skip this address if not usable at this time, noting if it wasn't
3273 actually expired, both locally and in the address. */
3274
3275 switch (host->status)
3276 {
3277 case hstatus_unusable:
3278 expired = FALSE;
3279 setflag(addrlist, af_retry_skipped);
3280 /* Fall through */
3281
3282 case hstatus_unusable_expired:
3283 switch (host->why)
3284 {
3285 case hwhy_retry: hosts_retry++; break;
3286 case hwhy_failed: hosts_fail++; break;
3287 case hwhy_deferred: hosts_defer++; break;
3288 }
3289
3290 /* If there was a retry message key, implying that previously there
3291 was a message-specific defer, we don't want to update the list of
f6c332bd 3292 messages waiting for these hosts. */
0756eb3c 3293
f6c332bd 3294 if (retry_message_key != NULL) update_waiting = FALSE;
0756eb3c
PH		 3295 continue; /* With the next host or IP address */
3296 }
3297 }
3298
3299 /* Second time round the loop: if the address is set but expired, and
3300 the message is newer than the last try, let it through. */
3301
3302 else
3303 {
3304 if (host->address == NULL ||
3305 host->status != hstatus_unusable_expired ||
3306 host->last_try > received_time)
3307 continue;
3308 DEBUG(D_transport)
3309 debug_printf("trying expired host %s [%s]%s\n",
3310 host->name, host->address, pistring);
3311 host_is_expired = TRUE;
3312 }
3313
3314 /* Setting "expired=FALSE" doesn't actually mean not all hosts are expired;
3315 it remains TRUE only if all hosts are expired and none are actually tried.
3316 */
3317
3318 expired = FALSE;
3319
3320 /* If this host is listed as one to which access must be serialized,
3321 see if another Exim process has a connection to it, and if so, skip
3322 this host. If not, update the database to record our connection to it
3323 and remember this for later deletion. Do not do any of this if we are
3324 sending the message down a pre-existing connection. */
3325
3326 if (!continuing &&
5130845b 3327 verify_check_given_host(&ob->serialize_hosts, host) == OK)
0756eb3c
PH		 3328 {
3329 serialize_key = string_sprintf("host-serialize-%s", host->name);
3330 if (!enq_start(serialize_key))
3331 {
3332 DEBUG(D_transport)
3333 debug_printf("skipping host %s because another Exim process "
3334 "is connected to it\n", host->name);
3335 hosts_serial++;
3336 continue;
3337 }
3338 serialized = TRUE;
3339 }
3340
3341 /* OK, we have an IP address that is not waiting for its retry time to
3342 arrive (it might be expired) OR (second time round the loop) we have an
3343 expired host that hasn't been tried since the message arrived. Have a go
3344 at delivering the message to it. First prepare the addresses by flushing
3345 out the result of previous attempts, and finding the first address that
3346 is still to be delivered. */
3347
3348 first_addr = prepare_addresses(addrlist, host);
3349
3350 DEBUG(D_transport) debug_printf("delivering %s to %s [%s] (%s%s)\n",
3351 message_id, host->name, host->address, addrlist->address,
3352 (addrlist->next == NULL)? "" : ", ...");
3353
3354 set_process_info("delivering %s to %s [%s] (%s%s)",
3355 message_id, host->name, host->address, addrlist->address,
3356 (addrlist->next == NULL)? "" : ", ...");
3357
3358 /* This is not for real; don't do the delivery. If there are
3359 any remaining hosts, list them. */
3360
3361 if (dont_deliver)
3362 {
3363 host_item *host2;
c562fd30 3364 set_errno(addrlist, 0, NULL, OK, FALSE, NULL);
0756eb3c
PH		 3365 for (addr = addrlist; addr != NULL; addr = addr->next)
3366 {
3367 addr->host_used = host;
3368 addr->special_action = '*';
3369 addr->message = US"delivery bypassed by -N option";
3370 }
3371 DEBUG(D_transport)
3372 {
3373 debug_printf("*** delivery by %s transport bypassed by -N option\n"
3374 "*** host and remaining hosts:\n", tblock->name);
3375 for (host2 = host; host2 != NULL; host2 = host2->next)
3376 debug_printf(" %s [%s]\n", host2->name,
3377 (host2->address == NULL)? US"unset" : host2->address);
3378 }
3379 rc = OK;
3380 }
3381
3382 /* This is for real. If the host is expired, we don't count it for
3383 hosts_max_retry. This ensures that all hosts must expire before an address
8e669ac1 3384 is timed out, unless hosts_max_try_hardlimit (which protects against
533244af 3385 lunatic DNS configurations) is reached.
8e669ac1 3386
533244af
PH		 3387 If the host is not expired and we are about to hit the hosts_max_retry
3388 limit, check to see if there is a subsequent hosts with a different MX
3389 value. If so, make that the next host, and don't count this one. This is a
3390 heuristic to make sure that different MXs do get tried. With a normal kind
3391 of retry rule, they would get tried anyway when the earlier hosts were
3392 delayed, but if the domain has a "retry every time" type of rule - as is
3393 often used for the the very large ISPs, that won't happen. */
0756eb3c
PH		 3394
3395 else
3396 {
d427a7f9
JH		 3397 host_item * thost;
3398 /* Make a copy of the host if it is local to this invocation
3399 of the transport. */
3400
3401 if (expanded_hosts)
3402 {
3403 thost = store_get(sizeof(host_item));
3404 *thost = *host;
3405 thost->name = string_copy(host->name);
3406 thost->address = string_copy(host->address);
3407 }
3408 else
3409 thost = host;
3410
0756eb3c
PH		 3411 if (!host_is_expired && ++unexpired_hosts_tried >= ob->hosts_max_try)
3412 {
3413 host_item *h;
3414 DEBUG(D_transport)
3415 debug_printf("hosts_max_try limit reached with this host\n");
3416 for (h = host; h != NULL; h = h->next)
3417 if (h->mx != host->mx) break;
3418 if (h != NULL)
3419 {
3420 nexthost = h;
3421 unexpired_hosts_tried--;
3422 DEBUG(D_transport) debug_printf("however, a higher MX host exists "
3423 "and will be tried\n");
3424 }
3425 }
3426
3427 /* Attempt the delivery. */
3428
533244af 3429 total_hosts_tried++;
d427a7f9
JH		 3430 rc = smtp_deliver(addrlist, thost, host_af, port, interface, tblock,
3431 &message_defer, FALSE);
0756eb3c
PH		 3432
3433 /* Yield is one of:
3434 OK => connection made, each address contains its result;
3435 message_defer is set for message-specific defers (when all
3436 recipients are marked defer)
3437 DEFER => there was a non-message-specific delivery problem;
3438 ERROR => there was a problem setting up the arguments for a filter,
3439 or there was a problem with expanding added headers
3440 */
3441
3442 /* If the result is not OK, there was a non-message-specific problem.
3443 If the result is DEFER, we need to write to the logs saying what happened
3444 for this particular host, except in the case of authentication and TLS
3445 failures, where the log has already been written. If all hosts defer a
3446 general message is written at the end. */
3447
3448 if (rc == DEFER && first_addr->basic_errno != ERRNO_AUTHFAIL &&
3449 first_addr->basic_errno != ERRNO_TLSFAILURE)
3450 write_logs(first_addr, host);
3451
774ef2d7 3452#ifdef EXPERIMENTAL_EVENT
d68218c7 3453 if (rc == DEFER)
774ef2d7 3454 deferred_event_raise(first_addr, host);
a7538db1 3455#endif
d68218c7 3456
0756eb3c
PH		 3457 /* If STARTTLS was accepted, but there was a failure in setting up the
3458 TLS session (usually a certificate screwup), and the host is not in
3459 hosts_require_tls, and tls_tempfail_tryclear is true, try again, with
3460 TLS forcibly turned off. We have to start from scratch with a new SMTP
3461 connection. That's why the retry is done from here, not from within
3462 smtp_deliver(). [Rejections of STARTTLS itself don't screw up the
3463 session, so the in-clear transmission after those errors, if permitted,
3464 happens inside smtp_deliver().] */
3465
a7538db1 3466#ifdef SUPPORT_TLS
7a31d643
JH		 3467 if ( rc == DEFER
3468 && first_addr->basic_errno == ERRNO_TLSFAILURE
3469 && ob->tls_tempfail_tryclear
5130845b 3470 && verify_check_given_host(&ob->hosts_require_tls, host) != OK
7a31d643 3471 )
0756eb3c
PH		 3472 {
3473 log_write(0, LOG_MAIN, "TLS session failure: delivering unencrypted "
3474 "to %s [%s] (not in hosts_require_tls)", host->name, host->address);
3475 first_addr = prepare_addresses(addrlist, host);
d427a7f9
JH		 3476 rc = smtp_deliver(addrlist, thost, host_af, port, interface, tblock,
3477 &message_defer, TRUE);
0756eb3c
PH		 3478 if (rc == DEFER && first_addr->basic_errno != ERRNO_AUTHFAIL)
3479 write_logs(first_addr, host);
774ef2d7 3480# ifdef EXPERIMENTAL_EVENT
d68218c7 3481 if (rc == DEFER)
774ef2d7 3482 deferred_event_raise(first_addr, host);
a7538db1 3483# endif
0756eb3c 3484 }
a1bccd48 3485#endif /*SUPPORT_TLS*/
0756eb3c
PH		 3486 }
3487
3488 /* Delivery attempt finished */
3489
3490 rs = (rc == OK)? US"OK" : (rc == DEFER)? US"DEFER" : (rc == ERROR)?
3491 US"ERROR" : US"?";
3492
3493 set_process_info("delivering %s: just tried %s [%s] for %s%s: result %s",
3494 message_id, host->name, host->address, addrlist->address,
3495 (addrlist->next == NULL)? "" : " (& others)", rs);
3496
3497 /* Release serialization if set up */
3498
3499 if (serialized) enq_end(serialize_key);
3500
3501 /* If the result is DEFER, or if a host retry record is known to exist, we
3502 need to add an item to the retry chain for updating the retry database
3503 at the end of delivery. We only need to add the item to the top address,
3504 of course. Also, if DEFER, we mark the IP address unusable so as to skip it
3505 for any other delivery attempts using the same address. (It is copied into
3506 the unusable tree at the outer level, so even if different address blocks
3507 contain the same address, it still won't get tried again.) */
3508
3509 if (rc == DEFER || retry_host_key != NULL)
3510 {
3511 int delete_flag = (rc != DEFER)? rf_delete : 0;
3512 if (retry_host_key == NULL)
3513 {
9c695f6d
JH		 3514 BOOL incl_ip;
3515 if (exp_bool(addrlist, US"transport", tblock->name, D_transport,
3516 US"retry_include_ip_address", ob->retry_include_ip_address,
3517 ob->expand_retry_include_ip_address, &incl_ip) != OK)
3518 incl_ip = TRUE; /* error; use most-specific retry record */
3519
3520 retry_host_key = incl_ip ?
0756eb3c
PH		 3521 string_sprintf("T:%S:%s%s", host->name, host->address, pistring) :
3522 string_sprintf("T:%S%s", host->name, pistring);
3523 }
3524
3525 /* If a delivery of another message over an existing SMTP connection
3526 yields DEFER, we do NOT set up retry data for the host. This covers the
3527 case when there are delays in routing the addresses in the second message
3528 that are so long that the server times out. This is alleviated by not
3529 routing addresses that previously had routing defers when handling an
3530 existing connection, but even so, this case may occur (e.g. if a
3531 previously happily routed address starts giving routing defers). If the
3532 host is genuinely down, another non-continued message delivery will
3533 notice it soon enough. */
3534
3535 if (delete_flag != 0 || !continuing)
3536 retry_add_item(first_addr, retry_host_key, rf_host | delete_flag);
3537
3538 /* We may have tried an expired host, if its retry time has come; ensure
3539 the status reflects the expiry for the benefit of any other addresses. */
3540
3541 if (rc == DEFER)
3542 {
3543 host->status = (host_is_expired)?
3544 hstatus_unusable_expired : hstatus_unusable;
3545 host->why = hwhy_deferred;
3546 }
3547 }
3548
3549 /* If message_defer is set (host was OK, but every recipient got deferred
3550 because of some message-specific problem), or if that had happened
3551 previously so that a message retry key exists, add an appropriate item
3552 to the retry chain. Note that if there was a message defer but now there is
3553 a host defer, the message defer record gets deleted. That seems perfectly
3554 reasonable. Also, stop the message from being remembered as waiting
f6c332bd 3555 for specific hosts. */
0756eb3c
PH		 3556
3557 if (message_defer || retry_message_key != NULL)
3558 {
3559 int delete_flag = message_defer? 0 : rf_delete;
3560 if (retry_message_key == NULL)
3561 {
9c695f6d
JH		 3562 BOOL incl_ip;
3563 if (exp_bool(addrlist, US"transport", tblock->name, D_transport,
3564 US"retry_include_ip_address", ob->retry_include_ip_address,
3565 ob->expand_retry_include_ip_address, &incl_ip) != OK)
3566 incl_ip = TRUE; /* error; use most-specific retry record */
3567
3568 retry_message_key = incl_ip ?
0756eb3c
PH		 3569 string_sprintf("T:%S:%s%s:%s", host->name, host->address, pistring,
3570 message_id) :
3571 string_sprintf("T:%S%s:%s", host->name, pistring, message_id);
3572 }
3573 retry_add_item(addrlist, retry_message_key,
3574 rf_message | rf_host | delete_flag);
f6c332bd 3575 update_waiting = FALSE;
0756eb3c
PH		 3576 }
3577
3578 /* Any return other than DEFER (that is, OK or ERROR) means that the
3579 addresses have got their final statuses filled in for this host. In the OK
3580 case, see if any of them are deferred. */
3581
3582 if (rc == OK)
3583 {
3584 for (addr = addrlist; addr != NULL; addr = addr->next)
3585 {
3586 if (addr->transport_return == DEFER)
3587 {
3588 some_deferred = TRUE;
3589 break;
3590 }
3591 }
3592 }
3593
3594 /* If no addresses deferred or the result was ERROR, return. We do this for
3595 ERROR because a failing filter set-up or add_headers expansion is likely to
3596 fail for any host we try. */
3597
3598 if (rc == ERROR || (rc == OK && !some_deferred))
3599 {
3600 DEBUG(D_transport) debug_printf("Leaving %s transport\n", tblock->name);
3601 return TRUE; /* Each address has its status */
3602 }
3603
3604 /* If the result was DEFER or some individual addresses deferred, let
3605 the loop run to try other hosts with the deferred addresses, except for the
3606 case when we were trying to deliver down an existing channel and failed.
3607 Don't try any other hosts in this case. */
3608
3609 if (continuing) break;
3610
3611 /* If the whole delivery, or some individual addresses, were deferred and
3612 there are more hosts that could be tried, do not count this host towards
3613 the hosts_max_try limit if the age of the message is greater than the
3614 maximum retry time for this host. This means we may try try all hosts,
3615 ignoring the limit, when messages have been around for some time. This is
3616 important because if we don't try all hosts, the address will never time
533244af 3617 out. NOTE: this does not apply to hosts_max_try_hardlimit. */
0756eb3c
PH		 3618
3619 if ((rc == DEFER || some_deferred) && nexthost != NULL)
3620 {
3621 BOOL timedout;
3622 retry_config *retry = retry_find_config(host->name, NULL, 0, 0);
3623
3624 if (retry != NULL && retry->rules != NULL)
3625 {
3626 retry_rule *last_rule;
3627 for (last_rule = retry->rules;
3628 last_rule->next != NULL;
3629 last_rule = last_rule->next);
3630 timedout = time(NULL) - received_time > last_rule->timeout;
3631 }
3632 else timedout = TRUE; /* No rule => timed out */
3633
3634 if (timedout)
3635 {
3636 unexpired_hosts_tried--;
3637 DEBUG(D_transport) debug_printf("temporary delivery error(s) override "
3638 "hosts_max_try (message older than host's retry time)\n");
3639 }
3640 }
3641 } /* End of loop for trying multiple hosts. */
3642
3643 /* This is the end of the loop that repeats iff expired is TRUE and
3644 ob->delay_after_cutoff is FALSE. The second time round we will
3645 try those hosts that haven't been tried since the message arrived. */
3646
3647 DEBUG(D_transport)
3648 {
3649 debug_printf("all IP addresses skipped or deferred at least one address\n");
3650 if (expired && !ob->delay_after_cutoff && cutoff_retry == 0)
3651 debug_printf("retrying IP addresses not tried since message arrived\n");
3652 }
3653 }
3654
3655
3656/* Get here if all IP addresses are skipped or defer at least one address. In
3657MUA wrapper mode, this will happen only for connection or other non-message-
3658specific failures. Force the delivery status for all addresses to FAIL. */
3659
3660if (mua_wrapper)
3661 {
3662 for (addr = addrlist; addr != NULL; addr = addr->next)
3663 addr->transport_return = FAIL;
3664 goto END_TRANSPORT;
3665 }
3666
3667/* In the normal, non-wrapper case, add a standard message to each deferred
3668address if there hasn't been an error, that is, if it hasn't actually been
3669tried this time. The variable "expired" will be FALSE if any deliveries were
3670actually tried, or if there was at least one host that was not expired. That
3671is, it is TRUE only if no deliveries were tried and all hosts were expired. If
3672a delivery has been tried, an error code will be set, and the failing of the
3673message is handled by the retry code later.
3674
3675If queue_smtp is set, or this transport was called to send a subsequent message
3676down an existing TCP/IP connection, and something caused the host not to be
3677found, we end up here, but can detect these cases and handle them specially. */
3678
3679for (addr = addrlist; addr != NULL; addr = addr->next)
3680 {
3681 /* If host is not NULL, it means that we stopped processing the host list
533244af
PH		 3682 because of hosts_max_try or hosts_max_try_hardlimit. In the former case, this
3683 means we need to behave as if some hosts were skipped because their retry
3684 time had not come. Specifically, this prevents the address from timing out.
8e669ac1 3685 However, if we have hit hosts_max_try_hardlimit, we want to behave as if all
533244af 3686 hosts were tried. */
0756eb3c
PH		 3687
3688 if (host != NULL)
3689 {
533244af
PH		 3690 if (total_hosts_tried >= ob->hosts_max_try_hardlimit)
3691 {
3692 DEBUG(D_transport)
3693 debug_printf("hosts_max_try_hardlimit reached: behave as if all "
3694 "hosts were tried\n");
3695 }
3696 else
8e669ac1 3697 {
533244af
PH		 3698 DEBUG(D_transport)
3699 debug_printf("hosts_max_try limit caused some hosts to be skipped\n");
3700 setflag(addr, af_retry_skipped);
8e669ac1 3701 }
0756eb3c
PH		 3702 }
3703
3704 if (queue_smtp) /* no deliveries attempted */
3705 {
3706 addr->transport_return = DEFER;
3707 addr->basic_errno = 0;
3708 addr->message = US"SMTP delivery explicitly queued";
3709 }
3710
3711 else if (addr->transport_return == DEFER &&
3712 (addr->basic_errno == ERRNO_UNKNOWNERROR || addr->basic_errno == 0) &&
3713 addr->message == NULL)
3714 {
3715 addr->basic_errno = ERRNO_HRETRY;
3716 if (continue_hostname != NULL)
3717 {
3718 addr->message = US"no host found for existing SMTP connection";
3719 }
3720 else if (expired)
3721 {
fffffe4c 3722 setflag(addr, af_pass_message); /* This is not a security risk */
0756eb3c
PH		 3723 addr->message = (ob->delay_after_cutoff)?
3724 US"retry time not reached for any host after a long failure period" :
3725 US"all hosts have been failing for a long time and were last tried "
3726 "after this message arrived";
3727
3728 /* If we are already using fallback hosts, or there are no fallback hosts
3729 defined, convert the result to FAIL to cause a bounce. */
3730
3731 if (addr->host_list == addr->fallback_hosts ||
3732 addr->fallback_hosts == NULL)
3733 addr->transport_return = FAIL;
3734 }
3735 else
3736 {
3737 if (hosts_retry == hosts_total)
3738 addr->message = US"retry time not reached for any host";
3739 else if (hosts_fail == hosts_total)
3740 addr->message = US"all host address lookups failed permanently";
3741 else if (hosts_defer == hosts_total)
3742 addr->message = US"all host address lookups failed temporarily";
3743 else if (hosts_serial == hosts_total)
3744 addr->message = US"connection limit reached for all hosts";
3745 else if (hosts_fail+hosts_defer == hosts_total)
3746 addr->message = US"all host address lookups failed";
3747 else addr->message = US"some host address lookups failed and retry time "
3748 "not reached for other hosts or connection limit reached";
3749 }
3750 }
3751 }
3752
3753/* Update the database which keeps information about which messages are waiting
f6c332bd
PH		 3754for which hosts to become available. For some message-specific errors, the
3755update_waiting flag is turned off because we don't want follow-on deliveries in
ea722490 3756those cases. If this transport instance is explicitly limited to one message
8b260705
PP		 3757per connection then follow-on deliveries are not possible and there's no need
3758to create/update the per-transport wait-<transport_name> database. */
0756eb3c 3759
ea722490
JH		 3760if (update_waiting && tblock->connection_max_messages != 1)
3761 transport_update_waiting(hostlist, tblock->name);
0756eb3c
PH		 3762
3763END_TRANSPORT:
3764
3765DEBUG(D_transport) debug_printf("Leaving %s transport\n", tblock->name);
3766
3767return TRUE; /* Each address has its status */
3768}
3769
578897ea
JH		 3770/* vi: aw ai sw=2
3771*/
0756eb3c 3772/* End of transport/smtp.c */
Unnamed repository; edit this file 'description' to name the repository.