tidying
[exim.git] / src / src / transports / smtp.c
CommitLineData
0756eb3c
PH
1/*************************************************
2* Exim - an Internet mail transport agent *
3*************************************************/
4
80fea873 5/* Copyright (c) University of Cambridge 1995 - 2016 */
0756eb3c
PH
6/* See the file NOTICE for conditions of use and distribution. */
7
8#include "../exim.h"
9#include "smtp.h"
10
11#define PENDING 256
12#define PENDING_DEFER (PENDING + DEFER)
13#define PENDING_OK (PENDING + OK)
14
2d14f397
JH
15#define DELIVER_BUFFER_SIZE 4096
16
0756eb3c
PH
17
18/* Options specific to the smtp transport. This transport also supports LMTP
19over TCP/IP. The options must be in alphabetic order (note that "_" comes
20before the lower case letters). Some live in the transport_instance block so as
21to be publicly visible; these are flagged with opt_public. */
22
23optionlist smtp_transport_options[] = {
506900af
JH
24 { "*expand_multi_domain", opt_stringptr | opt_hidden | opt_public,
25 (void *)offsetof(transport_instance, expand_multi_domain) },
9c695f6d
JH
26 { "*expand_retry_include_ip_address", opt_stringptr | opt_hidden,
27 (void *)(offsetof(smtp_transport_options_block, expand_retry_include_ip_address)) },
28
48c7f9e2
PH
29 { "address_retry_include_sender", opt_bool,
30 (void *)offsetof(smtp_transport_options_block, address_retry_include_sender) },
0756eb3c
PH
31 { "allow_localhost", opt_bool,
32 (void *)offsetof(smtp_transport_options_block, allow_localhost) },
33 { "authenticated_sender", opt_stringptr,
34 (void *)offsetof(smtp_transport_options_block, authenticated_sender) },
382afc6b
PH
35 { "authenticated_sender_force", opt_bool,
36 (void *)offsetof(smtp_transport_options_block, authenticated_sender_force) },
0756eb3c
PH
37 { "command_timeout", opt_time,
38 (void *)offsetof(smtp_transport_options_block, command_timeout) },
39 { "connect_timeout", opt_time,
40 (void *)offsetof(smtp_transport_options_block, connect_timeout) },
41 { "connection_max_messages", opt_int | opt_public,
42 (void *)offsetof(transport_instance, connection_max_messages) },
43 { "data_timeout", opt_time,
44 (void *)offsetof(smtp_transport_options_block, data_timeout) },
45 { "delay_after_cutoff", opt_bool,
46 (void *)offsetof(smtp_transport_options_block, delay_after_cutoff) },
80a47a2c 47#ifndef DISABLE_DKIM
f7572e5a 48 { "dkim_canon", opt_stringptr,
ff5aac2b 49 (void *)offsetof(smtp_transport_options_block, dkim.dkim_canon) },
f7572e5a 50 { "dkim_domain", opt_stringptr,
ff5aac2b 51 (void *)offsetof(smtp_transport_options_block, dkim.dkim_domain) },
f7572e5a 52 { "dkim_private_key", opt_stringptr,
ff5aac2b 53 (void *)offsetof(smtp_transport_options_block, dkim.dkim_private_key) },
f7572e5a 54 { "dkim_selector", opt_stringptr,
ff5aac2b 55 (void *)offsetof(smtp_transport_options_block, dkim.dkim_selector) },
f7572e5a 56 { "dkim_sign_headers", opt_stringptr,
ff5aac2b 57 (void *)offsetof(smtp_transport_options_block, dkim.dkim_sign_headers) },
f7572e5a 58 { "dkim_strict", opt_stringptr,
ff5aac2b 59 (void *)offsetof(smtp_transport_options_block, dkim.dkim_strict) },
80a47a2c 60#endif
0756eb3c
PH
61 { "dns_qualify_single", opt_bool,
62 (void *)offsetof(smtp_transport_options_block, dns_qualify_single) },
63 { "dns_search_parents", opt_bool,
64 (void *)offsetof(smtp_transport_options_block, dns_search_parents) },
578897ea 65 { "dnssec_request_domains", opt_stringptr,
7cd171b7 66 (void *)offsetof(smtp_transport_options_block, dnssec.request) },
578897ea 67 { "dnssec_require_domains", opt_stringptr,
7cd171b7 68 (void *)offsetof(smtp_transport_options_block, dnssec.require) },
9e4f5962
PP
69 { "dscp", opt_stringptr,
70 (void *)offsetof(smtp_transport_options_block, dscp) },
0756eb3c
PH
71 { "fallback_hosts", opt_stringptr,
72 (void *)offsetof(smtp_transport_options_block, fallback_hosts) },
73 { "final_timeout", opt_time,
74 (void *)offsetof(smtp_transport_options_block, final_timeout) },
75 { "gethostbyname", opt_bool,
76 (void *)offsetof(smtp_transport_options_block, gethostbyname) },
77 { "helo_data", opt_stringptr,
78 (void *)offsetof(smtp_transport_options_block, helo_data) },
79 { "hosts", opt_stringptr,
80 (void *)offsetof(smtp_transport_options_block, hosts) },
81 { "hosts_avoid_esmtp", opt_stringptr,
82 (void *)offsetof(smtp_transport_options_block, hosts_avoid_esmtp) },
c51b8e75
PH
83 { "hosts_avoid_pipelining", opt_stringptr,
84 (void *)offsetof(smtp_transport_options_block, hosts_avoid_pipelining) },
80a47a2c 85#ifdef SUPPORT_TLS
0756eb3c
PH
86 { "hosts_avoid_tls", opt_stringptr,
87 (void *)offsetof(smtp_transport_options_block, hosts_avoid_tls) },
80a47a2c 88#endif
0756eb3c
PH
89 { "hosts_max_try", opt_int,
90 (void *)offsetof(smtp_transport_options_block, hosts_max_try) },
533244af
PH
91 { "hosts_max_try_hardlimit", opt_int,
92 (void *)offsetof(smtp_transport_options_block, hosts_max_try_hardlimit) },
80a47a2c 93#ifdef SUPPORT_TLS
0756eb3c
PH
94 { "hosts_nopass_tls", opt_stringptr,
95 (void *)offsetof(smtp_transport_options_block, hosts_nopass_tls) },
80a47a2c 96#endif
0756eb3c
PH
97 { "hosts_override", opt_bool,
98 (void *)offsetof(smtp_transport_options_block, hosts_override) },
99 { "hosts_randomize", opt_bool,
100 (void *)offsetof(smtp_transport_options_block, hosts_randomize) },
f2de3a33 101#if defined(SUPPORT_TLS) && !defined(DISABLE_OCSP)
44662487
JH
102 { "hosts_request_ocsp", opt_stringptr,
103 (void *)offsetof(smtp_transport_options_block, hosts_request_ocsp) },
104#endif
0756eb3c
PH
105 { "hosts_require_auth", opt_stringptr,
106 (void *)offsetof(smtp_transport_options_block, hosts_require_auth) },
80a47a2c 107#ifdef SUPPORT_TLS
7a31d643
JH
108# ifdef EXPERIMENTAL_DANE
109 { "hosts_require_dane", opt_stringptr,
110 (void *)offsetof(smtp_transport_options_block, hosts_require_dane) },
111# endif
f2de3a33 112# ifndef DISABLE_OCSP
f5d78688
JH
113 { "hosts_require_ocsp", opt_stringptr,
114 (void *)offsetof(smtp_transport_options_block, hosts_require_ocsp) },
115# endif
0756eb3c
PH
116 { "hosts_require_tls", opt_stringptr,
117 (void *)offsetof(smtp_transport_options_block, hosts_require_tls) },
80a47a2c 118#endif
0756eb3c
PH
119 { "hosts_try_auth", opt_stringptr,
120 (void *)offsetof(smtp_transport_options_block, hosts_try_auth) },
f98442df
JH
121 { "hosts_try_chunking", opt_stringptr,
122 (void *)offsetof(smtp_transport_options_block, hosts_try_chunking) },
7a31d643 123#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_DANE)
96e47838
TL
124 { "hosts_try_dane", opt_stringptr,
125 (void *)offsetof(smtp_transport_options_block, hosts_try_dane) },
126#endif
8ccd00b1 127#ifndef DISABLE_PRDR
fd98a5c6
JH
128 { "hosts_try_prdr", opt_stringptr,
129 (void *)offsetof(smtp_transport_options_block, hosts_try_prdr) },
130#endif
99400968
JH
131#ifdef SUPPORT_TLS
132 { "hosts_verify_avoid_tls", opt_stringptr,
133 (void *)offsetof(smtp_transport_options_block, hosts_verify_avoid_tls) },
134#endif
0756eb3c
PH
135 { "interface", opt_stringptr,
136 (void *)offsetof(smtp_transport_options_block, interface) },
137 { "keepalive", opt_bool,
138 (void *)offsetof(smtp_transport_options_block, keepalive) },
f1513293
PH
139 { "lmtp_ignore_quota", opt_bool,
140 (void *)offsetof(smtp_transport_options_block, lmtp_ignore_quota) },
0756eb3c
PH
141 { "max_rcpt", opt_int | opt_public,
142 (void *)offsetof(transport_instance, max_addresses) },
506900af 143 { "multi_domain", opt_expand_bool | opt_public,
0756eb3c
PH
144 (void *)offsetof(transport_instance, multi_domain) },
145 { "port", opt_stringptr,
146 (void *)offsetof(smtp_transport_options_block, port) },
147 { "protocol", opt_stringptr,
148 (void *)offsetof(smtp_transport_options_block, protocol) },
9c695f6d 149 { "retry_include_ip_address", opt_expand_bool,
0756eb3c
PH
150 (void *)offsetof(smtp_transport_options_block, retry_include_ip_address) },
151 { "serialize_hosts", opt_stringptr,
152 (void *)offsetof(smtp_transport_options_block, serialize_hosts) },
153 { "size_addition", opt_int,
154 (void *)offsetof(smtp_transport_options_block, size_addition) }
f0989ec0 155#ifdef SUPPORT_SOCKS
7eb6c37c
JH
156 ,{ "socks_proxy", opt_stringptr,
157 (void *)offsetof(smtp_transport_options_block, socks_proxy) }
158#endif
80a47a2c 159#ifdef SUPPORT_TLS
0756eb3c
PH
160 ,{ "tls_certificate", opt_stringptr,
161 (void *)offsetof(smtp_transport_options_block, tls_certificate) },
162 { "tls_crl", opt_stringptr,
163 (void *)offsetof(smtp_transport_options_block, tls_crl) },
54c90be1
PP
164 { "tls_dh_min_bits", opt_int,
165 (void *)offsetof(smtp_transport_options_block, tls_dh_min_bits) },
0756eb3c
PH
166 { "tls_privatekey", opt_stringptr,
167 (void *)offsetof(smtp_transport_options_block, tls_privatekey) },
3f0945ff 168 { "tls_require_ciphers", opt_stringptr,
0756eb3c 169 (void *)offsetof(smtp_transport_options_block, tls_require_ciphers) },
3f0945ff
PP
170 { "tls_sni", opt_stringptr,
171 (void *)offsetof(smtp_transport_options_block, tls_sni) },
0756eb3c
PH
172 { "tls_tempfail_tryclear", opt_bool,
173 (void *)offsetof(smtp_transport_options_block, tls_tempfail_tryclear) },
a63be306
WB
174 { "tls_try_verify_hosts", opt_stringptr,
175 (void *)offsetof(smtp_transport_options_block, tls_try_verify_hosts) },
e51c7be2
JH
176 { "tls_verify_cert_hostnames", opt_stringptr,
177 (void *)offsetof(smtp_transport_options_block,tls_verify_cert_hostnames)},
0756eb3c 178 { "tls_verify_certificates", opt_stringptr,
a63be306
WB
179 (void *)offsetof(smtp_transport_options_block, tls_verify_certificates) },
180 { "tls_verify_hosts", opt_stringptr,
181 (void *)offsetof(smtp_transport_options_block, tls_verify_hosts) }
80a47a2c 182#endif
0756eb3c
PH
183};
184
185/* Size of the options list. An extern variable has to be used so that its
186address can appear in the tables drtables.c. */
187
188int smtp_transport_options_count =
189 sizeof(smtp_transport_options)/sizeof(optionlist);
190
191/* Default private options block for the smtp transport. */
192
193smtp_transport_options_block smtp_transport_option_defaults = {
194 NULL, /* hosts */
195 NULL, /* fallback_hosts */
196 NULL, /* hostlist */
197 NULL, /* fallback_hostlist */
198 NULL, /* authenticated_sender */
199 US"$primary_hostname", /* helo_data */
200 NULL, /* interface */
201 NULL, /* port */
202 US"smtp", /* protocol */
9e4f5962 203 NULL, /* DSCP */
0756eb3c
PH
204 NULL, /* serialize_hosts */
205 NULL, /* hosts_try_auth */
206 NULL, /* hosts_require_auth */
f98442df 207 US"*", /* hosts_try_chunking */
96e47838
TL
208#ifdef EXPERIMENTAL_DANE
209 NULL, /* hosts_try_dane */
7a31d643 210 NULL, /* hosts_require_dane */
96e47838 211#endif
8ccd00b1 212#ifndef DISABLE_PRDR
f98442df 213 US"*", /* hosts_try_prdr */
fd98a5c6 214#endif
f2de3a33 215#ifndef DISABLE_OCSP
0e66b3b6 216 US"*", /* hosts_request_ocsp (except under DANE; tls_client_start()) */
f5d78688
JH
217 NULL, /* hosts_require_ocsp */
218#endif
0756eb3c
PH
219 NULL, /* hosts_require_tls */
220 NULL, /* hosts_avoid_tls */
6c9ed72e 221 NULL, /* hosts_verify_avoid_tls */
c51b8e75 222 NULL, /* hosts_avoid_pipelining */
0756eb3c
PH
223 NULL, /* hosts_avoid_esmtp */
224 NULL, /* hosts_nopass_tls */
225 5*60, /* command_timeout */
226 5*60, /* connect_timeout; shorter system default overrides */
227 5*60, /* data timeout */
228 10*60, /* final timeout */
229 1024, /* size_addition */
230 5, /* hosts_max_try */
8e669ac1 231 50, /* hosts_max_try_hardlimit */
48c7f9e2 232 TRUE, /* address_retry_include_sender */
0756eb3c 233 FALSE, /* allow_localhost */
382afc6b 234 FALSE, /* authenticated_sender_force */
0756eb3c
PH
235 FALSE, /* gethostbyname */
236 TRUE, /* dns_qualify_single */
237 FALSE, /* dns_search_parents */
0539a19d 238 { NULL, NULL }, /* dnssec_domains {request,require} */
0756eb3c
PH
239 TRUE, /* delay_after_cutoff */
240 FALSE, /* hosts_override */
241 FALSE, /* hosts_randomize */
242 TRUE, /* keepalive */
f1513293 243 FALSE, /* lmtp_ignore_quota */
9c695f6d 244 NULL, /* expand_retry_include_ip_address */
0756eb3c 245 TRUE /* retry_include_ip_address */
f0989ec0 246#ifdef SUPPORT_SOCKS
7eb6c37c 247 ,NULL /* socks_proxy */
b8bf753b 248#endif
80a47a2c 249#ifdef SUPPORT_TLS
0756eb3c
PH
250 ,NULL, /* tls_certificate */
251 NULL, /* tls_crl */
252 NULL, /* tls_privatekey */
253 NULL, /* tls_require_ciphers */
54c90be1 254 NULL, /* tls_sni */
0e0f3f56 255 US"system", /* tls_verify_certificates */
54c90be1
PP
256 EXIM_CLIENT_DH_DEFAULT_MIN_BITS,
257 /* tls_dh_min_bits */
a63be306
WB
258 TRUE, /* tls_tempfail_tryclear */
259 NULL, /* tls_verify_hosts */
610ff438 260 US"*", /* tls_try_verify_hosts */
01a4a5c5 261 US"*" /* tls_verify_cert_hostnames */
80a47a2c
TK
262#endif
263#ifndef DISABLE_DKIM
ff5aac2b
JH
264 , {NULL, /* dkim_canon */
265 NULL, /* dkim_domain */
266 NULL, /* dkim_private_key */
267 NULL, /* dkim_selector */
268 NULL, /* dkim_sign_headers */
e983e85a
JH
269 NULL, /* dkim_strict */
270 FALSE} /* dot_stuffed */
80a47a2c 271#endif
0756eb3c
PH
272};
273
6c1c3d1d
WB
274/* some DSN flags for use later */
275
276static int rf_list[] = {rf_notify_never, rf_notify_success,
277 rf_notify_failure, rf_notify_delay };
278
45500060 279static uschar *rf_names[] = { US"NEVER", US"SUCCESS", US"FAILURE", US"DELAY" };
6c1c3d1d
WB
280
281
0756eb3c
PH
282
283/* Local statics */
284
285static uschar *smtp_command; /* Points to last cmd for error messages */
286static uschar *mail_command; /* Points to MAIL cmd for error messages */
f6c332bd 287static BOOL update_waiting; /* TRUE to update the "wait" database */
0d9fa8c0 288static BOOL pipelining_active; /* current transaction is in pipe mode */
8d330698 289static int off = 0; /* for use by setsockopt */
0756eb3c
PH
290
291
292/*************************************************
293* Setup entry point *
294*************************************************/
295
296/* This function is called when the transport is about to be used,
297but before running it in a sub-process. It is used for two things:
298
299 (1) To set the fallback host list in addresses, when delivering.
26da7e20
PH
300 (2) To pass back the interface, port, protocol, and other options, for use
301 during callout verification.
0756eb3c
PH
302
303Arguments:
304 tblock pointer to the transport instance block
305 addrlist list of addresses about to be transported
306 tf if not NULL, pointer to block in which to return options
929ba01c
PH
307 uid the uid that will be set (not used)
308 gid the gid that will be set (not used)
0756eb3c
PH
309 errmsg place for error message (not used)
310
311Returns: OK always (FAIL, DEFER not used)
312*/
313
314static int
315smtp_transport_setup(transport_instance *tblock, address_item *addrlist,
929ba01c 316 transport_feedback *tf, uid_t uid, gid_t gid, uschar **errmsg)
0756eb3c
PH
317{
318smtp_transport_options_block *ob =
319 (smtp_transport_options_block *)(tblock->options_block);
320
321errmsg = errmsg; /* Keep picky compilers happy */
929ba01c
PH
322uid = uid;
323gid = gid;
0756eb3c
PH
324
325/* Pass back options if required. This interface is getting very messy. */
326
327if (tf != NULL)
328 {
329 tf->interface = ob->interface;
330 tf->port = ob->port;
331 tf->protocol = ob->protocol;
332 tf->hosts = ob->hosts;
333 tf->hosts_override = ob->hosts_override;
334 tf->hosts_randomize = ob->hosts_randomize;
335 tf->gethostbyname = ob->gethostbyname;
336 tf->qualify_single = ob->dns_qualify_single;
337 tf->search_parents = ob->dns_search_parents;
26da7e20 338 tf->helo_data = ob->helo_data;
0756eb3c
PH
339 }
340
341/* Set the fallback host list for all the addresses that don't have fallback
342host lists, provided that the local host wasn't present in the original host
343list. */
344
345if (!testflag(addrlist, af_local_host_removed))
346 {
347 for (; addrlist != NULL; addrlist = addrlist->next)
348 if (addrlist->fallback_hosts == NULL)
349 addrlist->fallback_hosts = ob->fallback_hostlist;
350 }
351
352return OK;
353}
354
355
356
357/*************************************************
358* Initialization entry point *
359*************************************************/
360
361/* Called for each instance, after its options have been read, to
362enable consistency checks to be done, or anything else that needs
363to be set up.
364
365Argument: pointer to the transport instance block
366Returns: nothing
367*/
368
369void
370smtp_transport_init(transport_instance *tblock)
371{
372smtp_transport_options_block *ob =
373 (smtp_transport_options_block *)(tblock->options_block);
374
375/* Retry_use_local_part defaults FALSE if unset */
376
377if (tblock->retry_use_local_part == TRUE_UNSET)
378 tblock->retry_use_local_part = FALSE;
379
380/* Set the default port according to the protocol */
381
382if (ob->port == NULL)
061b7ebd
PP
383 ob->port = (strcmpic(ob->protocol, US"lmtp") == 0)? US"lmtp" :
384 (strcmpic(ob->protocol, US"smtps") == 0)? US"smtps" : US"smtp";
0756eb3c
PH
385
386/* Set up the setup entry point, to be called before subprocesses for this
387transport. */
388
389tblock->setup = smtp_transport_setup;
390
391/* Complain if any of the timeouts are zero. */
392
393if (ob->command_timeout <= 0 || ob->data_timeout <= 0 ||
394 ob->final_timeout <= 0)
395 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
396 "command, data, or final timeout value is zero for %s transport",
397 tblock->name);
398
399/* If hosts_override is set and there are local hosts, set the global
400flag that stops verify from showing router hosts. */
401
402if (ob->hosts_override && ob->hosts != NULL) tblock->overrides_hosts = TRUE;
403
404/* If there are any fallback hosts listed, build a chain of host items
405for them, but do not do any lookups at this time. */
406
407host_build_hostlist(&(ob->fallback_hostlist), ob->fallback_hosts, FALSE);
408}
409
410
411
412
413
414/*************************************************
415* Set delivery info into all active addresses *
416*************************************************/
417
418/* Only addresses whose status is >= PENDING are relevant. A lesser
419status means that an address is not currently being processed.
420
421Arguments:
447d236c
PH
422 addrlist points to a chain of addresses
423 errno_value to put in each address's errno field
424 msg to put in each address's message field
425 rc to put in each address's transport_return field
426 pass_message if TRUE, set the "pass message" flag in the address
c562fd30 427 host if set, mark addrs as having used this host
895fbaf2
JH
428 smtp_greeting from peer
429 helo_response from peer
0756eb3c
PH
430
431If errno_value has the special value ERRNO_CONNECTTIMEOUT, ETIMEDOUT is put in
432the errno field, and RTEF_CTOUT is ORed into the more_errno field, to indicate
433this particular type of timeout.
434
435Returns: nothing
436*/
437
7cd1141b
PH
438static void
439set_errno(address_item *addrlist, int errno_value, uschar *msg, int rc,
895fbaf2
JH
440 BOOL pass_message, host_item * host
441#ifdef EXPERIMENTAL_DSN_INFO
442 , const uschar * smtp_greeting, const uschar * helo_response
443#endif
444 )
0756eb3c
PH
445{
446address_item *addr;
447int orvalue = 0;
448if (errno_value == ERRNO_CONNECTTIMEOUT)
449 {
450 errno_value = ETIMEDOUT;
451 orvalue = RTEF_CTOUT;
452 }
895fbaf2 453for (addr = addrlist; addr; addr = addr->next)
168dec3b 454 if (addr->transport_return >= PENDING)
447d236c 455 {
168dec3b
JH
456 addr->basic_errno = errno_value;
457 addr->more_errno |= orvalue;
458 if (msg != NULL)
459 {
460 addr->message = msg;
461 if (pass_message) setflag(addr, af_pass_message);
462 }
463 addr->transport_return = rc;
464 if (host)
895fbaf2 465 {
168dec3b 466 addr->host_used = host;
895fbaf2
JH
467#ifdef EXPERIMENTAL_DSN_INFO
468 if (smtp_greeting)
469 {uschar * s = Ustrchr(smtp_greeting, '\n'); if (s) *s = '\0';}
470 addr->smtp_greeting = smtp_greeting;
471
472 if (helo_response)
473 {uschar * s = Ustrchr(helo_response, '\n'); if (s) *s = '\0';}
474 addr->helo_response = helo_response;
475#endif
476 }
447d236c 477 }
0756eb3c
PH
478}
479
895fbaf2
JH
480static void
481set_errno_nohost(address_item *addrlist, int errno_value, uschar *msg, int rc,
482 BOOL pass_message)
483{
484set_errno(addrlist, errno_value, msg, rc, pass_message, NULL
485#ifdef EXPERIMENTAL_DSN_INFO
486 , NULL, NULL
487#endif
488 );
489}
0756eb3c
PH
490
491
492/*************************************************
493* Check an SMTP response *
494*************************************************/
495
496/* This function is given an errno code and the SMTP response buffer
497to analyse, together with the host identification for generating messages. It
498sets an appropriate message and puts the first digit of the response code into
499the yield variable. If no response was actually read, a suitable digit is
500chosen.
501
502Arguments:
447d236c
PH
503 host the current host, to get its name for messages
504 errno_value pointer to the errno value
505 more_errno from the top address for use with ERRNO_FILTER_FAIL
506 buffer the SMTP response buffer
507 yield where to put a one-digit SMTP response code
508 message where to put an errror message
509 pass_message set TRUE if message is an SMTP response
510
511Returns: TRUE if an SMTP "QUIT" command should be sent, else FALSE
0756eb3c
PH
512*/
513
a7538db1
JH
514static BOOL
515check_response(host_item *host, int *errno_value, int more_errno,
447d236c 516 uschar *buffer, int *yield, uschar **message, BOOL *pass_message)
0756eb3c 517{
0d9fa8c0 518uschar * pl = pipelining_active ? US"pipelined " : US"";
0756eb3c
PH
519
520*yield = '4'; /* Default setting is to give a temporary error */
521
522/* Handle response timeout */
523
524if (*errno_value == ETIMEDOUT)
525 {
c562fd30
JH
526 *message = US string_sprintf("SMTP timeout after %s%s",
527 pl, smtp_command);
0756eb3c
PH
528 if (transport_count > 0)
529 *message = US string_sprintf("%s (%d bytes written)", *message,
530 transport_count);
531 return FALSE;
532 }
533
534/* Handle malformed SMTP response */
535
536if (*errno_value == ERRNO_SMTPFORMAT)
537 {
55414b25 538 const uschar *malfresp = string_printing(buffer);
0756eb3c 539 while (isspace(*malfresp)) malfresp++;
c562fd30
JH
540 *message = *malfresp == 0
541 ? string_sprintf("Malformed SMTP reply (an empty line) "
542 "in response to %s%s", pl, smtp_command)
543 : string_sprintf("Malformed SMTP reply in response to %s%s: %s",
544 pl, smtp_command, malfresp);
0756eb3c
PH
545 return FALSE;
546 }
547
548/* Handle a failed filter process error; can't send QUIT as we mustn't
549end the DATA. */
550
551if (*errno_value == ERRNO_FILTER_FAIL)
552 {
35af9f61 553 *message = US string_sprintf("transport filter process failed (%d)%s",
8e669ac1 554 more_errno,
35af9f61 555 (more_errno == EX_EXECFAILED)? ": unable to execute command" : "");
0756eb3c
PH
556 return FALSE;
557 }
558
559/* Handle a failed add_headers expansion; can't send QUIT as we mustn't
560end the DATA. */
561
562if (*errno_value == ERRNO_CHHEADER_FAIL)
563 {
564 *message =
565 US string_sprintf("failed to expand headers_add or headers_remove: %s",
566 expand_string_message);
567 return FALSE;
568 }
569
570/* Handle failure to write a complete data block */
571
572if (*errno_value == ERRNO_WRITEINCOMPLETE)
573 {
574 *message = US string_sprintf("failed to write a data block");
575 return FALSE;
576 }
577
8c5d388a 578#ifdef SUPPORT_I18N
250b6871
JH
579/* Handle lack of advertised SMTPUTF8, for international message */
580if (*errno_value == ERRNO_UTF8_FWD)
581 {
f358d5e0 582 *message = US string_sprintf("utf8 support required but not offered for forwarding");
250b6871
JH
583 DEBUG(D_deliver|D_transport) debug_printf("%s\n", *message);
584 return TRUE;
585 }
586#endif
587
0756eb3c
PH
588/* Handle error responses from the remote mailer. */
589
590if (buffer[0] != 0)
591 {
55414b25 592 const uschar *s = string_printing(buffer);
447d236c 593 *message = US string_sprintf("SMTP error from remote mail server after %s%s: "
c562fd30 594 "%s", pl, smtp_command, s);
447d236c 595 *pass_message = TRUE;
0756eb3c
PH
596 *yield = buffer[0];
597 return TRUE;
598 }
599
600/* No data was read. If there is no errno, this must be the EOF (i.e.
19b9dc85
PH
601connection closed) case, which causes deferral. An explicit connection reset
602error has the same effect. Otherwise, put the host's identity in the message,
603leaving the errno value to be interpreted as well. In all cases, we have to
604assume the connection is now dead. */
0756eb3c 605
19b9dc85 606if (*errno_value == 0 || *errno_value == ECONNRESET)
0756eb3c
PH
607 {
608 *errno_value = ERRNO_SMTPCLOSED;
c562fd30
JH
609 *message = US string_sprintf("Remote host closed connection "
610 "in response to %s%s", pl, smtp_command);
0756eb3c
PH
611 }
612else *message = US string_sprintf("%s [%s]", host->name, host->address);
613
614return FALSE;
615}
616
617
618
619/*************************************************
620* Write error message to logs *
621*************************************************/
622
623/* This writes to the main log and to the message log.
624
625Arguments:
626 addr the address item containing error information
627 host the current host
628
629Returns: nothing
630*/
631
632static void
633write_logs(address_item *addr, host_item *host)
634{
584ddd64
JH
635uschar * message = LOGGING(outgoing_port)
636 ? string_sprintf("H=%s [%s]:%d", host->name, host->address,
637 host->port == PORT_NONE ? 25 : host->port)
638 : string_sprintf("H=%s [%s]", host->name, host->address);
c562fd30
JH
639
640if (addr->message)
0756eb3c 641 {
c562fd30 642 message = string_sprintf("%s: %s", message, addr->message);
0756eb3c
PH
643 if (addr->basic_errno > 0)
644 message = string_sprintf("%s: %s", message, strerror(addr->basic_errno));
645 log_write(0, LOG_MAIN, "%s", message);
646 deliver_msglog("%s %s\n", tod_stamp(tod_log), message);
647 }
648else
649 {
37f3dc43
JH
650 const uschar * s = exim_errstr(addr->basic_errno);
651 log_write(0, LOG_MAIN, "%s %s", message, s);
652 deliver_msglog("%s %s %s\n", tod_stamp(tod_log), message, s);
0756eb3c
PH
653 }
654}
655
c562fd30
JH
656static void
657msglog_line(host_item * host, uschar * message)
658{
37f3dc43
JH
659deliver_msglog("%s H=%s [%s] %s\n", tod_stamp(tod_log),
660 host->name, host->address, message);
c562fd30
JH
661}
662
0756eb3c
PH
663
664
0cbf2b82 665#ifndef DISABLE_EVENT
d68218c7
JH
666/*************************************************
667* Post-defer action *
668*************************************************/
669
670/* This expands an arbitrary per-transport string.
671 It might, for example, be used to write to the database log.
672
673Arguments:
d68218c7
JH
674 addr the address item containing error information
675 host the current host
676
677Returns: nothing
678*/
679
680static void
774ef2d7 681deferred_event_raise(address_item *addr, host_item *host)
d68218c7 682{
774ef2d7 683uschar * action = addr->transport->event_action;
55414b25 684const uschar * save_domain;
a7538db1
JH
685uschar * save_local;
686
d68218c7 687if (!action)
a7538db1 688 return;
d68218c7 689
a7538db1
JH
690save_domain = deliver_domain;
691save_local = deliver_localpart;
692
693/*XXX would ip & port already be set up? */
694deliver_host_address = string_copy(host->address);
774ef2d7
JH
695deliver_host_port = host->port == PORT_NONE ? 25 : host->port;
696event_defer_errno = addr->basic_errno;
d68218c7
JH
697
698router_name = addr->router->name;
699transport_name = addr->transport->name;
a7538db1
JH
700deliver_domain = addr->domain;
701deliver_localpart = addr->local_part;
702
774ef2d7 703(void) event_raise(action, US"msg:host:defer",
a7538db1
JH
704 addr->message
705 ? addr->basic_errno > 0
706 ? string_sprintf("%s: %s", addr->message, strerror(addr->basic_errno))
707 : string_copy(addr->message)
708 : addr->basic_errno > 0
709 ? string_copy(US strerror(addr->basic_errno))
710 : NULL);
711
712deliver_localpart = save_local;
713deliver_domain = save_domain;
d68218c7
JH
714router_name = transport_name = NULL;
715}
716#endif
717
0756eb3c
PH
718/*************************************************
719* Synchronize SMTP responses *
720*************************************************/
721
722/* This function is called from smtp_deliver() to receive SMTP responses from
723the server, and match them up with the commands to which they relate. When
724PIPELINING is not in use, this function is called after every command, and is
725therefore somewhat over-engineered, but it is simpler to use a single scheme
726that works both with and without PIPELINING instead of having two separate sets
727of code.
728
729The set of commands that are buffered up with pipelining may start with MAIL
730and may end with DATA; in between are RCPT commands that correspond to the
731addresses whose status is PENDING_DEFER. All other commands (STARTTLS, AUTH,
732etc.) are never buffered.
733
734Errors after MAIL or DATA abort the whole process leaving the response in the
735buffer. After MAIL, pending responses are flushed, and the original command is
736re-instated in big_buffer for error messages. For RCPT commands, the remote is
737permitted to reject some recipient addresses while accepting others. However
738certain errors clearly abort the whole process. Set the value in
739transport_return to PENDING_OK if the address is accepted. If there is a
740subsequent general error, it will get reset accordingly. If not, it will get
741converted to OK at the end.
742
743Arguments:
48c7f9e2
PH
744 addrlist the complete address list
745 include_affixes TRUE if affixes include in RCPT
746 sync_addr ptr to the ptr of the one to start scanning at (updated)
747 host the host we are connected to
748 count the number of responses to read
749 address_retry_
750 include_sender true if 4xx retry is to include the sender it its key
751 pending_MAIL true if the first response is for MAIL
752 pending_DATA 0 if last command sent was not DATA
753 +1 if previously had a good recipient
754 -1 if not previously had a good recipient
755 inblock incoming SMTP block
756 timeout timeout value
757 buffer buffer for reading response
758 buffsize size of buffer
0756eb3c
PH
759
760Returns: 3 if at least one address had 2xx and one had 5xx
761 2 if at least one address had 5xx but none had 2xx
762 1 if at least one host had a 2xx response, but none had 5xx
763 0 no address had 2xx or 5xx but no errors (all 4xx, or just DATA)
764 -1 timeout while reading RCPT response
765 -2 I/O or other non-response error for RCPT
766 -3 DATA or MAIL failed - errno and buffer set
767*/
768
769static int
770sync_responses(address_item *addrlist, BOOL include_affixes,
48c7f9e2
PH
771 address_item **sync_addr, host_item *host, int count,
772 BOOL address_retry_include_sender, BOOL pending_MAIL,
0756eb3c
PH
773 int pending_DATA, smtp_inblock *inblock, int timeout, uschar *buffer,
774 int buffsize)
775{
776address_item *addr = *sync_addr;
777int yield = 0;
778
779/* Handle the response for a MAIL command. On error, reinstate the original
780command in big_buffer for error message use, and flush any further pending
781responses before returning, except after I/O errors and timeouts. */
782
783if (pending_MAIL)
784 {
785 count--;
786 if (!smtp_read_response(inblock, buffer, buffsize, '2', timeout))
787 {
e027f545 788 DEBUG(D_transport) debug_printf("bad response for MAIL\n");
0756eb3c
PH
789 Ustrcpy(big_buffer, mail_command); /* Fits, because it came from there! */
790 if (errno == 0 && buffer[0] != 0)
791 {
792 uschar flushbuffer[4096];
e97957bc
PH
793 int save_errno = 0;
794 if (buffer[0] == '4')
795 {
796 save_errno = ERRNO_MAIL4XX;
797 addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
798 }
0756eb3c
PH
799 while (count-- > 0)
800 {
801 if (!smtp_read_response(inblock, flushbuffer, sizeof(flushbuffer),
802 '2', timeout)
803 && (errno != 0 || flushbuffer[0] == 0))
804 break;
805 }
e97957bc 806 errno = save_errno;
0756eb3c 807 }
c562fd30
JH
808
809 if (pending_DATA) count--; /* Number of RCPT responses to come */
810 while (count-- > 0) /* Mark any pending addrs with the host used */
811 {
812 while (addr->transport_return != PENDING_DEFER) addr = addr->next;
813 addr->host_used = host;
814 addr = addr->next;
815 }
0756eb3c
PH
816 return -3;
817 }
818 }
819
820if (pending_DATA) count--; /* Number of RCPT responses to come */
821
822/* Read and handle the required number of RCPT responses, matching each one up
823with an address by scanning for the next address whose status is PENDING_DEFER.
824*/
825
826while (count-- > 0)
827 {
828 while (addr->transport_return != PENDING_DEFER) addr = addr->next;
829
830 /* The address was accepted */
c562fd30 831 addr->host_used = host;
0756eb3c
PH
832
833 if (smtp_read_response(inblock, buffer, buffsize, '2', timeout))
834 {
835 yield |= 1;
836 addr->transport_return = PENDING_OK;
837
838 /* If af_dr_retry_exists is set, there was a routing delay on this address;
09945f1e
PH
839 ensure that any address-specific retry record is expunged. We do this both
840 for the basic key and for the version that also includes the sender. */
0756eb3c
PH
841
842 if (testflag(addr, af_dr_retry_exists))
09945f1e
PH
843 {
844 uschar *altkey = string_sprintf("%s:<%s>", addr->address_retry_key,
845 sender_address);
846 retry_add_item(addr, altkey, rf_delete);
0756eb3c 847 retry_add_item(addr, addr->address_retry_key, rf_delete);
09945f1e 848 }
0756eb3c
PH
849 }
850
851 /* Timeout while reading the response */
852
853 else if (errno == ETIMEDOUT)
854 {
c562fd30
JH
855 uschar *message = string_sprintf("SMTP timeout after RCPT TO:<%s>",
856 transport_rcpt_address(addr, include_affixes));
895fbaf2 857 set_errno_nohost(addrlist, ETIMEDOUT, message, DEFER, FALSE);
0756eb3c 858 retry_add_item(addr, addr->address_retry_key, 0);
f6c332bd 859 update_waiting = FALSE;
0756eb3c
PH
860 return -1;
861 }
862
863 /* Handle other errors in obtaining an SMTP response by returning -1. This
864 will cause all the addresses to be deferred. Restore the SMTP command in
865 big_buffer for which we are checking the response, so the error message
866 makes sense. */
867
868 else if (errno != 0 || buffer[0] == 0)
869 {
870 string_format(big_buffer, big_buffer_size, "RCPT TO:<%s>",
871 transport_rcpt_address(addr, include_affixes));
872 return -2;
873 }
874
875 /* Handle SMTP permanent and temporary response codes. */
876
877 else
878 {
879 addr->message =
447d236c 880 string_sprintf("SMTP error from remote mail server after RCPT TO:<%s>: "
c562fd30
JH
881 "%s", transport_rcpt_address(addr, include_affixes),
882 string_printing(buffer));
447d236c 883 setflag(addr, af_pass_message);
c562fd30 884 msglog_line(host, addr->message);
0756eb3c
PH
885
886 /* The response was 5xx */
887
888 if (buffer[0] == '5')
889 {
890 addr->transport_return = FAIL;
891 yield |= 2;
892 }
893
894 /* The response was 4xx */
895
896 else
897 {
0756eb3c
PH
898 addr->transport_return = DEFER;
899 addr->basic_errno = ERRNO_RCPT4XX;
e97957bc 900 addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
0756eb3c 901
0cbf2b82 902#ifndef DISABLE_EVENT
5ef5dd52
JB
903 event_defer_errno = addr->more_errno;
904 msg_event_raise(US"msg:rcpt:host:defer", addr);
905#endif
906
c562fd30
JH
907 /* Log temporary errors if there are more hosts to be tried.
908 If not, log this last one in the == line. */
0756eb3c 909
c562fd30
JH
910 if (host->next)
911 log_write(0, LOG_MAIN, "H=%s [%s]: %s", host->name, host->address, addr->message);
0756eb3c 912
0cbf2b82 913#ifndef DISABLE_EVENT
5ef5dd52
JB
914 else
915 msg_event_raise(US"msg:rcpt:defer", addr);
916#endif
917
f6c332bd
PH
918 /* Do not put this message on the list of those waiting for specific
919 hosts, as otherwise it is likely to be tried too often. */
0756eb3c 920
f6c332bd 921 update_waiting = FALSE;
0756eb3c 922
48c7f9e2
PH
923 /* Add a retry item for the address so that it doesn't get tried again
924 too soon. If address_retry_include_sender is true, add the sender address
925 to the retry key. */
0756eb3c 926
48c7f9e2
PH
927 if (address_retry_include_sender)
928 {
929 uschar *altkey = string_sprintf("%s:<%s>", addr->address_retry_key,
930 sender_address);
931 retry_add_item(addr, altkey, 0);
932 }
933 else retry_add_item(addr, addr->address_retry_key, 0);
0756eb3c
PH
934 }
935 }
936 } /* Loop for next RCPT response */
937
938/* Update where to start at for the next block of responses, unless we
939have already handled all the addresses. */
940
941if (addr != NULL) *sync_addr = addr->next;
942
943/* Handle a response to DATA. If we have not had any good recipients, either
944previously or in this block, the response is ignored. */
945
946if (pending_DATA != 0 &&
947 !smtp_read_response(inblock, buffer, buffsize, '3', timeout))
948 {
949 int code;
950 uschar *msg;
447d236c 951 BOOL pass_message;
e97957bc
PH
952 if (pending_DATA > 0 || (yield & 1) != 0)
953 {
954 if (errno == 0 && buffer[0] == '4')
955 {
956 errno = ERRNO_DATA4XX;
957 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
958 }
959 return -3;
960 }
447d236c 961 (void)check_response(host, &errno, 0, buffer, &code, &msg, &pass_message);
0756eb3c
PH
962 DEBUG(D_transport) debug_printf("%s\nerror for DATA ignored: pipelining "
963 "is in use and there were no good recipients\n", msg);
964 }
965
966/* All responses read and handled; MAIL (if present) received 2xx and DATA (if
967present) received 3xx. If any RCPTs were handled and yielded anything other
968than 4xx, yield will be set non-zero. */
969
970return yield;
971}
972
973
974
fcc8e047
JH
975/* Do the client side of smtp-level authentication */
976/*
977Arguments:
978 buffer EHLO response from server (gets overwritten)
979 addrlist chain of potential addresses to deliver
980 host host to deliver to
981 ob transport options
982 ibp, obp comms channel control blocks
983
984Returns:
985 OK Success, or failed (but not required): global "smtp_authenticated" set
986 DEFER Failed authentication (and was required)
987 ERROR Internal problem
988
989 FAIL_SEND Failed communications - transmit
990 FAIL - response
991*/
992
993int
994smtp_auth(uschar *buffer, unsigned bufsize, address_item *addrlist, host_item *host,
995 smtp_transport_options_block *ob, BOOL is_esmtp,
996 smtp_inblock *ibp, smtp_outblock *obp)
997{
a7538db1
JH
998int require_auth;
999uschar *fail_reason = US"server did not advertise AUTH support";
fcc8e047 1000
a7538db1
JH
1001smtp_authenticated = FALSE;
1002client_authenticator = client_authenticated_id = client_authenticated_sender = NULL;
5130845b 1003require_auth = verify_check_given_host(&ob->hosts_require_auth, host);
fcc8e047 1004
a7538db1
JH
1005if (is_esmtp && !regex_AUTH) regex_AUTH =
1006 regex_must_compile(US"\\n250[\\s\\-]AUTH\\s+([\\-\\w\\s]+)(?:\\n|$)",
1007 FALSE, TRUE);
fcc8e047 1008
a7538db1
JH
1009if (is_esmtp && regex_match_and_setup(regex_AUTH, buffer, 0, -1))
1010 {
1011 uschar *names = string_copyn(expand_nstring[1], expand_nlength[1]);
1012 expand_nmax = -1; /* reset */
fcc8e047 1013
a7538db1
JH
1014 /* Must not do this check until after we have saved the result of the
1015 regex match above. */
fcc8e047 1016
a7538db1 1017 if (require_auth == OK ||
5130845b 1018 verify_check_given_host(&ob->hosts_try_auth, host) == OK)
a7538db1
JH
1019 {
1020 auth_instance *au;
1021 fail_reason = US"no common mechanisms were found";
fcc8e047 1022
a7538db1 1023 DEBUG(D_transport) debug_printf("scanning authentication mechanisms\n");
fcc8e047 1024
a7538db1
JH
1025 /* Scan the configured authenticators looking for one which is configured
1026 for use as a client, which is not suppressed by client_condition, and
1027 whose name matches an authentication mechanism supported by the server.
1028 If one is found, attempt to authenticate by calling its client function.
1029 */
fcc8e047 1030
a7538db1
JH
1031 for (au = auths; !smtp_authenticated && au != NULL; au = au->next)
1032 {
1033 uschar *p = names;
1034 if (!au->client ||
1035 (au->client_condition != NULL &&
1036 !expand_check_condition(au->client_condition, au->name,
1037 US"client authenticator")))
1038 {
1039 DEBUG(D_transport) debug_printf("skipping %s authenticator: %s\n",
1040 au->name,
1041 (au->client)? "client_condition is false" :
1042 "not configured as a client");
1043 continue;
1044 }
fcc8e047 1045
a7538db1 1046 /* Loop to scan supported server mechanisms */
fcc8e047 1047
a7538db1
JH
1048 while (*p != 0)
1049 {
1050 int rc;
1051 int len = Ustrlen(au->public_name);
1052 while (isspace(*p)) p++;
fcc8e047 1053
a7538db1
JH
1054 if (strncmpic(au->public_name, p, len) != 0 ||
1055 (p[len] != 0 && !isspace(p[len])))
1056 {
1057 while (*p != 0 && !isspace(*p)) p++;
1058 continue;
1059 }
fcc8e047 1060
a7538db1
JH
1061 /* Found data for a listed mechanism. Call its client entry. Set
1062 a flag in the outblock so that data is overwritten after sending so
1063 that reflections don't show it. */
fcc8e047 1064
a7538db1
JH
1065 fail_reason = US"authentication attempt(s) failed";
1066 obp->authenticating = TRUE;
1067 rc = (au->info->clientcode)(au, ibp, obp,
1068 ob->command_timeout, buffer, bufsize);
1069 obp->authenticating = FALSE;
1070 DEBUG(D_transport) debug_printf("%s authenticator yielded %d\n",
1071 au->name, rc);
fcc8e047 1072
a7538db1
JH
1073 /* A temporary authentication failure must hold up delivery to
1074 this host. After a permanent authentication failure, we carry on
1075 to try other authentication methods. If all fail hard, try to
1076 deliver the message unauthenticated unless require_auth was set. */
fcc8e047 1077
a7538db1
JH
1078 switch(rc)
1079 {
1080 case OK:
1081 smtp_authenticated = TRUE; /* stops the outer loop */
1082 client_authenticator = au->name;
1083 if (au->set_client_id != NULL)
1084 client_authenticated_id = expand_string(au->set_client_id);
1085 break;
1086
1087 /* Failure after writing a command */
1088
1089 case FAIL_SEND:
1090 return FAIL_SEND;
1091
1092 /* Failure after reading a response */
1093
1094 case FAIL:
1095 if (errno != 0 || buffer[0] != '5') return FAIL;
1096 log_write(0, LOG_MAIN, "%s authenticator failed H=%s [%s] %s",
1097 au->name, host->name, host->address, buffer);
1098 break;
1099
1100 /* Failure by some other means. In effect, the authenticator
1101 decided it wasn't prepared to handle this case. Typically this
1102 is the result of "fail" in an expansion string. Do we need to
1103 log anything here? Feb 2006: a message is now put in the buffer
1104 if logging is required. */
1105
1106 case CANCELLED:
1107 if (*buffer != 0)
1108 log_write(0, LOG_MAIN, "%s authenticator cancelled "
1109 "authentication H=%s [%s] %s", au->name, host->name,
1110 host->address, buffer);
1111 break;
1112
1113 /* Internal problem, message in buffer. */
1114
1115 case ERROR:
895fbaf2
JH
1116 set_errno_nohost(addrlist, ERRNO_AUTHPROB, string_copy(buffer),
1117 DEFER, FALSE);
a7538db1
JH
1118 return ERROR;
1119 }
fcc8e047 1120
a7538db1
JH
1121 break; /* If not authenticated, try next authenticator */
1122 } /* Loop for scanning supported server mechanisms */
1123 } /* Loop for further authenticators */
fcc8e047 1124 }
a7538db1 1125 }
fcc8e047 1126
a7538db1 1127/* If we haven't authenticated, but are required to, give up. */
fcc8e047 1128
a7538db1
JH
1129if (require_auth == OK && !smtp_authenticated)
1130 {
895fbaf2 1131 set_errno_nohost(addrlist, ERRNO_AUTHFAIL,
a7538db1 1132 string_sprintf("authentication required but %s", fail_reason), DEFER,
895fbaf2 1133 FALSE);
a7538db1
JH
1134 return DEFER;
1135 }
4d8d62b9 1136
a7538db1 1137return OK;
fcc8e047
JH
1138}
1139
1140
1141/* Construct AUTH appendix string for MAIL TO */
1142/*
1143Arguments
1144 buffer to build string
1145 addrlist chain of potential addresses to deliver
1146 ob transport options
1147
1148Globals smtp_authenticated
1149 client_authenticated_sender
1150Return True on error, otherwise buffer has (possibly empty) terminated string
1151*/
1152
1153BOOL
1154smtp_mail_auth_str(uschar *buffer, unsigned bufsize, address_item *addrlist,
1155 smtp_transport_options_block *ob)
1156{
1157uschar *local_authenticated_sender = authenticated_sender;
1158
1159#ifdef notdef
1160 debug_printf("smtp_mail_auth_str: as<%s> os<%s> SA<%s>\n", authenticated_sender, ob->authenticated_sender, smtp_authenticated?"Y":"N");
1161#endif
1162
1163if (ob->authenticated_sender != NULL)
1164 {
1165 uschar *new = expand_string(ob->authenticated_sender);
1166 if (new == NULL)
1167 {
1168 if (!expand_string_forcedfail)
1169 {
1170 uschar *message = string_sprintf("failed to expand "
1171 "authenticated_sender: %s", expand_string_message);
895fbaf2 1172 set_errno_nohost(addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE);
fcc8e047
JH
1173 return TRUE;
1174 }
1175 }
1176 else if (new[0] != 0) local_authenticated_sender = new;
1177 }
1178
1179/* Add the authenticated sender address if present */
1180
1181if ((smtp_authenticated || ob->authenticated_sender_force) &&
1182 local_authenticated_sender != NULL)
1183 {
1184 string_format(buffer, bufsize, " AUTH=%s",
1185 auth_xtextencode(local_authenticated_sender,
1186 Ustrlen(local_authenticated_sender)));
1187 client_authenticated_sender = string_copy(local_authenticated_sender);
1188 }
1189else
1190 *buffer= 0;
1191
1192return FALSE;
1193}
1194
1195
1196
0e66b3b6 1197#ifdef EXPERIMENTAL_DANE
2d5fdd53
JH
1198/* Lookup TLSA record for host/port.
1199Return: OK success with dnssec; DANE mode
1200 DEFER Do not use this host now, may retry later
1201 FAIL_FORCED No TLSA record; DANE not usable
1202 FAIL Do not use this connection
1203*/
1204
0e66b3b6 1205int
4b0fe319 1206tlsa_lookup(const host_item * host, dns_answer * dnsa, BOOL dane_required)
0e66b3b6
JH
1207{
1208/* move this out to host.c given the similarity to dns_lookup() ? */
1209uschar buffer[300];
55414b25 1210const uschar * fullname = buffer;
0e66b3b6
JH
1211
1212/* TLSA lookup string */
1213(void)sprintf(CS buffer, "_%d._tcp.%.256s", host->port, host->name);
1214
1215switch (dns_lookup(dnsa, buffer, T_TLSA, &fullname))
1216 {
0e66b3b6
JH
1217 case DNS_SUCCEED:
1218 if (!dns_is_secure(dnsa))
1219 {
1220 log_write(0, LOG_MAIN, "DANE error: TLSA lookup not DNSSEC");
1221 return DEFER;
1222 }
4b0fe319 1223 return OK;
2d5fdd53
JH
1224
1225 case DNS_AGAIN:
1226 return DEFER; /* just defer this TLS'd conn */
1227
ef3a1a30
JH
1228 case DNS_NODATA: /* no TLSA RR for this lookup */
1229 case DNS_NOMATCH: /* no records at all for this lookup */
2d5fdd53
JH
1230 return dane_required ? FAIL : FAIL_FORCED;
1231
1232 default:
1233 case DNS_FAIL:
1234 return dane_required ? FAIL : DEFER;
0e66b3b6 1235 }
0e66b3b6
JH
1236}
1237#endif
1238
1239
a39bd74d
JB
1240
1241typedef struct smtp_compare_s
1242{
1243 uschar *current_sender_address;
1244 struct transport_instance *tblock;
1245} smtp_compare_t;
1246
1247/*
1248Create a unique string that identifies this message, it is based on
1249sender_address, helo_data and tls_certificate if enabled. */
1250
1251static uschar *
1252smtp_local_identity(uschar * sender, struct transport_instance * tblock)
1253{
1254address_item * addr1;
1255uschar * if1 = US"";
1256uschar * helo1 = US"";
1257#ifdef SUPPORT_TLS
1258uschar * tlsc1 = US"";
1259#endif
1260uschar * save_sender_address = sender_address;
1261uschar * local_identity = NULL;
1262smtp_transport_options_block * ob =
1263 (smtp_transport_options_block *)tblock->options_block;
1264
1265sender_address = sender;
1266
1267addr1 = deliver_make_addr (sender, TRUE);
1268deliver_set_expansions(addr1);
1269
1270if (ob->interface)
1271 if1 = expand_string(ob->interface);
1272
1273if (ob->helo_data)
1274 helo1 = expand_string(ob->helo_data);
1275
1276#ifdef SUPPORT_TLS
1277if (ob->tls_certificate)
1278 tlsc1 = expand_string(ob->tls_certificate);
1279local_identity = string_sprintf ("%s^%s^%s", if1, helo1, tlsc1);
1280#else
1281local_identity = string_sprintf ("%s^%s", if1, helo1);
1282#endif
1283
1284deliver_set_expansions(NULL);
1285sender_address = save_sender_address;
1286
1287return local_identity;
1288}
1289
1290
1291
1292/* This routine is a callback that is called from transport_check_waiting.
1293This function will evaluate the incoming message versus the previous
1294message. If the incoming message is using a different local identity then
1295we will veto this new message. */
1296
1297static BOOL
1298smtp_are_same_identities(uschar * message_id, smtp_compare_t * s_compare)
1299{
dadff1d4
HSHR
1300uschar * message_local_identity,
1301 * current_local_identity,
1302 * new_sender_address;
1303
1304current_local_identity =
a39bd74d 1305 smtp_local_identity(s_compare->current_sender_address, s_compare->tblock);
a39bd74d 1306
dadff1d4
HSHR
1307if (!(new_sender_address = deliver_get_sender_address(message_id)))
1308 return 0;
1309
1310message_local_identity =
1311 smtp_local_identity(new_sender_address, s_compare->tblock);
a39bd74d
JB
1312
1313return Ustrcmp(current_local_identity, message_local_identity) == 0;
1314}
1315
1316
1317
9094b84b
JH
1318uschar
1319ehlo_response(uschar * buf, size_t bsize, uschar checks)
1320{
1321#ifdef SUPPORT_TLS
ff5aac2b
JH
1322if ( checks & PEER_OFFERED_TLS
1323 && pcre_exec(regex_STARTTLS, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
1324 checks &= ~PEER_OFFERED_TLS;
9094b84b
JH
1325#endif
1326
ff5aac2b
JH
1327if ( checks & PEER_OFFERED_IGNQ
1328 && pcre_exec(regex_IGNOREQUOTA, NULL, CS buf, bsize, 0,
1329 PCRE_EOPT, NULL, 0) < 0)
1330 checks &= ~PEER_OFFERED_IGNQ;
9094b84b 1331
f98442df
JH
1332if ( checks & PEER_OFFERED_CHUNKING
1333 && pcre_exec(regex_CHUNKING, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
1334 checks &= ~PEER_OFFERED_CHUNKING;
1335
9094b84b 1336#ifndef DISABLE_PRDR
ff5aac2b
JH
1337if ( checks & PEER_OFFERED_PRDR
1338 && pcre_exec(regex_PRDR, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
1339 checks &= ~PEER_OFFERED_PRDR;
9094b84b
JH
1340#endif
1341
1342#ifdef SUPPORT_I18N
ff5aac2b
JH
1343if ( checks & PEER_OFFERED_UTF8
1344 && pcre_exec(regex_UTF8, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
1345 checks &= ~PEER_OFFERED_UTF8;
9094b84b
JH
1346#endif
1347
ff5aac2b
JH
1348if ( checks & PEER_OFFERED_DSN
1349 && pcre_exec(regex_DSN, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
1350 checks &= ~PEER_OFFERED_DSN;
9094b84b 1351
ff5aac2b
JH
1352if ( checks & PEER_OFFERED_PIPE
1353 && pcre_exec(regex_PIPELINING, NULL, CS buf, bsize, 0,
1354 PCRE_EOPT, NULL, 0) < 0)
1355 checks &= ~PEER_OFFERED_PIPE;
9094b84b 1356
ff5aac2b
JH
1357if ( checks & PEER_OFFERED_SIZE
1358 && pcre_exec(regex_SIZE, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
1359 checks &= ~PEER_OFFERED_SIZE;
9094b84b
JH
1360
1361return checks;
1362}
1363
1364
6d5c916c
JH
1365
1366/* Callback for emitting a BDAT data chunk header.
6d5c916c 1367
e027f545
JH
1368If given a nonzero size, first flush any buffered SMTP commands
1369then emit the command.
1370
1371Reap previous SMTP command responses if requested.
1372Reap one SMTP command response if requested.
6d5c916c
JH
1373
1374Returns: OK or ERROR
1375*/
1376
1377static int
1378smtp_chunk_cmd_callback(int fd, transport_ctx * tctx,
e027f545 1379 unsigned chunk_size, unsigned flags)
6d5c916c
JH
1380{
1381smtp_transport_options_block * ob =
1382 (smtp_transport_options_block *)(tctx->tblock->options_block);
e027f545
JH
1383int cmd_count = 0;
1384int prev_cmd_count;
1385uschar * buffer = tctx->buffer;
6d5c916c 1386
6d5c916c 1387
e027f545 1388/* Write SMTP chunk header command */
6d5c916c 1389
e027f545
JH
1390if (chunk_size > 0)
1391 if((cmd_count = smtp_write_command(tctx->outblock, FALSE, "BDAT %u%s\r\n",
1392 chunk_size,
1393 flags & tc_chunk_last ? " LAST" : "")
1394 ) < 0) return ERROR;
1395
1396prev_cmd_count = cmd_count += tctx->cmd_count;
6d5c916c 1397
e027f545 1398/* Reap responses for any previous, but not one we just emitted */
6d5c916c 1399
e027f545
JH
1400if (chunk_size > 0)
1401 prev_cmd_count--;
1402if (tctx->pending_BDAT)
1403 prev_cmd_count--;
6d5c916c 1404
e027f545 1405if (flags & tc_reap_prev && prev_cmd_count > 0)
6d5c916c 1406 {
58fc5fb2
JH
1407 DEBUG(D_transport) debug_printf("look for %d responses"
1408 " for previous pipelined cmds\n", prev_cmd_count);
6d5c916c 1409
e027f545
JH
1410 switch(sync_responses(tctx->first_addr, tctx->tblock->rcpt_include_affixes,
1411 tctx->sync_addr, tctx->host, prev_cmd_count,
1412 ob->address_retry_include_sender,
1413 tctx->pending_MAIL, 0,
1414 tctx->inblock,
1415 ob->command_timeout,
2d14f397 1416 buffer, DELIVER_BUFFER_SIZE))
e027f545
JH
1417 {
1418 case 1: /* 2xx (only) => OK */
1419 case 3: tctx->good_RCPT = TRUE; /* 2xx & 5xx => OK & progress made */
1420 case 2: *tctx->completed_address = TRUE; /* 5xx (only) => progress made */
1421 case 0: break; /* No 2xx or 5xx, but no probs */
1422
1423 case -1: /* Timeout on RCPT */
1424 default: return ERROR; /* I/O error, or any MAIL/DATA error */
1425 }
1426 cmd_count = 1;
1427 if (!tctx->pending_BDAT)
1428 pipelining_active = FALSE;
6d5c916c 1429 }
e027f545 1430
58fc5fb2 1431/* Reap response for an outstanding BDAT */
e027f545 1432
58fc5fb2 1433if (tctx->pending_BDAT)
e027f545 1434 {
58fc5fb2
JH
1435 DEBUG(D_transport) debug_printf("look for one response for BDAT\n");
1436
2d14f397 1437 if (!smtp_read_response(tctx->inblock, buffer, DELIVER_BUFFER_SIZE, '2',
e027f545
JH
1438 ob->command_timeout))
1439 {
1440 if (errno == 0 && buffer[0] == '4')
1441 {
1442 errno = ERRNO_DATA4XX; /*XXX does this actually get used? */
1443 tctx->first_addr->more_errno |=
1444 ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
1445 }
1446 return ERROR;
1447 }
1448 cmd_count--;
1449 tctx->pending_BDAT = FALSE;
1450 pipelining_active = FALSE;
1451 }
1452else if (chunk_size > 0)
1453 tctx->pending_BDAT = TRUE;
1454
1455
1456tctx->cmd_count = cmd_count;
1457return OK;
6d5c916c
JH
1458}
1459
1460
1461
0756eb3c
PH
1462/*************************************************
1463* Deliver address list to given host *
1464*************************************************/
1465
1466/* If continue_hostname is not null, we get here only when continuing to
1467deliver down an existing channel. The channel was passed as the standard
6c512171
PH
1468input. TLS is never active on a passed channel; the previous process always
1469closes it down before passing the connection on.
0756eb3c
PH
1470
1471Otherwise, we have to make a connection to the remote host, and do the
1472initial protocol exchange.
1473
1474When running as an MUA wrapper, if the sender or any recipient is rejected,
1475temporarily or permanently, we force failure for all recipients.
1476
1477Arguments:
1478 addrlist chain of potential addresses to deliver; only those whose
1479 transport_return field is set to PENDING_DEFER are currently
1480 being processed; others should be skipped - they have either
1481 been delivered to an earlier host or IP address, or been
1482 failed by one of them.
1483 host host to deliver to
1484 host_af AF_INET or AF_INET6
2d280592 1485 port default TCP/IP port to use, in host byte order
0756eb3c
PH
1486 interface interface to bind to, or NULL
1487 tblock transport instance block
0756eb3c
PH
1488 message_defer set TRUE if yield is OK, but all addresses were deferred
1489 because of a non-recipient, non-host failure, that is, a
1490 4xx response to MAIL FROM, DATA, or ".". This is a defer
1491 that is specific to the message.
1492 suppress_tls if TRUE, don't attempt a TLS connection - this is set for
1493 a second attempt after TLS initialization fails
1494
1495Returns: OK - the connection was made and the delivery attempted;
1496 the result for each address is in its data block.
1497 DEFER - the connection could not be made, or something failed
1498 while setting up the SMTP session, or there was a
1499 non-message-specific error, such as a timeout.
1500 ERROR - a filter command is specified for this transport,
1501 and there was a problem setting it up; OR helo_data
1502 or add_headers or authenticated_sender is specified
1503 for this transport, and the string failed to expand
1504*/
1505
1506static int
1507smtp_deliver(address_item *addrlist, host_item *host, int host_af, int port,
d427a7f9 1508 uschar *interface, transport_instance *tblock,
0756eb3c
PH
1509 BOOL *message_defer, BOOL suppress_tls)
1510{
1511address_item *addr;
1512address_item *sync_addr;
1513address_item *first_addr = addrlist;
1514int yield = OK;
1515int address_count;
1516int save_errno;
1517int rc;
1518time_t start_delivery_time = time(NULL);
1519smtp_transport_options_block *ob =
1520 (smtp_transport_options_block *)(tblock->options_block);
59a286ef
JH
1521struct lflags {
1522 BOOL lmtp:1;
1523 BOOL smtps:1;
1524 BOOL ok:1;
1525 BOOL send_rset:1;
1526 BOOL send_quit:1;
1527 BOOL setting_up:1;
1528 BOOL esmtp:1;
a57ce043 1529 BOOL esmtp_sent:1;
59a286ef 1530 BOOL pending_MAIL:1;
8ccd00b1 1531#ifndef DISABLE_PRDR
59a286ef 1532 BOOL prdr_active:1;
fd98a5c6 1533#endif
8c5d388a 1534#ifdef SUPPORT_I18N
59a286ef
JH
1535 BOOL utf8_needed:1;
1536#endif
1537 BOOL dsn_all_lasthop:1;
1538#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_DANE)
1539 BOOL dane:1;
1540 BOOL dane_required:1;
7ade712c 1541#endif
59a286ef
JH
1542} lflags;
1543
1544BOOL pass_message = FALSE;
1545BOOL completed_address = FALSE;
1546uschar peer_offered = 0;
0e66b3b6 1547#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_DANE)
0e66b3b6
JH
1548dns_answer tlsa_dnsa;
1549#endif
0756eb3c
PH
1550smtp_inblock inblock;
1551smtp_outblock outblock;
1552int max_rcpt = tblock->max_addresses;
f1513293 1553uschar *igquotstr = US"";
a39bd74d 1554
895fbaf2
JH
1555#ifdef EXPERIMENTAL_DSN_INFO
1556uschar *smtp_greeting = NULL;
1557uschar *helo_response = NULL;
1558#endif
41c7c167 1559uschar *helo_data = NULL;
a39bd74d 1560
0756eb3c
PH
1561uschar *message = NULL;
1562uschar new_message_id[MESSAGE_ID_LENGTH + 1];
1563uschar *p;
2d14f397 1564uschar buffer[DELIVER_BUFFER_SIZE];
0756eb3c 1565uschar inbuffer[4096];
98470202 1566uschar outbuffer[4096];
0756eb3c
PH
1567
1568suppress_tls = suppress_tls; /* stop compiler warning when no TLS support */
1569
59a286ef
JH
1570lflags.lmtp = strcmpic(ob->protocol, US"lmtp") == 0;
1571lflags.smtps = strcmpic(ob->protocol, US"smtps") == 0;
1572lflags.ok = FALSE;
1573lflags.send_rset = TRUE;
1574lflags.send_quit = TRUE;
1575lflags.setting_up = TRUE;
1576lflags.esmtp = TRUE;
a57ce043 1577lflags.esmtp_sent = FALSE;
59a286ef
JH
1578#ifdef SUPPORT_I18N
1579lflags.utf8_needed = FALSE;
1580#endif
1581lflags.dsn_all_lasthop = TRUE;
1582#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_DANE)
1583lflags.dane = FALSE;
1584lflags.dane_required = verify_check_given_host(&ob->hosts_require_dane, host) == OK;
1585#endif
1586
0756eb3c
PH
1587*message_defer = FALSE;
1588smtp_command = US"initial connection";
76ac1b5b 1589buffer[0] = '\0';
0756eb3c
PH
1590if (max_rcpt == 0) max_rcpt = 999999;
1591
1592/* Set up the buffer for reading SMTP response packets. */
1593
1594inblock.buffer = inbuffer;
1595inblock.buffersize = sizeof(inbuffer);
1596inblock.ptr = inbuffer;
1597inblock.ptrend = inbuffer;
1598
1599/* Set up the buffer for holding SMTP commands while pipelining */
1600
1601outblock.buffer = outbuffer;
1602outblock.buffersize = sizeof(outbuffer);
1603outblock.ptr = outbuffer;
1604outblock.cmd_count = 0;
1605outblock.authenticating = FALSE;
1606
6c512171
PH
1607/* Reset the parameters of a TLS session. */
1608
817d9f57
JH
1609tls_out.bits = 0;
1610tls_out.cipher = NULL; /* the one we may use for this transport */
9d1c15ef
JH
1611tls_out.ourcert = NULL;
1612tls_out.peercert = NULL;
817d9f57
JH
1613tls_out.peerdn = NULL;
1614#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
1615tls_out.sni = NULL;
5b456975 1616#endif
018058b2 1617tls_out.ocsp = OCSP_NOT_REQ;
6c512171 1618
35aba663
JH
1619/* Flip the legacy TLS-related variables over to the outbound set in case
1620they're used in the context of the transport. Don't bother resetting
1621afterward as we're in a subprocess. */
1622
1623tls_modify_variables(&tls_out);
1624
061b7ebd 1625#ifndef SUPPORT_TLS
59a286ef 1626if (lflags.smtps)
061b7ebd 1627 {
895fbaf2
JH
1628 set_errno_nohost(addrlist, ERRNO_TLSFAILURE, US"TLS support not available",
1629 DEFER, FALSE);
018058b2 1630 return ERROR;
061b7ebd
PP
1631 }
1632#endif
1633
0756eb3c
PH
1634/* Make a connection to the host if this isn't a continued delivery, and handle
1635the initial interaction and HELO/EHLO/LHLO. Connect timeout errors are handled
1636specially so they can be identified for retries. */
1637
1638if (continue_hostname == NULL)
1639 {
a7538db1 1640 /* This puts port into host->port */
0756eb3c 1641 inblock.sock = outblock.sock =
7eb6c37c 1642 smtp_connect(host, host_af, port, interface, ob->connect_timeout, tblock);
4311097e 1643
0756eb3c
PH
1644 if (inblock.sock < 0)
1645 {
59a286ef 1646 set_errno_nohost(addrlist, errno == ETIMEDOUT ? ERRNO_CONNECTTIMEOUT : errno,
895fbaf2 1647 NULL, DEFER, FALSE);
0756eb3c
PH
1648 return DEFER;
1649 }
1650
0e66b3b6
JH
1651#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_DANE)
1652 {
0e66b3b6
JH
1653 tls_out.dane_verified = FALSE;
1654 tls_out.tlsa_usage = 0;
1655
0e66b3b6
JH
1656 if (host->dnssec == DS_YES)
1657 {
59a286ef 1658 if( lflags.dane_required
4b0fe319 1659 || verify_check_given_host(&ob->hosts_try_dane, host) == OK
0e66b3b6 1660 )
59a286ef 1661 switch (rc = tlsa_lookup(host, &tlsa_dnsa, lflags.dane_required))
4b0fe319 1662 {
59a286ef 1663 case OK: lflags.dane = TRUE; break;
2d5fdd53
JH
1664 case FAIL_FORCED: break;
1665 default: set_errno_nohost(addrlist, ERRNO_DNSDEFER,
1666 string_sprintf("DANE error: tlsa lookup %s",
1667 rc == DEFER ? "DEFER" : "FAIL"),
1668 rc, FALSE);
1669 return rc;
4b0fe319 1670 }
0e66b3b6 1671 }
59a286ef 1672 else if (lflags.dane_required)
0e66b3b6 1673 {
895fbaf2 1674 set_errno_nohost(addrlist, ERRNO_DNSDEFER,
4cea764f 1675 string_sprintf("DANE error: %s lookup not DNSSEC", host->name),
895fbaf2 1676 FAIL, FALSE);
4b0fe319 1677 return FAIL;
0e66b3b6
JH
1678 }
1679
59a286ef 1680 if (lflags.dane)
0e66b3b6
JH
1681 ob->tls_tempfail_tryclear = FALSE;
1682 }
1683#endif /*DANE*/
1684
41c7c167
PH
1685 /* Expand the greeting message while waiting for the initial response. (Makes
1686 sense if helo_data contains ${lookup dnsdb ...} stuff). The expansion is
1687 delayed till here so that $sending_interface and $sending_port are set. */
1688
1689 helo_data = expand_string(ob->helo_data);
8c5d388a 1690#ifdef SUPPORT_I18N
810d16ad
JH
1691 if (helo_data)
1692 {
1693 uschar * errstr = NULL;
1694 if ((helo_data = string_domain_utf8_to_alabel(helo_data, &errstr)), errstr)
1695 {
1696 errstr = string_sprintf("failed to expand helo_data: %s", errstr);
895fbaf2 1697 set_errno_nohost(addrlist, ERRNO_EXPANDFAIL, errstr, DEFER, FALSE);
810d16ad
JH
1698 yield = DEFER;
1699 goto SEND_QUIT;
1700 }
1701 }
1702#endif
41c7c167 1703
0756eb3c
PH
1704 /* The first thing is to wait for an initial OK response. The dreaded "goto"
1705 is nevertheless a reasonably clean way of programming this kind of logic,
1706 where you want to escape on any error. */
1707
59a286ef 1708 if (!lflags.smtps)
061b7ebd 1709 {
8d330698
JH
1710 BOOL good_response;
1711
1712#ifdef TCP_QUICKACK
1713 (void) setsockopt(inblock.sock, IPPROTO_TCP, TCP_QUICKACK, US &off, sizeof(off));
1714#endif
1715 good_response = smtp_read_response(&inblock, buffer, sizeof(buffer),
895fbaf2
JH
1716 '2', ob->command_timeout);
1717#ifdef EXPERIMENTAL_DSN_INFO
1718 smtp_greeting = string_copy(buffer);
1719#endif
1720 if (!good_response) goto RESPONSE_FAILED;
0756eb3c 1721
0cbf2b82 1722#ifndef DISABLE_EVENT
b30275b8 1723 {
805c9d53
JH
1724 uschar * s;
1725 lookup_dnssec_authenticated = host->dnssec==DS_YES ? US"yes"
1726 : host->dnssec==DS_NO ? US"no" : NULL;
1727 s = event_raise(tblock->event_action, US"smtp:connect", buffer);
b30275b8 1728 if (s)
a7538db1 1729 {
895fbaf2 1730 set_errno_nohost(addrlist, ERRNO_EXPANDFAIL,
b30275b8 1731 string_sprintf("deferred by smtp:connect event expansion: %s", s),
895fbaf2 1732 DEFER, FALSE);
a7538db1
JH
1733 yield = DEFER;
1734 goto SEND_QUIT;
1735 }
b30275b8 1736 }
a7538db1
JH
1737#endif
1738
061b7ebd
PP
1739 /* Now check if the helo_data expansion went well, and sign off cleanly if
1740 it didn't. */
41c7c167 1741
8d330698 1742 if (!helo_data)
061b7ebd
PP
1743 {
1744 uschar *message = string_sprintf("failed to expand helo_data: %s",
1745 expand_string_message);
895fbaf2 1746 set_errno_nohost(addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE);
061b7ebd
PP
1747 yield = DEFER;
1748 goto SEND_QUIT;
1749 }
41c7c167
PH
1750 }
1751
0756eb3c
PH
1752/** Debugging without sending a message
1753addrlist->transport_return = DEFER;
1754goto SEND_QUIT;
1755**/
1756
1757 /* Errors that occur after this point follow an SMTP command, which is
1758 left in big_buffer by smtp_write_command() for use in error messages. */
1759
1760 smtp_command = big_buffer;
1761
1762 /* Tell the remote who we are...
1763
1764 February 1998: A convention has evolved that ESMTP-speaking MTAs include the
1765 string "ESMTP" in their greeting lines, so make Exim send EHLO if the
1766 greeting is of this form. The assumption was that the far end supports it
1767 properly... but experience shows that there are some that give 5xx responses,
1768 even though the banner includes "ESMTP" (there's a bloody-minded one that
1769 says "ESMTP not spoken here"). Cope with that case.
1770
1771 September 2000: Time has passed, and it seems reasonable now to always send
1772 EHLO at the start. It is also convenient to make the change while installing
1773 the TLS stuff.
1774
1775 July 2003: Joachim Wieland met a broken server that advertises "PIPELINING"
1776 but times out after sending MAIL FROM, RCPT TO and DATA all together. There
1777 would be no way to send out the mails, so there is now a host list
1778 "hosts_avoid_esmtp" that disables ESMTP for special hosts and solves the
1779 PIPELINING problem as well. Maybe it can also be useful to cure other
1780 problems with broken servers.
1781
1782 Exim originally sent "Helo" at this point and ran for nearly a year that way.
1783 Then somebody tried it with a Microsoft mailer... It seems that all other
1784 mailers use upper case for some reason (the RFC is quite clear about case
1785 independence) so, for peace of mind, I gave in. */
1786
59a286ef 1787 lflags.esmtp = verify_check_given_host(&ob->hosts_avoid_esmtp, host) != OK;
0756eb3c 1788
061b7ebd
PP
1789 /* Alas; be careful, since this goto is not an error-out, so conceivably
1790 we might set data between here and the target which we assume to exist
1791 and be usable. I can see this coming back to bite us. */
a7538db1 1792#ifdef SUPPORT_TLS
59a286ef 1793 if (lflags.smtps)
061b7ebd 1794 {
2d14f397 1795 smtp_peer_options |= PEER_OFFERED_TLS;
061b7ebd
PP
1796 suppress_tls = FALSE;
1797 ob->tls_tempfail_tryclear = FALSE;
1798 smtp_command = US"SSL-on-connect";
1799 goto TLS_NEGOTIATE;
1800 }
a7538db1 1801#endif
061b7ebd 1802
59a286ef 1803 if (lflags.esmtp)
0756eb3c
PH
1804 {
1805 if (smtp_write_command(&outblock, FALSE, "%s %s\r\n",
59a286ef 1806 lflags.lmtp ? "LHLO" : "EHLO", helo_data) < 0)
0756eb3c 1807 goto SEND_FAILED;
a57ce043 1808 lflags.esmtp_sent = TRUE;
0756eb3c
PH
1809 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1810 ob->command_timeout))
1811 {
59a286ef 1812 if (errno != 0 || buffer[0] == 0 || lflags.lmtp)
895fbaf2
JH
1813 {
1814#ifdef EXPERIMENTAL_DSN_INFO
1815 helo_response = string_copy(buffer);
1816#endif
1817 goto RESPONSE_FAILED;
1818 }
59a286ef 1819 lflags.esmtp = FALSE;
0756eb3c 1820 }
895fbaf2
JH
1821#ifdef EXPERIMENTAL_DSN_INFO
1822 helo_response = string_copy(buffer);
1823#endif
0756eb3c
PH
1824 }
1825 else
0756eb3c
PH
1826 DEBUG(D_transport)
1827 debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
0756eb3c 1828
59a286ef 1829 if (!lflags.esmtp)
0756eb3c 1830 {
895fbaf2 1831 BOOL good_response;
a57ce043
JH
1832 int n = sizeof(buffer);
1833 uschar * rsp = buffer;
1834
1835 if (lflags.esmtp_sent && (n = Ustrlen(buffer)) < sizeof(buffer)/2)
1836 { rsp = buffer + n + 1; n = sizeof(buffer) - n; }
895fbaf2 1837
0756eb3c
PH
1838 if (smtp_write_command(&outblock, FALSE, "HELO %s\r\n", helo_data) < 0)
1839 goto SEND_FAILED;
a57ce043 1840 good_response = smtp_read_response(&inblock, rsp, n,
895fbaf2
JH
1841 '2', ob->command_timeout);
1842#ifdef EXPERIMENTAL_DSN_INFO
a57ce043 1843 helo_response = string_copy(rsp);
895fbaf2 1844#endif
a57ce043
JH
1845 if (!good_response)
1846 {
1847 /* Handle special logging for a closed connection after HELO
1848 when had previously sent EHLO */
1849
1850 if (rsp != buffer && rsp[0] == 0 && (errno == 0 || errno == ECONNRESET))
1851 {
1852 message = NULL;
1853 lflags.send_quit = FALSE;
1854 save_errno = ERRNO_SMTPCLOSED;
1855 message = string_sprintf("Remote host closed connection "
1856 "in response to %s (EHLO response was: %s)",
1857 smtp_command, buffer);
1858 goto FAILED;
1859 }
1860 Ustrncpy(buffer, rsp, sizeof(buffer)/2);
1861 goto RESPONSE_FAILED;
1862 }
0756eb3c
PH
1863 }
1864
2d14f397
JH
1865 peer_offered = smtp_peer_options = 0;
1866
59a286ef 1867 if (lflags.esmtp || lflags.lmtp)
2d14f397 1868 {
9094b84b 1869 peer_offered = ehlo_response(buffer, Ustrlen(buffer),
ff5aac2b 1870 PEER_OFFERED_TLS /* others checked later */
9094b84b 1871 );
f1513293 1872
0756eb3c
PH
1873 /* Set tls_offered if the response to EHLO specifies support for STARTTLS. */
1874
a7538db1 1875#ifdef SUPPORT_TLS
2d14f397 1876 smtp_peer_options |= peer_offered & PEER_OFFERED_TLS;
7ade712c 1877#endif
2d14f397 1878 }
0756eb3c
PH
1879 }
1880
1881/* For continuing deliveries down the same channel, the socket is the standard
1882input, and we don't need to redo EHLO here (but may need to do so for TLS - see
1883below). Set up the pointer to where subsequent commands will be left, for
2d14f397 1884error messages. Note that smtp_peer_options will have been
0756eb3c
PH
1885set from the command line if they were set in the process that passed the
1886connection on. */
1887
895fbaf2
JH
1888/*XXX continue case needs to propagate DSN_INFO, prob. in deliver.c
1889as the contine goes via transport_pass_socket() and doublefork and exec.
1890It does not wait. Unclear how we keep separate host's responses
1891separate - we could match up by host ip+port as a bodge. */
1892
0756eb3c
PH
1893else
1894 {
1895 inblock.sock = outblock.sock = fileno(stdin);
1896 smtp_command = big_buffer;
4311097e 1897 host->port = port; /* Record the port that was used */
0756eb3c
PH
1898 }
1899
1900/* If TLS is available on this connection, whether continued or not, attempt to
1901start up a TLS session, unless the host is in hosts_avoid_tls. If successful,
1902send another EHLO - the server may give a different answer in secure mode. We
1903use a separate buffer for reading the response to STARTTLS so that if it is
1904negative, the original EHLO data is available for subsequent analysis, should
1905the client not be required to use TLS. If the response is bad, copy the buffer
1906for error analysis. */
1907
1908#ifdef SUPPORT_TLS
2d14f397 1909if ( smtp_peer_options & PEER_OFFERED_TLS
5130845b
JH
1910 && !suppress_tls
1911 && verify_check_given_host(&ob->hosts_avoid_tls, host) != OK)
0756eb3c
PH
1912 {
1913 uschar buffer2[4096];
1914 if (smtp_write_command(&outblock, FALSE, "STARTTLS\r\n") < 0)
1915 goto SEND_FAILED;
1916
1917 /* If there is an I/O error, transmission of this message is deferred. If
1918 there is a temporary rejection of STARRTLS and tls_tempfail_tryclear is
1919 false, we also defer. However, if there is a temporary rejection of STARTTLS
1920 and tls_tempfail_tryclear is true, or if there is an outright rejection of
1921 STARTTLS, we carry on. This means we will try to send the message in clear,
1922 unless the host is in hosts_require_tls (tested below). */
1923
1924 if (!smtp_read_response(&inblock, buffer2, sizeof(buffer2), '2',
1925 ob->command_timeout))
1926 {
4b0fe319
JH
1927 if ( errno != 0
1928 || buffer2[0] == 0
1929 || (buffer2[0] == '4' && !ob->tls_tempfail_tryclear)
1930 )
0dda4340
TK
1931 {
1932 Ustrncpy(buffer, buffer2, sizeof(buffer));
0756eb3c 1933 goto RESPONSE_FAILED;
0dda4340 1934 }
0756eb3c
PH
1935 }
1936
1937 /* STARTTLS accepted: try to negotiate a TLS session. */
1938
1939 else
061b7ebd 1940 TLS_NEGOTIATE:
0756eb3c 1941 {
0e66b3b6
JH
1942 int rc = tls_client_start(inblock.sock, host, addrlist, tblock
1943# ifdef EXPERIMENTAL_DANE
59a286ef 1944 , lflags.dane ? &tlsa_dnsa : NULL
0e66b3b6
JH
1945# endif
1946 );
0756eb3c
PH
1947
1948 /* TLS negotiation failed; give an error. From outside, this function may
1949 be called again to try in clear on a new connection, if the options permit
1950 it for this host. */
1951
1952 if (rc != OK)
1953 {
6ebd79ec 1954# ifdef EXPERIMENTAL_DANE
ae5afa61 1955 if (lflags.dane) log_write(0, LOG_MAIN,
4b0fe319 1956 "DANE attempt failed; no TLS connection to %s [%s]",
6ebd79ec 1957 host->name, host->address);
6ebd79ec
JH
1958# endif
1959
0756eb3c
PH
1960 save_errno = ERRNO_TLSFAILURE;
1961 message = US"failure while setting up TLS session";
59a286ef 1962 lflags.send_quit = FALSE;
0756eb3c
PH
1963 goto TLS_FAILED;
1964 }
1965
1966 /* TLS session is set up */
1967
2d14f397 1968 smtp_peer_options_wrap = smtp_peer_options;
895fbaf2 1969 for (addr = addrlist; addr; addr = addr->next)
5ca2a9a1
PH
1970 if (addr->transport_return == PENDING_DEFER)
1971 {
817d9f57 1972 addr->cipher = tls_out.cipher;
9d1c15ef
JH
1973 addr->ourcert = tls_out.ourcert;
1974 addr->peercert = tls_out.peercert;
817d9f57 1975 addr->peerdn = tls_out.peerdn;
018058b2 1976 addr->ocsp = tls_out.ocsp;
5ca2a9a1 1977 }
0756eb3c
PH
1978 }
1979 }
1980
061b7ebd
PP
1981/* if smtps, we'll have smtp_command set to something else; always safe to
1982reset it here. */
1983smtp_command = big_buffer;
1984
41c7c167
PH
1985/* If we started TLS, redo the EHLO/LHLO exchange over the secure channel. If
1986helo_data is null, we are dealing with a connection that was passed from
1987another process, and so we won't have expanded helo_data above. We have to
1988expand it here. $sending_ip_address and $sending_port are set up right at the
1989start of the Exim process (in exim.c). */
0756eb3c 1990
817d9f57 1991if (tls_out.active >= 0)
0756eb3c 1992 {
061b7ebd 1993 char *greeting_cmd;
895fbaf2
JH
1994 BOOL good_response;
1995
41c7c167
PH
1996 if (helo_data == NULL)
1997 {
1998 helo_data = expand_string(ob->helo_data);
1999 if (helo_data == NULL)
2000 {
2001 uschar *message = string_sprintf("failed to expand helo_data: %s",
2002 expand_string_message);
895fbaf2 2003 set_errno_nohost(addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE);
41c7c167
PH
2004 yield = DEFER;
2005 goto SEND_QUIT;
2006 }
2007 }
2008
0d0e4455 2009 /* For SMTPS we need to wait for the initial OK response. */
59a286ef 2010 if (lflags.smtps)
061b7ebd 2011 {
895fbaf2
JH
2012 good_response = smtp_read_response(&inblock, buffer, sizeof(buffer),
2013 '2', ob->command_timeout);
2014#ifdef EXPERIMENTAL_DSN_INFO
2015 smtp_greeting = string_copy(buffer);
2016#endif
2017 if (!good_response) goto RESPONSE_FAILED;
0d0e4455
PP
2018 }
2019
59a286ef 2020 if (lflags.esmtp)
0d0e4455
PP
2021 greeting_cmd = "EHLO";
2022 else
2023 {
2024 greeting_cmd = "HELO";
2025 DEBUG(D_transport)
2026 debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
061b7ebd
PP
2027 }
2028
2029 if (smtp_write_command(&outblock, FALSE, "%s %s\r\n",
59a286ef 2030 lflags.lmtp ? "LHLO" : greeting_cmd, helo_data) < 0)
0756eb3c 2031 goto SEND_FAILED;
895fbaf2
JH
2032 good_response = smtp_read_response(&inblock, buffer, sizeof(buffer),
2033 '2', ob->command_timeout);
2034#ifdef EXPERIMENTAL_DSN_INFO
2035 helo_response = string_copy(buffer);
2036#endif
2037 if (!good_response) goto RESPONSE_FAILED;
2d14f397 2038 smtp_peer_options = 0;
0756eb3c
PH
2039 }
2040
2041/* If the host is required to use a secure channel, ensure that we
2042have one. */
2043
59a286ef 2044else if ( lflags.smtps
0e66b3b6 2045# ifdef EXPERIMENTAL_DANE
59a286ef 2046 || lflags.dane
0e66b3b6 2047# endif
b4b3528b 2048 || verify_check_given_host(&ob->hosts_require_tls, host) == OK
7a31d643 2049 )
0756eb3c
PH
2050 {
2051 save_errno = ERRNO_TLSREQUIRED;
c562fd30 2052 message = string_sprintf("a TLS session is required, but %s",
2d14f397
JH
2053 smtp_peer_options & PEER_OFFERED_TLS
2054 ? "an attempt to start TLS failed" : "the server did not offer TLS support");
0756eb3c
PH
2055 goto TLS_FAILED;
2056 }
0e66b3b6 2057#endif /*SUPPORT_TLS*/
0756eb3c
PH
2058
2059/* If TLS is active, we have just started it up and re-done the EHLO command,
2060so its response needs to be analyzed. If TLS is not active and this is a
2061continued session down a previously-used socket, we haven't just done EHLO, so
2062we skip this. */
2063
2064if (continue_hostname == NULL
a7538db1 2065#ifdef SUPPORT_TLS
817d9f57 2066 || tls_out.active >= 0
a7538db1 2067#endif
0756eb3c
PH
2068 )
2069 {
59a286ef 2070 if (lflags.esmtp || lflags.lmtp)
2d14f397 2071 {
9094b84b
JH
2072 peer_offered = ehlo_response(buffer, Ustrlen(buffer),
2073 0 /* no TLS */
59a286ef 2074 | (lflags.lmtp && ob->lmtp_ignore_quota ? PEER_OFFERED_IGNQ : 0)
f98442df 2075 | PEER_OFFERED_CHUNKING
9094b84b
JH
2076 | PEER_OFFERED_PRDR
2077#ifdef SUPPORT_I18N
2078 | (addrlist->prop.utf8_msg ? PEER_OFFERED_UTF8 : 0)
2d14f397 2079 /*XXX if we hand peercaps on to continued-conn processes,
9094b84b
JH
2080 must not depend on this addr */
2081#endif
2082 | PEER_OFFERED_DSN
2083 | PEER_OFFERED_PIPE
2084 | (ob->size_addition >= 0 ? PEER_OFFERED_SIZE : 0)
2085 );
2086
2d14f397
JH
2087 /* Set for IGNOREQUOTA if the response to LHLO specifies support and the
2088 lmtp_ignore_quota option was set. */
f1513293 2089
2d14f397 2090 igquotstr = peer_offered & PEER_OFFERED_IGNQ ? US" IGNOREQUOTA" : US"";
f1513293 2091
2d14f397
JH
2092 /* If the response to EHLO specified support for the SIZE parameter, note
2093 this, provided size_addition is non-negative. */
f1513293 2094
2d14f397 2095 smtp_peer_options |= peer_offered & PEER_OFFERED_SIZE;
0756eb3c 2096
2d14f397
JH
2097 /* Note whether the server supports PIPELINING. If hosts_avoid_esmtp matched
2098 the current host, esmtp will be false, so PIPELINING can never be used. If
2099 the current host matches hosts_avoid_pipelining, don't do it. */
0756eb3c 2100
2d14f397
JH
2101 if ( peer_offered & PEER_OFFERED_PIPE
2102 && verify_check_given_host(&ob->hosts_avoid_pipelining, host) != OK)
2103 smtp_peer_options |= PEER_OFFERED_PIPE;
0756eb3c 2104
2d14f397
JH
2105 DEBUG(D_transport) debug_printf("%susing PIPELINING\n",
2106 smtp_peer_options & PEER_OFFERED_PIPE ? "" : "not ");
0756eb3c 2107
2d14f397
JH
2108 if ( peer_offered & PEER_OFFERED_CHUNKING
2109 && verify_check_given_host(&ob->hosts_try_chunking, host) != OK)
2110 peer_offered &= ~PEER_OFFERED_CHUNKING;
f98442df 2111
2d14f397
JH
2112 if (peer_offered & PEER_OFFERED_CHUNKING)
2113 {DEBUG(D_transport) debug_printf("CHUNKING usable\n");}
0756eb3c 2114
8ccd00b1 2115#ifndef DISABLE_PRDR
2d14f397
JH
2116 if ( peer_offered & PEER_OFFERED_PRDR
2117 && verify_check_given_host(&ob->hosts_try_prdr, host) != OK)
2118 peer_offered &= ~PEER_OFFERED_PRDR;
fd98a5c6 2119
2d14f397
JH
2120 if (peer_offered & PEER_OFFERED_PRDR)
2121 {DEBUG(D_transport) debug_printf("PRDR usable\n");}
fd98a5c6
JH
2122#endif
2123
2d14f397
JH
2124 /* Note if the server supports DSN */
2125 smtp_peer_options |= peer_offered & PEER_OFFERED_DSN;
2126 DEBUG(D_transport) debug_printf("%susing DSN\n",
2127 peer_offered & PEER_OFFERED_DSN ? "" : "not ");
6c1c3d1d 2128
2d14f397
JH
2129 /* Note if the response to EHLO specifies support for the AUTH extension.
2130 If it has, check that this host is one we want to authenticate to, and do
2131 the business. The host name and address must be available when the
2132 authenticator's client driver is running. */
0756eb3c 2133
2d14f397 2134 switch (yield = smtp_auth(buffer, sizeof(buffer), addrlist, host,
59a286ef 2135 ob, lflags.esmtp, &inblock, &outblock))
2d14f397
JH
2136 {
2137 default: goto SEND_QUIT;
2138 case OK: break;
2139 case FAIL_SEND: goto SEND_FAILED;
2140 case FAIL: goto RESPONSE_FAILED;
2141 }
0756eb3c
PH
2142 }
2143 }
2d14f397 2144pipelining_active = !!(smtp_peer_options & PEER_OFFERED_PIPE);
0756eb3c
PH
2145
2146/* The setting up of the SMTP call is now complete. Any subsequent errors are
2147message-specific. */
2148
59a286ef 2149lflags.setting_up = FALSE;
0756eb3c 2150
8c5d388a 2151#ifdef SUPPORT_I18N
9094b84b
JH
2152if (addrlist->prop.utf8_msg)
2153 {
59a286ef
JH
2154 lflags.utf8_needed = !addrlist->prop.utf8_downcvt
2155 && !addrlist->prop.utf8_downcvt_maybe;
2156 DEBUG(D_transport) if (!lflags.utf8_needed)
2157 debug_printf("utf8: %s downconvert\n",
2158 addrlist->prop.utf8_downcvt ? "mandatory" : "optional");
9094b84b
JH
2159 }
2160
7ade712c 2161/* If this is an international message we need the host to speak SMTPUTF8 */
59a286ef 2162if (lflags.utf8_needed && !(peer_offered & PEER_OFFERED_UTF8))
7ade712c
JH
2163 {
2164 errno = ERRNO_UTF8_FWD;
2165 goto RESPONSE_FAILED;
2166 }
2167#endif
2168
0756eb3c
PH
2169/* If there is a filter command specified for this transport, we can now
2170set it up. This cannot be done until the identify of the host is known. */
2171
2172if (tblock->filter_command != NULL)
2173 {
2174 BOOL rc;
76ac1b5b
JH
2175 uschar fbuf[64];
2176 sprintf(CS fbuf, "%.50s transport", tblock->name);
0756eb3c 2177 rc = transport_set_up_command(&transport_filter_argv, tblock->filter_command,
76ac1b5b 2178 TRUE, DEFER, addrlist, fbuf, NULL);
9b989985 2179 transport_filter_timeout = tblock->filter_timeout;
0756eb3c
PH
2180
2181 /* On failure, copy the error to all addresses, abandon the SMTP call, and
2182 yield ERROR. */
2183
2184 if (!rc)
2185 {
895fbaf2
JH
2186 set_errno_nohost(addrlist->next, addrlist->basic_errno, addrlist->message, DEFER,
2187 FALSE);
0756eb3c
PH
2188 yield = ERROR;
2189 goto SEND_QUIT;
2190 }
48f1c853
JH
2191
2192 if ( transport_filter_argv
2193 && *transport_filter_argv
2194 && **transport_filter_argv
2195 && peer_offered & PEER_OFFERED_CHUNKING
2196 )
2197 {
2198 peer_offered &= ~PEER_OFFERED_CHUNKING;
2199 DEBUG(D_transport) debug_printf("CHUNKING not usable due to transport filter\n");
2200 }
0756eb3c
PH
2201 }
2202
2203
2204/* For messages that have more than the maximum number of envelope recipients,
2205we want to send several transactions down the same SMTP connection. (See
2206comments in deliver.c as to how this reconciles, heuristically, with
2207remote_max_parallel.) This optimization was added to Exim after the following
2208code was already working. The simplest way to put it in without disturbing the
2209code was to use a goto to jump back to this point when there is another
2210transaction to handle. */
2211
2212SEND_MESSAGE:
2213sync_addr = first_addr;
2214address_count = 0;
59a286ef
JH
2215lflags.ok = FALSE;
2216lflags.send_rset = TRUE;
0756eb3c
PH
2217completed_address = FALSE;
2218
2219
2220/* Initiate a message transfer. If we know the receiving MTA supports the SIZE
2221qualification, send it, adding something to the message size to allow for
2222imprecision and things that get added en route. Exim keeps the number of lines
2223in a message, so we can give an accurate value for the original message, but we
2224need some additional to handle added headers. (Double "." characters don't get
2225included in the count.) */
2226
2227p = buffer;
2228*p = 0;
2229
2d14f397 2230if (peer_offered & PEER_OFFERED_SIZE)
0756eb3c
PH
2231 {
2232 sprintf(CS p, " SIZE=%d", message_size+message_linecount+ob->size_addition);
2233 while (*p) p++;
2234 }
2235
8ccd00b1 2236#ifndef DISABLE_PRDR
59a286ef 2237lflags.prdr_active = FALSE;
9094b84b 2238if (peer_offered & PEER_OFFERED_PRDR)
fd98a5c6
JH
2239 for (addr = first_addr; addr; addr = addr->next)
2240 if (addr->transport_return == PENDING_DEFER)
2241 {
2242 for (addr = addr->next; addr; addr = addr->next)
2243 if (addr->transport_return == PENDING_DEFER)
2244 { /* at least two recipients to send */
59a286ef 2245 lflags.prdr_active = TRUE;
fd98a5c6 2246 sprintf(CS p, " PRDR"); p += 5;
a7538db1 2247 break;
fd98a5c6
JH
2248 }
2249 break;
2250 }
fd98a5c6
JH
2251#endif
2252
8c5d388a 2253#ifdef SUPPORT_I18N
9094b84b
JH
2254if ( addrlist->prop.utf8_msg
2255 && !addrlist->prop.utf8_downcvt
2256 && peer_offered & PEER_OFFERED_UTF8
2257 )
7ade712c
JH
2258 sprintf(CS p, " SMTPUTF8"), p += 9;
2259#endif
2260
6c1c3d1d
WB
2261/* check if all addresses have lasthop flag */
2262/* do not send RET and ENVID if true */
59a286ef 2263for (lflags.dsn_all_lasthop = TRUE, addr = first_addr;
6c1c3d1d
WB
2264 address_count < max_rcpt && addr != NULL;
2265 addr = addr->next)
2266 if ((addr->dsn_flags & rf_dsnlasthop) != 1)
7ade712c 2267 {
59a286ef 2268 lflags.dsn_all_lasthop = FALSE;
7ade712c
JH
2269 break;
2270 }
6c1c3d1d
WB
2271
2272/* Add any DSN flags to the mail command */
2273
59a286ef 2274if (peer_offered & PEER_OFFERED_DSN && !lflags.dsn_all_lasthop)
6c1c3d1d
WB
2275 {
2276 if (dsn_ret == dsn_ret_hdrs)
6d5c916c 2277 { Ustrcpy(p, " RET=HDRS"); p += 9; }
6c1c3d1d 2278 else if (dsn_ret == dsn_ret_full)
6d5c916c
JH
2279 { Ustrcpy(p, " RET=FULL"); p += 9; }
2280
2281 if (dsn_envid)
6c1c3d1d
WB
2282 {
2283 string_format(p, sizeof(buffer) - (p-buffer), " ENVID=%s", dsn_envid);
2284 while (*p) p++;
2285 }
2286 }
6c1c3d1d 2287
6b62e899
JH
2288/* If an authenticated_sender override has been specified for this transport
2289instance, expand it. If the expansion is forced to fail, and there was already
2290an authenticated_sender for this message, the original value will be used.
2291Other expansion failures are serious. An empty result is ignored, but there is
2292otherwise no check - this feature is expected to be used with LMTP and other
2293cases where non-standard addresses (e.g. without domains) might be required. */
2294
fcc8e047 2295if (smtp_mail_auth_str(p, sizeof(buffer) - (p-buffer), addrlist, ob))
a7538db1
JH
2296 {
2297 yield = ERROR;
2298 goto SEND_QUIT;
2299 }
0756eb3c
PH
2300
2301/* From here until we send the DATA command, we can make use of PIPELINING
2302if the server host supports it. The code has to be able to check the responses
2303at any point, for when the buffer fills up, so we write it totally generally.
2304When PIPELINING is off, each command written reports that it has flushed the
2305buffer. */
2306
59a286ef 2307lflags.pending_MAIL = TRUE; /* The block starts with MAIL */
0756eb3c 2308
3c8b3577
JH
2309 {
2310 uschar * s = return_path;
8c5d388a 2311#ifdef SUPPORT_I18N
3c8b3577
JH
2312 uschar * errstr = NULL;
2313
2314 /* If we must downconvert, do the from-address here. Remember we had to
2315 for the to-addresses (done below), and also (ugly) for re-doing when building
2316 the delivery log line. */
2317
9094b84b
JH
2318 if ( addrlist->prop.utf8_msg
2319 && (addrlist->prop.utf8_downcvt || !(peer_offered & PEER_OFFERED_UTF8))
2320 )
3c8b3577
JH
2321 {
2322 if (s = string_address_utf8_to_alabel(return_path, &errstr), errstr)
2323 {
895fbaf2 2324 set_errno_nohost(addrlist, ERRNO_EXPANDFAIL, errstr, DEFER, FALSE);
3c8b3577
JH
2325 yield = ERROR;
2326 goto SEND_QUIT;
2327 }
2328 setflag(addrlist, af_utf8_downcvt);
2329 }
2330#endif
2331
2d14f397 2332 rc = smtp_write_command(&outblock, pipelining_active,
3c8b3577
JH
2333 "MAIL FROM:<%s>%s\r\n", s, buffer);
2334 }
2335
0756eb3c
PH
2336mail_command = string_copy(big_buffer); /* Save for later error message */
2337
2338switch(rc)
2339 {
2340 case -1: /* Transmission error */
7ade712c 2341 goto SEND_FAILED;
0756eb3c
PH
2342
2343 case +1: /* Block was sent */
7ade712c 2344 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
e97957bc 2345 ob->command_timeout))
e97957bc 2346 {
7ade712c
JH
2347 if (errno == 0 && buffer[0] == '4')
2348 {
2349 errno = ERRNO_MAIL4XX;
2350 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
2351 }
2352 goto RESPONSE_FAILED;
e97957bc 2353 }
59a286ef 2354 lflags.pending_MAIL = FALSE;
7ade712c 2355 break;
0756eb3c
PH
2356 }
2357
2358/* Pass over all the relevant recipient addresses for this host, which are the
2359ones that have status PENDING_DEFER. If we are using PIPELINING, we can send
2360several before we have to read the responses for those seen so far. This
2361checking is done by a subroutine because it also needs to be done at the end.
2362Send only up to max_rcpt addresses at a time, leaving first_addr pointing to
2363the next one if not all are sent.
2364
2365In the MUA wrapper situation, we want to flush the PIPELINING buffer for the
2366last address because we want to abort if any recipients have any kind of
2367problem, temporary or permanent. We know that all recipient addresses will have
2368the PENDING_DEFER status, because only one attempt is ever made, and we know
2369that max_rcpt will be large, so all addresses will be done at once. */
2370
2371for (addr = first_addr;
ff5aac2b 2372 addr && address_count < max_rcpt;
0756eb3c 2373 addr = addr->next)
7b4c8c1f 2374 if (addr->transport_return == PENDING_DEFER)
0756eb3c
PH
2375 {
2376 int count;
2377 BOOL no_flush;
3c8b3577 2378 uschar * rcpt_addr;
0756eb3c 2379
2d14f397
JH
2380 addr->dsn_aware = peer_offered & PEER_OFFERED_DSN
2381 ? dsn_support_yes : dsn_support_no;
6c1c3d1d 2382
0756eb3c 2383 address_count++;
2d14f397 2384 no_flush = pipelining_active && (!mua_wrapper || addr->next);
0756eb3c 2385
6c1c3d1d
WB
2386 /* Add any DSN flags to the rcpt command and add to the sent string */
2387
2388 p = buffer;
2389 *p = 0;
2390
2d14f397 2391 if (peer_offered & PEER_OFFERED_DSN && !(addr->dsn_flags & rf_dsnlasthop))
6c1c3d1d 2392 {
2d14f397 2393 if (addr->dsn_flags & rf_dsnflags)
6c1c3d1d
WB
2394 {
2395 int i;
2396 BOOL first = TRUE;
45500060 2397 Ustrcpy(p, " NOTIFY=");
6c1c3d1d
WB
2398 while (*p) p++;
2399 for (i = 0; i < 4; i++)
6c1c3d1d
WB
2400 if ((addr->dsn_flags & rf_list[i]) != 0)
2401 {
2402 if (!first) *p++ = ',';
2403 first = FALSE;
45500060 2404 Ustrcpy(p, rf_names[i]);
6c1c3d1d
WB
2405 while (*p) p++;
2406 }
6c1c3d1d
WB
2407 }
2408
ff5aac2b 2409 if (addr->dsn_orcpt)
a7538db1 2410 {
6c1c3d1d
WB
2411 string_format(p, sizeof(buffer) - (p-buffer), " ORCPT=%s",
2412 addr->dsn_orcpt);
2413 while (*p) p++;
2414 }
2415 }
6c1c3d1d 2416
0756eb3c
PH
2417 /* Now send the RCPT command, and process outstanding responses when
2418 necessary. After a timeout on RCPT, we just end the function, leaving the
2419 yield as OK, because this error can often mean that there is a problem with
2420 just one address, so we don't want to delay the host. */
2421
3c8b3577
JH
2422 rcpt_addr = transport_rcpt_address(addr, tblock->rcpt_include_affixes);
2423
8c5d388a 2424#ifdef SUPPORT_I18N
3c8b3577
JH
2425 {
2426 uschar * dummy_errstr;
2427 if ( testflag(addrlist, af_utf8_downcvt)
2428 && (rcpt_addr = string_address_utf8_to_alabel(rcpt_addr, &dummy_errstr),
2429 dummy_errstr
2430 ) )
2431 {
2432 errno = ERRNO_EXPANDFAIL;
2433 goto SEND_FAILED;
2434 }
2435 }
2436#endif
2437
6c1c3d1d 2438 count = smtp_write_command(&outblock, no_flush, "RCPT TO:<%s>%s%s\r\n",
3c8b3577 2439 rcpt_addr, igquotstr, buffer);
6c1c3d1d 2440
0756eb3c
PH
2441 if (count < 0) goto SEND_FAILED;
2442 if (count > 0)
2443 {
2444 switch(sync_responses(first_addr, tblock->rcpt_include_affixes,
48c7f9e2 2445 &sync_addr, host, count, ob->address_retry_include_sender,
59a286ef 2446 lflags.pending_MAIL, 0, &inblock, ob->command_timeout, buffer,
48c7f9e2 2447 sizeof(buffer)))
0756eb3c 2448 {
59a286ef 2449 case 3: lflags.ok = TRUE; /* 2xx & 5xx => OK & progress made */
0756eb3c
PH
2450 case 2: completed_address = TRUE; /* 5xx (only) => progress made */
2451 break;
2452
59a286ef
JH
2453 case 1: lflags.ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
2454 if (!lflags.lmtp) completed_address = TRUE; /* can't tell about progress yet */
0756eb3c
PH
2455 case 0: /* No 2xx or 5xx, but no probs */
2456 break;
2457
2458 case -1: goto END_OFF; /* Timeout on RCPT */
2459 default: goto RESPONSE_FAILED; /* I/O error, or any MAIL error */
2460 }
59a286ef 2461 lflags.pending_MAIL = FALSE; /* Dealt with MAIL */
0756eb3c
PH
2462 }
2463 } /* Loop for next address */
2464
2465/* If we are an MUA wrapper, abort if any RCPTs were rejected, either
2466permanently or temporarily. We should have flushed and synced after the last
2467RCPT. */
2468
2469if (mua_wrapper)
2470 {
2471 address_item *badaddr;
168dec3b
JH
2472 for (badaddr = first_addr; badaddr; badaddr = badaddr->next)
2473 if (badaddr->transport_return != PENDING_OK)
2474 {
2475 /*XXX could we find a better errno than 0 here? */
895fbaf2
JH
2476 set_errno_nohost(addrlist, 0, badaddr->message, FAIL,
2477 testflag(badaddr, af_pass_message));
59a286ef 2478 lflags.ok = FALSE;
168dec3b
JH
2479 break;
2480 }
0756eb3c
PH
2481 }
2482
2483/* If ok is TRUE, we know we have got at least one good recipient, and must now
2484send DATA, but if it is FALSE (in the normal, non-wrapper case), we may still
2485have a good recipient buffered up if we are pipelining. We don't want to waste
2486time sending DATA needlessly, so we only send it if either ok is TRUE or if we
6d5c916c
JH
2487are pipelining. The responses are all handled by sync_responses().
2488If using CHUNKING, do not send a BDAT until we know how big a chunk we want
2489to send is. */
0756eb3c 2490
6d5c916c 2491if ( !(peer_offered & PEER_OFFERED_CHUNKING)
59a286ef 2492 && (lflags.ok || (pipelining_active && !mua_wrapper)))
0756eb3c
PH
2493 {
2494 int count = smtp_write_command(&outblock, FALSE, "DATA\r\n");
6d5c916c 2495
0756eb3c
PH
2496 if (count < 0) goto SEND_FAILED;
2497 switch(sync_responses(first_addr, tblock->rcpt_include_affixes, &sync_addr,
59a286ef
JH
2498 host, count, ob->address_retry_include_sender, lflags.pending_MAIL,
2499 lflags.ok ? +1 : -1, &inblock, ob->command_timeout, buffer, sizeof(buffer)))
0756eb3c 2500 {
59a286ef 2501 case 3: lflags.ok = TRUE; /* 2xx & 5xx => OK & progress made */
0756eb3c
PH
2502 case 2: completed_address = TRUE; /* 5xx (only) => progress made */
2503 break;
2504
59a286ef
JH
2505 case 1: lflags.ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
2506 if (!lflags.lmtp) completed_address = TRUE; /* can't tell about progress yet */
0756eb3c
PH
2507 case 0: break; /* No 2xx or 5xx, but no probs */
2508
2509 case -1: goto END_OFF; /* Timeout on RCPT */
2510 default: goto RESPONSE_FAILED; /* I/O error, or any MAIL/DATA error */
2511 }
0d9fa8c0 2512 pipelining_active = FALSE;
0756eb3c
PH
2513 }
2514
0756eb3c
PH
2515/* If there were no good recipients (but otherwise there have been no
2516problems), just set ok TRUE, since we have handled address-specific errors
2517already. Otherwise, it's OK to send the message. Use the check/escape mechanism
2518for handling the SMTP dot-handling protocol, flagging to apply to headers as
2519well as body. Set the appropriate timeout value to be used for each chunk.
2520(Haven't been able to make it work using select() for writing yet.) */
2521
59a286ef 2522if (!(peer_offered & PEER_OFFERED_CHUNKING) && !lflags.ok)
6d5c916c
JH
2523 {
2524 /* Save the first address of the next batch. */
2525 first_addr = addr;
2526
59a286ef 2527 lflags.ok = TRUE;
6d5c916c 2528 }
ff5aac2b 2529else
0756eb3c 2530 {
6b46ecc6
JH
2531 transport_ctx tctx = {
2532 tblock,
2533 addrlist,
2534 US".", US"..", /* Escaping strings */
65de12cc 2535 topt_use_crlf | topt_escape_headers
6b46ecc6
JH
2536 | (tblock->body_only ? topt_no_headers : 0)
2537 | (tblock->headers_only ? topt_no_body : 0)
2538 | (tblock->return_path_add ? topt_add_return_path : 0)
2539 | (tblock->delivery_date_add ? topt_add_delivery_date : 0)
2540 | (tblock->envelope_to_add ? topt_add_envelope_to : 0)
2541 };
2542
6d5c916c
JH
2543 /* If using CHUNKING we need a callback from the generic transport
2544 support to us, for the sending of BDAT smtp commands and the reaping
2545 of responses. The callback needs a whole bunch of state so set up
2546 a transport-context structure to be passed around. */
2547
59932f7d
JH
2548 if (peer_offered & PEER_OFFERED_CHUNKING)
2549 {
65de12cc 2550 tctx.check_string = tctx.escape_string = NULL;
6d5c916c
JH
2551 tctx.options |= topt_use_bdat;
2552 tctx.chunk_cb = smtp_chunk_cmd_callback;
2553 tctx.inblock = &inblock;
2554 tctx.outblock = &outblock;
2555 tctx.host = host;
2556 tctx.first_addr = first_addr;
2557 tctx.sync_addr = &sync_addr;
59a286ef 2558 tctx.pending_MAIL = lflags.pending_MAIL;
e027f545 2559 tctx.pending_BDAT = FALSE;
59a286ef 2560 tctx.good_RCPT = lflags.ok;
6d5c916c 2561 tctx.completed_address = &completed_address;
e027f545
JH
2562 tctx.cmd_count = 0;
2563 tctx.buffer = buffer;
59932f7d
JH
2564 }
2565 else
65de12cc 2566 tctx.options |= topt_end_dot;
59932f7d 2567
6d5c916c
JH
2568 /* Save the first address of the next batch. */
2569 first_addr = addr;
2570
e027f545
JH
2571 /* Responses from CHUNKING commands go in buffer. Otherwise,
2572 there has not been a response. */
2573
2574 buffer[0] = 0;
2575
0756eb3c
PH
2576 sigalrm_seen = FALSE;
2577 transport_write_timeout = ob->data_timeout;
2578 smtp_command = US"sending data block"; /* For error messages */
2579 DEBUG(D_transport|D_v)
6d5c916c
JH
2580 if (peer_offered & PEER_OFFERED_CHUNKING)
2581 debug_printf(" will write message using CHUNKING\n");
2582 else
2583 debug_printf(" SMTP>> writing message and terminating \".\"\n");
0756eb3c 2584 transport_count = 0;
a7538db1 2585
80a47a2c 2586#ifndef DISABLE_DKIM
59a286ef 2587 lflags.ok = dkim_transport_write_message(inblock.sock, &tctx, &ob->dkim);
4cd12fe9 2588#else
59a286ef 2589 lflags.ok = transport_write_message(inblock.sock, &tctx, 0);
4cd12fe9 2590#endif
0756eb3c
PH
2591
2592 /* transport_write_message() uses write() because it is called from other
2593 places to write to non-sockets. This means that under some OS (e.g. Solaris)
2594 it can exit with "Broken pipe" as its error. This really means that the
2595 socket got closed at the far end. */
2596
2597 transport_write_timeout = 0; /* for subsequent transports */
2598
2599 /* Failure can either be some kind of I/O disaster (including timeout),
e027f545
JH
2600 or the failure of a transport filter or the expansion of added headers.
2601 Or, when CHUNKING, it can be a protocol-detected failure. */
0756eb3c 2602
59a286ef 2603 if (!lflags.ok)
0756eb3c 2604 goto RESPONSE_FAILED;
0756eb3c
PH
2605
2606 /* We used to send the terminating "." explicitly here, but because of
2607 buffering effects at both ends of TCP/IP connections, you don't gain
2608 anything by keeping it separate, so it might as well go in the final
2609 data buffer for efficiency. This is now done by setting the topt_end_dot
2610 flag above. */
2611
2612 smtp_command = US"end of data";
2613
6d5c916c
JH
2614 if (peer_offered & PEER_OFFERED_CHUNKING && tctx.cmd_count > 1)
2615 {
2616 /* Reap any outstanding MAIL & RCPT commands, but not a DATA-go-ahead */
2617 switch(sync_responses(first_addr, tblock->rcpt_include_affixes, &sync_addr,
2618 host, tctx.cmd_count-1, ob->address_retry_include_sender,
59a286ef 2619 lflags.pending_MAIL, 0,
6d5c916c
JH
2620 &inblock, ob->command_timeout, buffer, sizeof(buffer)))
2621 {
59a286ef 2622 case 3: lflags.ok = TRUE; /* 2xx & 5xx => OK & progress made */
6d5c916c
JH
2623 case 2: completed_address = TRUE; /* 5xx (only) => progress made */
2624 break;
2625
59a286ef
JH
2626 case 1: lflags.ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
2627 if (!lflags.lmtp) completed_address = TRUE; /* can't tell about progress yet */
6d5c916c
JH
2628 case 0: break; /* No 2xx or 5xx, but no probs */
2629
2630 case -1: goto END_OFF; /* Timeout on RCPT */
2631 default: goto RESPONSE_FAILED; /* I/O error, or any MAIL/DATA error */
2632 }
2633 }
2634
8ccd00b1 2635#ifndef DISABLE_PRDR
fd98a5c6
JH
2636 /* For PRDR we optionally get a partial-responses warning
2637 * followed by the individual responses, before going on with
2638 * the overall response. If we don't get the warning then deal
2639 * with per non-PRDR. */
59a286ef 2640 if(lflags.prdr_active)
fd98a5c6 2641 {
59a286ef 2642 lflags.ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '3',
fd98a5c6 2643 ob->final_timeout);
59a286ef 2644 if (!lflags.ok && errno == 0) switch(buffer[0])
e027f545 2645 {
59a286ef
JH
2646 case '2': lflags.prdr_active = FALSE;
2647 lflags.ok = TRUE;
e027f545
JH
2648 break;
2649 case '4': errno = ERRNO_DATA4XX;
2650 addrlist->more_errno |=
2651 ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
2652 break;
2653 }
fd98a5c6
JH
2654 }
2655 else
2656#endif
2657
2658 /* For non-PRDR SMTP, we now read a single response that applies to the
2659 whole message. If it is OK, then all the addresses have been delivered. */
0756eb3c 2660
59a286ef 2661 if (!lflags.lmtp)
e97957bc 2662 {
59a286ef 2663 lflags.ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
e97957bc 2664 ob->final_timeout);
59a286ef 2665 if (!lflags.ok && errno == 0 && buffer[0] == '4')
e97957bc
PH
2666 {
2667 errno = ERRNO_DATA4XX;
2668 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
2669 }
2670 }
0756eb3c
PH
2671
2672 /* For LMTP, we get back a response for every RCPT command that we sent;
2673 some may be accepted and some rejected. For those that get a response, their
2674 status is fixed; any that are accepted have been handed over, even if later
2675 responses crash - at least, that's how I read RFC 2033.
2676
2677 If all went well, mark the recipient addresses as completed, record which
2678 host/IPaddress they were delivered to, and cut out RSET when sending another
2679 message down the same channel. Write the completed addresses to the journal
2680 now so that they are recorded in case there is a crash of hardware or
2681 software before the spool gets updated. Also record the final SMTP
2682 confirmation if needed (for SMTP only). */
2683
59a286ef 2684 if (lflags.ok)
0756eb3c
PH
2685 {
2686 int flag = '=';
2687 int delivery_time = (int)(time(NULL) - start_delivery_time);
2688 int len;
0756eb3c 2689 uschar *conf = NULL;
0d9fa8c0 2690
59a286ef 2691 lflags.send_rset = FALSE;
0d9fa8c0 2692 pipelining_active = FALSE;
0756eb3c 2693
0756eb3c
PH
2694 /* Set up confirmation if needed - applies only to SMTP */
2695
d68218c7 2696 if (
0cbf2b82 2697#ifdef DISABLE_EVENT
6c6d6e48 2698 LOGGING(smtp_confirmation) &&
a7538db1 2699#endif
59a286ef 2700 !lflags.lmtp
d68218c7 2701 )
0756eb3c 2702 {
55414b25
JH
2703 const uschar *s = string_printing(buffer);
2704 /* deconst cast ok here as string_printing was checked to have alloc'n'copied */
2705 conf = (s == buffer)? (uschar *)string_copy(s) : US s;
0756eb3c
PH
2706 }
2707
fd98a5c6 2708 /* Process all transported addresses - for LMTP or PRDR, read a status for
0756eb3c
PH
2709 each one. */
2710
2711 for (addr = addrlist; addr != first_addr; addr = addr->next)
2712 {
2713 if (addr->transport_return != PENDING_OK) continue;
2714
2715 /* LMTP - if the response fails badly (e.g. timeout), use it for all the
2716 remaining addresses. Otherwise, it's a return code for just the one
75def545
PH
2717 address. For temporary errors, add a retry item for the address so that
2718 it doesn't get tried again too soon. */
0756eb3c 2719
8ccd00b1 2720#ifndef DISABLE_PRDR
59a286ef 2721 if (lflags.lmtp || lflags.prdr_active)
fd98a5c6 2722#else
59a286ef 2723 if (lflags.lmtp)
fd98a5c6 2724#endif
0756eb3c
PH
2725 {
2726 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2727 ob->final_timeout))
2728 {
2729 if (errno != 0 || buffer[0] == 0) goto RESPONSE_FAILED;
fd98a5c6 2730 addr->message = string_sprintf(
8ccd00b1 2731#ifndef DISABLE_PRDR
59a286ef 2732 "%s error after %s: %s", lflags.prdr_active ? "PRDR":"LMTP",
fd98a5c6
JH
2733#else
2734 "LMTP error after %s: %s",
2735#endif
0756eb3c 2736 big_buffer, string_printing(buffer));
75def545
PH
2737 setflag(addr, af_pass_message); /* Allow message to go to user */
2738 if (buffer[0] == '5')
2739 addr->transport_return = FAIL;
2740 else
2741 {
e97957bc
PH
2742 errno = ERRNO_DATA4XX;
2743 addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
75def545 2744 addr->transport_return = DEFER;
8ccd00b1 2745#ifndef DISABLE_PRDR
59a286ef 2746 if (!lflags.prdr_active)
fd98a5c6
JH
2747#endif
2748 retry_add_item(addr, addr->address_retry_key, 0);
75def545 2749 }
0756eb3c
PH
2750 continue;
2751 }
2752 completed_address = TRUE; /* NOW we can set this flag */
6c6d6e48 2753 if (LOGGING(smtp_confirmation))
c0ea85ab 2754 {
55414b25
JH
2755 const uschar *s = string_printing(buffer);
2756 /* deconst cast ok here as string_printing was checked to have alloc'n'copied */
2757 conf = (s == buffer)? (uschar *)string_copy(s) : US s;
c0ea85ab 2758 }
0756eb3c
PH
2759 }
2760
2761 /* SMTP, or success return from LMTP for this address. Pass back the
2d280592 2762 actual host that was used. */
0756eb3c
PH
2763
2764 addr->transport_return = OK;
2765 addr->more_errno = delivery_time;
d427a7f9 2766 addr->host_used = host;
0756eb3c
PH
2767 addr->special_action = flag;
2768 addr->message = conf;
8ccd00b1 2769#ifndef DISABLE_PRDR
59a286ef 2770 if (lflags.prdr_active) addr->flags |= af_prdr_used;
fd98a5c6 2771#endif
e0cc6cda 2772 if (peer_offered & PEER_OFFERED_CHUNKING) addr->flags |= af_chunking_used;
0756eb3c
PH
2773 flag = '-';
2774
8ccd00b1 2775#ifndef DISABLE_PRDR
59a286ef 2776 if (!lflags.prdr_active)
fd98a5c6
JH
2777#endif
2778 {
2779 /* Update the journal. For homonymic addresses, use the base address plus
2780 the transport name. See lots of comments in deliver.c about the reasons
2781 for the complications when homonyms are involved. Just carry on after
2782 write error, as it may prove possible to update the spool file later. */
4d8d62b9 2783
fd98a5c6
JH
2784 if (testflag(addr, af_homonym))
2785 sprintf(CS buffer, "%.500s/%s\n", addr->unique + 3, tblock->name);
2786 else
2787 sprintf(CS buffer, "%.500s\n", addr->unique);
4d8d62b9 2788
895fbaf2 2789 DEBUG(D_deliver) debug_printf("journalling %s\n", buffer);
fd98a5c6
JH
2790 len = Ustrlen(CS buffer);
2791 if (write(journal_fd, buffer, len) != len)
2792 log_write(0, LOG_MAIN|LOG_PANIC, "failed to write journal for "
2793 "%s: %s", buffer, strerror(errno));
2794 }
0756eb3c
PH
2795 }
2796
8ccd00b1 2797#ifndef DISABLE_PRDR
59a286ef 2798 if (lflags.prdr_active)
fd98a5c6
JH
2799 {
2800 /* PRDR - get the final, overall response. For any non-success
2801 upgrade all the address statuses. */
59a286ef 2802 lflags.ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
fd98a5c6 2803 ob->final_timeout);
59a286ef 2804 if (!lflags.ok)
fd98a5c6
JH
2805 {
2806 if(errno == 0 && buffer[0] == '4')
2807 {
2808 errno = ERRNO_DATA4XX;
2809 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
2810 }
2811 for (addr = addrlist; addr != first_addr; addr = addr->next)
2812 if (buffer[0] == '5' || addr->transport_return == OK)
2813 addr->transport_return = PENDING_OK; /* allow set_errno action */
2814 goto RESPONSE_FAILED;
2815 }
2816
2817 /* Update the journal, or setup retry. */
2818 for (addr = addrlist; addr != first_addr; addr = addr->next)
2819 if (addr->transport_return == OK)
2820 {
2821 if (testflag(addr, af_homonym))
2822 sprintf(CS buffer, "%.500s/%s\n", addr->unique + 3, tblock->name);
2823 else
2824 sprintf(CS buffer, "%.500s\n", addr->unique);
4d8d62b9 2825
895fbaf2 2826 DEBUG(D_deliver) debug_printf("journalling(PRDR) %s\n", buffer);
fd98a5c6
JH
2827 len = Ustrlen(CS buffer);
2828 if (write(journal_fd, buffer, len) != len)
2829 log_write(0, LOG_MAIN|LOG_PANIC, "failed to write journal for "
2830 "%s: %s", buffer, strerror(errno));
2831 }
2832 else if (addr->transport_return == DEFER)
2833 retry_add_item(addr, addr->address_retry_key, -2);
2834 }
2835#endif
2836
0756eb3c
PH
2837 /* Ensure the journal file is pushed out to disk. */
2838
54fc8428 2839 if (EXIMfsync(journal_fd) < 0)
0756eb3c
PH
2840 log_write(0, LOG_MAIN|LOG_PANIC, "failed to fsync journal: %s",
2841 strerror(errno));
2842 }
2843 }
2844
2845
2846/* Handle general (not specific to one address) failures here. The value of ok
2847is used to skip over this code on the falling through case. A timeout causes a
2848deferral. Other errors may defer or fail according to the response code, and
2849may set up a special errno value, e.g. after connection chopped, which is
2850assumed if errno == 0 and there is no text in the buffer. If control reaches
2851here during the setting up phase (i.e. before MAIL FROM) then always defer, as
2852the problem is not related to this specific message. */
2853
59a286ef 2854if (!lflags.ok)
0756eb3c 2855 {
895fbaf2
JH
2856 int code, set_rc;
2857 uschar * set_message;
0756eb3c
PH
2858
2859 RESPONSE_FAILED:
895fbaf2
JH
2860 {
2861 save_errno = errno;
2862 message = NULL;
59a286ef 2863 lflags.send_quit = check_response(host, &save_errno, addrlist->more_errno,
895fbaf2
JH
2864 buffer, &code, &message, &pass_message);
2865 goto FAILED;
2866 }
0756eb3c
PH
2867
2868 SEND_FAILED:
895fbaf2
JH
2869 {
2870 save_errno = errno;
2871 code = '4';
2872 message = US string_sprintf("send() to %s [%s] failed: %s",
2873 host->name, host->address, strerror(save_errno));
59a286ef 2874 lflags.send_quit = FALSE;
895fbaf2
JH
2875 goto FAILED;
2876 }
0756eb3c
PH
2877
2878 /* This label is jumped to directly when a TLS negotiation has failed,
2879 or was not done for a host for which it is required. Values will be set
2880 in message and save_errno, and setting_up will always be true. Treat as
2881 a temporary error. */
2882
a7538db1 2883#ifdef SUPPORT_TLS
0756eb3c
PH
2884 TLS_FAILED:
2885 code = '4';
a7538db1 2886#endif
0756eb3c
PH
2887
2888 /* If the failure happened while setting up the call, see if the failure was
2889 a 5xx response (this will either be on connection, or following HELO - a 5xx
2890 after EHLO causes it to try HELO). If so, fail all addresses, as this host is
2891 never going to accept them. For other errors during setting up (timeouts or
2892 whatever), defer all addresses, and yield DEFER, so that the host is not
2893 tried again for a while. */
2894
2895 FAILED:
59a286ef 2896 lflags.ok = FALSE; /* For when reached by GOTO */
895fbaf2 2897 set_message = message;
0756eb3c 2898
59a286ef 2899 if (lflags.setting_up)
0756eb3c 2900 if (code == '5')
895fbaf2 2901 set_rc = FAIL;
0756eb3c 2902 else
895fbaf2 2903 yield = set_rc = DEFER;
0756eb3c 2904
e97957bc 2905 /* We want to handle timeouts after MAIL or "." and loss of connection after
0756eb3c 2906 "." specially. They can indicate a problem with the sender address or with
e97957bc
PH
2907 the contents of the message rather than a real error on the connection. These
2908 cases are treated in the same way as a 4xx response. This next bit of code
2909 does the classification. */
0756eb3c 2910
e97957bc 2911 else
0756eb3c 2912 {
e97957bc 2913 BOOL message_error;
0756eb3c 2914
e97957bc
PH
2915 switch(save_errno)
2916 {
8c5d388a 2917#ifdef SUPPORT_I18N
250b6871
JH
2918 case ERRNO_UTF8_FWD:
2919 code = '5';
2920 /*FALLTHROUGH*/
2921#endif
e97957bc
PH
2922 case 0:
2923 case ERRNO_MAIL4XX:
2924 case ERRNO_DATA4XX:
250b6871
JH
2925 message_error = TRUE;
2926 break;
0756eb3c 2927
e97957bc 2928 case ETIMEDOUT:
250b6871
JH
2929 message_error = Ustrncmp(smtp_command,"MAIL",4) == 0 ||
2930 Ustrncmp(smtp_command,"end ",4) == 0;
2931 break;
e97957bc
PH
2932
2933 case ERRNO_SMTPCLOSED:
250b6871
JH
2934 message_error = Ustrncmp(smtp_command,"end ",4) == 0;
2935 break;
e97957bc
PH
2936
2937 default:
250b6871
JH
2938 message_error = FALSE;
2939 break;
e97957bc 2940 }
0756eb3c 2941
e97957bc 2942 /* Handle the cases that are treated as message errors. These are:
0756eb3c 2943
e97957bc
PH
2944 (a) negative response or timeout after MAIL
2945 (b) negative response after DATA
2946 (c) negative response or timeout or dropped connection after "."
250b6871 2947 (d) utf8 support required and not offered
0756eb3c 2948
e97957bc
PH
2949 It won't be a negative response or timeout after RCPT, as that is dealt
2950 with separately above. The action in all cases is to set an appropriate
2951 error code for all the addresses, but to leave yield set to OK because the
2952 host itself has not failed. Of course, it might in practice have failed
2953 when we've had a timeout, but if so, we'll discover that at the next
2954 delivery attempt. For a temporary error, set the message_defer flag, and
2955 write to the logs for information if this is not the last host. The error
2956 for the last host will be logged as part of the address's log line. */
2957
2958 if (message_error)
0756eb3c 2959 {
e97957bc 2960 if (mua_wrapper) code = '5'; /* Force hard failure in wrapper mode */
e97957bc
PH
2961
2962 /* If there's an errno, the message contains just the identity of
2963 the host. */
2964
895fbaf2
JH
2965 if (code == '5')
2966 set_rc = FAIL;
2967 else /* Anything other than 5 is treated as temporary */
e97957bc 2968 {
895fbaf2 2969 set_rc = DEFER;
e97957bc
PH
2970 if (save_errno > 0)
2971 message = US string_sprintf("%s: %s", message, strerror(save_errno));
2972 if (host->next != NULL) log_write(0, LOG_MAIN, "%s", message);
c562fd30 2973 msglog_line(host, message);
e97957bc
PH
2974 *message_defer = TRUE;
2975 }
2976 }
2977
2978 /* Otherwise, we have an I/O error or a timeout other than after MAIL or
2979 ".", or some other transportation error. We defer all addresses and yield
2980 DEFER, except for the case of failed add_headers expansion, or a transport
2981 filter failure, when the yield should be ERROR, to stop it trying other
2982 hosts. */
2983
2984 else
2985 {
895fbaf2 2986 set_rc = DEFER;
e97957bc
PH
2987 yield = (save_errno == ERRNO_CHHEADER_FAIL ||
2988 save_errno == ERRNO_FILTER_FAIL)? ERROR : DEFER;
0756eb3c
PH
2989 }
2990 }
895fbaf2
JH
2991
2992 set_errno(addrlist, save_errno, set_message, set_rc, pass_message, host
2993#ifdef EXPERIMENTAL_DSN_INFO
2994 , smtp_greeting, helo_response
2995#endif
2996 );
0756eb3c
PH
2997 }
2998
2999
3000/* If all has gone well, send_quit will be set TRUE, implying we can end the
3001SMTP session tidily. However, if there were too many addresses to send in one
3002message (indicated by first_addr being non-NULL) we want to carry on with the
3003rest of them. Also, it is desirable to send more than one message down the SMTP
3004connection if there are several waiting, provided we haven't already sent so
3005many as to hit the configured limit. The function transport_check_waiting looks
3006for a waiting message and returns its id. Then transport_pass_socket tries to
3007set up a continued delivery by passing the socket on to another process. The
3008variable send_rset is FALSE if a message has just been successfully transfered.
3009
3010If we are already sending down a continued channel, there may be further
3011addresses not yet delivered that are aimed at the same host, but which have not
3012been passed in this run of the transport. In this case, continue_more will be
3013true, and all we should do is send RSET if necessary, and return, leaving the
3014channel open.
3015
3016However, if no address was disposed of, i.e. all addresses got 4xx errors, we
3017do not want to continue with other messages down the same channel, because that
3018can lead to looping between two or more messages, all with the same,
3019temporarily failing address(es). [The retry information isn't updated yet, so
3020new processes keep on trying.] We probably also don't want to try more of this
3021message's addresses either.
3022
3023If we have started a TLS session, we have to end it before passing the
3024connection to a new process. However, not all servers can handle this (Exim
3025can), so we do not pass such a connection on if the host matches
3026hosts_nopass_tls. */
3027
3028DEBUG(D_transport)
3029 debug_printf("ok=%d send_quit=%d send_rset=%d continue_more=%d "
59a286ef
JH
3030 "yield=%d first_address is %sNULL\n", lflags.ok, lflags.send_quit,
3031 lflags.send_rset, continue_more, yield, first_addr ? "not " : "");
0756eb3c 3032
59a286ef 3033if (completed_address && lflags.ok && lflags.send_quit)
0756eb3c
PH
3034 {
3035 BOOL more;
a39bd74d
JB
3036 smtp_compare_t t_compare;
3037
3038 t_compare.tblock = tblock;
3039 t_compare.current_sender_address = sender_address;
3040
5130845b
JH
3041 if ( first_addr != NULL
3042 || continue_more
3043 || ( ( tls_out.active < 0
3044 || verify_check_given_host(&ob->hosts_nopass_tls, host) != OK
3045 )
0756eb3c
PH
3046 &&
3047 transport_check_waiting(tblock->name, host->name,
a39bd74d
JB
3048 tblock->connection_max_messages, new_message_id, &more,
3049 (oicf)smtp_are_same_identities, (void*)&t_compare)
5130845b 3050 ) )
0756eb3c
PH
3051 {
3052 uschar *msg;
447d236c 3053 BOOL pass_message;
0756eb3c 3054
59a286ef 3055 if (lflags.send_rset)
0756eb3c 3056 {
59a286ef 3057 if (! (lflags.ok = smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0))
0756eb3c
PH
3058 {
3059 msg = US string_sprintf("send() to %s [%s] failed: %s", host->name,
3060 host->address, strerror(save_errno));
59a286ef 3061 lflags.send_quit = FALSE;
0756eb3c 3062 }
59a286ef
JH
3063 else if (! (lflags.ok = smtp_read_response(&inblock, buffer,
3064 sizeof(buffer), '2', ob->command_timeout)))
0756eb3c
PH
3065 {
3066 int code;
59a286ef 3067 lflags.send_quit = check_response(host, &errno, 0, buffer, &code, &msg,
447d236c 3068 &pass_message);
59a286ef 3069 if (!lflags.send_quit)
0756eb3c 3070 {
c562fd30
JH
3071 DEBUG(D_transport) debug_printf("H=%s [%s] %s\n",
3072 host->name, host->address, msg);
0756eb3c
PH
3073 }
3074 }
3075 }
3076
3077 /* Either RSET was not needed, or it succeeded */
3078
59a286ef 3079 if (lflags.ok)
0756eb3c
PH
3080 {
3081 if (first_addr != NULL) /* More addresses still to be sent */
3082 { /* in this run of the transport */
3083 continue_sequence++; /* Causes * in logging */
3084 goto SEND_MESSAGE;
3085 }
3086 if (continue_more) return yield; /* More addresses for another run */
3087
3088 /* Pass the socket to a new Exim process. Before doing so, we must shut
3089 down TLS. Not all MTAs allow for the continuation of the SMTP session
3090 when TLS is shut down. We test for this by sending a new EHLO. If we
3091 don't get a good response, we don't attempt to pass the socket on. */
3092
a7538db1 3093#ifdef SUPPORT_TLS
817d9f57 3094 if (tls_out.active >= 0)
0756eb3c 3095 {
817d9f57 3096 tls_close(FALSE, TRUE);
2d14f397 3097 smtp_peer_options = smtp_peer_options_wrap;
59a286ef
JH
3098 if (lflags.smtps)
3099 lflags.ok = FALSE;
061b7ebd 3100 else
59a286ef 3101 lflags.ok = smtp_write_command(&outblock,FALSE,"EHLO %s\r\n",helo_data) >= 0 &&
061b7ebd
PP
3102 smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
3103 ob->command_timeout);
0756eb3c 3104 }
a7538db1 3105#endif
0756eb3c
PH
3106
3107 /* If the socket is successfully passed, we musn't send QUIT (or
3108 indeed anything!) from here. */
3109
895fbaf2
JH
3110/*XXX DSN_INFO: assume likely to do new HELO; but for greet we'll want to
3111propagate it from the initial
3112*/
59a286ef
JH
3113 if (lflags.ok && transport_pass_socket(tblock->name, host->name,
3114 host->address, new_message_id, inblock.sock))
3115 lflags.send_quit = FALSE;
0756eb3c
PH
3116 }
3117
3118 /* If RSET failed and there are addresses left, they get deferred. */
3119
895fbaf2
JH
3120 else set_errno(first_addr, errno, msg, DEFER, FALSE, host
3121#ifdef EXPERIMENTAL_DSN_INFO
3122 , smtp_greeting, helo_response
3123#endif
3124 );
0756eb3c
PH
3125 }
3126 }
3127
3128/* End off tidily with QUIT unless the connection has died or the socket has
3129been passed to another process. There has been discussion on the net about what
3130to do after sending QUIT. The wording of the RFC suggests that it is necessary
3131to wait for a response, but on the other hand, there isn't anything one can do
3132with an error response, other than log it. Exim used to do that. However,
3133further discussion suggested that it is positively advantageous not to wait for
3134the response, but to close the session immediately. This is supposed to move
3135the TCP/IP TIME_WAIT state from the server to the client, thereby removing some
3136load from the server. (Hosts that are both servers and clients may not see much
3137difference, of course.) Further discussion indicated that this was safe to do
3138on Unix systems which have decent implementations of TCP/IP that leave the
3139connection around for a while (TIME_WAIT) after the application has gone away.
3140This enables the response sent by the server to be properly ACKed rather than
3141timed out, as can happen on broken TCP/IP implementations on other OS.
3142
3143This change is being made on 31-Jul-98. After over a year of trouble-free
3144operation, the old commented-out code was removed on 17-Sep-99. */
3145
3146SEND_QUIT:
59a286ef 3147if (lflags.send_quit) (void)smtp_write_command(&outblock, FALSE, "QUIT\r\n");
0756eb3c
PH
3148
3149END_OFF:
3150
3151#ifdef SUPPORT_TLS
817d9f57 3152tls_close(FALSE, TRUE);
0756eb3c
PH
3153#endif
3154
3155/* Close the socket, and return the appropriate value, first setting
0756eb3c
PH
3156works because the NULL setting is passed back to the calling process, and
3157remote_max_parallel is forced to 1 when delivering over an existing connection,
3158
3159If all went well and continue_more is set, we shouldn't actually get here if
3160there are further addresses, as the return above will be taken. However,
3161writing RSET might have failed, or there may be other addresses whose hosts are
3162specified in the transports, and therefore not visible at top level, in which
3163case continue_more won't get set. */
3164
b9d9c5a2 3165HDEBUG(D_transport|D_acl|D_v) debug_printf(" SMTP(close)>>\n");
60d10ce7
JH
3166if (lflags.send_quit)
3167 {
3168 shutdown(outblock.sock, SHUT_WR);
3169 for (rc = 16; read(inblock.sock, inbuffer, sizeof(inbuffer)) > 0 && rc > 0;)
3170 rc--; /* drain socket */
3171 }
f1e894f3 3172(void)close(inblock.sock);
a7538db1 3173
0cbf2b82 3174#ifndef DISABLE_EVENT
774ef2d7 3175(void) event_raise(tblock->event_action, US"tcp:close", NULL);
a7538db1
JH
3176#endif
3177
0756eb3c
PH
3178continue_transport = NULL;
3179continue_hostname = NULL;
3180return yield;
3181}
3182
3183
3184
3185
3186/*************************************************
3187* Closedown entry point *
3188*************************************************/
3189
3190/* This function is called when exim is passed an open smtp channel
3191from another incarnation, but the message which it has been asked
3192to deliver no longer exists. The channel is on stdin.
3193
3194We might do fancy things like looking for another message to send down
3195the channel, but if the one we sought has gone, it has probably been
3196delivered by some other process that itself will seek further messages,
3197so just close down our connection.
3198
3199Argument: pointer to the transport instance block
3200Returns: nothing
3201*/
3202
3203void
3204smtp_transport_closedown(transport_instance *tblock)
3205{
3206smtp_transport_options_block *ob =
3207 (smtp_transport_options_block *)(tblock->options_block);
3208smtp_inblock inblock;
3209smtp_outblock outblock;
3210uschar buffer[256];
3211uschar inbuffer[4096];
3212uschar outbuffer[16];
3213
3214inblock.sock = fileno(stdin);
3215inblock.buffer = inbuffer;
3216inblock.buffersize = sizeof(inbuffer);
3217inblock.ptr = inbuffer;
3218inblock.ptrend = inbuffer;
3219
3220outblock.sock = inblock.sock;
3221outblock.buffersize = sizeof(outbuffer);
3222outblock.buffer = outbuffer;
3223outblock.ptr = outbuffer;
3224outblock.cmd_count = 0;
3225outblock.authenticating = FALSE;
3226
3227(void)smtp_write_command(&outblock, FALSE, "QUIT\r\n");
3228(void)smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
3229 ob->command_timeout);
f1e894f3 3230(void)close(inblock.sock);
0756eb3c
PH
3231}
3232
3233
3234
3235/*************************************************
3236* Prepare addresses for delivery *
3237*************************************************/
3238
3239/* This function is called to flush out error settings from previous delivery
3240attempts to other hosts. It also records whether we got here via an MX record
3241or not in the more_errno field of the address. We are interested only in
3242addresses that are still marked DEFER - others may have got delivered to a
3243previously considered IP address. Set their status to PENDING_DEFER to indicate
3244which ones are relevant this time.
3245
3246Arguments:
3247 addrlist the list of addresses
3248 host the host we are delivering to
3249
3250Returns: the first address for this delivery
3251*/
3252
3253static address_item *
3254prepare_addresses(address_item *addrlist, host_item *host)
3255{
3256address_item *first_addr = NULL;
3257address_item *addr;
7b4c8c1f 3258for (addr = addrlist; addr; addr = addr->next)
168dec3b
JH
3259 if (addr->transport_return == DEFER)
3260 {
7b4c8c1f 3261 if (!first_addr) first_addr = addr;
168dec3b
JH
3262 addr->transport_return = PENDING_DEFER;
3263 addr->basic_errno = 0;
3264 addr->more_errno = (host->mx >= 0)? 'M' : 'A';
3265 addr->message = NULL;
a7538db1 3266#ifdef SUPPORT_TLS
168dec3b
JH
3267 addr->cipher = NULL;
3268 addr->ourcert = NULL;
3269 addr->peercert = NULL;
3270 addr->peerdn = NULL;
3271 addr->ocsp = OCSP_NOT_REQ;
a7538db1 3272#endif
895fbaf2
JH
3273#ifdef EXPERIMENTAL_DSN_INFO
3274 addr->smtp_greeting = NULL;
3275 addr->helo_response = NULL;
3276#endif
168dec3b 3277 }
0756eb3c
PH
3278return first_addr;
3279}
3280
3281
3282
3283/*************************************************
3284* Main entry point *
3285*************************************************/
3286
3287/* See local README for interface details. As this is a remote transport, it is
3288given a chain of addresses to be delivered in one connection, if possible. It
3289always returns TRUE, indicating that each address has its own independent
3290status set, except if there is a setting up problem, in which case it returns
3291FALSE. */
3292
3293BOOL
3294smtp_transport_entry(
3295 transport_instance *tblock, /* data for this instantiation */
3296 address_item *addrlist) /* addresses we are working on */
3297{
3298int cutoff_retry;
3299int port;
3300int hosts_defer = 0;