projects / exim.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Support REQUIRETLS
[exim.git] / src / src / transports / smtp.c
CommitLineData
0756eb3c
PH		 1/*************************************************
2* Exim - an Internet mail transport agent *
3*************************************************/
4
f9ba5e22 5/* Copyright (c) University of Cambridge 1995 - 2018 */
0756eb3c
PH		 6/* See the file NOTICE for conditions of use and distribution. */
7
8#include "../exim.h"
9#include "smtp.h"
10
0756eb3c
PH		 11
12/* Options specific to the smtp transport. This transport also supports LMTP
13over TCP/IP. The options must be in alphabetic order (note that "_" comes
14before the lower case letters). Some live in the transport_instance block so as
15to be publicly visible; these are flagged with opt_public. */
16
17optionlist smtp_transport_options[] = {
506900af
JH		 18 { "*expand_multi_domain", opt_stringptr | opt_hidden | opt_public,
19 (void *)offsetof(transport_instance, expand_multi_domain) },
9c695f6d
JH		 20 { "*expand_retry_include_ip_address", opt_stringptr | opt_hidden,
21 (void *)(offsetof(smtp_transport_options_block, expand_retry_include_ip_address)) },
22
48c7f9e2
PH		 23 { "address_retry_include_sender", opt_bool,
24 (void *)offsetof(smtp_transport_options_block, address_retry_include_sender) },
0756eb3c
PH		 25 { "allow_localhost", opt_bool,
26 (void *)offsetof(smtp_transport_options_block, allow_localhost) },
617d3932
JH		 27#ifdef EXPERIMENTAL_ARC
28 { "arc_sign", opt_stringptr,
29 (void *)offsetof(smtp_transport_options_block, arc_sign) },
30#endif
0756eb3c
PH		 31 { "authenticated_sender", opt_stringptr,
32 (void *)offsetof(smtp_transport_options_block, authenticated_sender) },
382afc6b
PH		 33 { "authenticated_sender_force", opt_bool,
34 (void *)offsetof(smtp_transport_options_block, authenticated_sender_force) },
0756eb3c
PH		 35 { "command_timeout", opt_time,
36 (void *)offsetof(smtp_transport_options_block, command_timeout) },
37 { "connect_timeout", opt_time,
38 (void *)offsetof(smtp_transport_options_block, connect_timeout) },
39 { "connection_max_messages", opt_int | opt_public,
40 (void *)offsetof(transport_instance, connection_max_messages) },
5ec37a55
PP		 41# ifdef SUPPORT_DANE
42 { "dane_require_tls_ciphers", opt_stringptr,
43 (void *)offsetof(smtp_transport_options_block, dane_require_tls_ciphers) },
44# endif
0756eb3c
PH		 45 { "data_timeout", opt_time,
46 (void *)offsetof(smtp_transport_options_block, data_timeout) },
47 { "delay_after_cutoff", opt_bool,
48 (void *)offsetof(smtp_transport_options_block, delay_after_cutoff) },
80a47a2c 49#ifndef DISABLE_DKIM
f7572e5a 50 { "dkim_canon", opt_stringptr,
ff5aac2b 51 (void *)offsetof(smtp_transport_options_block, dkim.dkim_canon) },
f7572e5a 52 { "dkim_domain", opt_stringptr,
ff5aac2b 53 (void *)offsetof(smtp_transport_options_block, dkim.dkim_domain) },
d73e45df
JH		 54 { "dkim_hash", opt_stringptr,
55 (void *)offsetof(smtp_transport_options_block, dkim.dkim_hash) },
7c6ec81b
JH		 56 { "dkim_identity", opt_stringptr,
57 (void *)offsetof(smtp_transport_options_block, dkim.dkim_identity) },
f7572e5a 58 { "dkim_private_key", opt_stringptr,
ff5aac2b 59 (void *)offsetof(smtp_transport_options_block, dkim.dkim_private_key) },
f7572e5a 60 { "dkim_selector", opt_stringptr,
ff5aac2b 61 (void *)offsetof(smtp_transport_options_block, dkim.dkim_selector) },
f7572e5a 62 { "dkim_sign_headers", opt_stringptr,
ff5aac2b 63 (void *)offsetof(smtp_transport_options_block, dkim.dkim_sign_headers) },
f7572e5a 64 { "dkim_strict", opt_stringptr,
ff5aac2b 65 (void *)offsetof(smtp_transport_options_block, dkim.dkim_strict) },
2bc0f45e
JH		 66 { "dkim_timestamps", opt_stringptr,
67 (void *)offsetof(smtp_transport_options_block, dkim.dkim_timestamps) },
80a47a2c 68#endif
0756eb3c
PH		 69 { "dns_qualify_single", opt_bool,
70 (void *)offsetof(smtp_transport_options_block, dns_qualify_single) },
71 { "dns_search_parents", opt_bool,
72 (void *)offsetof(smtp_transport_options_block, dns_search_parents) },
578897ea 73 { "dnssec_request_domains", opt_stringptr,
7cd171b7 74 (void *)offsetof(smtp_transport_options_block, dnssec.request) },
578897ea 75 { "dnssec_require_domains", opt_stringptr,
7cd171b7 76 (void *)offsetof(smtp_transport_options_block, dnssec.require) },
9e4f5962
PP		 77 { "dscp", opt_stringptr,
78 (void *)offsetof(smtp_transport_options_block, dscp) },
0756eb3c
PH		 79 { "fallback_hosts", opt_stringptr,
80 (void *)offsetof(smtp_transport_options_block, fallback_hosts) },
81 { "final_timeout", opt_time,
82 (void *)offsetof(smtp_transport_options_block, final_timeout) },
83 { "gethostbyname", opt_bool,
84 (void *)offsetof(smtp_transport_options_block, gethostbyname) },
85 { "helo_data", opt_stringptr,
86 (void *)offsetof(smtp_transport_options_block, helo_data) },
87 { "hosts", opt_stringptr,
88 (void *)offsetof(smtp_transport_options_block, hosts) },
89 { "hosts_avoid_esmtp", opt_stringptr,
90 (void *)offsetof(smtp_transport_options_block, hosts_avoid_esmtp) },
c51b8e75
PH		 91 { "hosts_avoid_pipelining", opt_stringptr,
92 (void *)offsetof(smtp_transport_options_block, hosts_avoid_pipelining) },
80a47a2c 93#ifdef SUPPORT_TLS
0756eb3c
PH		 94 { "hosts_avoid_tls", opt_stringptr,
95 (void *)offsetof(smtp_transport_options_block, hosts_avoid_tls) },
80a47a2c 96#endif
0756eb3c
PH		 97 { "hosts_max_try", opt_int,
98 (void *)offsetof(smtp_transport_options_block, hosts_max_try) },
533244af
PH		 99 { "hosts_max_try_hardlimit", opt_int,
100 (void *)offsetof(smtp_transport_options_block, hosts_max_try_hardlimit) },
80a47a2c 101#ifdef SUPPORT_TLS
0756eb3c
PH		 102 { "hosts_nopass_tls", opt_stringptr,
103 (void *)offsetof(smtp_transport_options_block, hosts_nopass_tls) },
875512a3
JH		 104 { "hosts_noproxy_tls", opt_stringptr,
105 (void *)offsetof(smtp_transport_options_block, hosts_noproxy_tls) },
80a47a2c 106#endif
0756eb3c
PH		 107 { "hosts_override", opt_bool,
108 (void *)offsetof(smtp_transport_options_block, hosts_override) },
109 { "hosts_randomize", opt_bool,
110 (void *)offsetof(smtp_transport_options_block, hosts_randomize) },
f2de3a33 111#if defined(SUPPORT_TLS) && !defined(DISABLE_OCSP)
44662487
JH		 112 { "hosts_request_ocsp", opt_stringptr,
113 (void *)offsetof(smtp_transport_options_block, hosts_request_ocsp) },
114#endif
0756eb3c
PH		 115 { "hosts_require_auth", opt_stringptr,
116 (void *)offsetof(smtp_transport_options_block, hosts_require_auth) },
80a47a2c 117#ifdef SUPPORT_TLS
c0635b6d 118# ifdef SUPPORT_DANE
7a31d643
JH		 119 { "hosts_require_dane", opt_stringptr,
120 (void *)offsetof(smtp_transport_options_block, hosts_require_dane) },
121# endif
f2de3a33 122# ifndef DISABLE_OCSP
f5d78688
JH		 123 { "hosts_require_ocsp", opt_stringptr,
124 (void *)offsetof(smtp_transport_options_block, hosts_require_ocsp) },
125# endif
0756eb3c
PH		 126 { "hosts_require_tls", opt_stringptr,
127 (void *)offsetof(smtp_transport_options_block, hosts_require_tls) },
80a47a2c 128#endif
0756eb3c
PH		 129 { "hosts_try_auth", opt_stringptr,
130 (void *)offsetof(smtp_transport_options_block, hosts_try_auth) },
f98442df
JH		 131 { "hosts_try_chunking", opt_stringptr,
132 (void *)offsetof(smtp_transport_options_block, hosts_try_chunking) },
c0635b6d 133#if defined(SUPPORT_TLS) && defined(SUPPORT_DANE)
96e47838
TL		 134 { "hosts_try_dane", opt_stringptr,
135 (void *)offsetof(smtp_transport_options_block, hosts_try_dane) },
136#endif
fb05276a
JH		 137 { "hosts_try_fastopen", opt_stringptr,
138 (void *)offsetof(smtp_transport_options_block, hosts_try_fastopen) },
8ccd00b1 139#ifndef DISABLE_PRDR
fd98a5c6
JH		 140 { "hosts_try_prdr", opt_stringptr,
141 (void *)offsetof(smtp_transport_options_block, hosts_try_prdr) },
142#endif
99400968
JH		 143#ifdef SUPPORT_TLS
144 { "hosts_verify_avoid_tls", opt_stringptr,
145 (void *)offsetof(smtp_transport_options_block, hosts_verify_avoid_tls) },
146#endif
0756eb3c
PH		 147 { "interface", opt_stringptr,
148 (void *)offsetof(smtp_transport_options_block, interface) },
149 { "keepalive", opt_bool,
150 (void *)offsetof(smtp_transport_options_block, keepalive) },
f1513293
PH		 151 { "lmtp_ignore_quota", opt_bool,
152 (void *)offsetof(smtp_transport_options_block, lmtp_ignore_quota) },
0756eb3c
PH		 153 { "max_rcpt", opt_int | opt_public,
154 (void *)offsetof(transport_instance, max_addresses) },
506900af 155 { "multi_domain", opt_expand_bool | opt_public,
0756eb3c
PH		 156 (void *)offsetof(transport_instance, multi_domain) },
157 { "port", opt_stringptr,
158 (void *)offsetof(smtp_transport_options_block, port) },
159 { "protocol", opt_stringptr,
160 (void *)offsetof(smtp_transport_options_block, protocol) },
9c695f6d 161 { "retry_include_ip_address", opt_expand_bool,
0756eb3c
PH		 162 (void *)offsetof(smtp_transport_options_block, retry_include_ip_address) },
163 { "serialize_hosts", opt_stringptr,
164 (void *)offsetof(smtp_transport_options_block, serialize_hosts) },
165 { "size_addition", opt_int,
166 (void *)offsetof(smtp_transport_options_block, size_addition) }
f0989ec0 167#ifdef SUPPORT_SOCKS
7eb6c37c
JH		 168 ,{ "socks_proxy", opt_stringptr,
169 (void *)offsetof(smtp_transport_options_block, socks_proxy) }
170#endif
80a47a2c 171#ifdef SUPPORT_TLS
0756eb3c
PH		 172 ,{ "tls_certificate", opt_stringptr,
173 (void *)offsetof(smtp_transport_options_block, tls_certificate) },
174 { "tls_crl", opt_stringptr,
175 (void *)offsetof(smtp_transport_options_block, tls_crl) },
54c90be1
PP		 176 { "tls_dh_min_bits", opt_int,
177 (void *)offsetof(smtp_transport_options_block, tls_dh_min_bits) },
0756eb3c
PH		 178 { "tls_privatekey", opt_stringptr,
179 (void *)offsetof(smtp_transport_options_block, tls_privatekey) },
3f0945ff 180 { "tls_require_ciphers", opt_stringptr,
0756eb3c 181 (void *)offsetof(smtp_transport_options_block, tls_require_ciphers) },
3f0945ff
PP		 182 { "tls_sni", opt_stringptr,
183 (void *)offsetof(smtp_transport_options_block, tls_sni) },
0756eb3c
PH		 184 { "tls_tempfail_tryclear", opt_bool,
185 (void *)offsetof(smtp_transport_options_block, tls_tempfail_tryclear) },
a63be306
WB		 186 { "tls_try_verify_hosts", opt_stringptr,
187 (void *)offsetof(smtp_transport_options_block, tls_try_verify_hosts) },
e51c7be2
JH		 188 { "tls_verify_cert_hostnames", opt_stringptr,
189 (void *)offsetof(smtp_transport_options_block,tls_verify_cert_hostnames)},
0756eb3c 190 { "tls_verify_certificates", opt_stringptr,
a63be306
WB		 191 (void *)offsetof(smtp_transport_options_block, tls_verify_certificates) },
192 { "tls_verify_hosts", opt_stringptr,
193 (void *)offsetof(smtp_transport_options_block, tls_verify_hosts) }
80a47a2c 194#endif
0756eb3c
PH		 195};
196
197/* Size of the options list. An extern variable has to be used so that its
198address can appear in the tables drtables.c. */
199
200int smtp_transport_options_count =
201 sizeof(smtp_transport_options)/sizeof(optionlist);
202
d185889f
JH		 203
204#ifdef MACRO_PREDEF
205
206/* Dummy values */
207smtp_transport_options_block smtp_transport_option_defaults = {0};
208void smtp_transport_init(transport_instance *tblock) {}
209BOOL smtp_transport_entry(transport_instance *tblock, address_item *addr) {return FALSE;}
210void smtp_transport_closedown(transport_instance *tblock) {}
211
212#else /*!MACRO_PREDEF*/
213
214
0756eb3c
PH		 215/* Default private options block for the smtp transport. */
216
217smtp_transport_options_block smtp_transport_option_defaults = {
838d897c 218 .hosts = NULL,
847cd15f 219 .fallback_hosts = NULL,
838d897c
JH		 220 .hostlist = NULL,
221 .fallback_hostlist = NULL,
838d897c
JH		 222 .helo_data = US"$primary_hostname",
223 .interface = NULL,
224 .port = NULL,
225 .protocol = US"smtp",
226 .dscp = NULL,
227 .serialize_hosts = NULL,
228 .hosts_try_auth = NULL,
229 .hosts_require_auth = NULL,
230 .hosts_try_chunking = US"*",
c0635b6d 231#ifdef SUPPORT_DANE
838d897c
JH		 232 .hosts_try_dane = NULL,
233 .hosts_require_dane = NULL,
5ec37a55 234 .dane_require_tls_ciphers = NULL,
96e47838 235#endif
838d897c 236 .hosts_try_fastopen = NULL,
8ccd00b1 237#ifndef DISABLE_PRDR
838d897c 238 .hosts_try_prdr = US"*",
f5d78688 239#endif
f2de3a33 240#ifndef DISABLE_OCSP
838d897c
JH		 241 .hosts_request_ocsp = US"*", /* hosts_request_ocsp (except under DANE; tls_client_start()) */
242 .hosts_require_ocsp = NULL,
fd98a5c6 243#endif
838d897c
JH		 244 .hosts_require_tls = NULL,
245 .hosts_avoid_tls = NULL,
246 .hosts_verify_avoid_tls = NULL,
247 .hosts_avoid_pipelining = NULL,
248 .hosts_avoid_esmtp = NULL,
57cc2785 249#ifdef SUPPORT_TLS
838d897c
JH		 250 .hosts_nopass_tls = NULL,
251 .hosts_noproxy_tls = US"*",
57cc2785 252#endif
838d897c
JH		 253 .command_timeout = 5*60,
254 .connect_timeout = 5*60,
255 .data_timeout = 5*60,
256 .final_timeout = 10*60,
257 .size_addition = 1024,
258 .hosts_max_try = 5,
259 .hosts_max_try_hardlimit = 50,
260 .address_retry_include_sender = TRUE,
261 .allow_localhost = FALSE,
262 .authenticated_sender_force = FALSE,
263 .gethostbyname = FALSE,
264 .dns_qualify_single = TRUE,
265 .dns_search_parents = FALSE,
266 .dnssec = { .request=NULL, .require=NULL },
267 .delay_after_cutoff = TRUE,
268 .hosts_override = FALSE,
269 .hosts_randomize = FALSE,
270 .keepalive = TRUE,
271 .lmtp_ignore_quota = FALSE,
272 .expand_retry_include_ip_address = NULL,
273 .retry_include_ip_address = TRUE,
f0989ec0 274#ifdef SUPPORT_SOCKS
838d897c 275 .socks_proxy = NULL,
b8bf753b 276#endif
80a47a2c 277#ifdef SUPPORT_TLS
838d897c
JH		 278 .tls_certificate = NULL,
279 .tls_crl = NULL,
280 .tls_privatekey = NULL,
281 .tls_require_ciphers = NULL,
282 .tls_sni = NULL,
283 .tls_verify_certificates = US"system",
284 .tls_dh_min_bits = EXIM_CLIENT_DH_DEFAULT_MIN_BITS,
285 .tls_tempfail_tryclear = TRUE,
286 .tls_verify_hosts = NULL,
287 .tls_try_verify_hosts = US"*",
288 .tls_verify_cert_hostnames = US"*",
80a47a2c
TK		 289#endif
290#ifndef DISABLE_DKIM
838d897c
JH		 291 .dkim =
292 {.dkim_domain = NULL,
7c6ec81b 293 .dkim_identity = NULL,
838d897c
JH		 294 .dkim_private_key = NULL,
295 .dkim_selector = NULL,
296 .dkim_canon = NULL,
7c6ec81b 297 .dkim_sign_headers = NULL,
838d897c 298 .dkim_strict = NULL,
d73e45df 299 .dkim_hash = US"sha256",
2bc0f45e 300 .dkim_timestamps = NULL,
617d3932
JH		 301 .dot_stuffed = FALSE,
302 .force_bodyhash = FALSE,
303# ifdef EXPERIMENTAL_ARC
304 .arc_signspec = NULL,
305# endif
306 },
307# ifdef EXPERIMENTAL_ARC
308 .arc_sign = NULL,
309# endif
80a47a2c 310#endif
0756eb3c
PH		 311};
312
6c1c3d1d
WB		 313/* some DSN flags for use later */
314
315static int rf_list[] = {rf_notify_never, rf_notify_success,
316 rf_notify_failure, rf_notify_delay };
317
45500060 318static uschar *rf_names[] = { US"NEVER", US"SUCCESS", US"FAILURE", US"DELAY" };
6c1c3d1d
WB		 319
320
0756eb3c
PH		 321
322/* Local statics */
323
87cb4a16
JH		 324static uschar *smtp_command; /* Points to last cmd for error messages */
325static uschar *mail_command; /* Points to MAIL cmd for error messages */
326static uschar *data_command = US""; /* Points to DATA cmd for error messages */
327static BOOL update_waiting; /* TRUE to update the "wait" database */
875512a3
JH		 328
329/*XXX move to smtp_context */
87cb4a16 330static BOOL pipelining_active; /* current transaction is in pipe mode */
0756eb3c
PH		 331
332
333/*************************************************
334* Setup entry point *
335*************************************************/
336
337/* This function is called when the transport is about to be used,
338but before running it in a sub-process. It is used for two things:
339
340 (1) To set the fallback host list in addresses, when delivering.
26da7e20
PH		 341 (2) To pass back the interface, port, protocol, and other options, for use
342 during callout verification.
0756eb3c
PH		 343
344Arguments:
345 tblock pointer to the transport instance block
346 addrlist list of addresses about to be transported
347 tf if not NULL, pointer to block in which to return options
929ba01c
PH		 348 uid the uid that will be set (not used)
349 gid the gid that will be set (not used)
0756eb3c
PH		 350 errmsg place for error message (not used)
351
352Returns: OK always (FAIL, DEFER not used)
353*/
354
355static int
356smtp_transport_setup(transport_instance *tblock, address_item *addrlist,
929ba01c 357 transport_feedback *tf, uid_t uid, gid_t gid, uschar **errmsg)
0756eb3c
PH		 358{
359smtp_transport_options_block *ob =
360 (smtp_transport_options_block *)(tblock->options_block);
361
362errmsg = errmsg; /* Keep picky compilers happy */
929ba01c
PH		 363uid = uid;
364gid = gid;
0756eb3c
PH		 365
366/* Pass back options if required. This interface is getting very messy. */
367
02b41d71 368if (tf)
0756eb3c
PH		 369 {
370 tf->interface = ob->interface;
371 tf->port = ob->port;
372 tf->protocol = ob->protocol;
373 tf->hosts = ob->hosts;
374 tf->hosts_override = ob->hosts_override;
375 tf->hosts_randomize = ob->hosts_randomize;
376 tf->gethostbyname = ob->gethostbyname;
377 tf->qualify_single = ob->dns_qualify_single;
378 tf->search_parents = ob->dns_search_parents;
26da7e20 379 tf->helo_data = ob->helo_data;
0756eb3c
PH		 380 }
381
382/* Set the fallback host list for all the addresses that don't have fallback
383host lists, provided that the local host wasn't present in the original host
384list. */
385
386if (!testflag(addrlist, af_local_host_removed))
02b41d71
JH		 387 for (; addrlist; addrlist = addrlist->next)
388 if (!addrlist->fallback_hosts) addrlist->fallback_hosts = ob->fallback_hostlist;
0756eb3c
PH		 389
390return OK;
391}
392
393
394
395/*************************************************
396* Initialization entry point *
397*************************************************/
398
399/* Called for each instance, after its options have been read, to
400enable consistency checks to be done, or anything else that needs
401to be set up.
402
403Argument: pointer to the transport instance block
404Returns: nothing
405*/
406
407void
408smtp_transport_init(transport_instance *tblock)
409{
410smtp_transport_options_block *ob =
411 (smtp_transport_options_block *)(tblock->options_block);
412
413/* Retry_use_local_part defaults FALSE if unset */
414
415if (tblock->retry_use_local_part == TRUE_UNSET)
416 tblock->retry_use_local_part = FALSE;
417
418/* Set the default port according to the protocol */
419
420if (ob->port == NULL)
061b7ebd
PP		 421 ob->port = (strcmpic(ob->protocol, US"lmtp") == 0)? US"lmtp" :
422 (strcmpic(ob->protocol, US"smtps") == 0)? US"smtps" : US"smtp";
0756eb3c
PH		 423
424/* Set up the setup entry point, to be called before subprocesses for this
425transport. */
426
427tblock->setup = smtp_transport_setup;
428
429/* Complain if any of the timeouts are zero. */
430
431if (ob->command_timeout <= 0 || ob->data_timeout <= 0 ||
432 ob->final_timeout <= 0)
433 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
434 "command, data, or final timeout value is zero for %s transport",
435 tblock->name);
436
437/* If hosts_override is set and there are local hosts, set the global
438flag that stops verify from showing router hosts. */
439
440if (ob->hosts_override && ob->hosts != NULL) tblock->overrides_hosts = TRUE;
441
442/* If there are any fallback hosts listed, build a chain of host items
443for them, but do not do any lookups at this time. */
444
445host_build_hostlist(&(ob->fallback_hostlist), ob->fallback_hosts, FALSE);
446}
447
448
449
450
451
452/*************************************************
453* Set delivery info into all active addresses *
454*************************************************/
455
456/* Only addresses whose status is >= PENDING are relevant. A lesser
457status means that an address is not currently being processed.
458
459Arguments:
447d236c
PH		 460 addrlist points to a chain of addresses
461 errno_value to put in each address's errno field
462 msg to put in each address's message field
463 rc to put in each address's transport_return field
464 pass_message if TRUE, set the "pass message" flag in the address
c562fd30 465 host if set, mark addrs as having used this host
895fbaf2
JH		 466 smtp_greeting from peer
467 helo_response from peer
0756eb3c
PH		 468
469If errno_value has the special value ERRNO_CONNECTTIMEOUT, ETIMEDOUT is put in
470the errno field, and RTEF_CTOUT is ORed into the more_errno field, to indicate
471this particular type of timeout.
472
473Returns: nothing
474*/
475
7cd1141b
PH		 476static void
477set_errno(address_item *addrlist, int errno_value, uschar *msg, int rc,
895fbaf2
JH		 478 BOOL pass_message, host_item * host
479#ifdef EXPERIMENTAL_DSN_INFO
480 , const uschar * smtp_greeting, const uschar * helo_response
481#endif
482 )
0756eb3c
PH		 483{
484address_item *addr;
485int orvalue = 0;
486if (errno_value == ERRNO_CONNECTTIMEOUT)
487 {
488 errno_value = ETIMEDOUT;
489 orvalue = RTEF_CTOUT;
490 }
895fbaf2 491for (addr = addrlist; addr; addr = addr->next)
168dec3b 492 if (addr->transport_return >= PENDING)
447d236c 493 {
168dec3b
JH		 494 addr->basic_errno = errno_value;
495 addr->more_errno |= orvalue;
02b41d71 496 if (msg)
168dec3b
JH		 497 {
498 addr->message = msg;
499 if (pass_message) setflag(addr, af_pass_message);
500 }
501 addr->transport_return = rc;
502 if (host)
895fbaf2 503 {
168dec3b 504 addr->host_used = host;
895fbaf2
JH		 505#ifdef EXPERIMENTAL_DSN_INFO
506 if (smtp_greeting)
507 {uschar * s = Ustrchr(smtp_greeting, '\n'); if (s) *s = '\0';}
508 addr->smtp_greeting = smtp_greeting;
509
510 if (helo_response)
511 {uschar * s = Ustrchr(helo_response, '\n'); if (s) *s = '\0';}
512 addr->helo_response = helo_response;
513#endif
514 }
447d236c 515 }
0756eb3c
PH		 516}
517
895fbaf2
JH		 518static void
519set_errno_nohost(address_item *addrlist, int errno_value, uschar *msg, int rc,
520 BOOL pass_message)
521{
522set_errno(addrlist, errno_value, msg, rc, pass_message, NULL
523#ifdef EXPERIMENTAL_DSN_INFO
524 , NULL, NULL
525#endif
526 );
527}
0756eb3c
PH		 528
529
530/*************************************************
531* Check an SMTP response *
532*************************************************/
533
534/* This function is given an errno code and the SMTP response buffer
535to analyse, together with the host identification for generating messages. It
536sets an appropriate message and puts the first digit of the response code into
537the yield variable. If no response was actually read, a suitable digit is
538chosen.
539
540Arguments:
447d236c
PH		 541 host the current host, to get its name for messages
542 errno_value pointer to the errno value
543 more_errno from the top address for use with ERRNO_FILTER_FAIL
544 buffer the SMTP response buffer
545 yield where to put a one-digit SMTP response code
4c04137d 546 message where to put an error message
447d236c
PH		 547 pass_message set TRUE if message is an SMTP response
548
549Returns: TRUE if an SMTP "QUIT" command should be sent, else FALSE
0756eb3c
PH		 550*/
551
a7538db1
JH		 552static BOOL
553check_response(host_item *host, int *errno_value, int more_errno,
447d236c 554 uschar *buffer, int *yield, uschar **message, BOOL *pass_message)
0756eb3c 555{
0d9fa8c0 556uschar * pl = pipelining_active ? US"pipelined " : US"";
e9166683 557const uschar * s;
0756eb3c
PH		 558
559*yield = '4'; /* Default setting is to give a temporary error */
560
e9166683 561switch(*errno_value)
0756eb3c 562 {
e9166683
JH		 563 case ETIMEDOUT: /* Handle response timeout */
564 *message = US string_sprintf("SMTP timeout after %s%s",
565 pl, smtp_command);
566 if (transport_count > 0)
567 *message = US string_sprintf("%s (%d bytes written)", *message,
568 transport_count);
569 return FALSE;
570
571 case ERRNO_SMTPFORMAT: /* Handle malformed SMTP response */
572 s = string_printing(buffer);
573 while (isspace(*s)) s++;
574 *message = *s == 0
575 ? string_sprintf("Malformed SMTP reply (an empty line) "
576 "in response to %s%s", pl, smtp_command)
577 : string_sprintf("Malformed SMTP reply in response to %s%s: %s",
578 pl, smtp_command, s);
579 return FALSE;
580
581 case ERRNO_FILTER_FAIL: /* Handle a failed filter process error;
582 can't send QUIT as we mustn't end the DATA. */
583 *message = string_sprintf("transport filter process failed (%d)%s",
584 more_errno,
585 more_errno == EX_EXECFAILED ? ": unable to execute command" : "");
586 return FALSE;
587
588 case ERRNO_CHHEADER_FAIL: /* Handle a failed add_headers expansion;
589 can't send QUIT as we mustn't end the DATA. */
590 *message =
591 string_sprintf("failed to expand headers_add or headers_remove: %s",
592 expand_string_message);
593 return FALSE;
594
595 case ERRNO_WRITEINCOMPLETE: /* failure to write a complete data block */
596 *message = string_sprintf("failed to write a data block");
597 return FALSE;
0756eb3c 598
8c5d388a 599#ifdef SUPPORT_I18N
e9166683
JH		 600 case ERRNO_UTF8_FWD: /* no advertised SMTPUTF8, for international message */
601 *message = US"utf8 support required but not offered for forwarding";
602 DEBUG(D_deliver|D_transport) debug_printf("%s\n", *message);
603 return TRUE;
250b6871 604#endif
e9166683 605 }
250b6871 606
0756eb3c
PH		 607/* Handle error responses from the remote mailer. */
608
609if (buffer[0] != 0)
610 {
e9166683
JH		 611 *message = string_sprintf("SMTP error from remote mail server after %s%s: "
612 "%s", pl, smtp_command, s = string_printing(buffer));
447d236c 613 *pass_message = TRUE;
0756eb3c
PH		 614 *yield = buffer[0];
615 return TRUE;
616 }
617
618/* No data was read. If there is no errno, this must be the EOF (i.e.
19b9dc85
PH		 619connection closed) case, which causes deferral. An explicit connection reset
620error has the same effect. Otherwise, put the host's identity in the message,
621leaving the errno value to be interpreted as well. In all cases, we have to
622assume the connection is now dead. */
0756eb3c 623
19b9dc85 624if (*errno_value == 0 || *errno_value == ECONNRESET)
0756eb3c
PH		 625 {
626 *errno_value = ERRNO_SMTPCLOSED;
c562fd30 627 *message = US string_sprintf("Remote host closed connection "
02b41d71 628 "in response to %s%s", pl, smtp_command);
0756eb3c 629 }
de6273b4
JH		 630else
631 *message = US string_sprintf("%s [%s]", host->name, host->address);
0756eb3c
PH		 632
633return FALSE;
634}
635
636
637
638/*************************************************
639* Write error message to logs *
640*************************************************/
641
642/* This writes to the main log and to the message log.
643
644Arguments:
0756eb3c 645 host the current host
ec62d0a9
HSHR		 646 detail the current message (addr_item->message)
647 basic_errno the errno (addr_item->basic_errno)
0756eb3c
PH		 648
649Returns: nothing
650*/
651
652static void
ec62d0a9 653write_logs(const host_item *host, const uschar *suffix, int basic_errno)
0756eb3c 654{
ec62d0a9
HSHR		 655
656
657uschar *message = LOGGING(outgoing_port)
584ddd64
JH		 658 ? string_sprintf("H=%s [%s]:%d", host->name, host->address,
659 host->port == PORT_NONE ? 25 : host->port)
660 : string_sprintf("H=%s [%s]", host->name, host->address);
c562fd30 661
ec62d0a9 662if (suffix)
0756eb3c 663 {
ec62d0a9
HSHR		 664 message = string_sprintf("%s: %s", message, suffix);
665 if (basic_errno > 0)
666 message = string_sprintf("%s: %s", message, strerror(basic_errno));
0756eb3c
PH		 667 }
668else
ec62d0a9
HSHR		 669 message = string_sprintf("%s %s", message, exim_errstr(basic_errno));
670
671log_write(0, LOG_MAIN, "%s", message);
672deliver_msglog("%s %s\n", tod_stamp(tod_log), message);
0756eb3c
PH		 673}
674
c562fd30
JH		 675static void
676msglog_line(host_item * host, uschar * message)
677{
37f3dc43
JH		 678deliver_msglog("%s H=%s [%s] %s\n", tod_stamp(tod_log),
679 host->name, host->address, message);
c562fd30
JH		 680}
681
0756eb3c
PH		 682
683
0cbf2b82 684#ifndef DISABLE_EVENT
d68218c7
JH		 685/*************************************************
686* Post-defer action *
687*************************************************/
688
689/* This expands an arbitrary per-transport string.
690 It might, for example, be used to write to the database log.
691
692Arguments:
d68218c7
JH		 693 addr the address item containing error information
694 host the current host
695
696Returns: nothing
697*/
698
699static void
774ef2d7 700deferred_event_raise(address_item *addr, host_item *host)
d68218c7 701{
774ef2d7 702uschar * action = addr->transport->event_action;
55414b25 703const uschar * save_domain;
a7538db1
JH		 704uschar * save_local;
705
d68218c7 706if (!action)
a7538db1 707 return;
d68218c7 708
a7538db1
JH		 709save_domain = deliver_domain;
710save_local = deliver_localpart;
711
712/*XXX would ip & port already be set up? */
713deliver_host_address = string_copy(host->address);
774ef2d7
JH		 714deliver_host_port = host->port == PORT_NONE ? 25 : host->port;
715event_defer_errno = addr->basic_errno;
d68218c7
JH		 716
717router_name = addr->router->name;
718transport_name = addr->transport->name;
a7538db1
JH		 719deliver_domain = addr->domain;
720deliver_localpart = addr->local_part;
721
774ef2d7 722(void) event_raise(action, US"msg:host:defer",
a7538db1
JH		 723 addr->message
724 ? addr->basic_errno > 0
725 ? string_sprintf("%s: %s", addr->message, strerror(addr->basic_errno))
726 : string_copy(addr->message)
727 : addr->basic_errno > 0
728 ? string_copy(US strerror(addr->basic_errno))
729 : NULL);
730
731deliver_localpart = save_local;
732deliver_domain = save_domain;
d68218c7
JH		 733router_name = transport_name = NULL;
734}
735#endif
736
0756eb3c
PH		 737/*************************************************
738* Synchronize SMTP responses *
739*************************************************/
740
741/* This function is called from smtp_deliver() to receive SMTP responses from
742the server, and match them up with the commands to which they relate. When
743PIPELINING is not in use, this function is called after every command, and is
744therefore somewhat over-engineered, but it is simpler to use a single scheme
745that works both with and without PIPELINING instead of having two separate sets
746of code.
747
748The set of commands that are buffered up with pipelining may start with MAIL
749and may end with DATA; in between are RCPT commands that correspond to the
750addresses whose status is PENDING_DEFER. All other commands (STARTTLS, AUTH,
751etc.) are never buffered.
752
753Errors after MAIL or DATA abort the whole process leaving the response in the
754buffer. After MAIL, pending responses are flushed, and the original command is
755re-instated in big_buffer for error messages. For RCPT commands, the remote is
756permitted to reject some recipient addresses while accepting others. However
757certain errors clearly abort the whole process. Set the value in
758transport_return to PENDING_OK if the address is accepted. If there is a
759subsequent general error, it will get reset accordingly. If not, it will get
760converted to OK at the end.
761
762Arguments:
df5b41e3 763 sx smtp connection context
48c7f9e2 764 count the number of responses to read
48c7f9e2
PH		 765 pending_DATA 0 if last command sent was not DATA
766 +1 if previously had a good recipient
767 -1 if not previously had a good recipient
0756eb3c
PH		 768
769Returns: 3 if at least one address had 2xx and one had 5xx
770 2 if at least one address had 5xx but none had 2xx
771 1 if at least one host had a 2xx response, but none had 5xx
772 0 no address had 2xx or 5xx but no errors (all 4xx, or just DATA)
773 -1 timeout while reading RCPT response
774 -2 I/O or other non-response error for RCPT
775 -3 DATA or MAIL failed - errno and buffer set
776*/
777
778static int
df5b41e3 779sync_responses(smtp_context * sx, int count, int pending_DATA)
0756eb3c 780{
df5b41e3 781address_item *addr = sx->sync_addr;
e9166683
JH		 782smtp_transport_options_block *ob =
783 (smtp_transport_options_block *)sx->tblock->options_block;
0756eb3c
PH		 784int yield = 0;
785
786/* Handle the response for a MAIL command. On error, reinstate the original
787command in big_buffer for error message use, and flush any further pending
788responses before returning, except after I/O errors and timeouts. */
789
df5b41e3 790if (sx->pending_MAIL)
0756eb3c
PH		 791 {
792 count--;
e9166683
JH		 793 if (!smtp_read_response(&sx->inblock, sx->buffer, sizeof(sx->buffer),
794 '2', ob->command_timeout))
0756eb3c 795 {
e027f545 796 DEBUG(D_transport) debug_printf("bad response for MAIL\n");
0756eb3c 797 Ustrcpy(big_buffer, mail_command); /* Fits, because it came from there! */
df5b41e3 798 if (errno == 0 && sx->buffer[0] != 0)
0756eb3c
PH		 799 {
800 uschar flushbuffer[4096];
e97957bc 801 int save_errno = 0;
df5b41e3 802 if (sx->buffer[0] == '4')
e97957bc
PH		 803 {
804 save_errno = ERRNO_MAIL4XX;
df5b41e3 805 addr->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
e97957bc 806 }
0756eb3c
PH		 807 while (count-- > 0)
808 {
df5b41e3 809 if (!smtp_read_response(&sx->inblock, flushbuffer, sizeof(flushbuffer),
e9166683 810 '2', ob->command_timeout)
0756eb3c
PH		 811 && (errno != 0 || flushbuffer[0] == 0))
812 break;
813 }
e97957bc 814 errno = save_errno;
0756eb3c 815 }
c562fd30
JH		 816
817 if (pending_DATA) count--; /* Number of RCPT responses to come */
818 while (count-- > 0) /* Mark any pending addrs with the host used */
819 {
820 while (addr->transport_return != PENDING_DEFER) addr = addr->next;
df5b41e3 821 addr->host_used = sx->host;
c562fd30
JH		 822 addr = addr->next;
823 }
0756eb3c
PH		 824 return -3;
825 }
826 }
827
828if (pending_DATA) count--; /* Number of RCPT responses to come */
829
830/* Read and handle the required number of RCPT responses, matching each one up
831with an address by scanning for the next address whose status is PENDING_DEFER.
832*/
833
834while (count-- > 0)
835 {
4c2471ca
JH		 836 while (addr->transport_return != PENDING_DEFER)
837 if (!(addr = addr->next))
838 return -2;
0756eb3c
PH		 839
840 /* The address was accepted */
df5b41e3 841 addr->host_used = sx->host;
0756eb3c 842
e9166683
JH		 843 if (smtp_read_response(&sx->inblock, sx->buffer, sizeof(sx->buffer),
844 '2', ob->command_timeout))
0756eb3c
PH		 845 {
846 yield |= 1;
847 addr->transport_return = PENDING_OK;
848
849 /* If af_dr_retry_exists is set, there was a routing delay on this address;
09945f1e
PH		 850 ensure that any address-specific retry record is expunged. We do this both
851 for the basic key and for the version that also includes the sender. */
0756eb3c
PH		 852
853 if (testflag(addr, af_dr_retry_exists))
09945f1e
PH		 854 {
855 uschar *altkey = string_sprintf("%s:<%s>", addr->address_retry_key,
856 sender_address);
857 retry_add_item(addr, altkey, rf_delete);
0756eb3c 858 retry_add_item(addr, addr->address_retry_key, rf_delete);
09945f1e 859 }
0756eb3c
PH		 860 }
861
862 /* Timeout while reading the response */
863
864 else if (errno == ETIMEDOUT)
865 {
c562fd30 866 uschar *message = string_sprintf("SMTP timeout after RCPT TO:<%s>",
e9166683 867 transport_rcpt_address(addr, sx->tblock->rcpt_include_affixes));
df5b41e3 868 set_errno_nohost(sx->first_addr, ETIMEDOUT, message, DEFER, FALSE);
0756eb3c 869 retry_add_item(addr, addr->address_retry_key, 0);
f6c332bd 870 update_waiting = FALSE;
0756eb3c
PH		 871 return -1;
872 }
873
874 /* Handle other errors in obtaining an SMTP response by returning -1. This
875 will cause all the addresses to be deferred. Restore the SMTP command in
876 big_buffer for which we are checking the response, so the error message
877 makes sense. */
878
df5b41e3 879 else if (errno != 0 || sx->buffer[0] == 0)
0756eb3c
PH		 880 {
881 string_format(big_buffer, big_buffer_size, "RCPT TO:<%s>",
df5b41e3 882 transport_rcpt_address(addr, sx->tblock->rcpt_include_affixes));
0756eb3c
PH		 883 return -2;
884 }
885
886 /* Handle SMTP permanent and temporary response codes. */
887
888 else
889 {
890 addr->message =
447d236c 891 string_sprintf("SMTP error from remote mail server after RCPT TO:<%s>: "
df5b41e3
JH		 892 "%s", transport_rcpt_address(addr, sx->tblock->rcpt_include_affixes),
893 string_printing(sx->buffer));
447d236c 894 setflag(addr, af_pass_message);
e9166683
JH		 895 if (!sx->verify)
896 msglog_line(sx->host, addr->message);
0756eb3c
PH		 897
898 /* The response was 5xx */
899
df5b41e3 900 if (sx->buffer[0] == '5')
0756eb3c
PH		 901 {
902 addr->transport_return = FAIL;
903 yield |= 2;
904 }
905
906 /* The response was 4xx */
907
908 else
909 {
0756eb3c
PH		 910 addr->transport_return = DEFER;
911 addr->basic_errno = ERRNO_RCPT4XX;
df5b41e3 912 addr->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
0756eb3c 913
e9166683
JH		 914 if (!sx->verify)
915 {
0cbf2b82 916#ifndef DISABLE_EVENT
e9166683
JH		 917 event_defer_errno = addr->more_errno;
918 msg_event_raise(US"msg:rcpt:host:defer", addr);
5ef5dd52
JB		 919#endif
920
e9166683
JH		 921 /* Log temporary errors if there are more hosts to be tried.
922 If not, log this last one in the == line. */
0756eb3c 923
e9166683
JH		 924 if (sx->host->next)
925 log_write(0, LOG_MAIN, "H=%s [%s]: %s",
926 sx->host->name, sx->host->address, addr->message);
0756eb3c 927
0cbf2b82 928#ifndef DISABLE_EVENT
e9166683
JH		 929 else
930 msg_event_raise(US"msg:rcpt:defer", addr);
5ef5dd52
JB		 931#endif
932
e9166683
JH		 933 /* Do not put this message on the list of those waiting for specific
934 hosts, as otherwise it is likely to be tried too often. */
0756eb3c 935
e9166683 936 update_waiting = FALSE;
0756eb3c 937
e9166683
JH		 938 /* Add a retry item for the address so that it doesn't get tried again
939 too soon. If address_retry_include_sender is true, add the sender address
940 to the retry key. */
0756eb3c 941
e9166683
JH		 942 retry_add_item(addr,
943 ob->address_retry_include_sender
944 ? string_sprintf("%s:<%s>", addr->address_retry_key, sender_address)
945 : addr->address_retry_key,
946 0);
947 }
0756eb3c
PH		 948 }
949 }
950 } /* Loop for next RCPT response */
951
952/* Update where to start at for the next block of responses, unless we
953have already handled all the addresses. */
954
e9166683 955if (addr) sx->sync_addr = addr->next;
0756eb3c
PH		 956
957/* Handle a response to DATA. If we have not had any good recipients, either
958previously or in this block, the response is ignored. */
959
960if (pending_DATA != 0 &&
e9166683
JH		 961 !smtp_read_response(&sx->inblock, sx->buffer, sizeof(sx->buffer),
962 '3', ob->command_timeout))
0756eb3c
PH		 963 {
964 int code;
965 uschar *msg;
447d236c 966 BOOL pass_message;
e97957bc
PH		 967 if (pending_DATA > 0 || (yield & 1) != 0)
968 {
df5b41e3 969 if (errno == 0 && sx->buffer[0] == '4')
e97957bc
PH		 970 {
971 errno = ERRNO_DATA4XX;
df5b41e3 972 sx->first_addr->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
e97957bc
PH		 973 }
974 return -3;
975 }
df5b41e3 976 (void)check_response(sx->host, &errno, 0, sx->buffer, &code, &msg, &pass_message);
0756eb3c
PH		 977 DEBUG(D_transport) debug_printf("%s\nerror for DATA ignored: pipelining "
978 "is in use and there were no good recipients\n", msg);
979 }
980
981/* All responses read and handled; MAIL (if present) received 2xx and DATA (if
982present) received 3xx. If any RCPTs were handled and yielded anything other
983than 4xx, yield will be set non-zero. */
984
985return yield;
986}
987
988
989
fcc8e047
JH		 990/* Do the client side of smtp-level authentication */
991/*
992Arguments:
993 buffer EHLO response from server (gets overwritten)
994 addrlist chain of potential addresses to deliver
995 host host to deliver to
996 ob transport options
997 ibp, obp comms channel control blocks
998
999Returns:
1000 OK Success, or failed (but not required): global "smtp_authenticated" set
1001 DEFER Failed authentication (and was required)
1002 ERROR Internal problem
1003
1004 FAIL_SEND Failed communications - transmit
1005 FAIL - response
1006*/
1007
1008int
1009smtp_auth(uschar *buffer, unsigned bufsize, address_item *addrlist, host_item *host,
1010 smtp_transport_options_block *ob, BOOL is_esmtp,
1011 smtp_inblock *ibp, smtp_outblock *obp)
1012{
a7538db1
JH		 1013int require_auth;
1014uschar *fail_reason = US"server did not advertise AUTH support";
fcc8e047 1015
a7538db1
JH		 1016smtp_authenticated = FALSE;
1017client_authenticator = client_authenticated_id = client_authenticated_sender = NULL;
5130845b 1018require_auth = verify_check_given_host(&ob->hosts_require_auth, host);
fcc8e047 1019
a7538db1
JH		 1020if (is_esmtp && !regex_AUTH) regex_AUTH =
1021 regex_must_compile(US"\\n250[\\s\\-]AUTH\\s+([\\-\\w\\s]+)(?:\\n|$)",
1022 FALSE, TRUE);
fcc8e047 1023
a7538db1
JH		 1024if (is_esmtp && regex_match_and_setup(regex_AUTH, buffer, 0, -1))
1025 {
1026 uschar *names = string_copyn(expand_nstring[1], expand_nlength[1]);
1027 expand_nmax = -1; /* reset */
fcc8e047 1028
a7538db1
JH		 1029 /* Must not do this check until after we have saved the result of the
1030 regex match above. */
fcc8e047 1031
a7538db1 1032 if (require_auth == OK ||
5130845b 1033 verify_check_given_host(&ob->hosts_try_auth, host) == OK)
a7538db1
JH		 1034 {
1035 auth_instance *au;
1036 fail_reason = US"no common mechanisms were found";
fcc8e047 1037
a7538db1 1038 DEBUG(D_transport) debug_printf("scanning authentication mechanisms\n");
fcc8e047 1039
a7538db1
JH		 1040 /* Scan the configured authenticators looking for one which is configured
1041 for use as a client, which is not suppressed by client_condition, and
1042 whose name matches an authentication mechanism supported by the server.
1043 If one is found, attempt to authenticate by calling its client function.
1044 */
fcc8e047 1045
cab0c277 1046 for (au = auths; !smtp_authenticated && au; au = au->next)
a7538db1
JH		 1047 {
1048 uschar *p = names;
1049 if (!au->client ||
1050 (au->client_condition != NULL &&
1051 !expand_check_condition(au->client_condition, au->name,
1052 US"client authenticator")))
1053 {
1054 DEBUG(D_transport) debug_printf("skipping %s authenticator: %s\n",
1055 au->name,
1056 (au->client)? "client_condition is false" :
1057 "not configured as a client");
1058 continue;
1059 }
fcc8e047 1060
a7538db1 1061 /* Loop to scan supported server mechanisms */
fcc8e047 1062
cab0c277 1063 while (*p)
a7538db1
JH		 1064 {
1065 int rc;
1066 int len = Ustrlen(au->public_name);
1067 while (isspace(*p)) p++;
fcc8e047 1068
a7538db1
JH		 1069 if (strncmpic(au->public_name, p, len) != 0 ||
1070 (p[len] != 0 && !isspace(p[len])))
1071 {
1072 while (*p != 0 && !isspace(*p)) p++;
1073 continue;
1074 }
fcc8e047 1075
a7538db1
JH		 1076 /* Found data for a listed mechanism. Call its client entry. Set
1077 a flag in the outblock so that data is overwritten after sending so
1078 that reflections don't show it. */
fcc8e047 1079
a7538db1
JH		 1080 fail_reason = US"authentication attempt(s) failed";
1081 obp->authenticating = TRUE;
1082 rc = (au->info->clientcode)(au, ibp, obp,
1083 ob->command_timeout, buffer, bufsize);
1084 obp->authenticating = FALSE;
1085 DEBUG(D_transport) debug_printf("%s authenticator yielded %d\n",
1086 au->name, rc);
fcc8e047 1087
a7538db1
JH		 1088 /* A temporary authentication failure must hold up delivery to
1089 this host. After a permanent authentication failure, we carry on
1090 to try other authentication methods. If all fail hard, try to
1091 deliver the message unauthenticated unless require_auth was set. */
fcc8e047 1092
a7538db1
JH		 1093 switch(rc)
1094 {
1095 case OK:
1096 smtp_authenticated = TRUE; /* stops the outer loop */
1097 client_authenticator = au->name;
1098 if (au->set_client_id != NULL)
1099 client_authenticated_id = expand_string(au->set_client_id);
1100 break;
1101
1102 /* Failure after writing a command */
1103
1104 case FAIL_SEND:
1105 return FAIL_SEND;
1106
1107 /* Failure after reading a response */
1108
1109 case FAIL:
1110 if (errno != 0 || buffer[0] != '5') return FAIL;
1111 log_write(0, LOG_MAIN, "%s authenticator failed H=%s [%s] %s",
1112 au->name, host->name, host->address, buffer);
1113 break;
1114
1115 /* Failure by some other means. In effect, the authenticator
1116 decided it wasn't prepared to handle this case. Typically this
1117 is the result of "fail" in an expansion string. Do we need to
1118 log anything here? Feb 2006: a message is now put in the buffer
1119 if logging is required. */
1120
1121 case CANCELLED:
1122 if (*buffer != 0)
1123 log_write(0, LOG_MAIN, "%s authenticator cancelled "
1124 "authentication H=%s [%s] %s", au->name, host->name,
1125 host->address, buffer);
1126 break;
1127
1128 /* Internal problem, message in buffer. */
1129
1130 case ERROR:
895fbaf2
JH		 1131 set_errno_nohost(addrlist, ERRNO_AUTHPROB, string_copy(buffer),
1132 DEFER, FALSE);
a7538db1
JH		 1133 return ERROR;
1134 }
fcc8e047 1135
a7538db1
JH		 1136 break; /* If not authenticated, try next authenticator */
1137 } /* Loop for scanning supported server mechanisms */
1138 } /* Loop for further authenticators */
fcc8e047 1139 }
a7538db1 1140 }
fcc8e047 1141
a7538db1 1142/* If we haven't authenticated, but are required to, give up. */
fcc8e047 1143
a7538db1
JH		 1144if (require_auth == OK && !smtp_authenticated)
1145 {
895fbaf2 1146 set_errno_nohost(addrlist, ERRNO_AUTHFAIL,
a7538db1 1147 string_sprintf("authentication required but %s", fail_reason), DEFER,
895fbaf2 1148 FALSE);
a7538db1
JH		 1149 return DEFER;
1150 }
4d8d62b9 1151
a7538db1 1152return OK;
fcc8e047
JH		 1153}
1154
1155
1156/* Construct AUTH appendix string for MAIL TO */
1157/*
1158Arguments
1159 buffer to build string
1160 addrlist chain of potential addresses to deliver
1161 ob transport options
1162
1163Globals smtp_authenticated
1164 client_authenticated_sender
1165Return True on error, otherwise buffer has (possibly empty) terminated string
1166*/
1167
1168BOOL
1169smtp_mail_auth_str(uschar *buffer, unsigned bufsize, address_item *addrlist,
1170 smtp_transport_options_block *ob)
1171{
1172uschar *local_authenticated_sender = authenticated_sender;
1173
1174#ifdef notdef
1175 debug_printf("smtp_mail_auth_str: as<%s> os<%s> SA<%s>\n", authenticated_sender, ob->authenticated_sender, smtp_authenticated?"Y":"N");
1176#endif
1177
1178if (ob->authenticated_sender != NULL)
1179 {
1180 uschar *new = expand_string(ob->authenticated_sender);
1181 if (new == NULL)
1182 {
1183 if (!expand_string_forcedfail)
1184 {
1185 uschar *message = string_sprintf("failed to expand "
1186 "authenticated_sender: %s", expand_string_message);
895fbaf2 1187 set_errno_nohost(addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE);
fcc8e047
JH		 1188 return TRUE;
1189 }
1190 }
1191 else if (new[0] != 0) local_authenticated_sender = new;
1192 }
1193
1194/* Add the authenticated sender address if present */
1195
1196if ((smtp_authenticated || ob->authenticated_sender_force) &&
1197 local_authenticated_sender != NULL)
1198 {
1199 string_format(buffer, bufsize, " AUTH=%s",
1200 auth_xtextencode(local_authenticated_sender,
1201 Ustrlen(local_authenticated_sender)));
1202 client_authenticated_sender = string_copy(local_authenticated_sender);
1203 }
1204else
1205 *buffer= 0;
1206
1207return FALSE;
1208}
1209
1210
1211
c0635b6d 1212#ifdef SUPPORT_DANE
2d5fdd53
JH		 1213/* Lookup TLSA record for host/port.
1214Return: OK success with dnssec; DANE mode
1215 DEFER Do not use this host now, may retry later
1216 FAIL_FORCED No TLSA record; DANE not usable
1217 FAIL Do not use this connection
1218*/
1219
0e66b3b6 1220int
4b0fe319 1221tlsa_lookup(const host_item * host, dns_answer * dnsa, BOOL dane_required)
0e66b3b6
JH		 1222{
1223/* move this out to host.c given the similarity to dns_lookup() ? */
1224uschar buffer[300];
55414b25 1225const uschar * fullname = buffer;
58c30e47
JH		 1226int rc;
1227BOOL sec;
0e66b3b6
JH		 1228
1229/* TLSA lookup string */
1230(void)sprintf(CS buffer, "_%d._tcp.%.256s", host->port, host->name);
1231
58c30e47
JH		 1232rc = dns_lookup(dnsa, buffer, T_TLSA, &fullname);
1233sec = dns_is_secure(dnsa);
1234DEBUG(D_transport)
1235 debug_printf("TLSA lookup ret %d %sDNSSEC\n", rc, sec ? "" : "not ");
1236
1237switch (rc)
0e66b3b6 1238 {
2d5fdd53
JH		 1239 case DNS_AGAIN:
1240 return DEFER; /* just defer this TLS'd conn */
1241
899b8bbc
JH		 1242 case DNS_SUCCEED:
1243 if (sec) return OK;
1244 log_write(0, LOG_MAIN,
1245 "DANE error: TLSA lookup for %s not DNSSEC", host->name);
1246 /*FALLTRHOUGH*/
1247
ef3a1a30
JH		 1248 case DNS_NODATA: /* no TLSA RR for this lookup */
1249 case DNS_NOMATCH: /* no records at all for this lookup */
6b524204 1250 return dane_required ? FAIL : FAIL_FORCED;
2d5fdd53
JH		 1251
1252 default:
1253 case DNS_FAIL:
1254 return dane_required ? FAIL : DEFER;
0e66b3b6 1255 }
0e66b3b6
JH		 1256}
1257#endif
1258
1259
a39bd74d
JB		 1260
1261typedef struct smtp_compare_s
1262{
1263 uschar *current_sender_address;
1264 struct transport_instance *tblock;
1265} smtp_compare_t;
1266
d093f8e5
JH		 1267
1268/* Create a unique string that identifies this message, it is based on
1269sender_address, helo_data and tls_certificate if enabled.
1270*/
a39bd74d
JB		 1271
1272static uschar *
1273smtp_local_identity(uschar * sender, struct transport_instance * tblock)
1274{
1275address_item * addr1;
1276uschar * if1 = US"";
1277uschar * helo1 = US"";
1278#ifdef SUPPORT_TLS
1279uschar * tlsc1 = US"";
1280#endif
1281uschar * save_sender_address = sender_address;
1282uschar * local_identity = NULL;
1283smtp_transport_options_block * ob =
1284 (smtp_transport_options_block *)tblock->options_block;
1285
1286sender_address = sender;
1287
1288addr1 = deliver_make_addr (sender, TRUE);
1289deliver_set_expansions(addr1);
1290
1291if (ob->interface)
1292 if1 = expand_string(ob->interface);
1293
1294if (ob->helo_data)
1295 helo1 = expand_string(ob->helo_data);
1296
1297#ifdef SUPPORT_TLS
1298if (ob->tls_certificate)
1299 tlsc1 = expand_string(ob->tls_certificate);
1300local_identity = string_sprintf ("%s^%s^%s", if1, helo1, tlsc1);
1301#else
1302local_identity = string_sprintf ("%s^%s", if1, helo1);
1303#endif
1304
1305deliver_set_expansions(NULL);
1306sender_address = save_sender_address;
1307
1308return local_identity;
1309}
1310
1311
1312
1313/* This routine is a callback that is called from transport_check_waiting.
1314This function will evaluate the incoming message versus the previous
1315message. If the incoming message is using a different local identity then
1316we will veto this new message. */
1317
1318static BOOL
1319smtp_are_same_identities(uschar * message_id, smtp_compare_t * s_compare)
1320{
dadff1d4
HSHR		 1321uschar * message_local_identity,
1322 * current_local_identity,
1323 * new_sender_address;
1324
1325current_local_identity =
a39bd74d 1326 smtp_local_identity(s_compare->current_sender_address, s_compare->tblock);
a39bd74d 1327
dadff1d4
HSHR		 1328if (!(new_sender_address = deliver_get_sender_address(message_id)))
1329 return 0;
1330
1331message_local_identity =
1332 smtp_local_identity(new_sender_address, s_compare->tblock);
a39bd74d
JB		 1333
1334return Ustrcmp(current_local_identity, message_local_identity) == 0;
1335}
1336
1337
1338
8ac90765
JH		 1339static unsigned
1340ehlo_response(uschar * buf, unsigned checks)
9094b84b 1341{
e9166683
JH		 1342size_t bsize = Ustrlen(buf);
1343
9094b84b 1344#ifdef SUPPORT_TLS
14de8063 1345if ( checks & OPTION_TLS
ff5aac2b 1346 && pcre_exec(regex_STARTTLS, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
14de8063 1347 checks &= ~OPTION_TLS;
8ac90765
JH		 1348
1349# ifdef EXPERIMENTAL_REQUIRETLS
1350if ( checks & OPTION_REQUIRETLS
1351 && pcre_exec(regex_REQUIRETLS, NULL, CS buf,bsize, 0, PCRE_EOPT, NULL,0) < 0)
1352 checks &= ~OPTION_REQUIRETLS;
1353# endif
9094b84b
JH		 1354#endif
1355
14de8063 1356if ( checks & OPTION_IGNQ
ff5aac2b
JH		 1357 && pcre_exec(regex_IGNOREQUOTA, NULL, CS buf, bsize, 0,
1358 PCRE_EOPT, NULL, 0) < 0)
14de8063 1359 checks &= ~OPTION_IGNQ;
9094b84b 1360
14de8063 1361if ( checks & OPTION_CHUNKING
f98442df 1362 && pcre_exec(regex_CHUNKING, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
14de8063 1363 checks &= ~OPTION_CHUNKING;
f98442df 1364
9094b84b 1365#ifndef DISABLE_PRDR
14de8063 1366if ( checks & OPTION_PRDR
ff5aac2b 1367 && pcre_exec(regex_PRDR, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
14de8063 1368 checks &= ~OPTION_PRDR;
9094b84b
JH		 1369#endif
1370
1371#ifdef SUPPORT_I18N
14de8063 1372if ( checks & OPTION_UTF8
ff5aac2b 1373 && pcre_exec(regex_UTF8, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
14de8063 1374 checks &= ~OPTION_UTF8;
9094b84b
JH		 1375#endif
1376
14de8063 1377if ( checks & OPTION_DSN
ff5aac2b 1378 && pcre_exec(regex_DSN, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
14de8063 1379 checks &= ~OPTION_DSN;
9094b84b 1380
14de8063 1381if ( checks & OPTION_PIPE
ff5aac2b
JH		 1382 && pcre_exec(regex_PIPELINING, NULL, CS buf, bsize, 0,
1383 PCRE_EOPT, NULL, 0) < 0)
14de8063 1384 checks &= ~OPTION_PIPE;
9094b84b 1385
14de8063 1386if ( checks & OPTION_SIZE
ff5aac2b 1387 && pcre_exec(regex_SIZE, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
14de8063 1388 checks &= ~OPTION_SIZE;
9094b84b
JH		 1389
1390return checks;
1391}
1392
1393
6d5c916c
JH		 1394
1395/* Callback for emitting a BDAT data chunk header.
6d5c916c 1396
e027f545
JH		 1397If given a nonzero size, first flush any buffered SMTP commands
1398then emit the command.
1399
d2aa036b
JH		 1400Reap previous SMTP command responses if requested, and always reap
1401the response from a previous BDAT command.
1402
1403Args:
1404 tctx transport context
1405 chunk_size value for SMTP BDAT command
1406 flags
1407 tc_chunk_last add LAST option to SMTP BDAT command
1408 tc_reap_prev reap response to previous SMTP commands
6d5c916c
JH		 1409
1410Returns: OK or ERROR
1411*/
1412
1413static int
d2aa036b
JH		 1414smtp_chunk_cmd_callback(transport_ctx * tctx, unsigned chunk_size,
1415 unsigned flags)
6d5c916c
JH		 1416{
1417smtp_transport_options_block * ob =
1418 (smtp_transport_options_block *)(tctx->tblock->options_block);
e9166683 1419smtp_context * sx = tctx->smtp_context;
e027f545
JH		 1420int cmd_count = 0;
1421int prev_cmd_count;
6d5c916c 1422
4e910c01
JH		 1423/* Write SMTP chunk header command. If not reaping responses, note that
1424there may be more writes (like, the chunk data) done soon. */
6d5c916c 1425
e027f545 1426if (chunk_size > 0)
87cb4a16 1427 {
4e910c01
JH		 1428 if((cmd_count = smtp_write_command(&sx->outblock,
1429 flags & tc_reap_prev ? SCMD_FLUSH : SCMD_MORE,
1430 "BDAT %u%s\r\n", chunk_size, flags & tc_chunk_last ? " LAST" : "")
e027f545 1431 ) < 0) return ERROR;
87cb4a16
JH		 1432 if (flags & tc_chunk_last)
1433 data_command = string_copy(big_buffer); /* Save for later error message */
1434 }
e027f545 1435
e9166683 1436prev_cmd_count = cmd_count += sx->cmd_count;
6d5c916c 1437
e027f545 1438/* Reap responses for any previous, but not one we just emitted */
6d5c916c 1439
e027f545
JH		 1440if (chunk_size > 0)
1441 prev_cmd_count--;
e9166683 1442if (sx->pending_BDAT)
e027f545 1443 prev_cmd_count--;
6d5c916c 1444
e027f545 1445if (flags & tc_reap_prev && prev_cmd_count > 0)
6d5c916c 1446 {
58fc5fb2
JH		 1447 DEBUG(D_transport) debug_printf("look for %d responses"
1448 " for previous pipelined cmds\n", prev_cmd_count);
6d5c916c 1449
e9166683 1450 switch(sync_responses(sx, prev_cmd_count, 0))
e027f545
JH		 1451 {
1452 case 1: /* 2xx (only) => OK */
e9166683
JH		 1453 case 3: sx->good_RCPT = TRUE; /* 2xx & 5xx => OK & progress made */
1454 case 2: sx->completed_addr = TRUE; /* 5xx (only) => progress made */
e027f545
JH		 1455 case 0: break; /* No 2xx or 5xx, but no probs */
1456
1457 case -1: /* Timeout on RCPT */
1458 default: return ERROR; /* I/O error, or any MAIL/DATA error */
1459 }
1460 cmd_count = 1;
e9166683 1461 if (!sx->pending_BDAT)
e027f545 1462 pipelining_active = FALSE;
6d5c916c 1463 }
e027f545 1464
58fc5fb2 1465/* Reap response for an outstanding BDAT */
e027f545 1466
e9166683 1467if (sx->pending_BDAT)
e027f545 1468 {
58fc5fb2
JH		 1469 DEBUG(D_transport) debug_printf("look for one response for BDAT\n");
1470
e9166683 1471 if (!smtp_read_response(&sx->inblock, sx->buffer, sizeof(sx->buffer), '2',
e027f545
JH		 1472 ob->command_timeout))
1473 {
e9166683 1474 if (errno == 0 && sx->buffer[0] == '4')
e027f545
JH		 1475 {
1476 errno = ERRNO_DATA4XX; /*XXX does this actually get used? */
36e55f49 1477 sx->addrlist->more_errno |=
e9166683 1478 ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
e027f545
JH		 1479 }
1480 return ERROR;
1481 }
1482 cmd_count--;
e9166683 1483 sx->pending_BDAT = FALSE;
e027f545
JH		 1484 pipelining_active = FALSE;
1485 }
1486else if (chunk_size > 0)
e9166683 1487 sx->pending_BDAT = TRUE;
e027f545
JH		 1488
1489
e9166683 1490sx->cmd_count = cmd_count;
e027f545 1491return OK;
6d5c916c
JH		 1492}
1493
1494
1495
0756eb3c 1496/*************************************************
d093f8e5 1497* Make connection for given message *
0756eb3c
PH		 1498*************************************************/
1499
d093f8e5
JH		 1500/*
1501Arguments:
1502 ctx connection context
d093f8e5
JH		 1503 suppress_tls if TRUE, don't attempt a TLS connection - this is set for
1504 a second attempt after TLS initialization fails
d093f8e5
JH		 1505
1506Returns: OK - the connection was made and the delivery attempted;
1507 fd is set in the conn context, tls_out set up.
1508 DEFER - the connection could not be made, or something failed
1509 while setting up the SMTP session, or there was a
1510 non-message-specific error, such as a timeout.
1511 ERROR - helo_data or add_headers or authenticated_sender is
1512 specified for this transport, and the string failed
1513 to expand
1514*/
1515int
e9166683 1516smtp_setup_conn(smtp_context * sx, BOOL suppress_tls)
d093f8e5 1517{
c0635b6d 1518#if defined(SUPPORT_TLS) && defined(SUPPORT_DANE)
d093f8e5
JH		 1519dns_answer tlsa_dnsa;
1520#endif
1521BOOL pass_message = FALSE;
d093f8e5 1522uschar * message = NULL;
d093f8e5
JH		 1523int yield = OK;
1524int rc;
1525
02b41d71 1526sx->ob = (smtp_transport_options_block *) sx->tblock->options_block;
d093f8e5
JH		 1527
1528sx->lmtp = strcmpic(sx->ob->protocol, US"lmtp") == 0;
1529sx->smtps = strcmpic(sx->ob->protocol, US"smtps") == 0;
1530sx->ok = FALSE;
1531sx->send_rset = TRUE;
1532sx->send_quit = TRUE;
1533sx->setting_up = TRUE;
1534sx->esmtp = TRUE;
1535sx->esmtp_sent = FALSE;
59a286ef 1536#ifdef SUPPORT_I18N
d093f8e5 1537sx->utf8_needed = FALSE;
59a286ef 1538#endif
d093f8e5 1539sx->dsn_all_lasthop = TRUE;
c0635b6d 1540#if defined(SUPPORT_TLS) && defined(SUPPORT_DANE)
d093f8e5 1541sx->dane = FALSE;
8ac90765
JH		 1542sx->dane_required =
1543 verify_check_given_host(&sx->ob->hosts_require_dane, sx->host) == OK;
d093f8e5
JH		 1544#endif
1545
1546if ((sx->max_rcpt = sx->tblock->max_addresses) == 0) sx->max_rcpt = 999999;
d093f8e5 1547sx->peer_offered = 0;
14de8063 1548sx->avoid_option = 0;
d093f8e5 1549sx->igquotstr = US"";
02b41d71 1550if (!sx->helo_data) sx->helo_data = sx->ob->helo_data;
d093f8e5
JH		 1551#ifdef EXPERIMENTAL_DSN_INFO
1552sx->smtp_greeting = NULL;
1553sx->helo_response = NULL;
59a286ef
JH		 1554#endif
1555
0756eb3c 1556smtp_command = US"initial connection";
d093f8e5 1557sx->buffer[0] = '\0';
0756eb3c
PH		 1558
1559/* Set up the buffer for reading SMTP response packets. */
1560
d093f8e5
JH		 1561sx->inblock.buffer = sx->inbuffer;
1562sx->inblock.buffersize = sizeof(sx->inbuffer);
1563sx->inblock.ptr = sx->inbuffer;
1564sx->inblock.ptrend = sx->inbuffer;
0756eb3c
PH		 1565
1566/* Set up the buffer for holding SMTP commands while pipelining */
1567
d093f8e5
JH		 1568sx->outblock.buffer = sx->outbuffer;
1569sx->outblock.buffersize = sizeof(sx->outbuffer);
1570sx->outblock.ptr = sx->outbuffer;
1571sx->outblock.cmd_count = 0;
1572sx->outblock.authenticating = FALSE;
0756eb3c 1573
6c512171
PH		 1574/* Reset the parameters of a TLS session. */
1575
817d9f57
JH		 1576tls_out.bits = 0;
1577tls_out.cipher = NULL; /* the one we may use for this transport */
9d1c15ef
JH		 1578tls_out.ourcert = NULL;
1579tls_out.peercert = NULL;
817d9f57
JH		 1580tls_out.peerdn = NULL;
1581#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
1582tls_out.sni = NULL;
5b456975 1583#endif
018058b2 1584tls_out.ocsp = OCSP_NOT_REQ;
6c512171 1585
35aba663
JH		 1586/* Flip the legacy TLS-related variables over to the outbound set in case
1587they're used in the context of the transport. Don't bother resetting
02b41d71
JH		 1588afterward (when being used by a transport) as we're in a subprocess.
1589For verify, unflipped once the callout is dealt with */
35aba663
JH		 1590
1591tls_modify_variables(&tls_out);
1592
061b7ebd 1593#ifndef SUPPORT_TLS
d093f8e5 1594if (sx->smtps)
061b7ebd 1595 {
d093f8e5 1596 set_errno_nohost(sx->addrlist, ERRNO_TLSFAILURE, US"TLS support not available",
895fbaf2 1597 DEFER, FALSE);
018058b2 1598 return ERROR;
061b7ebd
PP		 1599 }
1600#endif
1601
0756eb3c
PH		 1602/* Make a connection to the host if this isn't a continued delivery, and handle
1603the initial interaction and HELO/EHLO/LHLO. Connect timeout errors are handled
1604specially so they can be identified for retries. */
1605
58c30e47 1606if (!continue_hostname)
0756eb3c 1607 {
e9166683 1608 if (sx->verify)
02b41d71
JH		 1609 HDEBUG(D_verify) debug_printf("interface=%s port=%d\n", sx->interface, sx->port);
1610
58c30e47 1611 /* Get the actual port the connection will use, into sx->host */
4311097e 1612
58c30e47 1613 smtp_port_for_connect(sx->host, sx->port);
0756eb3c 1614
c0635b6d 1615#if defined(SUPPORT_TLS) && defined(SUPPORT_DANE)
58c30e47 1616 /* Do TLSA lookup for DANE */
0e66b3b6 1617 {
0e66b3b6
JH		 1618 tls_out.dane_verified = FALSE;
1619 tls_out.tlsa_usage = 0;
1620
d093f8e5 1621 if (sx->host->dnssec == DS_YES)
0e66b3b6 1622 {
d093f8e5
JH		 1623 if( sx->dane_required
1624 || verify_check_given_host(&sx->ob->hosts_try_dane, sx->host) == OK
0e66b3b6 1625 )
d093f8e5 1626 switch (rc = tlsa_lookup(sx->host, &tlsa_dnsa, sx->dane_required))
4b0fe319 1627 {
58c30e47
JH		 1628 case OK: sx->dane = TRUE;
1629 sx->ob->tls_tempfail_tryclear = FALSE;
1630 break;
2d5fdd53 1631 case FAIL_FORCED: break;
d093f8e5 1632 default: set_errno_nohost(sx->addrlist, ERRNO_DNSDEFER,
2d5fdd53
JH		 1633 string_sprintf("DANE error: tlsa lookup %s",
1634 rc == DEFER ? "DEFER" : "FAIL"),
1635 rc, FALSE);
8d3dc239 1636# ifndef DISABLE_EVENT
c4b57fdd
JH		 1637 (void) event_raise(sx->tblock->event_action,
1638 US"dane:fail", sx->dane_required
1639 ? US"dane-required" : US"dnssec-invalid");
8d3dc239 1640# endif
2d5fdd53 1641 return rc;
4b0fe319 1642 }
0e66b3b6 1643 }
d093f8e5 1644 else if (sx->dane_required)
0e66b3b6 1645 {
d093f8e5
JH		 1646 set_errno_nohost(sx->addrlist, ERRNO_DNSDEFER,
1647 string_sprintf("DANE error: %s lookup not DNSSEC", sx->host->name),
895fbaf2 1648 FAIL, FALSE);
8d3dc239 1649# ifndef DISABLE_EVENT
c4b57fdd
JH		 1650 (void) event_raise(sx->tblock->event_action,
1651 US"dane:fail", US"dane-required");
8d3dc239 1652# endif
4b0fe319 1653 return FAIL;
0e66b3b6 1654 }
0e66b3b6
JH		 1655 }
1656#endif /*DANE*/
1657
58c30e47
JH		 1658 /* Make the TCP connection */
1659
74f1a423 1660 sx->cctx.sock =
58c30e47
JH		 1661 smtp_connect(sx->host, sx->host_af, sx->interface,
1662 sx->ob->connect_timeout, sx->tblock);
74f1a423
JH		 1663 sx->cctx.tls_ctx = NULL;
1664 sx->inblock.cctx = sx->outblock.cctx = &sx->cctx;
58c30e47 1665
74f1a423 1666 if (sx->cctx.sock < 0)
58c30e47
JH		 1667 {
1668 uschar * msg = NULL;
1669 if (sx->verify)
1670 {
1671 msg = US strerror(errno);
1672 HDEBUG(D_verify) debug_printf("connect: %s\n", msg);
1673 }
1674 set_errno_nohost(sx->addrlist,
1675 errno == ETIMEDOUT ? ERRNO_CONNECTTIMEOUT : errno,
1676 sx->verify ? string_sprintf("could not connect: %s", msg)
1677 : NULL,
1678 DEFER, FALSE);
1679 sx->send_quit = FALSE;
1680 return DEFER;
1681 }
1682
41c7c167
PH		 1683 /* Expand the greeting message while waiting for the initial response. (Makes
1684 sense if helo_data contains ${lookup dnsdb ...} stuff). The expansion is
1685 delayed till here so that $sending_interface and $sending_port are set. */
1686
02b41d71
JH		 1687 if (sx->helo_data)
1688 if (!(sx->helo_data = expand_string(sx->helo_data)))
e9166683 1689 if (sx->verify)
02b41d71
JH		 1690 log_write(0, LOG_MAIN|LOG_PANIC,
1691 "<%s>: failed to expand transport's helo_data value for callout: %s",
1692 sx->addrlist->address, expand_string_message);
1693
8c5d388a 1694#ifdef SUPPORT_I18N
d093f8e5 1695 if (sx->helo_data)
810d16ad 1696 {
02b41d71
JH		 1697 expand_string_message = NULL;
1698 if ((sx->helo_data = string_domain_utf8_to_alabel(sx->helo_data,
1699 &expand_string_message)),
1700 expand_string_message)
e9166683 1701 if (sx->verify)
02b41d71
JH		 1702 log_write(0, LOG_MAIN|LOG_PANIC,
1703 "<%s>: failed to expand transport's helo_data value for callout: %s",
1704 sx->addrlist->address, expand_string_message);
1705 else
1706 sx->helo_data = NULL;
810d16ad
JH		 1707 }
1708#endif
41c7c167 1709
0756eb3c
PH		 1710 /* The first thing is to wait for an initial OK response. The dreaded "goto"
1711 is nevertheless a reasonably clean way of programming this kind of logic,
1712 where you want to escape on any error. */
1713
d093f8e5 1714 if (!sx->smtps)
061b7ebd 1715 {
8d330698
JH		 1716 BOOL good_response;
1717
1718#ifdef TCP_QUICKACK
74f1a423 1719 (void) setsockopt(sx->cctx.sock, IPPROTO_TCP, TCP_QUICKACK, US &off, sizeof(off));
8d330698 1720#endif
d093f8e5
JH		 1721 good_response = smtp_read_response(&sx->inblock, sx->buffer, sizeof(sx->buffer),
1722 '2', sx->ob->command_timeout);
895fbaf2 1723#ifdef EXPERIMENTAL_DSN_INFO
d093f8e5 1724 sx->smtp_greeting = string_copy(sx->buffer);
895fbaf2
JH		 1725#endif
1726 if (!good_response) goto RESPONSE_FAILED;
0756eb3c 1727
0cbf2b82 1728#ifndef DISABLE_EVENT
b30275b8 1729 {
805c9d53 1730 uschar * s;
d093f8e5
JH		 1731 lookup_dnssec_authenticated = sx->host->dnssec==DS_YES ? US"yes"
1732 : sx->host->dnssec==DS_NO ? US"no" : NULL;
1733 s = event_raise(sx->tblock->event_action, US"smtp:connect", sx->buffer);
b30275b8 1734 if (s)
a7538db1 1735 {
d093f8e5 1736 set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL,
b30275b8 1737 string_sprintf("deferred by smtp:connect event expansion: %s", s),
895fbaf2 1738 DEFER, FALSE);
a7538db1
JH		 1739 yield = DEFER;
1740 goto SEND_QUIT;
1741 }
b30275b8 1742 }
a7538db1
JH		 1743#endif
1744
061b7ebd
PP		 1745 /* Now check if the helo_data expansion went well, and sign off cleanly if
1746 it didn't. */
41c7c167 1747
d093f8e5 1748 if (!sx->helo_data)
061b7ebd 1749 {
d093f8e5 1750 message = string_sprintf("failed to expand helo_data: %s",
061b7ebd 1751 expand_string_message);
d093f8e5 1752 set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE);
061b7ebd
PP		 1753 yield = DEFER;
1754 goto SEND_QUIT;
1755 }
41c7c167
PH		 1756 }
1757
0756eb3c 1758/** Debugging without sending a message
d093f8e5 1759sx->addrlist->transport_return = DEFER;
0756eb3c
PH		 1760goto SEND_QUIT;
1761**/
1762
1763 /* Errors that occur after this point follow an SMTP command, which is
1764 left in big_buffer by smtp_write_command() for use in error messages. */
1765
1766 smtp_command = big_buffer;
1767
1768 /* Tell the remote who we are...
1769
1770 February 1998: A convention has evolved that ESMTP-speaking MTAs include the
1771 string "ESMTP" in their greeting lines, so make Exim send EHLO if the
1772 greeting is of this form. The assumption was that the far end supports it
1773 properly... but experience shows that there are some that give 5xx responses,
1774 even though the banner includes "ESMTP" (there's a bloody-minded one that
1775 says "ESMTP not spoken here"). Cope with that case.
1776
1777 September 2000: Time has passed, and it seems reasonable now to always send
1778 EHLO at the start. It is also convenient to make the change while installing
1779 the TLS stuff.
1780
1781 July 2003: Joachim Wieland met a broken server that advertises "PIPELINING"
1782 but times out after sending MAIL FROM, RCPT TO and DATA all together. There
1783 would be no way to send out the mails, so there is now a host list
1784 "hosts_avoid_esmtp" that disables ESMTP for special hosts and solves the
1785 PIPELINING problem as well. Maybe it can also be useful to cure other
1786 problems with broken servers.
1787
1788 Exim originally sent "Helo" at this point and ran for nearly a year that way.
1789 Then somebody tried it with a Microsoft mailer... It seems that all other
1790 mailers use upper case for some reason (the RFC is quite clear about case
1791 independence) so, for peace of mind, I gave in. */
1792
d093f8e5 1793 sx->esmtp = verify_check_given_host(&sx->ob->hosts_avoid_esmtp, sx->host) != OK;
0756eb3c 1794
061b7ebd
PP		 1795 /* Alas; be careful, since this goto is not an error-out, so conceivably
1796 we might set data between here and the target which we assume to exist
1797 and be usable. I can see this coming back to bite us. */
a7538db1 1798#ifdef SUPPORT_TLS
d093f8e5 1799 if (sx->smtps)
061b7ebd 1800 {
14de8063 1801 smtp_peer_options |= OPTION_TLS;
061b7ebd 1802 suppress_tls = FALSE;
d093f8e5 1803 sx->ob->tls_tempfail_tryclear = FALSE;
061b7ebd
PP		 1804 smtp_command = US"SSL-on-connect";
1805 goto TLS_NEGOTIATE;
1806 }
a7538db1 1807#endif
061b7ebd 1808
d093f8e5 1809 if (sx->esmtp)
0756eb3c 1810 {
4e910c01 1811 if (smtp_write_command(&sx->outblock, SCMD_FLUSH, "%s %s\r\n",
d093f8e5 1812 sx->lmtp ? "LHLO" : "EHLO", sx->helo_data) < 0)
0756eb3c 1813 goto SEND_FAILED;
d093f8e5
JH		 1814 sx->esmtp_sent = TRUE;
1815 if (!smtp_read_response(&sx->inblock, sx->buffer, sizeof(sx->buffer), '2',
1816 sx->ob->command_timeout))
0756eb3c 1817 {
d093f8e5 1818 if (errno != 0 || sx->buffer[0] == 0 || sx->lmtp)
895fbaf2
JH		 1819 {
1820#ifdef EXPERIMENTAL_DSN_INFO
d093f8e5 1821 sx->helo_response = string_copy(sx->buffer);
895fbaf2
JH		 1822#endif
1823 goto RESPONSE_FAILED;
1824 }
d093f8e5 1825 sx->esmtp = FALSE;
0756eb3c 1826 }
895fbaf2 1827#ifdef EXPERIMENTAL_DSN_INFO
d093f8e5 1828 sx->helo_response = string_copy(sx->buffer);
895fbaf2 1829#endif
0756eb3c
PH		 1830 }
1831 else
0756eb3c
PH		 1832 DEBUG(D_transport)
1833 debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
0756eb3c 1834
d093f8e5 1835 if (!sx->esmtp)
0756eb3c 1836 {
895fbaf2 1837 BOOL good_response;
d093f8e5
JH		 1838 int n = sizeof(sx->buffer);
1839 uschar * rsp = sx->buffer;
a57ce043 1840
d093f8e5
JH		 1841 if (sx->esmtp_sent && (n = Ustrlen(sx->buffer)) < sizeof(sx->buffer)/2)
1842 { rsp = sx->buffer + n + 1; n = sizeof(sx->buffer) - n; }
895fbaf2 1843
4e910c01 1844 if (smtp_write_command(&sx->outblock, SCMD_FLUSH, "HELO %s\r\n", sx->helo_data) < 0)
0756eb3c 1845 goto SEND_FAILED;
d093f8e5
JH		 1846 good_response = smtp_read_response(&sx->inblock, rsp, n,
1847 '2', sx->ob->command_timeout);
895fbaf2 1848#ifdef EXPERIMENTAL_DSN_INFO
d093f8e5 1849 sx->helo_response = string_copy(rsp);
895fbaf2 1850#endif
a57ce043
JH		 1851 if (!good_response)
1852 {
1853 /* Handle special logging for a closed connection after HELO
1854 when had previously sent EHLO */
1855
d093f8e5 1856 if (rsp != sx->buffer && rsp[0] == 0 && (errno == 0 || errno == ECONNRESET))
a57ce043 1857 {
de6273b4
JH		 1858 errno = ERRNO_SMTPCLOSED;
1859 goto EHLOHELO_FAILED;
a57ce043 1860 }
e5ab0ba9 1861 memmove(sx->buffer, rsp, Ustrlen(rsp));
a57ce043
JH		 1862 goto RESPONSE_FAILED;
1863 }
0756eb3c
PH		 1864 }
1865
14de8063 1866 sx->avoid_option = sx->peer_offered = smtp_peer_options = 0;
2d14f397 1867
d093f8e5 1868 if (sx->esmtp || sx->lmtp)
2d14f397 1869 {
e9166683 1870 sx->peer_offered = ehlo_response(sx->buffer,
14de8063 1871 OPTION_TLS /* others checked later */
9094b84b 1872 );
f1513293 1873
0756eb3c
PH		 1874 /* Set tls_offered if the response to EHLO specifies support for STARTTLS. */
1875
a7538db1 1876#ifdef SUPPORT_TLS
14de8063 1877 smtp_peer_options |= sx->peer_offered & OPTION_TLS;
7ade712c 1878#endif
2d14f397 1879 }
0756eb3c
PH		 1880 }
1881
57cc2785
JH		 1882/* For continuing deliveries down the same channel, having re-exec'd the socket
1883is the standard input; for a socket held open from verify it is recorded
1884in the cutthrough context block. Either way we don't need to redo EHLO here
1885(but may need to do so for TLS - see below).
1886Set up the pointer to where subsequent commands will be left, for
2d14f397 1887error messages. Note that smtp_peer_options will have been
0756eb3c
PH		 1888set from the command line if they were set in the process that passed the
1889connection on. */
1890
895fbaf2 1891/*XXX continue case needs to propagate DSN_INFO, prob. in deliver.c
4c04137d 1892as the continue goes via transport_pass_socket() and doublefork and exec.
895fbaf2
JH		 1893It does not wait. Unclear how we keep separate host's responses
1894separate - we could match up by host ip+port as a bodge. */
1895
0756eb3c
PH		 1896else
1897 {
74f1a423 1898 if (cutthrough.cctx.sock >= 0 && cutthrough.callout_hold_only)
57cc2785 1899 {
74f1a423 1900 sx->cctx = cutthrough.cctx;
57cc2785
JH		 1901 sx->host->port = sx->port = cutthrough.host.port;
1902 }
1903 else
1904 {
74f1a423
JH		 1905 sx->cctx.sock = 0; /* stdin */
1906 sx->cctx.tls_ctx = NULL;
a843a57e 1907 smtp_port_for_connect(sx->host, sx->port); /* Record the port that was used */
57cc2785 1908 }
74f1a423 1909 sx->inblock.cctx = sx->outblock.cctx = &sx->cctx;
0756eb3c 1910 smtp_command = big_buffer;
02b41d71 1911 sx->helo_data = NULL; /* ensure we re-expand ob->helo_data */
875512a3 1912
57cc2785
JH		 1913 /* For a continued connection with TLS being proxied for us, or a
1914 held-open verify connection with TLS, nothing more to do. */
875512a3 1915
57cc2785 1916 if ( continue_proxy_cipher
74f1a423
JH		 1917 || (cutthrough.cctx.sock >= 0 && cutthrough.callout_hold_only
1918 && cutthrough.is_tls)
57cc2785 1919 )
875512a3
JH		 1920 {
1921 sx->peer_offered = smtp_peer_options;
14de8063 1922 pipelining_active = !!(smtp_peer_options & OPTION_PIPE);
57cc2785
JH		 1923 HDEBUG(D_transport) debug_printf("continued connection, %s TLS\n",
1924 continue_proxy_cipher ? "proxied" : "verify conn with");
875512a3
JH		 1925 return OK;
1926 }
1927 HDEBUG(D_transport) debug_printf("continued connection, no TLS\n");
0756eb3c
PH		 1928 }
1929
1930/* If TLS is available on this connection, whether continued or not, attempt to
1931start up a TLS session, unless the host is in hosts_avoid_tls. If successful,
1932send another EHLO - the server may give a different answer in secure mode. We
1933use a separate buffer for reading the response to STARTTLS so that if it is
1934negative, the original EHLO data is available for subsequent analysis, should
1935the client not be required to use TLS. If the response is bad, copy the buffer
1936for error analysis. */
1937
1938#ifdef SUPPORT_TLS
14de8063 1939if ( smtp_peer_options & OPTION_TLS
5130845b 1940 && !suppress_tls
02b41d71 1941 && verify_check_given_host(&sx->ob->hosts_avoid_tls, sx->host) != OK
e9166683 1942 && ( !sx->verify
02b41d71
JH		 1943 || verify_check_given_host(&sx->ob->hosts_verify_avoid_tls, sx->host) != OK
1944 ) )
0756eb3c
PH		 1945 {
1946 uschar buffer2[4096];
4e910c01 1947 if (smtp_write_command(&sx->outblock, SCMD_FLUSH, "STARTTLS\r\n") < 0)
0756eb3c
PH		 1948 goto SEND_FAILED;
1949
1950 /* If there is an I/O error, transmission of this message is deferred. If
1951 there is a temporary rejection of STARRTLS and tls_tempfail_tryclear is
1952 false, we also defer. However, if there is a temporary rejection of STARTTLS
1953 and tls_tempfail_tryclear is true, or if there is an outright rejection of
1954 STARTTLS, we carry on. This means we will try to send the message in clear,
1955 unless the host is in hosts_require_tls (tested below). */
1956
d093f8e5
JH		 1957 if (!smtp_read_response(&sx->inblock, buffer2, sizeof(buffer2), '2',
1958 sx->ob->command_timeout))
0756eb3c 1959 {
4b0fe319
JH		 1960 if ( errno != 0
1961 || buffer2[0] == 0
d093f8e5 1962 || (buffer2[0] == '4' && !sx->ob->tls_tempfail_tryclear)
4b0fe319 1963 )
0dda4340 1964 {
d093f8e5 1965 Ustrncpy(sx->buffer, buffer2, sizeof(sx->buffer));
9e7e0f6a 1966 sx->buffer[sizeof(sx->buffer)-1] = '\0';
0756eb3c 1967 goto RESPONSE_FAILED;
0dda4340 1968 }
0756eb3c
PH		 1969 }
1970
1971 /* STARTTLS accepted: try to negotiate a TLS session. */
1972
1973 else
061b7ebd 1974 TLS_NEGOTIATE:
0756eb3c 1975 {
d093f8e5 1976 address_item * addr;
cf0c6164 1977 uschar * errstr;
74f1a423
JH		 1978 sx->cctx.tls_ctx = tls_client_start(sx->cctx.sock, sx->host,
1979 sx->addrlist, sx->tblock,
c0635b6d 1980# ifdef SUPPORT_DANE
cf0c6164 1981 sx->dane ? &tlsa_dnsa : NULL,
0e66b3b6 1982# endif
74f1a423 1983 &tls_out, &errstr);
0756eb3c 1984
74f1a423 1985 if (!sx->cctx.tls_ctx)
0756eb3c 1986 {
74f1a423
JH		 1987 /* TLS negotiation failed; give an error. From outside, this function may
1988 be called again to try in clear on a new connection, if the options permit
1989 it for this host. */
1990
c0635b6d 1991# ifdef SUPPORT_DANE
c4b57fdd
JH		 1992 if (sx->dane)
1993 {
1994 log_write(0, LOG_MAIN,
cf0c6164
JH		 1995 "DANE attempt failed; TLS connection to %s [%s]: %s",
1996 sx->host->name, sx->host->address, errstr);
8d3dc239 1997# ifndef DISABLE_EVENT
c4b57fdd
JH		 1998 (void) event_raise(sx->tblock->event_action,
1999 US"dane:fail", US"validation-failure"); /* could do with better detail */
8d3dc239 2000# endif
c4b57fdd 2001 }
6ebd79ec
JH		 2002# endif
2003
de6273b4 2004 errno = ERRNO_TLSFAILURE;
cf0c6164 2005 message = string_sprintf("TLS session: %s", errstr);
d093f8e5 2006 sx->send_quit = FALSE;
0756eb3c
PH		 2007 goto TLS_FAILED;
2008 }
2009
2010 /* TLS session is set up */
2011
2d14f397 2012 smtp_peer_options_wrap = smtp_peer_options;
d093f8e5 2013 for (addr = sx->addrlist; addr; addr = addr->next)
5ca2a9a1
PH		 2014 if (addr->transport_return == PENDING_DEFER)
2015 {
817d9f57 2016 addr->cipher = tls_out.cipher;
9d1c15ef
JH		 2017 addr->ourcert = tls_out.ourcert;
2018 addr->peercert = tls_out.peercert;
817d9f57 2019 addr->peerdn = tls_out.peerdn;
018058b2 2020 addr->ocsp = tls_out.ocsp;
5ca2a9a1 2021 }
0756eb3c
PH		 2022 }
2023 }
2024
061b7ebd
PP		 2025/* if smtps, we'll have smtp_command set to something else; always safe to
2026reset it here. */
2027smtp_command = big_buffer;
2028
41c7c167
PH		 2029/* If we started TLS, redo the EHLO/LHLO exchange over the secure channel. If
2030helo_data is null, we are dealing with a connection that was passed from
2031another process, and so we won't have expanded helo_data above. We have to
2032expand it here. $sending_ip_address and $sending_port are set up right at the
2033start of the Exim process (in exim.c). */
0756eb3c 2034
74f1a423 2035if (tls_out.active.sock >= 0)
0756eb3c 2036 {
061b7ebd 2037 char *greeting_cmd;
895fbaf2
JH		 2038 BOOL good_response;
2039
d093f8e5 2040 if (!sx->helo_data && !(sx->helo_data = expand_string(sx->ob->helo_data)))
41c7c167 2041 {
d093f8e5
JH		 2042 uschar *message = string_sprintf("failed to expand helo_data: %s",
2043 expand_string_message);
2044 set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE);
2045 yield = DEFER;
2046 goto SEND_QUIT;
41c7c167
PH		 2047 }
2048
0d0e4455 2049 /* For SMTPS we need to wait for the initial OK response. */
d093f8e5 2050 if (sx->smtps)
061b7ebd 2051 {
d093f8e5
JH		 2052 good_response = smtp_read_response(&sx->inblock, sx->buffer, sizeof(sx->buffer),
2053 '2', sx->ob->command_timeout);
895fbaf2 2054#ifdef EXPERIMENTAL_DSN_INFO
d093f8e5 2055 sx->smtp_greeting = string_copy(sx->buffer);
895fbaf2
JH		 2056#endif
2057 if (!good_response) goto RESPONSE_FAILED;
0d0e4455
PP		 2058 }
2059
d093f8e5 2060 if (sx->esmtp)
0d0e4455
PP		 2061 greeting_cmd = "EHLO";
2062 else
2063 {
2064 greeting_cmd = "HELO";
2065 DEBUG(D_transport)
2066 debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
061b7ebd
PP		 2067 }
2068
4e910c01 2069 if (smtp_write_command(&sx->outblock, SCMD_FLUSH, "%s %s\r\n",
d093f8e5 2070 sx->lmtp ? "LHLO" : greeting_cmd, sx->helo_data) < 0)
0756eb3c 2071 goto SEND_FAILED;
d093f8e5
JH		 2072 good_response = smtp_read_response(&sx->inblock, sx->buffer, sizeof(sx->buffer),
2073 '2', sx->ob->command_timeout);
895fbaf2 2074#ifdef EXPERIMENTAL_DSN_INFO
d093f8e5 2075 sx->helo_response = string_copy(sx->buffer);
895fbaf2
JH		 2076#endif
2077 if (!good_response) goto RESPONSE_FAILED;
2d14f397 2078 smtp_peer_options = 0;
0756eb3c
PH		 2079 }
2080
2081/* If the host is required to use a secure channel, ensure that we
2082have one. */
2083
d093f8e5 2084else if ( sx->smtps
c0635b6d 2085# ifdef SUPPORT_DANE
d093f8e5 2086 || sx->dane
8ac90765
JH		 2087# endif
2088# ifdef EXPERIMENTAL_REQUIRETLS
2089 || tls_requiretls & REQUIRETLS_MSG
0e66b3b6 2090# endif
d093f8e5 2091 || verify_check_given_host(&sx->ob->hosts_require_tls, sx->host) == OK
7a31d643 2092 )
0756eb3c 2093 {
8ac90765
JH		 2094 errno =
2095# ifdef EXPERIMENTAL_REQUIRETLS
2096 tls_requiretls & REQUIRETLS_MSG ? ERRNO_REQUIRETLS :
2097# endif
2098 ERRNO_TLSREQUIRED;
c562fd30 2099 message = string_sprintf("a TLS session is required, but %s",
14de8063 2100 smtp_peer_options & OPTION_TLS
2d14f397 2101 ? "an attempt to start TLS failed" : "the server did not offer TLS support");
8d3dc239 2102# if defined(SUPPORT_DANE) && !defined(DISABLE_EVENT)
c4b57fdd
JH		 2103 if (sx->dane)
2104 (void) event_raise(sx->tblock->event_action, US"dane:fail",
2105 smtp_peer_options & OPTION_TLS
2106 ? US"validation-failure" /* could do with better detail */
2107 : US"starttls-not-supported");
2108# endif
0756eb3c
PH		 2109 goto TLS_FAILED;
2110 }
0e66b3b6 2111#endif /*SUPPORT_TLS*/
0756eb3c
PH		 2112
2113/* If TLS is active, we have just started it up and re-done the EHLO command,
2114so its response needs to be analyzed. If TLS is not active and this is a
2115continued session down a previously-used socket, we haven't just done EHLO, so
2116we skip this. */
2117
2118if (continue_hostname == NULL
a7538db1 2119#ifdef SUPPORT_TLS
74f1a423 2120 || tls_out.active.sock >= 0
a7538db1 2121#endif
0756eb3c
PH		 2122 )
2123 {
d093f8e5 2124 if (sx->esmtp || sx->lmtp)
2d14f397 2125 {
e9166683 2126 sx->peer_offered = ehlo_response(sx->buffer,
d093f8e5 2127 0 /* no TLS */
14de8063
JH		 2128 | (sx->lmtp && sx->ob->lmtp_ignore_quota ? OPTION_IGNQ : 0)
2129 | OPTION_CHUNKING
2130 | OPTION_PRDR
9094b84b 2131#ifdef SUPPORT_I18N
14de8063 2132 | (sx->addrlist->prop.utf8_msg ? OPTION_UTF8 : 0)
d093f8e5
JH		 2133 /*XXX if we hand peercaps on to continued-conn processes,
2134 must not depend on this addr */
9094b84b 2135#endif
14de8063
JH		 2136 | OPTION_DSN
2137 | OPTION_PIPE
2138 | (sx->ob->size_addition >= 0 ? OPTION_SIZE : 0)
8ac90765
JH		 2139#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS)
2140 | (tls_requiretls & REQUIRETLS_MSG ? OPTION_REQUIRETLS : 0)
2141#endif
9094b84b
JH		 2142 );
2143
2d14f397
JH		 2144 /* Set for IGNOREQUOTA if the response to LHLO specifies support and the
2145 lmtp_ignore_quota option was set. */
f1513293 2146
14de8063 2147 sx->igquotstr = sx->peer_offered & OPTION_IGNQ ? US" IGNOREQUOTA" : US"";
f1513293 2148
2d14f397
JH		 2149 /* If the response to EHLO specified support for the SIZE parameter, note
2150 this, provided size_addition is non-negative. */
f1513293 2151
14de8063 2152 smtp_peer_options |= sx->peer_offered & OPTION_SIZE;
0756eb3c 2153
2d14f397
JH		 2154 /* Note whether the server supports PIPELINING. If hosts_avoid_esmtp matched
2155 the current host, esmtp will be false, so PIPELINING can never be used. If
2156 the current host matches hosts_avoid_pipelining, don't do it. */
0756eb3c 2157
14de8063 2158 if ( sx->peer_offered & OPTION_PIPE
d093f8e5 2159 && verify_check_given_host(&sx->ob->hosts_avoid_pipelining, sx->host) != OK)
14de8063 2160 smtp_peer_options |= OPTION_PIPE;
0756eb3c 2161
2d14f397 2162 DEBUG(D_transport) debug_printf("%susing PIPELINING\n",
14de8063 2163 smtp_peer_options & OPTION_PIPE ? "" : "not ");
0756eb3c 2164
14de8063 2165 if ( sx->peer_offered & OPTION_CHUNKING
d093f8e5 2166 && verify_check_given_host(&sx->ob->hosts_try_chunking, sx->host) != OK)
14de8063 2167 sx->peer_offered &= ~OPTION_CHUNKING;
f98442df 2168
14de8063 2169 if (sx->peer_offered & OPTION_CHUNKING)
2d14f397 2170 {DEBUG(D_transport) debug_printf("CHUNKING usable\n");}
0756eb3c 2171
8ccd00b1 2172#ifndef DISABLE_PRDR
14de8063 2173 if ( sx->peer_offered & OPTION_PRDR
d093f8e5 2174 && verify_check_given_host(&sx->ob->hosts_try_prdr, sx->host) != OK)
14de8063 2175 sx->peer_offered &= ~OPTION_PRDR;
fd98a5c6 2176
14de8063 2177 if (sx->peer_offered & OPTION_PRDR)
2d14f397 2178 {DEBUG(D_transport) debug_printf("PRDR usable\n");}
fd98a5c6
JH		 2179#endif
2180
2d14f397 2181 /* Note if the server supports DSN */
14de8063 2182 smtp_peer_options |= sx->peer_offered & OPTION_DSN;
2d14f397 2183 DEBUG(D_transport) debug_printf("%susing DSN\n",
14de8063 2184 sx->peer_offered & OPTION_DSN ? "" : "not ");
6c1c3d1d 2185
8ac90765
JH		 2186#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS)
2187 if (sx->peer_offered & OPTION_REQUIRETLS)
2188 {
2189 smtp_peer_options |= OPTION_REQUIRETLS;
2190 DEBUG(D_transport) debug_printf(
2191 tls_requiretls & REQUIRETLS_MSG
2192 ? "using REQUIRETLS\n" : "REQUIRETLS offered\n");
2193 }
2194#endif
2195
2d14f397
JH		 2196 /* Note if the response to EHLO specifies support for the AUTH extension.
2197 If it has, check that this host is one we want to authenticate to, and do
2198 the business. The host name and address must be available when the
2199 authenticator's client driver is running. */
0756eb3c 2200
d093f8e5
JH		 2201 switch (yield = smtp_auth(sx->buffer, sizeof(sx->buffer), sx->addrlist, sx->host,
2202 sx->ob, sx->esmtp, &sx->inblock, &sx->outblock))
2d14f397
JH		 2203 {
2204 default: goto SEND_QUIT;
2205 case OK: break;
2206 case FAIL_SEND: goto SEND_FAILED;
2207 case FAIL: goto RESPONSE_FAILED;
2208 }
0756eb3c
PH		 2209 }
2210 }
14de8063 2211pipelining_active = !!(smtp_peer_options & OPTION_PIPE);
0756eb3c
PH		 2212
2213/* The setting up of the SMTP call is now complete. Any subsequent errors are
2214message-specific. */
2215
d093f8e5 2216sx->setting_up = FALSE;
0756eb3c 2217
8c5d388a 2218#ifdef SUPPORT_I18N
d093f8e5 2219if (sx->addrlist->prop.utf8_msg)
9094b84b 2220 {
d093f8e5
JH		 2221 sx->utf8_needed = !sx->addrlist->prop.utf8_downcvt
2222 && !sx->addrlist->prop.utf8_downcvt_maybe;
2223 DEBUG(D_transport) if (!sx->utf8_needed)
59a286ef 2224 debug_printf("utf8: %s downconvert\n",
d093f8e5 2225 sx->addrlist->prop.utf8_downcvt ? "mandatory" : "optional");
9094b84b
JH		 2226 }
2227
7ade712c 2228/* If this is an international message we need the host to speak SMTPUTF8 */
14de8063 2229if (sx->utf8_needed && !(sx->peer_offered & OPTION_UTF8))
7ade712c
JH		 2230 {
2231 errno = ERRNO_UTF8_FWD;
2232 goto RESPONSE_FAILED;
2233 }
2234#endif
2235
8ac90765
JH		 2236#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS)
2237 /*XXX should tls_requiretls actually be per-addr? */
2238
2239if ( tls_requiretls & REQUIRETLS_MSG
2240 && !(sx->peer_offered & OPTION_REQUIRETLS)
2241 )
2242 {
2243 sx->setting_up = TRUE;
2244 errno = ERRNO_REQUIRETLS;
2245 message = US"REQUIRETLS support is required from the server"
2246 " but it was not offered";
2247 DEBUG(D_transport) debug_printf("%s\n", message);
2248 goto TLS_FAILED;
2249 }
2250#endif
2251
d093f8e5
JH		 2252return OK;
2253
2254
2255 {
2256 int code;
d093f8e5
JH		 2257
2258 RESPONSE_FAILED:
d093f8e5 2259 message = NULL;
de6273b4 2260 sx->send_quit = check_response(sx->host, &errno, sx->addrlist->more_errno,
d093f8e5 2261 sx->buffer, &code, &message, &pass_message);
8ac90765 2262 yield = DEFER;
d093f8e5 2263 goto FAILED;
d093f8e5
JH		 2264
2265 SEND_FAILED:
d093f8e5
JH		 2266 code = '4';
2267 message = US string_sprintf("send() to %s [%s] failed: %s",
829dd842 2268 sx->host->name, sx->host->address, strerror(errno));
d093f8e5 2269 sx->send_quit = FALSE;
8ac90765 2270 yield = DEFER;
d093f8e5 2271 goto FAILED;
d093f8e5 2272
de6273b4
JH		 2273 EHLOHELO_FAILED:
2274 code = '4';
2275 message = string_sprintf("Remote host closed connection in response to %s"
2276 " (EHLO response was: %s)", smtp_command, sx->buffer);
2277 sx->send_quit = FALSE;
8ac90765 2278 yield = DEFER;
de6273b4
JH		 2279 goto FAILED;
2280
e5ab0ba9
JH		 2281 /* This label is jumped to directly when a TLS negotiation has failed,
2282 or was not done for a host for which it is required. Values will be set
2283 in message and errno, and setting_up will always be true. Treat as
2284 a temporary error. */
2285
d093f8e5
JH		 2286#ifdef SUPPORT_TLS
2287 TLS_FAILED:
8ac90765
JH		 2288# ifdef EXPERIMENTAL_REQUIRETLS
2289 if (errno == ERRNO_REQUIRETLS)
2290 code = '5', yield = FAIL;
2291 /*XXX DSN will be labelled 500; prefer 530 5.7.4 */
2292 else
2293# endif
2294 code = '4', yield = DEFER;
de6273b4 2295 goto FAILED;
d093f8e5
JH		 2296#endif
2297
2298 /* The failure happened while setting up the call; see if the failure was
2299 a 5xx response (this will either be on connection, or following HELO - a 5xx
e69636bc
JH		 2300 after EHLO causes it to try HELO). If so, and there are no more hosts to try,
2301 fail all addresses, as this host is never going to accept them. For other
2302 errors during setting up (timeouts or whatever), defer all addresses, and
2303 yield DEFER, so that the host is not tried again for a while.
2304
2305 XXX This peeking for another host feels like a layering violation. We want
2306 to note the host as unusable, but down here we shouldn't know if this was
2307 the last host to try for the addr(list). Perhaps the upper layer should be
2308 the one to do set_errno() ? The problem is that currently the addr is where
2309 errno etc. are stashed, but until we run out of hosts to try the errors are
2310 host-specific. Maybe we should enhance the host_item definition? */
d093f8e5 2311
de6273b4 2312FAILED:
d093f8e5 2313 sx->ok = FALSE; /* For when reached by GOTO */
e69636bc
JH		 2314 set_errno(sx->addrlist, errno, message,
2315 sx->host->next
2316 ? DEFER
2317 : code == '5'
d093f8e5 2318#ifdef SUPPORT_I18N
e69636bc 2319 || errno == ERRNO_UTF8_FWD
d093f8e5 2320#endif
e69636bc
JH		 2321 ? FAIL : DEFER,
2322 pass_message, sx->host
d093f8e5
JH		 2323#ifdef EXPERIMENTAL_DSN_INFO
2324 , sx->smtp_greeting, sx->helo_response
2325#endif
2326 );
2327 }
2328
2329
2330SEND_QUIT:
2331
2332if (sx->send_quit)
4e910c01 2333 (void)smtp_write_command(&sx->outblock, SCMD_FLUSH, "QUIT\r\n");
d093f8e5 2334
d093f8e5 2335#ifdef SUPPORT_TLS
74f1a423
JH		 2336if (sx->cctx.tls_ctx)
2337 {
2338 tls_close(sx->cctx.tls_ctx, TLS_SHUTDOWN_NOWAIT);
2339 sx->cctx.tls_ctx = NULL;
2340 }
d093f8e5
JH		 2341#endif
2342
2343/* Close the socket, and return the appropriate value, first setting
2344works because the NULL setting is passed back to the calling process, and
2345remote_max_parallel is forced to 1 when delivering over an existing connection,
b7d3afcf 2346*/
d093f8e5 2347
e1d04f48 2348HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP(close)>>\n");
d093f8e5
JH		 2349if (sx->send_quit)
2350 {
74f1a423
JH		 2351 shutdown(sx->cctx.sock, SHUT_WR);
2352 if (fcntl(sx->cctx.sock, F_SETFL, O_NONBLOCK) == 0)
2353 for (rc = 16; read(sx->cctx.sock, sx->inbuffer, sizeof(sx->inbuffer)) > 0 && rc > 0;)
d093f8e5 2354 rc--; /* drain socket */
02b41d71 2355 sx->send_quit = FALSE;
d093f8e5 2356 }
74f1a423
JH		 2357(void)close(sx->cctx.sock);
2358sx->cctx.sock = -1;
d093f8e5
JH		 2359
2360#ifndef DISABLE_EVENT
2361(void) event_raise(sx->tblock->event_action, US"tcp:close", NULL);
2362#endif
2363
2364continue_transport = NULL;
2365continue_hostname = NULL;
2366return yield;
2367}
2368
2369
9be4572b
JH		 2370
2371
2372/* Create the string of options that will be appended to the MAIL FROM:
2373in the connection context buffer */
2374
2375static int
2376build_mailcmd_options(smtp_context * sx, address_item * addrlist)
2377{
2378uschar * p = sx->buffer;
2379address_item * addr;
2380int address_count;
2381
2382*p = 0;
2383
14de8063 2384/* If we know the receiving MTA supports the SIZE qualification, and we know it,
9be4572b
JH		 2385send it, adding something to the message size to allow for imprecision
2386and things that get added en route. Exim keeps the number of lines
2387in a message, so we can give an accurate value for the original message, but we
2388need some additional to handle added headers. (Double "." characters don't get
2389included in the count.) */
2390
14de8063
JH		 2391if ( message_size > 0
2392 && sx->peer_offered & OPTION_SIZE && !(sx->avoid_option & OPTION_SIZE))
9be4572b 2393 {
328c5688
JH		 2394/*XXX problem here under spool_files_wireformat?
2395Or just forget about lines? Or inflate by a fixed proportion? */
2396
9be4572b
JH		 2397 sprintf(CS p, " SIZE=%d", message_size+message_linecount+sx->ob->size_addition);
2398 while (*p) p++;
2399 }
2400
2401#ifndef DISABLE_PRDR
2402/* If it supports Per-Recipient Data Reponses, and we have omre than one recipient,
2403request that */
2404
2405sx->prdr_active = FALSE;
14de8063 2406if (sx->peer_offered & OPTION_PRDR)
9be4572b
JH		 2407 for (addr = addrlist; addr; addr = addr->next)
2408 if (addr->transport_return == PENDING_DEFER)
2409 {
2410 for (addr = addr->next; addr; addr = addr->next)
2411 if (addr->transport_return == PENDING_DEFER)
2412 { /* at least two recipients to send */
2413 sx->prdr_active = TRUE;
2414 sprintf(CS p, " PRDR"); p += 5;
2415 break;
2416 }
2417 break;
2418 }
2419#endif
2420
2421#ifdef SUPPORT_I18N
2422/* If it supports internationalised messages, and this meesage need that,
2423request it */
2424
14de8063 2425if ( sx->peer_offered & OPTION_UTF8
9be4572b
JH		 2426 && addrlist->prop.utf8_msg
2427 && !addrlist->prop.utf8_downcvt
2428 )
2429 Ustrcpy(p, " SMTPUTF8"), p += 9;
2430#endif
2431
8ac90765
JH		 2432#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS)
2433if (tls_requiretls & REQUIRETLS_MSG)
2434 Ustrcpy(p, " REQUIRETLS") , p += 11;
2435#endif
2436
9be4572b
JH		 2437/* check if all addresses have DSN-lasthop flag; do not send RET and ENVID if so */
2438for (sx->dsn_all_lasthop = TRUE, addr = addrlist, address_count = 0;
2439 addr && address_count < sx->max_rcpt;
2440 addr = addr->next) if (addr->transport_return == PENDING_DEFER)
2441 {
2442 address_count++;
2443 if (!(addr->dsn_flags & rf_dsnlasthop))
2444 {
2445 sx->dsn_all_lasthop = FALSE;
2446 break;
2447 }
2448 }
2449
2450/* Add any DSN flags to the mail command */
2451
14de8063 2452if (sx->peer_offered & OPTION_DSN && !sx->dsn_all_lasthop)
9be4572b
JH		 2453 {
2454 if (dsn_ret == dsn_ret_hdrs)
2455 { Ustrcpy(p, " RET=HDRS"); p += 9; }
2456 else if (dsn_ret == dsn_ret_full)
2457 { Ustrcpy(p, " RET=FULL"); p += 9; }
2458
2459 if (dsn_envid)
2460 {
2461 string_format(p, sizeof(sx->buffer) - (p-sx->buffer), " ENVID=%s", dsn_envid);
2462 while (*p) p++;
2463 }
2464 }
2465
2466/* If an authenticated_sender override has been specified for this transport
2467instance, expand it. If the expansion is forced to fail, and there was already
2468an authenticated_sender for this message, the original value will be used.
2469Other expansion failures are serious. An empty result is ignored, but there is
2470otherwise no check - this feature is expected to be used with LMTP and other
2471cases where non-standard addresses (e.g. without domains) might be required. */
2472
2473if (smtp_mail_auth_str(p, sizeof(sx->buffer) - (p-sx->buffer), addrlist, sx->ob))
2474 return ERROR;
2475
2476return OK;
2477}
2478
2479
2480static void
2481build_rcptcmd_options(smtp_context * sx, const address_item * addr)
2482{
2483uschar * p = sx->buffer;
2484*p = 0;
2485
2486/* Add any DSN flags to the rcpt command */
2487
14de8063 2488if (sx->peer_offered & OPTION_DSN && !(addr->dsn_flags & rf_dsnlasthop))
9be4572b
JH		 2489 {
2490 if (addr->dsn_flags & rf_dsnflags)
2491 {
2492 int i;
2493 BOOL first = TRUE;
2494
2495 Ustrcpy(p, " NOTIFY=");
2496 while (*p) p++;
2497 for (i = 0; i < nelem(rf_list); i++) if (addr->dsn_flags & rf_list[i])
2498 {
2499 if (!first) *p++ = ',';
2500 first = FALSE;
2501 Ustrcpy(p, rf_names[i]);
2502 while (*p) p++;
2503 }
2504 }
2505
2506 if (addr->dsn_orcpt)
2507 {
2508 string_format(p, sizeof(sx->buffer) - (p-sx->buffer), " ORCPT=%s",
2509 addr->dsn_orcpt);
2510 while (*p) p++;
2511 }
2512 }
2513}
2514
2515
d9c3c8ed
JH		 2516
2517/*
2518Return:
e9166683
JH		 2519 0 good, rcpt results in addr->transport_return (PENDING_OK, DEFER, FAIL)
2520 -1 MAIL response error
2521 -2 any non-MAIL read i/o error
2522 -3 non-MAIL response timeout
2523 -4 internal error; channel still usable
2524 -5 transmit failed
d9c3c8ed
JH		 2525 */
2526
2527int
2528smtp_write_mail_and_rcpt_cmds(smtp_context * sx, int * yield)
2529{
2530address_item * addr;
2531int address_count;
2532int rc;
2533
2534if (build_mailcmd_options(sx, sx->first_addr) != OK)
2535 {
2536 *yield = ERROR;
e9166683 2537 return -4;
d9c3c8ed
JH		 2538 }
2539
2540/* From here until we send the DATA command, we can make use of PIPELINING
2541if the server host supports it. The code has to be able to check the responses
2542at any point, for when the buffer fills up, so we write it totally generally.
2543When PIPELINING is off, each command written reports that it has flushed the
2544buffer. */
2545
2546sx->pending_MAIL = TRUE; /* The block starts with MAIL */
2547
2548 {
2549 uschar * s = sx->from_addr;
2550#ifdef SUPPORT_I18N
2551 uschar * errstr = NULL;
2552
2553 /* If we must downconvert, do the from-address here. Remember we had to
2554 for the to-addresses (done below), and also (ugly) for re-doing when building
2555 the delivery log line. */
2556
2557 if ( sx->addrlist->prop.utf8_msg
14de8063 2558 && (sx->addrlist->prop.utf8_downcvt || !(sx->peer_offered & OPTION_UTF8))
d9c3c8ed
JH		 2559 )
2560 {
2561 if (s = string_address_utf8_to_alabel(s, &errstr), errstr)
2562 {
2563 set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL, errstr, DEFER, FALSE);
2564 *yield = ERROR;
e9166683 2565 return -4;
d9c3c8ed
JH		 2566 }
2567 setflag(sx->addrlist, af_utf8_downcvt);
2568 }
2569#endif
2570
4e910c01 2571 rc = smtp_write_command(&sx->outblock, pipelining_active ? SCMD_BUFFER : SCMD_FLUSH,
d9c3c8ed
JH		 2572 "MAIL FROM:<%s>%s\r\n", s, sx->buffer);
2573 }
2574
2575mail_command = string_copy(big_buffer); /* Save for later error message */
2576
2577switch(rc)
2578 {
2579 case -1: /* Transmission error */
e9166683 2580 return -5;
d9c3c8ed 2581
df5b41e3 2582 case +1: /* Cmd was sent */
d9c3c8ed
JH		 2583 if (!smtp_read_response(&sx->inblock, sx->buffer, sizeof(sx->buffer), '2',
2584 sx->ob->command_timeout))
2585 {
2586 if (errno == 0 && sx->buffer[0] == '4')
2587 {
2588 errno = ERRNO_MAIL4XX;
2589 sx->addrlist->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
2590 }
2591 return -1;
2592 }
2593 sx->pending_MAIL = FALSE;
2594 break;
e9166683
JH		 2595
2596 /* otherwise zero: command queued for pipeline */
d9c3c8ed
JH		 2597 }
2598
2599/* Pass over all the relevant recipient addresses for this host, which are the
2600ones that have status PENDING_DEFER. If we are using PIPELINING, we can send
2601several before we have to read the responses for those seen so far. This
2602checking is done by a subroutine because it also needs to be done at the end.
2603Send only up to max_rcpt addresses at a time, leaving next_addr pointing to
2604the next one if not all are sent.
2605
2606In the MUA wrapper situation, we want to flush the PIPELINING buffer for the
2607last address because we want to abort if any recipients have any kind of
2608problem, temporary or permanent. We know that all recipient addresses will have
2609the PENDING_DEFER status, because only one attempt is ever made, and we know
e9166683
JH		 2610that max_rcpt will be large, so all addresses will be done at once.
2611
2612For verify we flush the pipeline after any (the only) rcpt address. */
d9c3c8ed
JH		 2613
2614for (addr = sx->first_addr, address_count = 0;
2615 addr && address_count < sx->max_rcpt;
2616 addr = addr->next) if (addr->transport_return == PENDING_DEFER)
2617 {
2618 int count;
2619 BOOL no_flush;
2620 uschar * rcpt_addr;
2621
a2673768 2622 if (tcp_out_fastopen && !tcp_out_fastopen_logged)
1ccd5f67
JH		 2623 {
2624 setflag(addr, af_tcp_fastopen_conn);
2625 if (tcp_out_fastopen > 1) setflag(addr, af_tcp_fastopen);
2626 }
a2673768 2627
14de8063 2628 addr->dsn_aware = sx->peer_offered & OPTION_DSN
d9c3c8ed
JH		 2629 ? dsn_support_yes : dsn_support_no;
2630
2631 address_count++;
4c2471ca
JH		 2632 no_flush = pipelining_active && !sx->verify
2633 && (!mua_wrapper || addr->next && address_count < sx->max_rcpt);
d9c3c8ed
JH		 2634
2635 build_rcptcmd_options(sx, addr);
2636
2637 /* Now send the RCPT command, and process outstanding responses when
2638 necessary. After a timeout on RCPT, we just end the function, leaving the
2639 yield as OK, because this error can often mean that there is a problem with
2640 just one address, so we don't want to delay the host. */
2641
2642 rcpt_addr = transport_rcpt_address(addr, sx->tblock->rcpt_include_affixes);
2643
2644#ifdef SUPPORT_I18N
2645 if ( testflag(sx->addrlist, af_utf8_downcvt)
2646 && !(rcpt_addr = string_address_utf8_to_alabel(rcpt_addr, NULL))
2647 )
2648 {
2649 /*XXX could we use a per-address errstr here? Not fail the whole send? */
2650 errno = ERRNO_EXPANDFAIL;
e9166683 2651 return -5; /*XXX too harsh? */
d9c3c8ed
JH		 2652 }
2653#endif
2654
4e910c01
JH		 2655 count = smtp_write_command(&sx->outblock, no_flush ? SCMD_BUFFER : SCMD_FLUSH,
2656 "RCPT TO:<%s>%s%s\r\n", rcpt_addr, sx->igquotstr, sx->buffer);
d9c3c8ed 2657
e9166683 2658 if (count < 0) return -5;
d9c3c8ed
JH		 2659 if (count > 0)
2660 {
df5b41e3 2661 switch(sync_responses(sx, count, 0))
d9c3c8ed
JH		 2662 {
2663 case 3: sx->ok = TRUE; /* 2xx & 5xx => OK & progress made */
2664 case 2: sx->completed_addr = TRUE; /* 5xx (only) => progress made */
e9166683 2665 break;
d9c3c8ed
JH		 2666
2667 case 1: sx->ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
2668 if (!sx->lmtp) /* can't tell about progress yet */
2669 sx->completed_addr = TRUE;
2670 case 0: /* No 2xx or 5xx, but no probs */
2671 break;
2672
e9166683
JH		 2673 case -1: return -3; /* Timeout on RCPT */
2674 case -2: return -2; /* non-MAIL read i/o error */
2675 default: return -1; /* any MAIL error */
d9c3c8ed
JH		 2676 }
2677 sx->pending_MAIL = FALSE; /* Dealt with MAIL */
2678 }
2679 } /* Loop for next address */
2680
a2673768 2681tcp_out_fastopen_logged = TRUE;
d9c3c8ed
JH		 2682sx->next_addr = addr;
2683return 0;
2684}
2685
2686
875512a3
JH		 2687#ifdef SUPPORT_TLS
2688/*****************************************************
2689* Proxy TLS connection for another transport process *
2690******************************************************/
2691/*
d097cc73
JH		 2692Close the unused end of the pipe, fork once more, then use the given buffer
2693as a staging area, and select on both the given fd and the TLS'd client-fd for
2694data to read (per the coding in ip_recv() and fd_ready() this is legitimate).
2695Do blocking full-size writes, and reads under a timeout. Once both input
2696channels are closed, exit the process.
875512a3
JH		 2697
2698Arguments:
74f1a423 2699 ct_ctx tls context
57cc2785
JH		 2700 buf space to use for buffering
2701 bufsiz size of buffer
d097cc73 2702 pfd pipe filedescriptor array; [0] is comms to proxied process
875512a3
JH		 2703 timeout per-read timeout, seconds
2704*/
2705
57cc2785 2706void
74f1a423
JH		 2707smtp_proxy_tls(void * ct_ctx, uschar * buf, size_t bsize, int * pfd,
2708 int timeout)
875512a3 2709{
e47252f5 2710fd_set rfds, efds;
74f1a423 2711int max_fd = MAX(pfd[0], tls_out.active.sock) + 1;
875512a3
JH		 2712int rc, i, fd_bits, nbytes;
2713
d097cc73
JH		 2714close(pfd[1]);
2715if ((rc = fork()))
2716 {
2717 DEBUG(D_transport) debug_printf("proxy-proc final-pid %d\n", rc);
2718 _exit(rc < 0 ? EXIT_FAILURE : EXIT_SUCCESS);
2719 }
2720
626810b9 2721if (running_in_test_harness) millisleep(100); /* let parent debug out */
875512a3 2722set_process_info("proxying TLS connection for continued transport");
e47252f5 2723FD_ZERO(&rfds);
74f1a423 2724FD_SET(tls_out.active.sock, &rfds);
d097cc73 2725FD_SET(pfd[0], &rfds);
875512a3
JH		 2726
2727for (fd_bits = 3; fd_bits; )
2728 {
2729 time_t time_left = timeout;
2730 time_t time_start = time(NULL);
2731
2732 /* wait for data */
e47252f5 2733 efds = rfds;
875512a3
JH		 2734 do
2735 {
2736 struct timeval tv = { time_left, 0 };
2737
e47252f5
JH		 2738 rc = select(max_fd,
2739 (SELECT_ARG2_TYPE *)&rfds, NULL, (SELECT_ARG2_TYPE *)&efds, &tv);
875512a3
JH		 2740
2741 if (rc < 0 && errno == EINTR)
2742 if ((time_left -= time(NULL) - time_start) > 0) continue;
2743
2744 if (rc <= 0)
2745 {
2746 DEBUG(D_transport) if (rc == 0) debug_printf("%s: timed out\n", __FUNCTION__);
d097cc73 2747 goto done;
875512a3 2748 }
e47252f5 2749
74f1a423 2750 if (FD_ISSET(tls_out.active.sock, &efds) || FD_ISSET(pfd[0], &efds))
e47252f5
JH		 2751 {
2752 DEBUG(D_transport) debug_printf("select: exceptional cond on %s fd\n",
d097cc73
JH		 2753 FD_ISSET(pfd[0], &efds) ? "proxy" : "tls");
2754 goto done;
e47252f5 2755 }
875512a3 2756 }
74f1a423 2757 while (rc < 0 || !(FD_ISSET(tls_out.active.sock, &rfds) || FD_ISSET(pfd[0], &rfds)));
875512a3
JH		 2758
2759 /* handle inbound data */
74f1a423
JH		 2760 if (FD_ISSET(tls_out.active.sock, &rfds))
2761 if ((rc = tls_read(ct_ctx, buf, bsize)) <= 0)
875512a3
JH		 2762 {
2763 fd_bits &= ~1;
74f1a423 2764 FD_CLR(tls_out.active.sock, &rfds);
d097cc73 2765 shutdown(pfd[0], SHUT_WR);
e47252f5 2766 timeout = 5;
875512a3
JH		 2767 }
2768 else
2769 {
2770 for (nbytes = 0; rc - nbytes > 0; nbytes += i)
d097cc73 2771 if ((i = write(pfd[0], buf + nbytes, rc - nbytes)) < 0) goto done;
875512a3
JH		 2772 }
2773 else if (fd_bits & 1)
74f1a423 2774 FD_SET(tls_out.active.sock, &rfds);
875512a3
JH		 2775
2776 /* handle outbound data */
d097cc73
JH		 2777 if (FD_ISSET(pfd[0], &rfds))
2778 if ((rc = read(pfd[0], buf, bsize)) <= 0)
875512a3 2779 {
e47252f5 2780 fd_bits = 0;
74f1a423 2781 tls_close(ct_ctx, TLS_SHUTDOWN_NOWAIT);
c645dd29 2782 ct_ctx = NULL;
875512a3
JH		 2783 }
2784 else
2785 {
2786 for (nbytes = 0; rc - nbytes > 0; nbytes += i)
74f1a423 2787 if ((i = tls_write(ct_ctx, buf + nbytes, rc - nbytes, FALSE)) < 0)
d097cc73 2788 goto done;
875512a3
JH		 2789 }
2790 else if (fd_bits & 2)
d097cc73 2791 FD_SET(pfd[0], &rfds);
875512a3 2792 }
d097cc73
JH		 2793
2794done:
2795 if (running_in_test_harness) millisleep(100); /* let logging complete */
2796 exim_exit(0, US"TLS proxy");
875512a3
JH		 2797}
2798#endif
2799
2800
d093f8e5
JH		 2801/*************************************************
2802* Deliver address list to given host *
2803*************************************************/
2804
2805/* If continue_hostname is not null, we get here only when continuing to
2806deliver down an existing channel. The channel was passed as the standard
2807input. TLS is never active on a passed channel; the previous process always
2808closes it down before passing the connection on.
2809
2810Otherwise, we have to make a connection to the remote host, and do the
2811initial protocol exchange.
2812
2813When running as an MUA wrapper, if the sender or any recipient is rejected,
2814temporarily or permanently, we force failure for all recipients.
2815
2816Arguments:
2817 addrlist chain of potential addresses to deliver; only those whose
2818 transport_return field is set to PENDING_DEFER are currently
2819 being processed; others should be skipped - they have either
2820 been delivered to an earlier host or IP address, or been
2821 failed by one of them.
2822 host host to deliver to
2823 host_af AF_INET or AF_INET6
a843a57e
JH		 2824 defport default TCP/IP port to use if host does not specify, in host
2825 byte order
d093f8e5
JH		 2826 interface interface to bind to, or NULL
2827 tblock transport instance block
2828 message_defer set TRUE if yield is OK, but all addresses were deferred
2829 because of a non-recipient, non-host failure, that is, a
2830 4xx response to MAIL FROM, DATA, or ".". This is a defer
2831 that is specific to the message.
2832 suppress_tls if TRUE, don't attempt a TLS connection - this is set for
2833 a second attempt after TLS initialization fails
2834
2835Returns: OK - the connection was made and the delivery attempted;
2836 the result for each address is in its data block.
2837 DEFER - the connection could not be made, or something failed
2838 while setting up the SMTP session, or there was a
2839 non-message-specific error, such as a timeout.
2840 ERROR - a filter command is specified for this transport,
2841 and there was a problem setting it up; OR helo_data
2842 or add_headers or authenticated_sender is specified
2843 for this transport, and the string failed to expand
2844*/
2845
2846static int
a843a57e 2847smtp_deliver(address_item *addrlist, host_item *host, int host_af, int defport,
d093f8e5
JH		 2848 uschar *interface, transport_instance *tblock,
2849 BOOL *message_defer, BOOL suppress_tls)
2850{
2851address_item *addr;
d093f8e5 2852int yield = OK;
d093f8e5
JH		 2853int save_errno;
2854int rc;
32dfdf8b 2855struct timeval start_delivery_time;
d093f8e5 2856
d093f8e5
JH		 2857BOOL pass_message = FALSE;
2858uschar *message = NULL;
2859uschar new_message_id[MESSAGE_ID_LENGTH + 1];
d093f8e5
JH		 2860
2861smtp_context sx;
2862
32dfdf8b 2863gettimeofday(&start_delivery_time, NULL);
d093f8e5 2864suppress_tls = suppress_tls; /* stop compiler warning when no TLS support */
02b41d71 2865*message_defer = FALSE;
d093f8e5
JH		 2866
2867sx.addrlist = addrlist;
2868sx.host = host;
2869sx.host_af = host_af,
a843a57e 2870sx.port = defport;
d093f8e5 2871sx.interface = interface;
02b41d71 2872sx.helo_data = NULL;
d093f8e5 2873sx.tblock = tblock;
e9166683 2874sx.verify = FALSE;
d093f8e5 2875
9be4572b
JH		 2876/* Get the channel set up ready for a message (MAIL FROM being the next
2877SMTP command to send */
2878
e9166683 2879if ((rc = smtp_setup_conn(&sx, suppress_tls)) != OK)
d093f8e5
JH		 2880 return rc;
2881
0756eb3c
PH		 2882/* If there is a filter command specified for this transport, we can now
2883set it up. This cannot be done until the identify of the host is known. */
2884
e9166683 2885if (tblock->filter_command)
0756eb3c 2886 {
9b989985 2887 transport_filter_timeout = tblock->filter_timeout;
0756eb3c
PH		 2888
2889 /* On failure, copy the error to all addresses, abandon the SMTP call, and
2890 yield ERROR. */
2891
36d295f1
JH		 2892 if (!transport_set_up_command(&transport_filter_argv,
2893 tblock->filter_command, TRUE, DEFER, addrlist,
2894 string_sprintf("%.50s transport", tblock->name), NULL))
0756eb3c 2895 {
895fbaf2
JH		 2896 set_errno_nohost(addrlist->next, addrlist->basic_errno, addrlist->message, DEFER,
2897 FALSE);
0756eb3c
PH		 2898 yield = ERROR;
2899 goto SEND_QUIT;
2900 }
48f1c853
JH		 2901
2902 if ( transport_filter_argv
2903 && *transport_filter_argv
2904 && **transport_filter_argv
14de8063 2905 && sx.peer_offered & OPTION_CHUNKING
48f1c853
JH		 2906 )
2907 {
14de8063 2908 sx.peer_offered &= ~OPTION_CHUNKING;
48f1c853
JH		 2909 DEBUG(D_transport) debug_printf("CHUNKING not usable due to transport filter\n");
2910 }
0756eb3c
PH		 2911 }
2912
36d295f1 2913sx.first_addr = addrlist;
0756eb3c
PH		 2914
2915/* For messages that have more than the maximum number of envelope recipients,
2916we want to send several transactions down the same SMTP connection. (See
2917comments in deliver.c as to how this reconciles, heuristically, with
2918remote_max_parallel.) This optimization was added to Exim after the following
2919code was already working. The simplest way to put it in without disturbing the
2920code was to use a goto to jump back to this point when there is another
2921transaction to handle. */
2922
2923SEND_MESSAGE:
d9c3c8ed 2924sx.from_addr = return_path;
36d295f1 2925sx.sync_addr = sx.first_addr;
d093f8e5
JH		 2926sx.ok = FALSE;
2927sx.send_rset = TRUE;
d9c3c8ed 2928sx.completed_addr = FALSE;
0756eb3c
PH		 2929
2930
57cc2785
JH		 2931/* If we are a continued-connection-after-verify the MAIL and RCPT
2932commands were already sent; do not re-send but do mark the addrs as
2933having been accepted up to RCPT stage. A traditional cont-conn
2934always has a sequence number greater than one. */
6b62e899 2935
57cc2785 2936if (continue_hostname && continue_sequence == 1)
0756eb3c 2937 {
57cc2785 2938 address_item * addr;
0756eb3c 2939
57cc2785 2940 sx.peer_offered = smtp_peer_options;
d8b8dd15 2941 sx.pending_MAIL = FALSE;
57cc2785
JH		 2942 sx.ok = TRUE;
2943 sx.next_addr = NULL;
0756eb3c 2944
57cc2785
JH		 2945 for (addr = addrlist; addr; addr = addr->next)
2946 addr->transport_return = PENDING_OK;
2947 }
2948else
0756eb3c 2949 {
57cc2785
JH		 2950 /* Initiate a message transfer. */
2951
2952 switch(smtp_write_mail_and_rcpt_cmds(&sx, &yield))
2953 {
2954 case 0: break;
2955 case -1: case -2: goto RESPONSE_FAILED;
2956 case -3: goto END_OFF;
2957 case -4: goto SEND_QUIT;
2958 default: goto SEND_FAILED;
2959 }
2960
2961 /* If we are an MUA wrapper, abort if any RCPTs were rejected, either
2962 permanently or temporarily. We should have flushed and synced after the last
2963 RCPT. */
2964
2965 if (mua_wrapper)
2966 {
4c2471ca
JH		 2967 address_item * a;
2968 unsigned cnt;
2969
2970 for (a = sx.first_addr, cnt = 0; a && cnt < sx.max_rcpt; a = a->next, cnt++)
2971 if (a->transport_return != PENDING_OK)
57cc2785
JH		 2972 {
2973 /*XXX could we find a better errno than 0 here? */
4c2471ca
JH		 2974 set_errno_nohost(addrlist, 0, a->message, FAIL,
2975 testflag(a, af_pass_message));
57cc2785
JH		 2976 sx.ok = FALSE;
2977 break;
2978 }
2979 }
0756eb3c
PH		 2980 }
2981
2982/* If ok is TRUE, we know we have got at least one good recipient, and must now
2983send DATA, but if it is FALSE (in the normal, non-wrapper case), we may still
2984have a good recipient buffered up if we are pipelining. We don't want to waste
2985time sending DATA needlessly, so we only send it if either ok is TRUE or if we
6d5c916c
JH		 2986are pipelining. The responses are all handled by sync_responses().
2987If using CHUNKING, do not send a BDAT until we know how big a chunk we want
2988to send is. */
0756eb3c 2989
14de8063 2990if ( !(sx.peer_offered & OPTION_CHUNKING)
d093f8e5 2991 && (sx.ok || (pipelining_active && !mua_wrapper)))
0756eb3c 2992 {
4e910c01 2993 int count = smtp_write_command(&sx.outblock, SCMD_FLUSH, "DATA\r\n");
6d5c916c 2994
0756eb3c 2995 if (count < 0) goto SEND_FAILED;
df5b41e3 2996 switch(sync_responses(&sx, count, sx.ok ? +1 : -1))
0756eb3c 2997 {
d093f8e5 2998 case 3: sx.ok = TRUE; /* 2xx & 5xx => OK & progress made */
d9c3c8ed 2999 case 2: sx.completed_addr = TRUE; /* 5xx (only) => progress made */
0756eb3c
PH		 3000 break;
3001
d093f8e5 3002 case 1: sx.ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
d9c3c8ed 3003 if (!sx.lmtp) sx.completed_addr = TRUE; /* can't tell about progress yet */
0756eb3c
PH		 3004 case 0: break; /* No 2xx or 5xx, but no probs */
3005
3006 case -1: goto END_OFF; /* Timeout on RCPT */
3007 default: goto RESPONSE_FAILED; /* I/O error, or any MAIL/DATA error */
3008 }
0d9fa8c0 3009 pipelining_active = FALSE;
87cb4a16 3010 data_command = string_copy(big_buffer); /* Save for later error message */
0756eb3c
PH		 3011 }
3012
0756eb3c
PH		 3013/* If there were no good recipients (but otherwise there have been no
3014problems), just set ok TRUE, since we have handled address-specific errors
3015already. Otherwise, it's OK to send the message. Use the check/escape mechanism
3016for handling the SMTP dot-handling protocol, flagging to apply to headers as
3017well as body. Set the appropriate timeout value to be used for each chunk.
3018(Haven't been able to make it work using select() for writing yet.) */
3019
14de8063 3020if (!(sx.peer_offered & OPTION_CHUNKING) && !sx.ok)
6d5c916c
JH		 3021 {
3022 /* Save the first address of the next batch. */
d9c3c8ed 3023 sx.first_addr = sx.next_addr;
6d5c916c 3024
d093f8e5 3025 sx.ok = TRUE;
6d5c916c 3026 }
ff5aac2b 3027else
0756eb3c 3028 {
6b46ecc6 3029 transport_ctx tctx = {
74f1a423 3030 {sx.cctx.sock}, /*XXX will this need TLS info? */
6b46ecc6
JH		 3031 tblock,
3032 addrlist,
3033 US".", US"..", /* Escaping strings */
65de12cc 3034 topt_use_crlf | topt_escape_headers
6b46ecc6
JH		 3035 | (tblock->body_only ? topt_no_headers : 0)
3036 | (tblock->headers_only ? topt_no_body : 0)
3037 | (tblock->return_path_add ? topt_add_return_path : 0)
3038 | (tblock->delivery_date_add ? topt_add_delivery_date : 0)
3039 | (tblock->envelope_to_add ? topt_add_envelope_to : 0)
3040 };
3041
6d5c916c
JH		 3042 /* If using CHUNKING we need a callback from the generic transport
3043 support to us, for the sending of BDAT smtp commands and the reaping
3044 of responses. The callback needs a whole bunch of state so set up
3045 a transport-context structure to be passed around. */
3046
14de8063 3047 if (sx.peer_offered & OPTION_CHUNKING)
59932f7d 3048 {
65de12cc 3049 tctx.check_string = tctx.escape_string = NULL;
6d5c916c
JH		 3050 tctx.options |= topt_use_bdat;
3051 tctx.chunk_cb = smtp_chunk_cmd_callback;
e9166683
JH		 3052 sx.pending_BDAT = FALSE;
3053 sx.good_RCPT = sx.ok;
3054 sx.cmd_count = 0;
3055 tctx.smtp_context = &sx;
59932f7d
JH		 3056 }
3057 else
65de12cc 3058 tctx.options |= topt_end_dot;
59932f7d 3059
6d5c916c 3060 /* Save the first address of the next batch. */
d9c3c8ed 3061 sx.first_addr = sx.next_addr;
6d5c916c 3062
e027f545
JH		 3063 /* Responses from CHUNKING commands go in buffer. Otherwise,
3064 there has not been a response. */
3065
d093f8e5 3066 sx.buffer[0] = 0;
e027f545 3067
0756eb3c 3068 sigalrm_seen = FALSE;
d093f8e5 3069 transport_write_timeout = sx.ob->data_timeout;
0756eb3c
PH		 3070 smtp_command = US"sending data block"; /* For error messages */
3071 DEBUG(D_transport|D_v)
14de8063 3072 if (sx.peer_offered & OPTION_CHUNKING)
6d5c916c
JH		 3073 debug_printf(" will write message using CHUNKING\n");
3074 else
3075 debug_printf(" SMTP>> writing message and terminating \".\"\n");
0756eb3c 3076 transport_count = 0;
a7538db1 3077
80a47a2c 3078#ifndef DISABLE_DKIM
617d3932
JH		 3079 dkim_exim_sign_init();
3080# ifdef EXPERIMENTAL_ARC
3081 {
3082 uschar * s = sx.ob->arc_sign;
3083 if (s)
3084 {
587d831d 3085 if (!(sx.ob->dkim.arc_signspec = s = expand_string(s)))
617d3932 3086 {
587d831d
JH		 3087 if (!expand_string_forcedfail)
3088 {
3089 message = US"failed to expand arc_sign";
3090 sx.ok = FALSE;
3091 goto SEND_FAILED;
3092 }
3093 }
3094 else if (*s)
3095 {
3096 /* Ask dkim code to hash the body for ARC */
3097 (void) arc_ams_setup_sign_bodyhash();
3098 sx.ob->dkim.force_bodyhash = TRUE;
617d3932 3099 }
617d3932
JH		 3100 }
3101 }
3102# endif
42055a33 3103 sx.ok = dkim_transport_write_message(&tctx, &sx.ob->dkim, CUSS &message);
4cd12fe9 3104#else
42055a33 3105 sx.ok = transport_write_message(&tctx, 0);
4cd12fe9 3106#endif
0756eb3c
PH		 3107
3108 /* transport_write_message() uses write() because it is called from other
3109 places to write to non-sockets. This means that under some OS (e.g. Solaris)
3110 it can exit with "Broken pipe" as its error. This really means that the
3111 socket got closed at the far end. */
3112
3113 transport_write_timeout = 0; /* for subsequent transports */
3114
3115 /* Failure can either be some kind of I/O disaster (including timeout),
e027f545
JH		 3116 or the failure of a transport filter or the expansion of added headers.
3117 Or, when CHUNKING, it can be a protocol-detected failure. */
0756eb3c 3118
d093f8e5 3119 if (!sx.ok)
b9df1829
JH		 3120 if (message) goto SEND_FAILED;
3121 else goto RESPONSE_FAILED;
0756eb3c
PH		 3122
3123 /* We used to send the terminating "." explicitly here, but because of
3124 buffering effects at both ends of TCP/IP connections, you don't gain
3125 anything by keeping it separate, so it might as well go in the final
3126 data buffer for efficiency. This is now done by setting the topt_end_dot
3127 flag above. */
3128
3129 smtp_command = US"end of data";
3130
14de8063 3131 if (sx.peer_offered & OPTION_CHUNKING && sx.cmd_count > 1)
6d5c916c
JH		 3132 {
3133 /* Reap any outstanding MAIL & RCPT commands, but not a DATA-go-ahead */
e9166683 3134 switch(sync_responses(&sx, sx.cmd_count-1, 0))
6d5c916c 3135 {
d093f8e5 3136 case 3: sx.ok = TRUE; /* 2xx & 5xx => OK & progress made */
d9c3c8ed 3137 case 2: sx.completed_addr = TRUE; /* 5xx (only) => progress made */
6d5c916c
JH		 3138 break;
3139
d093f8e5 3140 case 1: sx.ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
d9c3c8ed 3141 if (!sx.lmtp) sx.completed_addr = TRUE; /* can't tell about progress yet */
6d5c916c
JH		 3142 case 0: break; /* No 2xx or 5xx, but no probs */
3143
3144 case -1: goto END_OFF; /* Timeout on RCPT */
3145 default: goto RESPONSE_FAILED; /* I/O error, or any MAIL/DATA error */
3146 }
3147 }
3148
8ccd00b1 3149#ifndef DISABLE_PRDR
fd98a5c6
JH		 3150 /* For PRDR we optionally get a partial-responses warning
3151 * followed by the individual responses, before going on with
3152 * the overall response. If we don't get the warning then deal
3153 * with per non-PRDR. */
d093f8e5 3154 if(sx.prdr_active)
fd98a5c6 3155 {
d093f8e5
JH		 3156 sx.ok = smtp_read_response(&sx.inblock, sx.buffer, sizeof(sx.buffer), '3',
3157 sx.ob->final_timeout);
3158 if (!sx.ok && errno == 0) switch(sx.buffer[0])
e027f545 3159 {
d093f8e5
JH		 3160 case '2': sx.prdr_active = FALSE;
3161 sx.ok = TRUE;
e027f545
JH		 3162 break;
3163 case '4': errno = ERRNO_DATA4XX;
3164 addrlist->more_errno |=
d093f8e5 3165 ((sx.buffer[1] - '0')*10 + sx.buffer[2] - '0') << 8;
e027f545
JH		 3166 break;
3167 }
fd98a5c6
JH		 3168 }
3169 else
3170#endif
3171
3172 /* For non-PRDR SMTP, we now read a single response that applies to the
3173 whole message. If it is OK, then all the addresses have been delivered. */
0756eb3c 3174
d093f8e5 3175 if (!sx.lmtp)
e97957bc 3176 {
d093f8e5
JH		 3177 sx.ok = smtp_read_response(&sx.inblock, sx.buffer, sizeof(sx.buffer), '2',
3178 sx.ob->final_timeout);
3179 if (!sx.ok && errno == 0 && sx.buffer[0] == '4')
e97957bc
PH		 3180 {
3181 errno = ERRNO_DATA4XX;
d093f8e5 3182 addrlist->more_errno |= ((sx.buffer[1] - '0')*10 + sx.buffer[2] - '0') << 8;
e97957bc
PH		 3183 }
3184 }
0756eb3c
PH		 3185
3186 /* For LMTP, we get back a response for every RCPT command that we sent;
3187 some may be accepted and some rejected. For those that get a response, their
3188 status is fixed; any that are accepted have been handed over, even if later
3189 responses crash - at least, that's how I read RFC 2033.
3190
3191 If all went well, mark the recipient addresses as completed, record which
3192 host/IPaddress they were delivered to, and cut out RSET when sending another
3193 message down the same channel. Write the completed addresses to the journal
3194 now so that they are recorded in case there is a crash of hardware or
3195 software before the spool gets updated. Also record the final SMTP
3196 confirmation if needed (for SMTP only). */
3197
d093f8e5 3198 if (sx.ok)
0756eb3c
PH		 3199 {
3200 int flag = '=';
32dfdf8b 3201 struct timeval delivery_time;
0756eb3c 3202 int len;
32dfdf8b 3203 uschar * conf = NULL;
0d9fa8c0 3204
32dfdf8b 3205 timesince(&delivery_time, &start_delivery_time);
d093f8e5 3206 sx.send_rset = FALSE;
0d9fa8c0 3207 pipelining_active = FALSE;
0756eb3c 3208
0756eb3c
PH		 3209 /* Set up confirmation if needed - applies only to SMTP */
3210
d68218c7 3211 if (
0cbf2b82 3212#ifdef DISABLE_EVENT
6c6d6e48 3213 LOGGING(smtp_confirmation) &&
a7538db1 3214#endif
d093f8e5 3215 !sx.lmtp
d68218c7 3216 )
0756eb3c 3217 {
d093f8e5 3218 const uschar *s = string_printing(sx.buffer);
55414b25 3219 /* deconst cast ok here as string_printing was checked to have alloc'n'copied */
5903c6ff 3220 conf = (s == sx.buffer)? US string_copy(s) : US s;
0756eb3c
PH		 3221 }
3222
fd98a5c6 3223 /* Process all transported addresses - for LMTP or PRDR, read a status for
0756eb3c
PH		 3224 each one. */
3225
d9c3c8ed 3226 for (addr = addrlist; addr != sx.first_addr; addr = addr->next)
0756eb3c
PH		 3227 {
3228 if (addr->transport_return != PENDING_OK) continue;
3229
3230 /* LMTP - if the response fails badly (e.g. timeout), use it for all the
3231 remaining addresses. Otherwise, it's a return code for just the one
75def545
PH		 3232 address. For temporary errors, add a retry item for the address so that
3233 it doesn't get tried again too soon. */
0756eb3c 3234
8ccd00b1 3235#ifndef DISABLE_PRDR
d093f8e5 3236 if (sx.lmtp || sx.prdr_active)
fd98a5c6 3237#else
d093f8e5 3238 if (sx.lmtp)
fd98a5c6 3239#endif
0756eb3c 3240 {
d093f8e5
JH		 3241 if (!smtp_read_response(&sx.inblock, sx.buffer, sizeof(sx.buffer), '2',
3242 sx.ob->final_timeout))
0756eb3c 3243 {
d093f8e5 3244 if (errno != 0 || sx.buffer[0] == 0) goto RESPONSE_FAILED;
fd98a5c6 3245 addr->message = string_sprintf(
8ccd00b1 3246#ifndef DISABLE_PRDR
d093f8e5 3247 "%s error after %s: %s", sx.prdr_active ? "PRDR":"LMTP",
fd98a5c6
JH		 3248#else
3249 "LMTP error after %s: %s",
3250#endif
d093f8e5 3251 data_command, string_printing(sx.buffer));
75def545 3252 setflag(addr, af_pass_message); /* Allow message to go to user */
d093f8e5 3253 if (sx.buffer[0] == '5')
75def545
PH		 3254 addr->transport_return = FAIL;
3255 else
3256 {
e97957bc 3257 errno = ERRNO_DATA4XX;
d093f8e5 3258 addr->more_errno |= ((sx.buffer[1] - '0')*10 + sx.buffer[2] - '0') << 8;
75def545 3259 addr->transport_return = DEFER;
8ccd00b1 3260#ifndef DISABLE_PRDR
d093f8e5 3261 if (!sx.prdr_active)
fd98a5c6
JH		 3262#endif
3263 retry_add_item(addr, addr->address_retry_key, 0);
75def545 3264 }
0756eb3c
PH		 3265 continue;
3266 }
d9c3c8ed 3267 sx.completed_addr = TRUE; /* NOW we can set this flag */
6c6d6e48 3268 if (LOGGING(smtp_confirmation))
c0ea85ab 3269 {
d093f8e5 3270 const uschar *s = string_printing(sx.buffer);
55414b25 3271 /* deconst cast ok here as string_printing was checked to have alloc'n'copied */
d093f8e5 3272 conf = (s == sx.buffer) ? US string_copy(s) : US s;
c0ea85ab 3273 }
0756eb3c
PH		 3274 }
3275
3276 /* SMTP, or success return from LMTP for this address. Pass back the
2d280592 3277 actual host that was used. */
0756eb3c
PH		 3278
3279 addr->transport_return = OK;
32dfdf8b
JH		 3280 addr->more_errno = delivery_time.tv_sec;
3281 addr->delivery_usec = delivery_time.tv_usec;
d427a7f9 3282 addr->host_used = host;
0756eb3c
PH		 3283 addr->special_action = flag;
3284 addr->message = conf;
8ccd00b1 3285#ifndef DISABLE_PRDR
7eb0e5d2 3286 if (sx.prdr_active) setflag(addr, af_prdr_used);
fd98a5c6 3287#endif
7eb0e5d2 3288 if (sx.peer_offered & OPTION_CHUNKING) setflag(addr, af_chunking_used);
0756eb3c
PH		 3289 flag = '-';
3290
8ccd00b1 3291#ifndef DISABLE_PRDR
d093f8e5 3292 if (!sx.prdr_active)
fd98a5c6
JH		 3293#endif
3294 {
3295 /* Update the journal. For homonymic addresses, use the base address plus
3296 the transport name. See lots of comments in deliver.c about the reasons
3297 for the complications when homonyms are involved. Just carry on after
3298 write error, as it may prove possible to update the spool file later. */
4d8d62b9 3299
fd98a5c6 3300 if (testflag(addr, af_homonym))
d093f8e5 3301 sprintf(CS sx.buffer, "%.500s/%s\n", addr->unique + 3, tblock->name);
fd98a5c6 3302 else
d093f8e5 3303 sprintf(CS sx.buffer, "%.500s\n", addr->unique);
4d8d62b9 3304
5bfe3b35 3305 DEBUG(D_deliver) debug_printf("S:journalling %s\n", sx.buffer);
d093f8e5
JH		 3306 len = Ustrlen(CS sx.buffer);
3307 if (write(journal_fd, sx.buffer, len) != len)
fd98a5c6 3308 log_write(0, LOG_MAIN|LOG_PANIC, "failed to write journal for "
d093f8e5 3309 "%s: %s", sx.buffer, strerror(errno));
fd98a5c6 3310 }
0756eb3c
PH		 3311 }
3312
8ccd00b1 3313#ifndef DISABLE_PRDR
d093f8e5 3314 if (sx.prdr_active)
fd98a5c6 3315 {
2556b3c6
SA		 3316 const uschar * overall_message;
3317
fd98a5c6
JH		 3318 /* PRDR - get the final, overall response. For any non-success
3319 upgrade all the address statuses. */
2556b3c6 3320
d093f8e5
JH		 3321 sx.ok = smtp_read_response(&sx.inblock, sx.buffer, sizeof(sx.buffer), '2',
3322 sx.ob->final_timeout);
3323 if (!sx.ok)
fd98a5c6 3324 {
d093f8e5 3325 if(errno == 0 && sx.buffer[0] == '4')
fd98a5c6
JH		 3326 {
3327 errno = ERRNO_DATA4XX;
d093f8e5 3328 addrlist->more_errno |= ((sx.buffer[1] - '0')*10 + sx.buffer[2] - '0') << 8;
fd98a5c6 3329 }
d9c3c8ed 3330 for (addr = addrlist; addr != sx.first_addr; addr = addr->next)
d093f8e5 3331 if (sx.buffer[0] == '5' || addr->transport_return == OK)
fd98a5c6
JH		 3332 addr->transport_return = PENDING_OK; /* allow set_errno action */
3333 goto RESPONSE_FAILED;
3334 }
3335
2556b3c6
SA		 3336 /* Append the overall response to the individual PRDR response for logging
3337 and update the journal, or setup retry. */
3338
3339 overall_message = string_printing(sx.buffer);
3340 for (addr = addrlist; addr != sx.first_addr; addr = addr->next)
3341 if (addr->transport_return == OK)
3342 addr->message = string_sprintf("%s\\n%s", addr->message, overall_message);
3343
d9c3c8ed 3344 for (addr = addrlist; addr != sx.first_addr; addr = addr->next)
fd98a5c6 3345 if (addr->transport_return == OK)
9be4572b
JH		 3346 {
3347 if (testflag(addr, af_homonym))
3348 sprintf(CS sx.buffer, "%.500s/%s\n", addr->unique + 3, tblock->name);
3349 else
3350 sprintf(CS sx.buffer, "%.500s\n", addr->unique);
3351
3352 DEBUG(D_deliver) debug_printf("journalling(PRDR) %s\n", sx.buffer);
3353 len = Ustrlen(CS sx.buffer);
3354 if (write(journal_fd, sx.buffer, len) != len)
3355 log_write(0, LOG_MAIN|LOG_PANIC, "failed to write journal for "
3356 "%s: %s", sx.buffer, strerror(errno));
3357 }
3358 else if (addr->transport_return == DEFER)
3359 retry_add_item(addr, addr->address_retry_key, -2);
fd98a5c6
JH		 3360 }
3361#endif
3362
0756eb3c
PH		 3363 /* Ensure the journal file is pushed out to disk. */
3364
54fc8428 3365 if (EXIMfsync(journal_fd) < 0)
0756eb3c
PH		 3366 log_write(0, LOG_MAIN|LOG_PANIC, "failed to fsync journal: %s",
3367 strerror(errno));
3368 }
3369 }
3370
3371
3372/* Handle general (not specific to one address) failures here. The value of ok
3373is used to skip over this code on the falling through case. A timeout causes a
3374deferral. Other errors may defer or fail according to the response code, and
3375may set up a special errno value, e.g. after connection chopped, which is
3376assumed if errno == 0 and there is no text in the buffer. If control reaches
3377here during the setting up phase (i.e. before MAIL FROM) then always defer, as
3378the problem is not related to this specific message. */
3379
d093f8e5 3380if (!sx.ok)
0756eb3c 3381 {
895fbaf2
JH		 3382 int code, set_rc;
3383 uschar * set_message;
0756eb3c
PH		 3384
3385 RESPONSE_FAILED:
895fbaf2
JH		 3386 {
3387 save_errno = errno;
3388 message = NULL;
d093f8e5
JH		 3389 sx.send_quit = check_response(host, &save_errno, addrlist->more_errno,
3390 sx.buffer, &code, &message, &pass_message);
895fbaf2
JH		 3391 goto FAILED;
3392 }
0756eb3c
PH		 3393
3394 SEND_FAILED:
895fbaf2
JH		 3395 {
3396 save_errno = errno;
3397 code = '4';
b9df1829 3398 message = string_sprintf("send() to %s [%s] failed: %s",
c0ad8edf 3399 host->name, host->address, message ? message : US strerror(save_errno));
d093f8e5 3400 sx.send_quit = FALSE;
895fbaf2
JH		 3401 goto FAILED;
3402 }
0756eb3c 3403
0756eb3c 3404 FAILED:
9be4572b
JH		 3405 {
3406 BOOL message_error;
0756eb3c 3407
9be4572b
JH		 3408 sx.ok = FALSE; /* For when reached by GOTO */
3409 set_message = message;
0756eb3c 3410
e97957bc 3411 /* We want to handle timeouts after MAIL or "." and loss of connection after
0756eb3c 3412 "." specially. They can indicate a problem with the sender address or with
e97957bc
PH		 3413 the contents of the message rather than a real error on the connection. These
3414 cases are treated in the same way as a 4xx response. This next bit of code
3415 does the classification. */
0756eb3c 3416
e97957bc
PH		 3417 switch(save_errno)
3418 {
3419 case 0:
3420 case ERRNO_MAIL4XX:
3421 case ERRNO_DATA4XX:
250b6871
JH		 3422 message_error = TRUE;
3423 break;
0756eb3c 3424
e97957bc 3425 case ETIMEDOUT:
250b6871
JH		 3426 message_error = Ustrncmp(smtp_command,"MAIL",4) == 0 ||
3427 Ustrncmp(smtp_command,"end ",4) == 0;
3428 break;
e97957bc
PH		 3429
3430 case ERRNO_SMTPCLOSED:
250b6871
JH		 3431 message_error = Ustrncmp(smtp_command,"end ",4) == 0;
3432 break;
e97957bc
PH		 3433
3434 default:
250b6871
JH		 3435 message_error = FALSE;
3436 break;
e97957bc 3437 }
0756eb3c 3438
e97957bc 3439 /* Handle the cases that are treated as message errors. These are:
0756eb3c 3440
e97957bc
PH		 3441 (a) negative response or timeout after MAIL
3442 (b) negative response after DATA
3443 (c) negative response or timeout or dropped connection after "."
250b6871 3444 (d) utf8 support required and not offered
0756eb3c 3445
e97957bc
PH		 3446 It won't be a negative response or timeout after RCPT, as that is dealt
3447 with separately above. The action in all cases is to set an appropriate
3448 error code for all the addresses, but to leave yield set to OK because the
3449 host itself has not failed. Of course, it might in practice have failed
3450 when we've had a timeout, but if so, we'll discover that at the next
3451 delivery attempt. For a temporary error, set the message_defer flag, and
3452 write to the logs for information if this is not the last host. The error
3453 for the last host will be logged as part of the address's log line. */
3454
3455 if (message_error)
0756eb3c 3456 {
e97957bc 3457 if (mua_wrapper) code = '5'; /* Force hard failure in wrapper mode */
e97957bc
PH		 3458
3459 /* If there's an errno, the message contains just the identity of
3460 the host. */
3461
895fbaf2
JH		 3462 if (code == '5')
3463 set_rc = FAIL;
3464 else /* Anything other than 5 is treated as temporary */
e97957bc 3465 {
895fbaf2 3466 set_rc = DEFER;
e97957bc
PH		 3467 if (save_errno > 0)
3468 message = US string_sprintf("%s: %s", message, strerror(save_errno));
ec62d0a9
HSHR		 3469
3470 write_logs(host, message, sx.first_addr ? sx.first_addr->basic_errno : 0);
3471
e97957bc
PH		 3472 *message_defer = TRUE;
3473 }
3474 }
3475
3476 /* Otherwise, we have an I/O error or a timeout other than after MAIL or
3477 ".", or some other transportation error. We defer all addresses and yield
3478 DEFER, except for the case of failed add_headers expansion, or a transport
3479 filter failure, when the yield should be ERROR, to stop it trying other
3480 hosts. */
3481
3482 else
3483 {
895fbaf2 3484 set_rc = DEFER;
e97957bc
PH		 3485 yield = (save_errno == ERRNO_CHHEADER_FAIL ||
3486 save_errno == ERRNO_FILTER_FAIL)? ERROR : DEFER;
0756eb3c
PH		 3487 }
3488 }
895fbaf2
JH		 3489
3490 set_errno(addrlist, save_errno, set_message, set_rc, pass_message, host
3491#ifdef EXPERIMENTAL_DSN_INFO
d093f8e5 3492 , sx.smtp_greeting, sx.helo_response
895fbaf2
JH		 3493#endif
3494 );
0756eb3c
PH		 3495 }
3496
3497
3498/* If all has gone well, send_quit will be set TRUE, implying we can end the
3499SMTP session tidily. However, if there were too many addresses to send in one
3500message (indicated by first_addr being non-NULL) we want to carry on with the
3501rest of them. Also, it is desirable to send more than one message down the SMTP
3502connection if there are several waiting, provided we haven't already sent so
3503many as to hit the configured limit. The function transport_check_waiting looks
3504for a waiting message and returns its id. Then transport_pass_socket tries to
3505set up a continued delivery by passing the socket on to another process. The
3506variable send_rset is FALSE if a message has just been successfully transfered.
3507
3508If we are already sending down a continued channel, there may be further
3509addresses not yet delivered that are aimed at the same host, but which have not
3510been passed in this run of the transport. In this case, continue_more will be
3511true, and all we should do is send RSET if necessary, and return, leaving the
3512channel open.
3513
3514However, if no address was disposed of, i.e. all addresses got 4xx errors, we
3515do not want to continue with other messages down the same channel, because that
3516can lead to looping between two or more messages, all with the same,
3517temporarily failing address(es). [The retry information isn't updated yet, so
3518new processes keep on trying.] We probably also don't want to try more of this
3519message's addresses either.
3520
3521If we have started a TLS session, we have to end it before passing the
3522connection to a new process. However, not all servers can handle this (Exim
3523can), so we do not pass such a connection on if the host matches
3524hosts_nopass_tls. */
3525
3526DEBUG(D_transport)
3527 debug_printf("ok=%d send_quit=%d send_rset=%d continue_more=%d "
d093f8e5 3528 "yield=%d first_address is %sNULL\n", sx.ok, sx.send_quit,
d9c3c8ed 3529 sx.send_rset, continue_more, yield, sx.first_addr ? "not " : "");
0756eb3c 3530
d9c3c8ed 3531if (sx.completed_addr && sx.ok && sx.send_quit)
0756eb3c
PH		 3532 {
3533 BOOL more;
a39bd74d
JB		 3534 smtp_compare_t t_compare;
3535
3536 t_compare.tblock = tblock;
3537 t_compare.current_sender_address = sender_address;
3538
d9c3c8ed 3539 if ( sx.first_addr != NULL
5130845b 3540 || continue_more
875512a3
JH		 3541 || (
3542#ifdef SUPPORT_TLS
74f1a423 3543 ( tls_out.active.sock < 0 && !continue_proxy_cipher
d093f8e5 3544 || verify_check_given_host(&sx.ob->hosts_nopass_tls, host) != OK
5130845b 3545 )
0756eb3c 3546 &&
875512a3 3547#endif
0756eb3c 3548 transport_check_waiting(tblock->name, host->name,
a39bd74d
JB		 3549 tblock->connection_max_messages, new_message_id, &more,
3550 (oicf)smtp_are_same_identities, (void*)&t_compare)
5130845b 3551 ) )
0756eb3c
PH		 3552 {
3553 uschar *msg;
447d236c 3554 BOOL pass_message;
0756eb3c 3555
d093f8e5 3556 if (sx.send_rset)
4e910c01 3557 if (! (sx.ok = smtp_write_command(&sx.outblock, SCMD_FLUSH, "RSET\r\n") >= 0))
0756eb3c
PH		 3558 {
3559 msg = US string_sprintf("send() to %s [%s] failed: %s", host->name,
9e7e0f6a 3560 host->address, strerror(errno));
d093f8e5 3561 sx.send_quit = FALSE;
0756eb3c 3562 }
d093f8e5
JH		 3563 else if (! (sx.ok = smtp_read_response(&sx.inblock, sx.buffer,
3564 sizeof(sx.buffer), '2', sx.ob->command_timeout)))
0756eb3c
PH		 3565 {
3566 int code;
d093f8e5 3567 sx.send_quit = check_response(host, &errno, 0, sx.buffer, &code, &msg,
447d236c 3568 &pass_message);
d093f8e5 3569 if (!sx.send_quit)
0756eb3c 3570 {
c562fd30
JH		 3571 DEBUG(D_transport) debug_printf("H=%s [%s] %s\n",
3572 host->name, host->address, msg);
0756eb3c
PH		 3573 }
3574 }
0756eb3c
PH		 3575
3576 /* Either RSET was not needed, or it succeeded */
3577
d093f8e5 3578 if (sx.ok)
0756eb3c 3579 {
875512a3 3580 int pfd[2];
74f1a423 3581 int socket_fd = sx.cctx.sock;
875512a3
JH		 3582
3583
3584 if (sx.first_addr != NULL) /* More addresses still to be sent */
0756eb3c
PH		 3585 { /* in this run of the transport */
3586 continue_sequence++; /* Causes * in logging */
3587 goto SEND_MESSAGE;
3588 }
0756eb3c 3589
b7d3afcf
JH		 3590 /* Unless caller said it already has more messages listed for this host,
3591 pass the connection on to a new Exim process (below, the call to
3592 transport_pass_socket). If the caller has more ready, just return with
3593 the connection still open. */
3594
a7538db1 3595#ifdef SUPPORT_TLS
74f1a423 3596 if (tls_out.active.sock >= 0)
b7d3afcf
JH		 3597 if ( continue_more
3598 || verify_check_given_host(&sx.ob->hosts_noproxy_tls, host) == OK)
875512a3 3599 {
b7d3afcf
JH		 3600 /* Before passing the socket on, or returning to caller with it still
3601 open, we must shut down TLS. Not all MTAs allow for the continuation
3602 of the SMTP session when TLS is shut down. We test for this by sending
3603 a new EHLO. If we don't get a good response, we don't attempt to pass
3604 the socket on. */
875512a3 3605
74f1a423 3606 tls_close(sx.cctx.tls_ctx, TLS_SHUTDOWN_WAIT);
c645dd29 3607 sx.cctx.tls_ctx = NULL;
875512a3
JH		 3608 smtp_peer_options = smtp_peer_options_wrap;
3609 sx.ok = !sx.smtps
4e910c01 3610 && smtp_write_command(&sx.outblock, SCMD_FLUSH,
875512a3
JH		 3611 "EHLO %s\r\n", sx.helo_data) >= 0
3612 && smtp_read_response(&sx.inblock, sx.buffer, sizeof(sx.buffer),
3613 '2', sx.ob->command_timeout);
b7d3afcf
JH		 3614
3615 if (sx.ok && continue_more)
3616 return yield; /* More addresses for another run */
875512a3
JH		 3617 }
3618 else
3619 {
3620 /* Set up a pipe for proxying TLS for the new transport process */
3621
14de8063 3622 smtp_peer_options |= OPTION_TLS;
fa18eebc 3623 if (sx.ok = (socketpair(AF_UNIX, SOCK_STREAM, 0, pfd) == 0))
875512a3
JH		 3624 socket_fd = pfd[1];
3625 else
3626 set_errno(sx.first_addr, errno, US"internal allocation problem",
3627 DEFER, FALSE, host
3628# ifdef EXPERIMENTAL_DSN_INFO
3629 , sx.smtp_greeting, sx.helo_response
3630# endif
3631 );
3632 }
b7d3afcf 3633 else
a7538db1 3634#endif
b7d3afcf
JH		 3635 if (continue_more)
3636 return yield; /* More addresses for another run */
0756eb3c 3637
4c04137d 3638 /* If the socket is successfully passed, we mustn't send QUIT (or
0756eb3c
PH		 3639 indeed anything!) from here. */
3640
895fbaf2
JH		 3641/*XXX DSN_INFO: assume likely to do new HELO; but for greet we'll want to
3642propagate it from the initial
3643*/
d093f8e5 3644 if (sx.ok && transport_pass_socket(tblock->name, host->name,
875512a3
JH		 3645 host->address, new_message_id, socket_fd))
3646 {
d093f8e5 3647 sx.send_quit = FALSE;
875512a3 3648
d097cc73
JH		 3649 /* We have passed the client socket to a fresh transport process.
3650 If TLS is still active, we need to proxy it for the transport we
875512a3
JH		 3651 just passed the baton to. Fork a child to to do it, and return to
3652 get logging done asap. Which way to place the work makes assumptions
3653 about post-fork prioritisation which may not hold on all platforms. */
57cc2785 3654#ifdef SUPPORT_TLS
74f1a423 3655 if (tls_out.active.sock >= 0)
875512a3
JH		 3656 {
3657 int pid = fork();
d097cc73 3658 if (pid == 0) /* child; fork again to disconnect totally */
626810b9
JH		 3659 {
3660 if (running_in_test_harness) millisleep(100); /* let parent debug out */
d097cc73 3661 /* does not return */
74f1a423 3662 smtp_proxy_tls(sx.cctx.tls_ctx, sx.buffer, sizeof(sx.buffer), pfd,
d097cc73 3663 sx.ob->command_timeout);
626810b9 3664 }
d097cc73 3665
875512a3
JH		 3666 if (pid > 0) /* parent */
3667 {
b7d3afcf 3668 DEBUG(D_transport) debug_printf("proxy-proc inter-pid %d\n", pid);
e47252f5 3669 close(pfd[0]);
d097cc73 3670 /* tidy the inter-proc to disconn the proxy proc */
60272099 3671 waitpid(pid, NULL, 0);
74f1a423
JH		 3672 tls_close(sx.cctx.tls_ctx, TLS_NO_SHUTDOWN);
3673 sx.cctx.tls_ctx = NULL;
3674 (void)close(sx.cctx.sock);
3675 sx.cctx.sock = -1;
875512a3
JH		 3676 continue_transport = NULL;
3677 continue_hostname = NULL;
3678 return yield;
3679 }
d097cc73 3680 log_write(0, LOG_PANIC_DIE, "fork failed");
875512a3 3681 }
57cc2785 3682#endif
875512a3 3683 }
0756eb3c
PH		 3684 }
3685
3686 /* If RSET failed and there are addresses left, they get deferred. */
875512a3
JH		 3687 else
3688 set_errno(sx.first_addr, errno, msg, DEFER, FALSE, host
895fbaf2 3689#ifdef EXPERIMENTAL_DSN_INFO
d093f8e5 3690 , sx.smtp_greeting, sx.helo_response
895fbaf2
JH		 3691#endif
3692 );
0756eb3c
PH		 3693 }
3694 }
3695
3696/* End off tidily with QUIT unless the connection has died or the socket has
3697been passed to another process. There has been discussion on the net about what
3698to do after sending QUIT. The wording of the RFC suggests that it is necessary
3699to wait for a response, but on the other hand, there isn't anything one can do
3700with an error response, other than log it. Exim used to do that. However,
3701further discussion suggested that it is positively advantageous not to wait for
3702the response, but to close the session immediately. This is supposed to move
3703the TCP/IP TIME_WAIT state from the server to the client, thereby removing some
3704load from the server. (Hosts that are both servers and clients may not see much
3705difference, of course.) Further discussion indicated that this was safe to do
3706on Unix systems which have decent implementations of TCP/IP that leave the
3707connection around for a while (TIME_WAIT) after the application has gone away.
3708This enables the response sent by the server to be properly ACKed rather than
3709timed out, as can happen on broken TCP/IP implementations on other OS.
3710
3711This change is being made on 31-Jul-98. After over a year of trouble-free
3712operation, the old commented-out code was removed on 17-Sep-99. */
3713
3714SEND_QUIT:
4e910c01 3715if (sx.send_quit) (void)smtp_write_command(&sx.outblock, SCMD_FLUSH, "QUIT\r\n");
0756eb3c
PH		 3716
3717END_OFF:
3718
3719#ifdef SUPPORT_TLS
74f1a423 3720tls_close(sx.cctx.tls_ctx, TLS_SHUTDOWN_NOWAIT);
c645dd29 3721sx.cctx.tls_ctx = NULL;
0756eb3c
PH		 3722#endif
3723
3724/* Close the socket, and return the appropriate value, first setting
0756eb3c
PH		 3725works because the NULL setting is passed back to the calling process, and
3726remote_max_parallel is forced to 1 when delivering over an existing connection,
3727
3728If all went well and continue_more is set, we shouldn't actually get here if
3729there are further addresses, as the return above will be taken. However,
3730writing RSET might have failed, or there may be other addresses whose hosts are
3731specified in the transports, and therefore not visible at top level, in which
3732case continue_more won't get set. */
3733
e1d04f48 3734HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP(close)>>\n");
d093f8e5 3735if (sx.send_quit)
60d10ce7 3736 {
74f1a423
JH		 3737 shutdown(sx.cctx.sock, SHUT_WR);
3738 if (fcntl(sx.cctx.sock, F_SETFL, O_NONBLOCK) == 0)
3739 for (rc = 16; read(sx.cctx.sock, sx.inbuffer, sizeof(sx.inbuffer)) > 0 && rc > 0;)
5ddc9771 3740 rc--; /* drain socket */
60d10ce7 3741 }
74f1a423 3742(void)close(sx.cctx.sock);
a7538db1 3743
0cbf2b82 3744#ifndef DISABLE_EVENT
774ef2d7 3745(void) event_raise(tblock->event_action, US"tcp:close", NULL);
a7538db1
JH		 3746#endif
3747
0756eb3c
PH		 3748continue_transport = NULL;
3749continue_hostname = NULL;
3750return yield;
3751}
3752
3753
3754
3755
3756/*************************************************
3757* Closedown entry point *
3758*************************************************/
3759
3760/* This function is called when exim is passed an open smtp channel
3761from another incarnation, but the message which it has been asked
3762to deliver no longer exists. The channel is on stdin.
3763
3764We might do fancy things like looking for another message to send down
3765the channel, but if the one we sought has gone, it has probably been
3766delivered by some other process that itself will seek further messages,
3767so just close down our connection.
3768
3769Argument: pointer to the transport instance block
3770Returns: nothing
3771*/
3772
3773void
3774smtp_transport_closedown(transport_instance *tblock)
3775{
3776smtp_transport_options_block *ob =
02b41d71 3777 (smtp_transport_options_block *)tblock->options_block;
74f1a423 3778client_conn_ctx cctx;
0756eb3c
PH		 3779smtp_inblock inblock;
3780smtp_outblock outblock;
3781uschar buffer[256];
3782uschar inbuffer[4096];
3783uschar outbuffer[16];
3784
74f1a423
JH		 3785/*XXX really we need an active-smtp-client ctx, rather than assuming stdout */
3786cctx.sock = fileno(stdin);
3787cctx.tls_ctx = cctx.sock == tls_out.active.sock ? tls_out.active.tls_ctx : NULL;
3788
3789inblock.cctx = &cctx;
0756eb3c
PH		 3790inblock.buffer = inbuffer;
3791inblock.buffersize = sizeof(inbuffer);
3792inblock.ptr = inbuffer;
3793inblock.ptrend = inbuffer;
3794
74f1a423 3795outblock.cctx = &cctx;
0756eb3c
PH		 3796outblock.buffersize = sizeof(outbuffer);
3797outblock.buffer = outbuffer;
3798outblock.ptr = outbuffer;
3799outblock.cmd_count = 0;
3800outblock.authenticating = FALSE;
3801
4e910c01 3802(void)smtp_write_command(&outblock, SCMD_FLUSH, "QUIT\r\n");
0756eb3c
PH		 3803(void)smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
3804 ob->command_timeout);
74f1a423 3805(void)close(cctx.sock);
0756eb3c
PH		 3806}
3807
3808
3809
3810/*************************************************
3811* Prepare addresses for delivery *
3812*************************************************/
3813
3814/* This function is called to flush out error settings from previous delivery
3815attempts to other hosts. It also records whether we got here via an MX record
3816or not in the more_errno field of the address. We are interested only in
3817addresses that are still marked DEFER - others may have got delivered to a
3818previously considered IP address. Set their status to PENDING_DEFER to indicate
3819which ones are relevant this time.
3820
3821Arguments:
3822 addrlist the list of addresses
3823 host the host we are delivering to
3824
3825Returns: the first address for this delivery
3826*/
3827
3828static address_item *
3829prepare_addresses(address_item *addrlist, host_item *host)
3830{
3831address_item *first_addr = NULL;
3832address_item *addr;
7b4c8c1f 3833for (addr = addrlist; addr; addr = addr->next)
168dec3b
JH		 3834 if (addr->transport_return == DEFER)
3835 {
7b4c8c1f 3836 if (!first_addr) first_addr = addr;
168dec3b
JH		 3837 addr->transport_return = PENDING_DEFER;
3838 addr->basic_errno = 0;
3839 addr->more_errno = (host->mx >= 0)? 'M' : 'A';
3840 addr->message = NULL;
a7538db1 3841#ifdef SUPPORT_TLS
168dec3b
JH		 3842 addr->cipher = NULL;
3843 addr->ourcert = NULL;
3844 addr->peercert = NULL;
3845 addr->peerdn = NULL;
3846 addr->ocsp = OCSP_NOT_REQ;
895fbaf2
JH		 3847#endif
3848#ifdef EXPERIMENTAL_DSN_INFO
3849 addr->smtp_greeting = NULL;
3850 addr->helo_response = NULL;
a7538db1 3851#endif
168dec3b 3852 }
0756eb3c
PH		 3853return first_addr;
3854}
3855
3856
3857
3858/*************************************************
3859* Main entry point *
3860*************************************************/
3861
3862/* See local README for interface details. As this is a remote transport, it is
3863given a chain of addresses to be delivered in one connection, if possible. It
3864always returns TRUE, indicating that each address has its own independent
3865status set, except if there is a setting up problem, in which case it returns
3866FALSE. */
3867
3868BOOL
3869smtp_transport_entry(
3870 transport_instance *tblock, /* data for this instantiation */
3871 address_item *addrlist) /* addresses we are working on */
3872{
3873int cutoff_retry;
a843a57e 3874int defport;
0756eb3c
PH		 3875int hosts_defer = 0;
3876int hosts_fail = 0;
3877int hosts_looked_up = 0;
3878int hosts_retry = 0;
3879int hosts_serial = 0;
3880int hosts_total = 0;
8e669ac1 3881int total_hosts_tried = 0;
0756eb3c
PH		 3882address_item *addr;
3883BOOL expired = TRUE;
0756eb3c
PH		 3884uschar *expanded_hosts = NULL;
3885uschar *pistring;
3886uschar *tid = string_sprintf("%s transport", tblock->name);
3887smtp_transport_options_block *ob =
3888 (smtp_transport_options_block *)(tblock->options_block);
3889host_item *hostlist = addrlist->host_list;
f8ea1886 3890host_item *host;
0756eb3c
PH		 3891
3892DEBUG(D_transport)
3893 {
3894 debug_printf("%s transport entered\n", tblock->name);
7b4c8c1f 3895 for (addr = addrlist; addr; addr = addr->next)
0756eb3c 3896 debug_printf(" %s\n", addr->address);
7b4c8c1f
JH		 3897 if (hostlist)
3898 {
3899 debug_printf("hostlist:\n");
3900 for (host = hostlist; host; host = host->next)
f8ea1886 3901 debug_printf(" '%s' IP %s port %d\n", host->name, host->address, host->port);
7b4c8c1f 3902 }
57cc2785
JH		 3903 if (continue_hostname)
3904 debug_printf("already connected to %s [%s] (on fd %d)\n",
3905 continue_hostname, continue_host_address,
74f1a423 3906 cutthrough.cctx.sock >= 0 ? cutthrough.cctx.sock : 0);
0756eb3c
PH		 3907 }
3908
f6c332bd
PH		 3909/* Set the flag requesting that these hosts be added to the waiting
3910database if the delivery fails temporarily or if we are running with
3911queue_smtp or a 2-stage queue run. This gets unset for certain
3912kinds of error, typically those that are specific to the message. */
3913
3914update_waiting = TRUE;
3915
0756eb3c
PH		 3916/* If a host list is not defined for the addresses - they must all have the
3917same one in order to be passed to a single transport - or if the transport has
3918a host list with hosts_override set, use the host list supplied with the
3919transport. It is an error for this not to exist. */
3920
8ac90765
JH		 3921#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS)
3922if (tls_requiretls & REQUIRETLS_MSG)
3923 ob->tls_tempfail_tryclear = FALSE; /*XXX surely we should have a local for this
3924 rather than modifying the transport? */
3925#endif
3926
7b4c8c1f 3927if (!hostlist || (ob->hosts_override && ob->hosts))
0756eb3c 3928 {
7b4c8c1f 3929 if (!ob->hosts)
0756eb3c
PH		 3930 {
3931 addrlist->message = string_sprintf("%s transport called with no hosts set",
3932 tblock->name);
3933 addrlist->transport_return = PANIC;
3934 return FALSE; /* Only top address has status */
3935 }
3936
3937 DEBUG(D_transport) debug_printf("using the transport's hosts: %s\n",
3938 ob->hosts);
3939
3940 /* If the transport's host list contains no '$' characters, and we are not
3941 randomizing, it is fixed and therefore a chain of hosts can be built once
3942 and for all, and remembered for subsequent use by other calls to this
3943 transport. If, on the other hand, the host list does contain '$', or we are
3944 randomizing its order, we have to rebuild it each time. In the fixed case,
3945 as the hosts string will never be used again, it doesn't matter that we
3946 replace all the : characters with zeros. */
3947
7b4c8c1f 3948 if (!ob->hostlist)
0756eb3c
PH		 3949 {
3950 uschar *s = ob->hosts;
3951
3952 if (Ustrchr(s, '$') != NULL)
3953 {
d427a7f9 3954 if (!(expanded_hosts = expand_string(s)))
0756eb3c
PH		 3955 {
3956 addrlist->message = string_sprintf("failed to expand list of hosts "
3957 "\"%s\" in %s transport: %s", s, tblock->name, expand_string_message);
7b4c8c1f 3958 addrlist->transport_return = search_find_defer ? DEFER : PANIC;
0756eb3c
PH		 3959 return FALSE; /* Only top address has status */
3960 }
3961 DEBUG(D_transport) debug_printf("expanded list of hosts \"%s\" to "
3962 "\"%s\"\n", s, expanded_hosts);
3963 s = expanded_hosts;
3964 }
3965 else
3966 if (ob->hosts_randomize) s = expanded_hosts = string_copy(s);
3967
3968 host_build_hostlist(&hostlist, s, ob->hosts_randomize);
3969
e276e04b 3970 /* Check that the expansion yielded something useful. */
7b4c8c1f 3971 if (!hostlist)
e276e04b
TF		 3972 {
3973 addrlist->message =
3974 string_sprintf("%s transport has empty hosts setting", tblock->name);
3975 addrlist->transport_return = PANIC;
3976 return FALSE; /* Only top address has status */
3977 }
3978
0756eb3c
PH		 3979 /* If there was no expansion of hosts, save the host list for
3980 next time. */
3981
d427a7f9 3982 if (!expanded_hosts) ob->hostlist = hostlist;
0756eb3c
PH		 3983 }
3984
3985 /* This is not the first time this transport has been run in this delivery;
3986 the host list was built previously. */
3987
55414b25
JH		 3988 else
3989 hostlist = ob->hostlist;
0756eb3c
PH		 3990 }
3991
3992/* The host list was supplied with the address. If hosts_randomize is set, we
3993must sort it into a random order if it did not come from MX records and has not
3994already been randomized (but don't bother if continuing down an existing
3995connection). */
3996
7b4c8c1f 3997else if (ob->hosts_randomize && hostlist->mx == MX_NONE && !continue_hostname)
0756eb3c
PH		 3998 {
3999 host_item *newlist = NULL;
7b4c8c1f 4000 while (hostlist)
0756eb3c
PH		 4001 {
4002 host_item *h = hostlist;
4003 hostlist = hostlist->next;
4004
4005 h->sort_key = random_number(100);
4006
7b4c8c1f 4007 if (!newlist)
0756eb3c
PH		 4008 {
4009 h->next = NULL;
4010 newlist = h;
4011 }
4012 else if (h->sort_key < newlist->sort_key)
4013 {
4014 h->next = newlist;
4015 newlist = h;
4016 }
4017 else
4018 {
4019 host_item *hh = newlist;
7b4c8c1f 4020 while (hh->next)
0756eb3c
PH		 4021 {
4022 if (h->sort_key < hh->next->sort_key) break;
4023 hh = hh->next;
4024 }
4025 h->next = hh->next;
4026 hh->next = h;
4027 }
4028 }
4029
4030 hostlist = addrlist->host_list = newlist;
4031 }
4032
2d280592 4033/* Sort out the default port. */
0756eb3c 4034
a843a57e 4035if (!smtp_get_port(ob->port, addrlist, &defport, tid)) return FALSE;
0756eb3c 4036
0756eb3c
PH		 4037/* For each host-plus-IP-address on the list:
4038
4039. If this is a continued delivery and the host isn't the one with the
4040 current connection, skip.
4041
4042. If the status is unusable (i.e. previously failed or retry checked), skip.
4043
4044. If no IP address set, get the address, either by turning the name into
4045 an address, calling gethostbyname if gethostbyname is on, or by calling
4046 the DNS. The DNS may yield multiple addresses, in which case insert the
4047 extra ones into the list.
4048
4049. Get the retry data if not previously obtained for this address and set the
4050 field which remembers the state of this address. Skip if the retry time is
4051 not reached. If not, remember whether retry data was found. The retry string
4052 contains both the name and the IP address.
4053
4054. Scan the list of addresses and mark those whose status is DEFER as
4055 PENDING_DEFER. These are the only ones that will be processed in this cycle
4056 of the hosts loop.
4057
4058. Make a delivery attempt - addresses marked PENDING_DEFER will be tried.
4059 Some addresses may be successfully delivered, others may fail, and yet
4060 others may get temporary errors and so get marked DEFER.
4061
4062. The return from the delivery attempt is OK if a connection was made and a
4063 valid SMTP dialogue was completed. Otherwise it is DEFER.
4064
4065. If OK, add a "remove" retry item for this host/IPaddress, if any.
4066
4067. If fail to connect, or other defer state, add a retry item.
4068
4069. If there are any addresses whose status is still DEFER, carry on to the
4070 next host/IPaddress, unless we have tried the number of hosts given
533244af 4071 by hosts_max_try or hosts_max_try_hardlimit; otherwise return. Note that
8e669ac1
PH		 4072 there is some fancy logic for hosts_max_try that means its limit can be
4073 overstepped in some circumstances.
0756eb3c
PH		 4074
4075If we get to the end of the list, all hosts have deferred at least one address,
4076or not reached their retry times. If delay_after_cutoff is unset, it requests a
4077delivery attempt to those hosts whose last try was before the arrival time of
4078the current message. To cope with this, we have to go round the loop a second
4079time. After that, set the status and error data for any addresses that haven't
4080had it set already. */
4081
7b4c8c1f
JH		 4082for (cutoff_retry = 0;
4083 expired && cutoff_retry < (ob->delay_after_cutoff ? 1 : 2);
0756eb3c
PH		 4084 cutoff_retry++)
4085 {
4086 host_item *nexthost = NULL;
4087 int unexpired_hosts_tried = 0;
2577f55f 4088 BOOL continue_host_tried = FALSE;
0756eb3c 4089
2577f55f 4090retry_non_continued:
0756eb3c 4091 for (host = hostlist;
7b4c8c1f
JH		 4092 host
4093 && unexpired_hosts_tried < ob->hosts_max_try
4094 && total_hosts_tried < ob->hosts_max_try_hardlimit;
0756eb3c
PH		 4095 host = nexthost)
4096 {
4097 int rc;
4098 int host_af;
4099 uschar *rs;
0756eb3c
PH		 4100 BOOL host_is_expired = FALSE;
4101 BOOL message_defer = FALSE;
0756eb3c
PH		 4102 BOOL some_deferred = FALSE;
4103 address_item *first_addr = NULL;
4104 uschar *interface = NULL;
4105 uschar *retry_host_key = NULL;
4106 uschar *retry_message_key = NULL;
4107 uschar *serialize_key = NULL;
4108
9c4e8f60
PH		 4109 /* Default next host is next host. :-) But this can vary if the
4110 hosts_max_try limit is hit (see below). It may also be reset if a host
4111 address is looked up here (in case the host was multihomed). */
4112
4113 nexthost = host->next;
4114
0756eb3c
PH		 4115 /* If the address hasn't yet been obtained from the host name, look it up
4116 now, unless the host is already marked as unusable. If it is marked as
4117 unusable, it means that the router was unable to find its IP address (in
4118 the DNS or wherever) OR we are in the 2nd time round the cutoff loop, and
4119 the lookup failed last time. We don't get this far if *all* MX records
4120 point to non-existent hosts; that is treated as a hard error.
4121
4122 We can just skip this host entirely. When the hosts came from the router,
4123 the address will timeout based on the other host(s); when the address is
4124 looked up below, there is an explicit retry record added.
4125
4126 Note that we mustn't skip unusable hosts if the address is not unset; they
4127 may be needed as expired hosts on the 2nd time round the cutoff loop. */
4128
7b4c8c1f 4129 if (!host->address)
0756eb3c 4130 {
322050c2 4131 int new_port, flags;
7cd1141b 4132 host_item *hh;
0756eb3c
PH		 4133
4134 if (host->status >= hstatus_unusable)
4135 {
4136 DEBUG(D_transport) debug_printf("%s has no address and is unusable - skipping\n",
4137 host->name);
4138 continue;
4139 }
4140
4141 DEBUG(D_transport) debug_printf("getting address for %s\n", host->name);
4142
7cd1141b
PH		 4143 /* The host name is permitted to have an attached port. Find it, and
4144 strip it from the name. Just remember it for now. */
4145
4146 new_port = host_item_get_port(host);
4147
4148 /* Count hosts looked up */
4149
0756eb3c
PH		 4150 hosts_looked_up++;
4151
4152 /* Find by name if so configured, or if it's an IP address. We don't
4153 just copy the IP address, because we need the test-for-local to happen. */
4154
66387a73 4155 flags = HOST_FIND_BY_A | HOST_FIND_BY_AAAA;
322050c2
PH		 4156 if (ob->dns_qualify_single) flags |= HOST_FIND_QUALIFY_SINGLE;
4157 if (ob->dns_search_parents) flags |= HOST_FIND_SEARCH_PARENTS;
4158
7e66e54d 4159 if (ob->gethostbyname || string_is_ip_address(host->name, NULL) != 0)
55414b25 4160 rc = host_find_byname(host, NULL, flags, NULL, TRUE);
0756eb3c 4161 else
0756eb3c 4162 rc = host_find_bydns(host, NULL, flags, NULL, NULL, NULL,
7cd171b7 4163 &ob->dnssec, /* domains for request/require */
55414b25 4164 NULL, NULL);
0756eb3c 4165
7cd1141b
PH		 4166 /* Update the host (and any additional blocks, resulting from
4167 multihoming) with a host-specific port, if any. */
4168
4169 for (hh = host; hh != nexthost; hh = hh->next) hh->port = new_port;
4170
0756eb3c
PH		 4171 /* Failure to find the host at this time (usually DNS temporary failure)
4172 is really a kind of routing failure rather than a transport failure.
4173 Therefore we add a retry item of the routing kind, not to stop us trying
4174 to look this name up here again, but to ensure the address gets timed
4175 out if the failures go on long enough. A complete failure at this point
4176 commonly points to a configuration error, but the best action is still
4177 to carry on for the next host. */
4178
2546388c 4179 if (rc == HOST_FIND_AGAIN || rc == HOST_FIND_SECURITY || rc == HOST_FIND_FAILED)
0756eb3c
PH		 4180 {
4181 retry_add_item(addrlist, string_sprintf("R:%s", host->name), 0);
4182 expired = FALSE;
4183 if (rc == HOST_FIND_AGAIN) hosts_defer++; else hosts_fail++;
4184 DEBUG(D_transport) debug_printf("rc = %s for %s\n", (rc == HOST_FIND_AGAIN)?
4185 "HOST_FIND_AGAIN" : "HOST_FIND_FAILED", host->name);
4186 host->status = hstatus_unusable;
4187
7b4c8c1f 4188 for (addr = addrlist; addr; addr = addr->next)
0756eb3c
PH		 4189 {
4190 if (addr->transport_return != DEFER) continue;
4191 addr->basic_errno = ERRNO_UNKNOWNHOST;
2546388c
JH		 4192 addr->message = string_sprintf(
4193 rc == HOST_FIND_SECURITY
4194 ? "lookup of IP address for %s was insecure"
4195 : "failed to lookup IP address for %s",
4196 host->name);
0756eb3c
PH		 4197 }
4198 continue;
4199 }
4200
4201 /* If the host is actually the local host, we may have a problem, or
4202 there may be some cunning configuration going on. In the problem case,
4203 log things and give up. The default transport status is already DEFER. */
4204
4205 if (rc == HOST_FOUND_LOCAL && !ob->allow_localhost)
4206 {
7b4c8c1f 4207 for (addr = addrlist; addr; addr = addr->next)
0756eb3c
PH		 4208 {
4209 addr->basic_errno = 0;
4210 addr->message = string_sprintf("%s transport found host %s to be "
4211 "local", tblock->name, host->name);
4212 }
4213 goto END_TRANSPORT;
4214 }
4215 } /* End of block for IP address lookup */
4216
4217 /* If this is a continued delivery, we are interested only in the host
4218 which matches the name of the existing open channel. The check is put
4219 here after the local host lookup, in case the name gets expanded as a
4220 result of the lookup. Set expired FALSE, to save the outer loop executing
4221 twice. */
4222
2577f55f
JH		 4223 if (continue_hostname)
4224 if ( Ustrcmp(continue_hostname, host->name) != 0
4225 || Ustrcmp(continue_host_address, host->address) != 0
4226 )
4227 {
4228 expired = FALSE;
4229 continue; /* With next host */
4230 }
4231 else
4232 continue_host_tried = TRUE;
0756eb3c 4233
9c4e8f60
PH		 4234 /* Reset the default next host in case a multihomed host whose addresses
4235 are not looked up till just above added to the host list. */
83364d30
PH		 4236
4237 nexthost = host->next;
4238
0756eb3c
PH		 4239 /* If queue_smtp is set (-odqs or the first part of a 2-stage run), or the
4240 domain is in queue_smtp_domains, we don't actually want to attempt any
4241 deliveries. When doing a queue run, queue_smtp_domains is always unset. If
4242 there is a lookup defer in queue_smtp_domains, proceed as if the domain
4243 were not in it. We don't want to hold up all SMTP deliveries! Except when
4244 doing a two-stage queue run, don't do this if forcing. */
4245
4246 if ((!deliver_force || queue_2stage) && (queue_smtp ||
55414b25
JH		 4247 match_isinlist(addrlist->domain,
4248 (const uschar **)&queue_smtp_domains, 0,
cf39cf57 4249 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK))
0756eb3c
PH		 4250 {
4251 expired = FALSE;
7b4c8c1f
JH		 4252 for (addr = addrlist; addr; addr = addr->next)
4253 if (addr->transport_return == DEFER)
4254 addr->message = US"domain matches queue_smtp_domains, or -odqs set";
0756eb3c
PH		 4255 continue; /* With next host */
4256 }
4257
4258 /* Count hosts being considered - purely for an intelligent comment
4259 if none are usable. */
4260
4261 hosts_total++;
4262
4263 /* Set $host and $host address now in case they are needed for the
4264 interface expansion or the serialize_hosts check; they remain set if an
4265 actual delivery happens. */
4266
4267 deliver_host = host->name;
4268 deliver_host_address = host->address;
783b385f
JH		 4269 lookup_dnssec_authenticated = host->dnssec == DS_YES ? US"yes"
4270 : host->dnssec == DS_NO ? US"no"
4271 : US"";
0756eb3c 4272
7cd1141b
PH		 4273 /* Set up a string for adding to the retry key if the port number is not
4274 the standard SMTP port. A host may have its own port setting that overrides
4275 the default. */
4276
7b4c8c1f 4277 pistring = string_sprintf(":%d", host->port == PORT_NONE
a843a57e 4278 ? defport : host->port);
7cd1141b
PH		 4279 if (Ustrcmp(pistring, ":25") == 0) pistring = US"";
4280
0756eb3c 4281 /* Select IPv4 or IPv6, and choose an outgoing interface. If the interface
6f6dedcc
JH		 4282 string is set, even if constant (as different transports can have different
4283 constant settings), we must add it to the key that is used for retries,
4284 because connections to the same host from a different interface should be
4285 treated separately. */
0756eb3c 4286
7b4c8c1f 4287 host_af = Ustrchr(host->address, ':') == NULL ? AF_INET : AF_INET6;
6f6dedcc
JH		 4288 if ((rs = ob->interface) && *rs)
4289 {
4290 if (!smtp_get_interface(rs, host_af, addrlist, &interface, tid))
4291 return FALSE;
4292 pistring = string_sprintf("%s/%s", pistring, interface);
4293 }
0756eb3c
PH		 4294
4295 /* The first time round the outer loop, check the status of the host by
4296 inspecting the retry data. The second time round, we are interested only
4297 in expired hosts that haven't been tried since this message arrived. */
4298
4299 if (cutoff_retry == 0)
4300 {
9c695f6d 4301 BOOL incl_ip;
0756eb3c 4302 /* Ensure the status of the address is set by checking retry data if
9c695f6d 4303 necessary. There may be host-specific retry data (applicable to all
0756eb3c
PH		 4304 messages) and also data for retries of a specific message at this host.
4305 If either of these retry records are actually read, the keys used are
4306 returned to save recomputing them later. */
4307
9c695f6d
JH		 4308 if (exp_bool(addrlist, US"transport", tblock->name, D_transport,
4309 US"retry_include_ip_address", ob->retry_include_ip_address,
4310 ob->expand_retry_include_ip_address, &incl_ip) != OK)
4311 continue; /* with next host */
4312
0756eb3c 4313 host_is_expired = retry_check_address(addrlist->domain, host, pistring,
9c695f6d 4314 incl_ip, &retry_host_key, &retry_message_key);
0756eb3c 4315
875512a3 4316 DEBUG(D_transport) debug_printf("%s [%s]%s retry-status = %s\n", host->name,
0756eb3c
PH		 4317 (host->address == NULL)? US"" : host->address, pistring,
4318 (host->status == hstatus_usable)? "usable" :
4319 (host->status == hstatus_unusable)? "unusable" :
4320 (host->status == hstatus_unusable_expired)? "unusable (expired)" : "?");
4321
4322 /* Skip this address if not usable at this time, noting if it wasn't
4323 actually expired, both locally and in the address. */
4324
4325 switch (host->status)
4326 {
4327 case hstatus_unusable:
7b4c8c1f
JH		 4328 expired = FALSE;
4329 setflag(addrlist, af_retry_skipped);
4330 /* Fall through */
0756eb3c
PH		 4331
4332 case hstatus_unusable_expired:
7b4c8c1f
JH		 4333 switch (host->why)
4334 {
4335 case hwhy_retry: hosts_retry++; break;
4336 case hwhy_failed: hosts_fail++; break;
2546388c 4337 case hwhy_insecure:
7b4c8c1f
JH		 4338 case hwhy_deferred: hosts_defer++; break;
4339 }
4340
4341 /* If there was a retry message key, implying that previously there
4342 was a message-specific defer, we don't want to update the list of
4343 messages waiting for these hosts. */
4344
4345 if (retry_message_key) update_waiting = FALSE;
4346 continue; /* With the next host or IP address */
0756eb3c
PH		 4347 }
4348 }
4349
4350 /* Second time round the loop: if the address is set but expired, and
4351 the message is newer than the last try, let it through. */
4352
4353 else
4354 {
7b4c8c1f
JH		 4355 if ( !host->address
4356 || host->status != hstatus_unusable_expired
32dfdf8b 4357 || host->last_try > received_time.tv_sec)
0756eb3c 4358 continue;
7b4c8c1f 4359 DEBUG(D_transport) debug_printf("trying expired host %s [%s]%s\n",
0756eb3c
PH		 4360 host->name, host->address, pistring);
4361 host_is_expired = TRUE;
4362 }
4363
4364 /* Setting "expired=FALSE" doesn't actually mean not all hosts are expired;
4365 it remains TRUE only if all hosts are expired and none are actually tried.
4366 */
4367
4368 expired = FALSE;
4369
4370 /* If this host is listed as one to which access must be serialized,
4371 see if another Exim process has a connection to it, and if so, skip
4372 this host. If not, update the database to record our connection to it
4373 and remember this for later deletion. Do not do any of this if we are
4374 sending the message down a pre-existing connection. */
4375
7b4c8c1f
JH		 4376 if ( !continue_hostname
4377 && verify_check_given_host(&ob->serialize_hosts, host) == OK)
0756eb3c
PH		 4378 {
4379 serialize_key = string_sprintf("host-serialize-%s", host->name);
e8ae7214 4380 if (!enq_start(serialize_key, 1))
0756eb3c
PH		 4381 {
4382 DEBUG(D_transport)
4383 debug_printf("skipping host %s because another Exim process "
4384 "is connected to it\n", host->name);
4385 hosts_serial++;
4386 continue;
4387 }
0756eb3c
PH		 4388 }
4389
4390 /* OK, we have an IP address that is not waiting for its retry time to
4391 arrive (it might be expired) OR (second time round the loop) we have an
4392 expired host that hasn't been tried since the message arrived. Have a go
4393 at delivering the message to it. First prepare the addresses by flushing
4394 out the result of previous attempts, and finding the first address that
4395 is still to be delivered. */
4396
4397 first_addr = prepare_addresses(addrlist, host);
4398
4399 DEBUG(D_transport) debug_printf("delivering %s to %s [%s] (%s%s)\n",
4400 message_id, host->name, host->address, addrlist->address,
7b4c8c1f 4401 addrlist->next ? ", ..." : "");
0756eb3c
PH		 4402
4403 set_process_info("delivering %s to %s [%s] (%s%s)",
4404 message_id, host->name, host->address, addrlist->address,
7b4c8c1f 4405 addrlist->next ? ", ..." : "");
0756eb3c
PH		 4406
4407 /* This is not for real; don't do the delivery. If there are
4408 any remaining hosts, list them. */
4409
4410 if (dont_deliver)
4411 {
4412 host_item *host2;
895fbaf2 4413 set_errno_nohost(addrlist, 0, NULL, OK, FALSE);
7b4c8c1f 4414 for (addr = addrlist; addr; addr = addr->next)
0756eb3c
PH		 4415 {
4416 addr->host_used = host;
4417 addr->special_action = '*';
4418 addr->message = US"delivery bypassed by -N option";
4419 }
4420 DEBUG(D_transport)
4421 {
4422 debug_printf("*** delivery by %s transport bypassed by -N option\n"
4423 "*** host and remaining hosts:\n", tblock->name);
7b4c8c1f 4424 for (host2 = host; host2; host2 = host2->next)
0756eb3c 4425 debug_printf(" %s [%s]\n", host2->name,
7b4c8c1f 4426 host2->address ? host2->address : US"unset");
0756eb3c
PH		 4427 }
4428 rc = OK;
4429 }
4430
4431 /* This is for real. If the host is expired, we don't count it for
4432 hosts_max_retry. This ensures that all hosts must expire before an address
8e669ac1 4433 is timed out, unless hosts_max_try_hardlimit (which protects against
533244af 4434 lunatic DNS configurations) is reached.
8e669ac1 4435
533244af
PH		 4436 If the host is not expired and we are about to hit the hosts_max_retry
4437 limit, check to see if there is a subsequent hosts with a different MX
4438 value. If so, make that the next host, and don't count this one. This is a
4439 heuristic to make sure that different MXs do get tried. With a normal kind
4440 of retry rule, they would get tried anyway when the earlier hosts were
4441 delayed, but if the domain has a "retry every time" type of rule - as is
4442 often used for the the very large ISPs, that won't happen. */
0756eb3c
PH		 4443
4444 else
4445 {
d427a7f9
JH		 4446 host_item * thost;
4447 /* Make a copy of the host if it is local to this invocation
4448 of the transport. */
4449
4450 if (expanded_hosts)
4451 {
4452 thost = store_get(sizeof(host_item));
4453 *thost = *host;
4454 thost->name = string_copy(host->name);
4455 thost->address = string_copy(host->address);
4456 }
4457 else
4458 thost = host;
4459
0756eb3c
PH		 4460 if (!host_is_expired && ++unexpired_hosts_tried >= ob->hosts_max_try)
4461 {
4462 host_item *h;
4463 DEBUG(D_transport)
4464 debug_printf("hosts_max_try limit reached with this host\n");
1a47b633
JH		 4465 for (h = host; h; h = h->next) if (h->mx != host->mx)
4466 {
4467 nexthost = h;
4468 unexpired_hosts_tried--;
4469 DEBUG(D_transport) debug_printf("however, a higher MX host exists "
4470 "and will be tried\n");
4471 break;
4472 }
0756eb3c
PH		 4473 }
4474
4475 /* Attempt the delivery. */
4476
533244af 4477 total_hosts_tried++;
a843a57e 4478 rc = smtp_deliver(addrlist, thost, host_af, defport, interface, tblock,
d427a7f9 4479 &message_defer, FALSE);
0756eb3c
PH		 4480
4481 /* Yield is one of:
4482 OK => connection made, each address contains its result;
4483 message_defer is set for message-specific defers (when all
4484 recipients are marked defer)
4485 DEFER => there was a non-message-specific delivery problem;
4486 ERROR => there was a problem setting up the arguments for a filter,
4487 or there was a problem with expanding added headers
4488 */
4489
4490 /* If the result is not OK, there was a non-message-specific problem.
4491 If the result is DEFER, we need to write to the logs saying what happened
4492 for this particular host, except in the case of authentication and TLS
4493 failures, where the log has already been written. If all hosts defer a
4494 general message is written at the end. */
4495
7b4c8c1f
JH		 4496 if (rc == DEFER && first_addr->basic_errno != ERRNO_AUTHFAIL
4497 && first_addr->basic_errno != ERRNO_TLSFAILURE)
ec62d0a9 4498 write_logs(host, first_addr->message, first_addr->basic_errno);
0756eb3c 4499
0cbf2b82 4500#ifndef DISABLE_EVENT
d68218c7 4501 if (rc == DEFER)
774ef2d7 4502 deferred_event_raise(first_addr, host);
a7538db1 4503#endif
d68218c7 4504
0756eb3c
PH		 4505 /* If STARTTLS was accepted, but there was a failure in setting up the
4506 TLS session (usually a certificate screwup), and the host is not in
4507 hosts_require_tls, and tls_tempfail_tryclear is true, try again, with
4508 TLS forcibly turned off. We have to start from scratch with a new SMTP
4509 connection. That's why the retry is done from here, not from within
4510 smtp_deliver(). [Rejections of STARTTLS itself don't screw up the
4511 session, so the in-clear transmission after those errors, if permitted,
4512 happens inside smtp_deliver().] */
4513
a7538db1 4514#ifdef SUPPORT_TLS
7a31d643
JH		 4515 if ( rc == DEFER
4516 && first_addr->basic_errno == ERRNO_TLSFAILURE
4517 && ob->tls_tempfail_tryclear
5130845b 4518 && verify_check_given_host(&ob->hosts_require_tls, host) != OK
7a31d643 4519 )
0756eb3c 4520 {
cf0c6164
JH		 4521 log_write(0, LOG_MAIN,
4522 "%s: delivering unencrypted to H=%s [%s] (not in hosts_require_tls)",
4523 first_addr->message, host->name, host->address);
0756eb3c 4524 first_addr = prepare_addresses(addrlist, host);
a843a57e 4525 rc = smtp_deliver(addrlist, thost, host_af, defport, interface, tblock,
d427a7f9 4526 &message_defer, TRUE);
0756eb3c 4527 if (rc == DEFER && first_addr->basic_errno != ERRNO_AUTHFAIL)
ec62d0a9 4528 write_logs(host, first_addr->message, first_addr->basic_errno);
0cbf2b82 4529# ifndef DISABLE_EVENT
d68218c7 4530 if (rc == DEFER)
774ef2d7 4531 deferred_event_raise(first_addr, host);
a7538db1 4532# endif
0756eb3c 4533 }
a1bccd48 4534#endif /*SUPPORT_TLS*/
0756eb3c
PH		 4535 }
4536
4537 /* Delivery attempt finished */
4538
7b4c8c1f
JH		 4539 rs = rc == OK ? US"OK"
4540 : rc == DEFER ? US"DEFER"
4541 : rc == ERROR ? US"ERROR"
4542 : US"?";
0756eb3c
PH		 4543
4544 set_process_info("delivering %s: just tried %s [%s] for %s%s: result %s",
4545 message_id, host->name, host->address, addrlist->address,
7b4c8c1f 4546 addrlist->next ? " (& others)" : "", rs);
0756eb3c
PH		 4547
4548 /* Release serialization if set up */
4549
7b4c8c1f 4550 if (serialize_key) enq_end(serialize_key);
0756eb3c
PH		 4551
4552 /* If the result is DEFER, or if a host retry record is known to exist, we
4553 need to add an item to the retry chain for updating the retry database
4554 at the end of delivery. We only need to add the item to the top address,
4555 of course. Also, if DEFER, we mark the IP address unusable so as to skip it
4556 for any other delivery attempts using the same address. (It is copied into
4557 the unusable tree at the outer level, so even if different address blocks
4558 contain the same address, it still won't get tried again.) */
4559
7b4c8c1f 4560 if (rc == DEFER || retry_host_key)
0756eb3c 4561 {
7b4c8c1f
JH		 4562 int delete_flag = rc != DEFER ? rf_delete : 0;
4563 if (!retry_host_key)
0756eb3c 4564 {
9c695f6d
JH		 4565 BOOL incl_ip;
4566 if (exp_bool(addrlist, US"transport", tblock->name, D_transport,
4567 US"retry_include_ip_address", ob->retry_include_ip_address,
4568 ob->expand_retry_include_ip_address, &incl_ip) != OK)
4569 incl_ip = TRUE; /* error; use most-specific retry record */
4570
7b4c8c1f
JH		 4571 retry_host_key = incl_ip
4572 ? string_sprintf("T:%S:%s%s", host->name, host->address, pistring)
4573 : string_sprintf("T:%S%s", host->name, pistring);
0756eb3c
PH		 4574 }
4575
4576 /* If a delivery of another message over an existing SMTP connection
4577 yields DEFER, we do NOT set up retry data for the host. This covers the
4578 case when there are delays in routing the addresses in the second message
4579 that are so long that the server times out. This is alleviated by not
4580 routing addresses that previously had routing defers when handling an
4581 existing connection, but even so, this case may occur (e.g. if a
4582 previously happily routed address starts giving routing defers). If the
4583 host is genuinely down, another non-continued message delivery will
4584 notice it soon enough. */
4585
7b4c8c1f 4586 if (delete_flag != 0 || !continue_hostname)
0756eb3c
PH		 4587 retry_add_item(first_addr, retry_host_key, rf_host | delete_flag);
4588
4589 /* We may have tried an expired host, if its retry time has come; ensure
4590 the status reflects the expiry for the benefit of any other addresses. */
4591
4592 if (rc == DEFER)
4593 {
7b4c8c1f
JH		 4594 host->status = host_is_expired
4595 ? hstatus_unusable_expired : hstatus_unusable;
0756eb3c
PH		 4596 host->why = hwhy_deferred;
4597 }
4598 }
4599
4600 /* If message_defer is set (host was OK, but every recipient got deferred
4601 because of some message-specific problem), or if that had happened
4602 previously so that a message retry key exists, add an appropriate item
4603 to the retry chain. Note that if there was a message defer but now there is
4604 a host defer, the message defer record gets deleted. That seems perfectly
4605 reasonable. Also, stop the message from being remembered as waiting
f6c332bd 4606 for specific hosts. */
0756eb3c 4607
7b4c8c1f 4608 if (message_defer || retry_message_key)
0756eb3c 4609 {
7b4c8c1f
JH		 4610 int delete_flag = message_defer ? 0 : rf_delete;
4611 if (!retry_message_key)
0756eb3c 4612 {
9c695f6d
JH		 4613 BOOL incl_ip;
4614 if (exp_bool(addrlist, US"transport", tblock->name, D_transport,
4615 US"retry_include_ip_address", ob->retry_include_ip_address,
4616 ob->expand_retry_include_ip_address, &incl_ip) != OK)
4617 incl_ip = TRUE; /* error; use most-specific retry record */
4618
7b4c8c1f
JH		 4619 retry_message_key = incl_ip
4620 ? string_sprintf("T:%S:%s%s:%s", host->name, host->address, pistring,
4621 message_id)
4622 : string_sprintf("T:%S%s:%s", host->name, pistring, message_id);
0756eb3c
PH		 4623 }
4624 retry_add_item(addrlist, retry_message_key,
4625 rf_message | rf_host | delete_flag);
f6c332bd 4626 update_waiting = FALSE;
0756eb3c
PH		 4627 }
4628
4629 /* Any return other than DEFER (that is, OK or ERROR) means that the
4630 addresses have got their final statuses filled in for this host. In the OK
4631 case, see if any of them are deferred. */
4632
4633 if (rc == OK)
4cea764f 4634 for (addr = addrlist; addr; addr = addr->next)
0756eb3c
PH		 4635 if (addr->transport_return == DEFER)
4636 {
4637 some_deferred = TRUE;
4638 break;
4639 }
0756eb3c
PH		 4640
4641 /* If no addresses deferred or the result was ERROR, return. We do this for
4642 ERROR because a failing filter set-up or add_headers expansion is likely to
4643 fail for any host we try. */
4644
4645 if (rc == ERROR || (rc == OK && !some_deferred))
4646 {
4647 DEBUG(D_transport) debug_printf("Leaving %s transport\n", tblock->name);
4648 return TRUE; /* Each address has its status */
4649 }
4650
4651 /* If the result was DEFER or some individual addresses deferred, let
4652 the loop run to try other hosts with the deferred addresses, except for the
4653 case when we were trying to deliver down an existing channel and failed.
4654 Don't try any other hosts in this case. */
4655
7b4c8c1f 4656 if (continue_hostname) break;
0756eb3c
PH		 4657
4658 /* If the whole delivery, or some individual addresses, were deferred and
4659 there are more hosts that could be tried, do not count this host towards
4660 the hosts_max_try limit if the age of the message is greater than the
4661 maximum retry time for this host. This means we may try try all hosts,
4662 ignoring the limit, when messages have been around for some time. This is
4663 important because if we don't try all hosts, the address will never time
533244af 4664 out. NOTE: this does not apply to hosts_max_try_hardlimit. */
0756eb3c 4665
7b4c8c1f 4666 if ((rc == DEFER || some_deferred) && nexthost)
0756eb3c
PH		 4667 {
4668 BOOL timedout;
4669 retry_config *retry = retry_find_config(host->name, NULL, 0, 0);
4670
7b4c8c1f 4671 if (retry && retry->rules)
0756eb3c
PH		 4672 {
4673 retry_rule *last_rule;
4674 for (last_rule = retry->rules;
7b4c8c1f 4675 last_rule->next;
0756eb3c 4676 last_rule = last_rule->next);
32dfdf8b 4677 timedout = time(NULL) - received_time.tv_sec > last_rule->timeout;
0756eb3c
PH		 4678 }
4679 else timedout = TRUE; /* No rule => timed out */
4680
4681 if (timedout)
4682 {
4683 unexpired_hosts_tried--;
4684 DEBUG(D_transport) debug_printf("temporary delivery error(s) override "
4685 "hosts_max_try (message older than host's retry time)\n");
4686 }
4687 }
4688 } /* End of loop for trying multiple hosts. */
4689
2577f55f
JH		 4690 /* If we failed to find a matching host in the list, for an already-open
4691 connection, just close it and start over with the list. This can happen
4692 for routing that changes from run to run, or big multi-IP sites with
4693 round-robin DNS. */
4694
4695 if (continue_hostname && !continue_host_tried)
4696 {
74f1a423 4697 int fd = cutthrough.cctx.sock >= 0 ? cutthrough.cctx.sock : 0;
2577f55f
JH		 4698
4699 DEBUG(D_transport) debug_printf("no hosts match already-open connection\n");
4700#ifdef SUPPORT_TLS
74f1a423
JH		 4701 /* A TLS conn could be open for a cutthrough, but not for a plain continued-
4702 transport */
4703/*XXX doublecheck that! */
4704
4705 if (cutthrough.cctx.sock >= 0 && cutthrough.is_tls)
2577f55f 4706 {
74f1a423
JH		 4707 (void) tls_write(cutthrough.cctx.tls_ctx, US"QUIT\r\n", 6, FALSE);
4708 tls_close(cutthrough.cctx.tls_ctx, TLS_SHUTDOWN_NOWAIT);
4709 cutthrough.cctx.tls_ctx = NULL;
4710 cutthrough.is_tls = FALSE;
2577f55f
JH		 4711 }
4712 else
4713#else
4714 (void) write(fd, US"QUIT\r\n", 6);
4715#endif
4716 (void) close(fd);
74f1a423 4717 cutthrough.cctx.sock = -1;
2577f55f
JH		 4718 continue_hostname = NULL;
4719 goto retry_non_continued;
4720 }
4721
0756eb3c
PH		 4722 /* This is the end of the loop that repeats iff expired is TRUE and
4723 ob->delay_after_cutoff is FALSE. The second time round we will
4724 try those hosts that haven't been tried since the message arrived. */
4725
4726 DEBUG(D_transport)
4727 {
4728 debug_printf("all IP addresses skipped or deferred at least one address\n");
4729 if (expired && !ob->delay_after_cutoff && cutoff_retry == 0)
4730 debug_printf("retrying IP addresses not tried since message arrived\n");
4731 }
4732 }
4733
4734
4735/* Get here if all IP addresses are skipped or defer at least one address. In
4736MUA wrapper mode, this will happen only for connection or other non-message-
4737specific failures. Force the delivery status for all addresses to FAIL. */
4738
4739if (mua_wrapper)
4740 {
7b4c8c1f 4741 for (addr = addrlist; addr; addr = addr->next)
0756eb3c
PH		 4742 addr->transport_return = FAIL;
4743 goto END_TRANSPORT;
4744 }
4745
4746/* In the normal, non-wrapper case, add a standard message to each deferred
4747address if there hasn't been an error, that is, if it hasn't actually been
4748tried this time. The variable "expired" will be FALSE if any deliveries were
4749actually tried, or if there was at least one host that was not expired. That
4750is, it is TRUE only if no deliveries were tried and all hosts were expired. If
4751a delivery has been tried, an error code will be set, and the failing of the
4752message is handled by the retry code later.
4753
4754If queue_smtp is set, or this transport was called to send a subsequent message
4755down an existing TCP/IP connection, and something caused the host not to be
4756found, we end up here, but can detect these cases and handle them specially. */
4757
c3f2eb9a 4758for (addr = addrlist; addr; addr = addr->next)
0756eb3c
PH		 4759 {
4760 /* If host is not NULL, it means that we stopped processing the host list
533244af
PH		 4761 because of hosts_max_try or hosts_max_try_hardlimit. In the former case, this
4762 means we need to behave as if some hosts were skipped because their retry
4763 time had not come. Specifically, this prevents the address from timing out.
8e669ac1 4764 However, if we have hit hosts_max_try_hardlimit, we want to behave as if all
533244af 4765 hosts were tried. */
0756eb3c 4766
c3f2eb9a 4767 if (host)
533244af
PH		 4768 if (total_hosts_tried >= ob->hosts_max_try_hardlimit)
4769 {
4770 DEBUG(D_transport)
4771 debug_printf("hosts_max_try_hardlimit reached: behave as if all "
4772 "hosts were tried\n");
4773 }
4774 else
8e669ac1 4775 {
533244af
PH		 4776 DEBUG(D_transport)
4777 debug_printf("hosts_max_try limit caused some hosts to be skipped\n");
4778 setflag(addr, af_retry_skipped);
8e669ac1 4779 }
0756eb3c
PH		 4780
4781 if (queue_smtp) /* no deliveries attempted */
4782 {
4783 addr->transport_return = DEFER;
4784 addr->basic_errno = 0;
4785 addr->message = US"SMTP delivery explicitly queued";
4786 }
4787
c3f2eb9a
JH		 4788 else if ( addr->transport_return == DEFER
4789 && (addr->basic_errno == ERRNO_UNKNOWNERROR || addr->basic_errno == 0)
4790 && !addr->message
4791 )
0756eb3c
PH		 4792 {
4793 addr->basic_errno = ERRNO_HRETRY;
c3f2eb9a 4794 if (continue_hostname)
0756eb3c 4795 addr->message = US"no host found for existing SMTP connection";
0756eb3c
PH		 4796 else if (expired)
4797 {
fffffe4c 4798 setflag(addr, af_pass_message); /* This is not a security risk */
c3f2eb9a
JH		 4799 addr->message = string_sprintf(
4800 "all hosts%s have been failing for a long time %s",
4801 addr->domain ? string_sprintf(" for '%s'", addr->domain) : US"",
4802 ob->delay_after_cutoff
4803 ? US"(and retry time not reached)"
4804 : US"and were last tried after this message arrived");
0756eb3c
PH		 4805
4806 /* If we are already using fallback hosts, or there are no fallback hosts
4807 defined, convert the result to FAIL to cause a bounce. */
4808
c3f2eb9a 4809 if (addr->host_list == addr->fallback_hosts || !addr->fallback_hosts)
0756eb3c
PH		 4810 addr->transport_return = FAIL;
4811 }
4812 else
4813 {
93a680e4 4814 const char * s;
0756eb3c 4815 if (hosts_retry == hosts_total)
93a680e4 4816 s = "retry time not reached for any host%s";
0756eb3c 4817 else if (hosts_fail == hosts_total)
93a680e4 4818 s = "all host address lookups%s failed permanently";
0756eb3c 4819 else if (hosts_defer == hosts_total)
93a680e4 4820 s = "all host address lookups%s failed temporarily";
0756eb3c 4821 else if (hosts_serial == hosts_total)
93a680e4 4822 s = "connection limit reached for all hosts%s";
0756eb3c 4823 else if (hosts_fail+hosts_defer == hosts_total)
93a680e4 4824 s = "all host address lookups%s failed";
3cf01803 4825 else
93a680e4 4826 s = "some host address lookups failed and retry time "
3cf01803
JH		 4827 "not reached for other hosts or connection limit reached%s";
4828
4829 addr->message = string_sprintf(s,
4830 addr->domain ? string_sprintf(" for '%s'", addr->domain) : US"");
0756eb3c
PH		 4831 }
4832 }
4833 }
4834
4835/* Update the database which keeps information about which messages are waiting
f6c332bd
PH		 4836for which hosts to become available. For some message-specific errors, the
4837update_waiting flag is turned off because we don't want follow-on deliveries in
ea722490 4838those cases. If this transport instance is explicitly limited to one message
8b260705
PP		 4839per connection then follow-on deliveries are not possible and there's no need
4840to create/update the per-transport wait-<transport_name> database. */
0756eb3c 4841
ea722490
JH		 4842if (update_waiting && tblock->connection_max_messages != 1)
4843 transport_update_waiting(hostlist, tblock->name);
0756eb3c
PH		 4844
4845END_TRANSPORT:
4846
4847DEBUG(D_transport) debug_printf("Leaving %s transport\n", tblock->name);
4848
4849return TRUE; /* Each address has its status */
4850}
4851
d185889f 4852#endif /*!MACRO_PREDEF*/
578897ea
JH		 4853/* vi: aw ai sw=2
4854*/
0756eb3c 4855/* End of transport/smtp.c */
Unnamed repository; edit this file 'description' to name the repository.