Fix build on systems having ipv6 but lacking an IPV6_TCLASS define (GNU Hurd). Bug...
[exim.git] / src / src / transports / smtp.c
CommitLineData
0756eb3c
PH
1/*************************************************
2* Exim - an Internet mail transport agent *
3*************************************************/
4
bc338899 5/* Copyright (c) University of Cambridge 1995 - 2013 */
0756eb3c
PH
6/* See the file NOTICE for conditions of use and distribution. */
7
8#include "../exim.h"
9#include "smtp.h"
10
11#define PENDING 256
12#define PENDING_DEFER (PENDING + DEFER)
13#define PENDING_OK (PENDING + OK)
14
15
16/* Options specific to the smtp transport. This transport also supports LMTP
17over TCP/IP. The options must be in alphabetic order (note that "_" comes
18before the lower case letters). Some live in the transport_instance block so as
19to be publicly visible; these are flagged with opt_public. */
20
21optionlist smtp_transport_options[] = {
48c7f9e2
PH
22 { "address_retry_include_sender", opt_bool,
23 (void *)offsetof(smtp_transport_options_block, address_retry_include_sender) },
0756eb3c
PH
24 { "allow_localhost", opt_bool,
25 (void *)offsetof(smtp_transport_options_block, allow_localhost) },
26 { "authenticated_sender", opt_stringptr,
27 (void *)offsetof(smtp_transport_options_block, authenticated_sender) },
382afc6b
PH
28 { "authenticated_sender_force", opt_bool,
29 (void *)offsetof(smtp_transport_options_block, authenticated_sender_force) },
0756eb3c
PH
30 { "command_timeout", opt_time,
31 (void *)offsetof(smtp_transport_options_block, command_timeout) },
32 { "connect_timeout", opt_time,
33 (void *)offsetof(smtp_transport_options_block, connect_timeout) },
34 { "connection_max_messages", opt_int | opt_public,
35 (void *)offsetof(transport_instance, connection_max_messages) },
36 { "data_timeout", opt_time,
37 (void *)offsetof(smtp_transport_options_block, data_timeout) },
38 { "delay_after_cutoff", opt_bool,
39 (void *)offsetof(smtp_transport_options_block, delay_after_cutoff) },
80a47a2c 40#ifndef DISABLE_DKIM
f7572e5a
TK
41 { "dkim_canon", opt_stringptr,
42 (void *)offsetof(smtp_transport_options_block, dkim_canon) },
43 { "dkim_domain", opt_stringptr,
44 (void *)offsetof(smtp_transport_options_block, dkim_domain) },
45 { "dkim_private_key", opt_stringptr,
46 (void *)offsetof(smtp_transport_options_block, dkim_private_key) },
47 { "dkim_selector", opt_stringptr,
48 (void *)offsetof(smtp_transport_options_block, dkim_selector) },
49 { "dkim_sign_headers", opt_stringptr,
50 (void *)offsetof(smtp_transport_options_block, dkim_sign_headers) },
51 { "dkim_strict", opt_stringptr,
52 (void *)offsetof(smtp_transport_options_block, dkim_strict) },
80a47a2c 53#endif
0756eb3c
PH
54 { "dns_qualify_single", opt_bool,
55 (void *)offsetof(smtp_transport_options_block, dns_qualify_single) },
56 { "dns_search_parents", opt_bool,
57 (void *)offsetof(smtp_transport_options_block, dns_search_parents) },
9e4f5962
PP
58 { "dscp", opt_stringptr,
59 (void *)offsetof(smtp_transport_options_block, dscp) },
0756eb3c
PH
60 { "fallback_hosts", opt_stringptr,
61 (void *)offsetof(smtp_transport_options_block, fallback_hosts) },
62 { "final_timeout", opt_time,
63 (void *)offsetof(smtp_transport_options_block, final_timeout) },
64 { "gethostbyname", opt_bool,
65 (void *)offsetof(smtp_transport_options_block, gethostbyname) },
80a47a2c 66#ifdef SUPPORT_TLS
b1770b6e 67 /* These are no longer honoured, as of Exim 4.80; for now, we silently
17c76198
PP
68 ignore; a later release will warn, and a later-still release will remove
69 these options, so that using them becomes an error. */
83da1223
PH
70 { "gnutls_require_kx", opt_stringptr,
71 (void *)offsetof(smtp_transport_options_block, gnutls_require_kx) },
72 { "gnutls_require_mac", opt_stringptr,
73 (void *)offsetof(smtp_transport_options_block, gnutls_require_mac) },
74 { "gnutls_require_protocols", opt_stringptr,
75 (void *)offsetof(smtp_transport_options_block, gnutls_require_proto) },
80a47a2c 76#endif
0756eb3c
PH
77 { "helo_data", opt_stringptr,
78 (void *)offsetof(smtp_transport_options_block, helo_data) },
79 { "hosts", opt_stringptr,
80 (void *)offsetof(smtp_transport_options_block, hosts) },
81 { "hosts_avoid_esmtp", opt_stringptr,
82 (void *)offsetof(smtp_transport_options_block, hosts_avoid_esmtp) },
c51b8e75
PH
83 { "hosts_avoid_pipelining", opt_stringptr,
84 (void *)offsetof(smtp_transport_options_block, hosts_avoid_pipelining) },
80a47a2c 85#ifdef SUPPORT_TLS
0756eb3c
PH
86 { "hosts_avoid_tls", opt_stringptr,
87 (void *)offsetof(smtp_transport_options_block, hosts_avoid_tls) },
80a47a2c 88#endif
0756eb3c
PH
89 { "hosts_max_try", opt_int,
90 (void *)offsetof(smtp_transport_options_block, hosts_max_try) },
533244af
PH
91 { "hosts_max_try_hardlimit", opt_int,
92 (void *)offsetof(smtp_transport_options_block, hosts_max_try_hardlimit) },
80a47a2c 93#ifdef SUPPORT_TLS
0756eb3c
PH
94 { "hosts_nopass_tls", opt_stringptr,
95 (void *)offsetof(smtp_transport_options_block, hosts_nopass_tls) },
80a47a2c 96#endif
0756eb3c
PH
97 { "hosts_override", opt_bool,
98 (void *)offsetof(smtp_transport_options_block, hosts_override) },
99 { "hosts_randomize", opt_bool,
100 (void *)offsetof(smtp_transport_options_block, hosts_randomize) },
101 { "hosts_require_auth", opt_stringptr,
102 (void *)offsetof(smtp_transport_options_block, hosts_require_auth) },
80a47a2c 103#ifdef SUPPORT_TLS
f5d78688
JH
104# if defined EXPERIMENTAL_OCSP
105 { "hosts_require_ocsp", opt_stringptr,
106 (void *)offsetof(smtp_transport_options_block, hosts_require_ocsp) },
107# endif
0756eb3c
PH
108 { "hosts_require_tls", opt_stringptr,
109 (void *)offsetof(smtp_transport_options_block, hosts_require_tls) },
80a47a2c 110#endif
0756eb3c
PH
111 { "hosts_try_auth", opt_stringptr,
112 (void *)offsetof(smtp_transport_options_block, hosts_try_auth) },
fd98a5c6
JH
113#ifdef EXPERIMENTAL_PRDR
114 { "hosts_try_prdr", opt_stringptr,
115 (void *)offsetof(smtp_transport_options_block, hosts_try_prdr) },
116#endif
99400968
JH
117#ifdef SUPPORT_TLS
118 { "hosts_verify_avoid_tls", opt_stringptr,
119 (void *)offsetof(smtp_transport_options_block, hosts_verify_avoid_tls) },
120#endif
0756eb3c
PH
121 { "interface", opt_stringptr,
122 (void *)offsetof(smtp_transport_options_block, interface) },
123 { "keepalive", opt_bool,
124 (void *)offsetof(smtp_transport_options_block, keepalive) },
f1513293
PH
125 { "lmtp_ignore_quota", opt_bool,
126 (void *)offsetof(smtp_transport_options_block, lmtp_ignore_quota) },
0756eb3c
PH
127 { "max_rcpt", opt_int | opt_public,
128 (void *)offsetof(transport_instance, max_addresses) },
129 { "multi_domain", opt_bool | opt_public,
130 (void *)offsetof(transport_instance, multi_domain) },
131 { "port", opt_stringptr,
132 (void *)offsetof(smtp_transport_options_block, port) },
133 { "protocol", opt_stringptr,
134 (void *)offsetof(smtp_transport_options_block, protocol) },
135 { "retry_include_ip_address", opt_bool,
136 (void *)offsetof(smtp_transport_options_block, retry_include_ip_address) },
137 { "serialize_hosts", opt_stringptr,
138 (void *)offsetof(smtp_transport_options_block, serialize_hosts) },
139 { "size_addition", opt_int,
140 (void *)offsetof(smtp_transport_options_block, size_addition) }
80a47a2c 141#ifdef SUPPORT_TLS
0756eb3c
PH
142 ,{ "tls_certificate", opt_stringptr,
143 (void *)offsetof(smtp_transport_options_block, tls_certificate) },
144 { "tls_crl", opt_stringptr,
145 (void *)offsetof(smtp_transport_options_block, tls_crl) },
54c90be1
PP
146 { "tls_dh_min_bits", opt_int,
147 (void *)offsetof(smtp_transport_options_block, tls_dh_min_bits) },
0756eb3c
PH
148 { "tls_privatekey", opt_stringptr,
149 (void *)offsetof(smtp_transport_options_block, tls_privatekey) },
3f0945ff 150 { "tls_require_ciphers", opt_stringptr,
0756eb3c 151 (void *)offsetof(smtp_transport_options_block, tls_require_ciphers) },
3f0945ff
PP
152 { "tls_sni", opt_stringptr,
153 (void *)offsetof(smtp_transport_options_block, tls_sni) },
0756eb3c
PH
154 { "tls_tempfail_tryclear", opt_bool,
155 (void *)offsetof(smtp_transport_options_block, tls_tempfail_tryclear) },
156 { "tls_verify_certificates", opt_stringptr,
157 (void *)offsetof(smtp_transport_options_block, tls_verify_certificates) }
80a47a2c 158#endif
d68218c7
JH
159#ifdef EXPERIMENTAL_TPDA
160 ,{ "tpda_host_defer_action", opt_stringptr,
161 (void *)offsetof(smtp_transport_options_block, tpda_host_defer_action) },
162#endif
0756eb3c
PH
163};
164
165/* Size of the options list. An extern variable has to be used so that its
166address can appear in the tables drtables.c. */
167
168int smtp_transport_options_count =
169 sizeof(smtp_transport_options)/sizeof(optionlist);
170
171/* Default private options block for the smtp transport. */
172
173smtp_transport_options_block smtp_transport_option_defaults = {
174 NULL, /* hosts */
175 NULL, /* fallback_hosts */
176 NULL, /* hostlist */
177 NULL, /* fallback_hostlist */
178 NULL, /* authenticated_sender */
179 US"$primary_hostname", /* helo_data */
180 NULL, /* interface */
181 NULL, /* port */
182 US"smtp", /* protocol */
9e4f5962 183 NULL, /* DSCP */
0756eb3c
PH
184 NULL, /* serialize_hosts */
185 NULL, /* hosts_try_auth */
186 NULL, /* hosts_require_auth */
fd98a5c6
JH
187#ifdef EXPERIMENTAL_PRDR
188 NULL, /* hosts_try_prdr */
189#endif
f5d78688
JH
190#ifdef EXPERIMENTAL_OCSP
191 NULL, /* hosts_require_ocsp */
192#endif
0756eb3c
PH
193 NULL, /* hosts_require_tls */
194 NULL, /* hosts_avoid_tls */
99400968 195 US"*", /* hosts_verify_avoid_tls */
c51b8e75 196 NULL, /* hosts_avoid_pipelining */
0756eb3c
PH
197 NULL, /* hosts_avoid_esmtp */
198 NULL, /* hosts_nopass_tls */
199 5*60, /* command_timeout */
200 5*60, /* connect_timeout; shorter system default overrides */
201 5*60, /* data timeout */
202 10*60, /* final timeout */
203 1024, /* size_addition */
204 5, /* hosts_max_try */
8e669ac1 205 50, /* hosts_max_try_hardlimit */
48c7f9e2 206 TRUE, /* address_retry_include_sender */
0756eb3c 207 FALSE, /* allow_localhost */
382afc6b 208 FALSE, /* authenticated_sender_force */
0756eb3c
PH
209 FALSE, /* gethostbyname */
210 TRUE, /* dns_qualify_single */
211 FALSE, /* dns_search_parents */
212 TRUE, /* delay_after_cutoff */
213 FALSE, /* hosts_override */
214 FALSE, /* hosts_randomize */
215 TRUE, /* keepalive */
f1513293 216 FALSE, /* lmtp_ignore_quota */
0756eb3c 217 TRUE /* retry_include_ip_address */
80a47a2c 218#ifdef SUPPORT_TLS
0756eb3c
PH
219 ,NULL, /* tls_certificate */
220 NULL, /* tls_crl */
221 NULL, /* tls_privatekey */
222 NULL, /* tls_require_ciphers */
83da1223
PH
223 NULL, /* gnutls_require_kx */
224 NULL, /* gnutls_require_mac */
225 NULL, /* gnutls_require_proto */
54c90be1 226 NULL, /* tls_sni */
0756eb3c 227 NULL, /* tls_verify_certificates */
54c90be1
PP
228 EXIM_CLIENT_DH_DEFAULT_MIN_BITS,
229 /* tls_dh_min_bits */
230 TRUE /* tls_tempfail_tryclear */
80a47a2c
TK
231#endif
232#ifndef DISABLE_DKIM
f7572e5a
TK
233 ,NULL, /* dkim_canon */
234 NULL, /* dkim_domain */
235 NULL, /* dkim_private_key */
236 NULL, /* dkim_selector */
237 NULL, /* dkim_sign_headers */
238 NULL /* dkim_strict */
80a47a2c 239#endif
d68218c7
JH
240#ifdef EXPERIMENTAL_TPDA
241 ,NULL /* tpda_host_defer_action */
242#endif
0756eb3c
PH
243};
244
245
246/* Local statics */
247
248static uschar *smtp_command; /* Points to last cmd for error messages */
249static uschar *mail_command; /* Points to MAIL cmd for error messages */
f6c332bd 250static BOOL update_waiting; /* TRUE to update the "wait" database */
0756eb3c
PH
251
252
253/*************************************************
254* Setup entry point *
255*************************************************/
256
257/* This function is called when the transport is about to be used,
258but before running it in a sub-process. It is used for two things:
259
260 (1) To set the fallback host list in addresses, when delivering.
26da7e20
PH
261 (2) To pass back the interface, port, protocol, and other options, for use
262 during callout verification.
0756eb3c
PH
263
264Arguments:
265 tblock pointer to the transport instance block
266 addrlist list of addresses about to be transported
267 tf if not NULL, pointer to block in which to return options
929ba01c
PH
268 uid the uid that will be set (not used)
269 gid the gid that will be set (not used)
0756eb3c
PH
270 errmsg place for error message (not used)
271
272Returns: OK always (FAIL, DEFER not used)
273*/
274
275static int
276smtp_transport_setup(transport_instance *tblock, address_item *addrlist,
929ba01c 277 transport_feedback *tf, uid_t uid, gid_t gid, uschar **errmsg)
0756eb3c
PH
278{
279smtp_transport_options_block *ob =
280 (smtp_transport_options_block *)(tblock->options_block);
281
282errmsg = errmsg; /* Keep picky compilers happy */
929ba01c
PH
283uid = uid;
284gid = gid;
0756eb3c
PH
285
286/* Pass back options if required. This interface is getting very messy. */
287
288if (tf != NULL)
289 {
290 tf->interface = ob->interface;
291 tf->port = ob->port;
292 tf->protocol = ob->protocol;
293 tf->hosts = ob->hosts;
294 tf->hosts_override = ob->hosts_override;
295 tf->hosts_randomize = ob->hosts_randomize;
296 tf->gethostbyname = ob->gethostbyname;
297 tf->qualify_single = ob->dns_qualify_single;
298 tf->search_parents = ob->dns_search_parents;
26da7e20 299 tf->helo_data = ob->helo_data;
0756eb3c
PH
300 }
301
302/* Set the fallback host list for all the addresses that don't have fallback
303host lists, provided that the local host wasn't present in the original host
304list. */
305
306if (!testflag(addrlist, af_local_host_removed))
307 {
308 for (; addrlist != NULL; addrlist = addrlist->next)
309 if (addrlist->fallback_hosts == NULL)
310 addrlist->fallback_hosts = ob->fallback_hostlist;
311 }
312
313return OK;
314}
315
316
317
318/*************************************************
319* Initialization entry point *
320*************************************************/
321
322/* Called for each instance, after its options have been read, to
323enable consistency checks to be done, or anything else that needs
324to be set up.
325
326Argument: pointer to the transport instance block
327Returns: nothing
328*/
329
330void
331smtp_transport_init(transport_instance *tblock)
332{
333smtp_transport_options_block *ob =
334 (smtp_transport_options_block *)(tblock->options_block);
335
336/* Retry_use_local_part defaults FALSE if unset */
337
338if (tblock->retry_use_local_part == TRUE_UNSET)
339 tblock->retry_use_local_part = FALSE;
340
341/* Set the default port according to the protocol */
342
343if (ob->port == NULL)
061b7ebd
PP
344 ob->port = (strcmpic(ob->protocol, US"lmtp") == 0)? US"lmtp" :
345 (strcmpic(ob->protocol, US"smtps") == 0)? US"smtps" : US"smtp";
0756eb3c
PH
346
347/* Set up the setup entry point, to be called before subprocesses for this
348transport. */
349
350tblock->setup = smtp_transport_setup;
351
352/* Complain if any of the timeouts are zero. */
353
354if (ob->command_timeout <= 0 || ob->data_timeout <= 0 ||
355 ob->final_timeout <= 0)
356 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
357 "command, data, or final timeout value is zero for %s transport",
358 tblock->name);
359
360/* If hosts_override is set and there are local hosts, set the global
361flag that stops verify from showing router hosts. */
362
363if (ob->hosts_override && ob->hosts != NULL) tblock->overrides_hosts = TRUE;
364
365/* If there are any fallback hosts listed, build a chain of host items
366for them, but do not do any lookups at this time. */
367
368host_build_hostlist(&(ob->fallback_hostlist), ob->fallback_hosts, FALSE);
369}
370
371
372
373
374
375/*************************************************
376* Set delivery info into all active addresses *
377*************************************************/
378
379/* Only addresses whose status is >= PENDING are relevant. A lesser
380status means that an address is not currently being processed.
381
382Arguments:
447d236c
PH
383 addrlist points to a chain of addresses
384 errno_value to put in each address's errno field
385 msg to put in each address's message field
386 rc to put in each address's transport_return field
387 pass_message if TRUE, set the "pass message" flag in the address
0756eb3c
PH
388
389If errno_value has the special value ERRNO_CONNECTTIMEOUT, ETIMEDOUT is put in
390the errno field, and RTEF_CTOUT is ORed into the more_errno field, to indicate
391this particular type of timeout.
392
393Returns: nothing
394*/
395
7cd1141b
PH
396static void
397set_errno(address_item *addrlist, int errno_value, uschar *msg, int rc,
447d236c 398 BOOL pass_message)
0756eb3c
PH
399{
400address_item *addr;
401int orvalue = 0;
402if (errno_value == ERRNO_CONNECTTIMEOUT)
403 {
404 errno_value = ETIMEDOUT;
405 orvalue = RTEF_CTOUT;
406 }
407for (addr = addrlist; addr != NULL; addr = addr->next)
408 {
409 if (addr->transport_return < PENDING) continue;
410 addr->basic_errno = errno_value;
411 addr->more_errno |= orvalue;
447d236c
PH
412 if (msg != NULL)
413 {
414 addr->message = msg;
415 if (pass_message) setflag(addr, af_pass_message);
416 }
0756eb3c
PH
417 addr->transport_return = rc;
418 }
419}
420
421
422
423/*************************************************
424* Check an SMTP response *
425*************************************************/
426
427/* This function is given an errno code and the SMTP response buffer
428to analyse, together with the host identification for generating messages. It
429sets an appropriate message and puts the first digit of the response code into
430the yield variable. If no response was actually read, a suitable digit is
431chosen.
432
433Arguments:
447d236c
PH
434 host the current host, to get its name for messages
435 errno_value pointer to the errno value
436 more_errno from the top address for use with ERRNO_FILTER_FAIL
437 buffer the SMTP response buffer
438 yield where to put a one-digit SMTP response code
439 message where to put an errror message
440 pass_message set TRUE if message is an SMTP response
441
442Returns: TRUE if an SMTP "QUIT" command should be sent, else FALSE
0756eb3c
PH
443*/
444
445static BOOL check_response(host_item *host, int *errno_value, int more_errno,
447d236c 446 uschar *buffer, int *yield, uschar **message, BOOL *pass_message)
0756eb3c
PH
447{
448uschar *pl = US"";
449
450if (smtp_use_pipelining &&
451 (Ustrcmp(smtp_command, "MAIL") == 0 ||
452 Ustrcmp(smtp_command, "RCPT") == 0 ||
453 Ustrcmp(smtp_command, "DATA") == 0))
454 pl = US"pipelined ";
455
456*yield = '4'; /* Default setting is to give a temporary error */
457
458/* Handle response timeout */
459
460if (*errno_value == ETIMEDOUT)
461 {
462 *message = US string_sprintf("SMTP timeout while connected to %s [%s] "
463 "after %s%s", host->name, host->address, pl, smtp_command);
464 if (transport_count > 0)
465 *message = US string_sprintf("%s (%d bytes written)", *message,
466 transport_count);
467 return FALSE;
468 }
469
470/* Handle malformed SMTP response */
471
472if (*errno_value == ERRNO_SMTPFORMAT)
473 {
474 uschar *malfresp = string_printing(buffer);
475 while (isspace(*malfresp)) malfresp++;
476 if (*malfresp == 0)
477 *message = string_sprintf("Malformed SMTP reply (an empty line) from "
478 "%s [%s] in response to %s%s", host->name, host->address, pl,
479 smtp_command);
480 else
481 *message = string_sprintf("Malformed SMTP reply from %s [%s] in response "
482 "to %s%s: %s", host->name, host->address, pl, smtp_command, malfresp);
483 return FALSE;
484 }
485
486/* Handle a failed filter process error; can't send QUIT as we mustn't
487end the DATA. */
488
489if (*errno_value == ERRNO_FILTER_FAIL)
490 {
35af9f61 491 *message = US string_sprintf("transport filter process failed (%d)%s",
8e669ac1 492 more_errno,
35af9f61 493 (more_errno == EX_EXECFAILED)? ": unable to execute command" : "");
0756eb3c
PH
494 return FALSE;
495 }
496
497/* Handle a failed add_headers expansion; can't send QUIT as we mustn't
498end the DATA. */
499
500if (*errno_value == ERRNO_CHHEADER_FAIL)
501 {
502 *message =
503 US string_sprintf("failed to expand headers_add or headers_remove: %s",
504 expand_string_message);
505 return FALSE;
506 }
507
508/* Handle failure to write a complete data block */
509
510if (*errno_value == ERRNO_WRITEINCOMPLETE)
511 {
512 *message = US string_sprintf("failed to write a data block");
513 return FALSE;
514 }
515
516/* Handle error responses from the remote mailer. */
517
518if (buffer[0] != 0)
519 {
520 uschar *s = string_printing(buffer);
447d236c 521 *message = US string_sprintf("SMTP error from remote mail server after %s%s: "
0756eb3c 522 "host %s [%s]: %s", pl, smtp_command, host->name, host->address, s);
447d236c 523 *pass_message = TRUE;
0756eb3c
PH
524 *yield = buffer[0];
525 return TRUE;
526 }
527
528/* No data was read. If there is no errno, this must be the EOF (i.e.
19b9dc85
PH
529connection closed) case, which causes deferral. An explicit connection reset
530error has the same effect. Otherwise, put the host's identity in the message,
531leaving the errno value to be interpreted as well. In all cases, we have to
532assume the connection is now dead. */
0756eb3c 533
19b9dc85 534if (*errno_value == 0 || *errno_value == ECONNRESET)
0756eb3c
PH
535 {
536 *errno_value = ERRNO_SMTPCLOSED;
537 *message = US string_sprintf("Remote host %s [%s] closed connection "
538 "in response to %s%s", host->name, host->address, pl, smtp_command);
539 }
540else *message = US string_sprintf("%s [%s]", host->name, host->address);
541
542return FALSE;
543}
544
545
546
547/*************************************************
548* Write error message to logs *
549*************************************************/
550
551/* This writes to the main log and to the message log.
552
553Arguments:
554 addr the address item containing error information
555 host the current host
556
557Returns: nothing
558*/
559
560static void
561write_logs(address_item *addr, host_item *host)
562{
563if (addr->message != NULL)
564 {
565 uschar *message = addr->message;
566 if (addr->basic_errno > 0)
567 message = string_sprintf("%s: %s", message, strerror(addr->basic_errno));
568 log_write(0, LOG_MAIN, "%s", message);
569 deliver_msglog("%s %s\n", tod_stamp(tod_log), message);
570 }
571else
572 {
7cd1141b
PH
573 uschar *msg =
574 ((log_extra_selector & LX_outgoing_port) != 0)?
575 string_sprintf("%s [%s]:%d", host->name, host->address,
576 (host->port == PORT_NONE)? 25 : host->port)
577 :
578 string_sprintf("%s [%s]", host->name, host->address);
579 log_write(0, LOG_MAIN, "%s %s", msg, strerror(addr->basic_errno));
580 deliver_msglog("%s %s %s\n", tod_stamp(tod_log), msg,
0756eb3c
PH
581 strerror(addr->basic_errno));
582 }
583}
584
585
586
d68218c7
JH
587#ifdef EXPERIMENTAL_TPDA
588/*************************************************
589* Post-defer action *
590*************************************************/
591
592/* This expands an arbitrary per-transport string.
593 It might, for example, be used to write to the database log.
594
595Arguments:
596 ob transport options block
597 addr the address item containing error information
598 host the current host
599
600Returns: nothing
601*/
602
603static void
604tpda_deferred(smtp_transport_options_block *ob, address_item *addr, host_item *host)
605{
606uschar *action = ob->tpda_host_defer_action;
607if (!action)
608 return;
609
610tpda_delivery_ip = string_copy(host->address);
611tpda_delivery_port = (host->port == PORT_NONE)? 25 : host->port;
612tpda_delivery_fqdn = string_copy(host->name);
613tpda_delivery_local_part = string_copy(addr->local_part);
614tpda_delivery_domain = string_copy(addr->domain);
615tpda_defer_errno = addr->basic_errno;
616
617tpda_defer_errstr = addr->message
618 ? addr->basic_errno > 0
619 ? string_sprintf("%s: %s", addr->message, strerror(addr->basic_errno))
620 : string_copy(addr->message)
621 : addr->basic_errno > 0
622 ? string_copy(strerror(addr->basic_errno))
623 : NULL;
624
625DEBUG(D_transport)
626 debug_printf(" TPDA(host defer): tpda_host_defer_action=|%s| tpda_delivery_IP=%s\n",
627 action, tpda_delivery_ip);
628
629router_name = addr->router->name;
630transport_name = addr->transport->name;
631if (!expand_string(action) && *expand_string_message)
632 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand tpda_defer_action in %s: %s\n",
633 transport_name, expand_string_message);
634router_name = transport_name = NULL;
635}
636#endif
637
638
639
0756eb3c
PH
640/*************************************************
641* Synchronize SMTP responses *
642*************************************************/
643
644/* This function is called from smtp_deliver() to receive SMTP responses from
645the server, and match them up with the commands to which they relate. When
646PIPELINING is not in use, this function is called after every command, and is
647therefore somewhat over-engineered, but it is simpler to use a single scheme
648that works both with and without PIPELINING instead of having two separate sets
649of code.
650
651The set of commands that are buffered up with pipelining may start with MAIL
652and may end with DATA; in between are RCPT commands that correspond to the
653addresses whose status is PENDING_DEFER. All other commands (STARTTLS, AUTH,
654etc.) are never buffered.
655
656Errors after MAIL or DATA abort the whole process leaving the response in the
657buffer. After MAIL, pending responses are flushed, and the original command is
658re-instated in big_buffer for error messages. For RCPT commands, the remote is
659permitted to reject some recipient addresses while accepting others. However
660certain errors clearly abort the whole process. Set the value in
661transport_return to PENDING_OK if the address is accepted. If there is a
662subsequent general error, it will get reset accordingly. If not, it will get
663converted to OK at the end.
664
665Arguments:
48c7f9e2
PH
666 addrlist the complete address list
667 include_affixes TRUE if affixes include in RCPT
668 sync_addr ptr to the ptr of the one to start scanning at (updated)
669 host the host we are connected to
670 count the number of responses to read
671 address_retry_
672 include_sender true if 4xx retry is to include the sender it its key
673 pending_MAIL true if the first response is for MAIL
674 pending_DATA 0 if last command sent was not DATA
675 +1 if previously had a good recipient
676 -1 if not previously had a good recipient
677 inblock incoming SMTP block
678 timeout timeout value
679 buffer buffer for reading response
680 buffsize size of buffer
0756eb3c
PH
681
682Returns: 3 if at least one address had 2xx and one had 5xx
683 2 if at least one address had 5xx but none had 2xx
684 1 if at least one host had a 2xx response, but none had 5xx
685 0 no address had 2xx or 5xx but no errors (all 4xx, or just DATA)
686 -1 timeout while reading RCPT response
687 -2 I/O or other non-response error for RCPT
688 -3 DATA or MAIL failed - errno and buffer set
689*/
690
691static int
692sync_responses(address_item *addrlist, BOOL include_affixes,
48c7f9e2
PH
693 address_item **sync_addr, host_item *host, int count,
694 BOOL address_retry_include_sender, BOOL pending_MAIL,
0756eb3c
PH
695 int pending_DATA, smtp_inblock *inblock, int timeout, uschar *buffer,
696 int buffsize)
697{
698address_item *addr = *sync_addr;
699int yield = 0;
700
701/* Handle the response for a MAIL command. On error, reinstate the original
702command in big_buffer for error message use, and flush any further pending
703responses before returning, except after I/O errors and timeouts. */
704
705if (pending_MAIL)
706 {
707 count--;
708 if (!smtp_read_response(inblock, buffer, buffsize, '2', timeout))
709 {
710 Ustrcpy(big_buffer, mail_command); /* Fits, because it came from there! */
711 if (errno == 0 && buffer[0] != 0)
712 {
713 uschar flushbuffer[4096];
e97957bc
PH
714 int save_errno = 0;
715 if (buffer[0] == '4')
716 {
717 save_errno = ERRNO_MAIL4XX;
718 addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
719 }
0756eb3c
PH
720 while (count-- > 0)
721 {
722 if (!smtp_read_response(inblock, flushbuffer, sizeof(flushbuffer),
723 '2', timeout)
724 && (errno != 0 || flushbuffer[0] == 0))
725 break;
726 }
e97957bc 727 errno = save_errno;
0756eb3c
PH
728 }
729 return -3;
730 }
731 }
732
733if (pending_DATA) count--; /* Number of RCPT responses to come */
734
735/* Read and handle the required number of RCPT responses, matching each one up
736with an address by scanning for the next address whose status is PENDING_DEFER.
737*/
738
739while (count-- > 0)
740 {
741 while (addr->transport_return != PENDING_DEFER) addr = addr->next;
742
743 /* The address was accepted */
744
745 if (smtp_read_response(inblock, buffer, buffsize, '2', timeout))
746 {
747 yield |= 1;
748 addr->transport_return = PENDING_OK;
749
750 /* If af_dr_retry_exists is set, there was a routing delay on this address;
09945f1e
PH
751 ensure that any address-specific retry record is expunged. We do this both
752 for the basic key and for the version that also includes the sender. */
0756eb3c
PH
753
754 if (testflag(addr, af_dr_retry_exists))
09945f1e
PH
755 {
756 uschar *altkey = string_sprintf("%s:<%s>", addr->address_retry_key,
757 sender_address);
758 retry_add_item(addr, altkey, rf_delete);
0756eb3c 759 retry_add_item(addr, addr->address_retry_key, rf_delete);
09945f1e 760 }
0756eb3c
PH
761 }
762
763 /* Timeout while reading the response */
764
765 else if (errno == ETIMEDOUT)
766 {
767 int save_errno = errno;
768 uschar *message = string_sprintf("SMTP timeout while connected to %s [%s] "
769 "after RCPT TO:<%s>", host->name, host->address,
770 transport_rcpt_address(addr, include_affixes));
447d236c 771 set_errno(addrlist, save_errno, message, DEFER, FALSE);
0756eb3c 772 retry_add_item(addr, addr->address_retry_key, 0);
f6c332bd 773 update_waiting = FALSE;
0756eb3c
PH
774 return -1;
775 }
776
777 /* Handle other errors in obtaining an SMTP response by returning -1. This
778 will cause all the addresses to be deferred. Restore the SMTP command in
779 big_buffer for which we are checking the response, so the error message
780 makes sense. */
781
782 else if (errno != 0 || buffer[0] == 0)
783 {
784 string_format(big_buffer, big_buffer_size, "RCPT TO:<%s>",
785 transport_rcpt_address(addr, include_affixes));
786 return -2;
787 }
788
789 /* Handle SMTP permanent and temporary response codes. */
790
791 else
792 {
793 addr->message =
447d236c 794 string_sprintf("SMTP error from remote mail server after RCPT TO:<%s>: "
0756eb3c
PH
795 "host %s [%s]: %s", transport_rcpt_address(addr, include_affixes),
796 host->name, host->address, string_printing(buffer));
447d236c 797 setflag(addr, af_pass_message);
0756eb3c
PH
798 deliver_msglog("%s %s\n", tod_stamp(tod_log), addr->message);
799
800 /* The response was 5xx */
801
802 if (buffer[0] == '5')
803 {
804 addr->transport_return = FAIL;
805 yield |= 2;
806 }
807
808 /* The response was 4xx */
809
810 else
811 {
0756eb3c
PH
812 addr->transport_return = DEFER;
813 addr->basic_errno = ERRNO_RCPT4XX;
e97957bc 814 addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
0756eb3c
PH
815
816 /* Log temporary errors if there are more hosts to be tried. */
817
818 if (host->next != NULL) log_write(0, LOG_MAIN, "%s", addr->message);
819
f6c332bd
PH
820 /* Do not put this message on the list of those waiting for specific
821 hosts, as otherwise it is likely to be tried too often. */
0756eb3c 822
f6c332bd 823 update_waiting = FALSE;
0756eb3c 824
48c7f9e2
PH
825 /* Add a retry item for the address so that it doesn't get tried again
826 too soon. If address_retry_include_sender is true, add the sender address
827 to the retry key. */
0756eb3c 828
48c7f9e2
PH
829 if (address_retry_include_sender)
830 {
831 uschar *altkey = string_sprintf("%s:<%s>", addr->address_retry_key,
832 sender_address);
833 retry_add_item(addr, altkey, 0);
834 }
835 else retry_add_item(addr, addr->address_retry_key, 0);
0756eb3c
PH
836 }
837 }
838 } /* Loop for next RCPT response */
839
840/* Update where to start at for the next block of responses, unless we
841have already handled all the addresses. */
842
843if (addr != NULL) *sync_addr = addr->next;
844
845/* Handle a response to DATA. If we have not had any good recipients, either
846previously or in this block, the response is ignored. */
847
848if (pending_DATA != 0 &&
849 !smtp_read_response(inblock, buffer, buffsize, '3', timeout))
850 {
851 int code;
852 uschar *msg;
447d236c 853 BOOL pass_message;
e97957bc
PH
854 if (pending_DATA > 0 || (yield & 1) != 0)
855 {
856 if (errno == 0 && buffer[0] == '4')
857 {
858 errno = ERRNO_DATA4XX;
859 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
860 }
861 return -3;
862 }
447d236c 863 (void)check_response(host, &errno, 0, buffer, &code, &msg, &pass_message);
0756eb3c
PH
864 DEBUG(D_transport) debug_printf("%s\nerror for DATA ignored: pipelining "
865 "is in use and there were no good recipients\n", msg);
866 }
867
868/* All responses read and handled; MAIL (if present) received 2xx and DATA (if
869present) received 3xx. If any RCPTs were handled and yielded anything other
870than 4xx, yield will be set non-zero. */
871
872return yield;
873}
874
875
876
fcc8e047
JH
877/* Do the client side of smtp-level authentication */
878/*
879Arguments:
880 buffer EHLO response from server (gets overwritten)
881 addrlist chain of potential addresses to deliver
882 host host to deliver to
883 ob transport options
884 ibp, obp comms channel control blocks
885
886Returns:
887 OK Success, or failed (but not required): global "smtp_authenticated" set
888 DEFER Failed authentication (and was required)
889 ERROR Internal problem
890
891 FAIL_SEND Failed communications - transmit
892 FAIL - response
893*/
894
895int
896smtp_auth(uschar *buffer, unsigned bufsize, address_item *addrlist, host_item *host,
897 smtp_transport_options_block *ob, BOOL is_esmtp,
898 smtp_inblock *ibp, smtp_outblock *obp)
899{
900 int require_auth;
901 uschar *fail_reason = US"server did not advertise AUTH support";
902
903 smtp_authenticated = FALSE;
904 client_authenticator = client_authenticated_id = client_authenticated_sender = NULL;
905 require_auth = verify_check_this_host(&(ob->hosts_require_auth), NULL,
906 host->name, host->address, NULL);
907
908 if (is_esmtp && !regex_AUTH) regex_AUTH =
909 regex_must_compile(US"\\n250[\\s\\-]AUTH\\s+([\\-\\w\\s]+)(?:\\n|$)",
910 FALSE, TRUE);
911
912 if (is_esmtp && regex_match_and_setup(regex_AUTH, buffer, 0, -1))
913 {
914 uschar *names = string_copyn(expand_nstring[1], expand_nlength[1]);
915 expand_nmax = -1; /* reset */
916
917 /* Must not do this check until after we have saved the result of the
918 regex match above. */
919
920 if (require_auth == OK ||
921 verify_check_this_host(&(ob->hosts_try_auth), NULL, host->name,
922 host->address, NULL) == OK)
923 {
924 auth_instance *au;
925 fail_reason = US"no common mechanisms were found";
926
927 DEBUG(D_transport) debug_printf("scanning authentication mechanisms\n");
928
929 /* Scan the configured authenticators looking for one which is configured
930 for use as a client, which is not suppressed by client_condition, and
931 whose name matches an authentication mechanism supported by the server.
932 If one is found, attempt to authenticate by calling its client function.
933 */
934
935 for (au = auths; !smtp_authenticated && au != NULL; au = au->next)
936 {
937 uschar *p = names;
938 if (!au->client ||
939 (au->client_condition != NULL &&
940 !expand_check_condition(au->client_condition, au->name,
941 US"client authenticator")))
942 {
943 DEBUG(D_transport) debug_printf("skipping %s authenticator: %s\n",
944 au->name,
945 (au->client)? "client_condition is false" :
946 "not configured as a client");
947 continue;
948 }
949
950 /* Loop to scan supported server mechanisms */
951
952 while (*p != 0)
953 {
954 int rc;
955 int len = Ustrlen(au->public_name);
956 while (isspace(*p)) p++;
957
958 if (strncmpic(au->public_name, p, len) != 0 ||
959 (p[len] != 0 && !isspace(p[len])))
960 {
961 while (*p != 0 && !isspace(*p)) p++;
962 continue;
963 }
964
965 /* Found data for a listed mechanism. Call its client entry. Set
966 a flag in the outblock so that data is overwritten after sending so
967 that reflections don't show it. */
968
969 fail_reason = US"authentication attempt(s) failed";
970 obp->authenticating = TRUE;
971 rc = (au->info->clientcode)(au, ibp, obp,
972 ob->command_timeout, buffer, bufsize);
973 obp->authenticating = FALSE;
974 DEBUG(D_transport) debug_printf("%s authenticator yielded %d\n",
975 au->name, rc);
976
977 /* A temporary authentication failure must hold up delivery to
978 this host. After a permanent authentication failure, we carry on
979 to try other authentication methods. If all fail hard, try to
980 deliver the message unauthenticated unless require_auth was set. */
981
982 switch(rc)
983 {
984 case OK:
985 smtp_authenticated = TRUE; /* stops the outer loop */
986 client_authenticator = au->name;
987 if (au->set_client_id != NULL)
988 client_authenticated_id = expand_string(au->set_client_id);
989 break;
990
991 /* Failure after writing a command */
992
993 case FAIL_SEND:
994 return FAIL_SEND;
995
996 /* Failure after reading a response */
997
998 case FAIL:
999 if (errno != 0 || buffer[0] != '5') return FAIL;
1000 log_write(0, LOG_MAIN, "%s authenticator failed H=%s [%s] %s",
1001 au->name, host->name, host->address, buffer);
1002 break;
1003
1004 /* Failure by some other means. In effect, the authenticator
1005 decided it wasn't prepared to handle this case. Typically this
1006 is the result of "fail" in an expansion string. Do we need to
1007 log anything here? Feb 2006: a message is now put in the buffer
1008 if logging is required. */
1009
1010 case CANCELLED:
1011 if (*buffer != 0)
1012 log_write(0, LOG_MAIN, "%s authenticator cancelled "
1013 "authentication H=%s [%s] %s", au->name, host->name,
1014 host->address, buffer);
1015 break;
1016
1017 /* Internal problem, message in buffer. */
1018
1019 case ERROR:
1020 set_errno(addrlist, 0, string_copy(buffer), DEFER, FALSE);
1021 return ERROR;
1022 }
1023
1024 break; /* If not authenticated, try next authenticator */
1025 } /* Loop for scanning supported server mechanisms */
1026 } /* Loop for further authenticators */
1027 }
1028 }
1029
1030 /* If we haven't authenticated, but are required to, give up. */
1031
1032 if (require_auth == OK && !smtp_authenticated)
1033 {
1034 set_errno(addrlist, ERRNO_AUTHFAIL,
1035 string_sprintf("authentication required but %s", fail_reason), DEFER,
1036 FALSE);
1037 return DEFER;
1038 }
4d8d62b9 1039
fcc8e047
JH
1040 return OK;
1041}
1042
1043
1044/* Construct AUTH appendix string for MAIL TO */
1045/*
1046Arguments
1047 buffer to build string
1048 addrlist chain of potential addresses to deliver
1049 ob transport options
1050
1051Globals smtp_authenticated
1052 client_authenticated_sender
1053Return True on error, otherwise buffer has (possibly empty) terminated string
1054*/
1055
1056BOOL
1057smtp_mail_auth_str(uschar *buffer, unsigned bufsize, address_item *addrlist,
1058 smtp_transport_options_block *ob)
1059{
1060uschar *local_authenticated_sender = authenticated_sender;
1061
1062#ifdef notdef
1063 debug_printf("smtp_mail_auth_str: as<%s> os<%s> SA<%s>\n", authenticated_sender, ob->authenticated_sender, smtp_authenticated?"Y":"N");
1064#endif
1065
1066if (ob->authenticated_sender != NULL)
1067 {
1068 uschar *new = expand_string(ob->authenticated_sender);
1069 if (new == NULL)
1070 {
1071 if (!expand_string_forcedfail)
1072 {
1073 uschar *message = string_sprintf("failed to expand "
1074 "authenticated_sender: %s", expand_string_message);
1075 set_errno(addrlist, 0, message, DEFER, FALSE);
1076 return TRUE;
1077 }
1078 }
1079 else if (new[0] != 0) local_authenticated_sender = new;
1080 }
1081
1082/* Add the authenticated sender address if present */
1083
1084if ((smtp_authenticated || ob->authenticated_sender_force) &&
1085 local_authenticated_sender != NULL)
1086 {
1087 string_format(buffer, bufsize, " AUTH=%s",
1088 auth_xtextencode(local_authenticated_sender,
1089 Ustrlen(local_authenticated_sender)));
1090 client_authenticated_sender = string_copy(local_authenticated_sender);
1091 }
1092else
1093 *buffer= 0;
1094
1095return FALSE;
1096}
1097
1098
1099
0756eb3c
PH
1100/*************************************************
1101* Deliver address list to given host *
1102*************************************************/
1103
1104/* If continue_hostname is not null, we get here only when continuing to
1105deliver down an existing channel. The channel was passed as the standard
6c512171
PH
1106input. TLS is never active on a passed channel; the previous process always
1107closes it down before passing the connection on.
0756eb3c
PH
1108
1109Otherwise, we have to make a connection to the remote host, and do the
1110initial protocol exchange.
1111
1112When running as an MUA wrapper, if the sender or any recipient is rejected,
1113temporarily or permanently, we force failure for all recipients.
1114
1115Arguments:
1116 addrlist chain of potential addresses to deliver; only those whose
1117 transport_return field is set to PENDING_DEFER are currently
1118 being processed; others should be skipped - they have either
1119 been delivered to an earlier host or IP address, or been
1120 failed by one of them.
1121 host host to deliver to
1122 host_af AF_INET or AF_INET6
2d280592 1123 port default TCP/IP port to use, in host byte order
0756eb3c
PH
1124 interface interface to bind to, or NULL
1125 tblock transport instance block
1126 copy_host TRUE if host set in addr->host_used must be copied, because
1127 it is specific to this call of the transport
1128 message_defer set TRUE if yield is OK, but all addresses were deferred
1129 because of a non-recipient, non-host failure, that is, a
1130 4xx response to MAIL FROM, DATA, or ".". This is a defer
1131 that is specific to the message.
1132 suppress_tls if TRUE, don't attempt a TLS connection - this is set for
1133 a second attempt after TLS initialization fails
1134
1135Returns: OK - the connection was made and the delivery attempted;
1136 the result for each address is in its data block.
1137 DEFER - the connection could not be made, or something failed
1138 while setting up the SMTP session, or there was a
1139 non-message-specific error, such as a timeout.
1140 ERROR - a filter command is specified for this transport,
1141 and there was a problem setting it up; OR helo_data
1142 or add_headers or authenticated_sender is specified
1143 for this transport, and the string failed to expand
1144*/
1145
1146static int
1147smtp_deliver(address_item *addrlist, host_item *host, int host_af, int port,
1148 uschar *interface, transport_instance *tblock, BOOL copy_host,
1149 BOOL *message_defer, BOOL suppress_tls)
1150{
1151address_item *addr;
1152address_item *sync_addr;
1153address_item *first_addr = addrlist;
1154int yield = OK;
1155int address_count;
1156int save_errno;
1157int rc;
1158time_t start_delivery_time = time(NULL);
1159smtp_transport_options_block *ob =
1160 (smtp_transport_options_block *)(tblock->options_block);
1161BOOL lmtp = strcmpic(ob->protocol, US"lmtp") == 0;
061b7ebd 1162BOOL smtps = strcmpic(ob->protocol, US"smtps") == 0;
0756eb3c
PH
1163BOOL ok = FALSE;
1164BOOL send_rset = TRUE;
1165BOOL send_quit = TRUE;
1166BOOL setting_up = TRUE;
1167BOOL completed_address = FALSE;
1168BOOL esmtp = TRUE;
1169BOOL pending_MAIL;
447d236c 1170BOOL pass_message = FALSE;
fd98a5c6
JH
1171#ifdef EXPERIMENTAL_PRDR
1172BOOL prdr_offered = FALSE;
1173BOOL prdr_active;
1174#endif
0756eb3c
PH
1175smtp_inblock inblock;
1176smtp_outblock outblock;
1177int max_rcpt = tblock->max_addresses;
f1513293 1178uschar *igquotstr = US"";
41c7c167 1179uschar *helo_data = NULL;
0756eb3c
PH
1180uschar *message = NULL;
1181uschar new_message_id[MESSAGE_ID_LENGTH + 1];
1182uschar *p;
1183uschar buffer[4096];
1184uschar inbuffer[4096];
1185uschar outbuffer[1024];
1186
1187suppress_tls = suppress_tls; /* stop compiler warning when no TLS support */
1188
1189*message_defer = FALSE;
1190smtp_command = US"initial connection";
1191if (max_rcpt == 0) max_rcpt = 999999;
1192
1193/* Set up the buffer for reading SMTP response packets. */
1194
1195inblock.buffer = inbuffer;
1196inblock.buffersize = sizeof(inbuffer);
1197inblock.ptr = inbuffer;
1198inblock.ptrend = inbuffer;
1199
1200/* Set up the buffer for holding SMTP commands while pipelining */
1201
1202outblock.buffer = outbuffer;
1203outblock.buffersize = sizeof(outbuffer);
1204outblock.ptr = outbuffer;
1205outblock.cmd_count = 0;
1206outblock.authenticating = FALSE;
1207
6c512171
PH
1208/* Reset the parameters of a TLS session. */
1209
817d9f57
JH
1210tls_in.bits = 0;
1211tls_in.cipher = NULL; /* for back-compatible behaviour */
1212tls_in.peerdn = NULL;
d6131a7d 1213#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
817d9f57
JH
1214tls_in.sni = NULL;
1215#endif
1216
1217tls_out.bits = 0;
1218tls_out.cipher = NULL; /* the one we may use for this transport */
1219tls_out.peerdn = NULL;
1220#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
1221tls_out.sni = NULL;
5b456975 1222#endif
6c512171 1223
061b7ebd
PP
1224#ifndef SUPPORT_TLS
1225if (smtps)
1226 {
1227 set_errno(addrlist, 0, US"TLS support not available", DEFER, FALSE);
1228 return ERROR;
1229 }
1230#endif
1231
0756eb3c
PH
1232/* Make a connection to the host if this isn't a continued delivery, and handle
1233the initial interaction and HELO/EHLO/LHLO. Connect timeout errors are handled
1234specially so they can be identified for retries. */
1235
1236if (continue_hostname == NULL)
1237 {
1238 inblock.sock = outblock.sock =
1239 smtp_connect(host, host_af, port, interface, ob->connect_timeout,
9e4f5962 1240 ob->keepalive, ob->dscp); /* This puts port into host->port */
4311097e 1241
0756eb3c
PH
1242 if (inblock.sock < 0)
1243 {
1244 set_errno(addrlist, (errno == ETIMEDOUT)? ERRNO_CONNECTTIMEOUT : errno,
447d236c 1245 NULL, DEFER, FALSE);
0756eb3c
PH
1246 return DEFER;
1247 }
1248
41c7c167
PH
1249 /* Expand the greeting message while waiting for the initial response. (Makes
1250 sense if helo_data contains ${lookup dnsdb ...} stuff). The expansion is
1251 delayed till here so that $sending_interface and $sending_port are set. */
1252
1253 helo_data = expand_string(ob->helo_data);
1254
0756eb3c
PH
1255 /* The first thing is to wait for an initial OK response. The dreaded "goto"
1256 is nevertheless a reasonably clean way of programming this kind of logic,
1257 where you want to escape on any error. */
1258
061b7ebd
PP
1259 if (!smtps)
1260 {
1261 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1262 ob->command_timeout)) goto RESPONSE_FAILED;
0756eb3c 1263
061b7ebd
PP
1264 /* Now check if the helo_data expansion went well, and sign off cleanly if
1265 it didn't. */
41c7c167 1266
061b7ebd
PP
1267 if (helo_data == NULL)
1268 {
1269 uschar *message = string_sprintf("failed to expand helo_data: %s",
1270 expand_string_message);
1271 set_errno(addrlist, 0, message, DEFER, FALSE);
1272 yield = DEFER;
1273 goto SEND_QUIT;
1274 }
41c7c167
PH
1275 }
1276
0756eb3c
PH
1277/** Debugging without sending a message
1278addrlist->transport_return = DEFER;
1279goto SEND_QUIT;
1280**/
1281
1282 /* Errors that occur after this point follow an SMTP command, which is
1283 left in big_buffer by smtp_write_command() for use in error messages. */
1284
1285 smtp_command = big_buffer;
1286
1287 /* Tell the remote who we are...
1288
1289 February 1998: A convention has evolved that ESMTP-speaking MTAs include the
1290 string "ESMTP" in their greeting lines, so make Exim send EHLO if the
1291 greeting is of this form. The assumption was that the far end supports it
1292 properly... but experience shows that there are some that give 5xx responses,
1293 even though the banner includes "ESMTP" (there's a bloody-minded one that
1294 says "ESMTP not spoken here"). Cope with that case.
1295
1296 September 2000: Time has passed, and it seems reasonable now to always send
1297 EHLO at the start. It is also convenient to make the change while installing
1298 the TLS stuff.
1299
1300 July 2003: Joachim Wieland met a broken server that advertises "PIPELINING"
1301 but times out after sending MAIL FROM, RCPT TO and DATA all together. There
1302 would be no way to send out the mails, so there is now a host list
1303 "hosts_avoid_esmtp" that disables ESMTP for special hosts and solves the
1304 PIPELINING problem as well. Maybe it can also be useful to cure other
1305 problems with broken servers.
1306
1307 Exim originally sent "Helo" at this point and ran for nearly a year that way.
1308 Then somebody tried it with a Microsoft mailer... It seems that all other
1309 mailers use upper case for some reason (the RFC is quite clear about case
1310 independence) so, for peace of mind, I gave in. */
1311
1312 esmtp = verify_check_this_host(&(ob->hosts_avoid_esmtp), NULL,
1313 host->name, host->address, NULL) != OK;
1314
061b7ebd
PP
1315 /* Alas; be careful, since this goto is not an error-out, so conceivably
1316 we might set data between here and the target which we assume to exist
1317 and be usable. I can see this coming back to bite us. */
1318 #ifdef SUPPORT_TLS
1319 if (smtps)
1320 {
1321 tls_offered = TRUE;
1322 suppress_tls = FALSE;
1323 ob->tls_tempfail_tryclear = FALSE;
1324 smtp_command = US"SSL-on-connect";
1325 goto TLS_NEGOTIATE;
1326 }
1327 #endif
1328
0756eb3c
PH
1329 if (esmtp)
1330 {
1331 if (smtp_write_command(&outblock, FALSE, "%s %s\r\n",
1332 lmtp? "LHLO" : "EHLO", helo_data) < 0)
1333 goto SEND_FAILED;
1334 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1335 ob->command_timeout))
1336 {
1337 if (errno != 0 || buffer[0] == 0 || lmtp) goto RESPONSE_FAILED;
1338 esmtp = FALSE;
1339 }
1340 }
1341 else
1342 {
1343 DEBUG(D_transport)
1344 debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
1345 }
1346
1347 if (!esmtp)
1348 {
1349 if (smtp_write_command(&outblock, FALSE, "HELO %s\r\n", helo_data) < 0)
1350 goto SEND_FAILED;
1351 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1352 ob->command_timeout)) goto RESPONSE_FAILED;
1353 }
1354
f1513293
PH
1355 /* Set IGNOREQUOTA if the response to LHLO specifies support and the
1356 lmtp_ignore_quota option was set. */
1357
1358 igquotstr = (lmtp && ob->lmtp_ignore_quota &&
1359 pcre_exec(regex_IGNOREQUOTA, NULL, CS buffer, Ustrlen(CS buffer), 0,
1360 PCRE_EOPT, NULL, 0) >= 0)? US" IGNOREQUOTA" : US"";
1361
0756eb3c
PH
1362 /* Set tls_offered if the response to EHLO specifies support for STARTTLS. */
1363
1364 #ifdef SUPPORT_TLS
1365 tls_offered = esmtp &&
1366 pcre_exec(regex_STARTTLS, NULL, CS buffer, Ustrlen(buffer), 0,
1367 PCRE_EOPT, NULL, 0) >= 0;
1368 #endif
fd98a5c6
JH
1369
1370 #ifdef EXPERIMENTAL_PRDR
1371 prdr_offered = esmtp &&
1372 (pcre_exec(regex_PRDR, NULL, CS buffer, Ustrlen(buffer), 0,
1373 PCRE_EOPT, NULL, 0) >= 0) &&
1374 (verify_check_this_host(&(ob->hosts_try_prdr), NULL, host->name,
1375 host->address, NULL) == OK);
1376
1377 if (prdr_offered)
1378 {DEBUG(D_transport) debug_printf("PRDR usable\n");}
1379 #endif
0756eb3c
PH
1380 }
1381
1382/* For continuing deliveries down the same channel, the socket is the standard
1383input, and we don't need to redo EHLO here (but may need to do so for TLS - see
1384below). Set up the pointer to where subsequent commands will be left, for
1385error messages. Note that smtp_use_size and smtp_use_pipelining will have been
1386set from the command line if they were set in the process that passed the
1387connection on. */
1388
1389else
1390 {
1391 inblock.sock = outblock.sock = fileno(stdin);
1392 smtp_command = big_buffer;
4311097e 1393 host->port = port; /* Record the port that was used */
0756eb3c
PH
1394 }
1395
1396/* If TLS is available on this connection, whether continued or not, attempt to
1397start up a TLS session, unless the host is in hosts_avoid_tls. If successful,
1398send another EHLO - the server may give a different answer in secure mode. We
1399use a separate buffer for reading the response to STARTTLS so that if it is
1400negative, the original EHLO data is available for subsequent analysis, should
1401the client not be required to use TLS. If the response is bad, copy the buffer
1402for error analysis. */
1403
1404#ifdef SUPPORT_TLS
1405if (tls_offered && !suppress_tls &&
1406 verify_check_this_host(&(ob->hosts_avoid_tls), NULL, host->name,
1407 host->address, NULL) != OK)
1408 {
1409 uschar buffer2[4096];
1410 if (smtp_write_command(&outblock, FALSE, "STARTTLS\r\n") < 0)
1411 goto SEND_FAILED;
1412
1413 /* If there is an I/O error, transmission of this message is deferred. If
1414 there is a temporary rejection of STARRTLS and tls_tempfail_tryclear is
1415 false, we also defer. However, if there is a temporary rejection of STARTTLS
1416 and tls_tempfail_tryclear is true, or if there is an outright rejection of
1417 STARTTLS, we carry on. This means we will try to send the message in clear,
1418 unless the host is in hosts_require_tls (tested below). */
1419
1420 if (!smtp_read_response(&inblock, buffer2, sizeof(buffer2), '2',
1421 ob->command_timeout))
1422 {
0756eb3c
PH
1423 if (errno != 0 || buffer2[0] == 0 ||
1424 (buffer2[0] == '4' && !ob->tls_tempfail_tryclear))
0dda4340
TK
1425 {
1426 Ustrncpy(buffer, buffer2, sizeof(buffer));
0756eb3c 1427 goto RESPONSE_FAILED;
0dda4340 1428 }
0756eb3c
PH
1429 }
1430
1431 /* STARTTLS accepted: try to negotiate a TLS session. */
1432
1433 else
061b7ebd 1434 TLS_NEGOTIATE:
0756eb3c 1435 {
83da1223
PH
1436 int rc = tls_client_start(inblock.sock,
1437 host,
1438 addrlist,
0756eb3c
PH
1439 ob->tls_certificate,
1440 ob->tls_privatekey,
3f0945ff 1441 ob->tls_sni,
0756eb3c
PH
1442 ob->tls_verify_certificates,
1443 ob->tls_crl,
1444 ob->tls_require_ciphers,
f5d78688
JH
1445#ifdef EXPERIMENTAL_OCSP
1446 ob->hosts_require_ocsp,
1447#endif
54c90be1 1448 ob->tls_dh_min_bits,
0756eb3c
PH
1449 ob->command_timeout);
1450
1451 /* TLS negotiation failed; give an error. From outside, this function may
1452 be called again to try in clear on a new connection, if the options permit
1453 it for this host. */
1454
1455 if (rc != OK)
1456 {
1457 save_errno = ERRNO_TLSFAILURE;
1458 message = US"failure while setting up TLS session";
1459 send_quit = FALSE;
1460 goto TLS_FAILED;
1461 }
1462
1463 /* TLS session is set up */
1464
1465 for (addr = addrlist; addr != NULL; addr = addr->next)
1466 {
5ca2a9a1
PH
1467 if (addr->transport_return == PENDING_DEFER)
1468 {
817d9f57
JH
1469 addr->cipher = tls_out.cipher;
1470 addr->peerdn = tls_out.peerdn;
5ca2a9a1 1471 }
0756eb3c
PH
1472 }
1473 }
1474 }
1475
061b7ebd
PP
1476/* if smtps, we'll have smtp_command set to something else; always safe to
1477reset it here. */
1478smtp_command = big_buffer;
1479
41c7c167
PH
1480/* If we started TLS, redo the EHLO/LHLO exchange over the secure channel. If
1481helo_data is null, we are dealing with a connection that was passed from
1482another process, and so we won't have expanded helo_data above. We have to
1483expand it here. $sending_ip_address and $sending_port are set up right at the
1484start of the Exim process (in exim.c). */
0756eb3c 1485
817d9f57 1486if (tls_out.active >= 0)
0756eb3c 1487 {
061b7ebd 1488 char *greeting_cmd;
41c7c167
PH
1489 if (helo_data == NULL)
1490 {
1491 helo_data = expand_string(ob->helo_data);
1492 if (helo_data == NULL)
1493 {
1494 uschar *message = string_sprintf("failed to expand helo_data: %s",
1495 expand_string_message);
1496 set_errno(addrlist, 0, message, DEFER, FALSE);
1497 yield = DEFER;
1498 goto SEND_QUIT;
1499 }
1500 }
1501
0d0e4455 1502 /* For SMTPS we need to wait for the initial OK response. */
061b7ebd
PP
1503 if (smtps)
1504 {
1505 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1506 ob->command_timeout)) goto RESPONSE_FAILED;
0d0e4455
PP
1507 }
1508
1509 if (esmtp)
1510 greeting_cmd = "EHLO";
1511 else
1512 {
1513 greeting_cmd = "HELO";
1514 DEBUG(D_transport)
1515 debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
061b7ebd
PP
1516 }
1517
1518 if (smtp_write_command(&outblock, FALSE, "%s %s\r\n",
1519 lmtp? "LHLO" : greeting_cmd, helo_data) < 0)
0756eb3c
PH
1520 goto SEND_FAILED;
1521 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1522 ob->command_timeout))
1523 goto RESPONSE_FAILED;
1524 }
1525
1526/* If the host is required to use a secure channel, ensure that we
1527have one. */
1528
1529else if (verify_check_this_host(&(ob->hosts_require_tls), NULL, host->name,
1530 host->address, NULL) == OK)
1531 {
1532 save_errno = ERRNO_TLSREQUIRED;
1533 message = string_sprintf("a TLS session is required for %s [%s], but %s",
1534 host->name, host->address,
1535 tls_offered? "an attempt to start TLS failed" :
1536 "the server did not offer TLS support");
1537 goto TLS_FAILED;
1538 }
1539#endif
1540
1541/* If TLS is active, we have just started it up and re-done the EHLO command,
1542so its response needs to be analyzed. If TLS is not active and this is a
1543continued session down a previously-used socket, we haven't just done EHLO, so
1544we skip this. */
1545
1546if (continue_hostname == NULL
1547 #ifdef SUPPORT_TLS
817d9f57 1548 || tls_out.active >= 0
0756eb3c
PH
1549 #endif
1550 )
1551 {
f1513293
PH
1552 /* Set for IGNOREQUOTA if the response to LHLO specifies support and the
1553 lmtp_ignore_quota option was set. */
1554
1555 igquotstr = (lmtp && ob->lmtp_ignore_quota &&
1556 pcre_exec(regex_IGNOREQUOTA, NULL, CS buffer, Ustrlen(CS buffer), 0,
1557 PCRE_EOPT, NULL, 0) >= 0)? US" IGNOREQUOTA" : US"";
1558
0756eb3c
PH
1559 /* If the response to EHLO specified support for the SIZE parameter, note
1560 this, provided size_addition is non-negative. */
1561
1562 smtp_use_size = esmtp && ob->size_addition >= 0 &&
1563 pcre_exec(regex_SIZE, NULL, CS buffer, Ustrlen(CS buffer), 0,
1564 PCRE_EOPT, NULL, 0) >= 0;
1565
1566 /* Note whether the server supports PIPELINING. If hosts_avoid_esmtp matched
c51b8e75
PH
1567 the current host, esmtp will be false, so PIPELINING can never be used. If
1568 the current host matches hosts_avoid_pipelining, don't do it. */
0756eb3c
PH
1569
1570 smtp_use_pipelining = esmtp &&
c51b8e75
PH
1571 verify_check_this_host(&(ob->hosts_avoid_pipelining), NULL, host->name,
1572 host->address, NULL) != OK &&
0756eb3c
PH
1573 pcre_exec(regex_PIPELINING, NULL, CS buffer, Ustrlen(CS buffer), 0,
1574 PCRE_EOPT, NULL, 0) >= 0;
1575
1576 DEBUG(D_transport) debug_printf("%susing PIPELINING\n",
1577 smtp_use_pipelining? "" : "not ");
1578
fd98a5c6
JH
1579#ifdef EXPERIMENTAL_PRDR
1580 prdr_offered = esmtp &&
1581 pcre_exec(regex_PRDR, NULL, CS buffer, Ustrlen(CS buffer), 0,
1582 PCRE_EOPT, NULL, 0) >= 0 &&
1583 verify_check_this_host(&(ob->hosts_try_prdr), NULL, host->name,
1584 host->address, NULL) == OK;
1585
1586 if (prdr_offered)
1587 {DEBUG(D_transport) debug_printf("PRDR usable\n");}
1588#endif
1589
0756eb3c
PH
1590 /* Note if the response to EHLO specifies support for the AUTH extension.
1591 If it has, check that this host is one we want to authenticate to, and do
1592 the business. The host name and address must be available when the
1593 authenticator's client driver is running. */
1594
fcc8e047
JH
1595 switch (yield = smtp_auth(buffer, sizeof(buffer), addrlist, host,
1596 ob, esmtp, &inblock, &outblock))
0756eb3c 1597 {
fcc8e047
JH
1598 default: goto SEND_QUIT;
1599 case OK: break;
1600 case FAIL_SEND: goto SEND_FAILED;
1601 case FAIL: goto RESPONSE_FAILED;
0756eb3c
PH
1602 }
1603 }
1604
1605/* The setting up of the SMTP call is now complete. Any subsequent errors are
1606message-specific. */
1607
1608setting_up = FALSE;
1609
1610/* If there is a filter command specified for this transport, we can now
1611set it up. This cannot be done until the identify of the host is known. */
1612
1613if (tblock->filter_command != NULL)
1614 {
1615 BOOL rc;
1616 uschar buffer[64];
1617 sprintf(CS buffer, "%.50s transport", tblock->name);
1618 rc = transport_set_up_command(&transport_filter_argv, tblock->filter_command,
1619 TRUE, DEFER, addrlist, buffer, NULL);
9b989985 1620 transport_filter_timeout = tblock->filter_timeout;
0756eb3c
PH
1621
1622 /* On failure, copy the error to all addresses, abandon the SMTP call, and
1623 yield ERROR. */
1624
1625 if (!rc)
1626 {
447d236c
PH
1627 set_errno(addrlist->next, addrlist->basic_errno, addrlist->message, DEFER,
1628 FALSE);
0756eb3c
PH
1629 yield = ERROR;
1630 goto SEND_QUIT;
1631 }
1632 }
1633
1634
1635/* For messages that have more than the maximum number of envelope recipients,
1636we want to send several transactions down the same SMTP connection. (See
1637comments in deliver.c as to how this reconciles, heuristically, with
1638remote_max_parallel.) This optimization was added to Exim after the following
1639code was already working. The simplest way to put it in without disturbing the
1640code was to use a goto to jump back to this point when there is another
1641transaction to handle. */
1642
1643SEND_MESSAGE:
1644sync_addr = first_addr;
1645address_count = 0;
1646ok = FALSE;
1647send_rset = TRUE;
1648completed_address = FALSE;
1649
1650
1651/* Initiate a message transfer. If we know the receiving MTA supports the SIZE
1652qualification, send it, adding something to the message size to allow for
1653imprecision and things that get added en route. Exim keeps the number of lines
1654in a message, so we can give an accurate value for the original message, but we
1655need some additional to handle added headers. (Double "." characters don't get
1656included in the count.) */
1657
1658p = buffer;
1659*p = 0;
1660
1661if (smtp_use_size)
1662 {
1663 sprintf(CS p, " SIZE=%d", message_size+message_linecount+ob->size_addition);
1664 while (*p) p++;
1665 }
1666
fd98a5c6
JH
1667#ifdef EXPERIMENTAL_PRDR
1668prdr_active = FALSE;
1669if (prdr_offered)
1670 {
1671 for (addr = first_addr; addr; addr = addr->next)
1672 if (addr->transport_return == PENDING_DEFER)
1673 {
1674 for (addr = addr->next; addr; addr = addr->next)
1675 if (addr->transport_return == PENDING_DEFER)
1676 { /* at least two recipients to send */
1677 prdr_active = TRUE;
1678 sprintf(CS p, " PRDR"); p += 5;
1679 goto prdr_is_active;
1680 }
1681 break;
1682 }
1683 }
1684prdr_is_active:
1685#endif
1686
6b62e899
JH
1687/* If an authenticated_sender override has been specified for this transport
1688instance, expand it. If the expansion is forced to fail, and there was already
1689an authenticated_sender for this message, the original value will be used.
1690Other expansion failures are serious. An empty result is ignored, but there is
1691otherwise no check - this feature is expected to be used with LMTP and other
1692cases where non-standard addresses (e.g. without domains) might be required. */
1693
fcc8e047
JH
1694if (smtp_mail_auth_str(p, sizeof(buffer) - (p-buffer), addrlist, ob))
1695 return ERROR;
0756eb3c
PH
1696
1697/* From here until we send the DATA command, we can make use of PIPELINING
1698if the server host supports it. The code has to be able to check the responses
1699at any point, for when the buffer fills up, so we write it totally generally.
1700When PIPELINING is off, each command written reports that it has flushed the
1701buffer. */
1702
1703pending_MAIL = TRUE; /* The block starts with MAIL */
1704
1705rc = smtp_write_command(&outblock, smtp_use_pipelining,
1706 "MAIL FROM:<%s>%s\r\n", return_path, buffer);
1707mail_command = string_copy(big_buffer); /* Save for later error message */
1708
1709switch(rc)
1710 {
1711 case -1: /* Transmission error */
1712 goto SEND_FAILED;
1713
1714 case +1: /* Block was sent */
1715 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
e97957bc
PH
1716 ob->command_timeout))
1717 {
1718 if (errno == 0 && buffer[0] == '4')
1719 {
1720 errno = ERRNO_MAIL4XX;
1721 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
1722 }
1723 goto RESPONSE_FAILED;
1724 }
0756eb3c
PH
1725 pending_MAIL = FALSE;
1726 break;
1727 }
1728
1729/* Pass over all the relevant recipient addresses for this host, which are the
1730ones that have status PENDING_DEFER. If we are using PIPELINING, we can send
1731several before we have to read the responses for those seen so far. This
1732checking is done by a subroutine because it also needs to be done at the end.
1733Send only up to max_rcpt addresses at a time, leaving first_addr pointing to
1734the next one if not all are sent.
1735
1736In the MUA wrapper situation, we want to flush the PIPELINING buffer for the
1737last address because we want to abort if any recipients have any kind of
1738problem, temporary or permanent. We know that all recipient addresses will have
1739the PENDING_DEFER status, because only one attempt is ever made, and we know
1740that max_rcpt will be large, so all addresses will be done at once. */
1741
1742for (addr = first_addr;
1743 address_count < max_rcpt && addr != NULL;
1744 addr = addr->next)
1745 {
1746 int count;
1747 BOOL no_flush;
1748
1749 if (addr->transport_return != PENDING_DEFER) continue;
1750
1751 address_count++;
1752 no_flush = smtp_use_pipelining && (!mua_wrapper || addr->next != NULL);
1753
1754 /* Now send the RCPT command, and process outstanding responses when
1755 necessary. After a timeout on RCPT, we just end the function, leaving the
1756 yield as OK, because this error can often mean that there is a problem with
1757 just one address, so we don't want to delay the host. */
1758
f1513293
PH
1759 count = smtp_write_command(&outblock, no_flush, "RCPT TO:<%s>%s\r\n",
1760 transport_rcpt_address(addr, tblock->rcpt_include_affixes), igquotstr);
0756eb3c
PH
1761 if (count < 0) goto SEND_FAILED;
1762 if (count > 0)
1763 {
1764 switch(sync_responses(first_addr, tblock->rcpt_include_affixes,
48c7f9e2
PH
1765 &sync_addr, host, count, ob->address_retry_include_sender,
1766 pending_MAIL, 0, &inblock, ob->command_timeout, buffer,
1767 sizeof(buffer)))
0756eb3c
PH
1768 {
1769 case 3: ok = TRUE; /* 2xx & 5xx => OK & progress made */
1770 case 2: completed_address = TRUE; /* 5xx (only) => progress made */
1771 break;
1772
1773 case 1: ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
1774 if (!lmtp) completed_address = TRUE; /* can't tell about progress yet */
1775 case 0: /* No 2xx or 5xx, but no probs */
1776 break;
1777
1778 case -1: goto END_OFF; /* Timeout on RCPT */
1779 default: goto RESPONSE_FAILED; /* I/O error, or any MAIL error */
1780 }
1781 pending_MAIL = FALSE; /* Dealt with MAIL */
1782 }
1783 } /* Loop for next address */
1784
1785/* If we are an MUA wrapper, abort if any RCPTs were rejected, either
1786permanently or temporarily. We should have flushed and synced after the last
1787RCPT. */
1788
1789if (mua_wrapper)
1790 {
1791 address_item *badaddr;
1792 for (badaddr = first_addr; badaddr != NULL; badaddr = badaddr->next)
1793 {
1794 if (badaddr->transport_return != PENDING_OK) break;
1795 }
1796 if (badaddr != NULL)
1797 {
447d236c
PH
1798 set_errno(addrlist, 0, badaddr->message, FAIL,
1799 testflag(badaddr, af_pass_message));
0756eb3c
PH
1800 ok = FALSE;
1801 }
1802 }
1803
1804/* If ok is TRUE, we know we have got at least one good recipient, and must now
1805send DATA, but if it is FALSE (in the normal, non-wrapper case), we may still
1806have a good recipient buffered up if we are pipelining. We don't want to waste
1807time sending DATA needlessly, so we only send it if either ok is TRUE or if we
1808are pipelining. The responses are all handled by sync_responses(). */
1809
1810if (ok || (smtp_use_pipelining && !mua_wrapper))
1811 {
1812 int count = smtp_write_command(&outblock, FALSE, "DATA\r\n");
1813 if (count < 0) goto SEND_FAILED;
1814 switch(sync_responses(first_addr, tblock->rcpt_include_affixes, &sync_addr,
48c7f9e2
PH
1815 host, count, ob->address_retry_include_sender, pending_MAIL,
1816 ok? +1 : -1, &inblock, ob->command_timeout, buffer, sizeof(buffer)))
0756eb3c
PH
1817 {
1818 case 3: ok = TRUE; /* 2xx & 5xx => OK & progress made */
1819 case 2: completed_address = TRUE; /* 5xx (only) => progress made */
1820 break;
1821
1822 case 1: ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
1823 if (!lmtp) completed_address = TRUE; /* can't tell about progress yet */
1824 case 0: break; /* No 2xx or 5xx, but no probs */
1825
1826 case -1: goto END_OFF; /* Timeout on RCPT */
1827 default: goto RESPONSE_FAILED; /* I/O error, or any MAIL/DATA error */
1828 }
1829 }
1830
1831/* Save the first address of the next batch. */
1832
1833first_addr = addr;
1834
1835/* If there were no good recipients (but otherwise there have been no
1836problems), just set ok TRUE, since we have handled address-specific errors
1837already. Otherwise, it's OK to send the message. Use the check/escape mechanism
1838for handling the SMTP dot-handling protocol, flagging to apply to headers as
1839well as body. Set the appropriate timeout value to be used for each chunk.
1840(Haven't been able to make it work using select() for writing yet.) */
1841
1842if (!ok) ok = TRUE; else
1843 {
1844 sigalrm_seen = FALSE;
1845 transport_write_timeout = ob->data_timeout;
1846 smtp_command = US"sending data block"; /* For error messages */
1847 DEBUG(D_transport|D_v)
1848 debug_printf(" SMTP>> writing message and terminating \".\"\n");
1849 transport_count = 0;
80a47a2c 1850#ifndef DISABLE_DKIM
4cd12fe9
TK
1851 ok = dkim_transport_write_message(addrlist, inblock.sock,
1852 topt_use_crlf | topt_end_dot | topt_escape_headers |
1853 (tblock->body_only? topt_no_headers : 0) |
1854 (tblock->headers_only? topt_no_body : 0) |
1855 (tblock->return_path_add? topt_add_return_path : 0) |
1856 (tblock->delivery_date_add? topt_add_delivery_date : 0) |
1857 (tblock->envelope_to_add? topt_add_envelope_to : 0),
1858 0, /* No size limit */
1859 tblock->add_headers, tblock->remove_headers,
1860 US".", US"..", /* Escaping strings */
1861 tblock->rewrite_rules, tblock->rewrite_existflags,
1862 ob->dkim_private_key, ob->dkim_domain, ob->dkim_selector,
80a47a2c 1863 ob->dkim_canon, ob->dkim_strict, ob->dkim_sign_headers
4cd12fe9
TK
1864 );
1865#else
0756eb3c
PH
1866 ok = transport_write_message(addrlist, inblock.sock,
1867 topt_use_crlf | topt_end_dot | topt_escape_headers |
1868 (tblock->body_only? topt_no_headers : 0) |
1869 (tblock->headers_only? topt_no_body : 0) |
1870 (tblock->return_path_add? topt_add_return_path : 0) |
1871 (tblock->delivery_date_add? topt_add_delivery_date : 0) |
1872 (tblock->envelope_to_add? topt_add_envelope_to : 0),
1873 0, /* No size limit */
1874 tblock->add_headers, tblock->remove_headers,
1875 US".", US"..", /* Escaping strings */
1876 tblock->rewrite_rules, tblock->rewrite_existflags);
4cd12fe9 1877#endif
0756eb3c
PH
1878
1879 /* transport_write_message() uses write() because it is called from other
1880 places to write to non-sockets. This means that under some OS (e.g. Solaris)
1881 it can exit with "Broken pipe" as its error. This really means that the
1882 socket got closed at the far end. */
1883
1884 transport_write_timeout = 0; /* for subsequent transports */
1885
1886 /* Failure can either be some kind of I/O disaster (including timeout),
1887 or the failure of a transport filter or the expansion of added headers. */
1888
1889 if (!ok)
1890 {
1891 buffer[0] = 0; /* There hasn't been a response */
1892 goto RESPONSE_FAILED;
1893 }
1894
1895 /* We used to send the terminating "." explicitly here, but because of
1896 buffering effects at both ends of TCP/IP connections, you don't gain
1897 anything by keeping it separate, so it might as well go in the final
1898 data buffer for efficiency. This is now done by setting the topt_end_dot
1899 flag above. */
1900
1901 smtp_command = US"end of data";
1902
fd98a5c6
JH
1903#ifdef EXPERIMENTAL_PRDR
1904 /* For PRDR we optionally get a partial-responses warning
1905 * followed by the individual responses, before going on with
1906 * the overall response. If we don't get the warning then deal
1907 * with per non-PRDR. */
1908 if(prdr_active)
1909 {
1910 ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '3',
1911 ob->final_timeout);
1912 if (!ok && errno == 0)
1913 switch(buffer[0])
1914 {
1915 case '2': prdr_active = FALSE;
1916 ok = TRUE;
1917 break;
1918 case '4': errno = ERRNO_DATA4XX;
1919 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
1920 break;
1921 }
1922 }
1923 else
1924#endif
1925
1926 /* For non-PRDR SMTP, we now read a single response that applies to the
1927 whole message. If it is OK, then all the addresses have been delivered. */
0756eb3c 1928
e97957bc
PH
1929 if (!lmtp)
1930 {
1931 ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1932 ob->final_timeout);
1933 if (!ok && errno == 0 && buffer[0] == '4')
1934 {
1935 errno = ERRNO_DATA4XX;
1936 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
1937 }
1938 }
0756eb3c
PH
1939
1940 /* For LMTP, we get back a response for every RCPT command that we sent;
1941 some may be accepted and some rejected. For those that get a response, their
1942 status is fixed; any that are accepted have been handed over, even if later
1943 responses crash - at least, that's how I read RFC 2033.
1944
1945 If all went well, mark the recipient addresses as completed, record which
1946 host/IPaddress they were delivered to, and cut out RSET when sending another
1947 message down the same channel. Write the completed addresses to the journal
1948 now so that they are recorded in case there is a crash of hardware or
1949 software before the spool gets updated. Also record the final SMTP
1950 confirmation if needed (for SMTP only). */
1951
1952 if (ok)
1953 {
1954 int flag = '=';
1955 int delivery_time = (int)(time(NULL) - start_delivery_time);
1956 int len;
1957 host_item *thost;
1958 uschar *conf = NULL;
1959 send_rset = FALSE;
1960
1961 /* Make a copy of the host if it is local to this invocation
1962 of the transport. */
1963
1964 if (copy_host)
1965 {
1966 thost = store_get(sizeof(host_item));
1967 *thost = *host;
1968 thost->name = string_copy(host->name);
1969 thost->address = string_copy(host->address);
1970 }
1971 else thost = host;
1972
1973 /* Set up confirmation if needed - applies only to SMTP */
1974
d68218c7
JH
1975 if (
1976 #ifndef EXPERIMENTAL_TPDA
1977 (log_extra_selector & LX_smtp_confirmation) != 0 &&
1978 #endif
1979 !lmtp
1980 )
0756eb3c
PH
1981 {
1982 uschar *s = string_printing(buffer);
1983 conf = (s == buffer)? (uschar *)string_copy(s) : s;
1984 }
1985
fd98a5c6 1986 /* Process all transported addresses - for LMTP or PRDR, read a status for
0756eb3c
PH
1987 each one. */
1988
1989 for (addr = addrlist; addr != first_addr; addr = addr->next)
1990 {
1991 if (addr->transport_return != PENDING_OK) continue;
1992
1993 /* LMTP - if the response fails badly (e.g. timeout), use it for all the
1994 remaining addresses. Otherwise, it's a return code for just the one
75def545
PH
1995 address. For temporary errors, add a retry item for the address so that
1996 it doesn't get tried again too soon. */
0756eb3c 1997
fd98a5c6
JH
1998#ifdef EXPERIMENTAL_PRDR
1999 if (lmtp || prdr_active)
2000#else
0756eb3c 2001 if (lmtp)
fd98a5c6 2002#endif
0756eb3c
PH
2003 {
2004 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2005 ob->final_timeout))
2006 {
2007 if (errno != 0 || buffer[0] == 0) goto RESPONSE_FAILED;
fd98a5c6
JH
2008 addr->message = string_sprintf(
2009#ifdef EXPERIMENTAL_PRDR
2010 "%s error after %s: %s", prdr_active ? "PRDR":"LMTP",
2011#else
2012 "LMTP error after %s: %s",
2013#endif
0756eb3c 2014 big_buffer, string_printing(buffer));
75def545
PH
2015 setflag(addr, af_pass_message); /* Allow message to go to user */
2016 if (buffer[0] == '5')
2017 addr->transport_return = FAIL;
2018 else
2019 {
e97957bc
PH
2020 errno = ERRNO_DATA4XX;
2021 addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
75def545 2022 addr->transport_return = DEFER;
fd98a5c6
JH
2023#ifdef EXPERIMENTAL_PRDR
2024 if (!prdr_active)
2025#endif
2026 retry_add_item(addr, addr->address_retry_key, 0);
75def545 2027 }
0756eb3c
PH
2028 continue;
2029 }
2030 completed_address = TRUE; /* NOW we can set this flag */
c0ea85ab
TF
2031 if ((log_extra_selector & LX_smtp_confirmation) != 0)
2032 {
2033 uschar *s = string_printing(buffer);
2034 conf = (s == buffer)? (uschar *)string_copy(s) : s;
2035 }
0756eb3c
PH
2036 }
2037
2038 /* SMTP, or success return from LMTP for this address. Pass back the
2d280592 2039 actual host that was used. */
0756eb3c
PH
2040
2041 addr->transport_return = OK;
2042 addr->more_errno = delivery_time;
0756eb3c
PH
2043 addr->host_used = thost;
2044 addr->special_action = flag;
2045 addr->message = conf;
fd98a5c6
JH
2046#ifdef EXPERIMENTAL_PRDR
2047 if (prdr_active) addr->flags |= af_prdr_used;
2048#endif
0756eb3c
PH
2049 flag = '-';
2050
fd98a5c6
JH
2051#ifdef EXPERIMENTAL_PRDR
2052 if (!prdr_active)
2053#endif
2054 {
2055 /* Update the journal. For homonymic addresses, use the base address plus
2056 the transport name. See lots of comments in deliver.c about the reasons
2057 for the complications when homonyms are involved. Just carry on after
2058 write error, as it may prove possible to update the spool file later. */
4d8d62b9 2059
fd98a5c6
JH
2060 if (testflag(addr, af_homonym))
2061 sprintf(CS buffer, "%.500s/%s\n", addr->unique + 3, tblock->name);
2062 else
2063 sprintf(CS buffer, "%.500s\n", addr->unique);
4d8d62b9 2064
fd98a5c6
JH
2065 DEBUG(D_deliver) debug_printf("journalling %s", buffer);
2066 len = Ustrlen(CS buffer);
2067 if (write(journal_fd, buffer, len) != len)
2068 log_write(0, LOG_MAIN|LOG_PANIC, "failed to write journal for "
2069 "%s: %s", buffer, strerror(errno));
2070 }
0756eb3c
PH
2071 }
2072
fd98a5c6
JH
2073#ifdef EXPERIMENTAL_PRDR
2074 if (prdr_active)
2075 {
2076 /* PRDR - get the final, overall response. For any non-success
2077 upgrade all the address statuses. */
2078 ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2079 ob->final_timeout);
2080 if (!ok)
2081 {
2082 if(errno == 0 && buffer[0] == '4')
2083 {
2084 errno = ERRNO_DATA4XX;
2085 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
2086 }
2087 for (addr = addrlist; addr != first_addr; addr = addr->next)
2088 if (buffer[0] == '5' || addr->transport_return == OK)
2089 addr->transport_return = PENDING_OK; /* allow set_errno action */
2090 goto RESPONSE_FAILED;
2091 }
2092
2093 /* Update the journal, or setup retry. */
2094 for (addr = addrlist; addr != first_addr; addr = addr->next)
2095 if (addr->transport_return == OK)
2096 {
2097 if (testflag(addr, af_homonym))
2098 sprintf(CS buffer, "%.500s/%s\n", addr->unique + 3, tblock->name);
2099 else
2100 sprintf(CS buffer, "%.500s\n", addr->unique);
4d8d62b9 2101
fd98a5c6
JH
2102 DEBUG(D_deliver) debug_printf("journalling(PRDR) %s", buffer);
2103 len = Ustrlen(CS buffer);
2104 if (write(journal_fd, buffer, len) != len)
2105 log_write(0, LOG_MAIN|LOG_PANIC, "failed to write journal for "
2106 "%s: %s", buffer, strerror(errno));
2107 }
2108 else if (addr->transport_return == DEFER)
2109 retry_add_item(addr, addr->address_retry_key, -2);
2110 }
2111#endif
2112
0756eb3c
PH
2113 /* Ensure the journal file is pushed out to disk. */
2114
54fc8428 2115 if (EXIMfsync(journal_fd) < 0)
0756eb3c
PH
2116 log_write(0, LOG_MAIN|LOG_PANIC, "failed to fsync journal: %s",
2117 strerror(errno));
2118 }
2119 }
2120
2121
2122/* Handle general (not specific to one address) failures here. The value of ok
2123is used to skip over this code on the falling through case. A timeout causes a
2124deferral. Other errors may defer or fail according to the response code, and
2125may set up a special errno value, e.g. after connection chopped, which is
2126assumed if errno == 0 and there is no text in the buffer. If control reaches
2127here during the setting up phase (i.e. before MAIL FROM) then always defer, as
2128the problem is not related to this specific message. */
2129
2130if (!ok)
2131 {
2132 int code;
2133
2134 RESPONSE_FAILED:
2135 save_errno = errno;
2136 message = NULL;
2137 send_quit = check_response(host, &save_errno, addrlist->more_errno,
447d236c 2138 buffer, &code, &message, &pass_message);
0756eb3c
PH
2139 goto FAILED;
2140
2141 SEND_FAILED:
2142 save_errno = errno;
2143 code = '4';
2144 message = US string_sprintf("send() to %s [%s] failed: %s",
2145 host->name, host->address, strerror(save_errno));
2146 send_quit = FALSE;
2147 goto FAILED;
2148
2149 /* This label is jumped to directly when a TLS negotiation has failed,
2150 or was not done for a host for which it is required. Values will be set
2151 in message and save_errno, and setting_up will always be true. Treat as
2152 a temporary error. */
2153
2154 #ifdef SUPPORT_TLS
2155 TLS_FAILED:
2156 code = '4';
2157 #endif
2158
2159 /* If the failure happened while setting up the call, see if the failure was
2160 a 5xx response (this will either be on connection, or following HELO - a 5xx
2161 after EHLO causes it to try HELO). If so, fail all addresses, as this host is
2162 never going to accept them. For other errors during setting up (timeouts or
2163 whatever), defer all addresses, and yield DEFER, so that the host is not
2164 tried again for a while. */
2165
2166 FAILED:
2167 ok = FALSE; /* For when reached by GOTO */
2168
2169 if (setting_up)
2170 {
2171 if (code == '5')
2172 {
447d236c 2173 set_errno(addrlist, save_errno, message, FAIL, pass_message);
0756eb3c
PH
2174 }
2175 else
2176 {
447d236c 2177 set_errno(addrlist, save_errno, message, DEFER, pass_message);
0756eb3c
PH
2178 yield = DEFER;
2179 }
2180 }
2181
e97957bc 2182 /* We want to handle timeouts after MAIL or "." and loss of connection after
0756eb3c 2183 "." specially. They can indicate a problem with the sender address or with
e97957bc
PH
2184 the contents of the message rather than a real error on the connection. These
2185 cases are treated in the same way as a 4xx response. This next bit of code
2186 does the classification. */
0756eb3c 2187
e97957bc 2188 else
0756eb3c 2189 {
e97957bc 2190 BOOL message_error;
0756eb3c 2191
e97957bc
PH
2192 switch(save_errno)
2193 {
2194 case 0:
2195 case ERRNO_MAIL4XX:
2196 case ERRNO_DATA4XX:
2197 message_error = TRUE;
2198 break;
0756eb3c 2199
e97957bc
PH
2200 case ETIMEDOUT:
2201 message_error = Ustrncmp(smtp_command,"MAIL",4) == 0 ||
2202 Ustrncmp(smtp_command,"end ",4) == 0;
2203 break;
2204
2205 case ERRNO_SMTPCLOSED:
2206 message_error = Ustrncmp(smtp_command,"end ",4) == 0;
2207 break;
2208
2209 default:
2210 message_error = FALSE;
2211 break;
2212 }
0756eb3c 2213
e97957bc 2214 /* Handle the cases that are treated as message errors. These are:
0756eb3c 2215
e97957bc
PH
2216 (a) negative response or timeout after MAIL
2217 (b) negative response after DATA
2218 (c) negative response or timeout or dropped connection after "."
0756eb3c 2219
e97957bc
PH
2220 It won't be a negative response or timeout after RCPT, as that is dealt
2221 with separately above. The action in all cases is to set an appropriate
2222 error code for all the addresses, but to leave yield set to OK because the
2223 host itself has not failed. Of course, it might in practice have failed
2224 when we've had a timeout, but if so, we'll discover that at the next
2225 delivery attempt. For a temporary error, set the message_defer flag, and
2226 write to the logs for information if this is not the last host. The error
2227 for the last host will be logged as part of the address's log line. */
2228
2229 if (message_error)
0756eb3c 2230 {
e97957bc
PH
2231 if (mua_wrapper) code = '5'; /* Force hard failure in wrapper mode */
2232 set_errno(addrlist, save_errno, message, (code == '5')? FAIL : DEFER,
2233 pass_message);
2234
2235 /* If there's an errno, the message contains just the identity of
2236 the host. */
2237
2238 if (code != '5') /* Anything other than 5 is treated as temporary */
2239 {
2240 if (save_errno > 0)
2241 message = US string_sprintf("%s: %s", message, strerror(save_errno));
2242 if (host->next != NULL) log_write(0, LOG_MAIN, "%s", message);
2243 deliver_msglog("%s %s\n", tod_stamp(tod_log), message);
2244 *message_defer = TRUE;
2245 }
2246 }
2247
2248 /* Otherwise, we have an I/O error or a timeout other than after MAIL or
2249 ".", or some other transportation error. We defer all addresses and yield
2250 DEFER, except for the case of failed add_headers expansion, or a transport
2251 filter failure, when the yield should be ERROR, to stop it trying other
2252 hosts. */
2253
2254 else
2255 {
2256 yield = (save_errno == ERRNO_CHHEADER_FAIL ||
2257 save_errno == ERRNO_FILTER_FAIL)? ERROR : DEFER;
2258 set_errno(addrlist, save_errno, message, DEFER, pass_message);
0756eb3c
PH
2259 }
2260 }
2261 }
2262
2263
2264/* If all has gone well, send_quit will be set TRUE, implying we can end the
2265SMTP session tidily. However, if there were too many addresses to send in one
2266message (indicated by first_addr being non-NULL) we want to carry on with the
2267rest of them. Also, it is desirable to send more than one message down the SMTP
2268connection if there are several waiting, provided we haven't already sent so
2269many as to hit the configured limit. The function transport_check_waiting looks
2270for a waiting message and returns its id. Then transport_pass_socket tries to
2271set up a continued delivery by passing the socket on to another process. The
2272variable send_rset is FALSE if a message has just been successfully transfered.
2273
2274If we are already sending down a continued channel, there may be further
2275addresses not yet delivered that are aimed at the same host, but which have not
2276been passed in this run of the transport. In this case, continue_more will be
2277true, and all we should do is send RSET if necessary, and return, leaving the
2278channel open.
2279
2280However, if no address was disposed of, i.e. all addresses got 4xx errors, we
2281do not want to continue with other messages down the same channel, because that
2282can lead to looping between two or more messages, all with the same,
2283temporarily failing address(es). [The retry information isn't updated yet, so
2284new processes keep on trying.] We probably also don't want to try more of this
2285message's addresses either.
2286
2287If we have started a TLS session, we have to end it before passing the
2288connection to a new process. However, not all servers can handle this (Exim
2289can), so we do not pass such a connection on if the host matches
2290hosts_nopass_tls. */
2291
2292DEBUG(D_transport)
2293 debug_printf("ok=%d send_quit=%d send_rset=%d continue_more=%d "
2294 "yield=%d first_address is %sNULL\n", ok, send_quit, send_rset,
2295 continue_more, yield, (first_addr == NULL)? "":"not ");
2296
2297if (completed_address && ok && send_quit)
2298 {
2299 BOOL more;
2300 if (first_addr != NULL || continue_more ||
2301 (
817d9f57 2302 (tls_out.active < 0 ||
0756eb3c
PH
2303 verify_check_this_host(&(ob->hosts_nopass_tls), NULL, host->name,
2304 host->address, NULL) != OK)
2305 &&
2306 transport_check_waiting(tblock->name, host->name,
2307 tblock->connection_max_messages, new_message_id, &more)
2308 ))
2309 {
2310 uschar *msg;
447d236c 2311 BOOL pass_message;
0756eb3c
PH
2312
2313 if (send_rset)
2314 {
2315 if (! (ok = smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0))
2316 {
2317 msg = US string_sprintf("send() to %s [%s] failed: %s", host->name,
2318 host->address, strerror(save_errno));
2319 send_quit = FALSE;
2320 }
2321 else if (! (ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2322 ob->command_timeout)))
2323 {
2324 int code;
447d236c
PH
2325 send_quit = check_response(host, &errno, 0, buffer, &code, &msg,
2326 &pass_message);
0756eb3c
PH
2327 if (!send_quit)
2328 {
2329 DEBUG(D_transport) debug_printf("%s\n", msg);
2330 }
2331 }
2332 }
2333
2334 /* Either RSET was not needed, or it succeeded */
2335
2336 if (ok)
2337 {
2338 if (first_addr != NULL) /* More addresses still to be sent */
2339 { /* in this run of the transport */
2340 continue_sequence++; /* Causes * in logging */
2341 goto SEND_MESSAGE;
2342 }
2343 if (continue_more) return yield; /* More addresses for another run */
2344
2345 /* Pass the socket to a new Exim process. Before doing so, we must shut
2346 down TLS. Not all MTAs allow for the continuation of the SMTP session
2347 when TLS is shut down. We test for this by sending a new EHLO. If we
2348 don't get a good response, we don't attempt to pass the socket on. */
2349
2350 #ifdef SUPPORT_TLS
817d9f57 2351 if (tls_out.active >= 0)
0756eb3c 2352 {
817d9f57 2353 tls_close(FALSE, TRUE);
061b7ebd
PP
2354 if (smtps)
2355 ok = FALSE;
2356 else
2357 ok = smtp_write_command(&outblock,FALSE,"EHLO %s\r\n",helo_data) >= 0 &&
2358 smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2359 ob->command_timeout);
0756eb3c
PH
2360 }
2361 #endif
2362
2363 /* If the socket is successfully passed, we musn't send QUIT (or
2364 indeed anything!) from here. */
2365
2366 if (ok && transport_pass_socket(tblock->name, host->name, host->address,
2367 new_message_id, inblock.sock))
2368 {
2369 send_quit = FALSE;
2370 }
2371 }
2372
2373 /* If RSET failed and there are addresses left, they get deferred. */
2374
447d236c 2375 else set_errno(first_addr, errno, msg, DEFER, FALSE);
0756eb3c
PH
2376 }
2377 }
2378
2379/* End off tidily with QUIT unless the connection has died or the socket has
2380been passed to another process. There has been discussion on the net about what
2381to do after sending QUIT. The wording of the RFC suggests that it is necessary
2382to wait for a response, but on the other hand, there isn't anything one can do
2383with an error response, other than log it. Exim used to do that. However,
2384further discussion suggested that it is positively advantageous not to wait for
2385the response, but to close the session immediately. This is supposed to move
2386the TCP/IP TIME_WAIT state from the server to the client, thereby removing some
2387load from the server. (Hosts that are both servers and clients may not see much
2388difference, of course.) Further discussion indicated that this was safe to do
2389on Unix systems which have decent implementations of TCP/IP that leave the
2390connection around for a while (TIME_WAIT) after the application has gone away.
2391This enables the response sent by the server to be properly ACKed rather than
2392timed out, as can happen on broken TCP/IP implementations on other OS.
2393
2394This change is being made on 31-Jul-98. After over a year of trouble-free
2395operation, the old commented-out code was removed on 17-Sep-99. */
2396
2397SEND_QUIT:
2398if (send_quit) (void)smtp_write_command(&outblock, FALSE, "QUIT\r\n");
2399
2400END_OFF:
2401
2402#ifdef SUPPORT_TLS
817d9f57 2403tls_close(FALSE, TRUE);
0756eb3c
PH
2404#endif
2405
2406/* Close the socket, and return the appropriate value, first setting
2407continue_transport and continue_hostname NULL to prevent any other addresses
2408that may include the host from trying to re-use a continuation socket. This
2409works because the NULL setting is passed back to the calling process, and
2410remote_max_parallel is forced to 1 when delivering over an existing connection,
2411
2412If all went well and continue_more is set, we shouldn't actually get here if
2413there are further addresses, as the return above will be taken. However,
2414writing RSET might have failed, or there may be other addresses whose hosts are
2415specified in the transports, and therefore not visible at top level, in which
2416case continue_more won't get set. */
2417
f1e894f3 2418(void)close(inblock.sock);
0756eb3c
PH
2419continue_transport = NULL;
2420continue_hostname = NULL;
2421return yield;
2422}
2423
2424
2425
2426
2427/*************************************************
2428* Closedown entry point *
2429*************************************************/
2430
2431/* This function is called when exim is passed an open smtp channel
2432from another incarnation, but the message which it has been asked
2433to deliver no longer exists. The channel is on stdin.
2434
2435We might do fancy things like looking for another message to send down
2436the channel, but if the one we sought has gone, it has probably been
2437delivered by some other process that itself will seek further messages,
2438so just close down our connection.
2439
2440Argument: pointer to the transport instance block
2441Returns: nothing
2442*/
2443
2444void
2445smtp_transport_closedown(transport_instance *tblock)
2446{
2447smtp_transport_options_block *ob =
2448 (smtp_transport_options_block *)(tblock->options_block);
2449smtp_inblock inblock;
2450smtp_outblock outblock;
2451uschar buffer[256];
2452uschar inbuffer[4096];
2453uschar outbuffer[16];
2454
2455inblock.sock = fileno(stdin);
2456inblock.buffer = inbuffer;
2457inblock.buffersize = sizeof(inbuffer);
2458inblock.ptr = inbuffer;
2459inblock.ptrend = inbuffer;
2460
2461outblock.sock = inblock.sock;
2462outblock.buffersize = sizeof(outbuffer);
2463outblock.buffer = outbuffer;
2464outblock.ptr = outbuffer;
2465outblock.cmd_count = 0;
2466outblock.authenticating = FALSE;
2467
2468(void)smtp_write_command(&outblock, FALSE, "QUIT\r\n");
2469(void)smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2470 ob->command_timeout);
f1e894f3 2471(void)close(inblock.sock);
0756eb3c
PH
2472}
2473
2474
2475
2476/*************************************************
2477* Prepare addresses for delivery *
2478*************************************************/
2479
2480/* This function is called to flush out error settings from previous delivery
2481attempts to other hosts. It also records whether we got here via an MX record
2482or not in the more_errno field of the address. We are interested only in
2483addresses that are still marked DEFER - others may have got delivered to a
2484previously considered IP address. Set their status to PENDING_DEFER to indicate
2485which ones are relevant this time.
2486
2487Arguments:
2488 addrlist the list of addresses
2489 host the host we are delivering to
2490
2491Returns: the first address for this delivery
2492*/
2493
2494static address_item *
2495prepare_addresses(address_item *addrlist, host_item *host)
2496{
2497address_item *first_addr = NULL;
2498address_item *addr;
2499for (addr = addrlist; addr != NULL; addr = addr->next)
2500 {
2501 if (addr->transport_return != DEFER) continue;
2502 if (first_addr == NULL) first_addr = addr;
2503 addr->transport_return = PENDING_DEFER;
2504 addr->basic_errno = 0;
2505 addr->more_errno = (host->mx >= 0)? 'M' : 'A';
2506 addr->message = NULL;
2507 #ifdef SUPPORT_TLS
2508 addr->cipher = NULL;
2509 addr->peerdn = NULL;
2510 #endif
2511 }
2512return first_addr;
2513}
2514
2515
2516
2517/*************************************************
2518* Main entry point *
2519*************************************************/
2520
2521/* See local README for interface details. As this is a remote transport, it is
2522given a chain of addresses to be delivered in one connection, if possible. It
2523always returns TRUE, indicating that each address has its own independent
2524status set, except if there is a setting up problem, in which case it returns
2525FALSE. */
2526
2527BOOL
2528smtp_transport_entry(
2529 transport_instance *tblock, /* data for this instantiation */
2530 address_item *addrlist) /* addresses we are working on */
2531{
2532int cutoff_retry;
2533int port;
2534int hosts_defer = 0;
2535int hosts_fail = 0;
2536int hosts_looked_up = 0;
2537int hosts_retry = 0;
2538int hosts_serial = 0;
2539int hosts_total = 0;
8e669ac1 2540int total_hosts_tried = 0;
0756eb3c
PH
2541address_item *addr;
2542BOOL expired = TRUE;
2543BOOL continuing = continue_hostname != NULL;
2544uschar *expanded_hosts = NULL;
2545uschar *pistring;
2546uschar *tid = string_sprintf("%s transport", tblock->name);
2547smtp_transport_options_block *ob =
2548 (smtp_transport_options_block *)(tblock->options_block);
2549host_item *hostlist = addrlist->host_list;
2550host_item *host = NULL;
2551
2552DEBUG(D_transport)
2553 {
2554 debug_printf("%s transport entered\n", tblock->name);
2555 for (addr = addrlist; addr != NULL; addr = addr->next)
2556 debug_printf(" %s\n", addr->address);
2557 if (continuing) debug_printf("already connected to %s [%s]\n",
2558 continue_hostname, continue_host_address);
2559 }
2560
f6c332bd
PH
2561/* Set the flag requesting that these hosts be added to the waiting
2562database if the delivery fails temporarily or if we are running with
2563queue_smtp or a 2-stage queue run. This gets unset for certain
2564kinds of error, typically those that are specific to the message. */
2565
2566update_waiting = TRUE;
2567
0756eb3c
PH
2568/* If a host list is not defined for the addresses - they must all have the
2569same one in order to be passed to a single transport - or if the transport has
2570a host list with hosts_override set, use the host list supplied with the
2571transport. It is an error for this not to exist. */
2572
2573if (hostlist == NULL || (ob->hosts_override && ob->hosts != NULL))
2574 {
2575 if (ob->hosts == NULL)
2576 {
2577 addrlist->message = string_sprintf("%s transport called with no hosts set",
2578 tblock->name);
2579 addrlist->transport_return = PANIC;
2580 return FALSE; /* Only top address has status */
2581 }
2582
2583 DEBUG(D_transport) debug_printf("using the transport's hosts: %s\n",
2584 ob->hosts);
2585
2586 /* If the transport's host list contains no '$' characters, and we are not
2587 randomizing, it is fixed and therefore a chain of hosts can be built once
2588 and for all, and remembered for subsequent use by other calls to this
2589 transport. If, on the other hand, the host list does contain '$', or we are
2590 randomizing its order, we have to rebuild it each time. In the fixed case,
2591 as the hosts string will never be used again, it doesn't matter that we
2592 replace all the : characters with zeros. */
2593
2594 if (ob->hostlist == NULL)
2595 {
2596 uschar *s = ob->hosts;
2597
2598 if (Ustrchr(s, '$') != NULL)
2599 {
2600 expanded_hosts = expand_string(s);
2601 if (expanded_hosts == NULL)
2602 {
2603 addrlist->message = string_sprintf("failed to expand list of hosts "
2604 "\"%s\" in %s transport: %s", s, tblock->name, expand_string_message);
2605 addrlist->transport_return = search_find_defer? DEFER : PANIC;
2606 return FALSE; /* Only top address has status */
2607 }
2608 DEBUG(D_transport) debug_printf("expanded list of hosts \"%s\" to "
2609 "\"%s\"\n", s, expanded_hosts);
2610 s = expanded_hosts;
2611 }
2612 else
2613 if (ob->hosts_randomize) s = expanded_hosts = string_copy(s);
2614
2615 host_build_hostlist(&hostlist, s, ob->hosts_randomize);
2616
e276e04b
TF
2617 /* Check that the expansion yielded something useful. */
2618 if (hostlist == NULL)
2619 {
2620 addrlist->message =
2621 string_sprintf("%s transport has empty hosts setting", tblock->name);
2622 addrlist->transport_return = PANIC;
2623 return FALSE; /* Only top address has status */
2624 }
2625
0756eb3c
PH
2626 /* If there was no expansion of hosts, save the host list for
2627 next time. */
2628
2629 if (expanded_hosts == NULL) ob->hostlist = hostlist;
2630 }
2631
2632 /* This is not the first time this transport has been run in this delivery;
2633 the host list was built previously. */
2634
2635 else hostlist = ob->hostlist;
2636 }
2637
2638/* The host list was supplied with the address. If hosts_randomize is set, we
2639must sort it into a random order if it did not come from MX records and has not
2640already been randomized (but don't bother if continuing down an existing
2641connection). */
2642
2643else if (ob->hosts_randomize && hostlist->mx == MX_NONE && !continuing)
2644 {
2645 host_item *newlist = NULL;
2646 while (hostlist != NULL)
2647 {
2648 host_item *h = hostlist;
2649 hostlist = hostlist->next;
2650
2651 h->sort_key = random_number(100);
2652
2653 if (newlist == NULL)
2654 {
2655 h->next = NULL;
2656 newlist = h;
2657 }
2658 else if (h->sort_key < newlist->sort_key)
2659 {
2660 h->next = newlist;
2661 newlist = h;
2662 }
2663 else
2664 {
2665 host_item *hh = newlist;
2666 while (hh->next != NULL)
2667 {
2668 if (h->sort_key < hh->next->sort_key) break;
2669 hh = hh->next;
2670 }
2671 h->next = hh->next;
2672 hh->next = h;
2673 }
2674 }
2675
2676 hostlist = addrlist->host_list = newlist;
2677 }
2678
2679
2d280592 2680/* Sort out the default port. */
0756eb3c
PH
2681
2682if (!smtp_get_port(ob->port, addrlist, &port, tid)) return FALSE;
0756eb3c
PH
2683
2684
2685/* For each host-plus-IP-address on the list:
2686
2687. If this is a continued delivery and the host isn't the one with the
2688 current connection, skip.
2689
2690. If the status is unusable (i.e. previously failed or retry checked), skip.
2691
2692. If no IP address set, get the address, either by turning the name into
2693 an address, calling gethostbyname if gethostbyname is on, or by calling
2694 the DNS. The DNS may yield multiple addresses, in which case insert the
2695 extra ones into the list.
2696
2697. Get the retry data if not previously obtained for this address and set the
2698 field which remembers the state of this address. Skip if the retry time is
2699 not reached. If not, remember whether retry data was found. The retry string
2700 contains both the name and the IP address.
2701
2702. Scan the list of addresses and mark those whose status is DEFER as
2703 PENDING_DEFER. These are the only ones that will be processed in this cycle
2704 of the hosts loop.
2705
2706. Make a delivery attempt - addresses marked PENDING_DEFER will be tried.
2707 Some addresses may be successfully delivered, others may fail, and yet
2708 others may get temporary errors and so get marked DEFER.
2709
2710. The return from the delivery attempt is OK if a connection was made and a
2711 valid SMTP dialogue was completed. Otherwise it is DEFER.
2712
2713. If OK, add a "remove" retry item for this host/IPaddress, if any.
2714
2715. If fail to connect, or other defer state, add a retry item.
2716
2717. If there are any addresses whose status is still DEFER, carry on to the
2718 next host/IPaddress, unless we have tried the number of hosts given
533244af 2719 by hosts_max_try or hosts_max_try_hardlimit; otherwise return. Note that
8e669ac1
PH
2720 there is some fancy logic for hosts_max_try that means its limit can be
2721 overstepped in some circumstances.
0756eb3c
PH
2722
2723If we get to the end of the list, all hosts have deferred at least one address,
2724or not reached their retry times. If delay_after_cutoff is unset, it requests a
2725delivery attempt to those hosts whose last try was before the arrival time of
2726the current message. To cope with this, we have to go round the loop a second
2727time. After that, set the status and error data for any addresses that haven't
2728had it set already. */
2729
2730for (cutoff_retry = 0; expired &&
2731 cutoff_retry < ((ob->delay_after_cutoff)? 1 : 2);
2732 cutoff_retry++)
2733 {
2734 host_item *nexthost = NULL;
2735 int unexpired_hosts_tried = 0;
2736
2737 for (host = hostlist;
8e669ac1 2738 host != NULL &&
533244af
PH
2739 unexpired_hosts_tried < ob->hosts_max_try &&
2740 total_hosts_tried < ob->hosts_max_try_hardlimit;
0756eb3c
PH
2741 host = nexthost)
2742 {
2743 int rc;
2744 int host_af;
2745 uschar *rs;
2746 BOOL serialized = FALSE;
2747 BOOL host_is_expired = FALSE;
2748 BOOL message_defer = FALSE;
2749 BOOL ifchanges = FALSE;
2750 BOOL some_deferred = FALSE;
2751 address_item *first_addr = NULL;
2752 uschar *interface = NULL;
2753 uschar *retry_host_key = NULL;
2754 uschar *retry_message_key = NULL;
2755 uschar *serialize_key = NULL;
2756
9c4e8f60
PH
2757 /* Default next host is next host. :-) But this can vary if the
2758 hosts_max_try limit is hit (see below). It may also be reset if a host
2759 address is looked up here (in case the host was multihomed). */
2760
2761 nexthost = host->next;
2762
0756eb3c
PH
2763 /* If the address hasn't yet been obtained from the host name, look it up
2764 now, unless the host is already marked as unusable. If it is marked as
2765 unusable, it means that the router was unable to find its IP address (in
2766 the DNS or wherever) OR we are in the 2nd time round the cutoff loop, and
2767 the lookup failed last time. We don't get this far if *all* MX records
2768 point to non-existent hosts; that is treated as a hard error.
2769
2770 We can just skip this host entirely. When the hosts came from the router,
2771 the address will timeout based on the other host(s); when the address is
2772 looked up below, there is an explicit retry record added.
2773
2774 Note that we mustn't skip unusable hosts if the address is not unset; they
2775 may be needed as expired hosts on the 2nd time round the cutoff loop. */
2776
2777 if (host->address == NULL)
2778 {
322050c2 2779 int new_port, flags;
7cd1141b 2780 host_item *hh;
0756eb3c
PH
2781 uschar *canonical_name;
2782
2783 if (host->status >= hstatus_unusable)
2784 {
2785 DEBUG(D_transport) debug_printf("%s has no address and is unusable - skipping\n",
2786 host->name);
2787 continue;
2788 }
2789
2790 DEBUG(D_transport) debug_printf("getting address for %s\n", host->name);
2791
7cd1141b
PH
2792 /* The host name is permitted to have an attached port. Find it, and
2793 strip it from the name. Just remember it for now. */
2794
2795 new_port = host_item_get_port(host);
2796
2797 /* Count hosts looked up */
2798
0756eb3c
PH
2799 hosts_looked_up++;
2800
2801 /* Find by name if so configured, or if it's an IP address. We don't
2802 just copy the IP address, because we need the test-for-local to happen. */
2803
322050c2
PH
2804 flags = HOST_FIND_BY_A;
2805 if (ob->dns_qualify_single) flags |= HOST_FIND_QUALIFY_SINGLE;
2806 if (ob->dns_search_parents) flags |= HOST_FIND_SEARCH_PARENTS;
2807
7e66e54d 2808 if (ob->gethostbyname || string_is_ip_address(host->name, NULL) != 0)
322050c2 2809 rc = host_find_byname(host, NULL, flags, &canonical_name, TRUE);
0756eb3c 2810 else
0756eb3c
PH
2811 rc = host_find_bydns(host, NULL, flags, NULL, NULL, NULL,
2812 &canonical_name, NULL);
0756eb3c 2813
7cd1141b
PH
2814 /* Update the host (and any additional blocks, resulting from
2815 multihoming) with a host-specific port, if any. */
2816
2817 for (hh = host; hh != nexthost; hh = hh->next) hh->port = new_port;
2818
0756eb3c
PH
2819 /* Failure to find the host at this time (usually DNS temporary failure)
2820 is really a kind of routing failure rather than a transport failure.
2821 Therefore we add a retry item of the routing kind, not to stop us trying
2822 to look this name up here again, but to ensure the address gets timed
2823 out if the failures go on long enough. A complete failure at this point
2824 commonly points to a configuration error, but the best action is still
2825 to carry on for the next host. */
2826
2827 if (rc == HOST_FIND_AGAIN || rc == HOST_FIND_FAILED)
2828 {
2829 retry_add_item(addrlist, string_sprintf("R:%s", host->name), 0);
2830 expired = FALSE;
2831 if (rc == HOST_FIND_AGAIN) hosts_defer++; else hosts_fail++;
2832 DEBUG(D_transport) debug_printf("rc = %s for %s\n", (rc == HOST_FIND_AGAIN)?
2833 "HOST_FIND_AGAIN" : "HOST_FIND_FAILED", host->name);
2834 host->status = hstatus_unusable;
2835
2836 for (addr = addrlist; addr != NULL; addr = addr->next)
2837 {
2838 if (addr->transport_return != DEFER) continue;
2839 addr->basic_errno = ERRNO_UNKNOWNHOST;
2840 addr->message =
2841 string_sprintf("failed to lookup IP address for %s", host->name);
2842 }
2843 continue;
2844 }
2845
2846 /* If the host is actually the local host, we may have a problem, or
2847 there may be some cunning configuration going on. In the problem case,
2848 log things and give up. The default transport status is already DEFER. */
2849
2850 if (rc == HOST_FOUND_LOCAL && !ob->allow_localhost)
2851 {
2852 for (addr = addrlist; addr != NULL; addr = addr->next)
2853 {
2854 addr->basic_errno = 0;
2855 addr->message = string_sprintf("%s transport found host %s to be "
2856 "local", tblock->name, host->name);
2857 }
2858 goto END_TRANSPORT;
2859 }
2860 } /* End of block for IP address lookup */
2861
2862 /* If this is a continued delivery, we are interested only in the host
2863 which matches the name of the existing open channel. The check is put
2864 here after the local host lookup, in case the name gets expanded as a
2865 result of the lookup. Set expired FALSE, to save the outer loop executing
2866 twice. */
2867
2868 if (continuing && (Ustrcmp(continue_hostname, host->name) != 0 ||
2869 Ustrcmp(continue_host_address, host->address) != 0))
2870 {
2871 expired = FALSE;
2872 continue; /* With next host */
2873 }
2874
9c4e8f60
PH
2875 /* Reset the default next host in case a multihomed host whose addresses
2876 are not looked up till just above added to the host list. */
83364d30
PH
2877
2878 nexthost = host->next;
2879
0756eb3c
PH
2880 /* If queue_smtp is set (-odqs or the first part of a 2-stage run), or the
2881 domain is in queue_smtp_domains, we don't actually want to attempt any
2882 deliveries. When doing a queue run, queue_smtp_domains is always unset. If
2883 there is a lookup defer in queue_smtp_domains, proceed as if the domain
2884 were not in it. We don't want to hold up all SMTP deliveries! Except when
2885 doing a two-stage queue run, don't do this if forcing. */
2886
2887 if ((!deliver_force || queue_2stage) && (queue_smtp ||
cf39cf57
PH
2888 match_isinlist(addrlist->domain, &queue_smtp_domains, 0,
2889 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK))
0756eb3c
PH
2890 {
2891 expired = FALSE;
2892 for (addr = addrlist; addr != NULL; addr = addr->next)
2893 {
2894 if (addr->transport_return != DEFER) continue;
2895 addr->message = US"domain matches queue_smtp_domains, or -odqs set";
2896 }
2897 continue; /* With next host */
2898 }
2899
2900 /* Count hosts being considered - purely for an intelligent comment
2901 if none are usable. */
2902
2903 hosts_total++;
2904
2905 /* Set $host and $host address now in case they are needed for the
2906 interface expansion or the serialize_hosts check; they remain set if an
2907 actual delivery happens. */
2908
2909 deliver_host = host->name;
2910 deliver_host_address = host->address;
2911
7cd1141b
PH
2912 /* Set up a string for adding to the retry key if the port number is not
2913 the standard SMTP port. A host may have its own port setting that overrides
2914 the default. */
2915
2916 pistring = string_sprintf(":%d", (host->port == PORT_NONE)?
2917 port : host->port);
2918 if (Ustrcmp(pistring, ":25") == 0) pistring = US"";
2919
0756eb3c
PH
2920 /* Select IPv4 or IPv6, and choose an outgoing interface. If the interface
2921 string changes upon expansion, we must add it to the key that is used for
2922 retries, because connections to the same host from a different interface
2923 should be treated separately. */
2924
2925 host_af = (Ustrchr(host->address, ':') == NULL)? AF_INET : AF_INET6;
2926 if (!smtp_get_interface(ob->interface, host_af, addrlist, &ifchanges,
2927 &interface, tid))
2928 return FALSE;
2929 if (ifchanges) pistring = string_sprintf("%s/%s", pistring, interface);
2930
2931 /* The first time round the outer loop, check the status of the host by
2932 inspecting the retry data. The second time round, we are interested only
2933 in expired hosts that haven't been tried since this message arrived. */
2934
2935 if (cutoff_retry == 0)
2936 {
2937 /* Ensure the status of the address is set by checking retry data if
2938 necessary. There maybe host-specific retry data (applicable to all
2939 messages) and also data for retries of a specific message at this host.
2940 If either of these retry records are actually read, the keys used are
2941 returned to save recomputing them later. */
2942
2943 host_is_expired = retry_check_address(addrlist->domain, host, pistring,
2944 ob->retry_include_ip_address, &retry_host_key, &retry_message_key);
2945
2946 DEBUG(D_transport) debug_printf("%s [%s]%s status = %s\n", host->name,
2947 (host->address == NULL)? US"" : host->address, pistring,
2948 (host->status == hstatus_usable)? "usable" :
2949 (host->status == hstatus_unusable)? "unusable" :
2950 (host->status == hstatus_unusable_expired)? "unusable (expired)" : "?");
2951
2952 /* Skip this address if not usable at this time, noting if it wasn't
2953 actually expired, both locally and in the address. */
2954
2955 switch (host->status)
2956 {
2957 case hstatus_unusable:
2958 expired = FALSE;
2959 setflag(addrlist, af_retry_skipped);
2960 /* Fall through */
2961
2962 case hstatus_unusable_expired:
2963 switch (host->why)
2964 {
2965 case hwhy_retry: hosts_retry++; break;
2966 case hwhy_failed: hosts_fail++; break;
2967 case hwhy_deferred: hosts_defer++; break;
2968 }
2969
2970 /* If there was a retry message key, implying that previously there
2971 was a message-specific defer, we don't want to update the list of
f6c332bd 2972 messages waiting for these hosts. */
0756eb3c 2973
f6c332bd 2974 if (retry_message_key != NULL) update_waiting = FALSE;
0756eb3c
PH
2975 continue; /* With the next host or IP address */
2976 }
2977 }
2978
2979 /* Second time round the loop: if the address is set but expired, and
2980 the message is newer than the last try, let it through. */
2981
2982 else
2983 {
2984 if (host->address == NULL ||
2985 host->status != hstatus_unusable_expired ||
2986 host->last_try > received_time)
2987 continue;
2988 DEBUG(D_transport)
2989 debug_printf("trying expired host %s [%s]%s\n",
2990 host->name, host->address, pistring);
2991 host_is_expired = TRUE;
2992 }
2993
2994 /* Setting "expired=FALSE" doesn't actually mean not all hosts are expired;
2995 it remains TRUE only if all hosts are expired and none are actually tried.
2996 */
2997
2998 expired = FALSE;
2999
3000 /* If this host is listed as one to which access must be serialized,
3001 see if another Exim process has a connection to it, and if so, skip
3002 this host. If not, update the database to record our connection to it
3003 and remember this for later deletion. Do not do any of this if we are
3004 sending the message down a pre-existing connection. */
3005
3006 if (!continuing &&
3007 verify_check_this_host(&(ob->serialize_hosts), NULL, host->name,
3008 host->address, NULL) == OK)
3009 {
3010 serialize_key = string_sprintf("host-serialize-%s", host->name);
3011 if (!enq_start(serialize_key))
3012 {
3013 DEBUG(D_transport)
3014 debug_printf("skipping host %s because another Exim process "
3015 "is connected to it\n", host->name);
3016 hosts_serial++;
3017 continue;
3018 }
3019 serialized = TRUE;
3020 }
3021
3022 /* OK, we have an IP address that is not waiting for its retry time to
3023 arrive (it might be expired) OR (second time round the loop) we have an
3024 expired host that hasn't been tried since the message arrived. Have a go
3025 at delivering the message to it. First prepare the addresses by flushing
3026 out the result of previous attempts, and finding the first address that
3027 is still to be delivered. */
3028
3029 first_addr = prepare_addresses(addrlist, host);
3030
3031 DEBUG(D_transport) debug_printf("delivering %s to %s [%s] (%s%s)\n",
3032 message_id, host->name, host->address, addrlist->address,
3033 (addrlist->next == NULL)? "" : ", ...");
3034
3035 set_process_info("delivering %s to %s [%s] (%s%s)",
3036 message_id, host->name, host->address, addrlist->address,
3037 (addrlist->next == NULL)? "" : ", ...");
3038
3039 /* This is not for real; don't do the delivery. If there are
3040 any remaining hosts, list them. */
3041
3042 if (dont_deliver)
3043 {
3044 host_item *host2;
447d236c 3045 set_errno(addrlist, 0, NULL, OK, FALSE);
0756eb3c
PH
3046 for (addr = addrlist; addr != NULL; addr = addr->next)
3047 {
3048 addr->host_used = host;
3049 addr->special_action = '*';
3050 addr->message = US"delivery bypassed by -N option";
3051 }
3052 DEBUG(D_transport)
3053 {
3054 debug_printf("*** delivery by %s transport bypassed by -N option\n"
3055 "*** host and remaining hosts:\n", tblock->name);
3056 for (host2 = host; host2 != NULL; host2 = host2->next)
3057 debug_printf(" %s [%s]\n", host2->name,
3058 (host2->address == NULL)? US"unset" : host2->address);
3059 }
3060 rc = OK;
3061 }
3062
3063 /* This is for real. If the host is expired, we don't count it for
3064 hosts_max_retry. This ensures that all hosts must expire before an address
8e669ac1 3065 is timed out, unless hosts_max_try_hardlimit (which protects against
533244af 3066 lunatic DNS configurations) is reached.
8e669ac1 3067
533244af
PH
3068 If the host is not expired and we are about to hit the hosts_max_retry
3069 limit, check to see if there is a subsequent hosts with a different MX
3070 value. If so, make that the next host, and don't count this one. This is a
3071 heuristic to make sure that different MXs do get tried. With a normal kind
3072 of retry rule, they would get tried anyway when the earlier hosts were
3073 delayed, but if the domain has a "retry every time" type of rule - as is
3074 often used for the the very large ISPs, that won't happen. */
0756eb3c
PH
3075
3076 else
3077 {
3078 if (!host_is_expired && ++unexpired_hosts_tried >= ob->hosts_max_try)
3079 {
3080 host_item *h;
3081 DEBUG(D_transport)
3082 debug_printf("hosts_max_try limit reached with this host\n");
3083 for (h = host; h != NULL; h = h->next)
3084 if (h->mx != host->mx) break;
3085 if (h != NULL)
3086 {
3087 nexthost = h;
3088 unexpired_hosts_tried--;
3089 DEBUG(D_transport) debug_printf("however, a higher MX host exists "
3090 "and will be tried\n");
3091 }
3092 }
3093
3094 /* Attempt the delivery. */
3095
533244af 3096 total_hosts_tried++;
0756eb3c
PH
3097 rc = smtp_deliver(addrlist, host, host_af, port, interface, tblock,
3098 expanded_hosts != NULL, &message_defer, FALSE);
3099
3100 /* Yield is one of:
3101 OK => connection made, each address contains its result;
3102 message_defer is set for message-specific defers (when all
3103 recipients are marked defer)
3104 DEFER => there was a non-message-specific delivery problem;
3105 ERROR => there was a problem setting up the arguments for a filter,
3106 or there was a problem with expanding added headers
3107 */
3108
3109 /* If the result is not OK, there was a non-message-specific problem.
3110 If the result is DEFER, we need to write to the logs saying what happened
3111 for this particular host, except in the case of authentication and TLS
3112 failures, where the log has already been written. If all hosts defer a
3113 general message is written at the end. */
3114
3115 if (rc == DEFER && first_addr->basic_errno != ERRNO_AUTHFAIL &&
3116 first_addr->basic_errno != ERRNO_TLSFAILURE)
3117 write_logs(first_addr, host);
3118
d68218c7
JH
3119 #ifdef EXPERIMENTAL_TPDA
3120 if (rc == DEFER)
3121 tpda_deferred(ob, first_addr, host);
3122 #endif
3123
0756eb3c
PH
3124 /* If STARTTLS was accepted, but there was a failure in setting up the
3125 TLS session (usually a certificate screwup), and the host is not in
3126 hosts_require_tls, and tls_tempfail_tryclear is true, try again, with
3127 TLS forcibly turned off. We have to start from scratch with a new SMTP
3128 connection. That's why the retry is done from here, not from within
3129 smtp_deliver(). [Rejections of STARTTLS itself don't screw up the
3130 session, so the in-clear transmission after those errors, if permitted,
3131 happens inside smtp_deliver().] */
3132
3133 #ifdef SUPPORT_TLS
3134 if (rc == DEFER && first_addr->basic_errno == ERRNO_TLSFAILURE &&
3135 ob->tls_tempfail_tryclear &&
3136 verify_check_this_host(&(ob->hosts_require_tls), NULL, host->name,
3137 host->address, NULL) != OK)
3138 {
3139 log_write(0, LOG_MAIN, "TLS session failure: delivering unencrypted "
3140 "to %s [%s] (not in hosts_require_tls)", host->name, host->address);
3141 first_addr = prepare_addresses(addrlist, host);
3142 rc = smtp_deliver(addrlist, host, host_af, port, interface, tblock,
3143 expanded_hosts != NULL, &message_defer, TRUE);
3144 if (rc == DEFER && first_addr->basic_errno != ERRNO_AUTHFAIL)
3145 write_logs(first_addr, host);
d68218c7
JH
3146 #ifdef EXPERIMENTAL_TPDA
3147 if (rc == DEFER)
3148 tpda_deferred(ob, first_addr, host);
3149 #endif
0756eb3c
PH
3150 }
3151 #endif
3152 }
3153
3154 /* Delivery attempt finished */
3155
3156 rs = (rc == OK)? US"OK" : (rc == DEFER)? US"DEFER" : (rc == ERROR)?
3157 US"ERROR" : US"?";
3158
3159 set_process_info("delivering %s: just tried %s [%s] for %s%s: result %s",
3160 message_id, host->name, host->address, addrlist->address,
3161 (addrlist->next == NULL)? "" : " (& others)", rs);
3162
3163 /* Release serialization if set up */
3164
3165 if (serialized) enq_end(serialize_key);
3166
3167 /* If the result is DEFER, or if a host retry record is known to exist, we
3168 need to add an item to the retry chain for updating the retry database
3169 at the end of delivery. We only need to add the item to the top address,
3170 of course. Also, if DEFER, we mark the IP address unusable so as to skip it
3171 for any other delivery attempts using the same address. (It is copied into
3172 the unusable tree at the outer level, so even if different address blocks
3173 contain the same address, it still won't get tried again.) */
3174
3175 if (rc == DEFER || retry_host_key != NULL)
3176 {
3177 int delete_flag = (rc != DEFER)? rf_delete : 0;
3178 if (retry_host_key == NULL)
3179 {
3180 retry_host_key = ob->retry_include_ip_address?
3181 string_sprintf("T:%S:%s%s", host->name, host->address, pistring) :
3182 string_sprintf("T:%S%s", host->name, pistring);
3183 }
3184
3185 /* If a delivery of another message over an existing SMTP connection
3186 yields DEFER, we do NOT set up retry data for the host. This covers the
3187 case when there are delays in routing the addresses in the second message
3188 that are so long that the server times out. This is alleviated by not
3189 routing addresses that previously had routing defers when handling an
3190 existing connection, but even so, this case may occur (e.g. if a
3191 previously happily routed address starts giving routing defers). If the
3192 host is genuinely down, another non-continued message delivery will
3193 notice it soon enough. */
3194
3195 if (delete_flag != 0 || !continuing)
3196 retry_add_item(first_addr, retry_host_key, rf_host | delete_flag);
3197
3198 /* We may have tried an expired host, if its retry time has come; ensure
3199 the status reflects the expiry for the benefit of any other addresses. */
3200
3201 if (rc == DEFER)
3202 {
3203 host->status = (host_is_expired)?
3204 hstatus_unusable_expired : hstatus_unusable;
3205 host->why = hwhy_deferred;
3206 }
3207 }
3208
3209 /* If message_defer is set (host was OK, but every recipient got deferred
3210 because of some message-specific problem), or if that had happened
3211 previously so that a message retry key exists, add an appropriate item
3212 to the retry chain. Note that if there was a message defer but now there is
3213 a host defer, the message defer record gets deleted. That seems perfectly
3214 reasonable. Also, stop the message from being remembered as waiting
f6c332bd 3215 for specific hosts. */
0756eb3c
PH
3216
3217 if (message_defer || retry_message_key != NULL)
3218 {
3219 int delete_flag = message_defer? 0 : rf_delete;
3220 if (retry_message_key == NULL)
3221 {
3222 retry_message_key = ob->retry_include_ip_address?
3223 string_sprintf("T:%S:%s%s:%s", host->name, host->address, pistring,
3224 message_id) :
3225 string_sprintf("T:%S%s:%s", host->name, pistring, message_id);
3226 }
3227 retry_add_item(addrlist, retry_message_key,
3228 rf_message | rf_host | delete_flag);
f6c332bd 3229 update_waiting = FALSE;
0756eb3c
PH
3230 }
3231
3232 /* Any return other than DEFER (that is, OK or ERROR) means that the
3233 addresses have got their final statuses filled in for this host. In the OK
3234 case, see if any of them are deferred. */
3235
3236 if (rc == OK)
3237 {
3238 for (addr = addrlist; addr != NULL; addr = addr->next)
3239 {
3240 if (addr->transport_return == DEFER)
3241 {
3242 some_deferred = TRUE;
3243 break;
3244 }
3245 }
3246 }
3247
3248 /* If no addresses deferred or the result was ERROR, return. We do this for
3249 ERROR because a failing filter set-up or add_headers expansion is likely to
3250 fail for any host we try. */
3251
3252 if (rc == ERROR || (rc == OK && !some_deferred))
3253 {
3254 DEBUG(D_transport) debug_printf("Leaving %s transport\n", tblock->name);
3255 return TRUE; /* Each address has its status */
3256 }
3257
3258 /* If the result was DEFER or some individual addresses deferred, let
3259 the loop run to try other hosts with the deferred addresses, except for the
3260 case when we were trying to deliver down an existing channel and failed.
3261 Don't try any other hosts in this case. */
3262
3263 if (continuing) break;
3264
3265 /* If the whole delivery, or some individual addresses, were deferred and
3266 there are more hosts that could be tried, do not count this host towards
3267 the hosts_max_try limit if the age of the message is greater than the
3268 maximum retry time for this host. This means we may try try all hosts,
3269 ignoring the limit, when messages have been around for some time. This is
3270 important because if we don't try all hosts, the address will never time
533244af 3271 out. NOTE: this does not apply to hosts_max_try_hardlimit. */
0756eb3c
PH
3272
3273 if ((rc == DEFER || some_deferred) && nexthost != NULL)
3274 {
3275 BOOL timedout;
3276 retry_config *retry = retry_find_config(host->name, NULL, 0, 0);
3277
3278 if (retry != NULL && retry->rules != NULL)
3279 {
3280 retry_rule *last_rule;
3281 for (last_rule = retry->rules;
3282 last_rule->next != NULL;
3283 last_rule = last_rule->next);
3284 timedout = time(NULL) - received_time > last_rule->timeout;
3285 }
3286 else timedout = TRUE; /* No rule => timed out */
3287
3288 if (timedout)
3289 {
3290 unexpired_hosts_tried--;
3291 DEBUG(D_transport) debug_printf("temporary delivery error(s) override "
3292 "hosts_max_try (message older than host's retry time)\n");
3293 }
3294 }
3295 } /* End of loop for trying multiple hosts. */
3296
3297 /* This is the end of the loop that repeats iff expired is TRUE and
3298 ob->delay_after_cutoff is FALSE. The second time round we will
3299 try those hosts that haven't been tried since the message arrived. */
3300
3301 DEBUG(D_transport)
3302 {
3303 debug_printf("all IP addresses skipped or deferred at least one address\n");
3304 if (expired && !ob->delay_after_cutoff && cutoff_retry == 0)
3305 debug_printf("retrying IP addresses not tried since message arrived\n");
3306 }
3307 }
3308
3309
3310/* Get here if all IP addresses are skipped or defer at least one address. In
3311MUA wrapper mode, this will happen only for connection or other non-message-
3312specific failures. Force the delivery status for all addresses to FAIL. */
3313
3314if (mua_wrapper)
3315 {
3316 for (addr = addrlist; addr != NULL; addr = addr->next)
3317 addr->transport_return = FAIL;
3318 goto END_TRANSPORT;
3319 }
3320
3321/* In the normal, non-wrapper case, add a standard message to each deferred
3322address if there hasn't been an error, that is, if it hasn't actually been
3323tried this time. The variable "expired" will be FALSE if any deliveries were
3324actually tried, or if there was at least one host that was not expired. That
3325is, it is TRUE only if no deliveries were tried and all hosts were expired. If
3326a delivery has been tried, an error code will be set, and the failing of the
3327message is handled by the retry code later.
3328
3329If queue_smtp is set, or this transport was called to send a subsequent message
3330down an existing TCP/IP connection, and something caused the host not to be
3331found, we end up here, but can detect these cases and handle them specially. */
3332
3333for (addr = addrlist; addr != NULL; addr = addr->next)
3334 {
3335 /* If host is not NULL, it means that we stopped processing the host list
533244af
PH
3336 because of hosts_max_try or hosts_max_try_hardlimit. In the former case, this
3337 means we need to behave as if some hosts were skipped because their retry
3338 time had not come. Specifically, this prevents the address from timing out.
8e669ac1 3339 However, if we have hit hosts_max_try_hardlimit, we want to behave as if all
533244af 3340 hosts were tried. */
0756eb3c
PH
3341
3342 if (host != NULL)
3343 {
533244af
PH
3344 if (total_hosts_tried >= ob->hosts_max_try_hardlimit)
3345 {
3346 DEBUG(D_transport)
3347 debug_printf("hosts_max_try_hardlimit reached: behave as if all "
3348 "hosts were tried\n");
3349 }
3350 else
8e669ac1 3351 {
533244af
PH
3352 DEBUG(D_transport)
3353 debug_printf("hosts_max_try limit caused some hosts to be skipped\n");
3354 setflag(addr, af_retry_skipped);
8e669ac1 3355 }
0756eb3c
PH
3356 }
3357
3358 if (queue_smtp) /* no deliveries attempted */
3359 {
3360 addr->transport_return = DEFER;
3361 addr->basic_errno = 0;
3362 addr->message = US"SMTP delivery explicitly queued";
3363 }
3364
3365 else if (addr->transport_return == DEFER &&
3366 (addr->basic_errno == ERRNO_UNKNOWNERROR || addr->basic_errno == 0) &&
3367 addr->message == NULL)
3368 {
3369 addr->basic_errno = ERRNO_HRETRY;
3370 if (continue_hostname != NULL)
3371 {
3372 addr->message = US"no host found for existing SMTP connection";
3373 }
3374 else if (expired)
3375 {
fffffe4c 3376 setflag(addr, af_pass_message); /* This is not a security risk */
0756eb3c
PH
3377 addr->message = (ob->delay_after_cutoff)?
3378 US"retry time not reached for any host after a long failure period" :
3379 US"all hosts have been failing for a long time and were last tried "
3380 "after this message arrived";
3381
3382 /* If we are already using fallback hosts, or there are no fallback hosts
3383 defined, convert the result to FAIL to cause a bounce. */
3384
3385 if (addr->host_list == addr->fallback_hosts ||
3386 addr->fallback_hosts == NULL)
3387 addr->transport_return = FAIL;
3388 }
3389 else
3390 {
3391 if (hosts_retry == hosts_total)
3392 addr->message = US"retry time not reached for any host";
3393 else if (hosts_fail == hosts_total)
3394 addr->message = US"all host address lookups failed permanently";
3395 else if (hosts_defer == hosts_total)
3396 addr->message = US"all host address lookups failed temporarily";
3397 else if (hosts_serial == hosts_total)
3398 addr->message = US"connection limit reached for all hosts";
3399 else if (hosts_fail+hosts_defer == hosts_total)
3400 addr->message = US"all host address lookups failed";
3401 else addr->message = US"some host address lookups failed and retry time "
3402 "not reached for other hosts or connection limit reached";
3403 }
3404 }
3405 }
3406
3407/* Update the database which keeps information about which messages are waiting
f6c332bd
PH
3408for which hosts to become available. For some message-specific errors, the
3409update_waiting flag is turned off because we don't want follow-on deliveries in
ea722490 3410those cases. If this transport instance is explicitly limited to one message
8b260705
PP
3411per connection then follow-on deliveries are not possible and there's no need
3412to create/update the per-transport wait-<transport_name> database. */
0756eb3c 3413
ea722490
JH
3414if (update_waiting && tblock->connection_max_messages != 1)
3415 transport_update_waiting(hostlist, tblock->name);
0756eb3c
PH
3416
3417END_TRANSPORT:
3418
3419DEBUG(D_transport) debug_printf("Leaving %s transport\n", tblock->name);
3420
3421return TRUE; /* Each address has its status */
3422}
3423
3424/* End of transport/smtp.c */