Allow underscore in dnslist lookups
[exim.git] / src / src / verify.c
CommitLineData
83e029d5 1/* $Cambridge: exim/src/src/verify.c,v 1.55 2010/06/05 23:50:18 pdp Exp $ */
059ec3d9
PH
2
3/*************************************************
4* Exim - an Internet mail transport agent *
5*************************************************/
6
0a49a7a4 7/* Copyright (c) University of Cambridge 1995 - 2009 */
059ec3d9
PH
8/* See the file NOTICE for conditions of use and distribution. */
9
10/* Functions concerned with verifying things. The original code for callout
11caching was contributed by Kevin Fleming (but I hacked it around a bit). */
12
13
14#include "exim.h"
15
16
17/* Structure for caching DNSBL lookups */
18
19typedef struct dnsbl_cache_block {
20 dns_address *rhs;
21 uschar *text;
22 int rc;
23 BOOL text_set;
24} dnsbl_cache_block;
25
26
27/* Anchor for DNSBL cache */
28
29static tree_node *dnsbl_cache = NULL;
30
31
431b7361
PH
32/* Bits for match_type in one_check_dnsbl() */
33
34#define MT_NOT 1
35#define MT_ALL 2
36
37
059ec3d9
PH
38
39/*************************************************
40* Retrieve a callout cache record *
41*************************************************/
42
43/* If a record exists, check whether it has expired.
44
45Arguments:
46 dbm_file an open hints file
47 key the record key
48 type "address" or "domain"
49 positive_expire expire time for positive records
50 negative_expire expire time for negative records
51
52Returns: the cache record if a non-expired one exists, else NULL
53*/
54
55static dbdata_callout_cache *
56get_callout_cache_record(open_db *dbm_file, uschar *key, uschar *type,
57 int positive_expire, int negative_expire)
58{
59BOOL negative;
60int length, expire;
61time_t now;
62dbdata_callout_cache *cache_record;
63
64cache_record = dbfn_read_with_length(dbm_file, key, &length);
65
66if (cache_record == NULL)
67 {
68 HDEBUG(D_verify) debug_printf("callout cache: no %s record found\n", type);
69 return NULL;
70 }
71
72/* We treat a record as "negative" if its result field is not positive, or if
73it is a domain record and the postmaster field is negative. */
74
75negative = cache_record->result != ccache_accept ||
76 (type[0] == 'd' && cache_record->postmaster_result == ccache_reject);
77expire = negative? negative_expire : positive_expire;
78now = time(NULL);
79
80if (now - cache_record->time_stamp > expire)
81 {
82 HDEBUG(D_verify) debug_printf("callout cache: %s record expired\n", type);
83 return NULL;
84 }
85
86/* If this is a non-reject domain record, check for the obsolete format version
87that doesn't have the postmaster and random timestamps, by looking at the
88length. If so, copy it to a new-style block, replicating the record's
89timestamp. Then check the additional timestamps. (There's no point wasting
90effort if connections are rejected.) */
91
92if (type[0] == 'd' && cache_record->result != ccache_reject)
93 {
94 if (length == sizeof(dbdata_callout_cache_obs))
95 {
96 dbdata_callout_cache *new = store_get(sizeof(dbdata_callout_cache));
97 memcpy(new, cache_record, length);
98 new->postmaster_stamp = new->random_stamp = new->time_stamp;
99 cache_record = new;
100 }
101
102 if (now - cache_record->postmaster_stamp > expire)
103 cache_record->postmaster_result = ccache_unknown;
104
105 if (now - cache_record->random_stamp > expire)
106 cache_record->random_result = ccache_unknown;
107 }
108
109HDEBUG(D_verify) debug_printf("callout cache: found %s record\n", type);
110return cache_record;
111}
112
113
114
115/*************************************************
116* Do callout verification for an address *
117*************************************************/
118
119/* This function is called from verify_address() when the address has routed to
120a host list, and a callout has been requested. Callouts are expensive; that is
121why a cache is used to improve the efficiency.
122
123Arguments:
124 addr the address that's been routed
125 host_list the list of hosts to try
126 tf the transport feedback block
127
128 ifstring "interface" option from transport, or NULL
129 portstring "port" option from transport, or NULL
130 protocolstring "protocol" option from transport, or NULL
131 callout the per-command callout timeout
4deaf07d
PH
132 callout_overall the overall callout timeout (if < 0 use 4*callout)
133 callout_connect the callout connection timeout (if < 0 use callout)
059ec3d9
PH
134 options the verification options - these bits are used:
135 vopt_is_recipient => this is a recipient address
136 vopt_callout_no_cache => don't use callout cache
2a4be8f9 137 vopt_callout_fullpm => if postmaster check, do full one
059ec3d9
PH
138 vopt_callout_random => do the "random" thing
139 vopt_callout_recipsender => use real sender for recipient
140 vopt_callout_recippmaster => use postmaster for recipient
141 se_mailfrom MAIL FROM address for sender verify; NULL => ""
142 pm_mailfrom if non-NULL, do the postmaster check with this sender
143
144Returns: OK/FAIL/DEFER
145*/
146
147static int
148do_callout(address_item *addr, host_item *host_list, transport_feedback *tf,
8e669ac1 149 int callout, int callout_overall, int callout_connect, int options,
4deaf07d 150 uschar *se_mailfrom, uschar *pm_mailfrom)
059ec3d9
PH
151{
152BOOL is_recipient = (options & vopt_is_recipient) != 0;
153BOOL callout_no_cache = (options & vopt_callout_no_cache) != 0;
154BOOL callout_random = (options & vopt_callout_random) != 0;
155
156int yield = OK;
2b1c6e3a 157int old_domain_cache_result = ccache_accept;
059ec3d9
PH
158BOOL done = FALSE;
159uschar *address_key;
160uschar *from_address;
161uschar *random_local_part = NULL;
750af86e 162uschar *save_deliver_domain = deliver_domain;
8e669ac1 163uschar **failure_ptr = is_recipient?
2c7db3f5 164 &recipient_verify_failure : &sender_verify_failure;
059ec3d9
PH
165open_db dbblock;
166open_db *dbm_file = NULL;
167dbdata_callout_cache new_domain_record;
168dbdata_callout_cache_address new_address_record;
169host_item *host;
170time_t callout_start_time;
171
172new_domain_record.result = ccache_unknown;
173new_domain_record.postmaster_result = ccache_unknown;
174new_domain_record.random_result = ccache_unknown;
175
176memset(&new_address_record, 0, sizeof(new_address_record));
177
178/* For a recipient callout, the key used for the address cache record must
179include the sender address if we are using the real sender in the callout,
180because that may influence the result of the callout. */
181
182address_key = addr->address;
183from_address = US"";
184
185if (is_recipient)
186 {
187 if ((options & vopt_callout_recipsender) != 0)
188 {
189 address_key = string_sprintf("%s/<%s>", addr->address, sender_address);
190 from_address = sender_address;
191 }
192 else if ((options & vopt_callout_recippmaster) != 0)
193 {
194 address_key = string_sprintf("%s/<postmaster@%s>", addr->address,
195 qualify_domain_sender);
196 from_address = string_sprintf("postmaster@%s", qualify_domain_sender);
197 }
198 }
199
200/* For a sender callout, we must adjust the key if the mailfrom address is not
201empty. */
202
203else
204 {
205 from_address = (se_mailfrom == NULL)? US"" : se_mailfrom;
206 if (from_address[0] != 0)
207 address_key = string_sprintf("%s/<%s>", addr->address, from_address);
208 }
209
210/* Open the callout cache database, it it exists, for reading only at this
211stage, unless caching has been disabled. */
212
213if (callout_no_cache)
214 {
215 HDEBUG(D_verify) debug_printf("callout cache: disabled by no_cache\n");
216 }
217else if ((dbm_file = dbfn_open(US"callout", O_RDWR, &dbblock, FALSE)) == NULL)
218 {
219 HDEBUG(D_verify) debug_printf("callout cache: not available\n");
220 }
221
222/* If a cache database is available see if we can avoid the need to do an
223actual callout by making use of previously-obtained data. */
224
225if (dbm_file != NULL)
226 {
227 dbdata_callout_cache_address *cache_address_record;
228 dbdata_callout_cache *cache_record = get_callout_cache_record(dbm_file,
229 addr->domain, US"domain",
230 callout_cache_domain_positive_expire,
231 callout_cache_domain_negative_expire);
232
233 /* If an unexpired cache record was found for this domain, see if the callout
234 process can be short-circuited. */
235
236 if (cache_record != NULL)
237 {
2b1c6e3a
PH
238 /* In most cases, if an early command (up to and including MAIL FROM:<>)
239 was rejected, there is no point carrying on. The callout fails. However, if
240 we are doing a recipient verification with use_sender or use_postmaster
241 set, a previous failure of MAIL FROM:<> doesn't count, because this time we
242 will be using a non-empty sender. We have to remember this situation so as
243 not to disturb the cached domain value if this whole verification succeeds
244 (we don't want it turning into "accept"). */
245
246 old_domain_cache_result = cache_record->result;
247
248 if (cache_record->result == ccache_reject ||
249 (*from_address == 0 && cache_record->result == ccache_reject_mfnull))
059ec3d9
PH
250 {
251 setflag(addr, af_verify_nsfail);
252 HDEBUG(D_verify)
253 debug_printf("callout cache: domain gave initial rejection, or "
254 "does not accept HELO or MAIL FROM:<>\n");
255 setflag(addr, af_verify_nsfail);
256 addr->user_message = US"(result of an earlier callout reused).";
257 yield = FAIL;
8e669ac1 258 *failure_ptr = US"mail";
059ec3d9
PH
259 goto END_CALLOUT;
260 }
261
262 /* If a previous check on a "random" local part was accepted, we assume
263 that the server does not do any checking on local parts. There is therefore
264 no point in doing the callout, because it will always be successful. If a
265 random check previously failed, arrange not to do it again, but preserve
266 the data in the new record. If a random check is required but hasn't been
267 done, skip the remaining cache processing. */
268
269 if (callout_random) switch(cache_record->random_result)
270 {
271 case ccache_accept:
272 HDEBUG(D_verify)
273 debug_printf("callout cache: domain accepts random addresses\n");
274 goto END_CALLOUT; /* Default yield is OK */
275
276 case ccache_reject:
277 HDEBUG(D_verify)
278 debug_printf("callout cache: domain rejects random addresses\n");
279 callout_random = FALSE;
280 new_domain_record.random_result = ccache_reject;
281 new_domain_record.random_stamp = cache_record->random_stamp;
282 break;
283
284 default:
285 HDEBUG(D_verify)
286 debug_printf("callout cache: need to check random address handling "
287 "(not cached or cache expired)\n");
288 goto END_CACHE;
289 }
290
291 /* If a postmaster check is requested, but there was a previous failure,
292 there is again no point in carrying on. If a postmaster check is required,
293 but has not been done before, we are going to have to do a callout, so skip
294 remaining cache processing. */
295
296 if (pm_mailfrom != NULL)
297 {
298 if (cache_record->postmaster_result == ccache_reject)
299 {
300 setflag(addr, af_verify_pmfail);
301 HDEBUG(D_verify)
302 debug_printf("callout cache: domain does not accept "
303 "RCPT TO:<postmaster@domain>\n");
304 yield = FAIL;
8e669ac1 305 *failure_ptr = US"postmaster";
059ec3d9
PH
306 setflag(addr, af_verify_pmfail);
307 addr->user_message = US"(result of earlier verification reused).";
308 goto END_CALLOUT;
309 }
310 if (cache_record->postmaster_result == ccache_unknown)
311 {
312 HDEBUG(D_verify)
313 debug_printf("callout cache: need to check RCPT "
314 "TO:<postmaster@domain> (not cached or cache expired)\n");
315 goto END_CACHE;
316 }
317
318 /* If cache says OK, set pm_mailfrom NULL to prevent a redundant
319 postmaster check if the address itself has to be checked. Also ensure
320 that the value in the cache record is preserved (with its old timestamp).
321 */
322
323 HDEBUG(D_verify) debug_printf("callout cache: domain accepts RCPT "
324 "TO:<postmaster@domain>\n");
325 pm_mailfrom = NULL;
326 new_domain_record.postmaster_result = ccache_accept;
327 new_domain_record.postmaster_stamp = cache_record->postmaster_stamp;
328 }
329 }
330
331 /* We can't give a result based on information about the domain. See if there
332 is an unexpired cache record for this specific address (combined with the
333 sender address if we are doing a recipient callout with a non-empty sender).
334 */
335
336 cache_address_record = (dbdata_callout_cache_address *)
337 get_callout_cache_record(dbm_file,
338 address_key, US"address",
339 callout_cache_positive_expire,
340 callout_cache_negative_expire);
341
342 if (cache_address_record != NULL)
343 {
344 if (cache_address_record->result == ccache_accept)
345 {
346 HDEBUG(D_verify)
347 debug_printf("callout cache: address record is positive\n");
348 }
349 else
350 {
351 HDEBUG(D_verify)
352 debug_printf("callout cache: address record is negative\n");
353 addr->user_message = US"Previous (cached) callout verification failure";
8e669ac1 354 *failure_ptr = US"recipient";
059ec3d9
PH
355 yield = FAIL;
356 }
357 goto END_CALLOUT;
358 }
359
360 /* Close the cache database while we actually do the callout for real. */
361
362 END_CACHE:
363 dbfn_close(dbm_file);
364 dbm_file = NULL;
365 }
366
367/* The information wasn't available in the cache, so we have to do a real
368callout and save the result in the cache for next time, unless no_cache is set,
369or unless we have a previously cached negative random result. If we are to test
370with a random local part, ensure that such a local part is available. If not,
371log the fact, but carry on without randomming. */
372
373if (callout_random && callout_random_local_part != NULL)
374 {
375 random_local_part = expand_string(callout_random_local_part);
376 if (random_local_part == NULL)
377 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand "
378 "callout_random_local_part: %s", expand_string_message);
379 }
380
4deaf07d
PH
381/* Default the connect and overall callout timeouts if not set, and record the
382time we are starting so that we can enforce it. */
059ec3d9
PH
383
384if (callout_overall < 0) callout_overall = 4 * callout;
4deaf07d 385if (callout_connect < 0) callout_connect = callout;
059ec3d9
PH
386callout_start_time = time(NULL);
387
4c590bd1
PH
388/* Before doing a real callout, if this is an SMTP connection, flush the SMTP
389output because a callout might take some time. When PIPELINING is active and
390there are many recipients, the total time for doing lots of callouts can add up
391and cause the client to time out. So in this case we forgo the PIPELINING
392optimization. */
393
394if (smtp_out != NULL && !disable_callout_flush) mac_smtp_fflush();
395
059ec3d9
PH
396/* Now make connections to the hosts and do real callouts. The list of hosts
397is passed in as an argument. */
398
399for (host = host_list; host != NULL && !done; host = host->next)
400 {
401 smtp_inblock inblock;
402 smtp_outblock outblock;
403 int host_af;
404 int port = 25;
8e669ac1 405 BOOL send_quit = TRUE;
26da7e20 406 uschar *active_hostname = smtp_active_hostname;
059ec3d9
PH
407 uschar *helo = US"HELO";
408 uschar *interface = NULL; /* Outgoing interface to use; NULL => any */
409 uschar inbuffer[4096];
410 uschar outbuffer[1024];
411 uschar responsebuffer[4096];
412
413 clearflag(addr, af_verify_pmfail); /* postmaster callout flag */
414 clearflag(addr, af_verify_nsfail); /* null sender callout flag */
415
416 /* Skip this host if we don't have an IP address for it. */
417
418 if (host->address == NULL)
419 {
420 DEBUG(D_verify) debug_printf("no IP address for host name %s: skipping\n",
421 host->name);
422 continue;
423 }
424
425 /* Check the overall callout timeout */
426
427 if (time(NULL) - callout_start_time >= callout_overall)
428 {
429 HDEBUG(D_verify) debug_printf("overall timeout for callout exceeded\n");
430 break;
431 }
432
433 /* Set IPv4 or IPv6 */
434
435 host_af = (Ustrchr(host->address, ':') == NULL)? AF_INET:AF_INET6;
436
de3a88fb
PH
437 /* Expand and interpret the interface and port strings. The latter will not
438 be used if there is a host-specific port (e.g. from a manualroute router).
439 This has to be delayed till now, because they may expand differently for
440 different hosts. If there's a failure, log it, but carry on with the
441 defaults. */
059ec3d9
PH
442
443 deliver_host = host->name;
444 deliver_host_address = host->address;
750af86e 445 deliver_domain = addr->domain;
de3a88fb 446
059ec3d9
PH
447 if (!smtp_get_interface(tf->interface, host_af, addr, NULL, &interface,
448 US"callout") ||
449 !smtp_get_port(tf->port, addr, &port, US"callout"))
450 log_write(0, LOG_MAIN|LOG_PANIC, "<%s>: %s", addr->address,
451 addr->message);
de3a88fb 452
059ec3d9
PH
453 /* Set HELO string according to the protocol */
454
455 if (Ustrcmp(tf->protocol, "lmtp") == 0) helo = US"LHLO";
456
457 HDEBUG(D_verify) debug_printf("interface=%s port=%d\n", interface, port);
458
459 /* Set up the buffer for reading SMTP response packets. */
460
461 inblock.buffer = inbuffer;
462 inblock.buffersize = sizeof(inbuffer);
463 inblock.ptr = inbuffer;
464 inblock.ptrend = inbuffer;
465
466 /* Set up the buffer for holding SMTP commands while pipelining */
467
468 outblock.buffer = outbuffer;
469 outblock.buffersize = sizeof(outbuffer);
470 outblock.ptr = outbuffer;
471 outblock.cmd_count = 0;
472 outblock.authenticating = FALSE;
473
474 /* Connect to the host; on failure, just loop for the next one, but we
4deaf07d 475 set the error for the last one. Use the callout_connect timeout. */
059ec3d9
PH
476
477 inblock.sock = outblock.sock =
4deaf07d 478 smtp_connect(host, host_af, port, interface, callout_connect, TRUE);
059ec3d9
PH
479 if (inblock.sock < 0)
480 {
481 addr->message = string_sprintf("could not connect to %s [%s]: %s",
482 host->name, host->address, strerror(errno));
41c7c167
PH
483 deliver_host = deliver_host_address = NULL;
484 deliver_domain = save_deliver_domain;
059ec3d9
PH
485 continue;
486 }
487
41c7c167
PH
488 /* Expand the helo_data string to find the host name to use. */
489
490 if (tf->helo_data != NULL)
491 {
492 uschar *s = expand_string(tf->helo_data);
493 if (s == NULL)
494 log_write(0, LOG_MAIN|LOG_PANIC, "<%s>: failed to expand transport's "
495 "helo_data value for callout: %s", addr->address,
496 expand_string_message);
497 else active_hostname = s;
498 }
499
500 deliver_host = deliver_host_address = NULL;
501 deliver_domain = save_deliver_domain;
502
2b1c6e3a
PH
503 /* Wait for initial response, and send HELO. The smtp_write_command()
504 function leaves its command in big_buffer. This is used in error responses.
505 Initialize it in case the connection is rejected. */
059ec3d9
PH
506
507 Ustrcpy(big_buffer, "initial connection");
508
509 done =
510 smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
511 '2', callout) &&
059ec3d9 512 smtp_write_command(&outblock, FALSE, "%s %s\r\n", helo,
26da7e20 513 active_hostname) >= 0 &&
059ec3d9 514 smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
2b1c6e3a 515 '2', callout);
059ec3d9 516
2b1c6e3a
PH
517 /* Failure to accept HELO is cached; this blocks the whole domain for all
518 senders. I/O errors and defer responses are not cached. */
519
520 if (!done)
521 {
522 *failure_ptr = US"mail"; /* At or before MAIL */
523 if (errno == 0 && responsebuffer[0] == '5')
524 {
525 setflag(addr, af_verify_nsfail);
526 new_domain_record.result = ccache_reject;
527 }
528 }
529
530 /* Send the MAIL command */
531
532 else done =
059ec3d9
PH
533 smtp_write_command(&outblock, FALSE, "MAIL FROM:<%s>\r\n",
534 from_address) >= 0 &&
535 smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
536 '2', callout);
537
2b1c6e3a
PH
538 /* If the host does not accept MAIL FROM:<>, arrange to cache this
539 information, but again, don't record anything for an I/O error or a defer. Do
540 not cache rejections of MAIL when a non-empty sender has been used, because
541 that blocks the whole domain for all senders. */
059ec3d9
PH
542
543 if (!done)
544 {
2b1c6e3a 545 *failure_ptr = US"mail"; /* At or before MAIL */
059ec3d9
PH
546 if (errno == 0 && responsebuffer[0] == '5')
547 {
548 setflag(addr, af_verify_nsfail);
2b1c6e3a
PH
549 if (from_address[0] == 0)
550 new_domain_record.result = ccache_reject_mfnull;
059ec3d9
PH
551 }
552 }
553
554 /* Otherwise, proceed to check a "random" address (if required), then the
555 given address, and the postmaster address (if required). Between each check,
556 issue RSET, because some servers accept only one recipient after MAIL
2b1c6e3a
PH
557 FROM:<>.
558
559 Before doing this, set the result in the domain cache record to "accept",
560 unless its previous value was ccache_reject_mfnull. In that case, the domain
561 rejects MAIL FROM:<> and we want to continue to remember that. When that is
562 the case, we have got here only in the case of a recipient verification with
563 a non-null sender. */
059ec3d9
PH
564
565 else
566 {
2b1c6e3a
PH
567 new_domain_record.result =
568 (old_domain_cache_result == ccache_reject_mfnull)?
569 ccache_reject_mfnull: ccache_accept;
059ec3d9
PH
570
571 /* Do the random local part check first */
572
573 if (random_local_part != NULL)
574 {
575 uschar randombuffer[1024];
576 BOOL random_ok =
577 smtp_write_command(&outblock, FALSE,
578 "RCPT TO:<%.1000s@%.1000s>\r\n", random_local_part,
579 addr->domain) >= 0 &&
580 smtp_read_response(&inblock, randombuffer,
581 sizeof(randombuffer), '2', callout);
582
583 /* Remember when we last did a random test */
584
585 new_domain_record.random_stamp = time(NULL);
586
587 /* If accepted, we aren't going to do any further tests below. */
588
589 if (random_ok)
590 {
591 new_domain_record.random_result = ccache_accept;
592 }
593
594 /* Otherwise, cache a real negative response, and get back to the right
595 state to send RCPT. Unless there's some problem such as a dropped
596 connection, we expect to succeed, because the commands succeeded above. */
597
598 else if (errno == 0)
599 {
600 if (randombuffer[0] == '5')
601 new_domain_record.random_result = ccache_reject;
602
603 done =
604 smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0 &&
605 smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
606 '2', callout) &&
607
90e9ce59
PH
608 smtp_write_command(&outblock, FALSE, "MAIL FROM:<%s>\r\n",
609 from_address) >= 0 &&
059ec3d9
PH
610 smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
611 '2', callout);
612 }
613 else done = FALSE; /* Some timeout/connection problem */
614 } /* Random check */
615
616 /* If the host is accepting all local parts, as determined by the "random"
617 check, we don't need to waste time doing any further checking. */
618
619 if (new_domain_record.random_result != ccache_accept && done)
620 {
5417f6d1
PH
621 /* Get the rcpt_include_affixes flag from the transport if there is one,
622 but assume FALSE if there is not. */
623
059ec3d9
PH
624 done =
625 smtp_write_command(&outblock, FALSE, "RCPT TO:<%.1000s>\r\n",
c688b954 626 transport_rcpt_address(addr,
5417f6d1
PH
627 (addr->transport == NULL)? FALSE :
628 addr->transport->rcpt_include_affixes)) >= 0 &&
059ec3d9
PH
629 smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
630 '2', callout);
631
632 if (done)
633 new_address_record.result = ccache_accept;
634 else if (errno == 0 && responsebuffer[0] == '5')
2c7db3f5 635 {
8e669ac1 636 *failure_ptr = US"recipient";
059ec3d9 637 new_address_record.result = ccache_reject;
8e669ac1 638 }
059ec3d9 639
2a4be8f9
PH
640 /* Do postmaster check if requested; if a full check is required, we
641 check for RCPT TO:<postmaster> (no domain) in accordance with RFC 821. */
059ec3d9
PH
642
643 if (done && pm_mailfrom != NULL)
644 {
645 done =
646 smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0 &&
647 smtp_read_response(&inblock, responsebuffer,
648 sizeof(responsebuffer), '2', callout) &&
649
650 smtp_write_command(&outblock, FALSE,
651 "MAIL FROM:<%s>\r\n", pm_mailfrom) >= 0 &&
652 smtp_read_response(&inblock, responsebuffer,
653 sizeof(responsebuffer), '2', callout) &&
654
2a4be8f9
PH
655 /* First try using the current domain */
656
657 ((
059ec3d9
PH
658 smtp_write_command(&outblock, FALSE,
659 "RCPT TO:<postmaster@%.1000s>\r\n", addr->domain) >= 0 &&
660 smtp_read_response(&inblock, responsebuffer,
2a4be8f9
PH
661 sizeof(responsebuffer), '2', callout)
662 )
663
664 ||
665
666 /* If that doesn't work, and a full check is requested,
667 try without the domain. */
668
669 (
670 (options & vopt_callout_fullpm) != 0 &&
671 smtp_write_command(&outblock, FALSE,
672 "RCPT TO:<postmaster>\r\n") >= 0 &&
673 smtp_read_response(&inblock, responsebuffer,
674 sizeof(responsebuffer), '2', callout)
675 ));
676
677 /* Sort out the cache record */
059ec3d9
PH
678
679 new_domain_record.postmaster_stamp = time(NULL);
680
681 if (done)
682 new_domain_record.postmaster_result = ccache_accept;
683 else if (errno == 0 && responsebuffer[0] == '5')
684 {
8e669ac1 685 *failure_ptr = US"postmaster";
059ec3d9
PH
686 setflag(addr, af_verify_pmfail);
687 new_domain_record.postmaster_result = ccache_reject;
688 }
689 }
690 } /* Random not accepted */
90e9ce59 691 } /* MAIL FROM: accepted */
059ec3d9
PH
692
693 /* For any failure of the main check, other than a negative response, we just
694 close the connection and carry on. We can identify a negative response by the
695 fact that errno is zero. For I/O errors it will be non-zero
696
697 Set up different error texts for logging and for sending back to the caller
698 as an SMTP response. Log in all cases, using a one-line format. For sender
699 callouts, give a full response to the caller, but for recipient callouts,
700 don't give the IP address because this may be an internal host whose identity
701 is not to be widely broadcast. */
702
703 if (!done)
704 {
705 if (errno == ETIMEDOUT)
706 {
707 HDEBUG(D_verify) debug_printf("SMTP timeout\n");
8e669ac1 708 send_quit = FALSE;
059ec3d9
PH
709 }
710 else if (errno == 0)
711 {
712 if (*responsebuffer == 0) Ustrcpy(responsebuffer, US"connection dropped");
713
714 addr->message =
715 string_sprintf("response to \"%s\" from %s [%s] was: %s",
716 big_buffer, host->name, host->address,
717 string_printing(responsebuffer));
718
719 addr->user_message = is_recipient?
720 string_sprintf("Callout verification failed:\n%s", responsebuffer)
721 :
722 string_sprintf("Called: %s\nSent: %s\nResponse: %s",
723 host->address, big_buffer, responsebuffer);
724
725 /* Hard rejection ends the process */
726
727 if (responsebuffer[0] == '5') /* Address rejected */
728 {
729 yield = FAIL;
730 done = TRUE;
731 }
732 }
733 }
734
735 /* End the SMTP conversation and close the connection. */
736
c9bdd01c 737 if (send_quit) (void)smtp_write_command(&outblock, FALSE, "QUIT\r\n");
f1e894f3 738 (void)close(inblock.sock);
059ec3d9
PH
739 } /* Loop through all hosts, while !done */
740
741/* If we get here with done == TRUE, a successful callout happened, and yield
742will be set OK or FAIL according to the response to the RCPT command.
743Otherwise, we looped through the hosts but couldn't complete the business.
744However, there may be domain-specific information to cache in both cases.
745
746The value of the result field in the new_domain record is ccache_unknown if
90e9ce59 747there was an error before or with MAIL FROM:, and errno was not zero,
059ec3d9 748implying some kind of I/O error. We don't want to write the cache in that case.
2b1c6e3a 749Otherwise the value is ccache_accept, ccache_reject, or ccache_reject_mfnull. */
059ec3d9
PH
750
751if (!callout_no_cache && new_domain_record.result != ccache_unknown)
752 {
753 if ((dbm_file = dbfn_open(US"callout", O_RDWR|O_CREAT, &dbblock, FALSE))
754 == NULL)
755 {
756 HDEBUG(D_verify) debug_printf("callout cache: not available\n");
757 }
758 else
759 {
760 (void)dbfn_write(dbm_file, addr->domain, &new_domain_record,
761 (int)sizeof(dbdata_callout_cache));
762 HDEBUG(D_verify) debug_printf("wrote callout cache domain record:\n"
763 " result=%d postmaster=%d random=%d\n",
764 new_domain_record.result,
765 new_domain_record.postmaster_result,
766 new_domain_record.random_result);
767 }
768 }
769
770/* If a definite result was obtained for the callout, cache it unless caching
771is disabled. */
772
773if (done)
774 {
775 if (!callout_no_cache && new_address_record.result != ccache_unknown)
776 {
777 if (dbm_file == NULL)
778 dbm_file = dbfn_open(US"callout", O_RDWR|O_CREAT, &dbblock, FALSE);
779 if (dbm_file == NULL)
780 {
781 HDEBUG(D_verify) debug_printf("no callout cache available\n");
782 }
783 else
784 {
785 (void)dbfn_write(dbm_file, address_key, &new_address_record,
786 (int)sizeof(dbdata_callout_cache_address));
787 HDEBUG(D_verify) debug_printf("wrote %s callout cache address record\n",
788 (new_address_record.result == ccache_accept)? "positive" : "negative");
789 }
790 }
791 } /* done */
792
793/* Failure to connect to any host, or any response other than 2xx or 5xx is a
794temporary error. If there was only one host, and a response was received, leave
795it alone if supplying details. Otherwise, give a generic response. */
796
797else /* !done */
798 {
799 uschar *dullmsg = string_sprintf("Could not complete %s verify callout",
800 is_recipient? "recipient" : "sender");
801 yield = DEFER;
802
803 if (host_list->next != NULL || addr->message == NULL) addr->message = dullmsg;
804
805 addr->user_message = (!smtp_return_error_details)? dullmsg :
806 string_sprintf("%s for <%s>.\n"
807 "The mail server(s) for the domain may be temporarily unreachable, or\n"
808 "they may be permanently unreachable from this server. In the latter case,\n%s",
809 dullmsg, addr->address,
810 is_recipient?
811 "the address will never be accepted."
812 :
813 "you need to change the address or create an MX record for its domain\n"
814 "if it is supposed to be generally accessible from the Internet.\n"
815 "Talk to your mail administrator for details.");
816
817 /* Force a specific error code */
818
819 addr->basic_errno = ERRNO_CALLOUTDEFER;
820 }
821
822/* Come here from within the cache-reading code on fast-track exit. */
823
824END_CALLOUT:
825if (dbm_file != NULL) dbfn_close(dbm_file);
826return yield;
827}
828
829
830
831/*************************************************
832* Copy error to toplevel address *
833*************************************************/
834
835/* This function is used when a verify fails or defers, to ensure that the
836failure or defer information is in the original toplevel address. This applies
837when an address is redirected to a single new address, and the failure or
838deferral happens to the child address.
839
840Arguments:
841 vaddr the verify address item
842 addr the final address item
843 yield FAIL or DEFER
844
845Returns: the value of YIELD
846*/
847
848static int
849copy_error(address_item *vaddr, address_item *addr, int yield)
850{
851if (addr != vaddr)
852 {
853 vaddr->message = addr->message;
854 vaddr->user_message = addr->user_message;
855 vaddr->basic_errno = addr->basic_errno;
856 vaddr->more_errno = addr->more_errno;
b37c4101 857 vaddr->p.address_data = addr->p.address_data;
42855d71 858 copyflag(vaddr, addr, af_pass_message);
059ec3d9
PH
859 }
860return yield;
861}
862
863
864
865
ce552449
NM
866/**************************************************
867* printf that automatically handles TLS if needed *
868***************************************************/
869
870/* This function is used by verify_address() as a substitute for all fprintf()
871calls; a direct fprintf() will not produce output in a TLS SMTP session, such
872as a response to an EXPN command. smtp_in.c makes smtp_printf available but
873that assumes that we always use the smtp_out FILE* when not using TLS or the
874ssl buffer when we are. Instead we take a FILE* parameter and check to see if
875that is smtp_out; if so, smtp_printf() with TLS support, otherwise regular
876fprintf().
877
878Arguments:
879 f the candidate FILE* to write to
880 format format string
881 ... optional arguments
882
883Returns:
884 nothing
885*/
886
887static void PRINTF_FUNCTION(2,3)
888respond_printf(FILE *f, char *format, ...)
889{
890va_list ap;
891
892va_start(ap, format);
893if (smtp_out && (f == smtp_out))
894 smtp_vprintf(format, ap);
895else
513afc6a 896 vfprintf(f, format, ap);
ce552449
NM
897va_end(ap);
898}
899
900
901
059ec3d9
PH
902/*************************************************
903* Verify an email address *
904*************************************************/
905
906/* This function is used both for verification (-bv and at other times) and
907address testing (-bt), which is indicated by address_test_mode being set.
908
909Arguments:
910 vaddr contains the address to verify; the next field in this block
911 must be NULL
912 f if not NULL, write the result to this file
913 options various option bits:
914 vopt_fake_sender => this sender verify is not for the real
915 sender (it was verify=sender=xxxx or an address from a
916 header line) - rewriting must not change sender_address
917 vopt_is_recipient => this is a recipient address, otherwise
918 it's a sender address - this affects qualification and
919 rewriting and messages from callouts
920 vopt_qualify => qualify an unqualified address; else error
921 vopt_expn => called from SMTP EXPN command
eafd343b
TK
922 vopt_success_on_redirect => when a new address is generated
923 the verification instantly succeeds
059ec3d9
PH
924
925 These ones are used by do_callout() -- the options variable
926 is passed to it.
927
2a4be8f9 928 vopt_callout_fullpm => if postmaster check, do full one
059ec3d9
PH
929 vopt_callout_no_cache => don't use callout cache
930 vopt_callout_random => do the "random" thing
931 vopt_callout_recipsender => use real sender for recipient
932 vopt_callout_recippmaster => use postmaster for recipient
933
934 callout if > 0, specifies that callout is required, and gives timeout
4deaf07d 935 for individual commands
059ec3d9
PH
936 callout_overall if > 0, gives overall timeout for the callout function;
937 if < 0, a default is used (see do_callout())
8e669ac1 938 callout_connect the connection timeout for callouts
059ec3d9
PH
939 se_mailfrom when callout is requested to verify a sender, use this
940 in MAIL FROM; NULL => ""
941 pm_mailfrom when callout is requested, if non-NULL, do the postmaster
942 thing and use this as the sender address (may be "")
943
944 routed if not NULL, set TRUE if routing succeeded, so we can
945 distinguish between routing failed and callout failed
946
947Returns: OK address verified
948 FAIL address failed to verify
949 DEFER can't tell at present
950*/
951
952int
953verify_address(address_item *vaddr, FILE *f, int options, int callout,
8e669ac1 954 int callout_overall, int callout_connect, uschar *se_mailfrom,
4deaf07d 955 uschar *pm_mailfrom, BOOL *routed)
059ec3d9
PH
956{
957BOOL allok = TRUE;
958BOOL full_info = (f == NULL)? FALSE : (debug_selector != 0);
959BOOL is_recipient = (options & vopt_is_recipient) != 0;
960BOOL expn = (options & vopt_expn) != 0;
eafd343b 961BOOL success_on_redirect = (options & vopt_success_on_redirect) != 0;
059ec3d9
PH
962int i;
963int yield = OK;
964int verify_type = expn? v_expn :
965 address_test_mode? v_none :
966 is_recipient? v_recipient : v_sender;
967address_item *addr_list;
968address_item *addr_new = NULL;
969address_item *addr_remote = NULL;
970address_item *addr_local = NULL;
971address_item *addr_succeed = NULL;
8e669ac1 972uschar **failure_ptr = is_recipient?
2c7db3f5 973 &recipient_verify_failure : &sender_verify_failure;
059ec3d9
PH
974uschar *ko_prefix, *cr;
975uschar *address = vaddr->address;
976uschar *save_sender;
977uschar null_sender[] = { 0 }; /* Ensure writeable memory */
978
2c7db3f5
PH
979/* Clear, just in case */
980
981*failure_ptr = NULL;
982
059ec3d9
PH
983/* Set up a prefix and suffix for error message which allow us to use the same
984output statements both in EXPN mode (where an SMTP response is needed) and when
985debugging with an output file. */
986
987if (expn)
988 {
989 ko_prefix = US"553 ";
990 cr = US"\r";
991 }
992else ko_prefix = cr = US"";
993
994/* Add qualify domain if permitted; otherwise an unqualified address fails. */
995
996if (parse_find_at(address) == NULL)
997 {
998 if ((options & vopt_qualify) == 0)
999 {
1000 if (f != NULL)
ce552449
NM
1001 respond_printf(f, "%sA domain is required for \"%s\"%s\n",
1002 ko_prefix, address, cr);
8e669ac1 1003 *failure_ptr = US"qualify";
059ec3d9
PH
1004 return FAIL;
1005 }
1006 address = rewrite_address_qualify(address, is_recipient);
1007 }
1008
1009DEBUG(D_verify)
1010 {
1011 debug_printf(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n");
1012 debug_printf("%s %s\n", address_test_mode? "Testing" : "Verifying", address);
1013 }
1014
1015/* Rewrite and report on it. Clear the domain and local part caches - these
1016may have been set by domains and local part tests during an ACL. */
1017
1018if (global_rewrite_rules != NULL)
1019 {
1020 uschar *old = address;
1021 address = rewrite_address(address, is_recipient, FALSE,
1022 global_rewrite_rules, rewrite_existflags);
1023 if (address != old)
1024 {
1025 for (i = 0; i < (MAX_NAMED_LIST * 2)/32; i++) vaddr->localpart_cache[i] = 0;
1026 for (i = 0; i < (MAX_NAMED_LIST * 2)/32; i++) vaddr->domain_cache[i] = 0;
1027 if (f != NULL && !expn) fprintf(f, "Address rewritten as: %s\n", address);
1028 }
1029 }
1030
1031/* If this is the real sender address, we must update sender_address at
1032this point, because it may be referred to in the routers. */
1033
1034if ((options & (vopt_fake_sender|vopt_is_recipient)) == 0)
1035 sender_address = address;
1036
1037/* If the address was rewritten to <> no verification can be done, and we have
1038to return OK. This rewriting is permitted only for sender addresses; for other
1039addresses, such rewriting fails. */
1040
1041if (address[0] == 0) return OK;
1042
1043/* Save a copy of the sender address for re-instating if we change it to <>
1044while verifying a sender address (a nice bit of self-reference there). */
1045
1046save_sender = sender_address;
1047
1048/* Update the address structure with the possibly qualified and rewritten
1049address. Set it up as the starting address on the chain of new addresses. */
1050
1051vaddr->address = address;
1052addr_new = vaddr;
1053
1054/* We need a loop, because an address can generate new addresses. We must also
1055cope with generated pipes and files at the top level. (See also the code and
1056comment in deliver.c.) However, it is usually the case that the router for
1057user's .forward files has its verify flag turned off.
1058
1059If an address generates more than one child, the loop is used only when
1060full_info is set, and this can only be set locally. Remote enquiries just get
1061information about the top level address, not anything that it generated. */
1062
1063while (addr_new != NULL)
1064 {
1065 int rc;
1066 address_item *addr = addr_new;
1067
1068 addr_new = addr->next;
1069 addr->next = NULL;
1070
1071 DEBUG(D_verify)
1072 {
1073 debug_printf(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n");
1074 debug_printf("Considering %s\n", addr->address);
1075 }
1076
1077 /* Handle generated pipe, file or reply addresses. We don't get these
1078 when handling EXPN, as it does only one level of expansion. */
1079
1080 if (testflag(addr, af_pfr))
1081 {
1082 allok = FALSE;
1083 if (f != NULL)
1084 {
1085 BOOL allow;
1086
1087 if (addr->address[0] == '>')
1088 {
1089 allow = testflag(addr, af_allow_reply);
1090 fprintf(f, "%s -> mail %s", addr->parent->address, addr->address + 1);
1091 }
1092 else
1093 {
1094 allow = (addr->address[0] == '|')?
1095 testflag(addr, af_allow_pipe) : testflag(addr, af_allow_file);
1096 fprintf(f, "%s -> %s", addr->parent->address, addr->address);
1097 }
1098
1099 if (addr->basic_errno == ERRNO_BADTRANSPORT)
1100 fprintf(f, "\n*** Error in setting up pipe, file, or autoreply:\n"
1101 "%s\n", addr->message);
1102 else if (allow)
1103 fprintf(f, "\n transport = %s\n", addr->transport->name);
1104 else
1105 fprintf(f, " *** forbidden ***\n");
1106 }
1107 continue;
1108 }
1109
1110 /* Just in case some router parameter refers to it. */
1111
1112 return_path = (addr->p.errors_address != NULL)?
1113 addr->p.errors_address : sender_address;
1114
1115 /* Split the address into domain and local part, handling the %-hack if
1116 necessary, and then route it. While routing a sender address, set
1117 $sender_address to <> because that is what it will be if we were trying to
1118 send a bounce to the sender. */
1119
1120 if (routed != NULL) *routed = FALSE;
1121 if ((rc = deliver_split_address(addr)) == OK)
1122 {
1123 if (!is_recipient) sender_address = null_sender;
1124 rc = route_address(addr, &addr_local, &addr_remote, &addr_new,
1125 &addr_succeed, verify_type);
1126 sender_address = save_sender; /* Put back the real sender */
1127 }
1128
1129 /* If routing an address succeeded, set the flag that remembers, for use when
1130 an ACL cached a sender verify (in case a callout fails). Then if routing set
1131 up a list of hosts or the transport has a host list, and the callout option
1132 is set, and we aren't in a host checking run, do the callout verification,
1133 and set another flag that notes that a callout happened. */
1134
1135 if (rc == OK)
1136 {
1137 if (routed != NULL) *routed = TRUE;
1138 if (callout > 0)
1139 {
1140 host_item *host_list = addr->host_list;
1141
26da7e20
PH
1142 /* Make up some data for use in the case where there is no remote
1143 transport. */
1144
1145 transport_feedback tf = {
1146 NULL, /* interface (=> any) */
1147 US"smtp", /* port */
1148 US"smtp", /* protocol */
1149 NULL, /* hosts */
1150 US"$smtp_active_hostname", /* helo_data */
1151 FALSE, /* hosts_override */
1152 FALSE, /* hosts_randomize */
1153 FALSE, /* gethostbyname */
1154 TRUE, /* qualify_single */
1155 FALSE /* search_parents */
1156 };
059ec3d9
PH
1157
1158 /* If verification yielded a remote transport, we want to use that
1159 transport's options, so as to mimic what would happen if we were really
1160 sending a message to this address. */
1161
1162 if (addr->transport != NULL && !addr->transport->info->local)
1163 {
929ba01c 1164 (void)(addr->transport->setup)(addr->transport, addr, &tf, 0, 0, NULL);
059ec3d9
PH
1165
1166 /* If the transport has hosts and the router does not, or if the
1167 transport is configured to override the router's hosts, we must build a
1168 host list of the transport's hosts, and find the IP addresses */
1169
1170 if (tf.hosts != NULL && (host_list == NULL || tf.hosts_override))
1171 {
1172 uschar *s;
750af86e
PH
1173 uschar *save_deliver_domain = deliver_domain;
1174 uschar *save_deliver_localpart = deliver_localpart;
059ec3d9
PH
1175
1176 host_list = NULL; /* Ignore the router's hosts */
1177
1178 deliver_domain = addr->domain;
1179 deliver_localpart = addr->local_part;
1180 s = expand_string(tf.hosts);
750af86e
PH
1181 deliver_domain = save_deliver_domain;
1182 deliver_localpart = save_deliver_localpart;
059ec3d9
PH
1183
1184 if (s == NULL)
1185 {
1186 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand list of hosts "
1187 "\"%s\" in %s transport for callout: %s", tf.hosts,
1188 addr->transport->name, expand_string_message);
1189 }
1190 else
1191 {
322050c2 1192 int flags;
059ec3d9 1193 uschar *canonical_name;
d8ef3577 1194 host_item *host, *nexthost;
059ec3d9
PH
1195 host_build_hostlist(&host_list, s, tf.hosts_randomize);
1196
1197 /* Just ignore failures to find a host address. If we don't manage
8e669ac1
PH
1198 to find any addresses, the callout will defer. Note that more than
1199 one address may be found for a single host, which will result in
1200 additional host items being inserted into the chain. Hence we must
d8ef3577 1201 save the next host first. */
059ec3d9 1202
322050c2
PH
1203 flags = HOST_FIND_BY_A;
1204 if (tf.qualify_single) flags |= HOST_FIND_QUALIFY_SINGLE;
1205 if (tf.search_parents) flags |= HOST_FIND_SEARCH_PARENTS;
1206
d8ef3577 1207 for (host = host_list; host != NULL; host = nexthost)
059ec3d9 1208 {
d8ef3577 1209 nexthost = host->next;
8e669ac1 1210 if (tf.gethostbyname ||
7e66e54d 1211 string_is_ip_address(host->name, NULL) != 0)
322050c2 1212 (void)host_find_byname(host, NULL, flags, &canonical_name, TRUE);
059ec3d9 1213 else
059ec3d9
PH
1214 (void)host_find_bydns(host, NULL, flags, NULL, NULL, NULL,
1215 &canonical_name, NULL);
059ec3d9
PH
1216 }
1217 }
1218 }
1219 }
1220
8e669ac1 1221 /* Can only do a callout if we have at least one host! If the callout
2c7db3f5 1222 fails, it will have set ${sender,recipient}_verify_failure. */
059ec3d9
PH
1223
1224 if (host_list != NULL)
1225 {
1226 HDEBUG(D_verify) debug_printf("Attempting full verification using callout\n");
1227 if (host_checking && !host_checking_callout)
1228 {
1229 HDEBUG(D_verify)
1230 debug_printf("... callout omitted by default when host testing\n"
1231 "(Use -bhc if you want the callouts to happen.)\n");
1232 }
1233 else
1234 {
1235 rc = do_callout(addr, host_list, &tf, callout, callout_overall,
4deaf07d 1236 callout_connect, options, se_mailfrom, pm_mailfrom);
059ec3d9
PH
1237 }
1238 }
1239 else
1240 {
1241 HDEBUG(D_verify) debug_printf("Cannot do callout: neither router nor "
1242 "transport provided a host list\n");
1243 }
1244 }
1245 }
8e669ac1 1246
2c7db3f5 1247 /* Otherwise, any failure is a routing failure */
8e669ac1
PH
1248
1249 else *failure_ptr = US"route";
059ec3d9
PH
1250
1251 /* A router may return REROUTED if it has set up a child address as a result
1252 of a change of domain name (typically from widening). In this case we always
1253 want to continue to verify the new child. */
1254
1255 if (rc == REROUTED) continue;
8e669ac1 1256
059ec3d9
PH
1257 /* Handle hard failures */
1258
1259 if (rc == FAIL)
1260 {
1261 allok = FALSE;
1262 if (f != NULL)
1263 {
e6f6568e
PH
1264 address_item *p = addr->parent;
1265
ce552449
NM
1266 respond_printf(f, "%s%s %s", ko_prefix,
1267 full_info? addr->address : address,
059ec3d9
PH
1268 address_test_mode? "is undeliverable" : "failed to verify");
1269 if (!expn && admin_user)
1270 {
1271 if (addr->basic_errno > 0)
ce552449 1272 respond_printf(f, ": %s", strerror(addr->basic_errno));
059ec3d9 1273 if (addr->message != NULL)
ce552449 1274 respond_printf(f, ": %s", addr->message);
e6f6568e
PH
1275 }
1276
1277 /* Show parents iff doing full info */
1278
1279 if (full_info) while (p != NULL)
1280 {
ce552449 1281 respond_printf(f, "%s\n <-- %s", cr, p->address);
e6f6568e 1282 p = p->parent;
059ec3d9 1283 }
ce552449 1284 respond_printf(f, "%s\n", cr);
059ec3d9
PH
1285 }
1286
1287 if (!full_info) return copy_error(vaddr, addr, FAIL);
1288 else yield = FAIL;
1289 }
1290
1291 /* Soft failure */
1292
1293 else if (rc == DEFER)
1294 {
1295 allok = FALSE;
1296 if (f != NULL)
1297 {
e6f6568e 1298 address_item *p = addr->parent;
ce552449 1299 respond_printf(f, "%s%s cannot be resolved at this time", ko_prefix,
322050c2 1300 full_info? addr->address : address);
059ec3d9
PH
1301 if (!expn && admin_user)
1302 {
1303 if (addr->basic_errno > 0)
ce552449 1304 respond_printf(f, ": %s", strerror(addr->basic_errno));
059ec3d9 1305 if (addr->message != NULL)
ce552449 1306 respond_printf(f, ": %s", addr->message);
059ec3d9 1307 else if (addr->basic_errno <= 0)
ce552449 1308 respond_printf(f, ": unknown error");
059ec3d9
PH
1309 }
1310
e6f6568e
PH
1311 /* Show parents iff doing full info */
1312
1313 if (full_info) while (p != NULL)
1314 {
ce552449 1315 respond_printf(f, "%s\n <-- %s", cr, p->address);
e6f6568e
PH
1316 p = p->parent;
1317 }
ce552449 1318 respond_printf(f, "%s\n", cr);
059ec3d9
PH
1319 }
1320 if (!full_info) return copy_error(vaddr, addr, DEFER);
1321 else if (yield == OK) yield = DEFER;
1322 }
1323
1324 /* If we are handling EXPN, we do not want to continue to route beyond
e6f6568e 1325 the top level (whose address is in "address"). */
059ec3d9
PH
1326
1327 else if (expn)
1328 {
1329 uschar *ok_prefix = US"250-";
1330 if (addr_new == NULL)
1331 {
1332 if (addr_local == NULL && addr_remote == NULL)
ce552449 1333 respond_printf(f, "250 mail to <%s> is discarded\r\n", address);
059ec3d9 1334 else
ce552449 1335 respond_printf(f, "250 <%s>\r\n", address);
059ec3d9
PH
1336 }
1337 else while (addr_new != NULL)
1338 {
1339 address_item *addr2 = addr_new;
1340 addr_new = addr2->next;
1341 if (addr_new == NULL) ok_prefix = US"250 ";
ce552449 1342 respond_printf(f, "%s<%s>\r\n", ok_prefix, addr2->address);
059ec3d9
PH
1343 }
1344 return OK;
1345 }
1346
1347 /* Successful routing other than EXPN. */
1348
1349 else
1350 {
1351 /* Handle successful routing when short info wanted. Otherwise continue for
1352 other (generated) addresses. Short info is the operational case. Full info
1353 can be requested only when debug_selector != 0 and a file is supplied.
1354
1355 There is a conflict between the use of aliasing as an alternate email
1356 address, and as a sort of mailing list. If an alias turns the incoming
1357 address into just one address (e.g. J.Caesar->jc44) you may well want to
1358 carry on verifying the generated address to ensure it is valid when
1359 checking incoming mail. If aliasing generates multiple addresses, you
1360 probably don't want to do this. Exim therefore treats the generation of
1361 just a single new address as a special case, and continues on to verify the
1362 generated address. */
1363
1364 if (!full_info && /* Stop if short info wanted AND */
eafd343b
TK
1365 (((addr_new == NULL || /* No new address OR */
1366 addr_new->next != NULL || /* More than one new address OR */
1367 testflag(addr_new, af_pfr))) /* New address is pfr */
1368 || /* OR */
1369 (addr_new != NULL && /* At least one new address AND */
1370 success_on_redirect))) /* success_on_redirect is set */
059ec3d9 1371 {
322050c2 1372 if (f != NULL) fprintf(f, "%s %s\n", address,
059ec3d9
PH
1373 address_test_mode? "is deliverable" : "verified");
1374
1375 /* If we have carried on to verify a child address, we want the value
1376 of $address_data to be that of the child */
1377
1378 vaddr->p.address_data = addr->p.address_data;
1379 return OK;
1380 }
1381 }
1382 } /* Loop for generated addresses */
1383
1384/* Display the full results of the successful routing, including any generated
1385addresses. Control gets here only when full_info is set, which requires f not
1386to be NULL, and this occurs only when a top-level verify is called with the
1387debugging switch on.
1388
1389If there are no local and no remote addresses, and there were no pipes, files,
1390or autoreplies, and there were no errors or deferments, the message is to be
1391discarded, usually because of the use of :blackhole: in an alias file. */
1392
1393if (allok && addr_local == NULL && addr_remote == NULL)
dbcef0ea 1394 {
059ec3d9 1395 fprintf(f, "mail to %s is discarded\n", address);
dbcef0ea
PH
1396 return yield;
1397 }
059ec3d9 1398
dbcef0ea 1399for (addr_list = addr_local, i = 0; i < 2; addr_list = addr_remote, i++)
059ec3d9
PH
1400 {
1401 while (addr_list != NULL)
1402 {
1403 address_item *addr = addr_list;
1404 address_item *p = addr->parent;
1405 addr_list = addr->next;
1406
1407 fprintf(f, "%s", CS addr->address);
384152a6
TK
1408#ifdef EXPERIMENTAL_SRS
1409 if(addr->p.srs_sender)
1410 fprintf(f, " [srs = %s]", addr->p.srs_sender);
1411#endif
dbcef0ea
PH
1412
1413 /* If the address is a duplicate, show something about it. */
1414
1415 if (!testflag(addr, af_pfr))
1416 {
1417 tree_node *tnode;
1418 if ((tnode = tree_search(tree_duplicates, addr->unique)) != NULL)
1419 fprintf(f, " [duplicate, would not be delivered]");
1420 else tree_add_duplicate(addr->unique, addr);
1421 }
1422
1423 /* Now show its parents */
1424
059ec3d9
PH
1425 while (p != NULL)
1426 {
1427 fprintf(f, "\n <-- %s", p->address);
1428 p = p->parent;
1429 }
1430 fprintf(f, "\n ");
1431
1432 /* Show router, and transport */
1433
1434 fprintf(f, "router = %s, ", addr->router->name);
1435 fprintf(f, "transport = %s\n", (addr->transport == NULL)? US"unset" :
1436 addr->transport->name);
1437
1438 /* Show any hosts that are set up by a router unless the transport
1439 is going to override them; fiddle a bit to get a nice format. */
1440
1441 if (addr->host_list != NULL && addr->transport != NULL &&
1442 !addr->transport->overrides_hosts)
1443 {
1444 host_item *h;
1445 int maxlen = 0;
1446 int maxaddlen = 0;
1447 for (h = addr->host_list; h != NULL; h = h->next)
1448 {
1449 int len = Ustrlen(h->name);
1450 if (len > maxlen) maxlen = len;
1451 len = (h->address != NULL)? Ustrlen(h->address) : 7;
1452 if (len > maxaddlen) maxaddlen = len;
1453 }
1454 for (h = addr->host_list; h != NULL; h = h->next)
1455 {
1456 int len = Ustrlen(h->name);
1457 fprintf(f, " host %s ", h->name);
1458 while (len++ < maxlen) fprintf(f, " ");
1459 if (h->address != NULL)
1460 {
1461 fprintf(f, "[%s] ", h->address);
1462 len = Ustrlen(h->address);
1463 }
1464 else if (!addr->transport->info->local) /* Omit [unknown] for local */
1465 {
1466 fprintf(f, "[unknown] ");
1467 len = 7;
1468 }
1469 else len = -3;
1470 while (len++ < maxaddlen) fprintf(f," ");
1471 if (h->mx >= 0) fprintf(f, "MX=%d", h->mx);
1472 if (h->port != PORT_NONE) fprintf(f, " port=%d", h->port);
1473 if (h->status == hstatus_unusable) fprintf(f, " ** unusable **");
1474 fprintf(f, "\n");
1475 }
1476 }
1477 }
1478 }
1479
8e669ac1 1480/* Will be DEFER or FAIL if any one address has, only for full_info (which is
2c7db3f5
PH
1481the -bv or -bt case). */
1482
8e669ac1 1483return yield;
059ec3d9
PH
1484}
1485
1486
1487
1488
1489/*************************************************
1490* Check headers for syntax errors *
1491*************************************************/
1492
1493/* This function checks those header lines that contain addresses, and verifies
1494that all the addresses therein are syntactially correct.
1495
1496Arguments:
1497 msgptr where to put an error message
1498
1499Returns: OK
1500 FAIL
1501*/
1502
1503int
1504verify_check_headers(uschar **msgptr)
1505{
1506header_line *h;
1507uschar *colon, *s;
1eccaa59 1508int yield = OK;
059ec3d9 1509
1eccaa59 1510for (h = header_list; h != NULL && yield == OK; h = h->next)
059ec3d9
PH
1511 {
1512 if (h->type != htype_from &&
1513 h->type != htype_reply_to &&
1514 h->type != htype_sender &&
1515 h->type != htype_to &&
1516 h->type != htype_cc &&
1517 h->type != htype_bcc)
1518 continue;
1519
1520 colon = Ustrchr(h->text, ':');
1521 s = colon + 1;
1522 while (isspace(*s)) s++;
1523
1eccaa59
PH
1524 /* Loop for multiple addresses in the header, enabling group syntax. Note
1525 that we have to reset this after the header has been scanned. */
059ec3d9 1526
1eccaa59 1527 parse_allow_group = TRUE;
059ec3d9
PH
1528
1529 while (*s != 0)
1530 {
1531 uschar *ss = parse_find_address_end(s, FALSE);
1532 uschar *recipient, *errmess;
1533 int terminator = *ss;
1534 int start, end, domain;
1535
1536 /* Temporarily terminate the string at this point, and extract the
1eccaa59 1537 operative address within, allowing group syntax. */
059ec3d9
PH
1538
1539 *ss = 0;
1540 recipient = parse_extract_address(s,&errmess,&start,&end,&domain,FALSE);
1541 *ss = terminator;
1542
1543 /* Permit an unqualified address only if the message is local, or if the
1544 sending host is configured to be permitted to send them. */
1545
1546 if (recipient != NULL && domain == 0)
1547 {
1548 if (h->type == htype_from || h->type == htype_sender)
1549 {
1550 if (!allow_unqualified_sender) recipient = NULL;
1551 }
1552 else
1553 {
1554 if (!allow_unqualified_recipient) recipient = NULL;
1555 }
1556 if (recipient == NULL) errmess = US"unqualified address not permitted";
1557 }
1558
1559 /* It's an error if no address could be extracted, except for the special
1560 case of an empty address. */
1561
1562 if (recipient == NULL && Ustrcmp(errmess, "empty address") != 0)
1563 {
1564 uschar *verb = US"is";
1565 uschar *t = ss;
1ab95fa6 1566 uschar *tt = colon;
059ec3d9
PH
1567 int len;
1568
1569 /* Arrange not to include any white space at the end in the
1ab95fa6 1570 error message or the header name. */
059ec3d9
PH
1571
1572 while (t > s && isspace(t[-1])) t--;
1ab95fa6 1573 while (tt > h->text && isspace(tt[-1])) tt--;
059ec3d9 1574
1ab95fa6 1575 /* Add the address that failed to the error message, since in a
059ec3d9
PH
1576 header with very many addresses it is sometimes hard to spot
1577 which one is at fault. However, limit the amount of address to
1578 quote - cases have been seen where, for example, a missing double
1579 quote in a humungous To: header creates an "address" that is longer
1580 than string_sprintf can handle. */
1581
1582 len = t - s;
1583 if (len > 1024)
1584 {
1585 len = 1024;
1586 verb = US"begins";
1587 }
1588
1589 *msgptr = string_printing(
1ab95fa6
PH
1590 string_sprintf("%s: failing address in \"%.*s:\" header %s: %.*s",
1591 errmess, tt - h->text, h->text, verb, len, s));
059ec3d9 1592
1eccaa59
PH
1593 yield = FAIL;
1594 break; /* Out of address loop */
059ec3d9
PH
1595 }
1596
1597 /* Advance to the next address */
1598
1599 s = ss + (terminator? 1:0);
1600 while (isspace(*s)) s++;
1601 } /* Next address */
059ec3d9 1602
1eccaa59
PH
1603 parse_allow_group = FALSE;
1604 parse_found_group = FALSE;
1605 } /* Next header unless yield has been set FALSE */
1606
1607return yield;
059ec3d9
PH
1608}
1609
1610
1611
1c41c9cc
PH
1612/*************************************************
1613* Check for blind recipients *
1614*************************************************/
1615
1616/* This function checks that every (envelope) recipient is mentioned in either
1617the To: or Cc: header lines, thus detecting blind carbon copies.
1618
1619There are two ways of scanning that could be used: either scan the header lines
1620and tick off the recipients, or scan the recipients and check the header lines.
1621The original proposed patch did the former, but I have chosen to do the latter,
1622because (a) it requires no memory and (b) will use fewer resources when there
1623are many addresses in To: and/or Cc: and only one or two envelope recipients.
1624
1625Arguments: none
1626Returns: OK if there are no blind recipients
1627 FAIL if there is at least one blind recipient
1628*/
1629
1630int
1631verify_check_notblind(void)
1632{
1633int i;
1634for (i = 0; i < recipients_count; i++)
1635 {
1636 header_line *h;
1637 BOOL found = FALSE;
1638 uschar *address = recipients_list[i].address;
1639
1640 for (h = header_list; !found && h != NULL; h = h->next)
1641 {
1642 uschar *colon, *s;
1643
1644 if (h->type != htype_to && h->type != htype_cc) continue;
1645
1646 colon = Ustrchr(h->text, ':');
1647 s = colon + 1;
1648 while (isspace(*s)) s++;
1649
1eccaa59
PH
1650 /* Loop for multiple addresses in the header, enabling group syntax. Note
1651 that we have to reset this after the header has been scanned. */
1c41c9cc 1652
1eccaa59 1653 parse_allow_group = TRUE;
1c41c9cc
PH
1654
1655 while (*s != 0)
1656 {
1657 uschar *ss = parse_find_address_end(s, FALSE);
1658 uschar *recipient,*errmess;
1659 int terminator = *ss;
1660 int start, end, domain;
1661
1662 /* Temporarily terminate the string at this point, and extract the
1eccaa59 1663 operative address within, allowing group syntax. */
1c41c9cc
PH
1664
1665 *ss = 0;
1666 recipient = parse_extract_address(s,&errmess,&start,&end,&domain,FALSE);
1667 *ss = terminator;
1668
1669 /* If we found a valid recipient that has a domain, compare it with the
1670 envelope recipient. Local parts are compared case-sensitively, domains
1671 case-insensitively. By comparing from the start with length "domain", we
1672 include the "@" at the end, which ensures that we are comparing the whole
1673 local part of each address. */
1674
1675 if (recipient != NULL && domain != 0)
1676 {
1677 found = Ustrncmp(recipient, address, domain) == 0 &&
1678 strcmpic(recipient + domain, address + domain) == 0;
1679 if (found) break;
1680 }
1681
1682 /* Advance to the next address */
1683
1684 s = ss + (terminator? 1:0);
1685 while (isspace(*s)) s++;
1686 } /* Next address */
1eccaa59
PH
1687
1688 parse_allow_group = FALSE;
1689 parse_found_group = FALSE;
1c41c9cc
PH
1690 } /* Next header (if found is false) */
1691
1692 if (!found) return FAIL;
1693 } /* Next recipient */
1694
1695return OK;
1696}
1697
1698
059ec3d9
PH
1699
1700/*************************************************
1701* Find if verified sender *
1702*************************************************/
1703
1704/* Usually, just a single address is verified as the sender of the message.
1705However, Exim can be made to verify other addresses as well (often related in
1706some way), and this is useful in some environments. There may therefore be a
1707chain of such addresses that have previously been tested. This function finds
1708whether a given address is on the chain.
1709
1710Arguments: the address to be verified
1711Returns: pointer to an address item, or NULL
1712*/
1713
1714address_item *
1715verify_checked_sender(uschar *sender)
1716{
1717address_item *addr;
1718for (addr = sender_verified_list; addr != NULL; addr = addr->next)
1719 if (Ustrcmp(sender, addr->address) == 0) break;
1720return addr;
1721}
1722
1723
1724
1725
1726
1727/*************************************************
1728* Get valid header address *
1729*************************************************/
1730
1731/* Scan the originator headers of the message, looking for an address that
1732verifies successfully. RFC 822 says:
1733
1734 o The "Sender" field mailbox should be sent notices of
1735 any problems in transport or delivery of the original
1736 messages. If there is no "Sender" field, then the
1737 "From" field mailbox should be used.
1738
1739 o If the "Reply-To" field exists, then the reply should
1740 go to the addresses indicated in that field and not to
1741 the address(es) indicated in the "From" field.
1742
1743So we check a Sender field if there is one, else a Reply_to field, else a From
1744field. As some strange messages may have more than one of these fields,
1745especially if they are resent- fields, check all of them if there is more than
1746one.
1747
1748Arguments:
1749 user_msgptr points to where to put a user error message
1750 log_msgptr points to where to put a log error message
1751 callout timeout for callout check (passed to verify_address())
1752 callout_overall overall callout timeout (ditto)
8e669ac1 1753 callout_connect connect callout timeout (ditto)
059ec3d9
PH
1754 se_mailfrom mailfrom for verify; NULL => ""
1755 pm_mailfrom sender for pm callout check (passed to verify_address())
1756 options callout options (passed to verify_address())
8e669ac1 1757 verrno where to put the address basic_errno
059ec3d9
PH
1758
1759If log_msgptr is set to something without setting user_msgptr, the caller
1760normally uses log_msgptr for both things.
1761
1762Returns: result of the verification attempt: OK, FAIL, or DEFER;
1763 FAIL is given if no appropriate headers are found
1764*/
1765
1766int
1767verify_check_header_address(uschar **user_msgptr, uschar **log_msgptr,
8e669ac1 1768 int callout, int callout_overall, int callout_connect, uschar *se_mailfrom,
fe5b5d0b 1769 uschar *pm_mailfrom, int options, int *verrno)
059ec3d9
PH
1770{
1771static int header_types[] = { htype_sender, htype_reply_to, htype_from };
1eccaa59 1772BOOL done = FALSE;
059ec3d9
PH
1773int yield = FAIL;
1774int i;
1775
1eccaa59 1776for (i = 0; i < 3 && !done; i++)
059ec3d9
PH
1777 {
1778 header_line *h;
1eccaa59 1779 for (h = header_list; h != NULL && !done; h = h->next)
059ec3d9
PH
1780 {
1781 int terminator, new_ok;
1782 uschar *s, *ss, *endname;
1783
1784 if (h->type != header_types[i]) continue;
1785 s = endname = Ustrchr(h->text, ':') + 1;
1786
1eccaa59
PH
1787 /* Scan the addresses in the header, enabling group syntax. Note that we
1788 have to reset this after the header has been scanned. */
1789
1790 parse_allow_group = TRUE;
1791
059ec3d9
PH
1792 while (*s != 0)
1793 {
1794 address_item *vaddr;
1795
1796 while (isspace(*s) || *s == ',') s++;
1797 if (*s == 0) break; /* End of header */
1798
1799 ss = parse_find_address_end(s, FALSE);
1800
1801 /* The terminator is a comma or end of header, but there may be white
1802 space preceding it (including newline for the last address). Move back
1803 past any white space so we can check against any cached envelope sender
1804 address verifications. */
1805
1806 while (isspace(ss[-1])) ss--;
1807 terminator = *ss;
1808 *ss = 0;
1809
1810 HDEBUG(D_verify) debug_printf("verifying %.*s header address %s\n",
1811 (int)(endname - h->text), h->text, s);
1812
1813 /* See if we have already verified this address as an envelope sender,
1814 and if so, use the previous answer. */
1815
1816 vaddr = verify_checked_sender(s);
1817
1818 if (vaddr != NULL && /* Previously checked */
1819 (callout <= 0 || /* No callout needed; OR */
1820 vaddr->special_action > 256)) /* Callout was done */
1821 {
1822 new_ok = vaddr->special_action & 255;
1823 HDEBUG(D_verify) debug_printf("previously checked as envelope sender\n");
1824 *ss = terminator; /* Restore shortened string */
1825 }
1826
1827 /* Otherwise we run the verification now. We must restore the shortened
1828 string before running the verification, so the headers are correct, in
1829 case there is any rewriting. */
1830
1831 else
1832 {
1833 int start, end, domain;
1eccaa59
PH
1834 uschar *address = parse_extract_address(s, log_msgptr, &start, &end,
1835 &domain, FALSE);
059ec3d9
PH
1836
1837 *ss = terminator;
1838
1eccaa59
PH
1839 /* If we found an empty address, just carry on with the next one, but
1840 kill the message. */
1841
1842 if (address == NULL && Ustrcmp(*log_msgptr, "empty address") == 0)
1843 {
1844 *log_msgptr = NULL;
1845 s = ss;
1846 continue;
1847 }
1848
059ec3d9
PH
1849 /* If verification failed because of a syntax error, fail this
1850 function, and ensure that the failing address gets added to the error
1851 message. */
1852
1853 if (address == NULL)
1854 {
1855 new_ok = FAIL;
1eccaa59
PH
1856 while (ss > s && isspace(ss[-1])) ss--;
1857 *log_msgptr = string_sprintf("syntax error in '%.*s' header when "
1858 "scanning for sender: %s in \"%.*s\"",
1859 endname - h->text, h->text, *log_msgptr, ss - s, s);
1860 yield = FAIL;
1861 done = TRUE;
1862 break;
059ec3d9
PH
1863 }
1864
2f6603e1 1865 /* Else go ahead with the sender verification. But it isn't *the*
059ec3d9
PH
1866 sender of the message, so set vopt_fake_sender to stop sender_address
1867 being replaced after rewriting or qualification. */
1868
1869 else
1870 {
1871 vaddr = deliver_make_addr(address, FALSE);
1872 new_ok = verify_address(vaddr, NULL, options | vopt_fake_sender,
8e669ac1 1873 callout, callout_overall, callout_connect, se_mailfrom,
4deaf07d 1874 pm_mailfrom, NULL);
059ec3d9
PH
1875 }
1876 }
1877
1878 /* We now have the result, either newly found, or cached. If we are
1879 giving out error details, set a specific user error. This means that the
1880 last of these will be returned to the user if all three fail. We do not
1881 set a log message - the generic one below will be used. */
1882
fe5b5d0b 1883 if (new_ok != OK)
059ec3d9 1884 {
8e669ac1 1885 *verrno = vaddr->basic_errno;
fe5b5d0b
PH
1886 if (smtp_return_error_details)
1887 {
1888 *user_msgptr = string_sprintf("Rejected after DATA: "
1889 "could not verify \"%.*s\" header address\n%s: %s",
1890 endname - h->text, h->text, vaddr->address, vaddr->message);
1891 }
8e669ac1 1892 }
059ec3d9
PH
1893
1894 /* Success or defer */
1895
1eccaa59
PH
1896 if (new_ok == OK)
1897 {
1898 yield = OK;
1899 done = TRUE;
1900 break;
1901 }
1902
059ec3d9
PH
1903 if (new_ok == DEFER) yield = DEFER;
1904
1905 /* Move on to any more addresses in the header */
1906
1907 s = ss;
1eccaa59
PH
1908 } /* Next address */
1909
1910 parse_allow_group = FALSE;
1911 parse_found_group = FALSE;
1912 } /* Next header, unless done */
1913 } /* Next header type unless done */
059ec3d9
PH
1914
1915if (yield == FAIL && *log_msgptr == NULL)
1916 *log_msgptr = US"there is no valid sender in any header line";
1917
1918if (yield == DEFER && *log_msgptr == NULL)
1919 *log_msgptr = US"all attempts to verify a sender in a header line deferred";
1920
1921return yield;
1922}
1923
1924
1925
1926
1927/*************************************************
1928* Get RFC 1413 identification *
1929*************************************************/
1930
1931/* Attempt to get an id from the sending machine via the RFC 1413 protocol. If
1932the timeout is set to zero, then the query is not done. There may also be lists
1933of hosts and nets which are exempt. To guard against malefactors sending
1934non-printing characters which could, for example, disrupt a message's headers,
1935make sure the string consists of printing characters only.
1936
1937Argument:
1938 port the port to connect to; usually this is IDENT_PORT (113), but when
1939 running in the test harness with -bh a different value is used.
1940
1941Returns: nothing
1942
1943Side effect: any received ident value is put in sender_ident (NULL otherwise)
1944*/
1945
1946void
1947verify_get_ident(int port)
1948{
1949int sock, host_af, qlen;
1950int received_sender_port, received_interface_port, n;
1951uschar *p;
1952uschar buffer[2048];
1953
1954/* Default is no ident. Check whether we want to do an ident check for this
1955host. */
1956
1957sender_ident = NULL;
1958if (rfc1413_query_timeout <= 0 || verify_check_host(&rfc1413_hosts) != OK)
1959 return;
1960
1961DEBUG(D_ident) debug_printf("doing ident callback\n");
1962
1963/* Set up a connection to the ident port of the remote host. Bind the local end
1964to the incoming interface address. If the sender host address is an IPv6
1965address, the incoming interface address will also be IPv6. */
1966
1967host_af = (Ustrchr(sender_host_address, ':') == NULL)? AF_INET : AF_INET6;
1968sock = ip_socket(SOCK_STREAM, host_af);
1969if (sock < 0) return;
1970
1971if (ip_bind(sock, host_af, interface_address, 0) < 0)
1972 {
1973 DEBUG(D_ident) debug_printf("bind socket for ident failed: %s\n",
1974 strerror(errno));
1975 goto END_OFF;
1976 }
1977
1978if (ip_connect(sock, host_af, sender_host_address, port, rfc1413_query_timeout)
1979 < 0)
1980 {
1981 if (errno == ETIMEDOUT && (log_extra_selector & LX_ident_timeout) != 0)
1982 {
1983 log_write(0, LOG_MAIN, "ident connection to %s timed out",
1984 sender_host_address);
1985 }
1986 else
1987 {
1988 DEBUG(D_ident) debug_printf("ident connection to %s failed: %s\n",
1989 sender_host_address, strerror(errno));
1990 }
1991 goto END_OFF;
1992 }
1993
1994/* Construct and send the query. */
1995
1996sprintf(CS buffer, "%d , %d\r\n", sender_host_port, interface_port);
1997qlen = Ustrlen(buffer);
1998if (send(sock, buffer, qlen, 0) < 0)
1999 {
2000 DEBUG(D_ident) debug_printf("ident send failed: %s\n", strerror(errno));
2001 goto END_OFF;
2002 }
2003
2004/* Read a response line. We put it into the rest of the buffer, using several
2005recv() calls if necessary. */
2006
2007p = buffer + qlen;
2008
2009for (;;)
2010 {
2011 uschar *pp;
2012 int count;
2013 int size = sizeof(buffer) - (p - buffer);
2014
2015 if (size <= 0) goto END_OFF; /* Buffer filled without seeing \n. */
2016 count = ip_recv(sock, p, size, rfc1413_query_timeout);
2017 if (count <= 0) goto END_OFF; /* Read error or EOF */
2018
2019 /* Scan what we just read, to see if we have reached the terminating \r\n. Be
2020 generous, and accept a plain \n terminator as well. The only illegal
2021 character is 0. */
2022
2023 for (pp = p; pp < p + count; pp++)
2024 {
2025 if (*pp == 0) goto END_OFF; /* Zero octet not allowed */
2026 if (*pp == '\n')
2027 {
2028 if (pp[-1] == '\r') pp--;
2029 *pp = 0;
2030 goto GOT_DATA; /* Break out of both loops */
2031 }
2032 }
2033
2034 /* Reached the end of the data without finding \n. Let the loop continue to
2035 read some more, if there is room. */
2036
2037 p = pp;
2038 }
2039
2040GOT_DATA:
2041
2042/* We have received a line of data. Check it carefully. It must start with the
2043same two port numbers that we sent, followed by data as defined by the RFC. For
2044example,
2045
2046 12345 , 25 : USERID : UNIX :root
2047
2048However, the amount of white space may be different to what we sent. In the
2049"osname" field there may be several sub-fields, comma separated. The data we
2050actually want to save follows the third colon. Some systems put leading spaces
2051in it - we discard those. */
2052
2053if (sscanf(CS buffer + qlen, "%d , %d%n", &received_sender_port,
2054 &received_interface_port, &n) != 2 ||
2055 received_sender_port != sender_host_port ||
2056 received_interface_port != interface_port)
2057 goto END_OFF;
2058
2059p = buffer + qlen + n;
2060while(isspace(*p)) p++;
2061if (*p++ != ':') goto END_OFF;
2062while(isspace(*p)) p++;
2063if (Ustrncmp(p, "USERID", 6) != 0) goto END_OFF;
2064p += 6;
2065while(isspace(*p)) p++;
2066if (*p++ != ':') goto END_OFF;
2067while (*p != 0 && *p != ':') p++;
2068if (*p++ == 0) goto END_OFF;
2069while(isspace(*p)) p++;
2070if (*p == 0) goto END_OFF;
2071
2072/* The rest of the line is the data we want. We turn it into printing
2073characters when we save it, so that it cannot mess up the format of any logging
2074or Received: lines into which it gets inserted. We keep a maximum of 127
2075characters. */
2076
2077sender_ident = string_printing(string_copyn(p, 127));
2078DEBUG(D_ident) debug_printf("sender_ident = %s\n", sender_ident);
2079
2080END_OFF:
f1e894f3 2081(void)close(sock);
059ec3d9
PH
2082return;
2083}
2084
2085
2086
2087
2088/*************************************************
2089* Match host to a single host-list item *
2090*************************************************/
2091
2092/* This function compares a host (name or address) against a single item
2093from a host list. The host name gets looked up if it is needed and is not
2094already known. The function is called from verify_check_this_host() via
2095match_check_list(), which is why most of its arguments are in a single block.
2096
2097Arguments:
2098 arg the argument block (see below)
2099 ss the host-list item
2100 valueptr where to pass back looked up data, or NULL
2101 error for error message when returning ERROR
2102
2103The block contains:
32d668a5
PH
2104 host_name (a) the host name, or
2105 (b) NULL, implying use sender_host_name and
2106 sender_host_aliases, looking them up if required, or
2107 (c) the empty string, meaning that only IP address matches
2108 are permitted
059ec3d9
PH
2109 host_address the host address
2110 host_ipv4 the IPv4 address taken from an IPv6 one
2111
2112Returns: OK matched
2113 FAIL did not match
2114 DEFER lookup deferred
32d668a5
PH
2115 ERROR (a) failed to find the host name or IP address, or
2116 (b) unknown lookup type specified, or
2117 (c) host name encountered when only IP addresses are
2118 being matched
059ec3d9
PH
2119*/
2120
32d668a5 2121int
059ec3d9
PH
2122check_host(void *arg, uschar *ss, uschar **valueptr, uschar **error)
2123{
2124check_host_block *cb = (check_host_block *)arg;
32d668a5 2125int mlen = -1;
059ec3d9 2126int maskoffset;
32d668a5 2127BOOL iplookup = FALSE;
059ec3d9 2128BOOL isquery = FALSE;
32d668a5 2129BOOL isiponly = cb->host_name != NULL && cb->host_name[0] == 0;
1688f43b 2130uschar *t;
32d668a5 2131uschar *semicolon;
059ec3d9
PH
2132uschar **aliases;
2133
2134/* Optimize for the special case when the pattern is "*". */
2135
2136if (*ss == '*' && ss[1] == 0) return OK;
2137
2138/* If the pattern is empty, it matches only in the case when there is no host -
2139this can occur in ACL checking for SMTP input using the -bs option. In this
2140situation, the host address is the empty string. */
2141
2142if (cb->host_address[0] == 0) return (*ss == 0)? OK : FAIL;
2143if (*ss == 0) return FAIL;
2144
32d668a5
PH
2145/* If the pattern is precisely "@" then match against the primary host name,
2146provided that host name matching is permitted; if it's "@[]" match against the
2147local host's IP addresses. */
059ec3d9
PH
2148
2149if (*ss == '@')
2150 {
32d668a5
PH
2151 if (ss[1] == 0)
2152 {
2153 if (isiponly) return ERROR;
2154 ss = primary_hostname;
2155 }
059ec3d9
PH
2156 else if (Ustrcmp(ss, "@[]") == 0)
2157 {
2158 ip_address_item *ip;
2159 for (ip = host_find_interfaces(); ip != NULL; ip = ip->next)
2160 if (Ustrcmp(ip->address, cb->host_address) == 0) return OK;
2161 return FAIL;
2162 }
2163 }
2164
2165/* If the pattern is an IP address, optionally followed by a bitmask count, do
2166a (possibly masked) comparision with the current IP address. */
2167
7e66e54d 2168if (string_is_ip_address(ss, &maskoffset) != 0)
059ec3d9
PH
2169 return (host_is_in_net(cb->host_address, ss, maskoffset)? OK : FAIL);
2170
1688f43b
PH
2171/* The pattern is not an IP address. A common error that people make is to omit
2172one component of an IPv4 address, either by accident, or believing that, for
2173example, 1.2.3/24 is the same as 1.2.3.0/24, or 1.2.3 is the same as 1.2.3.0,
2174which it isn't. (Those applications that do accept 1.2.3 as an IP address
2175interpret it as 1.2.0.3 because the final component becomes 16-bit - this is an
2176ancient specification.) To aid in debugging these cases, we give a specific
2177error if the pattern contains only digits and dots or contains a slash preceded
2178only by digits and dots (a slash at the start indicates a file name and of
2179course slashes may be present in lookups, but not preceded only by digits and
2180dots). */
2181
2182for (t = ss; isdigit(*t) || *t == '.'; t++);
2183if (*t == 0 || (*t == '/' && t != ss))
2184 {
2185 *error = US"malformed IPv4 address or address mask";
2186 return ERROR;
2187 }
2188
32d668a5 2189/* See if there is a semicolon in the pattern */
059ec3d9 2190
32d668a5
PH
2191semicolon = Ustrchr(ss, ';');
2192
2193/* If we are doing an IP address only match, then all lookups must be IP
df199fec 2194address lookups, even if there is no "net-". */
32d668a5
PH
2195
2196if (isiponly)
059ec3d9 2197 {
32d668a5
PH
2198 iplookup = semicolon != NULL;
2199 }
059ec3d9 2200
32d668a5 2201/* Otherwise, if the item is of the form net[n]-lookup;<file|query> then it is
df199fec
PH
2202a lookup on a masked IP network, in textual form. We obey this code even if we
2203have already set iplookup, so as to skip over the "net-" prefix and to set the
2204mask length. The net- stuff really only applies to single-key lookups where the
2205key is implicit. For query-style lookups the key is specified in the query.
2206From release 4.30, the use of net- for query style is no longer needed, but we
2207retain it for backward compatibility. */
2208
2209if (Ustrncmp(ss, "net", 3) == 0 && semicolon != NULL)
32d668a5
PH
2210 {
2211 mlen = 0;
2212 for (t = ss + 3; isdigit(*t); t++) mlen = mlen * 10 + *t - '0';
2213 if (mlen == 0 && t == ss+3) mlen = -1; /* No mask supplied */
2214 iplookup = (*t++ == '-');
2215 }
1688f43b 2216else t = ss;
059ec3d9 2217
32d668a5 2218/* Do the IP address lookup if that is indeed what we have */
059ec3d9 2219
32d668a5
PH
2220if (iplookup)
2221 {
2222 int insize;
2223 int search_type;
2224 int incoming[4];
2225 void *handle;
2226 uschar *filename, *key, *result;
2227 uschar buffer[64];
059ec3d9 2228
32d668a5 2229 /* Find the search type */
059ec3d9 2230
32d668a5 2231 search_type = search_findtype(t, semicolon - t);
059ec3d9 2232
32d668a5
PH
2233 if (search_type < 0) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s",
2234 search_error_message);
059ec3d9 2235
13b685f9
PH
2236 /* Adjust parameters for the type of lookup. For a query-style lookup, there
2237 is no file name, and the "key" is just the query. For query-style with a file
2238 name, we have to fish the file off the start of the query. For a single-key
2239 lookup, the key is the current IP address, masked appropriately, and
2240 reconverted to text form, with the mask appended. For IPv6 addresses, specify
6a3bceb1
PH
2241 dot separators instead of colons, except when the lookup type is "iplsearch".
2242 */
059ec3d9 2243
13b685f9
PH
2244 if (mac_islookup(search_type, lookup_absfilequery))
2245 {
2246 filename = semicolon + 1;
2247 key = filename;
2248 while (*key != 0 && !isspace(*key)) key++;
2249 filename = string_copyn(filename, key - filename);
2250 while (isspace(*key)) key++;
2251 }
2252 else if (mac_islookup(search_type, lookup_querystyle))
32d668a5
PH
2253 {
2254 filename = NULL;
2255 key = semicolon + 1;
2256 }
6a3bceb1 2257 else /* Single-key style */
32d668a5 2258 {
e6d225ae 2259 int sep = (Ustrcmp(lookup_list[search_type]->name, "iplsearch") == 0)?
6a3bceb1 2260 ':' : '.';
32d668a5
PH
2261 insize = host_aton(cb->host_address, incoming);
2262 host_mask(insize, incoming, mlen);
6a3bceb1 2263 (void)host_nmtoa(insize, incoming, mlen, buffer, sep);
32d668a5
PH
2264 key = buffer;
2265 filename = semicolon + 1;
059ec3d9 2266 }
32d668a5
PH
2267
2268 /* Now do the actual lookup; note that there is no search_close() because
2269 of the caching arrangements. */
2270
2271 handle = search_open(filename, search_type, 0, NULL, NULL);
2272 if (handle == NULL) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s",
2273 search_error_message);
2274 result = search_find(handle, filename, key, -1, NULL, 0, 0, NULL);
2275 if (valueptr != NULL) *valueptr = result;
2276 return (result != NULL)? OK : search_find_defer? DEFER: FAIL;
059ec3d9
PH
2277 }
2278
2279/* The pattern is not an IP address or network reference of any kind. That is,
32d668a5
PH
2280it is a host name pattern. If this is an IP only match, there's an error in the
2281host list. */
2282
2283if (isiponly)
2284 {
2285 *error = US"cannot match host name in match_ip list";
2286 return ERROR;
2287 }
2288
2289/* Check the characters of the pattern to see if they comprise only letters,
2290digits, full stops, and hyphens (the constituents of domain names). Allow
2291underscores, as they are all too commonly found. Sigh. Also, if
2292allow_utf8_domains is set, allow top-bit characters. */
059ec3d9
PH
2293
2294for (t = ss; *t != 0; t++)
2295 if (!isalnum(*t) && *t != '.' && *t != '-' && *t != '_' &&
2296 (!allow_utf8_domains || *t < 128)) break;
2297
2298/* If the pattern is a complete domain name, with no fancy characters, look up
2299its IP address and match against that. Note that a multi-homed host will add
2300items to the chain. */
2301
2302if (*t == 0)
2303 {
2304 int rc;
2305 host_item h;
2306 h.next = NULL;
2307 h.name = ss;
2308 h.address = NULL;
2309 h.mx = MX_NONE;
9b8fadde 2310
322050c2 2311 rc = host_find_byname(&h, NULL, HOST_FIND_QUALIFY_SINGLE, NULL, FALSE);
059ec3d9
PH
2312 if (rc == HOST_FOUND || rc == HOST_FOUND_LOCAL)
2313 {
2314 host_item *hh;
2315 for (hh = &h; hh != NULL; hh = hh->next)
2316 {
96776534 2317 if (host_is_in_net(hh->address, cb->host_address, 0)) return OK;
059ec3d9
PH
2318 }
2319 return FAIL;
2320 }
2321 if (rc == HOST_FIND_AGAIN) return DEFER;
2322 *error = string_sprintf("failed to find IP address for %s", ss);
2323 return ERROR;
2324 }
2325
2326/* Almost all subsequent comparisons require the host name, and can be done
2327using the general string matching function. When this function is called for
2328outgoing hosts, the name is always given explicitly. If it is NULL, it means we
2329must use sender_host_name and its aliases, looking them up if necessary. */
2330
2331if (cb->host_name != NULL) /* Explicit host name given */
2332 return match_check_string(cb->host_name, ss, -1, TRUE, TRUE, TRUE,
2333 valueptr);
2334
2335/* Host name not given; in principle we need the sender host name and its
2336aliases. However, for query-style lookups, we do not need the name if the
2337query does not contain $sender_host_name. From release 4.23, a reference to
2338$sender_host_name causes it to be looked up, so we don't need to do the lookup
2339on spec. */
2340
2341if ((semicolon = Ustrchr(ss, ';')) != NULL)
2342 {
2343 uschar *affix;
2344 int partial, affixlen, starflags, id;
2345
2346 *semicolon = 0;
2347 id = search_findtype_partial(ss, &partial, &affix, &affixlen, &starflags);
2348 *semicolon=';';
2349
2350 if (id < 0) /* Unknown lookup type */
2351 {
2352 log_write(0, LOG_MAIN|LOG_PANIC, "%s in host list item \"%s\"",
2353 search_error_message, ss);
2354 return DEFER;
2355 }
13b685f9 2356 isquery = mac_islookup(id, lookup_querystyle|lookup_absfilequery);
059ec3d9
PH
2357 }
2358
2359if (isquery)
2360 {
2361 switch(match_check_string(US"", ss, -1, TRUE, TRUE, TRUE, valueptr))
2362 {
2363 case OK: return OK;
2364 case DEFER: return DEFER;
2365 default: return FAIL;
2366 }
2367 }
2368
2369/* Not a query-style lookup; must ensure the host name is present, and then we
2370do a check on the name and all its aliases. */
2371
2372if (sender_host_name == NULL)
2373 {
2374 HDEBUG(D_host_lookup)
2375 debug_printf("sender host name required, to match against %s\n", ss);
2376 if (host_lookup_failed || host_name_lookup() != OK)
2377 {
2378 *error = string_sprintf("failed to find host name for %s",
2379 sender_host_address);;
2380 return ERROR;
2381 }
2382 host_build_sender_fullhost();
2383 }
2384
2385/* Match on the sender host name, using the general matching function */
2386
2387switch(match_check_string(sender_host_name, ss, -1, TRUE, TRUE, TRUE,
2388 valueptr))
2389 {
2390 case OK: return OK;
2391 case DEFER: return DEFER;
2392 }
2393
2394/* If there are aliases, try matching on them. */
2395
2396aliases = sender_host_aliases;
2397while (*aliases != NULL)
2398 {
2399 switch(match_check_string(*aliases++, ss, -1, TRUE, TRUE, TRUE, valueptr))
2400 {
2401 case OK: return OK;
2402 case DEFER: return DEFER;
2403 }
2404 }
2405return FAIL;
2406}
2407
2408
2409
2410
2411/*************************************************
2412* Check a specific host matches a host list *
2413*************************************************/
2414
2415/* This function is passed a host list containing items in a number of
2416different formats and the identity of a host. Its job is to determine whether
2417the given host is in the set of hosts defined by the list. The host name is
2418passed as a pointer so that it can be looked up if needed and not already
2419known. This is commonly the case when called from verify_check_host() to check
2420an incoming connection. When called from elsewhere the host name should usually
2421be set.
2422
2423This function is now just a front end to match_check_list(), which runs common
2424code for scanning a list. We pass it the check_host() function to perform a
2425single test.
2426
2427Arguments:
2428 listptr pointer to the host list
2429 cache_bits pointer to cache for named lists, or NULL
2430 host_name the host name or NULL, implying use sender_host_name and
2431 sender_host_aliases, looking them up if required
2432 host_address the IP address
2433 valueptr if not NULL, data from a lookup is passed back here
2434
2435Returns: OK if the host is in the defined set
2436 FAIL if the host is not in the defined set,
2437 DEFER if a data lookup deferred (not a host lookup)
2438
2439If the host name was needed in order to make a comparison, and could not be
2440determined from the IP address, the result is FAIL unless the item
2441"+allow_unknown" was met earlier in the list, in which case OK is returned. */
2442
2443int
2444verify_check_this_host(uschar **listptr, unsigned int *cache_bits,
2445 uschar *host_name, uschar *host_address, uschar **valueptr)
2446{
d4eb88df 2447int rc;
059ec3d9 2448unsigned int *local_cache_bits = cache_bits;
d4eb88df 2449uschar *save_host_address = deliver_host_address;
059ec3d9
PH
2450check_host_block cb;
2451cb.host_name = host_name;
2452cb.host_address = host_address;
2453
2454if (valueptr != NULL) *valueptr = NULL;
2455
2456/* If the host address starts off ::ffff: it is an IPv6 address in
2457IPv4-compatible mode. Find the IPv4 part for checking against IPv4
2458addresses. */
2459
2460cb.host_ipv4 = (Ustrncmp(host_address, "::ffff:", 7) == 0)?
2461 host_address + 7 : host_address;
2462
8e669ac1
PH
2463/* During the running of the check, put the IP address into $host_address. In
2464the case of calls from the smtp transport, it will already be there. However,
2465in other calls (e.g. when testing ignore_target_hosts), it won't. Just to be on
d4eb88df
PH
2466the safe side, any existing setting is preserved, though as I write this
2467(November 2004) I can't see any cases where it is actually needed. */
2468
2469deliver_host_address = host_address;
2470rc = match_check_list(
2471 listptr, /* the list */
2472 0, /* separator character */
2473 &hostlist_anchor, /* anchor pointer */
2474 &local_cache_bits, /* cache pointer */
2475 check_host, /* function for testing */
2476 &cb, /* argument for function */
2477 MCL_HOST, /* type of check */
8e669ac1 2478 (host_address == sender_host_address)?
d4eb88df
PH
2479 US"host" : host_address, /* text for debugging */
2480 valueptr); /* where to pass back data */
2481deliver_host_address = save_host_address;
8e669ac1 2482return rc;
059ec3d9
PH
2483}
2484
2485
2486
2487
2488/*************************************************
2489* Check the remote host matches a list *
2490*************************************************/
2491
2492/* This is a front end to verify_check_this_host(), created because checking
2493the remote host is a common occurrence. With luck, a good compiler will spot
2494the tail recursion and optimize it. If there's no host address, this is
2495command-line SMTP input - check against an empty string for the address.
2496
2497Arguments:
2498 listptr pointer to the host list
2499
2500Returns: the yield of verify_check_this_host(),
2501 i.e. OK, FAIL, or DEFER
2502*/
2503
2504int
2505verify_check_host(uschar **listptr)
2506{
2507return verify_check_this_host(listptr, sender_host_cache, NULL,
2508 (sender_host_address == NULL)? US"" : sender_host_address, NULL);
2509}
2510
2511
2512
2513
2514
2515/*************************************************
83e029d5 2516* Invert an IP address *
059ec3d9
PH
2517*************************************************/
2518
83e029d5
PP
2519/* Originally just used for DNS xBL lists, now also used for the
2520reverse_ip expansion operator.
2521
059ec3d9
PH
2522Arguments:
2523 buffer where to put the answer
2524 address the address to invert
2525*/
2526
83e029d5 2527void
059ec3d9
PH
2528invert_address(uschar *buffer, uschar *address)
2529{
2530int bin[4];
2531uschar *bptr = buffer;
2532
2533/* If this is an IPv4 address mapped into IPv6 format, adjust the pointer
2534to the IPv4 part only. */
2535
2536if (Ustrncmp(address, "::ffff:", 7) == 0) address += 7;
2537
2538/* Handle IPv4 address: when HAVE_IPV6 is false, the result of host_aton() is
2539always 1. */
2540
2541if (host_aton(address, bin) == 1)
2542 {
2543 int i;
2544 int x = bin[0];
2545 for (i = 0; i < 4; i++)
2546 {
2547 sprintf(CS bptr, "%d.", x & 255);
2548 while (*bptr) bptr++;
2549 x >>= 8;
2550 }
2551 }
2552
2553/* Handle IPv6 address. Actually, as far as I know, there are no IPv6 addresses
2554in any DNS black lists, and the format in which they will be looked up is
2555unknown. This is just a guess. */
2556
2557#if HAVE_IPV6
2558else
2559 {
2560 int i, j;
2561 for (j = 3; j >= 0; j--)
2562 {
2563 int x = bin[j];
2564 for (i = 0; i < 8; i++)
2565 {
2566 sprintf(CS bptr, "%x.", x & 15);
2567 while (*bptr) bptr++;
2568 x >>= 4;
2569 }
2570 }
2571 }
2572#endif
d6f6e0dc
PH
2573
2574/* Remove trailing period -- this is needed so that both arbitrary
2575dnsbl keydomains and inverted addresses may be combined with the
2576same format string, "%s.%s" */
2577
2578*(--bptr) = 0;
059ec3d9
PH
2579}
2580
2581
2582
2583/*************************************************
0bcb2a0e
PH
2584* Perform a single dnsbl lookup *
2585*************************************************/
2586
d6f6e0dc
PH
2587/* This function is called from verify_check_dnsbl() below. It is also called
2588recursively from within itself when domain and domain_txt are different
2589pointers, in order to get the TXT record from the alternate domain.
0bcb2a0e
PH
2590
2591Arguments:
d6f6e0dc
PH
2592 domain the outer dnsbl domain
2593 domain_txt alternate domain to lookup TXT record on success; when the
2594 same domain is to be used, domain_txt == domain (that is,
2595 the pointers must be identical, not just the text)
8e669ac1 2596 keydomain the current keydomain (for debug message)
d6f6e0dc
PH
2597 prepend subdomain to lookup (like keydomain, but
2598 reversed if IP address)
2599 iplist the list of matching IP addresses, or NULL for "any"
8e669ac1 2600 bitmask true if bitmask matching is wanted
431b7361
PH
2601 match_type condition for 'succeed' result
2602 0 => Any RR in iplist (=)
2603 1 => No RR in iplist (!=)
2604 2 => All RRs in iplist (==)
2605 3 => Some RRs not in iplist (!==)
2606 the two bits are defined as MT_NOT and MT_ALL
8e669ac1 2607 defer_return what to return for a defer
0bcb2a0e
PH
2608
2609Returns: OK if lookup succeeded
2610 FAIL if not
2611*/
2612
2613static int
d6f6e0dc 2614one_check_dnsbl(uschar *domain, uschar *domain_txt, uschar *keydomain,
431b7361 2615 uschar *prepend, uschar *iplist, BOOL bitmask, int match_type,
d6f6e0dc 2616 int defer_return)
8e669ac1 2617{
0bcb2a0e
PH
2618dns_answer dnsa;
2619dns_scan dnss;
2620tree_node *t;
2621dnsbl_cache_block *cb;
2622int old_pool = store_pool;
d6f6e0dc
PH
2623uschar query[256]; /* DNS domain max length */
2624
2625/* Construct the specific query domainname */
2626
2627if (!string_format(query, sizeof(query), "%s.%s", prepend, domain))
2628 {
2629 log_write(0, LOG_MAIN|LOG_PANIC, "dnslist query is too long "
2630 "(ignored): %s...", query);
2631 return FAIL;
2632 }
0bcb2a0e
PH
2633
2634/* Look for this query in the cache. */
2635
2636t = tree_search(dnsbl_cache, query);
2637
2638/* If not cached from a previous lookup, we must do a DNS lookup, and
2639cache the result in permanent memory. */
2640
2641if (t == NULL)
2642 {
2643 store_pool = POOL_PERM;
2644
2645 /* Set up a tree entry to cache the lookup */
2646
2647 t = store_get(sizeof(tree_node) + Ustrlen(query));
2648 Ustrcpy(t->name, query);
2649 t->data.ptr = cb = store_get(sizeof(dnsbl_cache_block));
2650 (void)tree_insertnode(&dnsbl_cache, t);
2651
2652 /* Do the DNS loopup . */
2653
2654 HDEBUG(D_dnsbl) debug_printf("new DNS lookup for %s\n", query);
2655 cb->rc = dns_basic_lookup(&dnsa, query, T_A);
2656 cb->text_set = FALSE;
2657 cb->text = NULL;
2658 cb->rhs = NULL;
2659
2660 /* If the lookup succeeded, cache the RHS address. The code allows for
2661 more than one address - this was for complete generality and the possible
2662 use of A6 records. However, A6 records have been reduced to experimental
2663 status (August 2001) and may die out. So they may never get used at all,
2664 let alone in dnsbl records. However, leave the code here, just in case.
2665
2666 Quite apart from one A6 RR generating multiple addresses, there are DNS
2667 lists that return more than one A record, so we must handle multiple
2668 addresses generated in that way as well. */
2669
2670 if (cb->rc == DNS_SUCCEED)
2671 {
2672 dns_record *rr;
2673 dns_address **addrp = &(cb->rhs);
2674 for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);
2675 rr != NULL;
2676 rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT))
2677 {
2678 if (rr->type == T_A)
2679 {
2680 dns_address *da = dns_address_from_rr(&dnsa, rr);
2681 if (da != NULL)
2682 {
2683 *addrp = da;
2684 while (da->next != NULL) da = da->next;
2685 addrp = &(da->next);
2686 }
2687 }
2688 }
2689
2690 /* If we didn't find any A records, change the return code. This can
2691 happen when there is a CNAME record but there are no A records for what
2692 it points to. */
2693
2694 if (cb->rhs == NULL) cb->rc = DNS_NODATA;
2695 }
2696
2697 store_pool = old_pool;
2698 }
2699
2700/* Previous lookup was cached */
2701
2702else
2703 {
2704 HDEBUG(D_dnsbl) debug_printf("using result of previous DNS lookup\n");
2705 cb = t->data.ptr;
2706 }
2707
2708/* We now have the result of the DNS lookup, either newly done, or cached
2709from a previous call. If the lookup succeeded, check against the address
2710list if there is one. This may be a positive equality list (introduced by
2711"="), a negative equality list (introduced by "!="), a positive bitmask
2712list (introduced by "&"), or a negative bitmask list (introduced by "!&").*/
2713
2714if (cb->rc == DNS_SUCCEED)
2715 {
2716 dns_address *da = NULL;
2717 uschar *addlist = cb->rhs->address;
2718
2719 /* For A and AAAA records, there may be multiple addresses from multiple
2720 records. For A6 records (currently not expected to be used) there may be
2721 multiple addresses from a single record. */
2722
2723 for (da = cb->rhs->next; da != NULL; da = da->next)
2724 addlist = string_sprintf("%s, %s", addlist, da->address);
2725
2726 HDEBUG(D_dnsbl) debug_printf("DNS lookup for %s succeeded (yielding %s)\n",
2727 query, addlist);
2728
2729 /* Address list check; this can be either for equality, or via a bitmask.
2730 In the latter case, all the bits must match. */
2731
2732 if (iplist != NULL)
2733 {
431b7361 2734 for (da = cb->rhs; da != NULL; da = da->next)
0bcb2a0e 2735 {
431b7361
PH
2736 int ipsep = ',';
2737 uschar ip[46];
2738 uschar *ptr = iplist;
2739 uschar *res;
2740
0bcb2a0e 2741 /* Handle exact matching */
431b7361 2742
0bcb2a0e
PH
2743 if (!bitmask)
2744 {
431b7361 2745 while ((res = string_nextinlist(&ptr, &ipsep, ip, sizeof(ip))) != NULL)
0bcb2a0e
PH
2746 {
2747 if (Ustrcmp(CS da->address, ip) == 0) break;
2748 }
2749 }
431b7361 2750
0bcb2a0e 2751 /* Handle bitmask matching */
431b7361 2752
0bcb2a0e
PH
2753 else
2754 {
2755 int address[4];
2756 int mask = 0;
2757
2758 /* At present, all known DNS blocking lists use A records, with
2759 IPv4 addresses on the RHS encoding the information they return. I
2760 wonder if this will linger on as the last vestige of IPv4 when IPv6
2761 is ubiquitous? Anyway, for now we use paranoia code to completely
2762 ignore IPv6 addresses. The default mask is 0, which always matches.
2763 We change this only for IPv4 addresses in the list. */
2764
431b7361 2765 if (host_aton(da->address, address) == 1) mask = address[0];
0bcb2a0e
PH
2766
2767 /* Scan the returned addresses, skipping any that are IPv6 */
2768
431b7361 2769 while ((res = string_nextinlist(&ptr, &ipsep, ip, sizeof(ip))) != NULL)
0bcb2a0e 2770 {
431b7361
PH
2771 if (host_aton(ip, address) != 1) continue;
2772 if ((address[0] & mask) == address[0]) break;
0bcb2a0e
PH
2773 }
2774 }
2775
431b7361
PH
2776 /* If either
2777
2778 (a) An IP address in an any ('=') list matched, or
2779 (b) No IP address in an all ('==') list matched
0bcb2a0e 2780
431b7361
PH
2781 then we're done searching. */
2782
2783 if (((match_type & MT_ALL) != 0) == (res == NULL)) break;
0bcb2a0e
PH
2784 }
2785
431b7361 2786 /* If da == NULL, either
0bcb2a0e 2787
431b7361
PH
2788 (a) No IP address in an any ('=') list matched, or
2789 (b) An IP address in an all ('==') list didn't match
0bcb2a0e 2790
431b7361
PH
2791 so behave as if the DNSBL lookup had not succeeded, i.e. the host is not on
2792 the list. */
0bcb2a0e 2793
431b7361 2794 if ((match_type == MT_NOT || match_type == MT_ALL) != (da == NULL))
0bcb2a0e
PH
2795 {
2796 HDEBUG(D_dnsbl)
2797 {
431b7361
PH
2798 uschar *res = NULL;
2799 switch(match_type)
2800 {
2801 case 0:
2802 res = US"was no match";
2803 break;
2804 case MT_NOT:
2805 res = US"was an exclude match";
2806 break;
2807 case MT_ALL:
2808 res = US"was an IP address that did not match";
2809 break;
2810 case MT_NOT|MT_ALL:
2811 res = US"were no IP addresses that did not match";
2812 break;
2813 }
0bcb2a0e 2814 debug_printf("=> but we are not accepting this block class because\n");
431b7361
PH
2815 debug_printf("=> there %s for %s%c%s\n",
2816 res,
2817 ((match_type & MT_ALL) == 0)? "" : "=",
2818 bitmask? '&' : '=', iplist);
0bcb2a0e 2819 }
8e669ac1 2820 return FAIL;
0bcb2a0e
PH
2821 }
2822 }
2823
d6f6e0dc
PH
2824 /* Either there was no IP list, or the record matched, implying that the
2825 domain is on the list. We now want to find a corresponding TXT record. If an
2826 alternate domain is specified for the TXT record, call this function
2827 recursively to look that up; this has the side effect of re-checking that
2828 there is indeed an A record at the alternate domain. */
2829
2830 if (domain_txt != domain)
2831 return one_check_dnsbl(domain_txt, domain_txt, keydomain, prepend, NULL,
431b7361 2832 FALSE, match_type, defer_return);
d6f6e0dc
PH
2833
2834 /* If there is no alternate domain, look up a TXT record in the main domain
2835 if it has not previously been cached. */
0bcb2a0e
PH
2836
2837 if (!cb->text_set)
2838 {
2839 cb->text_set = TRUE;
2840 if (dns_basic_lookup(&dnsa, query, T_TXT) == DNS_SUCCEED)
2841 {
2842 dns_record *rr;
2843 for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);
2844 rr != NULL;
2845 rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT))
2846 if (rr->type == T_TXT) break;
2847 if (rr != NULL)
2848 {
2849 int len = (rr->data)[0];
2850 if (len > 511) len = 127;
2851 store_pool = POOL_PERM;
2852 cb->text = string_sprintf("%.*s", len, (const uschar *)(rr->data+1));
2853 store_pool = old_pool;
2854 }
2855 }
2856 }
2857
2858 dnslist_value = addlist;
2859 dnslist_text = cb->text;
2860 return OK;
2861 }
2862
2863/* There was a problem with the DNS lookup */
2864
2865if (cb->rc != DNS_NOMATCH && cb->rc != DNS_NODATA)
2866 {
2867 log_write(L_dnslist_defer, LOG_MAIN,
2868 "DNS list lookup defer (probably timeout) for %s: %s", query,
2869 (defer_return == OK)? US"assumed in list" :
2870 (defer_return == FAIL)? US"assumed not in list" :
2871 US"returned DEFER");
2872 return defer_return;
2873 }
2874
2875/* No entry was found in the DNS; continue for next domain */
2876
2877HDEBUG(D_dnsbl)
2878 {
2879 debug_printf("DNS lookup for %s failed\n", query);
2880 debug_printf("=> that means %s is not listed at %s\n",
2881 keydomain, domain);
2882 }
2883
2884return FAIL;
2885}
2886
2887
2888
2889
2890/*************************************************
059ec3d9
PH
2891* Check host against DNS black lists *
2892*************************************************/
2893
2894/* This function runs checks against a list of DNS black lists, until one
2895matches. Each item on the list can be of the form
2896
2897 domain=ip-address/key
2898
2899The domain is the right-most domain that is used for the query, for example,
2900blackholes.mail-abuse.org. If the IP address is present, there is a match only
2901if the DNS lookup returns a matching IP address. Several addresses may be
2902given, comma-separated, for example: x.y.z=127.0.0.1,127.0.0.2.
2903
2904If no key is given, what is looked up in the domain is the inverted IP address
2905of the current client host. If a key is given, it is used to construct the
d6f6e0dc 2906domain for the lookup. For example:
059ec3d9
PH
2907
2908 dsn.rfc-ignorant.org/$sender_address_domain
2909
2910After finding a match in the DNS, the domain is placed in $dnslist_domain, and
2911then we check for a TXT record for an error message, and if found, save its
2912value in $dnslist_text. We also cache everything in a tree, to optimize
2913multiple lookups.
2914
d6f6e0dc
PH
2915The TXT record is normally looked up in the same domain as the A record, but
2916when many lists are combined in a single DNS domain, this will not be a very
2917specific message. It is possible to specify a different domain for looking up
2918TXT records; this is given before the main domain, comma-separated. For
2919example:
2920
2921 dnslists = http.dnsbl.sorbs.net,dnsbl.sorbs.net=127.0.0.2 : \
2922 socks.dnsbl.sorbs.net,dnsbl.sorbs.net=127.0.0.3
2923
2924The caching ensures that only one lookup in dnsbl.sorbs.net is done.
2925
059ec3d9
PH
2926Note: an address for testing RBL is 192.203.178.39
2927Note: an address for testing DUL is 192.203.178.4
2928Note: a domain for testing RFCI is example.tld.dsn.rfc-ignorant.org
2929
2930Arguments:
2931 listptr the domain/address/data list
2932
2933Returns: OK successful lookup (i.e. the address is on the list), or
2934 lookup deferred after +include_unknown
2935 FAIL name not found, or no data found for the given type, or
2936 lookup deferred after +exclude_unknown (default)
2937 DEFER lookup failure, if +defer_unknown was set
2938*/
2939
2940int
2941verify_check_dnsbl(uschar **listptr)
2942{
2943int sep = 0;
2944int defer_return = FAIL;
059ec3d9
PH
2945uschar *list = *listptr;
2946uschar *domain;
2947uschar *s;
2948uschar buffer[1024];
059ec3d9
PH
2949uschar revadd[128]; /* Long enough for IPv6 address */
2950
2951/* Indicate that the inverted IP address is not yet set up */
2952
2953revadd[0] = 0;
2954
0bcb2a0e
PH
2955/* In case this is the first time the DNS resolver is being used. */
2956
2957dns_init(FALSE, FALSE);
2958
059ec3d9
PH
2959/* Loop through all the domains supplied, until something matches */
2960
2961while ((domain = string_nextinlist(&list, &sep, buffer, sizeof(buffer))) != NULL)
2962 {
0bcb2a0e 2963 int rc;
059ec3d9 2964 BOOL bitmask = FALSE;
431b7361 2965 int match_type = 0;
d6f6e0dc
PH
2966 uschar *domain_txt;
2967 uschar *comma;
059ec3d9
PH
2968 uschar *iplist;
2969 uschar *key;
059ec3d9
PH
2970
2971 HDEBUG(D_dnsbl) debug_printf("DNS list check: %s\n", domain);
2972
2973 /* Deal with special values that change the behaviour on defer */
2974
2975 if (domain[0] == '+')
2976 {
2977 if (strcmpic(domain, US"+include_unknown") == 0) defer_return = OK;
2978 else if (strcmpic(domain, US"+exclude_unknown") == 0) defer_return = FAIL;
2979 else if (strcmpic(domain, US"+defer_unknown") == 0) defer_return = DEFER;
2980 else
2981 log_write(0, LOG_MAIN|LOG_PANIC, "unknown item in dnslist (ignored): %s",
2982 domain);
2983 continue;
2984 }
2985
2986 /* See if there's explicit data to be looked up */
2987
2988 key = Ustrchr(domain, '/');
2989 if (key != NULL) *key++ = 0;
2990
2991 /* See if there's a list of addresses supplied after the domain name. This is
431b7361
PH
2992 introduced by an = or a & character; if preceded by = we require all matches
2993 and if preceded by ! we invert the result. */
059ec3d9
PH
2994
2995 iplist = Ustrchr(domain, '=');
2996 if (iplist == NULL)
2997 {
2998 bitmask = TRUE;
2999 iplist = Ustrchr(domain, '&');
3000 }
3001
431b7361 3002 if (iplist != NULL) /* Found either = or & */
059ec3d9 3003 {
431b7361 3004 if (iplist > domain && iplist[-1] == '!') /* Handle preceding ! */
059ec3d9 3005 {
431b7361 3006 match_type |= MT_NOT;
059ec3d9
PH
3007 iplist[-1] = 0;
3008 }
431b7361
PH
3009
3010 *iplist++ = 0; /* Terminate domain, move on */
3011
3012 /* If we found = (bitmask == FALSE), check for == or =& */
3013
3014 if (!bitmask && (*iplist == '=' || *iplist == '&'))
3015 {
3016 bitmask = *iplist++ == '&';
3017 match_type |= MT_ALL;
3018 }
059ec3d9
PH
3019 }
3020
d6f6e0dc
PH
3021 /* If there is a comma in the domain, it indicates that a second domain for
3022 looking up TXT records is provided, before the main domain. Otherwise we must
3023 set domain_txt == domain. */
3024
3025 domain_txt = domain;
3026 comma = Ustrchr(domain, ',');
3027 if (comma != NULL)
3028 {
3029 *comma++ = 0;
3030 domain = comma;
3031 }
3032
059ec3d9
PH
3033 /* Check that what we have left is a sensible domain name. There is no reason
3034 why these domains should in fact use the same syntax as hosts and email
3035 domains, but in practice they seem to. However, there is little point in
3036 actually causing an error here, because that would no doubt hold up incoming
3037 mail. Instead, I'll just log it. */
3038
3039 for (s = domain; *s != 0; s++)
3040 {
09dcaba9 3041 if (!isalnum(*s) && *s != '-' && *s != '.' && *s != '_')
059ec3d9
PH
3042 {
3043 log_write(0, LOG_MAIN, "dnslists domain \"%s\" contains "
3044 "strange characters - is this right?", domain);
3045 break;
3046 }
3047 }
3048
d6f6e0dc
PH
3049 /* Check the alternate domain if present */
3050
3051 if (domain_txt != domain) for (s = domain_txt; *s != 0; s++)
3052 {
09dcaba9 3053 if (!isalnum(*s) && *s != '-' && *s != '.' && *s != '_')
d6f6e0dc
PH
3054 {
3055 log_write(0, LOG_MAIN, "dnslists domain \"%s\" contains "
3056 "strange characters - is this right?", domain_txt);
3057 break;
3058 }
3059 }
3060
8e669ac1 3061 /* If there is no key string, construct the query by adding the domain name
0bcb2a0e 3062 onto the inverted host address, and perform a single DNS lookup. */
8e669ac1 3063
059ec3d9
PH
3064 if (key == NULL)
3065 {
3066 if (sender_host_address == NULL) return FAIL; /* can never match */
3067 if (revadd[0] == 0) invert_address(revadd, sender_host_address);
d6f6e0dc 3068 rc = one_check_dnsbl(domain, domain_txt, sender_host_address, revadd,
431b7361 3069 iplist, bitmask, match_type, defer_return);
0bcb2a0e
PH
3070 if (rc == OK)
3071 {
d6f6e0dc 3072 dnslist_domain = string_copy(domain_txt);
93655c46 3073 dnslist_matched = string_copy(sender_host_address);
8e669ac1 3074 HDEBUG(D_dnsbl) debug_printf("=> that means %s is listed at %s\n",
d6f6e0dc 3075 sender_host_address, dnslist_domain);
0bcb2a0e 3076 }
0bcb2a0e 3077 if (rc != FAIL) return rc; /* OK or DEFER */
059ec3d9 3078 }
8e669ac1
PH
3079
3080 /* If there is a key string, it can be a list of domains or IP addresses to
0bcb2a0e 3081 be concatenated with the main domain. */
8e669ac1 3082
059ec3d9
PH
3083 else
3084 {
0bcb2a0e 3085 int keysep = 0;
8e669ac1
PH
3086 BOOL defer = FALSE;
3087 uschar *keydomain;
0bcb2a0e 3088 uschar keybuffer[256];
d6f6e0dc 3089 uschar keyrevadd[128];
8e669ac1
PH
3090
3091 while ((keydomain = string_nextinlist(&key, &keysep, keybuffer,
0bcb2a0e 3092 sizeof(keybuffer))) != NULL)
8e669ac1 3093 {
d6f6e0dc
PH
3094 uschar *prepend = keydomain;
3095
7e66e54d 3096 if (string_is_ip_address(keydomain, NULL) != 0)
059ec3d9 3097 {
0bcb2a0e 3098 invert_address(keyrevadd, keydomain);
d6f6e0dc 3099 prepend = keyrevadd;
059ec3d9 3100 }
8e669ac1 3101
d6f6e0dc 3102 rc = one_check_dnsbl(domain, domain_txt, keydomain, prepend, iplist,
431b7361 3103 bitmask, match_type, defer_return);
8e669ac1 3104
0bcb2a0e 3105 if (rc == OK)
059ec3d9 3106 {
d6f6e0dc 3107 dnslist_domain = string_copy(domain_txt);
93655c46 3108 dnslist_matched = string_copy(keydomain);
8e669ac1 3109 HDEBUG(D_dnsbl) debug_printf("=> that means %s is listed at %s\n",
d6f6e0dc 3110 keydomain, dnslist_domain);
8e669ac1 3111 return OK;
059ec3d9 3112 }
8e669ac1 3113
c38d6da9
PH
3114 /* If the lookup deferred, remember this fact. We keep trying the rest
3115 of the list to see if we get a useful result, and if we don't, we return
3116 DEFER at the end. */
059ec3d9 3117
c38d6da9 3118 if (rc == DEFER) defer = TRUE;
0bcb2a0e 3119 } /* continue with next keystring domain/address */
c38d6da9
PH
3120
3121 if (defer) return DEFER;
8e669ac1 3122 }
0bcb2a0e 3123 } /* continue with next dnsdb outer domain */
059ec3d9
PH
3124
3125return FAIL;
3126}
3127
3128/* End of verify.c */