projects / exim.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
DSCP support, tentative
[exim.git] / src / src / verify.c
CommitLineData
059ec3d9
PH		 1/*************************************************
2* Exim - an Internet mail transport agent *
3*************************************************/
4
0a49a7a4 5/* Copyright (c) University of Cambridge 1995 - 2009 */
059ec3d9
PH		 6/* See the file NOTICE for conditions of use and distribution. */
7
8/* Functions concerned with verifying things. The original code for callout
9caching was contributed by Kevin Fleming (but I hacked it around a bit). */
10
11
12#include "exim.h"
13
14
15/* Structure for caching DNSBL lookups */
16
17typedef struct dnsbl_cache_block {
18 dns_address *rhs;
19 uschar *text;
20 int rc;
21 BOOL text_set;
22} dnsbl_cache_block;
23
24
25/* Anchor for DNSBL cache */
26
27static tree_node *dnsbl_cache = NULL;
28
29
431b7361
PH		 30/* Bits for match_type in one_check_dnsbl() */
31
32#define MT_NOT 1
33#define MT_ALL 2
34
35
059ec3d9
PH		 36
37/*************************************************
38* Retrieve a callout cache record *
39*************************************************/
40
41/* If a record exists, check whether it has expired.
42
43Arguments:
44 dbm_file an open hints file
45 key the record key
46 type "address" or "domain"
47 positive_expire expire time for positive records
48 negative_expire expire time for negative records
49
50Returns: the cache record if a non-expired one exists, else NULL
51*/
52
53static dbdata_callout_cache *
54get_callout_cache_record(open_db *dbm_file, uschar *key, uschar *type,
55 int positive_expire, int negative_expire)
56{
57BOOL negative;
58int length, expire;
59time_t now;
60dbdata_callout_cache *cache_record;
61
62cache_record = dbfn_read_with_length(dbm_file, key, &length);
63
64if (cache_record == NULL)
65 {
66 HDEBUG(D_verify) debug_printf("callout cache: no %s record found\n", type);
67 return NULL;
68 }
69
70/* We treat a record as "negative" if its result field is not positive, or if
71it is a domain record and the postmaster field is negative. */
72
73negative = cache_record->result != ccache_accept ||
74 (type[0] == 'd' && cache_record->postmaster_result == ccache_reject);
75expire = negative? negative_expire : positive_expire;
76now = time(NULL);
77
78if (now - cache_record->time_stamp > expire)
79 {
80 HDEBUG(D_verify) debug_printf("callout cache: %s record expired\n", type);
81 return NULL;
82 }
83
84/* If this is a non-reject domain record, check for the obsolete format version
85that doesn't have the postmaster and random timestamps, by looking at the
86length. If so, copy it to a new-style block, replicating the record's
87timestamp. Then check the additional timestamps. (There's no point wasting
88effort if connections are rejected.) */
89
90if (type[0] == 'd' && cache_record->result != ccache_reject)
91 {
92 if (length == sizeof(dbdata_callout_cache_obs))
93 {
94 dbdata_callout_cache *new = store_get(sizeof(dbdata_callout_cache));
95 memcpy(new, cache_record, length);
96 new->postmaster_stamp = new->random_stamp = new->time_stamp;
97 cache_record = new;
98 }
99
100 if (now - cache_record->postmaster_stamp > expire)
101 cache_record->postmaster_result = ccache_unknown;
102
103 if (now - cache_record->random_stamp > expire)
104 cache_record->random_result = ccache_unknown;
105 }
106
107HDEBUG(D_verify) debug_printf("callout cache: found %s record\n", type);
108return cache_record;
109}
110
111
112
113/*************************************************
114* Do callout verification for an address *
115*************************************************/
116
117/* This function is called from verify_address() when the address has routed to
118a host list, and a callout has been requested. Callouts are expensive; that is
119why a cache is used to improve the efficiency.
120
121Arguments:
122 addr the address that's been routed
123 host_list the list of hosts to try
124 tf the transport feedback block
125
126 ifstring "interface" option from transport, or NULL
127 portstring "port" option from transport, or NULL
128 protocolstring "protocol" option from transport, or NULL
129 callout the per-command callout timeout
4deaf07d
PH		 130 callout_overall the overall callout timeout (if < 0 use 4*callout)
131 callout_connect the callout connection timeout (if < 0 use callout)
059ec3d9
PH		 132 options the verification options - these bits are used:
133 vopt_is_recipient => this is a recipient address
134 vopt_callout_no_cache => don't use callout cache
2a4be8f9 135 vopt_callout_fullpm => if postmaster check, do full one
059ec3d9
PH		 136 vopt_callout_random => do the "random" thing
137 vopt_callout_recipsender => use real sender for recipient
138 vopt_callout_recippmaster => use postmaster for recipient
139 se_mailfrom MAIL FROM address for sender verify; NULL => ""
140 pm_mailfrom if non-NULL, do the postmaster check with this sender
141
142Returns: OK/FAIL/DEFER
143*/
144
145static int
146do_callout(address_item *addr, host_item *host_list, transport_feedback *tf,
8e669ac1 147 int callout, int callout_overall, int callout_connect, int options,
4deaf07d 148 uschar *se_mailfrom, uschar *pm_mailfrom)
059ec3d9
PH		 149{
150BOOL is_recipient = (options & vopt_is_recipient) != 0;
151BOOL callout_no_cache = (options & vopt_callout_no_cache) != 0;
152BOOL callout_random = (options & vopt_callout_random) != 0;
153
154int yield = OK;
2b1c6e3a 155int old_domain_cache_result = ccache_accept;
059ec3d9
PH		 156BOOL done = FALSE;
157uschar *address_key;
158uschar *from_address;
159uschar *random_local_part = NULL;
750af86e 160uschar *save_deliver_domain = deliver_domain;
8e669ac1 161uschar **failure_ptr = is_recipient?
2c7db3f5 162 &recipient_verify_failure : &sender_verify_failure;
059ec3d9
PH		 163open_db dbblock;
164open_db *dbm_file = NULL;
165dbdata_callout_cache new_domain_record;
166dbdata_callout_cache_address new_address_record;
167host_item *host;
168time_t callout_start_time;
169
170new_domain_record.result = ccache_unknown;
171new_domain_record.postmaster_result = ccache_unknown;
172new_domain_record.random_result = ccache_unknown;
173
174memset(&new_address_record, 0, sizeof(new_address_record));
175
176/* For a recipient callout, the key used for the address cache record must
177include the sender address if we are using the real sender in the callout,
178because that may influence the result of the callout. */
179
180address_key = addr->address;
181from_address = US"";
182
183if (is_recipient)
184 {
185 if ((options & vopt_callout_recipsender) != 0)
186 {
187 address_key = string_sprintf("%s/<%s>", addr->address, sender_address);
188 from_address = sender_address;
189 }
190 else if ((options & vopt_callout_recippmaster) != 0)
191 {
192 address_key = string_sprintf("%s/<postmaster@%s>", addr->address,
193 qualify_domain_sender);
194 from_address = string_sprintf("postmaster@%s", qualify_domain_sender);
195 }
196 }
197
198/* For a sender callout, we must adjust the key if the mailfrom address is not
199empty. */
200
201else
202 {
203 from_address = (se_mailfrom == NULL)? US"" : se_mailfrom;
204 if (from_address[0] != 0)
205 address_key = string_sprintf("%s/<%s>", addr->address, from_address);
206 }
207
208/* Open the callout cache database, it it exists, for reading only at this
209stage, unless caching has been disabled. */
210
211if (callout_no_cache)
212 {
213 HDEBUG(D_verify) debug_printf("callout cache: disabled by no_cache\n");
214 }
215else if ((dbm_file = dbfn_open(US"callout", O_RDWR, &dbblock, FALSE)) == NULL)
216 {
217 HDEBUG(D_verify) debug_printf("callout cache: not available\n");
218 }
219
220/* If a cache database is available see if we can avoid the need to do an
221actual callout by making use of previously-obtained data. */
222
223if (dbm_file != NULL)
224 {
225 dbdata_callout_cache_address *cache_address_record;
226 dbdata_callout_cache *cache_record = get_callout_cache_record(dbm_file,
227 addr->domain, US"domain",
228 callout_cache_domain_positive_expire,
229 callout_cache_domain_negative_expire);
230
231 /* If an unexpired cache record was found for this domain, see if the callout
232 process can be short-circuited. */
233
234 if (cache_record != NULL)
235 {
2b1c6e3a
PH		 236 /* In most cases, if an early command (up to and including MAIL FROM:<>)
237 was rejected, there is no point carrying on. The callout fails. However, if
238 we are doing a recipient verification with use_sender or use_postmaster
239 set, a previous failure of MAIL FROM:<> doesn't count, because this time we
240 will be using a non-empty sender. We have to remember this situation so as
241 not to disturb the cached domain value if this whole verification succeeds
242 (we don't want it turning into "accept"). */
243
244 old_domain_cache_result = cache_record->result;
245
246 if (cache_record->result == ccache_reject ||
247 (*from_address == 0 && cache_record->result == ccache_reject_mfnull))
059ec3d9
PH		 248 {
249 setflag(addr, af_verify_nsfail);
250 HDEBUG(D_verify)
251 debug_printf("callout cache: domain gave initial rejection, or "
252 "does not accept HELO or MAIL FROM:<>\n");
253 setflag(addr, af_verify_nsfail);
254 addr->user_message = US"(result of an earlier callout reused).";
255 yield = FAIL;
8e669ac1 256 *failure_ptr = US"mail";
059ec3d9
PH		 257 goto END_CALLOUT;
258 }
259
260 /* If a previous check on a "random" local part was accepted, we assume
261 that the server does not do any checking on local parts. There is therefore
262 no point in doing the callout, because it will always be successful. If a
263 random check previously failed, arrange not to do it again, but preserve
264 the data in the new record. If a random check is required but hasn't been
265 done, skip the remaining cache processing. */
266
267 if (callout_random) switch(cache_record->random_result)
268 {
269 case ccache_accept:
270 HDEBUG(D_verify)
271 debug_printf("callout cache: domain accepts random addresses\n");
272 goto END_CALLOUT; /* Default yield is OK */
273
274 case ccache_reject:
275 HDEBUG(D_verify)
276 debug_printf("callout cache: domain rejects random addresses\n");
277 callout_random = FALSE;
278 new_domain_record.random_result = ccache_reject;
279 new_domain_record.random_stamp = cache_record->random_stamp;
280 break;
281
282 default:
283 HDEBUG(D_verify)
284 debug_printf("callout cache: need to check random address handling "
285 "(not cached or cache expired)\n");
286 goto END_CACHE;
287 }
288
289 /* If a postmaster check is requested, but there was a previous failure,
290 there is again no point in carrying on. If a postmaster check is required,
291 but has not been done before, we are going to have to do a callout, so skip
292 remaining cache processing. */
293
294 if (pm_mailfrom != NULL)
295 {
296 if (cache_record->postmaster_result == ccache_reject)
297 {
298 setflag(addr, af_verify_pmfail);
299 HDEBUG(D_verify)
300 debug_printf("callout cache: domain does not accept "
301 "RCPT TO:<postmaster@domain>\n");
302 yield = FAIL;
8e669ac1 303 *failure_ptr = US"postmaster";
059ec3d9
PH		 304 setflag(addr, af_verify_pmfail);
305 addr->user_message = US"(result of earlier verification reused).";
306 goto END_CALLOUT;
307 }
308 if (cache_record->postmaster_result == ccache_unknown)
309 {
310 HDEBUG(D_verify)
311 debug_printf("callout cache: need to check RCPT "
312 "TO:<postmaster@domain> (not cached or cache expired)\n");
313 goto END_CACHE;
314 }
315
316 /* If cache says OK, set pm_mailfrom NULL to prevent a redundant
317 postmaster check if the address itself has to be checked. Also ensure
318 that the value in the cache record is preserved (with its old timestamp).
319 */
320
321 HDEBUG(D_verify) debug_printf("callout cache: domain accepts RCPT "
322 "TO:<postmaster@domain>\n");
323 pm_mailfrom = NULL;
324 new_domain_record.postmaster_result = ccache_accept;
325 new_domain_record.postmaster_stamp = cache_record->postmaster_stamp;
326 }
327 }
328
329 /* We can't give a result based on information about the domain. See if there
330 is an unexpired cache record for this specific address (combined with the
331 sender address if we are doing a recipient callout with a non-empty sender).
332 */
333
334 cache_address_record = (dbdata_callout_cache_address *)
335 get_callout_cache_record(dbm_file,
336 address_key, US"address",
337 callout_cache_positive_expire,
338 callout_cache_negative_expire);
339
340 if (cache_address_record != NULL)
341 {
342 if (cache_address_record->result == ccache_accept)
343 {
344 HDEBUG(D_verify)
345 debug_printf("callout cache: address record is positive\n");
346 }
347 else
348 {
349 HDEBUG(D_verify)
350 debug_printf("callout cache: address record is negative\n");
351 addr->user_message = US"Previous (cached) callout verification failure";
8e669ac1 352 *failure_ptr = US"recipient";
059ec3d9
PH		 353 yield = FAIL;
354 }
355 goto END_CALLOUT;
356 }
357
358 /* Close the cache database while we actually do the callout for real. */
359
360 END_CACHE:
361 dbfn_close(dbm_file);
362 dbm_file = NULL;
363 }
364
365/* The information wasn't available in the cache, so we have to do a real
366callout and save the result in the cache for next time, unless no_cache is set,
367or unless we have a previously cached negative random result. If we are to test
368with a random local part, ensure that such a local part is available. If not,
369log the fact, but carry on without randomming. */
370
371if (callout_random && callout_random_local_part != NULL)
372 {
373 random_local_part = expand_string(callout_random_local_part);
374 if (random_local_part == NULL)
375 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand "
376 "callout_random_local_part: %s", expand_string_message);
377 }
378
4deaf07d
PH		 379/* Default the connect and overall callout timeouts if not set, and record the
380time we are starting so that we can enforce it. */
059ec3d9
PH		 381
382if (callout_overall < 0) callout_overall = 4 * callout;
4deaf07d 383if (callout_connect < 0) callout_connect = callout;
059ec3d9
PH		 384callout_start_time = time(NULL);
385
4c590bd1
PH		 386/* Before doing a real callout, if this is an SMTP connection, flush the SMTP
387output because a callout might take some time. When PIPELINING is active and
388there are many recipients, the total time for doing lots of callouts can add up
389and cause the client to time out. So in this case we forgo the PIPELINING
390optimization. */
391
392if (smtp_out != NULL && !disable_callout_flush) mac_smtp_fflush();
393
059ec3d9
PH		 394/* Now make connections to the hosts and do real callouts. The list of hosts
395is passed in as an argument. */
396
397for (host = host_list; host != NULL && !done; host = host->next)
398 {
399 smtp_inblock inblock;
400 smtp_outblock outblock;
401 int host_af;
402 int port = 25;
8e669ac1 403 BOOL send_quit = TRUE;
26da7e20 404 uschar *active_hostname = smtp_active_hostname;
059ec3d9
PH		 405 uschar *helo = US"HELO";
406 uschar *interface = NULL; /* Outgoing interface to use; NULL => any */
407 uschar inbuffer[4096];
408 uschar outbuffer[1024];
409 uschar responsebuffer[4096];
410
411 clearflag(addr, af_verify_pmfail); /* postmaster callout flag */
412 clearflag(addr, af_verify_nsfail); /* null sender callout flag */
413
414 /* Skip this host if we don't have an IP address for it. */
415
416 if (host->address == NULL)
417 {
418 DEBUG(D_verify) debug_printf("no IP address for host name %s: skipping\n",
419 host->name);
420 continue;
421 }
422
423 /* Check the overall callout timeout */
424
425 if (time(NULL) - callout_start_time >= callout_overall)
426 {
427 HDEBUG(D_verify) debug_printf("overall timeout for callout exceeded\n");
428 break;
429 }
430
431 /* Set IPv4 or IPv6 */
432
433 host_af = (Ustrchr(host->address, ':') == NULL)? AF_INET:AF_INET6;
434
de3a88fb
PH		 435 /* Expand and interpret the interface and port strings. The latter will not
436 be used if there is a host-specific port (e.g. from a manualroute router).
437 This has to be delayed till now, because they may expand differently for
438 different hosts. If there's a failure, log it, but carry on with the
439 defaults. */
059ec3d9
PH		 440
441 deliver_host = host->name;
442 deliver_host_address = host->address;
750af86e 443 deliver_domain = addr->domain;
de3a88fb 444
059ec3d9
PH		 445 if (!smtp_get_interface(tf->interface, host_af, addr, NULL, &interface,
446 US"callout") ||
447 !smtp_get_port(tf->port, addr, &port, US"callout"))
448 log_write(0, LOG_MAIN|LOG_PANIC, "<%s>: %s", addr->address,
449 addr->message);
de3a88fb 450
059ec3d9
PH		 451 /* Set HELO string according to the protocol */
452
453 if (Ustrcmp(tf->protocol, "lmtp") == 0) helo = US"LHLO";
454
455 HDEBUG(D_verify) debug_printf("interface=%s port=%d\n", interface, port);
456
457 /* Set up the buffer for reading SMTP response packets. */
458
459 inblock.buffer = inbuffer;
460 inblock.buffersize = sizeof(inbuffer);
461 inblock.ptr = inbuffer;
462 inblock.ptrend = inbuffer;
463
464 /* Set up the buffer for holding SMTP commands while pipelining */
465
466 outblock.buffer = outbuffer;
467 outblock.buffersize = sizeof(outbuffer);
468 outblock.ptr = outbuffer;
469 outblock.cmd_count = 0;
470 outblock.authenticating = FALSE;
471
472 /* Connect to the host; on failure, just loop for the next one, but we
4deaf07d 473 set the error for the last one. Use the callout_connect timeout. */
059ec3d9
PH		 474
475 inblock.sock = outblock.sock =
9e4f5962
PP		 476 smtp_connect(host, host_af, port, interface, callout_connect, TRUE, NULL);
477 /* reconsider DSCP here */
059ec3d9
PH		 478 if (inblock.sock < 0)
479 {
480 addr->message = string_sprintf("could not connect to %s [%s]: %s",
481 host->name, host->address, strerror(errno));
41c7c167
PH		 482 deliver_host = deliver_host_address = NULL;
483 deliver_domain = save_deliver_domain;
059ec3d9
PH		 484 continue;
485 }
486
41c7c167
PH		 487 /* Expand the helo_data string to find the host name to use. */
488
489 if (tf->helo_data != NULL)
490 {
491 uschar *s = expand_string(tf->helo_data);
492 if (s == NULL)
493 log_write(0, LOG_MAIN|LOG_PANIC, "<%s>: failed to expand transport's "
494 "helo_data value for callout: %s", addr->address,
495 expand_string_message);
496 else active_hostname = s;
497 }
498
499 deliver_host = deliver_host_address = NULL;
500 deliver_domain = save_deliver_domain;
501
2b1c6e3a
PH		 502 /* Wait for initial response, and send HELO. The smtp_write_command()
503 function leaves its command in big_buffer. This is used in error responses.
504 Initialize it in case the connection is rejected. */
059ec3d9
PH		 505
506 Ustrcpy(big_buffer, "initial connection");
507
508 done =
509 smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
510 '2', callout) &&
059ec3d9 511 smtp_write_command(&outblock, FALSE, "%s %s\r\n", helo,
26da7e20 512 active_hostname) >= 0 &&
059ec3d9 513 smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
2b1c6e3a 514 '2', callout);
059ec3d9 515
2b1c6e3a
PH		 516 /* Failure to accept HELO is cached; this blocks the whole domain for all
517 senders. I/O errors and defer responses are not cached. */
518
519 if (!done)
520 {
521 *failure_ptr = US"mail"; /* At or before MAIL */
522 if (errno == 0 && responsebuffer[0] == '5')
523 {
524 setflag(addr, af_verify_nsfail);
525 new_domain_record.result = ccache_reject;
526 }
527 }
528
529 /* Send the MAIL command */
530
531 else done =
059ec3d9
PH		 532 smtp_write_command(&outblock, FALSE, "MAIL FROM:<%s>\r\n",
533 from_address) >= 0 &&
534 smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
535 '2', callout);
536
2b1c6e3a
PH		 537 /* If the host does not accept MAIL FROM:<>, arrange to cache this
538 information, but again, don't record anything for an I/O error or a defer. Do
539 not cache rejections of MAIL when a non-empty sender has been used, because
540 that blocks the whole domain for all senders. */
059ec3d9
PH		 541
542 if (!done)
543 {
2b1c6e3a 544 *failure_ptr = US"mail"; /* At or before MAIL */
059ec3d9
PH		 545 if (errno == 0 && responsebuffer[0] == '5')
546 {
547 setflag(addr, af_verify_nsfail);
2b1c6e3a
PH		 548 if (from_address[0] == 0)
549 new_domain_record.result = ccache_reject_mfnull;
059ec3d9
PH		 550 }
551 }
552
553 /* Otherwise, proceed to check a "random" address (if required), then the
554 given address, and the postmaster address (if required). Between each check,
555 issue RSET, because some servers accept only one recipient after MAIL
2b1c6e3a
PH		 556 FROM:<>.
557
558 Before doing this, set the result in the domain cache record to "accept",
559 unless its previous value was ccache_reject_mfnull. In that case, the domain
560 rejects MAIL FROM:<> and we want to continue to remember that. When that is
561 the case, we have got here only in the case of a recipient verification with
562 a non-null sender. */
059ec3d9
PH		 563
564 else
565 {
2b1c6e3a
PH		 566 new_domain_record.result =
567 (old_domain_cache_result == ccache_reject_mfnull)?
568 ccache_reject_mfnull: ccache_accept;
059ec3d9
PH		 569
570 /* Do the random local part check first */
571
572 if (random_local_part != NULL)
573 {
574 uschar randombuffer[1024];
575 BOOL random_ok =
576 smtp_write_command(&outblock, FALSE,
577 "RCPT TO:<%.1000s@%.1000s>\r\n", random_local_part,
578 addr->domain) >= 0 &&
579 smtp_read_response(&inblock, randombuffer,
580 sizeof(randombuffer), '2', callout);
581
582 /* Remember when we last did a random test */
583
584 new_domain_record.random_stamp = time(NULL);
585
586 /* If accepted, we aren't going to do any further tests below. */
587
588 if (random_ok)
589 {
590 new_domain_record.random_result = ccache_accept;
591 }
592
593 /* Otherwise, cache a real negative response, and get back to the right
594 state to send RCPT. Unless there's some problem such as a dropped
595 connection, we expect to succeed, because the commands succeeded above. */
596
597 else if (errno == 0)
598 {
599 if (randombuffer[0] == '5')
600 new_domain_record.random_result = ccache_reject;
601
602 done =
603 smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0 &&
604 smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
605 '2', callout) &&
606
90e9ce59
PH		 607 smtp_write_command(&outblock, FALSE, "MAIL FROM:<%s>\r\n",
608 from_address) >= 0 &&
059ec3d9
PH		 609 smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
610 '2', callout);
611 }
612 else done = FALSE; /* Some timeout/connection problem */
613 } /* Random check */
614
615 /* If the host is accepting all local parts, as determined by the "random"
616 check, we don't need to waste time doing any further checking. */
617
618 if (new_domain_record.random_result != ccache_accept && done)
619 {
5417f6d1
PH		 620 /* Get the rcpt_include_affixes flag from the transport if there is one,
621 but assume FALSE if there is not. */
622
059ec3d9
PH		 623 done =
624 smtp_write_command(&outblock, FALSE, "RCPT TO:<%.1000s>\r\n",
c688b954 625 transport_rcpt_address(addr,
5417f6d1
PH		 626 (addr->transport == NULL)? FALSE :
627 addr->transport->rcpt_include_affixes)) >= 0 &&
059ec3d9
PH		 628 smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
629 '2', callout);
630
631 if (done)
632 new_address_record.result = ccache_accept;
633 else if (errno == 0 && responsebuffer[0] == '5')
2c7db3f5 634 {
8e669ac1 635 *failure_ptr = US"recipient";
059ec3d9 636 new_address_record.result = ccache_reject;
8e669ac1 637 }
059ec3d9 638
2a4be8f9
PH		 639 /* Do postmaster check if requested; if a full check is required, we
640 check for RCPT TO:<postmaster> (no domain) in accordance with RFC 821. */
059ec3d9
PH		 641
642 if (done && pm_mailfrom != NULL)
643 {
644 done =
645 smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0 &&
646 smtp_read_response(&inblock, responsebuffer,
647 sizeof(responsebuffer), '2', callout) &&
648
649 smtp_write_command(&outblock, FALSE,
650 "MAIL FROM:<%s>\r\n", pm_mailfrom) >= 0 &&
651 smtp_read_response(&inblock, responsebuffer,
652 sizeof(responsebuffer), '2', callout) &&
653
2a4be8f9
PH		 654 /* First try using the current domain */
655
656 ((
059ec3d9
PH		 657 smtp_write_command(&outblock, FALSE,
658 "RCPT TO:<postmaster@%.1000s>\r\n", addr->domain) >= 0 &&
659 smtp_read_response(&inblock, responsebuffer,
2a4be8f9
PH		 660 sizeof(responsebuffer), '2', callout)
661 )
662
663 ||
664
665 /* If that doesn't work, and a full check is requested,
666 try without the domain. */
667
668 (
669 (options & vopt_callout_fullpm) != 0 &&
670 smtp_write_command(&outblock, FALSE,
671 "RCPT TO:<postmaster>\r\n") >= 0 &&
672 smtp_read_response(&inblock, responsebuffer,
673 sizeof(responsebuffer), '2', callout)
674 ));
675
676 /* Sort out the cache record */
059ec3d9
PH		 677
678 new_domain_record.postmaster_stamp = time(NULL);
679
680 if (done)
681 new_domain_record.postmaster_result = ccache_accept;
682 else if (errno == 0 && responsebuffer[0] == '5')
683 {
8e669ac1 684 *failure_ptr = US"postmaster";
059ec3d9
PH		 685 setflag(addr, af_verify_pmfail);
686 new_domain_record.postmaster_result = ccache_reject;
687 }
688 }
689 } /* Random not accepted */
90e9ce59 690 } /* MAIL FROM: accepted */
059ec3d9
PH		 691
692 /* For any failure of the main check, other than a negative response, we just
693 close the connection and carry on. We can identify a negative response by the
694 fact that errno is zero. For I/O errors it will be non-zero
695
696 Set up different error texts for logging and for sending back to the caller
697 as an SMTP response. Log in all cases, using a one-line format. For sender
698 callouts, give a full response to the caller, but for recipient callouts,
699 don't give the IP address because this may be an internal host whose identity
700 is not to be widely broadcast. */
701
702 if (!done)
703 {
704 if (errno == ETIMEDOUT)
705 {
706 HDEBUG(D_verify) debug_printf("SMTP timeout\n");
8e669ac1 707 send_quit = FALSE;
059ec3d9
PH		 708 }
709 else if (errno == 0)
710 {
711 if (*responsebuffer == 0) Ustrcpy(responsebuffer, US"connection dropped");
712
713 addr->message =
714 string_sprintf("response to \"%s\" from %s [%s] was: %s",
715 big_buffer, host->name, host->address,
716 string_printing(responsebuffer));
717
718 addr->user_message = is_recipient?
719 string_sprintf("Callout verification failed:\n%s", responsebuffer)
720 :
721 string_sprintf("Called: %s\nSent: %s\nResponse: %s",
722 host->address, big_buffer, responsebuffer);
723
724 /* Hard rejection ends the process */
725
726 if (responsebuffer[0] == '5') /* Address rejected */
727 {
728 yield = FAIL;
729 done = TRUE;
730 }
731 }
732 }
733
734 /* End the SMTP conversation and close the connection. */
735
c9bdd01c 736 if (send_quit) (void)smtp_write_command(&outblock, FALSE, "QUIT\r\n");
f1e894f3 737 (void)close(inblock.sock);
059ec3d9
PH		 738 } /* Loop through all hosts, while !done */
739
740/* If we get here with done == TRUE, a successful callout happened, and yield
741will be set OK or FAIL according to the response to the RCPT command.
742Otherwise, we looped through the hosts but couldn't complete the business.
743However, there may be domain-specific information to cache in both cases.
744
745The value of the result field in the new_domain record is ccache_unknown if
90e9ce59 746there was an error before or with MAIL FROM:, and errno was not zero,
059ec3d9 747implying some kind of I/O error. We don't want to write the cache in that case.
2b1c6e3a 748Otherwise the value is ccache_accept, ccache_reject, or ccache_reject_mfnull. */
059ec3d9
PH		 749
750if (!callout_no_cache && new_domain_record.result != ccache_unknown)
751 {
752 if ((dbm_file = dbfn_open(US"callout", O_RDWR|O_CREAT, &dbblock, FALSE))
753 == NULL)
754 {
755 HDEBUG(D_verify) debug_printf("callout cache: not available\n");
756 }
757 else
758 {
759 (void)dbfn_write(dbm_file, addr->domain, &new_domain_record,
760 (int)sizeof(dbdata_callout_cache));
761 HDEBUG(D_verify) debug_printf("wrote callout cache domain record:\n"
762 " result=%d postmaster=%d random=%d\n",
763 new_domain_record.result,
764 new_domain_record.postmaster_result,
765 new_domain_record.random_result);
766 }
767 }
768
769/* If a definite result was obtained for the callout, cache it unless caching
770is disabled. */
771
772if (done)
773 {
774 if (!callout_no_cache && new_address_record.result != ccache_unknown)
775 {
776 if (dbm_file == NULL)
777 dbm_file = dbfn_open(US"callout", O_RDWR|O_CREAT, &dbblock, FALSE);
778 if (dbm_file == NULL)
779 {
780 HDEBUG(D_verify) debug_printf("no callout cache available\n");
781 }
782 else
783 {
784 (void)dbfn_write(dbm_file, address_key, &new_address_record,
785 (int)sizeof(dbdata_callout_cache_address));
786 HDEBUG(D_verify) debug_printf("wrote %s callout cache address record\n",
787 (new_address_record.result == ccache_accept)? "positive" : "negative");
788 }
789 }
790 } /* done */
791
792/* Failure to connect to any host, or any response other than 2xx or 5xx is a
793temporary error. If there was only one host, and a response was received, leave
794it alone if supplying details. Otherwise, give a generic response. */
795
796else /* !done */
797 {
798 uschar *dullmsg = string_sprintf("Could not complete %s verify callout",
799 is_recipient? "recipient" : "sender");
800 yield = DEFER;
801
802 if (host_list->next != NULL || addr->message == NULL) addr->message = dullmsg;
803
804 addr->user_message = (!smtp_return_error_details)? dullmsg :
805 string_sprintf("%s for <%s>.\n"
806 "The mail server(s) for the domain may be temporarily unreachable, or\n"
807 "they may be permanently unreachable from this server. In the latter case,\n%s",
808 dullmsg, addr->address,
809 is_recipient?
810 "the address will never be accepted."
811 :
812 "you need to change the address or create an MX record for its domain\n"
813 "if it is supposed to be generally accessible from the Internet.\n"
814 "Talk to your mail administrator for details.");
815
816 /* Force a specific error code */
817
818 addr->basic_errno = ERRNO_CALLOUTDEFER;
819 }
820
821/* Come here from within the cache-reading code on fast-track exit. */
822
823END_CALLOUT:
824if (dbm_file != NULL) dbfn_close(dbm_file);
825return yield;
826}
827
828
829
830/*************************************************
831* Copy error to toplevel address *
832*************************************************/
833
834/* This function is used when a verify fails or defers, to ensure that the
835failure or defer information is in the original toplevel address. This applies
836when an address is redirected to a single new address, and the failure or
837deferral happens to the child address.
838
839Arguments:
840 vaddr the verify address item
841 addr the final address item
842 yield FAIL or DEFER
843
844Returns: the value of YIELD
845*/
846
847static int
848copy_error(address_item *vaddr, address_item *addr, int yield)
849{
850if (addr != vaddr)
851 {
852 vaddr->message = addr->message;
853 vaddr->user_message = addr->user_message;
854 vaddr->basic_errno = addr->basic_errno;
855 vaddr->more_errno = addr->more_errno;
b37c4101 856 vaddr->p.address_data = addr->p.address_data;
42855d71 857 copyflag(vaddr, addr, af_pass_message);
059ec3d9
PH		 858 }
859return yield;
860}
861
862
863
864
ce552449
NM		 865/**************************************************
866* printf that automatically handles TLS if needed *
867***************************************************/
868
869/* This function is used by verify_address() as a substitute for all fprintf()
870calls; a direct fprintf() will not produce output in a TLS SMTP session, such
871as a response to an EXPN command. smtp_in.c makes smtp_printf available but
872that assumes that we always use the smtp_out FILE* when not using TLS or the
873ssl buffer when we are. Instead we take a FILE* parameter and check to see if
874that is smtp_out; if so, smtp_printf() with TLS support, otherwise regular
875fprintf().
876
877Arguments:
878 f the candidate FILE* to write to
879 format format string
880 ... optional arguments
881
882Returns:
883 nothing
884*/
885
886static void PRINTF_FUNCTION(2,3)
1ba28e2b 887respond_printf(FILE *f, const char *format, ...)
ce552449
NM		 888{
889va_list ap;
890
891va_start(ap, format);
892if (smtp_out && (f == smtp_out))
893 smtp_vprintf(format, ap);
894else
513afc6a 895 vfprintf(f, format, ap);
ce552449
NM		 896va_end(ap);
897}
898
899
900
059ec3d9
PH		 901/*************************************************
902* Verify an email address *
903*************************************************/
904
905/* This function is used both for verification (-bv and at other times) and
906address testing (-bt), which is indicated by address_test_mode being set.
907
908Arguments:
909 vaddr contains the address to verify; the next field in this block
910 must be NULL
911 f if not NULL, write the result to this file
912 options various option bits:
913 vopt_fake_sender => this sender verify is not for the real
914 sender (it was verify=sender=xxxx or an address from a
915 header line) - rewriting must not change sender_address
916 vopt_is_recipient => this is a recipient address, otherwise
917 it's a sender address - this affects qualification and
918 rewriting and messages from callouts
919 vopt_qualify => qualify an unqualified address; else error
920 vopt_expn => called from SMTP EXPN command
eafd343b
TK		 921 vopt_success_on_redirect => when a new address is generated
922 the verification instantly succeeds
059ec3d9
PH		 923
924 These ones are used by do_callout() -- the options variable
925 is passed to it.
926
2a4be8f9 927 vopt_callout_fullpm => if postmaster check, do full one
059ec3d9
PH		 928 vopt_callout_no_cache => don't use callout cache
929 vopt_callout_random => do the "random" thing
930 vopt_callout_recipsender => use real sender for recipient
931 vopt_callout_recippmaster => use postmaster for recipient
932
933 callout if > 0, specifies that callout is required, and gives timeout
4deaf07d 934 for individual commands
059ec3d9
PH		 935 callout_overall if > 0, gives overall timeout for the callout function;
936 if < 0, a default is used (see do_callout())
8e669ac1 937 callout_connect the connection timeout for callouts
059ec3d9
PH		 938 se_mailfrom when callout is requested to verify a sender, use this
939 in MAIL FROM; NULL => ""
940 pm_mailfrom when callout is requested, if non-NULL, do the postmaster
941 thing and use this as the sender address (may be "")
942
943 routed if not NULL, set TRUE if routing succeeded, so we can
944 distinguish between routing failed and callout failed
945
946Returns: OK address verified
947 FAIL address failed to verify
948 DEFER can't tell at present
949*/
950
951int
952verify_address(address_item *vaddr, FILE *f, int options, int callout,
8e669ac1 953 int callout_overall, int callout_connect, uschar *se_mailfrom,
4deaf07d 954 uschar *pm_mailfrom, BOOL *routed)
059ec3d9
PH		 955{
956BOOL allok = TRUE;
957BOOL full_info = (f == NULL)? FALSE : (debug_selector != 0);
958BOOL is_recipient = (options & vopt_is_recipient) != 0;
959BOOL expn = (options & vopt_expn) != 0;
eafd343b 960BOOL success_on_redirect = (options & vopt_success_on_redirect) != 0;
059ec3d9
PH		 961int i;
962int yield = OK;
963int verify_type = expn? v_expn :
964 address_test_mode? v_none :
965 is_recipient? v_recipient : v_sender;
966address_item *addr_list;
967address_item *addr_new = NULL;
968address_item *addr_remote = NULL;
969address_item *addr_local = NULL;
970address_item *addr_succeed = NULL;
8e669ac1 971uschar **failure_ptr = is_recipient?
2c7db3f5 972 &recipient_verify_failure : &sender_verify_failure;
059ec3d9
PH		 973uschar *ko_prefix, *cr;
974uschar *address = vaddr->address;
975uschar *save_sender;
976uschar null_sender[] = { 0 }; /* Ensure writeable memory */
977
2c7db3f5
PH		 978/* Clear, just in case */
979
980*failure_ptr = NULL;
981
059ec3d9
PH		 982/* Set up a prefix and suffix for error message which allow us to use the same
983output statements both in EXPN mode (where an SMTP response is needed) and when
984debugging with an output file. */
985
986if (expn)
987 {
988 ko_prefix = US"553 ";
989 cr = US"\r";
990 }
991else ko_prefix = cr = US"";
992
993/* Add qualify domain if permitted; otherwise an unqualified address fails. */
994
995if (parse_find_at(address) == NULL)
996 {
997 if ((options & vopt_qualify) == 0)
998 {
999 if (f != NULL)
ce552449
NM		 1000 respond_printf(f, "%sA domain is required for \"%s\"%s\n",
1001 ko_prefix, address, cr);
8e669ac1 1002 *failure_ptr = US"qualify";
059ec3d9
PH		 1003 return FAIL;
1004 }
1005 address = rewrite_address_qualify(address, is_recipient);
1006 }
1007
1008DEBUG(D_verify)
1009 {
1010 debug_printf(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n");
1011 debug_printf("%s %s\n", address_test_mode? "Testing" : "Verifying", address);
1012 }
1013
1014/* Rewrite and report on it. Clear the domain and local part caches - these
1015may have been set by domains and local part tests during an ACL. */
1016
1017if (global_rewrite_rules != NULL)
1018 {
1019 uschar *old = address;
1020 address = rewrite_address(address, is_recipient, FALSE,
1021 global_rewrite_rules, rewrite_existflags);
1022 if (address != old)
1023 {
1024 for (i = 0; i < (MAX_NAMED_LIST * 2)/32; i++) vaddr->localpart_cache[i] = 0;
1025 for (i = 0; i < (MAX_NAMED_LIST * 2)/32; i++) vaddr->domain_cache[i] = 0;
1026 if (f != NULL && !expn) fprintf(f, "Address rewritten as: %s\n", address);
1027 }
1028 }
1029
1030/* If this is the real sender address, we must update sender_address at
1031this point, because it may be referred to in the routers. */
1032
1033if ((options & (vopt_fake_sender|vopt_is_recipient)) == 0)
1034 sender_address = address;
1035
1036/* If the address was rewritten to <> no verification can be done, and we have
1037to return OK. This rewriting is permitted only for sender addresses; for other
1038addresses, such rewriting fails. */
1039
1040if (address[0] == 0) return OK;
1041
1042/* Save a copy of the sender address for re-instating if we change it to <>
1043while verifying a sender address (a nice bit of self-reference there). */
1044
1045save_sender = sender_address;
1046
1047/* Update the address structure with the possibly qualified and rewritten
1048address. Set it up as the starting address on the chain of new addresses. */
1049
1050vaddr->address = address;
1051addr_new = vaddr;
1052
1053/* We need a loop, because an address can generate new addresses. We must also
1054cope with generated pipes and files at the top level. (See also the code and
1055comment in deliver.c.) However, it is usually the case that the router for
1056user's .forward files has its verify flag turned off.
1057
1058If an address generates more than one child, the loop is used only when
1059full_info is set, and this can only be set locally. Remote enquiries just get
1060information about the top level address, not anything that it generated. */
1061
1062while (addr_new != NULL)
1063 {
1064 int rc;
1065 address_item *addr = addr_new;
1066
1067 addr_new = addr->next;
1068 addr->next = NULL;
1069
1070 DEBUG(D_verify)
1071 {
1072 debug_printf(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n");
1073 debug_printf("Considering %s\n", addr->address);
1074 }
1075
1076 /* Handle generated pipe, file or reply addresses. We don't get these
1077 when handling EXPN, as it does only one level of expansion. */
1078
1079 if (testflag(addr, af_pfr))
1080 {
1081 allok = FALSE;
1082 if (f != NULL)
1083 {
1084 BOOL allow;
1085
1086 if (addr->address[0] == '>')
1087 {
1088 allow = testflag(addr, af_allow_reply);
1089 fprintf(f, "%s -> mail %s", addr->parent->address, addr->address + 1);
1090 }
1091 else
1092 {
1093 allow = (addr->address[0] == '|')?
1094 testflag(addr, af_allow_pipe) : testflag(addr, af_allow_file);
1095 fprintf(f, "%s -> %s", addr->parent->address, addr->address);
1096 }
1097
1098 if (addr->basic_errno == ERRNO_BADTRANSPORT)
1099 fprintf(f, "\n*** Error in setting up pipe, file, or autoreply:\n"
1100 "%s\n", addr->message);
1101 else if (allow)
1102 fprintf(f, "\n transport = %s\n", addr->transport->name);
1103 else
1104 fprintf(f, " *** forbidden ***\n");
1105 }
1106 continue;
1107 }
1108
1109 /* Just in case some router parameter refers to it. */
1110
1111 return_path = (addr->p.errors_address != NULL)?
1112 addr->p.errors_address : sender_address;
1113
1114 /* Split the address into domain and local part, handling the %-hack if
1115 necessary, and then route it. While routing a sender address, set
1116 $sender_address to <> because that is what it will be if we were trying to
1117 send a bounce to the sender. */
1118
1119 if (routed != NULL) *routed = FALSE;
1120 if ((rc = deliver_split_address(addr)) == OK)
1121 {
1122 if (!is_recipient) sender_address = null_sender;
1123 rc = route_address(addr, &addr_local, &addr_remote, &addr_new,
1124 &addr_succeed, verify_type);
1125 sender_address = save_sender; /* Put back the real sender */
1126 }
1127
1128 /* If routing an address succeeded, set the flag that remembers, for use when
1129 an ACL cached a sender verify (in case a callout fails). Then if routing set
1130 up a list of hosts or the transport has a host list, and the callout option
1131 is set, and we aren't in a host checking run, do the callout verification,
1132 and set another flag that notes that a callout happened. */
1133
1134 if (rc == OK)
1135 {
1136 if (routed != NULL) *routed = TRUE;
1137 if (callout > 0)
1138 {
1139 host_item *host_list = addr->host_list;
1140
26da7e20
PH		 1141 /* Make up some data for use in the case where there is no remote
1142 transport. */
1143
1144 transport_feedback tf = {
1145 NULL, /* interface (=> any) */
1146 US"smtp", /* port */
1147 US"smtp", /* protocol */
1148 NULL, /* hosts */
1149 US"$smtp_active_hostname", /* helo_data */
1150 FALSE, /* hosts_override */
1151 FALSE, /* hosts_randomize */
1152 FALSE, /* gethostbyname */
1153 TRUE, /* qualify_single */
1154 FALSE /* search_parents */
1155 };
059ec3d9
PH		 1156
1157 /* If verification yielded a remote transport, we want to use that
1158 transport's options, so as to mimic what would happen if we were really
1159 sending a message to this address. */
1160
1161 if (addr->transport != NULL && !addr->transport->info->local)
1162 {
929ba01c 1163 (void)(addr->transport->setup)(addr->transport, addr, &tf, 0, 0, NULL);
059ec3d9
PH		 1164
1165 /* If the transport has hosts and the router does not, or if the
1166 transport is configured to override the router's hosts, we must build a
1167 host list of the transport's hosts, and find the IP addresses */
1168
1169 if (tf.hosts != NULL && (host_list == NULL || tf.hosts_override))
1170 {
1171 uschar *s;
750af86e
PH		 1172 uschar *save_deliver_domain = deliver_domain;
1173 uschar *save_deliver_localpart = deliver_localpart;
059ec3d9
PH		 1174
1175 host_list = NULL; /* Ignore the router's hosts */
1176
1177 deliver_domain = addr->domain;
1178 deliver_localpart = addr->local_part;
1179 s = expand_string(tf.hosts);
750af86e
PH		 1180 deliver_domain = save_deliver_domain;
1181 deliver_localpart = save_deliver_localpart;
059ec3d9
PH		 1182
1183 if (s == NULL)
1184 {
1185 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand list of hosts "
1186 "\"%s\" in %s transport for callout: %s", tf.hosts,
1187 addr->transport->name, expand_string_message);
1188 }
1189 else
1190 {
322050c2 1191 int flags;
059ec3d9 1192 uschar *canonical_name;
d8ef3577 1193 host_item *host, *nexthost;
059ec3d9
PH		 1194 host_build_hostlist(&host_list, s, tf.hosts_randomize);
1195
1196 /* Just ignore failures to find a host address. If we don't manage
8e669ac1
PH		 1197 to find any addresses, the callout will defer. Note that more than
1198 one address may be found for a single host, which will result in
1199 additional host items being inserted into the chain. Hence we must
d8ef3577 1200 save the next host first. */
059ec3d9 1201
322050c2
PH		 1202 flags = HOST_FIND_BY_A;
1203 if (tf.qualify_single) flags |= HOST_FIND_QUALIFY_SINGLE;
1204 if (tf.search_parents) flags |= HOST_FIND_SEARCH_PARENTS;
1205
d8ef3577 1206 for (host = host_list; host != NULL; host = nexthost)
059ec3d9 1207 {
d8ef3577 1208 nexthost = host->next;
8e669ac1 1209 if (tf.gethostbyname ||
7e66e54d 1210 string_is_ip_address(host->name, NULL) != 0)
322050c2 1211 (void)host_find_byname(host, NULL, flags, &canonical_name, TRUE);
059ec3d9 1212 else
059ec3d9
PH		 1213 (void)host_find_bydns(host, NULL, flags, NULL, NULL, NULL,
1214 &canonical_name, NULL);
059ec3d9
PH		 1215 }
1216 }
1217 }
1218 }
1219
8e669ac1 1220 /* Can only do a callout if we have at least one host! If the callout
2c7db3f5 1221 fails, it will have set ${sender,recipient}_verify_failure. */
059ec3d9
PH		 1222
1223 if (host_list != NULL)
1224 {
1225 HDEBUG(D_verify) debug_printf("Attempting full verification using callout\n");
1226 if (host_checking && !host_checking_callout)
1227 {
1228 HDEBUG(D_verify)
1229 debug_printf("... callout omitted by default when host testing\n"
1230 "(Use -bhc if you want the callouts to happen.)\n");
1231 }
1232 else
1233 {
1234 rc = do_callout(addr, host_list, &tf, callout, callout_overall,
4deaf07d 1235 callout_connect, options, se_mailfrom, pm_mailfrom);
059ec3d9
PH		 1236 }
1237 }
1238 else
1239 {
1240 HDEBUG(D_verify) debug_printf("Cannot do callout: neither router nor "
1241 "transport provided a host list\n");
1242 }
1243 }
1244 }
8e669ac1 1245
2c7db3f5 1246 /* Otherwise, any failure is a routing failure */
8e669ac1
PH		 1247
1248 else *failure_ptr = US"route";
059ec3d9
PH		 1249
1250 /* A router may return REROUTED if it has set up a child address as a result
1251 of a change of domain name (typically from widening). In this case we always
1252 want to continue to verify the new child. */
1253
1254 if (rc == REROUTED) continue;
8e669ac1 1255
059ec3d9
PH		 1256 /* Handle hard failures */
1257
1258 if (rc == FAIL)
1259 {
1260 allok = FALSE;
1261 if (f != NULL)
1262 {
e6f6568e
PH		 1263 address_item *p = addr->parent;
1264
ce552449
NM		 1265 respond_printf(f, "%s%s %s", ko_prefix,
1266 full_info? addr->address : address,
059ec3d9
PH		 1267 address_test_mode? "is undeliverable" : "failed to verify");
1268 if (!expn && admin_user)
1269 {
1270 if (addr->basic_errno > 0)
ce552449 1271 respond_printf(f, ": %s", strerror(addr->basic_errno));
059ec3d9 1272 if (addr->message != NULL)
ce552449 1273 respond_printf(f, ": %s", addr->message);
e6f6568e
PH		 1274 }
1275
1276 /* Show parents iff doing full info */
1277
1278 if (full_info) while (p != NULL)
1279 {
ce552449 1280 respond_printf(f, "%s\n <-- %s", cr, p->address);
e6f6568e 1281 p = p->parent;
059ec3d9 1282 }
ce552449 1283 respond_printf(f, "%s\n", cr);
059ec3d9
PH		 1284 }
1285
1286 if (!full_info) return copy_error(vaddr, addr, FAIL);
1287 else yield = FAIL;
1288 }
1289
1290 /* Soft failure */
1291
1292 else if (rc == DEFER)
1293 {
1294 allok = FALSE;
1295 if (f != NULL)
1296 {
e6f6568e 1297 address_item *p = addr->parent;
ce552449 1298 respond_printf(f, "%s%s cannot be resolved at this time", ko_prefix,
322050c2 1299 full_info? addr->address : address);
059ec3d9
PH		 1300 if (!expn && admin_user)
1301 {
1302 if (addr->basic_errno > 0)
ce552449 1303 respond_printf(f, ": %s", strerror(addr->basic_errno));
059ec3d9 1304 if (addr->message != NULL)
ce552449 1305 respond_printf(f, ": %s", addr->message);
059ec3d9 1306 else if (addr->basic_errno <= 0)
ce552449 1307 respond_printf(f, ": unknown error");
059ec3d9
PH		 1308 }
1309
e6f6568e
PH		 1310 /* Show parents iff doing full info */
1311
1312 if (full_info) while (p != NULL)
1313 {
ce552449 1314 respond_printf(f, "%s\n <-- %s", cr, p->address);
e6f6568e
PH		 1315 p = p->parent;
1316 }
ce552449 1317 respond_printf(f, "%s\n", cr);
059ec3d9
PH		 1318 }
1319 if (!full_info) return copy_error(vaddr, addr, DEFER);
1320 else if (yield == OK) yield = DEFER;
1321 }
1322
1323 /* If we are handling EXPN, we do not want to continue to route beyond
e6f6568e 1324 the top level (whose address is in "address"). */
059ec3d9
PH		 1325
1326 else if (expn)
1327 {
1328 uschar *ok_prefix = US"250-";
1329 if (addr_new == NULL)
1330 {
1331 if (addr_local == NULL && addr_remote == NULL)
ce552449 1332 respond_printf(f, "250 mail to <%s> is discarded\r\n", address);
059ec3d9 1333 else
ce552449 1334 respond_printf(f, "250 <%s>\r\n", address);
059ec3d9
PH		 1335 }
1336 else while (addr_new != NULL)
1337 {
1338 address_item *addr2 = addr_new;
1339 addr_new = addr2->next;
1340 if (addr_new == NULL) ok_prefix = US"250 ";
ce552449 1341 respond_printf(f, "%s<%s>\r\n", ok_prefix, addr2->address);
059ec3d9
PH		 1342 }
1343 return OK;
1344 }
1345
1346 /* Successful routing other than EXPN. */
1347
1348 else
1349 {
1350 /* Handle successful routing when short info wanted. Otherwise continue for
1351 other (generated) addresses. Short info is the operational case. Full info
1352 can be requested only when debug_selector != 0 and a file is supplied.
1353
1354 There is a conflict between the use of aliasing as an alternate email
1355 address, and as a sort of mailing list. If an alias turns the incoming
1356 address into just one address (e.g. J.Caesar->jc44) you may well want to
1357 carry on verifying the generated address to ensure it is valid when
1358 checking incoming mail. If aliasing generates multiple addresses, you
1359 probably don't want to do this. Exim therefore treats the generation of
1360 just a single new address as a special case, and continues on to verify the
1361 generated address. */
1362
1363 if (!full_info && /* Stop if short info wanted AND */
eafd343b
TK		 1364 (((addr_new == NULL || /* No new address OR */
1365 addr_new->next != NULL || /* More than one new address OR */
1366 testflag(addr_new, af_pfr))) /* New address is pfr */
1367 || /* OR */
1368 (addr_new != NULL && /* At least one new address AND */
1369 success_on_redirect))) /* success_on_redirect is set */
059ec3d9 1370 {
322050c2 1371 if (f != NULL) fprintf(f, "%s %s\n", address,
059ec3d9
PH		 1372 address_test_mode? "is deliverable" : "verified");
1373
1374 /* If we have carried on to verify a child address, we want the value
1375 of $address_data to be that of the child */
1376
1377 vaddr->p.address_data = addr->p.address_data;
1378 return OK;
1379 }
1380 }
1381 } /* Loop for generated addresses */
1382
1383/* Display the full results of the successful routing, including any generated
1384addresses. Control gets here only when full_info is set, which requires f not
1385to be NULL, and this occurs only when a top-level verify is called with the
1386debugging switch on.
1387
1388If there are no local and no remote addresses, and there were no pipes, files,
1389or autoreplies, and there were no errors or deferments, the message is to be
1390discarded, usually because of the use of :blackhole: in an alias file. */
1391
1392if (allok && addr_local == NULL && addr_remote == NULL)
dbcef0ea 1393 {
059ec3d9 1394 fprintf(f, "mail to %s is discarded\n", address);
dbcef0ea
PH		 1395 return yield;
1396 }
059ec3d9 1397
dbcef0ea 1398for (addr_list = addr_local, i = 0; i < 2; addr_list = addr_remote, i++)
059ec3d9
PH		 1399 {
1400 while (addr_list != NULL)
1401 {
1402 address_item *addr = addr_list;
1403 address_item *p = addr->parent;
1404 addr_list = addr->next;
1405
1406 fprintf(f, "%s", CS addr->address);
384152a6
TK		 1407#ifdef EXPERIMENTAL_SRS
1408 if(addr->p.srs_sender)
1409 fprintf(f, " [srs = %s]", addr->p.srs_sender);
1410#endif
dbcef0ea
PH		 1411
1412 /* If the address is a duplicate, show something about it. */
1413
1414 if (!testflag(addr, af_pfr))
1415 {
1416 tree_node *tnode;
1417 if ((tnode = tree_search(tree_duplicates, addr->unique)) != NULL)
1418 fprintf(f, " [duplicate, would not be delivered]");
1419 else tree_add_duplicate(addr->unique, addr);
1420 }
1421
1422 /* Now show its parents */
1423
059ec3d9
PH		 1424 while (p != NULL)
1425 {
1426 fprintf(f, "\n <-- %s", p->address);
1427 p = p->parent;
1428 }
1429 fprintf(f, "\n ");
1430
1431 /* Show router, and transport */
1432
1433 fprintf(f, "router = %s, ", addr->router->name);
1434 fprintf(f, "transport = %s\n", (addr->transport == NULL)? US"unset" :
1435 addr->transport->name);
1436
1437 /* Show any hosts that are set up by a router unless the transport
1438 is going to override them; fiddle a bit to get a nice format. */
1439
1440 if (addr->host_list != NULL && addr->transport != NULL &&
1441 !addr->transport->overrides_hosts)
1442 {
1443 host_item *h;
1444 int maxlen = 0;
1445 int maxaddlen = 0;
1446 for (h = addr->host_list; h != NULL; h = h->next)
1447 {
1448 int len = Ustrlen(h->name);
1449 if (len > maxlen) maxlen = len;
1450 len = (h->address != NULL)? Ustrlen(h->address) : 7;
1451 if (len > maxaddlen) maxaddlen = len;
1452 }
1453 for (h = addr->host_list; h != NULL; h = h->next)
1454 {
1455 int len = Ustrlen(h->name);
1456 fprintf(f, " host %s ", h->name);
1457 while (len++ < maxlen) fprintf(f, " ");
1458 if (h->address != NULL)
1459 {
1460 fprintf(f, "[%s] ", h->address);
1461 len = Ustrlen(h->address);
1462 }
1463 else if (!addr->transport->info->local) /* Omit [unknown] for local */
1464 {
1465 fprintf(f, "[unknown] ");
1466 len = 7;
1467 }
1468 else len = -3;
1469 while (len++ < maxaddlen) fprintf(f," ");
1470 if (h->mx >= 0) fprintf(f, "MX=%d", h->mx);
1471 if (h->port != PORT_NONE) fprintf(f, " port=%d", h->port);
1472 if (h->status == hstatus_unusable) fprintf(f, " ** unusable **");
1473 fprintf(f, "\n");
1474 }
1475 }
1476 }
1477 }
1478
8e669ac1 1479/* Will be DEFER or FAIL if any one address has, only for full_info (which is
2c7db3f5
PH		 1480the -bv or -bt case). */
1481
8e669ac1 1482return yield;
059ec3d9
PH		 1483}
1484
1485
1486
1487
1488/*************************************************
1489* Check headers for syntax errors *
1490*************************************************/
1491
1492/* This function checks those header lines that contain addresses, and verifies
1493that all the addresses therein are syntactially correct.
1494
1495Arguments:
1496 msgptr where to put an error message
1497
1498Returns: OK
1499 FAIL
1500*/
1501
1502int
1503verify_check_headers(uschar **msgptr)
1504{
1505header_line *h;
1506uschar *colon, *s;
1eccaa59 1507int yield = OK;
059ec3d9 1508
1eccaa59 1509for (h = header_list; h != NULL && yield == OK; h = h->next)
059ec3d9
PH		 1510 {
1511 if (h->type != htype_from &&
1512 h->type != htype_reply_to &&
1513 h->type != htype_sender &&
1514 h->type != htype_to &&
1515 h->type != htype_cc &&
1516 h->type != htype_bcc)
1517 continue;
1518
1519 colon = Ustrchr(h->text, ':');
1520 s = colon + 1;
1521 while (isspace(*s)) s++;
1522
1eccaa59
PH		 1523 /* Loop for multiple addresses in the header, enabling group syntax. Note
1524 that we have to reset this after the header has been scanned. */
059ec3d9 1525
1eccaa59 1526 parse_allow_group = TRUE;
059ec3d9
PH		 1527
1528 while (*s != 0)
1529 {
1530 uschar *ss = parse_find_address_end(s, FALSE);
1531 uschar *recipient, *errmess;
1532 int terminator = *ss;
1533 int start, end, domain;
1534
1535 /* Temporarily terminate the string at this point, and extract the
1eccaa59 1536 operative address within, allowing group syntax. */
059ec3d9
PH		 1537
1538 *ss = 0;
1539 recipient = parse_extract_address(s,&errmess,&start,&end,&domain,FALSE);
1540 *ss = terminator;
1541
1542 /* Permit an unqualified address only if the message is local, or if the
1543 sending host is configured to be permitted to send them. */
1544
1545 if (recipient != NULL && domain == 0)
1546 {
1547 if (h->type == htype_from || h->type == htype_sender)
1548 {
1549 if (!allow_unqualified_sender) recipient = NULL;
1550 }
1551 else
1552 {
1553 if (!allow_unqualified_recipient) recipient = NULL;
1554 }
1555 if (recipient == NULL) errmess = US"unqualified address not permitted";
1556 }
1557
1558 /* It's an error if no address could be extracted, except for the special
1559 case of an empty address. */
1560
1561 if (recipient == NULL && Ustrcmp(errmess, "empty address") != 0)
1562 {
1563 uschar *verb = US"is";
1564 uschar *t = ss;
1ab95fa6 1565 uschar *tt = colon;
059ec3d9
PH		 1566 int len;
1567
1568 /* Arrange not to include any white space at the end in the
1ab95fa6 1569 error message or the header name. */
059ec3d9
PH		 1570
1571 while (t > s && isspace(t[-1])) t--;
1ab95fa6 1572 while (tt > h->text && isspace(tt[-1])) tt--;
059ec3d9 1573
1ab95fa6 1574 /* Add the address that failed to the error message, since in a
059ec3d9
PH		 1575 header with very many addresses it is sometimes hard to spot
1576 which one is at fault. However, limit the amount of address to
1577 quote - cases have been seen where, for example, a missing double
1578 quote in a humungous To: header creates an "address" that is longer
1579 than string_sprintf can handle. */
1580
1581 len = t - s;
1582 if (len > 1024)
1583 {
1584 len = 1024;
1585 verb = US"begins";
1586 }
1587
1588 *msgptr = string_printing(
1ab95fa6
PH		 1589 string_sprintf("%s: failing address in \"%.*s:\" header %s: %.*s",
1590 errmess, tt - h->text, h->text, verb, len, s));
059ec3d9 1591
1eccaa59
PH		 1592 yield = FAIL;
1593 break; /* Out of address loop */
059ec3d9
PH		 1594 }
1595
1596 /* Advance to the next address */
1597
1598 s = ss + (terminator? 1:0);
1599 while (isspace(*s)) s++;
1600 } /* Next address */
059ec3d9 1601
1eccaa59
PH		 1602 parse_allow_group = FALSE;
1603 parse_found_group = FALSE;
1604 } /* Next header unless yield has been set FALSE */
1605
1606return yield;
059ec3d9
PH		 1607}
1608
1609
1610
1c41c9cc
PH		 1611/*************************************************
1612* Check for blind recipients *
1613*************************************************/
1614
1615/* This function checks that every (envelope) recipient is mentioned in either
1616the To: or Cc: header lines, thus detecting blind carbon copies.
1617
1618There are two ways of scanning that could be used: either scan the header lines
1619and tick off the recipients, or scan the recipients and check the header lines.
1620The original proposed patch did the former, but I have chosen to do the latter,
1621because (a) it requires no memory and (b) will use fewer resources when there
1622are many addresses in To: and/or Cc: and only one or two envelope recipients.
1623
1624Arguments: none
1625Returns: OK if there are no blind recipients
1626 FAIL if there is at least one blind recipient
1627*/
1628
1629int
1630verify_check_notblind(void)
1631{
1632int i;
1633for (i = 0; i < recipients_count; i++)
1634 {
1635 header_line *h;
1636 BOOL found = FALSE;
1637 uschar *address = recipients_list[i].address;
1638
1639 for (h = header_list; !found && h != NULL; h = h->next)
1640 {
1641 uschar *colon, *s;
1642
1643 if (h->type != htype_to && h->type != htype_cc) continue;
1644
1645 colon = Ustrchr(h->text, ':');
1646 s = colon + 1;
1647 while (isspace(*s)) s++;
1648
1eccaa59
PH		 1649 /* Loop for multiple addresses in the header, enabling group syntax. Note
1650 that we have to reset this after the header has been scanned. */
1c41c9cc 1651
1eccaa59 1652 parse_allow_group = TRUE;
1c41c9cc
PH		 1653
1654 while (*s != 0)
1655 {
1656 uschar *ss = parse_find_address_end(s, FALSE);
1657 uschar *recipient,*errmess;
1658 int terminator = *ss;
1659 int start, end, domain;
1660
1661 /* Temporarily terminate the string at this point, and extract the
1eccaa59 1662 operative address within, allowing group syntax. */
1c41c9cc
PH		 1663
1664 *ss = 0;
1665 recipient = parse_extract_address(s,&errmess,&start,&end,&domain,FALSE);
1666 *ss = terminator;
1667
1668 /* If we found a valid recipient that has a domain, compare it with the
1669 envelope recipient. Local parts are compared case-sensitively, domains
1670 case-insensitively. By comparing from the start with length "domain", we
1671 include the "@" at the end, which ensures that we are comparing the whole
1672 local part of each address. */
1673
1674 if (recipient != NULL && domain != 0)
1675 {
1676 found = Ustrncmp(recipient, address, domain) == 0 &&
1677 strcmpic(recipient + domain, address + domain) == 0;
1678 if (found) break;
1679 }
1680
1681 /* Advance to the next address */
1682
1683 s = ss + (terminator? 1:0);
1684 while (isspace(*s)) s++;
1685 } /* Next address */
1eccaa59
PH		 1686
1687 parse_allow_group = FALSE;
1688 parse_found_group = FALSE;
1c41c9cc
PH		 1689 } /* Next header (if found is false) */
1690
1691 if (!found) return FAIL;
1692 } /* Next recipient */
1693
1694return OK;
1695}
1696
1697
059ec3d9
PH		 1698
1699/*************************************************
1700* Find if verified sender *
1701*************************************************/
1702
1703/* Usually, just a single address is verified as the sender of the message.
1704However, Exim can be made to verify other addresses as well (often related in
1705some way), and this is useful in some environments. There may therefore be a
1706chain of such addresses that have previously been tested. This function finds
1707whether a given address is on the chain.
1708
1709Arguments: the address to be verified
1710Returns: pointer to an address item, or NULL
1711*/
1712
1713address_item *
1714verify_checked_sender(uschar *sender)
1715{
1716address_item *addr;
1717for (addr = sender_verified_list; addr != NULL; addr = addr->next)
1718 if (Ustrcmp(sender, addr->address) == 0) break;
1719return addr;
1720}
1721
1722
1723
1724
1725
1726/*************************************************
1727* Get valid header address *
1728*************************************************/
1729
1730/* Scan the originator headers of the message, looking for an address that
1731verifies successfully. RFC 822 says:
1732
1733 o The "Sender" field mailbox should be sent notices of
1734 any problems in transport or delivery of the original
1735 messages. If there is no "Sender" field, then the
1736 "From" field mailbox should be used.
1737
1738 o If the "Reply-To" field exists, then the reply should
1739 go to the addresses indicated in that field and not to
1740 the address(es) indicated in the "From" field.
1741
1742So we check a Sender field if there is one, else a Reply_to field, else a From
1743field. As some strange messages may have more than one of these fields,
1744especially if they are resent- fields, check all of them if there is more than
1745one.
1746
1747Arguments:
1748 user_msgptr points to where to put a user error message
1749 log_msgptr points to where to put a log error message
1750 callout timeout for callout check (passed to verify_address())
1751 callout_overall overall callout timeout (ditto)
8e669ac1 1752 callout_connect connect callout timeout (ditto)
059ec3d9
PH		 1753 se_mailfrom mailfrom for verify; NULL => ""
1754 pm_mailfrom sender for pm callout check (passed to verify_address())
1755 options callout options (passed to verify_address())
8e669ac1 1756 verrno where to put the address basic_errno
059ec3d9
PH		 1757
1758If log_msgptr is set to something without setting user_msgptr, the caller
1759normally uses log_msgptr for both things.
1760
1761Returns: result of the verification attempt: OK, FAIL, or DEFER;
1762 FAIL is given if no appropriate headers are found
1763*/
1764
1765int
1766verify_check_header_address(uschar **user_msgptr, uschar **log_msgptr,
8e669ac1 1767 int callout, int callout_overall, int callout_connect, uschar *se_mailfrom,
fe5b5d0b 1768 uschar *pm_mailfrom, int options, int *verrno)
059ec3d9
PH		 1769{
1770static int header_types[] = { htype_sender, htype_reply_to, htype_from };
1eccaa59 1771BOOL done = FALSE;
059ec3d9
PH		 1772int yield = FAIL;
1773int i;
1774
1eccaa59 1775for (i = 0; i < 3 && !done; i++)
059ec3d9
PH		 1776 {
1777 header_line *h;
1eccaa59 1778 for (h = header_list; h != NULL && !done; h = h->next)
059ec3d9
PH		 1779 {
1780 int terminator, new_ok;
1781 uschar *s, *ss, *endname;
1782
1783 if (h->type != header_types[i]) continue;
1784 s = endname = Ustrchr(h->text, ':') + 1;
1785
1eccaa59
PH		 1786 /* Scan the addresses in the header, enabling group syntax. Note that we
1787 have to reset this after the header has been scanned. */
1788
1789 parse_allow_group = TRUE;
1790
059ec3d9
PH		 1791 while (*s != 0)
1792 {
1793 address_item *vaddr;
1794
1795 while (isspace(*s) || *s == ',') s++;
1796 if (*s == 0) break; /* End of header */
1797
1798 ss = parse_find_address_end(s, FALSE);
1799
1800 /* The terminator is a comma or end of header, but there may be white
1801 space preceding it (including newline for the last address). Move back
1802 past any white space so we can check against any cached envelope sender
1803 address verifications. */
1804
1805 while (isspace(ss[-1])) ss--;
1806 terminator = *ss;
1807 *ss = 0;
1808
1809 HDEBUG(D_verify) debug_printf("verifying %.*s header address %s\n",
1810 (int)(endname - h->text), h->text, s);
1811
1812 /* See if we have already verified this address as an envelope sender,
1813 and if so, use the previous answer. */
1814
1815 vaddr = verify_checked_sender(s);
1816
1817 if (vaddr != NULL && /* Previously checked */
1818 (callout <= 0 || /* No callout needed; OR */
1819 vaddr->special_action > 256)) /* Callout was done */
1820 {
1821 new_ok = vaddr->special_action & 255;
1822 HDEBUG(D_verify) debug_printf("previously checked as envelope sender\n");
1823 *ss = terminator; /* Restore shortened string */
1824 }
1825
1826 /* Otherwise we run the verification now. We must restore the shortened
1827 string before running the verification, so the headers are correct, in
1828 case there is any rewriting. */
1829
1830 else
1831 {
1832 int start, end, domain;
1eccaa59
PH		 1833 uschar *address = parse_extract_address(s, log_msgptr, &start, &end,
1834 &domain, FALSE);
059ec3d9
PH		 1835
1836 *ss = terminator;
1837
1eccaa59
PH		 1838 /* If we found an empty address, just carry on with the next one, but
1839 kill the message. */
1840
1841 if (address == NULL && Ustrcmp(*log_msgptr, "empty address") == 0)
1842 {
1843 *log_msgptr = NULL;
1844 s = ss;
1845 continue;
1846 }
1847
059ec3d9
PH		 1848 /* If verification failed because of a syntax error, fail this
1849 function, and ensure that the failing address gets added to the error
1850 message. */
1851
1852 if (address == NULL)
1853 {
1854 new_ok = FAIL;
1eccaa59
PH		 1855 while (ss > s && isspace(ss[-1])) ss--;
1856 *log_msgptr = string_sprintf("syntax error in '%.*s' header when "
1857 "scanning for sender: %s in \"%.*s\"",
1858 endname - h->text, h->text, *log_msgptr, ss - s, s);
1859 yield = FAIL;
1860 done = TRUE;
1861 break;
059ec3d9
PH		 1862 }
1863
2f6603e1 1864 /* Else go ahead with the sender verification. But it isn't *the*
059ec3d9
PH		 1865 sender of the message, so set vopt_fake_sender to stop sender_address
1866 being replaced after rewriting or qualification. */
1867
1868 else
1869 {
1870 vaddr = deliver_make_addr(address, FALSE);
1871 new_ok = verify_address(vaddr, NULL, options | vopt_fake_sender,
8e669ac1 1872 callout, callout_overall, callout_connect, se_mailfrom,
4deaf07d 1873 pm_mailfrom, NULL);
059ec3d9
PH		 1874 }
1875 }
1876
1877 /* We now have the result, either newly found, or cached. If we are
1878 giving out error details, set a specific user error. This means that the
1879 last of these will be returned to the user if all three fail. We do not
1880 set a log message - the generic one below will be used. */
1881
fe5b5d0b 1882 if (new_ok != OK)
059ec3d9 1883 {
8e669ac1 1884 *verrno = vaddr->basic_errno;
fe5b5d0b
PH		 1885 if (smtp_return_error_details)
1886 {
1887 *user_msgptr = string_sprintf("Rejected after DATA: "
1888 "could not verify \"%.*s\" header address\n%s: %s",
1889 endname - h->text, h->text, vaddr->address, vaddr->message);
1890 }
8e669ac1 1891 }
059ec3d9
PH		 1892
1893 /* Success or defer */
1894
1eccaa59
PH		 1895 if (new_ok == OK)
1896 {
1897 yield = OK;
1898 done = TRUE;
1899 break;
1900 }
1901
059ec3d9
PH		 1902 if (new_ok == DEFER) yield = DEFER;
1903
1904 /* Move on to any more addresses in the header */
1905
1906 s = ss;
1eccaa59
PH		 1907 } /* Next address */
1908
1909 parse_allow_group = FALSE;
1910 parse_found_group = FALSE;
1911 } /* Next header, unless done */
1912 } /* Next header type unless done */
059ec3d9
PH		 1913
1914if (yield == FAIL && *log_msgptr == NULL)
1915 *log_msgptr = US"there is no valid sender in any header line";
1916
1917if (yield == DEFER && *log_msgptr == NULL)
1918 *log_msgptr = US"all attempts to verify a sender in a header line deferred";
1919
1920return yield;
1921}
1922
1923
1924
1925
1926/*************************************************
1927* Get RFC 1413 identification *
1928*************************************************/
1929
1930/* Attempt to get an id from the sending machine via the RFC 1413 protocol. If
1931the timeout is set to zero, then the query is not done. There may also be lists
1932of hosts and nets which are exempt. To guard against malefactors sending
1933non-printing characters which could, for example, disrupt a message's headers,
1934make sure the string consists of printing characters only.
1935
1936Argument:
1937 port the port to connect to; usually this is IDENT_PORT (113), but when
1938 running in the test harness with -bh a different value is used.
1939
1940Returns: nothing
1941
1942Side effect: any received ident value is put in sender_ident (NULL otherwise)
1943*/
1944
1945void
1946verify_get_ident(int port)
1947{
1948int sock, host_af, qlen;
1949int received_sender_port, received_interface_port, n;
1950uschar *p;
1951uschar buffer[2048];
1952
1953/* Default is no ident. Check whether we want to do an ident check for this
1954host. */
1955
1956sender_ident = NULL;
1957if (rfc1413_query_timeout <= 0 || verify_check_host(&rfc1413_hosts) != OK)
1958 return;
1959
1960DEBUG(D_ident) debug_printf("doing ident callback\n");
1961
1962/* Set up a connection to the ident port of the remote host. Bind the local end
1963to the incoming interface address. If the sender host address is an IPv6
1964address, the incoming interface address will also be IPv6. */
1965
1966host_af = (Ustrchr(sender_host_address, ':') == NULL)? AF_INET : AF_INET6;
1967sock = ip_socket(SOCK_STREAM, host_af);
1968if (sock < 0) return;
1969
1970if (ip_bind(sock, host_af, interface_address, 0) < 0)
1971 {
1972 DEBUG(D_ident) debug_printf("bind socket for ident failed: %s\n",
1973 strerror(errno));
1974 goto END_OFF;
1975 }
1976
1977if (ip_connect(sock, host_af, sender_host_address, port, rfc1413_query_timeout)
1978 < 0)
1979 {
1980 if (errno == ETIMEDOUT && (log_extra_selector & LX_ident_timeout) != 0)
1981 {
1982 log_write(0, LOG_MAIN, "ident connection to %s timed out",
1983 sender_host_address);
1984 }
1985 else
1986 {
1987 DEBUG(D_ident) debug_printf("ident connection to %s failed: %s\n",
1988 sender_host_address, strerror(errno));
1989 }
1990 goto END_OFF;
1991 }
1992
1993/* Construct and send the query. */
1994
1995sprintf(CS buffer, "%d , %d\r\n", sender_host_port, interface_port);
1996qlen = Ustrlen(buffer);
1997if (send(sock, buffer, qlen, 0) < 0)
1998 {
1999 DEBUG(D_ident) debug_printf("ident send failed: %s\n", strerror(errno));
2000 goto END_OFF;
2001 }
2002
2003/* Read a response line. We put it into the rest of the buffer, using several
2004recv() calls if necessary. */
2005
2006p = buffer + qlen;
2007
2008for (;;)
2009 {
2010 uschar *pp;
2011 int count;
2012 int size = sizeof(buffer) - (p - buffer);
2013
2014 if (size <= 0) goto END_OFF; /* Buffer filled without seeing \n. */
2015 count = ip_recv(sock, p, size, rfc1413_query_timeout);
2016 if (count <= 0) goto END_OFF; /* Read error or EOF */
2017
2018 /* Scan what we just read, to see if we have reached the terminating \r\n. Be
2019 generous, and accept a plain \n terminator as well. The only illegal
2020 character is 0. */
2021
2022 for (pp = p; pp < p + count; pp++)
2023 {
2024 if (*pp == 0) goto END_OFF; /* Zero octet not allowed */
2025 if (*pp == '\n')
2026 {
2027 if (pp[-1] == '\r') pp--;
2028 *pp = 0;
2029 goto GOT_DATA; /* Break out of both loops */
2030 }
2031 }
2032
2033 /* Reached the end of the data without finding \n. Let the loop continue to
2034 read some more, if there is room. */
2035
2036 p = pp;
2037 }
2038
2039GOT_DATA:
2040
2041/* We have received a line of data. Check it carefully. It must start with the
2042same two port numbers that we sent, followed by data as defined by the RFC. For
2043example,
2044
2045 12345 , 25 : USERID : UNIX :root
2046
2047However, the amount of white space may be different to what we sent. In the
2048"osname" field there may be several sub-fields, comma separated. The data we
2049actually want to save follows the third colon. Some systems put leading spaces
2050in it - we discard those. */
2051
2052if (sscanf(CS buffer + qlen, "%d , %d%n", &received_sender_port,
2053 &received_interface_port, &n) != 2 ||
2054 received_sender_port != sender_host_port ||
2055 received_interface_port != interface_port)
2056 goto END_OFF;
2057
2058p = buffer + qlen + n;
2059while(isspace(*p)) p++;
2060if (*p++ != ':') goto END_OFF;
2061while(isspace(*p)) p++;
2062if (Ustrncmp(p, "USERID", 6) != 0) goto END_OFF;
2063p += 6;
2064while(isspace(*p)) p++;
2065if (*p++ != ':') goto END_OFF;
2066while (*p != 0 && *p != ':') p++;
2067if (*p++ == 0) goto END_OFF;
2068while(isspace(*p)) p++;
2069if (*p == 0) goto END_OFF;
2070
2071/* The rest of the line is the data we want. We turn it into printing
2072characters when we save it, so that it cannot mess up the format of any logging
2073or Received: lines into which it gets inserted. We keep a maximum of 127
2074characters. */
2075
2076sender_ident = string_printing(string_copyn(p, 127));
2077DEBUG(D_ident) debug_printf("sender_ident = %s\n", sender_ident);
2078
2079END_OFF:
f1e894f3 2080(void)close(sock);
059ec3d9
PH		 2081return;
2082}
2083
2084
2085
2086
2087/*************************************************
2088* Match host to a single host-list item *
2089*************************************************/
2090
2091/* This function compares a host (name or address) against a single item
2092from a host list. The host name gets looked up if it is needed and is not
2093already known. The function is called from verify_check_this_host() via
2094match_check_list(), which is why most of its arguments are in a single block.
2095
2096Arguments:
2097 arg the argument block (see below)
2098 ss the host-list item
2099 valueptr where to pass back looked up data, or NULL
2100 error for error message when returning ERROR
2101
2102The block contains:
32d668a5
PH		 2103 host_name (a) the host name, or
2104 (b) NULL, implying use sender_host_name and
2105 sender_host_aliases, looking them up if required, or
2106 (c) the empty string, meaning that only IP address matches
2107 are permitted
059ec3d9
PH		 2108 host_address the host address
2109 host_ipv4 the IPv4 address taken from an IPv6 one
2110
2111Returns: OK matched
2112 FAIL did not match
2113 DEFER lookup deferred
32d668a5
PH		 2114 ERROR (a) failed to find the host name or IP address, or
2115 (b) unknown lookup type specified, or
2116 (c) host name encountered when only IP addresses are
2117 being matched
059ec3d9
PH		 2118*/
2119
32d668a5 2120int
059ec3d9
PH		 2121check_host(void *arg, uschar *ss, uschar **valueptr, uschar **error)
2122{
2123check_host_block *cb = (check_host_block *)arg;
32d668a5 2124int mlen = -1;
059ec3d9 2125int maskoffset;
32d668a5 2126BOOL iplookup = FALSE;
059ec3d9 2127BOOL isquery = FALSE;
32d668a5 2128BOOL isiponly = cb->host_name != NULL && cb->host_name[0] == 0;
1688f43b 2129uschar *t;
32d668a5 2130uschar *semicolon;
059ec3d9
PH		 2131uschar **aliases;
2132
2133/* Optimize for the special case when the pattern is "*". */
2134
2135if (*ss == '*' && ss[1] == 0) return OK;
2136
2137/* If the pattern is empty, it matches only in the case when there is no host -
2138this can occur in ACL checking for SMTP input using the -bs option. In this
2139situation, the host address is the empty string. */
2140
2141if (cb->host_address[0] == 0) return (*ss == 0)? OK : FAIL;
2142if (*ss == 0) return FAIL;
2143
32d668a5
PH		 2144/* If the pattern is precisely "@" then match against the primary host name,
2145provided that host name matching is permitted; if it's "@[]" match against the
2146local host's IP addresses. */
059ec3d9
PH		 2147
2148if (*ss == '@')
2149 {
32d668a5
PH		 2150 if (ss[1] == 0)
2151 {
2152 if (isiponly) return ERROR;
2153 ss = primary_hostname;
2154 }
059ec3d9
PH		 2155 else if (Ustrcmp(ss, "@[]") == 0)
2156 {
2157 ip_address_item *ip;
2158 for (ip = host_find_interfaces(); ip != NULL; ip = ip->next)
2159 if (Ustrcmp(ip->address, cb->host_address) == 0) return OK;
2160 return FAIL;
2161 }
2162 }
2163
2164/* If the pattern is an IP address, optionally followed by a bitmask count, do
2165a (possibly masked) comparision with the current IP address. */
2166
7e66e54d 2167if (string_is_ip_address(ss, &maskoffset) != 0)
059ec3d9
PH		 2168 return (host_is_in_net(cb->host_address, ss, maskoffset)? OK : FAIL);
2169
1688f43b
PH		 2170/* The pattern is not an IP address. A common error that people make is to omit
2171one component of an IPv4 address, either by accident, or believing that, for
2172example, 1.2.3/24 is the same as 1.2.3.0/24, or 1.2.3 is the same as 1.2.3.0,
2173which it isn't. (Those applications that do accept 1.2.3 as an IP address
2174interpret it as 1.2.0.3 because the final component becomes 16-bit - this is an
2175ancient specification.) To aid in debugging these cases, we give a specific
2176error if the pattern contains only digits and dots or contains a slash preceded
2177only by digits and dots (a slash at the start indicates a file name and of
2178course slashes may be present in lookups, but not preceded only by digits and
2179dots). */
2180
2181for (t = ss; isdigit(*t) || *t == '.'; t++);
2182if (*t == 0 || (*t == '/' && t != ss))
2183 {
2184 *error = US"malformed IPv4 address or address mask";
2185 return ERROR;
2186 }
2187
32d668a5 2188/* See if there is a semicolon in the pattern */
059ec3d9 2189
32d668a5
PH		 2190semicolon = Ustrchr(ss, ';');
2191
2192/* If we are doing an IP address only match, then all lookups must be IP
df199fec 2193address lookups, even if there is no "net-". */
32d668a5
PH		 2194
2195if (isiponly)
059ec3d9 2196 {
32d668a5
PH		 2197 iplookup = semicolon != NULL;
2198 }
059ec3d9 2199
32d668a5 2200/* Otherwise, if the item is of the form net[n]-lookup;<file|query> then it is
df199fec
PH		 2201a lookup on a masked IP network, in textual form. We obey this code even if we
2202have already set iplookup, so as to skip over the "net-" prefix and to set the
2203mask length. The net- stuff really only applies to single-key lookups where the
2204key is implicit. For query-style lookups the key is specified in the query.
2205From release 4.30, the use of net- for query style is no longer needed, but we
2206retain it for backward compatibility. */
2207
2208if (Ustrncmp(ss, "net", 3) == 0 && semicolon != NULL)
32d668a5
PH		 2209 {
2210 mlen = 0;
2211 for (t = ss + 3; isdigit(*t); t++) mlen = mlen * 10 + *t - '0';
2212 if (mlen == 0 && t == ss+3) mlen = -1; /* No mask supplied */
2213 iplookup = (*t++ == '-');
2214 }
1688f43b 2215else t = ss;
059ec3d9 2216
32d668a5 2217/* Do the IP address lookup if that is indeed what we have */
059ec3d9 2218
32d668a5
PH		 2219if (iplookup)
2220 {
2221 int insize;
2222 int search_type;
2223 int incoming[4];
2224 void *handle;
2225 uschar *filename, *key, *result;
2226 uschar buffer[64];
059ec3d9 2227
32d668a5 2228 /* Find the search type */
059ec3d9 2229
32d668a5 2230 search_type = search_findtype(t, semicolon - t);
059ec3d9 2231
32d668a5
PH		 2232 if (search_type < 0) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s",
2233 search_error_message);
059ec3d9 2234
13b685f9
PH		 2235 /* Adjust parameters for the type of lookup. For a query-style lookup, there
2236 is no file name, and the "key" is just the query. For query-style with a file
2237 name, we have to fish the file off the start of the query. For a single-key
2238 lookup, the key is the current IP address, masked appropriately, and
2239 reconverted to text form, with the mask appended. For IPv6 addresses, specify
6a3bceb1
PH		 2240 dot separators instead of colons, except when the lookup type is "iplsearch".
2241 */
059ec3d9 2242
13b685f9
PH		 2243 if (mac_islookup(search_type, lookup_absfilequery))
2244 {
2245 filename = semicolon + 1;
2246 key = filename;
2247 while (*key != 0 && !isspace(*key)) key++;
2248 filename = string_copyn(filename, key - filename);
2249 while (isspace(*key)) key++;
2250 }
2251 else if (mac_islookup(search_type, lookup_querystyle))
32d668a5
PH		 2252 {
2253 filename = NULL;
2254 key = semicolon + 1;
2255 }
6a3bceb1 2256 else /* Single-key style */
32d668a5 2257 {
e6d225ae 2258 int sep = (Ustrcmp(lookup_list[search_type]->name, "iplsearch") == 0)?
6a3bceb1 2259 ':' : '.';
32d668a5
PH		 2260 insize = host_aton(cb->host_address, incoming);
2261 host_mask(insize, incoming, mlen);
6a3bceb1 2262 (void)host_nmtoa(insize, incoming, mlen, buffer, sep);
32d668a5
PH		 2263 key = buffer;
2264 filename = semicolon + 1;
059ec3d9 2265 }
32d668a5
PH		 2266
2267 /* Now do the actual lookup; note that there is no search_close() because
2268 of the caching arrangements. */
2269
2270 handle = search_open(filename, search_type, 0, NULL, NULL);
2271 if (handle == NULL) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s",
2272 search_error_message);
2273 result = search_find(handle, filename, key, -1, NULL, 0, 0, NULL);
2274 if (valueptr != NULL) *valueptr = result;
2275 return (result != NULL)? OK : search_find_defer? DEFER: FAIL;
059ec3d9
PH		 2276 }
2277
2278/* The pattern is not an IP address or network reference of any kind. That is,
32d668a5
PH		 2279it is a host name pattern. If this is an IP only match, there's an error in the
2280host list. */
2281
2282if (isiponly)
2283 {
2284 *error = US"cannot match host name in match_ip list";
2285 return ERROR;
2286 }
2287
2288/* Check the characters of the pattern to see if they comprise only letters,
2289digits, full stops, and hyphens (the constituents of domain names). Allow
2290underscores, as they are all too commonly found. Sigh. Also, if
2291allow_utf8_domains is set, allow top-bit characters. */
059ec3d9
PH		 2292
2293for (t = ss; *t != 0; t++)
2294 if (!isalnum(*t) && *t != '.' && *t != '-' && *t != '_' &&
2295 (!allow_utf8_domains || *t < 128)) break;
2296
2297/* If the pattern is a complete domain name, with no fancy characters, look up
2298its IP address and match against that. Note that a multi-homed host will add
2299items to the chain. */
2300
2301if (*t == 0)
2302 {
2303 int rc;
2304 host_item h;
2305 h.next = NULL;
2306 h.name = ss;
2307 h.address = NULL;
2308 h.mx = MX_NONE;
9b8fadde 2309
322050c2 2310 rc = host_find_byname(&h, NULL, HOST_FIND_QUALIFY_SINGLE, NULL, FALSE);
059ec3d9
PH		 2311 if (rc == HOST_FOUND || rc == HOST_FOUND_LOCAL)
2312 {
2313 host_item *hh;
2314 for (hh = &h; hh != NULL; hh = hh->next)
2315 {
96776534 2316 if (host_is_in_net(hh->address, cb->host_address, 0)) return OK;
059ec3d9
PH		 2317 }
2318 return FAIL;
2319 }
2320 if (rc == HOST_FIND_AGAIN) return DEFER;
2321 *error = string_sprintf("failed to find IP address for %s", ss);
2322 return ERROR;
2323 }
2324
2325/* Almost all subsequent comparisons require the host name, and can be done
2326using the general string matching function. When this function is called for
2327outgoing hosts, the name is always given explicitly. If it is NULL, it means we
2328must use sender_host_name and its aliases, looking them up if necessary. */
2329
2330if (cb->host_name != NULL) /* Explicit host name given */
2331 return match_check_string(cb->host_name, ss, -1, TRUE, TRUE, TRUE,
2332 valueptr);
2333
2334/* Host name not given; in principle we need the sender host name and its
2335aliases. However, for query-style lookups, we do not need the name if the
2336query does not contain $sender_host_name. From release 4.23, a reference to
2337$sender_host_name causes it to be looked up, so we don't need to do the lookup
2338on spec. */
2339
2340if ((semicolon = Ustrchr(ss, ';')) != NULL)
2341 {
2342 uschar *affix;
2343 int partial, affixlen, starflags, id;
2344
2345 *semicolon = 0;
2346 id = search_findtype_partial(ss, &partial, &affix, &affixlen, &starflags);
2347 *semicolon=';';
2348
2349 if (id < 0) /* Unknown lookup type */
2350 {
2351 log_write(0, LOG_MAIN|LOG_PANIC, "%s in host list item \"%s\"",
2352 search_error_message, ss);
2353 return DEFER;
2354 }
13b685f9 2355 isquery = mac_islookup(id, lookup_querystyle|lookup_absfilequery);
059ec3d9
PH		 2356 }
2357
2358if (isquery)
2359 {
2360 switch(match_check_string(US"", ss, -1, TRUE, TRUE, TRUE, valueptr))
2361 {
2362 case OK: return OK;
2363 case DEFER: return DEFER;
2364 default: return FAIL;
2365 }
2366 }
2367
2368/* Not a query-style lookup; must ensure the host name is present, and then we
2369do a check on the name and all its aliases. */
2370
2371if (sender_host_name == NULL)
2372 {
2373 HDEBUG(D_host_lookup)
2374 debug_printf("sender host name required, to match against %s\n", ss);
2375 if (host_lookup_failed || host_name_lookup() != OK)
2376 {
2377 *error = string_sprintf("failed to find host name for %s",
2378 sender_host_address);;
2379 return ERROR;
2380 }
2381 host_build_sender_fullhost();
2382 }
2383
2384/* Match on the sender host name, using the general matching function */
2385
2386switch(match_check_string(sender_host_name, ss, -1, TRUE, TRUE, TRUE,
2387 valueptr))
2388 {
2389 case OK: return OK;
2390 case DEFER: return DEFER;
2391 }
2392
2393/* If there are aliases, try matching on them. */
2394
2395aliases = sender_host_aliases;
2396while (*aliases != NULL)
2397 {
2398 switch(match_check_string(*aliases++, ss, -1, TRUE, TRUE, TRUE, valueptr))
2399 {
2400 case OK: return OK;
2401 case DEFER: return DEFER;
2402 }
2403 }
2404return FAIL;
2405}
2406
2407
2408
2409
2410/*************************************************
2411* Check a specific host matches a host list *
2412*************************************************/
2413
2414/* This function is passed a host list containing items in a number of
2415different formats and the identity of a host. Its job is to determine whether
2416the given host is in the set of hosts defined by the list. The host name is
2417passed as a pointer so that it can be looked up if needed and not already
2418known. This is commonly the case when called from verify_check_host() to check
2419an incoming connection. When called from elsewhere the host name should usually
2420be set.
2421
2422This function is now just a front end to match_check_list(), which runs common
2423code for scanning a list. We pass it the check_host() function to perform a
2424single test.
2425
2426Arguments:
2427 listptr pointer to the host list
2428 cache_bits pointer to cache for named lists, or NULL
2429 host_name the host name or NULL, implying use sender_host_name and
2430 sender_host_aliases, looking them up if required
2431 host_address the IP address
2432 valueptr if not NULL, data from a lookup is passed back here
2433
2434Returns: OK if the host is in the defined set
2435 FAIL if the host is not in the defined set,
2436 DEFER if a data lookup deferred (not a host lookup)
2437
2438If the host name was needed in order to make a comparison, and could not be
2439determined from the IP address, the result is FAIL unless the item
2440"+allow_unknown" was met earlier in the list, in which case OK is returned. */
2441
2442int
2443verify_check_this_host(uschar **listptr, unsigned int *cache_bits,
2444 uschar *host_name, uschar *host_address, uschar **valueptr)
2445{
d4eb88df 2446int rc;
059ec3d9 2447unsigned int *local_cache_bits = cache_bits;
d4eb88df 2448uschar *save_host_address = deliver_host_address;
059ec3d9
PH		 2449check_host_block cb;
2450cb.host_name = host_name;
2451cb.host_address = host_address;
2452
2453if (valueptr != NULL) *valueptr = NULL;
2454
2455/* If the host address starts off ::ffff: it is an IPv6 address in
2456IPv4-compatible mode. Find the IPv4 part for checking against IPv4
2457addresses. */
2458
2459cb.host_ipv4 = (Ustrncmp(host_address, "::ffff:", 7) == 0)?
2460 host_address + 7 : host_address;
2461
8e669ac1
PH		 2462/* During the running of the check, put the IP address into $host_address. In
2463the case of calls from the smtp transport, it will already be there. However,
2464in other calls (e.g. when testing ignore_target_hosts), it won't. Just to be on
d4eb88df
PH		 2465the safe side, any existing setting is preserved, though as I write this
2466(November 2004) I can't see any cases where it is actually needed. */
2467
2468deliver_host_address = host_address;
2469rc = match_check_list(
2470 listptr, /* the list */
2471 0, /* separator character */
2472 &hostlist_anchor, /* anchor pointer */
2473 &local_cache_bits, /* cache pointer */
2474 check_host, /* function for testing */
2475 &cb, /* argument for function */
2476 MCL_HOST, /* type of check */
8e669ac1 2477 (host_address == sender_host_address)?
d4eb88df
PH		 2478 US"host" : host_address, /* text for debugging */
2479 valueptr); /* where to pass back data */
2480deliver_host_address = save_host_address;
8e669ac1 2481return rc;
059ec3d9
PH		 2482}
2483
2484
2485
2486
2487/*************************************************
2488* Check the remote host matches a list *
2489*************************************************/
2490
2491/* This is a front end to verify_check_this_host(), created because checking
2492the remote host is a common occurrence. With luck, a good compiler will spot
2493the tail recursion and optimize it. If there's no host address, this is
2494command-line SMTP input - check against an empty string for the address.
2495
2496Arguments:
2497 listptr pointer to the host list
2498
2499Returns: the yield of verify_check_this_host(),
2500 i.e. OK, FAIL, or DEFER
2501*/
2502
2503int
2504verify_check_host(uschar **listptr)
2505{
2506return verify_check_this_host(listptr, sender_host_cache, NULL,
2507 (sender_host_address == NULL)? US"" : sender_host_address, NULL);
2508}
2509
2510
2511
2512
2513
2514/*************************************************
83e029d5 2515* Invert an IP address *
059ec3d9
PH		 2516*************************************************/
2517
83e029d5
PP		 2518/* Originally just used for DNS xBL lists, now also used for the
2519reverse_ip expansion operator.
2520
059ec3d9
PH		 2521Arguments:
2522 buffer where to put the answer
2523 address the address to invert
2524*/
2525
83e029d5 2526void
059ec3d9
PH		 2527invert_address(uschar *buffer, uschar *address)
2528{
2529int bin[4];
2530uschar *bptr = buffer;
2531
2532/* If this is an IPv4 address mapped into IPv6 format, adjust the pointer
2533to the IPv4 part only. */
2534
2535if (Ustrncmp(address, "::ffff:", 7) == 0) address += 7;
2536
2537/* Handle IPv4 address: when HAVE_IPV6 is false, the result of host_aton() is
2538always 1. */
2539
2540if (host_aton(address, bin) == 1)
2541 {
2542 int i;
2543 int x = bin[0];
2544 for (i = 0; i < 4; i++)
2545 {
2546 sprintf(CS bptr, "%d.", x & 255);
2547 while (*bptr) bptr++;
2548 x >>= 8;
2549 }
2550 }
2551
2552/* Handle IPv6 address. Actually, as far as I know, there are no IPv6 addresses
2553in any DNS black lists, and the format in which they will be looked up is
2554unknown. This is just a guess. */
2555
2556#if HAVE_IPV6
2557else
2558 {
2559 int i, j;
2560 for (j = 3; j >= 0; j--)
2561 {
2562 int x = bin[j];
2563 for (i = 0; i < 8; i++)
2564 {
2565 sprintf(CS bptr, "%x.", x & 15);
2566 while (*bptr) bptr++;
2567 x >>= 4;
2568 }
2569 }
2570 }
2571#endif
d6f6e0dc
PH		 2572
2573/* Remove trailing period -- this is needed so that both arbitrary
2574dnsbl keydomains and inverted addresses may be combined with the
2575same format string, "%s.%s" */
2576
2577*(--bptr) = 0;
059ec3d9
PH		 2578}
2579
2580
2581
0bcb2a0e
PH		 2582/*************************************************
2583* Perform a single dnsbl lookup *
2584*************************************************/
2585
d6f6e0dc
PH		 2586/* This function is called from verify_check_dnsbl() below. It is also called
2587recursively from within itself when domain and domain_txt are different
2588pointers, in order to get the TXT record from the alternate domain.
0bcb2a0e
PH		 2589
2590Arguments:
d6f6e0dc
PH		 2591 domain the outer dnsbl domain
2592 domain_txt alternate domain to lookup TXT record on success; when the
2593 same domain is to be used, domain_txt == domain (that is,
2594 the pointers must be identical, not just the text)
8e669ac1 2595 keydomain the current keydomain (for debug message)
d6f6e0dc
PH		 2596 prepend subdomain to lookup (like keydomain, but
2597 reversed if IP address)
2598 iplist the list of matching IP addresses, or NULL for "any"
8e669ac1 2599 bitmask true if bitmask matching is wanted
431b7361
PH		 2600 match_type condition for 'succeed' result
2601 0 => Any RR in iplist (=)
2602 1 => No RR in iplist (!=)
2603 2 => All RRs in iplist (==)
2604 3 => Some RRs not in iplist (!==)
2605 the two bits are defined as MT_NOT and MT_ALL
8e669ac1 2606 defer_return what to return for a defer
0bcb2a0e
PH		 2607
2608Returns: OK if lookup succeeded
2609 FAIL if not
2610*/
2611
2612static int
d6f6e0dc 2613one_check_dnsbl(uschar *domain, uschar *domain_txt, uschar *keydomain,
431b7361 2614 uschar *prepend, uschar *iplist, BOOL bitmask, int match_type,
d6f6e0dc 2615 int defer_return)
8e669ac1 2616{
0bcb2a0e
PH		 2617dns_answer dnsa;
2618dns_scan dnss;
2619tree_node *t;
2620dnsbl_cache_block *cb;
2621int old_pool = store_pool;
d6f6e0dc
PH		 2622uschar query[256]; /* DNS domain max length */
2623
2624/* Construct the specific query domainname */
2625
2626if (!string_format(query, sizeof(query), "%s.%s", prepend, domain))
2627 {
2628 log_write(0, LOG_MAIN|LOG_PANIC, "dnslist query is too long "
2629 "(ignored): %s...", query);
2630 return FAIL;
2631 }
0bcb2a0e
PH		 2632
2633/* Look for this query in the cache. */
2634
2635t = tree_search(dnsbl_cache, query);
2636
2637/* If not cached from a previous lookup, we must do a DNS lookup, and
2638cache the result in permanent memory. */
2639
2640if (t == NULL)
2641 {
2642 store_pool = POOL_PERM;
2643
2644 /* Set up a tree entry to cache the lookup */
2645
2646 t = store_get(sizeof(tree_node) + Ustrlen(query));
2647 Ustrcpy(t->name, query);
2648 t->data.ptr = cb = store_get(sizeof(dnsbl_cache_block));
2649 (void)tree_insertnode(&dnsbl_cache, t);
2650
2651 /* Do the DNS loopup . */
2652
2653 HDEBUG(D_dnsbl) debug_printf("new DNS lookup for %s\n", query);
2654 cb->rc = dns_basic_lookup(&dnsa, query, T_A);
2655 cb->text_set = FALSE;
2656 cb->text = NULL;
2657 cb->rhs = NULL;
2658
2659 /* If the lookup succeeded, cache the RHS address. The code allows for
2660 more than one address - this was for complete generality and the possible
2661 use of A6 records. However, A6 records have been reduced to experimental
2662 status (August 2001) and may die out. So they may never get used at all,
2663 let alone in dnsbl records. However, leave the code here, just in case.
2664
2665 Quite apart from one A6 RR generating multiple addresses, there are DNS
2666 lists that return more than one A record, so we must handle multiple
2667 addresses generated in that way as well. */
2668
2669 if (cb->rc == DNS_SUCCEED)
2670 {
2671 dns_record *rr;
2672 dns_address **addrp = &(cb->rhs);
2673 for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);
2674 rr != NULL;
2675 rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT))
2676 {
2677 if (rr->type == T_A)
2678 {
2679 dns_address *da = dns_address_from_rr(&dnsa, rr);
2680 if (da != NULL)
2681 {
2682 *addrp = da;
2683 while (da->next != NULL) da = da->next;
2684 addrp = &(da->next);
2685 }
2686 }
2687 }
2688
2689 /* If we didn't find any A records, change the return code. This can
2690 happen when there is a CNAME record but there are no A records for what
2691 it points to. */
2692
2693 if (cb->rhs == NULL) cb->rc = DNS_NODATA;
2694 }
2695
2696 store_pool = old_pool;
2697 }
2698
2699/* Previous lookup was cached */
2700
2701else
2702 {
2703 HDEBUG(D_dnsbl) debug_printf("using result of previous DNS lookup\n");
2704 cb = t->data.ptr;
2705 }
2706
2707/* We now have the result of the DNS lookup, either newly done, or cached
2708from a previous call. If the lookup succeeded, check against the address
2709list if there is one. This may be a positive equality list (introduced by
2710"="), a negative equality list (introduced by "!="), a positive bitmask
2711list (introduced by "&"), or a negative bitmask list (introduced by "!&").*/
2712
2713if (cb->rc == DNS_SUCCEED)
2714 {
2715 dns_address *da = NULL;
2716 uschar *addlist = cb->rhs->address;
2717
2718 /* For A and AAAA records, there may be multiple addresses from multiple
2719 records. For A6 records (currently not expected to be used) there may be
2720 multiple addresses from a single record. */
2721
2722 for (da = cb->rhs->next; da != NULL; da = da->next)
2723 addlist = string_sprintf("%s, %s", addlist, da->address);
2724
2725 HDEBUG(D_dnsbl) debug_printf("DNS lookup for %s succeeded (yielding %s)\n",
2726 query, addlist);
2727
2728 /* Address list check; this can be either for equality, or via a bitmask.
2729 In the latter case, all the bits must match. */
2730
2731 if (iplist != NULL)
2732 {
431b7361 2733 for (da = cb->rhs; da != NULL; da = da->next)
0bcb2a0e 2734 {
431b7361
PH		 2735 int ipsep = ',';
2736 uschar ip[46];
2737 uschar *ptr = iplist;
2738 uschar *res;
2739
0bcb2a0e 2740 /* Handle exact matching */
431b7361 2741
0bcb2a0e
PH		 2742 if (!bitmask)
2743 {
431b7361 2744 while ((res = string_nextinlist(&ptr, &ipsep, ip, sizeof(ip))) != NULL)
0bcb2a0e
PH		 2745 {
2746 if (Ustrcmp(CS da->address, ip) == 0) break;
2747 }
2748 }
431b7361 2749
0bcb2a0e 2750 /* Handle bitmask matching */
431b7361 2751
0bcb2a0e
PH		 2752 else
2753 {
2754 int address[4];
2755 int mask = 0;
2756
2757 /* At present, all known DNS blocking lists use A records, with
2758 IPv4 addresses on the RHS encoding the information they return. I
2759 wonder if this will linger on as the last vestige of IPv4 when IPv6
2760 is ubiquitous? Anyway, for now we use paranoia code to completely
2761 ignore IPv6 addresses. The default mask is 0, which always matches.
2762 We change this only for IPv4 addresses in the list. */
2763
431b7361 2764 if (host_aton(da->address, address) == 1) mask = address[0];
0bcb2a0e
PH		 2765
2766 /* Scan the returned addresses, skipping any that are IPv6 */
2767
431b7361 2768 while ((res = string_nextinlist(&ptr, &ipsep, ip, sizeof(ip))) != NULL)
0bcb2a0e 2769 {
431b7361
PH		 2770 if (host_aton(ip, address) != 1) continue;
2771 if ((address[0] & mask) == address[0]) break;
0bcb2a0e
PH		 2772 }
2773 }
2774
431b7361
PH		 2775 /* If either
2776
2777 (a) An IP address in an any ('=') list matched, or
2778 (b) No IP address in an all ('==') list matched
0bcb2a0e 2779
431b7361
PH		 2780 then we're done searching. */
2781
2782 if (((match_type & MT_ALL) != 0) == (res == NULL)) break;
0bcb2a0e
PH		 2783 }
2784
431b7361 2785 /* If da == NULL, either
0bcb2a0e 2786
431b7361
PH		 2787 (a) No IP address in an any ('=') list matched, or
2788 (b) An IP address in an all ('==') list didn't match
0bcb2a0e 2789
431b7361
PH		 2790 so behave as if the DNSBL lookup had not succeeded, i.e. the host is not on
2791 the list. */
0bcb2a0e 2792
431b7361 2793 if ((match_type == MT_NOT || match_type == MT_ALL) != (da == NULL))
0bcb2a0e
PH		 2794 {
2795 HDEBUG(D_dnsbl)
2796 {
431b7361
PH		 2797 uschar *res = NULL;
2798 switch(match_type)
2799 {
2800 case 0:
2801 res = US"was no match";
2802 break;
2803 case MT_NOT:
2804 res = US"was an exclude match";
2805 break;
2806 case MT_ALL:
2807 res = US"was an IP address that did not match";
2808 break;
2809 case MT_NOT|MT_ALL:
2810 res = US"were no IP addresses that did not match";
2811 break;
2812 }
0bcb2a0e 2813 debug_printf("=> but we are not accepting this block class because\n");
431b7361
PH		 2814 debug_printf("=> there %s for %s%c%s\n",
2815 res,
2816 ((match_type & MT_ALL) == 0)? "" : "=",
2817 bitmask? '&' : '=', iplist);
0bcb2a0e 2818 }
8e669ac1 2819 return FAIL;
0bcb2a0e
PH		 2820 }
2821 }
2822
d6f6e0dc
PH		 2823 /* Either there was no IP list, or the record matched, implying that the
2824 domain is on the list. We now want to find a corresponding TXT record. If an
2825 alternate domain is specified for the TXT record, call this function
2826 recursively to look that up; this has the side effect of re-checking that
2827 there is indeed an A record at the alternate domain. */
2828
2829 if (domain_txt != domain)
2830 return one_check_dnsbl(domain_txt, domain_txt, keydomain, prepend, NULL,
431b7361 2831 FALSE, match_type, defer_return);
d6f6e0dc
PH		 2832
2833 /* If there is no alternate domain, look up a TXT record in the main domain
2834 if it has not previously been cached. */
0bcb2a0e
PH		 2835
2836 if (!cb->text_set)
2837 {
2838 cb->text_set = TRUE;
2839 if (dns_basic_lookup(&dnsa, query, T_TXT) == DNS_SUCCEED)
2840 {
2841 dns_record *rr;
2842 for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);
2843 rr != NULL;
2844 rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT))
2845 if (rr->type == T_TXT) break;
2846 if (rr != NULL)
2847 {
2848 int len = (rr->data)[0];
2849 if (len > 511) len = 127;
2850 store_pool = POOL_PERM;
2851 cb->text = string_sprintf("%.*s", len, (const uschar *)(rr->data+1));
2852 store_pool = old_pool;
2853 }
2854 }
2855 }
2856
2857 dnslist_value = addlist;
2858 dnslist_text = cb->text;
2859 return OK;
2860 }
2861
2862/* There was a problem with the DNS lookup */
2863
2864if (cb->rc != DNS_NOMATCH && cb->rc != DNS_NODATA)
2865 {
2866 log_write(L_dnslist_defer, LOG_MAIN,
2867 "DNS list lookup defer (probably timeout) for %s: %s", query,
2868 (defer_return == OK)? US"assumed in list" :
2869 (defer_return == FAIL)? US"assumed not in list" :
2870 US"returned DEFER");
2871 return defer_return;
2872 }
2873
2874/* No entry was found in the DNS; continue for next domain */
2875
2876HDEBUG(D_dnsbl)
2877 {
2878 debug_printf("DNS lookup for %s failed\n", query);
2879 debug_printf("=> that means %s is not listed at %s\n",
2880 keydomain, domain);
2881 }
2882
2883return FAIL;
2884}
2885
2886
2887
2888
059ec3d9
PH		 2889/*************************************************
2890* Check host against DNS black lists *
2891*************************************************/
2892
2893/* This function runs checks against a list of DNS black lists, until one
2894matches. Each item on the list can be of the form
2895
2896 domain=ip-address/key
2897
2898The domain is the right-most domain that is used for the query, for example,
2899blackholes.mail-abuse.org. If the IP address is present, there is a match only
2900if the DNS lookup returns a matching IP address. Several addresses may be
2901given, comma-separated, for example: x.y.z=127.0.0.1,127.0.0.2.
2902
2903If no key is given, what is looked up in the domain is the inverted IP address
2904of the current client host. If a key is given, it is used to construct the
d6f6e0dc 2905domain for the lookup. For example:
059ec3d9
PH		 2906
2907 dsn.rfc-ignorant.org/$sender_address_domain
2908
2909After finding a match in the DNS, the domain is placed in $dnslist_domain, and
2910then we check for a TXT record for an error message, and if found, save its
2911value in $dnslist_text. We also cache everything in a tree, to optimize
2912multiple lookups.
2913
d6f6e0dc
PH		 2914The TXT record is normally looked up in the same domain as the A record, but
2915when many lists are combined in a single DNS domain, this will not be a very
2916specific message. It is possible to specify a different domain for looking up
2917TXT records; this is given before the main domain, comma-separated. For
2918example:
2919
2920 dnslists = http.dnsbl.sorbs.net,dnsbl.sorbs.net=127.0.0.2 : \
2921 socks.dnsbl.sorbs.net,dnsbl.sorbs.net=127.0.0.3
2922
2923The caching ensures that only one lookup in dnsbl.sorbs.net is done.
2924
059ec3d9
PH		 2925Note: an address for testing RBL is 192.203.178.39
2926Note: an address for testing DUL is 192.203.178.4
2927Note: a domain for testing RFCI is example.tld.dsn.rfc-ignorant.org
2928
2929Arguments:
2930 listptr the domain/address/data list
2931
2932Returns: OK successful lookup (i.e. the address is on the list), or
2933 lookup deferred after +include_unknown
2934 FAIL name not found, or no data found for the given type, or
2935 lookup deferred after +exclude_unknown (default)
2936 DEFER lookup failure, if +defer_unknown was set
2937*/
2938
2939int
2940verify_check_dnsbl(uschar **listptr)
2941{
2942int sep = 0;
2943int defer_return = FAIL;
059ec3d9
PH		 2944uschar *list = *listptr;
2945uschar *domain;
2946uschar *s;
2947uschar buffer[1024];
059ec3d9
PH		 2948uschar revadd[128]; /* Long enough for IPv6 address */
2949
2950/* Indicate that the inverted IP address is not yet set up */
2951
2952revadd[0] = 0;
2953
0bcb2a0e
PH		 2954/* In case this is the first time the DNS resolver is being used. */
2955
2956dns_init(FALSE, FALSE);
2957
059ec3d9
PH		 2958/* Loop through all the domains supplied, until something matches */
2959
2960while ((domain = string_nextinlist(&list, &sep, buffer, sizeof(buffer))) != NULL)
2961 {
0bcb2a0e 2962 int rc;
059ec3d9 2963 BOOL bitmask = FALSE;
431b7361 2964 int match_type = 0;
d6f6e0dc
PH		 2965 uschar *domain_txt;
2966 uschar *comma;
059ec3d9
PH		 2967 uschar *iplist;
2968 uschar *key;
059ec3d9
PH		 2969
2970 HDEBUG(D_dnsbl) debug_printf("DNS list check: %s\n", domain);
2971
2972 /* Deal with special values that change the behaviour on defer */
2973
2974 if (domain[0] == '+')
2975 {
2976 if (strcmpic(domain, US"+include_unknown") == 0) defer_return = OK;
2977 else if (strcmpic(domain, US"+exclude_unknown") == 0) defer_return = FAIL;
2978 else if (strcmpic(domain, US"+defer_unknown") == 0) defer_return = DEFER;
2979 else
2980 log_write(0, LOG_MAIN|LOG_PANIC, "unknown item in dnslist (ignored): %s",
2981 domain);
2982 continue;
2983 }
2984
2985 /* See if there's explicit data to be looked up */
2986
2987 key = Ustrchr(domain, '/');
2988 if (key != NULL) *key++ = 0;
2989
2990 /* See if there's a list of addresses supplied after the domain name. This is
431b7361
PH		 2991 introduced by an = or a & character; if preceded by = we require all matches
2992 and if preceded by ! we invert the result. */
059ec3d9
PH		 2993
2994 iplist = Ustrchr(domain, '=');
2995 if (iplist == NULL)
2996 {
2997 bitmask = TRUE;
2998 iplist = Ustrchr(domain, '&');
2999 }
3000
431b7361 3001 if (iplist != NULL) /* Found either = or & */
059ec3d9 3002 {
431b7361 3003 if (iplist > domain && iplist[-1] == '!') /* Handle preceding ! */
059ec3d9 3004 {
431b7361 3005 match_type |= MT_NOT;
059ec3d9
PH		 3006 iplist[-1] = 0;
3007 }
431b7361
PH		 3008
3009 *iplist++ = 0; /* Terminate domain, move on */
3010
3011 /* If we found = (bitmask == FALSE), check for == or =& */
3012
3013 if (!bitmask && (*iplist == '=' || *iplist == '&'))
3014 {
3015 bitmask = *iplist++ == '&';
3016 match_type |= MT_ALL;
3017 }
059ec3d9
PH		 3018 }
3019
d6f6e0dc
PH		 3020 /* If there is a comma in the domain, it indicates that a second domain for
3021 looking up TXT records is provided, before the main domain. Otherwise we must
3022 set domain_txt == domain. */
3023
3024 domain_txt = domain;
3025 comma = Ustrchr(domain, ',');
3026 if (comma != NULL)
3027 {
3028 *comma++ = 0;
3029 domain = comma;
3030 }
3031
059ec3d9
PH		 3032 /* Check that what we have left is a sensible domain name. There is no reason
3033 why these domains should in fact use the same syntax as hosts and email
3034 domains, but in practice they seem to. However, there is little point in
3035 actually causing an error here, because that would no doubt hold up incoming
3036 mail. Instead, I'll just log it. */
3037
3038 for (s = domain; *s != 0; s++)
3039 {
09dcaba9 3040 if (!isalnum(*s) && *s != '-' && *s != '.' && *s != '_')
059ec3d9
PH		 3041 {
3042 log_write(0, LOG_MAIN, "dnslists domain \"%s\" contains "
3043 "strange characters - is this right?", domain);
3044 break;
3045 }
3046 }
3047
d6f6e0dc
PH		 3048 /* Check the alternate domain if present */
3049
3050 if (domain_txt != domain) for (s = domain_txt; *s != 0; s++)
3051 {
09dcaba9 3052 if (!isalnum(*s) && *s != '-' && *s != '.' && *s != '_')
d6f6e0dc
PH		 3053 {
3054 log_write(0, LOG_MAIN, "dnslists domain \"%s\" contains "
3055 "strange characters - is this right?", domain_txt);
3056 break;
3057 }
3058 }
3059
8e669ac1 3060 /* If there is no key string, construct the query by adding the domain name
0bcb2a0e 3061 onto the inverted host address, and perform a single DNS lookup. */
8e669ac1 3062
059ec3d9
PH		 3063 if (key == NULL)
3064 {
3065 if (sender_host_address == NULL) return FAIL; /* can never match */
3066 if (revadd[0] == 0) invert_address(revadd, sender_host_address);
d6f6e0dc 3067 rc = one_check_dnsbl(domain, domain_txt, sender_host_address, revadd,
431b7361 3068 iplist, bitmask, match_type, defer_return);
0bcb2a0e
PH		 3069 if (rc == OK)
3070 {
d6f6e0dc 3071 dnslist_domain = string_copy(domain_txt);
93655c46 3072 dnslist_matched = string_copy(sender_host_address);
8e669ac1 3073 HDEBUG(D_dnsbl) debug_printf("=> that means %s is listed at %s\n",
d6f6e0dc 3074 sender_host_address, dnslist_domain);
0bcb2a0e 3075 }
0bcb2a0e 3076 if (rc != FAIL) return rc; /* OK or DEFER */
059ec3d9 3077 }
8e669ac1
PH		 3078
3079 /* If there is a key string, it can be a list of domains or IP addresses to
0bcb2a0e 3080 be concatenated with the main domain. */
8e669ac1 3081
059ec3d9
PH		 3082 else
3083 {
0bcb2a0e 3084 int keysep = 0;
8e669ac1
PH		 3085 BOOL defer = FALSE;
3086 uschar *keydomain;
0bcb2a0e 3087 uschar keybuffer[256];
d6f6e0dc 3088 uschar keyrevadd[128];
8e669ac1
PH		 3089
3090 while ((keydomain = string_nextinlist(&key, &keysep, keybuffer,
0bcb2a0e 3091 sizeof(keybuffer))) != NULL)
8e669ac1 3092 {
d6f6e0dc
PH		 3093 uschar *prepend = keydomain;
3094
7e66e54d 3095 if (string_is_ip_address(keydomain, NULL) != 0)
059ec3d9 3096 {
0bcb2a0e 3097 invert_address(keyrevadd, keydomain);
d6f6e0dc 3098 prepend = keyrevadd;
059ec3d9 3099 }
8e669ac1 3100
d6f6e0dc 3101 rc = one_check_dnsbl(domain, domain_txt, keydomain, prepend, iplist,
431b7361 3102 bitmask, match_type, defer_return);
8e669ac1 3103
0bcb2a0e 3104 if (rc == OK)
059ec3d9 3105 {
d6f6e0dc 3106 dnslist_domain = string_copy(domain_txt);
93655c46 3107 dnslist_matched = string_copy(keydomain);
8e669ac1 3108 HDEBUG(D_dnsbl) debug_printf("=> that means %s is listed at %s\n",
d6f6e0dc 3109 keydomain, dnslist_domain);
8e669ac1 3110 return OK;
059ec3d9 3111 }
8e669ac1 3112
c38d6da9
PH		 3113 /* If the lookup deferred, remember this fact. We keep trying the rest
3114 of the list to see if we get a useful result, and if we don't, we return
3115 DEFER at the end. */
059ec3d9 3116
c38d6da9 3117 if (rc == DEFER) defer = TRUE;
0bcb2a0e 3118 } /* continue with next keystring domain/address */
c38d6da9
PH		 3119
3120 if (defer) return DEFER;
8e669ac1 3121 }
0bcb2a0e 3122 } /* continue with next dnsdb outer domain */
059ec3d9
PH		 3123
3124return FAIL;
3125}
3126
3127/* End of verify.c */
Unnamed repository; edit this file 'description' to name the repository.