Documentation correction to quote_mysql example. fixes: bug #766
[exim.git] / src / src / verify.c
CommitLineData
93655c46 1/* $Cambridge: exim/src/src/verify.c,v 1.51 2007/06/14 14:18:19 ph10 Exp $ */
059ec3d9
PH
2
3/*************************************************
4* Exim - an Internet mail transport agent *
5*************************************************/
6
184e8823 7/* Copyright (c) University of Cambridge 1995 - 2007 */
059ec3d9
PH
8/* See the file NOTICE for conditions of use and distribution. */
9
10/* Functions concerned with verifying things. The original code for callout
11caching was contributed by Kevin Fleming (but I hacked it around a bit). */
12
13
14#include "exim.h"
15
16
17/* Structure for caching DNSBL lookups */
18
19typedef struct dnsbl_cache_block {
20 dns_address *rhs;
21 uschar *text;
22 int rc;
23 BOOL text_set;
24} dnsbl_cache_block;
25
26
27/* Anchor for DNSBL cache */
28
29static tree_node *dnsbl_cache = NULL;
30
31
431b7361
PH
32/* Bits for match_type in one_check_dnsbl() */
33
34#define MT_NOT 1
35#define MT_ALL 2
36
37
059ec3d9
PH
38
39/*************************************************
40* Retrieve a callout cache record *
41*************************************************/
42
43/* If a record exists, check whether it has expired.
44
45Arguments:
46 dbm_file an open hints file
47 key the record key
48 type "address" or "domain"
49 positive_expire expire time for positive records
50 negative_expire expire time for negative records
51
52Returns: the cache record if a non-expired one exists, else NULL
53*/
54
55static dbdata_callout_cache *
56get_callout_cache_record(open_db *dbm_file, uschar *key, uschar *type,
57 int positive_expire, int negative_expire)
58{
59BOOL negative;
60int length, expire;
61time_t now;
62dbdata_callout_cache *cache_record;
63
64cache_record = dbfn_read_with_length(dbm_file, key, &length);
65
66if (cache_record == NULL)
67 {
68 HDEBUG(D_verify) debug_printf("callout cache: no %s record found\n", type);
69 return NULL;
70 }
71
72/* We treat a record as "negative" if its result field is not positive, or if
73it is a domain record and the postmaster field is negative. */
74
75negative = cache_record->result != ccache_accept ||
76 (type[0] == 'd' && cache_record->postmaster_result == ccache_reject);
77expire = negative? negative_expire : positive_expire;
78now = time(NULL);
79
80if (now - cache_record->time_stamp > expire)
81 {
82 HDEBUG(D_verify) debug_printf("callout cache: %s record expired\n", type);
83 return NULL;
84 }
85
86/* If this is a non-reject domain record, check for the obsolete format version
87that doesn't have the postmaster and random timestamps, by looking at the
88length. If so, copy it to a new-style block, replicating the record's
89timestamp. Then check the additional timestamps. (There's no point wasting
90effort if connections are rejected.) */
91
92if (type[0] == 'd' && cache_record->result != ccache_reject)
93 {
94 if (length == sizeof(dbdata_callout_cache_obs))
95 {
96 dbdata_callout_cache *new = store_get(sizeof(dbdata_callout_cache));
97 memcpy(new, cache_record, length);
98 new->postmaster_stamp = new->random_stamp = new->time_stamp;
99 cache_record = new;
100 }
101
102 if (now - cache_record->postmaster_stamp > expire)
103 cache_record->postmaster_result = ccache_unknown;
104
105 if (now - cache_record->random_stamp > expire)
106 cache_record->random_result = ccache_unknown;
107 }
108
109HDEBUG(D_verify) debug_printf("callout cache: found %s record\n", type);
110return cache_record;
111}
112
113
114
115/*************************************************
116* Do callout verification for an address *
117*************************************************/
118
119/* This function is called from verify_address() when the address has routed to
120a host list, and a callout has been requested. Callouts are expensive; that is
121why a cache is used to improve the efficiency.
122
123Arguments:
124 addr the address that's been routed
125 host_list the list of hosts to try
126 tf the transport feedback block
127
128 ifstring "interface" option from transport, or NULL
129 portstring "port" option from transport, or NULL
130 protocolstring "protocol" option from transport, or NULL
131 callout the per-command callout timeout
4deaf07d
PH
132 callout_overall the overall callout timeout (if < 0 use 4*callout)
133 callout_connect the callout connection timeout (if < 0 use callout)
059ec3d9
PH
134 options the verification options - these bits are used:
135 vopt_is_recipient => this is a recipient address
136 vopt_callout_no_cache => don't use callout cache
2a4be8f9 137 vopt_callout_fullpm => if postmaster check, do full one
059ec3d9
PH
138 vopt_callout_random => do the "random" thing
139 vopt_callout_recipsender => use real sender for recipient
140 vopt_callout_recippmaster => use postmaster for recipient
141 se_mailfrom MAIL FROM address for sender verify; NULL => ""
142 pm_mailfrom if non-NULL, do the postmaster check with this sender
143
144Returns: OK/FAIL/DEFER
145*/
146
147static int
148do_callout(address_item *addr, host_item *host_list, transport_feedback *tf,
8e669ac1 149 int callout, int callout_overall, int callout_connect, int options,
4deaf07d 150 uschar *se_mailfrom, uschar *pm_mailfrom)
059ec3d9
PH
151{
152BOOL is_recipient = (options & vopt_is_recipient) != 0;
153BOOL callout_no_cache = (options & vopt_callout_no_cache) != 0;
154BOOL callout_random = (options & vopt_callout_random) != 0;
155
156int yield = OK;
2b1c6e3a 157int old_domain_cache_result = ccache_accept;
059ec3d9
PH
158BOOL done = FALSE;
159uschar *address_key;
160uschar *from_address;
161uschar *random_local_part = NULL;
750af86e 162uschar *save_deliver_domain = deliver_domain;
8e669ac1 163uschar **failure_ptr = is_recipient?
2c7db3f5 164 &recipient_verify_failure : &sender_verify_failure;
059ec3d9
PH
165open_db dbblock;
166open_db *dbm_file = NULL;
167dbdata_callout_cache new_domain_record;
168dbdata_callout_cache_address new_address_record;
169host_item *host;
170time_t callout_start_time;
171
172new_domain_record.result = ccache_unknown;
173new_domain_record.postmaster_result = ccache_unknown;
174new_domain_record.random_result = ccache_unknown;
175
176memset(&new_address_record, 0, sizeof(new_address_record));
177
178/* For a recipient callout, the key used for the address cache record must
179include the sender address if we are using the real sender in the callout,
180because that may influence the result of the callout. */
181
182address_key = addr->address;
183from_address = US"";
184
185if (is_recipient)
186 {
187 if ((options & vopt_callout_recipsender) != 0)
188 {
189 address_key = string_sprintf("%s/<%s>", addr->address, sender_address);
190 from_address = sender_address;
191 }
192 else if ((options & vopt_callout_recippmaster) != 0)
193 {
194 address_key = string_sprintf("%s/<postmaster@%s>", addr->address,
195 qualify_domain_sender);
196 from_address = string_sprintf("postmaster@%s", qualify_domain_sender);
197 }
198 }
199
200/* For a sender callout, we must adjust the key if the mailfrom address is not
201empty. */
202
203else
204 {
205 from_address = (se_mailfrom == NULL)? US"" : se_mailfrom;
206 if (from_address[0] != 0)
207 address_key = string_sprintf("%s/<%s>", addr->address, from_address);
208 }
209
210/* Open the callout cache database, it it exists, for reading only at this
211stage, unless caching has been disabled. */
212
213if (callout_no_cache)
214 {
215 HDEBUG(D_verify) debug_printf("callout cache: disabled by no_cache\n");
216 }
217else if ((dbm_file = dbfn_open(US"callout", O_RDWR, &dbblock, FALSE)) == NULL)
218 {
219 HDEBUG(D_verify) debug_printf("callout cache: not available\n");
220 }
221
222/* If a cache database is available see if we can avoid the need to do an
223actual callout by making use of previously-obtained data. */
224
225if (dbm_file != NULL)
226 {
227 dbdata_callout_cache_address *cache_address_record;
228 dbdata_callout_cache *cache_record = get_callout_cache_record(dbm_file,
229 addr->domain, US"domain",
230 callout_cache_domain_positive_expire,
231 callout_cache_domain_negative_expire);
232
233 /* If an unexpired cache record was found for this domain, see if the callout
234 process can be short-circuited. */
235
236 if (cache_record != NULL)
237 {
2b1c6e3a
PH
238 /* In most cases, if an early command (up to and including MAIL FROM:<>)
239 was rejected, there is no point carrying on. The callout fails. However, if
240 we are doing a recipient verification with use_sender or use_postmaster
241 set, a previous failure of MAIL FROM:<> doesn't count, because this time we
242 will be using a non-empty sender. We have to remember this situation so as
243 not to disturb the cached domain value if this whole verification succeeds
244 (we don't want it turning into "accept"). */
245
246 old_domain_cache_result = cache_record->result;
247
248 if (cache_record->result == ccache_reject ||
249 (*from_address == 0 && cache_record->result == ccache_reject_mfnull))
059ec3d9
PH
250 {
251 setflag(addr, af_verify_nsfail);
252 HDEBUG(D_verify)
253 debug_printf("callout cache: domain gave initial rejection, or "
254 "does not accept HELO or MAIL FROM:<>\n");
255 setflag(addr, af_verify_nsfail);
256 addr->user_message = US"(result of an earlier callout reused).";
257 yield = FAIL;
8e669ac1 258 *failure_ptr = US"mail";
059ec3d9
PH
259 goto END_CALLOUT;
260 }
261
262 /* If a previous check on a "random" local part was accepted, we assume
263 that the server does not do any checking on local parts. There is therefore
264 no point in doing the callout, because it will always be successful. If a
265 random check previously failed, arrange not to do it again, but preserve
266 the data in the new record. If a random check is required but hasn't been
267 done, skip the remaining cache processing. */
268
269 if (callout_random) switch(cache_record->random_result)
270 {
271 case ccache_accept:
272 HDEBUG(D_verify)
273 debug_printf("callout cache: domain accepts random addresses\n");
274 goto END_CALLOUT; /* Default yield is OK */
275
276 case ccache_reject:
277 HDEBUG(D_verify)
278 debug_printf("callout cache: domain rejects random addresses\n");
279 callout_random = FALSE;
280 new_domain_record.random_result = ccache_reject;
281 new_domain_record.random_stamp = cache_record->random_stamp;
282 break;
283
284 default:
285 HDEBUG(D_verify)
286 debug_printf("callout cache: need to check random address handling "
287 "(not cached or cache expired)\n");
288 goto END_CACHE;
289 }
290
291 /* If a postmaster check is requested, but there was a previous failure,
292 there is again no point in carrying on. If a postmaster check is required,
293 but has not been done before, we are going to have to do a callout, so skip
294 remaining cache processing. */
295
296 if (pm_mailfrom != NULL)
297 {
298 if (cache_record->postmaster_result == ccache_reject)
299 {
300 setflag(addr, af_verify_pmfail);
301 HDEBUG(D_verify)
302 debug_printf("callout cache: domain does not accept "
303 "RCPT TO:<postmaster@domain>\n");
304 yield = FAIL;
8e669ac1 305 *failure_ptr = US"postmaster";
059ec3d9
PH
306 setflag(addr, af_verify_pmfail);
307 addr->user_message = US"(result of earlier verification reused).";
308 goto END_CALLOUT;
309 }
310 if (cache_record->postmaster_result == ccache_unknown)
311 {
312 HDEBUG(D_verify)
313 debug_printf("callout cache: need to check RCPT "
314 "TO:<postmaster@domain> (not cached or cache expired)\n");
315 goto END_CACHE;
316 }
317
318 /* If cache says OK, set pm_mailfrom NULL to prevent a redundant
319 postmaster check if the address itself has to be checked. Also ensure
320 that the value in the cache record is preserved (with its old timestamp).
321 */
322
323 HDEBUG(D_verify) debug_printf("callout cache: domain accepts RCPT "
324 "TO:<postmaster@domain>\n");
325 pm_mailfrom = NULL;
326 new_domain_record.postmaster_result = ccache_accept;
327 new_domain_record.postmaster_stamp = cache_record->postmaster_stamp;
328 }
329 }
330
331 /* We can't give a result based on information about the domain. See if there
332 is an unexpired cache record for this specific address (combined with the
333 sender address if we are doing a recipient callout with a non-empty sender).
334 */
335
336 cache_address_record = (dbdata_callout_cache_address *)
337 get_callout_cache_record(dbm_file,
338 address_key, US"address",
339 callout_cache_positive_expire,
340 callout_cache_negative_expire);
341
342 if (cache_address_record != NULL)
343 {
344 if (cache_address_record->result == ccache_accept)
345 {
346 HDEBUG(D_verify)
347 debug_printf("callout cache: address record is positive\n");
348 }
349 else
350 {
351 HDEBUG(D_verify)
352 debug_printf("callout cache: address record is negative\n");
353 addr->user_message = US"Previous (cached) callout verification failure";
8e669ac1 354 *failure_ptr = US"recipient";
059ec3d9
PH
355 yield = FAIL;
356 }
357 goto END_CALLOUT;
358 }
359
360 /* Close the cache database while we actually do the callout for real. */
361
362 END_CACHE:
363 dbfn_close(dbm_file);
364 dbm_file = NULL;
365 }
366
367/* The information wasn't available in the cache, so we have to do a real
368callout and save the result in the cache for next time, unless no_cache is set,
369or unless we have a previously cached negative random result. If we are to test
370with a random local part, ensure that such a local part is available. If not,
371log the fact, but carry on without randomming. */
372
373if (callout_random && callout_random_local_part != NULL)
374 {
375 random_local_part = expand_string(callout_random_local_part);
376 if (random_local_part == NULL)
377 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand "
378 "callout_random_local_part: %s", expand_string_message);
379 }
380
4deaf07d
PH
381/* Default the connect and overall callout timeouts if not set, and record the
382time we are starting so that we can enforce it. */
059ec3d9
PH
383
384if (callout_overall < 0) callout_overall = 4 * callout;
4deaf07d 385if (callout_connect < 0) callout_connect = callout;
059ec3d9
PH
386callout_start_time = time(NULL);
387
4c590bd1
PH
388/* Before doing a real callout, if this is an SMTP connection, flush the SMTP
389output because a callout might take some time. When PIPELINING is active and
390there are many recipients, the total time for doing lots of callouts can add up
391and cause the client to time out. So in this case we forgo the PIPELINING
392optimization. */
393
394if (smtp_out != NULL && !disable_callout_flush) mac_smtp_fflush();
395
059ec3d9
PH
396/* Now make connections to the hosts and do real callouts. The list of hosts
397is passed in as an argument. */
398
399for (host = host_list; host != NULL && !done; host = host->next)
400 {
401 smtp_inblock inblock;
402 smtp_outblock outblock;
403 int host_af;
404 int port = 25;
8e669ac1 405 BOOL send_quit = TRUE;
26da7e20 406 uschar *active_hostname = smtp_active_hostname;
059ec3d9
PH
407 uschar *helo = US"HELO";
408 uschar *interface = NULL; /* Outgoing interface to use; NULL => any */
409 uschar inbuffer[4096];
410 uschar outbuffer[1024];
411 uschar responsebuffer[4096];
412
413 clearflag(addr, af_verify_pmfail); /* postmaster callout flag */
414 clearflag(addr, af_verify_nsfail); /* null sender callout flag */
415
416 /* Skip this host if we don't have an IP address for it. */
417
418 if (host->address == NULL)
419 {
420 DEBUG(D_verify) debug_printf("no IP address for host name %s: skipping\n",
421 host->name);
422 continue;
423 }
424
425 /* Check the overall callout timeout */
426
427 if (time(NULL) - callout_start_time >= callout_overall)
428 {
429 HDEBUG(D_verify) debug_printf("overall timeout for callout exceeded\n");
430 break;
431 }
432
433 /* Set IPv4 or IPv6 */
434
435 host_af = (Ustrchr(host->address, ':') == NULL)? AF_INET:AF_INET6;
436
de3a88fb
PH
437 /* Expand and interpret the interface and port strings. The latter will not
438 be used if there is a host-specific port (e.g. from a manualroute router).
439 This has to be delayed till now, because they may expand differently for
440 different hosts. If there's a failure, log it, but carry on with the
441 defaults. */
059ec3d9
PH
442
443 deliver_host = host->name;
444 deliver_host_address = host->address;
750af86e 445 deliver_domain = addr->domain;
de3a88fb 446
059ec3d9
PH
447 if (!smtp_get_interface(tf->interface, host_af, addr, NULL, &interface,
448 US"callout") ||
449 !smtp_get_port(tf->port, addr, &port, US"callout"))
450 log_write(0, LOG_MAIN|LOG_PANIC, "<%s>: %s", addr->address,
451 addr->message);
de3a88fb 452
059ec3d9
PH
453 /* Set HELO string according to the protocol */
454
455 if (Ustrcmp(tf->protocol, "lmtp") == 0) helo = US"LHLO";
456
457 HDEBUG(D_verify) debug_printf("interface=%s port=%d\n", interface, port);
458
459 /* Set up the buffer for reading SMTP response packets. */
460
461 inblock.buffer = inbuffer;
462 inblock.buffersize = sizeof(inbuffer);
463 inblock.ptr = inbuffer;
464 inblock.ptrend = inbuffer;
465
466 /* Set up the buffer for holding SMTP commands while pipelining */
467
468 outblock.buffer = outbuffer;
469 outblock.buffersize = sizeof(outbuffer);
470 outblock.ptr = outbuffer;
471 outblock.cmd_count = 0;
472 outblock.authenticating = FALSE;
473
474 /* Connect to the host; on failure, just loop for the next one, but we
4deaf07d 475 set the error for the last one. Use the callout_connect timeout. */
059ec3d9
PH
476
477 inblock.sock = outblock.sock =
4deaf07d 478 smtp_connect(host, host_af, port, interface, callout_connect, TRUE);
059ec3d9
PH
479 if (inblock.sock < 0)
480 {
481 addr->message = string_sprintf("could not connect to %s [%s]: %s",
482 host->name, host->address, strerror(errno));
41c7c167
PH
483 deliver_host = deliver_host_address = NULL;
484 deliver_domain = save_deliver_domain;
059ec3d9
PH
485 continue;
486 }
487
41c7c167
PH
488 /* Expand the helo_data string to find the host name to use. */
489
490 if (tf->helo_data != NULL)
491 {
492 uschar *s = expand_string(tf->helo_data);
493 if (s == NULL)
494 log_write(0, LOG_MAIN|LOG_PANIC, "<%s>: failed to expand transport's "
495 "helo_data value for callout: %s", addr->address,
496 expand_string_message);
497 else active_hostname = s;
498 }
499
500 deliver_host = deliver_host_address = NULL;
501 deliver_domain = save_deliver_domain;
502
2b1c6e3a
PH
503 /* Wait for initial response, and send HELO. The smtp_write_command()
504 function leaves its command in big_buffer. This is used in error responses.
505 Initialize it in case the connection is rejected. */
059ec3d9
PH
506
507 Ustrcpy(big_buffer, "initial connection");
508
509 done =
510 smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
511 '2', callout) &&
059ec3d9 512 smtp_write_command(&outblock, FALSE, "%s %s\r\n", helo,
26da7e20 513 active_hostname) >= 0 &&
059ec3d9 514 smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
2b1c6e3a 515 '2', callout);
059ec3d9 516
2b1c6e3a
PH
517 /* Failure to accept HELO is cached; this blocks the whole domain for all
518 senders. I/O errors and defer responses are not cached. */
519
520 if (!done)
521 {
522 *failure_ptr = US"mail"; /* At or before MAIL */
523 if (errno == 0 && responsebuffer[0] == '5')
524 {
525 setflag(addr, af_verify_nsfail);
526 new_domain_record.result = ccache_reject;
527 }
528 }
529
530 /* Send the MAIL command */
531
532 else done =
059ec3d9
PH
533 smtp_write_command(&outblock, FALSE, "MAIL FROM:<%s>\r\n",
534 from_address) >= 0 &&
535 smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
536 '2', callout);
537
2b1c6e3a
PH
538 /* If the host does not accept MAIL FROM:<>, arrange to cache this
539 information, but again, don't record anything for an I/O error or a defer. Do
540 not cache rejections of MAIL when a non-empty sender has been used, because
541 that blocks the whole domain for all senders. */
059ec3d9
PH
542
543 if (!done)
544 {
2b1c6e3a 545 *failure_ptr = US"mail"; /* At or before MAIL */
059ec3d9
PH
546 if (errno == 0 && responsebuffer[0] == '5')
547 {
548 setflag(addr, af_verify_nsfail);
2b1c6e3a
PH
549 if (from_address[0] == 0)
550 new_domain_record.result = ccache_reject_mfnull;
059ec3d9
PH
551 }
552 }
553
554 /* Otherwise, proceed to check a "random" address (if required), then the
555 given address, and the postmaster address (if required). Between each check,
556 issue RSET, because some servers accept only one recipient after MAIL
2b1c6e3a
PH
557 FROM:<>.
558
559 Before doing this, set the result in the domain cache record to "accept",
560 unless its previous value was ccache_reject_mfnull. In that case, the domain
561 rejects MAIL FROM:<> and we want to continue to remember that. When that is
562 the case, we have got here only in the case of a recipient verification with
563 a non-null sender. */
059ec3d9
PH
564
565 else
566 {
2b1c6e3a
PH
567 new_domain_record.result =
568 (old_domain_cache_result == ccache_reject_mfnull)?
569 ccache_reject_mfnull: ccache_accept;
059ec3d9
PH
570
571 /* Do the random local part check first */
572
573 if (random_local_part != NULL)
574 {
575 uschar randombuffer[1024];
576 BOOL random_ok =
577 smtp_write_command(&outblock, FALSE,
578 "RCPT TO:<%.1000s@%.1000s>\r\n", random_local_part,
579 addr->domain) >= 0 &&
580 smtp_read_response(&inblock, randombuffer,
581 sizeof(randombuffer), '2', callout);
582
583 /* Remember when we last did a random test */
584
585 new_domain_record.random_stamp = time(NULL);
586
587 /* If accepted, we aren't going to do any further tests below. */
588
589 if (random_ok)
590 {
591 new_domain_record.random_result = ccache_accept;
592 }
593
594 /* Otherwise, cache a real negative response, and get back to the right
595 state to send RCPT. Unless there's some problem such as a dropped
596 connection, we expect to succeed, because the commands succeeded above. */
597
598 else if (errno == 0)
599 {
600 if (randombuffer[0] == '5')
601 new_domain_record.random_result = ccache_reject;
602
603 done =
604 smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0 &&
605 smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
606 '2', callout) &&
607
90e9ce59
PH
608 smtp_write_command(&outblock, FALSE, "MAIL FROM:<%s>\r\n",
609 from_address) >= 0 &&
059ec3d9
PH
610 smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
611 '2', callout);
612 }
613 else done = FALSE; /* Some timeout/connection problem */
614 } /* Random check */
615
616 /* If the host is accepting all local parts, as determined by the "random"
617 check, we don't need to waste time doing any further checking. */
618
619 if (new_domain_record.random_result != ccache_accept && done)
620 {
5417f6d1
PH
621 /* Get the rcpt_include_affixes flag from the transport if there is one,
622 but assume FALSE if there is not. */
623
059ec3d9
PH
624 done =
625 smtp_write_command(&outblock, FALSE, "RCPT TO:<%.1000s>\r\n",
c688b954 626 transport_rcpt_address(addr,
5417f6d1
PH
627 (addr->transport == NULL)? FALSE :
628 addr->transport->rcpt_include_affixes)) >= 0 &&
059ec3d9
PH
629 smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
630 '2', callout);
631
632 if (done)
633 new_address_record.result = ccache_accept;
634 else if (errno == 0 && responsebuffer[0] == '5')
2c7db3f5 635 {
8e669ac1 636 *failure_ptr = US"recipient";
059ec3d9 637 new_address_record.result = ccache_reject;
8e669ac1 638 }
059ec3d9 639
2a4be8f9
PH
640 /* Do postmaster check if requested; if a full check is required, we
641 check for RCPT TO:<postmaster> (no domain) in accordance with RFC 821. */
059ec3d9
PH
642
643 if (done && pm_mailfrom != NULL)
644 {
645 done =
646 smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0 &&
647 smtp_read_response(&inblock, responsebuffer,
648 sizeof(responsebuffer), '2', callout) &&
649
650 smtp_write_command(&outblock, FALSE,
651 "MAIL FROM:<%s>\r\n", pm_mailfrom) >= 0 &&
652 smtp_read_response(&inblock, responsebuffer,
653 sizeof(responsebuffer), '2', callout) &&
654
2a4be8f9
PH
655 /* First try using the current domain */
656
657 ((
059ec3d9
PH
658 smtp_write_command(&outblock, FALSE,
659 "RCPT TO:<postmaster@%.1000s>\r\n", addr->domain) >= 0 &&
660 smtp_read_response(&inblock, responsebuffer,
2a4be8f9
PH
661 sizeof(responsebuffer), '2', callout)
662 )
663
664 ||
665
666 /* If that doesn't work, and a full check is requested,
667 try without the domain. */
668
669 (
670 (options & vopt_callout_fullpm) != 0 &&
671 smtp_write_command(&outblock, FALSE,
672 "RCPT TO:<postmaster>\r\n") >= 0 &&
673 smtp_read_response(&inblock, responsebuffer,
674 sizeof(responsebuffer), '2', callout)
675 ));
676
677 /* Sort out the cache record */
059ec3d9
PH
678
679 new_domain_record.postmaster_stamp = time(NULL);
680
681 if (done)
682 new_domain_record.postmaster_result = ccache_accept;
683 else if (errno == 0 && responsebuffer[0] == '5')
684 {
8e669ac1 685 *failure_ptr = US"postmaster";
059ec3d9
PH
686 setflag(addr, af_verify_pmfail);
687 new_domain_record.postmaster_result = ccache_reject;
688 }
689 }
690 } /* Random not accepted */
90e9ce59 691 } /* MAIL FROM: accepted */
059ec3d9
PH
692
693 /* For any failure of the main check, other than a negative response, we just
694 close the connection and carry on. We can identify a negative response by the
695 fact that errno is zero. For I/O errors it will be non-zero
696
697 Set up different error texts for logging and for sending back to the caller
698 as an SMTP response. Log in all cases, using a one-line format. For sender
699 callouts, give a full response to the caller, but for recipient callouts,
700 don't give the IP address because this may be an internal host whose identity
701 is not to be widely broadcast. */
702
703 if (!done)
704 {
705 if (errno == ETIMEDOUT)
706 {
707 HDEBUG(D_verify) debug_printf("SMTP timeout\n");
8e669ac1 708 send_quit = FALSE;
059ec3d9
PH
709 }
710 else if (errno == 0)
711 {
712 if (*responsebuffer == 0) Ustrcpy(responsebuffer, US"connection dropped");
713
714 addr->message =
715 string_sprintf("response to \"%s\" from %s [%s] was: %s",
716 big_buffer, host->name, host->address,
717 string_printing(responsebuffer));
718
719 addr->user_message = is_recipient?
720 string_sprintf("Callout verification failed:\n%s", responsebuffer)
721 :
722 string_sprintf("Called: %s\nSent: %s\nResponse: %s",
723 host->address, big_buffer, responsebuffer);
724
725 /* Hard rejection ends the process */
726
727 if (responsebuffer[0] == '5') /* Address rejected */
728 {
729 yield = FAIL;
730 done = TRUE;
731 }
732 }
733 }
734
735 /* End the SMTP conversation and close the connection. */
736
c9bdd01c 737 if (send_quit) (void)smtp_write_command(&outblock, FALSE, "QUIT\r\n");
f1e894f3 738 (void)close(inblock.sock);
059ec3d9
PH
739 } /* Loop through all hosts, while !done */
740
741/* If we get here with done == TRUE, a successful callout happened, and yield
742will be set OK or FAIL according to the response to the RCPT command.
743Otherwise, we looped through the hosts but couldn't complete the business.
744However, there may be domain-specific information to cache in both cases.
745
746The value of the result field in the new_domain record is ccache_unknown if
90e9ce59 747there was an error before or with MAIL FROM:, and errno was not zero,
059ec3d9 748implying some kind of I/O error. We don't want to write the cache in that case.
2b1c6e3a 749Otherwise the value is ccache_accept, ccache_reject, or ccache_reject_mfnull. */
059ec3d9
PH
750
751if (!callout_no_cache && new_domain_record.result != ccache_unknown)
752 {
753 if ((dbm_file = dbfn_open(US"callout", O_RDWR|O_CREAT, &dbblock, FALSE))
754 == NULL)
755 {
756 HDEBUG(D_verify) debug_printf("callout cache: not available\n");
757 }
758 else
759 {
760 (void)dbfn_write(dbm_file, addr->domain, &new_domain_record,
761 (int)sizeof(dbdata_callout_cache));
762 HDEBUG(D_verify) debug_printf("wrote callout cache domain record:\n"
763 " result=%d postmaster=%d random=%d\n",
764 new_domain_record.result,
765 new_domain_record.postmaster_result,
766 new_domain_record.random_result);
767 }
768 }
769
770/* If a definite result was obtained for the callout, cache it unless caching
771is disabled. */
772
773if (done)
774 {
775 if (!callout_no_cache && new_address_record.result != ccache_unknown)
776 {
777 if (dbm_file == NULL)
778 dbm_file = dbfn_open(US"callout", O_RDWR|O_CREAT, &dbblock, FALSE);
779 if (dbm_file == NULL)
780 {
781 HDEBUG(D_verify) debug_printf("no callout cache available\n");
782 }
783 else
784 {
785 (void)dbfn_write(dbm_file, address_key, &new_address_record,
786 (int)sizeof(dbdata_callout_cache_address));
787 HDEBUG(D_verify) debug_printf("wrote %s callout cache address record\n",
788 (new_address_record.result == ccache_accept)? "positive" : "negative");
789 }
790 }
791 } /* done */
792
793/* Failure to connect to any host, or any response other than 2xx or 5xx is a
794temporary error. If there was only one host, and a response was received, leave
795it alone if supplying details. Otherwise, give a generic response. */
796
797else /* !done */
798 {
799 uschar *dullmsg = string_sprintf("Could not complete %s verify callout",
800 is_recipient? "recipient" : "sender");
801 yield = DEFER;
802
803 if (host_list->next != NULL || addr->message == NULL) addr->message = dullmsg;
804
805 addr->user_message = (!smtp_return_error_details)? dullmsg :
806 string_sprintf("%s for <%s>.\n"
807 "The mail server(s) for the domain may be temporarily unreachable, or\n"
808 "they may be permanently unreachable from this server. In the latter case,\n%s",
809 dullmsg, addr->address,
810 is_recipient?
811 "the address will never be accepted."
812 :
813 "you need to change the address or create an MX record for its domain\n"
814 "if it is supposed to be generally accessible from the Internet.\n"
815 "Talk to your mail administrator for details.");
816
817 /* Force a specific error code */
818
819 addr->basic_errno = ERRNO_CALLOUTDEFER;
820 }
821
822/* Come here from within the cache-reading code on fast-track exit. */
823
824END_CALLOUT:
825if (dbm_file != NULL) dbfn_close(dbm_file);
826return yield;
827}
828
829
830
831/*************************************************
832* Copy error to toplevel address *
833*************************************************/
834
835/* This function is used when a verify fails or defers, to ensure that the
836failure or defer information is in the original toplevel address. This applies
837when an address is redirected to a single new address, and the failure or
838deferral happens to the child address.
839
840Arguments:
841 vaddr the verify address item
842 addr the final address item
843 yield FAIL or DEFER
844
845Returns: the value of YIELD
846*/
847
848static int
849copy_error(address_item *vaddr, address_item *addr, int yield)
850{
851if (addr != vaddr)
852 {
853 vaddr->message = addr->message;
854 vaddr->user_message = addr->user_message;
855 vaddr->basic_errno = addr->basic_errno;
856 vaddr->more_errno = addr->more_errno;
b37c4101 857 vaddr->p.address_data = addr->p.address_data;
42855d71 858 copyflag(vaddr, addr, af_pass_message);
059ec3d9
PH
859 }
860return yield;
861}
862
863
864
865
866/*************************************************
867* Verify an email address *
868*************************************************/
869
870/* This function is used both for verification (-bv and at other times) and
871address testing (-bt), which is indicated by address_test_mode being set.
872
873Arguments:
874 vaddr contains the address to verify; the next field in this block
875 must be NULL
876 f if not NULL, write the result to this file
877 options various option bits:
878 vopt_fake_sender => this sender verify is not for the real
879 sender (it was verify=sender=xxxx or an address from a
880 header line) - rewriting must not change sender_address
881 vopt_is_recipient => this is a recipient address, otherwise
882 it's a sender address - this affects qualification and
883 rewriting and messages from callouts
884 vopt_qualify => qualify an unqualified address; else error
885 vopt_expn => called from SMTP EXPN command
eafd343b
TK
886 vopt_success_on_redirect => when a new address is generated
887 the verification instantly succeeds
059ec3d9
PH
888
889 These ones are used by do_callout() -- the options variable
890 is passed to it.
891
2a4be8f9 892 vopt_callout_fullpm => if postmaster check, do full one
059ec3d9
PH
893 vopt_callout_no_cache => don't use callout cache
894 vopt_callout_random => do the "random" thing
895 vopt_callout_recipsender => use real sender for recipient
896 vopt_callout_recippmaster => use postmaster for recipient
897
898 callout if > 0, specifies that callout is required, and gives timeout
4deaf07d 899 for individual commands
059ec3d9
PH
900 callout_overall if > 0, gives overall timeout for the callout function;
901 if < 0, a default is used (see do_callout())
8e669ac1 902 callout_connect the connection timeout for callouts
059ec3d9
PH
903 se_mailfrom when callout is requested to verify a sender, use this
904 in MAIL FROM; NULL => ""
905 pm_mailfrom when callout is requested, if non-NULL, do the postmaster
906 thing and use this as the sender address (may be "")
907
908 routed if not NULL, set TRUE if routing succeeded, so we can
909 distinguish between routing failed and callout failed
910
911Returns: OK address verified
912 FAIL address failed to verify
913 DEFER can't tell at present
914*/
915
916int
917verify_address(address_item *vaddr, FILE *f, int options, int callout,
8e669ac1 918 int callout_overall, int callout_connect, uschar *se_mailfrom,
4deaf07d 919 uschar *pm_mailfrom, BOOL *routed)
059ec3d9
PH
920{
921BOOL allok = TRUE;
922BOOL full_info = (f == NULL)? FALSE : (debug_selector != 0);
923BOOL is_recipient = (options & vopt_is_recipient) != 0;
924BOOL expn = (options & vopt_expn) != 0;
eafd343b 925BOOL success_on_redirect = (options & vopt_success_on_redirect) != 0;
059ec3d9
PH
926int i;
927int yield = OK;
928int verify_type = expn? v_expn :
929 address_test_mode? v_none :
930 is_recipient? v_recipient : v_sender;
931address_item *addr_list;
932address_item *addr_new = NULL;
933address_item *addr_remote = NULL;
934address_item *addr_local = NULL;
935address_item *addr_succeed = NULL;
8e669ac1 936uschar **failure_ptr = is_recipient?
2c7db3f5 937 &recipient_verify_failure : &sender_verify_failure;
059ec3d9
PH
938uschar *ko_prefix, *cr;
939uschar *address = vaddr->address;
940uschar *save_sender;
941uschar null_sender[] = { 0 }; /* Ensure writeable memory */
942
2c7db3f5
PH
943/* Clear, just in case */
944
945*failure_ptr = NULL;
946
059ec3d9
PH
947/* Set up a prefix and suffix for error message which allow us to use the same
948output statements both in EXPN mode (where an SMTP response is needed) and when
949debugging with an output file. */
950
951if (expn)
952 {
953 ko_prefix = US"553 ";
954 cr = US"\r";
955 }
956else ko_prefix = cr = US"";
957
958/* Add qualify domain if permitted; otherwise an unqualified address fails. */
959
960if (parse_find_at(address) == NULL)
961 {
962 if ((options & vopt_qualify) == 0)
963 {
964 if (f != NULL)
965 fprintf(f, "%sA domain is required for \"%s\"%s\n", ko_prefix, address,
966 cr);
8e669ac1 967 *failure_ptr = US"qualify";
059ec3d9
PH
968 return FAIL;
969 }
970 address = rewrite_address_qualify(address, is_recipient);
971 }
972
973DEBUG(D_verify)
974 {
975 debug_printf(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n");
976 debug_printf("%s %s\n", address_test_mode? "Testing" : "Verifying", address);
977 }
978
979/* Rewrite and report on it. Clear the domain and local part caches - these
980may have been set by domains and local part tests during an ACL. */
981
982if (global_rewrite_rules != NULL)
983 {
984 uschar *old = address;
985 address = rewrite_address(address, is_recipient, FALSE,
986 global_rewrite_rules, rewrite_existflags);
987 if (address != old)
988 {
989 for (i = 0; i < (MAX_NAMED_LIST * 2)/32; i++) vaddr->localpart_cache[i] = 0;
990 for (i = 0; i < (MAX_NAMED_LIST * 2)/32; i++) vaddr->domain_cache[i] = 0;
991 if (f != NULL && !expn) fprintf(f, "Address rewritten as: %s\n", address);
992 }
993 }
994
995/* If this is the real sender address, we must update sender_address at
996this point, because it may be referred to in the routers. */
997
998if ((options & (vopt_fake_sender|vopt_is_recipient)) == 0)
999 sender_address = address;
1000
1001/* If the address was rewritten to <> no verification can be done, and we have
1002to return OK. This rewriting is permitted only for sender addresses; for other
1003addresses, such rewriting fails. */
1004
1005if (address[0] == 0) return OK;
1006
1007/* Save a copy of the sender address for re-instating if we change it to <>
1008while verifying a sender address (a nice bit of self-reference there). */
1009
1010save_sender = sender_address;
1011
1012/* Update the address structure with the possibly qualified and rewritten
1013address. Set it up as the starting address on the chain of new addresses. */
1014
1015vaddr->address = address;
1016addr_new = vaddr;
1017
1018/* We need a loop, because an address can generate new addresses. We must also
1019cope with generated pipes and files at the top level. (See also the code and
1020comment in deliver.c.) However, it is usually the case that the router for
1021user's .forward files has its verify flag turned off.
1022
1023If an address generates more than one child, the loop is used only when
1024full_info is set, and this can only be set locally. Remote enquiries just get
1025information about the top level address, not anything that it generated. */
1026
1027while (addr_new != NULL)
1028 {
1029 int rc;
1030 address_item *addr = addr_new;
1031
1032 addr_new = addr->next;
1033 addr->next = NULL;
1034
1035 DEBUG(D_verify)
1036 {
1037 debug_printf(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n");
1038 debug_printf("Considering %s\n", addr->address);
1039 }
1040
1041 /* Handle generated pipe, file or reply addresses. We don't get these
1042 when handling EXPN, as it does only one level of expansion. */
1043
1044 if (testflag(addr, af_pfr))
1045 {
1046 allok = FALSE;
1047 if (f != NULL)
1048 {
1049 BOOL allow;
1050
1051 if (addr->address[0] == '>')
1052 {
1053 allow = testflag(addr, af_allow_reply);
1054 fprintf(f, "%s -> mail %s", addr->parent->address, addr->address + 1);
1055 }
1056 else
1057 {
1058 allow = (addr->address[0] == '|')?
1059 testflag(addr, af_allow_pipe) : testflag(addr, af_allow_file);
1060 fprintf(f, "%s -> %s", addr->parent->address, addr->address);
1061 }
1062
1063 if (addr->basic_errno == ERRNO_BADTRANSPORT)
1064 fprintf(f, "\n*** Error in setting up pipe, file, or autoreply:\n"
1065 "%s\n", addr->message);
1066 else if (allow)
1067 fprintf(f, "\n transport = %s\n", addr->transport->name);
1068 else
1069 fprintf(f, " *** forbidden ***\n");
1070 }
1071 continue;
1072 }
1073
1074 /* Just in case some router parameter refers to it. */
1075
1076 return_path = (addr->p.errors_address != NULL)?
1077 addr->p.errors_address : sender_address;
1078
1079 /* Split the address into domain and local part, handling the %-hack if
1080 necessary, and then route it. While routing a sender address, set
1081 $sender_address to <> because that is what it will be if we were trying to
1082 send a bounce to the sender. */
1083
1084 if (routed != NULL) *routed = FALSE;
1085 if ((rc = deliver_split_address(addr)) == OK)
1086 {
1087 if (!is_recipient) sender_address = null_sender;
1088 rc = route_address(addr, &addr_local, &addr_remote, &addr_new,
1089 &addr_succeed, verify_type);
1090 sender_address = save_sender; /* Put back the real sender */
1091 }
1092
1093 /* If routing an address succeeded, set the flag that remembers, for use when
1094 an ACL cached a sender verify (in case a callout fails). Then if routing set
1095 up a list of hosts or the transport has a host list, and the callout option
1096 is set, and we aren't in a host checking run, do the callout verification,
1097 and set another flag that notes that a callout happened. */
1098
1099 if (rc == OK)
1100 {
1101 if (routed != NULL) *routed = TRUE;
1102 if (callout > 0)
1103 {
1104 host_item *host_list = addr->host_list;
1105
26da7e20
PH
1106 /* Make up some data for use in the case where there is no remote
1107 transport. */
1108
1109 transport_feedback tf = {
1110 NULL, /* interface (=> any) */
1111 US"smtp", /* port */
1112 US"smtp", /* protocol */
1113 NULL, /* hosts */
1114 US"$smtp_active_hostname", /* helo_data */
1115 FALSE, /* hosts_override */
1116 FALSE, /* hosts_randomize */
1117 FALSE, /* gethostbyname */
1118 TRUE, /* qualify_single */
1119 FALSE /* search_parents */
1120 };
059ec3d9
PH
1121
1122 /* If verification yielded a remote transport, we want to use that
1123 transport's options, so as to mimic what would happen if we were really
1124 sending a message to this address. */
1125
1126 if (addr->transport != NULL && !addr->transport->info->local)
1127 {
929ba01c 1128 (void)(addr->transport->setup)(addr->transport, addr, &tf, 0, 0, NULL);
059ec3d9
PH
1129
1130 /* If the transport has hosts and the router does not, or if the
1131 transport is configured to override the router's hosts, we must build a
1132 host list of the transport's hosts, and find the IP addresses */
1133
1134 if (tf.hosts != NULL && (host_list == NULL || tf.hosts_override))
1135 {
1136 uschar *s;
750af86e
PH
1137 uschar *save_deliver_domain = deliver_domain;
1138 uschar *save_deliver_localpart = deliver_localpart;
059ec3d9
PH
1139
1140 host_list = NULL; /* Ignore the router's hosts */
1141
1142 deliver_domain = addr->domain;
1143 deliver_localpart = addr->local_part;
1144 s = expand_string(tf.hosts);
750af86e
PH
1145 deliver_domain = save_deliver_domain;
1146 deliver_localpart = save_deliver_localpart;
059ec3d9
PH
1147
1148 if (s == NULL)
1149 {
1150 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand list of hosts "
1151 "\"%s\" in %s transport for callout: %s", tf.hosts,
1152 addr->transport->name, expand_string_message);
1153 }
1154 else
1155 {
322050c2 1156 int flags;
059ec3d9 1157 uschar *canonical_name;
d8ef3577 1158 host_item *host, *nexthost;
059ec3d9
PH
1159 host_build_hostlist(&host_list, s, tf.hosts_randomize);
1160
1161 /* Just ignore failures to find a host address. If we don't manage
8e669ac1
PH
1162 to find any addresses, the callout will defer. Note that more than
1163 one address may be found for a single host, which will result in
1164 additional host items being inserted into the chain. Hence we must
d8ef3577 1165 save the next host first. */
059ec3d9 1166
322050c2
PH
1167 flags = HOST_FIND_BY_A;
1168 if (tf.qualify_single) flags |= HOST_FIND_QUALIFY_SINGLE;
1169 if (tf.search_parents) flags |= HOST_FIND_SEARCH_PARENTS;
1170
d8ef3577 1171 for (host = host_list; host != NULL; host = nexthost)
059ec3d9 1172 {
d8ef3577 1173 nexthost = host->next;
8e669ac1 1174 if (tf.gethostbyname ||
7e66e54d 1175 string_is_ip_address(host->name, NULL) != 0)
322050c2 1176 (void)host_find_byname(host, NULL, flags, &canonical_name, TRUE);
059ec3d9 1177 else
059ec3d9
PH
1178 (void)host_find_bydns(host, NULL, flags, NULL, NULL, NULL,
1179 &canonical_name, NULL);
059ec3d9
PH
1180 }
1181 }
1182 }
1183 }
1184
8e669ac1 1185 /* Can only do a callout if we have at least one host! If the callout
2c7db3f5 1186 fails, it will have set ${sender,recipient}_verify_failure. */
059ec3d9
PH
1187
1188 if (host_list != NULL)
1189 {
1190 HDEBUG(D_verify) debug_printf("Attempting full verification using callout\n");
1191 if (host_checking && !host_checking_callout)
1192 {
1193 HDEBUG(D_verify)
1194 debug_printf("... callout omitted by default when host testing\n"
1195 "(Use -bhc if you want the callouts to happen.)\n");
1196 }
1197 else
1198 {
1199 rc = do_callout(addr, host_list, &tf, callout, callout_overall,
4deaf07d 1200 callout_connect, options, se_mailfrom, pm_mailfrom);
059ec3d9
PH
1201 }
1202 }
1203 else
1204 {
1205 HDEBUG(D_verify) debug_printf("Cannot do callout: neither router nor "
1206 "transport provided a host list\n");
1207 }
1208 }
1209 }
8e669ac1 1210
2c7db3f5 1211 /* Otherwise, any failure is a routing failure */
8e669ac1
PH
1212
1213 else *failure_ptr = US"route";
059ec3d9
PH
1214
1215 /* A router may return REROUTED if it has set up a child address as a result
1216 of a change of domain name (typically from widening). In this case we always
1217 want to continue to verify the new child. */
1218
1219 if (rc == REROUTED) continue;
8e669ac1 1220
059ec3d9
PH
1221 /* Handle hard failures */
1222
1223 if (rc == FAIL)
1224 {
1225 allok = FALSE;
1226 if (f != NULL)
1227 {
e6f6568e
PH
1228 address_item *p = addr->parent;
1229
322050c2 1230 fprintf(f, "%s%s %s", ko_prefix, full_info? addr->address : address,
059ec3d9
PH
1231 address_test_mode? "is undeliverable" : "failed to verify");
1232 if (!expn && admin_user)
1233 {
1234 if (addr->basic_errno > 0)
1235 fprintf(f, ": %s", strerror(addr->basic_errno));
1236 if (addr->message != NULL)
e6f6568e
PH
1237 fprintf(f, ": %s", addr->message);
1238 }
1239
1240 /* Show parents iff doing full info */
1241
1242 if (full_info) while (p != NULL)
1243 {
1244 fprintf(f, "%s\n <-- %s", cr, p->address);
1245 p = p->parent;
059ec3d9
PH
1246 }
1247 fprintf(f, "%s\n", cr);
1248 }
1249
1250 if (!full_info) return copy_error(vaddr, addr, FAIL);
1251 else yield = FAIL;
1252 }
1253
1254 /* Soft failure */
1255
1256 else if (rc == DEFER)
1257 {
1258 allok = FALSE;
1259 if (f != NULL)
1260 {
e6f6568e
PH
1261 address_item *p = addr->parent;
1262 fprintf(f, "%s%s cannot be resolved at this time", ko_prefix,
322050c2 1263 full_info? addr->address : address);
059ec3d9
PH
1264 if (!expn && admin_user)
1265 {
1266 if (addr->basic_errno > 0)
e6f6568e 1267 fprintf(f, ": %s", strerror(addr->basic_errno));
059ec3d9 1268 if (addr->message != NULL)
e6f6568e 1269 fprintf(f, ": %s", addr->message);
059ec3d9 1270 else if (addr->basic_errno <= 0)
e6f6568e 1271 fprintf(f, ": unknown error");
059ec3d9
PH
1272 }
1273
e6f6568e
PH
1274 /* Show parents iff doing full info */
1275
1276 if (full_info) while (p != NULL)
1277 {
1278 fprintf(f, "%s\n <-- %s", cr, p->address);
1279 p = p->parent;
1280 }
059ec3d9
PH
1281 fprintf(f, "%s\n", cr);
1282 }
1283 if (!full_info) return copy_error(vaddr, addr, DEFER);
1284 else if (yield == OK) yield = DEFER;
1285 }
1286
1287 /* If we are handling EXPN, we do not want to continue to route beyond
e6f6568e 1288 the top level (whose address is in "address"). */
059ec3d9
PH
1289
1290 else if (expn)
1291 {
1292 uschar *ok_prefix = US"250-";
1293 if (addr_new == NULL)
1294 {
1295 if (addr_local == NULL && addr_remote == NULL)
1296 fprintf(f, "250 mail to <%s> is discarded\r\n", address);
1297 else
1298 fprintf(f, "250 <%s>\r\n", address);
1299 }
1300 else while (addr_new != NULL)
1301 {
1302 address_item *addr2 = addr_new;
1303 addr_new = addr2->next;
1304 if (addr_new == NULL) ok_prefix = US"250 ";
1305 fprintf(f, "%s<%s>\r\n", ok_prefix, addr2->address);
1306 }
1307 return OK;
1308 }
1309
1310 /* Successful routing other than EXPN. */
1311
1312 else
1313 {
1314 /* Handle successful routing when short info wanted. Otherwise continue for
1315 other (generated) addresses. Short info is the operational case. Full info
1316 can be requested only when debug_selector != 0 and a file is supplied.
1317
1318 There is a conflict between the use of aliasing as an alternate email
1319 address, and as a sort of mailing list. If an alias turns the incoming
1320 address into just one address (e.g. J.Caesar->jc44) you may well want to
1321 carry on verifying the generated address to ensure it is valid when
1322 checking incoming mail. If aliasing generates multiple addresses, you
1323 probably don't want to do this. Exim therefore treats the generation of
1324 just a single new address as a special case, and continues on to verify the
1325 generated address. */
1326
1327 if (!full_info && /* Stop if short info wanted AND */
eafd343b
TK
1328 (((addr_new == NULL || /* No new address OR */
1329 addr_new->next != NULL || /* More than one new address OR */
1330 testflag(addr_new, af_pfr))) /* New address is pfr */
1331 || /* OR */
1332 (addr_new != NULL && /* At least one new address AND */
1333 success_on_redirect))) /* success_on_redirect is set */
059ec3d9 1334 {
322050c2 1335 if (f != NULL) fprintf(f, "%s %s\n", address,
059ec3d9
PH
1336 address_test_mode? "is deliverable" : "verified");
1337
1338 /* If we have carried on to verify a child address, we want the value
1339 of $address_data to be that of the child */
1340
1341 vaddr->p.address_data = addr->p.address_data;
1342 return OK;
1343 }
1344 }
1345 } /* Loop for generated addresses */
1346
1347/* Display the full results of the successful routing, including any generated
1348addresses. Control gets here only when full_info is set, which requires f not
1349to be NULL, and this occurs only when a top-level verify is called with the
1350debugging switch on.
1351
1352If there are no local and no remote addresses, and there were no pipes, files,
1353or autoreplies, and there were no errors or deferments, the message is to be
1354discarded, usually because of the use of :blackhole: in an alias file. */
1355
1356if (allok && addr_local == NULL && addr_remote == NULL)
dbcef0ea 1357 {
059ec3d9 1358 fprintf(f, "mail to %s is discarded\n", address);
dbcef0ea
PH
1359 return yield;
1360 }
059ec3d9 1361
dbcef0ea 1362for (addr_list = addr_local, i = 0; i < 2; addr_list = addr_remote, i++)
059ec3d9
PH
1363 {
1364 while (addr_list != NULL)
1365 {
1366 address_item *addr = addr_list;
1367 address_item *p = addr->parent;
1368 addr_list = addr->next;
1369
1370 fprintf(f, "%s", CS addr->address);
384152a6
TK
1371#ifdef EXPERIMENTAL_SRS
1372 if(addr->p.srs_sender)
1373 fprintf(f, " [srs = %s]", addr->p.srs_sender);
1374#endif
dbcef0ea
PH
1375
1376 /* If the address is a duplicate, show something about it. */
1377
1378 if (!testflag(addr, af_pfr))
1379 {
1380 tree_node *tnode;
1381 if ((tnode = tree_search(tree_duplicates, addr->unique)) != NULL)
1382 fprintf(f, " [duplicate, would not be delivered]");
1383 else tree_add_duplicate(addr->unique, addr);
1384 }
1385
1386 /* Now show its parents */
1387
059ec3d9
PH
1388 while (p != NULL)
1389 {
1390 fprintf(f, "\n <-- %s", p->address);
1391 p = p->parent;
1392 }
1393 fprintf(f, "\n ");
1394
1395 /* Show router, and transport */
1396
1397 fprintf(f, "router = %s, ", addr->router->name);
1398 fprintf(f, "transport = %s\n", (addr->transport == NULL)? US"unset" :
1399 addr->transport->name);
1400
1401 /* Show any hosts that are set up by a router unless the transport
1402 is going to override them; fiddle a bit to get a nice format. */
1403
1404 if (addr->host_list != NULL && addr->transport != NULL &&
1405 !addr->transport->overrides_hosts)
1406 {
1407 host_item *h;
1408 int maxlen = 0;
1409 int maxaddlen = 0;
1410 for (h = addr->host_list; h != NULL; h = h->next)
1411 {
1412 int len = Ustrlen(h->name);
1413 if (len > maxlen) maxlen = len;
1414 len = (h->address != NULL)? Ustrlen(h->address) : 7;
1415 if (len > maxaddlen) maxaddlen = len;
1416 }
1417 for (h = addr->host_list; h != NULL; h = h->next)
1418 {
1419 int len = Ustrlen(h->name);
1420 fprintf(f, " host %s ", h->name);
1421 while (len++ < maxlen) fprintf(f, " ");
1422 if (h->address != NULL)
1423 {
1424 fprintf(f, "[%s] ", h->address);
1425 len = Ustrlen(h->address);
1426 }
1427 else if (!addr->transport->info->local) /* Omit [unknown] for local */
1428 {
1429 fprintf(f, "[unknown] ");
1430 len = 7;
1431 }
1432 else len = -3;
1433 while (len++ < maxaddlen) fprintf(f," ");
1434 if (h->mx >= 0) fprintf(f, "MX=%d", h->mx);
1435 if (h->port != PORT_NONE) fprintf(f, " port=%d", h->port);
1436 if (h->status == hstatus_unusable) fprintf(f, " ** unusable **");
1437 fprintf(f, "\n");
1438 }
1439 }
1440 }
1441 }
1442
8e669ac1 1443/* Will be DEFER or FAIL if any one address has, only for full_info (which is
2c7db3f5
PH
1444the -bv or -bt case). */
1445
8e669ac1 1446return yield;
059ec3d9
PH
1447}
1448
1449
1450
1451
1452/*************************************************
1453* Check headers for syntax errors *
1454*************************************************/
1455
1456/* This function checks those header lines that contain addresses, and verifies
1457that all the addresses therein are syntactially correct.
1458
1459Arguments:
1460 msgptr where to put an error message
1461
1462Returns: OK
1463 FAIL
1464*/
1465
1466int
1467verify_check_headers(uschar **msgptr)
1468{
1469header_line *h;
1470uschar *colon, *s;
1eccaa59 1471int yield = OK;
059ec3d9 1472
1eccaa59 1473for (h = header_list; h != NULL && yield == OK; h = h->next)
059ec3d9
PH
1474 {
1475 if (h->type != htype_from &&
1476 h->type != htype_reply_to &&
1477 h->type != htype_sender &&
1478 h->type != htype_to &&
1479 h->type != htype_cc &&
1480 h->type != htype_bcc)
1481 continue;
1482
1483 colon = Ustrchr(h->text, ':');
1484 s = colon + 1;
1485 while (isspace(*s)) s++;
1486
1eccaa59
PH
1487 /* Loop for multiple addresses in the header, enabling group syntax. Note
1488 that we have to reset this after the header has been scanned. */
059ec3d9 1489
1eccaa59 1490 parse_allow_group = TRUE;
059ec3d9
PH
1491
1492 while (*s != 0)
1493 {
1494 uschar *ss = parse_find_address_end(s, FALSE);
1495 uschar *recipient, *errmess;
1496 int terminator = *ss;
1497 int start, end, domain;
1498
1499 /* Temporarily terminate the string at this point, and extract the
1eccaa59 1500 operative address within, allowing group syntax. */
059ec3d9
PH
1501
1502 *ss = 0;
1503 recipient = parse_extract_address(s,&errmess,&start,&end,&domain,FALSE);
1504 *ss = terminator;
1505
1506 /* Permit an unqualified address only if the message is local, or if the
1507 sending host is configured to be permitted to send them. */
1508
1509 if (recipient != NULL && domain == 0)
1510 {
1511 if (h->type == htype_from || h->type == htype_sender)
1512 {
1513 if (!allow_unqualified_sender) recipient = NULL;
1514 }
1515 else
1516 {
1517 if (!allow_unqualified_recipient) recipient = NULL;
1518 }
1519 if (recipient == NULL) errmess = US"unqualified address not permitted";
1520 }
1521
1522 /* It's an error if no address could be extracted, except for the special
1523 case of an empty address. */
1524
1525 if (recipient == NULL && Ustrcmp(errmess, "empty address") != 0)
1526 {
1527 uschar *verb = US"is";
1528 uschar *t = ss;
1ab95fa6 1529 uschar *tt = colon;
059ec3d9
PH
1530 int len;
1531
1532 /* Arrange not to include any white space at the end in the
1ab95fa6 1533 error message or the header name. */
059ec3d9
PH
1534
1535 while (t > s && isspace(t[-1])) t--;
1ab95fa6 1536 while (tt > h->text && isspace(tt[-1])) tt--;
059ec3d9 1537
1ab95fa6 1538 /* Add the address that failed to the error message, since in a
059ec3d9
PH
1539 header with very many addresses it is sometimes hard to spot
1540 which one is at fault. However, limit the amount of address to
1541 quote - cases have been seen where, for example, a missing double
1542 quote in a humungous To: header creates an "address" that is longer
1543 than string_sprintf can handle. */
1544
1545 len = t - s;
1546 if (len > 1024)
1547 {
1548 len = 1024;
1549 verb = US"begins";
1550 }
1551
1552 *msgptr = string_printing(
1ab95fa6
PH
1553 string_sprintf("%s: failing address in \"%.*s:\" header %s: %.*s",
1554 errmess, tt - h->text, h->text, verb, len, s));
059ec3d9 1555
1eccaa59
PH
1556 yield = FAIL;
1557 break; /* Out of address loop */
059ec3d9
PH
1558 }
1559
1560 /* Advance to the next address */
1561
1562 s = ss + (terminator? 1:0);
1563 while (isspace(*s)) s++;
1564 } /* Next address */
059ec3d9 1565
1eccaa59
PH
1566 parse_allow_group = FALSE;
1567 parse_found_group = FALSE;
1568 } /* Next header unless yield has been set FALSE */
1569
1570return yield;
059ec3d9
PH
1571}
1572
1573
1574
1c41c9cc
PH
1575/*************************************************
1576* Check for blind recipients *
1577*************************************************/
1578
1579/* This function checks that every (envelope) recipient is mentioned in either
1580the To: or Cc: header lines, thus detecting blind carbon copies.
1581
1582There are two ways of scanning that could be used: either scan the header lines
1583and tick off the recipients, or scan the recipients and check the header lines.
1584The original proposed patch did the former, but I have chosen to do the latter,
1585because (a) it requires no memory and (b) will use fewer resources when there
1586are many addresses in To: and/or Cc: and only one or two envelope recipients.
1587
1588Arguments: none
1589Returns: OK if there are no blind recipients
1590 FAIL if there is at least one blind recipient
1591*/
1592
1593int
1594verify_check_notblind(void)
1595{
1596int i;
1597for (i = 0; i < recipients_count; i++)
1598 {
1599 header_line *h;
1600 BOOL found = FALSE;
1601 uschar *address = recipients_list[i].address;
1602
1603 for (h = header_list; !found && h != NULL; h = h->next)
1604 {
1605 uschar *colon, *s;
1606
1607 if (h->type != htype_to && h->type != htype_cc) continue;
1608
1609 colon = Ustrchr(h->text, ':');
1610 s = colon + 1;
1611 while (isspace(*s)) s++;
1612
1eccaa59
PH
1613 /* Loop for multiple addresses in the header, enabling group syntax. Note
1614 that we have to reset this after the header has been scanned. */
1c41c9cc 1615
1eccaa59 1616 parse_allow_group = TRUE;
1c41c9cc
PH
1617
1618 while (*s != 0)
1619 {
1620 uschar *ss = parse_find_address_end(s, FALSE);
1621 uschar *recipient,*errmess;
1622 int terminator = *ss;
1623 int start, end, domain;
1624
1625 /* Temporarily terminate the string at this point, and extract the
1eccaa59 1626 operative address within, allowing group syntax. */
1c41c9cc
PH
1627
1628 *ss = 0;
1629 recipient = parse_extract_address(s,&errmess,&start,&end,&domain,FALSE);
1630 *ss = terminator;
1631
1632 /* If we found a valid recipient that has a domain, compare it with the
1633 envelope recipient. Local parts are compared case-sensitively, domains
1634 case-insensitively. By comparing from the start with length "domain", we
1635 include the "@" at the end, which ensures that we are comparing the whole
1636 local part of each address. */
1637
1638 if (recipient != NULL && domain != 0)
1639 {
1640 found = Ustrncmp(recipient, address, domain) == 0 &&
1641 strcmpic(recipient + domain, address + domain) == 0;
1642 if (found) break;
1643 }
1644
1645 /* Advance to the next address */
1646
1647 s = ss + (terminator? 1:0);
1648 while (isspace(*s)) s++;
1649 } /* Next address */
1eccaa59
PH
1650
1651 parse_allow_group = FALSE;
1652 parse_found_group = FALSE;
1c41c9cc
PH
1653 } /* Next header (if found is false) */
1654
1655 if (!found) return FAIL;
1656 } /* Next recipient */
1657
1658return OK;
1659}
1660
1661
059ec3d9
PH
1662
1663/*************************************************
1664* Find if verified sender *
1665*************************************************/
1666
1667/* Usually, just a single address is verified as the sender of the message.
1668However, Exim can be made to verify other addresses as well (often related in
1669some way), and this is useful in some environments. There may therefore be a
1670chain of such addresses that have previously been tested. This function finds
1671whether a given address is on the chain.
1672
1673Arguments: the address to be verified
1674Returns: pointer to an address item, or NULL
1675*/
1676
1677address_item *
1678verify_checked_sender(uschar *sender)
1679{
1680address_item *addr;
1681for (addr = sender_verified_list; addr != NULL; addr = addr->next)
1682 if (Ustrcmp(sender, addr->address) == 0) break;
1683return addr;
1684}
1685
1686
1687
1688
1689
1690/*************************************************
1691* Get valid header address *
1692*************************************************/
1693
1694/* Scan the originator headers of the message, looking for an address that
1695verifies successfully. RFC 822 says:
1696
1697 o The "Sender" field mailbox should be sent notices of
1698 any problems in transport or delivery of the original
1699 messages. If there is no "Sender" field, then the
1700 "From" field mailbox should be used.
1701
1702 o If the "Reply-To" field exists, then the reply should
1703 go to the addresses indicated in that field and not to
1704 the address(es) indicated in the "From" field.
1705
1706So we check a Sender field if there is one, else a Reply_to field, else a From
1707field. As some strange messages may have more than one of these fields,
1708especially if they are resent- fields, check all of them if there is more than
1709one.
1710
1711Arguments:
1712 user_msgptr points to where to put a user error message
1713 log_msgptr points to where to put a log error message
1714 callout timeout for callout check (passed to verify_address())
1715 callout_overall overall callout timeout (ditto)
8e669ac1 1716 callout_connect connect callout timeout (ditto)
059ec3d9
PH
1717 se_mailfrom mailfrom for verify; NULL => ""
1718 pm_mailfrom sender for pm callout check (passed to verify_address())
1719 options callout options (passed to verify_address())
8e669ac1 1720 verrno where to put the address basic_errno
059ec3d9
PH
1721
1722If log_msgptr is set to something without setting user_msgptr, the caller
1723normally uses log_msgptr for both things.
1724
1725Returns: result of the verification attempt: OK, FAIL, or DEFER;
1726 FAIL is given if no appropriate headers are found
1727*/
1728
1729int
1730verify_check_header_address(uschar **user_msgptr, uschar **log_msgptr,
8e669ac1 1731 int callout, int callout_overall, int callout_connect, uschar *se_mailfrom,
fe5b5d0b 1732 uschar *pm_mailfrom, int options, int *verrno)
059ec3d9
PH
1733{
1734static int header_types[] = { htype_sender, htype_reply_to, htype_from };
1eccaa59 1735BOOL done = FALSE;
059ec3d9
PH
1736int yield = FAIL;
1737int i;
1738
1eccaa59 1739for (i = 0; i < 3 && !done; i++)
059ec3d9
PH
1740 {
1741 header_line *h;
1eccaa59 1742 for (h = header_list; h != NULL && !done; h = h->next)
059ec3d9
PH
1743 {
1744 int terminator, new_ok;
1745 uschar *s, *ss, *endname;
1746
1747 if (h->type != header_types[i]) continue;
1748 s = endname = Ustrchr(h->text, ':') + 1;
1749
1eccaa59
PH
1750 /* Scan the addresses in the header, enabling group syntax. Note that we
1751 have to reset this after the header has been scanned. */
1752
1753 parse_allow_group = TRUE;
1754
059ec3d9
PH
1755 while (*s != 0)
1756 {
1757 address_item *vaddr;
1758
1759 while (isspace(*s) || *s == ',') s++;
1760 if (*s == 0) break; /* End of header */
1761
1762 ss = parse_find_address_end(s, FALSE);
1763
1764 /* The terminator is a comma or end of header, but there may be white
1765 space preceding it (including newline for the last address). Move back
1766 past any white space so we can check against any cached envelope sender
1767 address verifications. */
1768
1769 while (isspace(ss[-1])) ss--;
1770 terminator = *ss;
1771 *ss = 0;
1772
1773 HDEBUG(D_verify) debug_printf("verifying %.*s header address %s\n",
1774 (int)(endname - h->text), h->text, s);
1775
1776 /* See if we have already verified this address as an envelope sender,
1777 and if so, use the previous answer. */
1778
1779 vaddr = verify_checked_sender(s);
1780
1781 if (vaddr != NULL && /* Previously checked */
1782 (callout <= 0 || /* No callout needed; OR */
1783 vaddr->special_action > 256)) /* Callout was done */
1784 {
1785 new_ok = vaddr->special_action & 255;
1786 HDEBUG(D_verify) debug_printf("previously checked as envelope sender\n");
1787 *ss = terminator; /* Restore shortened string */
1788 }
1789
1790 /* Otherwise we run the verification now. We must restore the shortened
1791 string before running the verification, so the headers are correct, in
1792 case there is any rewriting. */
1793
1794 else
1795 {
1796 int start, end, domain;
1eccaa59
PH
1797 uschar *address = parse_extract_address(s, log_msgptr, &start, &end,
1798 &domain, FALSE);
059ec3d9
PH
1799
1800 *ss = terminator;
1801
1eccaa59
PH
1802 /* If we found an empty address, just carry on with the next one, but
1803 kill the message. */
1804
1805 if (address == NULL && Ustrcmp(*log_msgptr, "empty address") == 0)
1806 {
1807 *log_msgptr = NULL;
1808 s = ss;
1809 continue;
1810 }
1811
059ec3d9
PH
1812 /* If verification failed because of a syntax error, fail this
1813 function, and ensure that the failing address gets added to the error
1814 message. */
1815
1816 if (address == NULL)
1817 {
1818 new_ok = FAIL;
1eccaa59
PH
1819 while (ss > s && isspace(ss[-1])) ss--;
1820 *log_msgptr = string_sprintf("syntax error in '%.*s' header when "
1821 "scanning for sender: %s in \"%.*s\"",
1822 endname - h->text, h->text, *log_msgptr, ss - s, s);
1823 yield = FAIL;
1824 done = TRUE;
1825 break;
059ec3d9
PH
1826 }
1827
2f6603e1 1828 /* Else go ahead with the sender verification. But it isn't *the*
059ec3d9
PH
1829 sender of the message, so set vopt_fake_sender to stop sender_address
1830 being replaced after rewriting or qualification. */
1831
1832 else
1833 {
1834 vaddr = deliver_make_addr(address, FALSE);
1835 new_ok = verify_address(vaddr, NULL, options | vopt_fake_sender,
8e669ac1 1836 callout, callout_overall, callout_connect, se_mailfrom,
4deaf07d 1837 pm_mailfrom, NULL);
059ec3d9
PH
1838 }
1839 }
1840
1841 /* We now have the result, either newly found, or cached. If we are
1842 giving out error details, set a specific user error. This means that the
1843 last of these will be returned to the user if all three fail. We do not
1844 set a log message - the generic one below will be used. */
1845
fe5b5d0b 1846 if (new_ok != OK)
059ec3d9 1847 {
8e669ac1 1848 *verrno = vaddr->basic_errno;
fe5b5d0b
PH
1849 if (smtp_return_error_details)
1850 {
1851 *user_msgptr = string_sprintf("Rejected after DATA: "
1852 "could not verify \"%.*s\" header address\n%s: %s",
1853 endname - h->text, h->text, vaddr->address, vaddr->message);
1854 }
8e669ac1 1855 }
059ec3d9
PH
1856
1857 /* Success or defer */
1858
1eccaa59
PH
1859 if (new_ok == OK)
1860 {
1861 yield = OK;
1862 done = TRUE;
1863 break;
1864 }
1865
059ec3d9
PH
1866 if (new_ok == DEFER) yield = DEFER;
1867
1868 /* Move on to any more addresses in the header */
1869
1870 s = ss;
1eccaa59
PH
1871 } /* Next address */
1872
1873 parse_allow_group = FALSE;
1874 parse_found_group = FALSE;
1875 } /* Next header, unless done */
1876 } /* Next header type unless done */
059ec3d9
PH
1877
1878if (yield == FAIL && *log_msgptr == NULL)
1879 *log_msgptr = US"there is no valid sender in any header line";
1880
1881if (yield == DEFER && *log_msgptr == NULL)
1882 *log_msgptr = US"all attempts to verify a sender in a header line deferred";
1883
1884return yield;
1885}
1886
1887
1888
1889
1890/*************************************************
1891* Get RFC 1413 identification *
1892*************************************************/
1893
1894/* Attempt to get an id from the sending machine via the RFC 1413 protocol. If
1895the timeout is set to zero, then the query is not done. There may also be lists
1896of hosts and nets which are exempt. To guard against malefactors sending
1897non-printing characters which could, for example, disrupt a message's headers,
1898make sure the string consists of printing characters only.
1899
1900Argument:
1901 port the port to connect to; usually this is IDENT_PORT (113), but when
1902 running in the test harness with -bh a different value is used.
1903
1904Returns: nothing
1905
1906Side effect: any received ident value is put in sender_ident (NULL otherwise)
1907*/
1908
1909void
1910verify_get_ident(int port)
1911{
1912int sock, host_af, qlen;
1913int received_sender_port, received_interface_port, n;
1914uschar *p;
1915uschar buffer[2048];
1916
1917/* Default is no ident. Check whether we want to do an ident check for this
1918host. */
1919
1920sender_ident = NULL;
1921if (rfc1413_query_timeout <= 0 || verify_check_host(&rfc1413_hosts) != OK)
1922 return;
1923
1924DEBUG(D_ident) debug_printf("doing ident callback\n");
1925
1926/* Set up a connection to the ident port of the remote host. Bind the local end
1927to the incoming interface address. If the sender host address is an IPv6
1928address, the incoming interface address will also be IPv6. */
1929
1930host_af = (Ustrchr(sender_host_address, ':') == NULL)? AF_INET : AF_INET6;
1931sock = ip_socket(SOCK_STREAM, host_af);
1932if (sock < 0) return;
1933
1934if (ip_bind(sock, host_af, interface_address, 0) < 0)
1935 {
1936 DEBUG(D_ident) debug_printf("bind socket for ident failed: %s\n",
1937 strerror(errno));
1938 goto END_OFF;
1939 }
1940
1941if (ip_connect(sock, host_af, sender_host_address, port, rfc1413_query_timeout)
1942 < 0)
1943 {
1944 if (errno == ETIMEDOUT && (log_extra_selector & LX_ident_timeout) != 0)
1945 {
1946 log_write(0, LOG_MAIN, "ident connection to %s timed out",
1947 sender_host_address);
1948 }
1949 else
1950 {
1951 DEBUG(D_ident) debug_printf("ident connection to %s failed: %s\n",
1952 sender_host_address, strerror(errno));
1953 }
1954 goto END_OFF;
1955 }
1956
1957/* Construct and send the query. */
1958
1959sprintf(CS buffer, "%d , %d\r\n", sender_host_port, interface_port);
1960qlen = Ustrlen(buffer);
1961if (send(sock, buffer, qlen, 0) < 0)
1962 {
1963 DEBUG(D_ident) debug_printf("ident send failed: %s\n", strerror(errno));
1964 goto END_OFF;
1965 }
1966
1967/* Read a response line. We put it into the rest of the buffer, using several
1968recv() calls if necessary. */
1969
1970p = buffer + qlen;
1971
1972for (;;)
1973 {
1974 uschar *pp;
1975 int count;
1976 int size = sizeof(buffer) - (p - buffer);
1977
1978 if (size <= 0) goto END_OFF; /* Buffer filled without seeing \n. */
1979 count = ip_recv(sock, p, size, rfc1413_query_timeout);
1980 if (count <= 0) goto END_OFF; /* Read error or EOF */
1981
1982 /* Scan what we just read, to see if we have reached the terminating \r\n. Be
1983 generous, and accept a plain \n terminator as well. The only illegal
1984 character is 0. */
1985
1986 for (pp = p; pp < p + count; pp++)
1987 {
1988 if (*pp == 0) goto END_OFF; /* Zero octet not allowed */
1989 if (*pp == '\n')
1990 {
1991 if (pp[-1] == '\r') pp--;
1992 *pp = 0;
1993 goto GOT_DATA; /* Break out of both loops */
1994 }
1995 }
1996
1997 /* Reached the end of the data without finding \n. Let the loop continue to
1998 read some more, if there is room. */
1999
2000 p = pp;
2001 }
2002
2003GOT_DATA:
2004
2005/* We have received a line of data. Check it carefully. It must start with the
2006same two port numbers that we sent, followed by data as defined by the RFC. For
2007example,
2008
2009 12345 , 25 : USERID : UNIX :root
2010
2011However, the amount of white space may be different to what we sent. In the
2012"osname" field there may be several sub-fields, comma separated. The data we
2013actually want to save follows the third colon. Some systems put leading spaces
2014in it - we discard those. */
2015
2016if (sscanf(CS buffer + qlen, "%d , %d%n", &received_sender_port,
2017 &received_interface_port, &n) != 2 ||
2018 received_sender_port != sender_host_port ||
2019 received_interface_port != interface_port)
2020 goto END_OFF;
2021
2022p = buffer + qlen + n;
2023while(isspace(*p)) p++;
2024if (*p++ != ':') goto END_OFF;
2025while(isspace(*p)) p++;
2026if (Ustrncmp(p, "USERID", 6) != 0) goto END_OFF;
2027p += 6;
2028while(isspace(*p)) p++;
2029if (*p++ != ':') goto END_OFF;
2030while (*p != 0 && *p != ':') p++;
2031if (*p++ == 0) goto END_OFF;
2032while(isspace(*p)) p++;
2033if (*p == 0) goto END_OFF;
2034
2035/* The rest of the line is the data we want. We turn it into printing
2036characters when we save it, so that it cannot mess up the format of any logging
2037or Received: lines into which it gets inserted. We keep a maximum of 127
2038characters. */
2039
2040sender_ident = string_printing(string_copyn(p, 127));
2041DEBUG(D_ident) debug_printf("sender_ident = %s\n", sender_ident);
2042
2043END_OFF:
f1e894f3 2044(void)close(sock);
059ec3d9
PH
2045return;
2046}
2047
2048
2049
2050
2051/*************************************************
2052* Match host to a single host-list item *
2053*************************************************/
2054
2055/* This function compares a host (name or address) against a single item
2056from a host list. The host name gets looked up if it is needed and is not
2057already known. The function is called from verify_check_this_host() via
2058match_check_list(), which is why most of its arguments are in a single block.
2059
2060Arguments:
2061 arg the argument block (see below)
2062 ss the host-list item
2063 valueptr where to pass back looked up data, or NULL
2064 error for error message when returning ERROR
2065
2066The block contains:
32d668a5
PH
2067 host_name (a) the host name, or
2068 (b) NULL, implying use sender_host_name and
2069 sender_host_aliases, looking them up if required, or
2070 (c) the empty string, meaning that only IP address matches
2071 are permitted
059ec3d9
PH
2072 host_address the host address
2073 host_ipv4 the IPv4 address taken from an IPv6 one
2074
2075Returns: OK matched
2076 FAIL did not match
2077 DEFER lookup deferred
32d668a5
PH
2078 ERROR (a) failed to find the host name or IP address, or
2079 (b) unknown lookup type specified, or
2080 (c) host name encountered when only IP addresses are
2081 being matched
059ec3d9
PH
2082*/
2083
32d668a5 2084int
059ec3d9
PH
2085check_host(void *arg, uschar *ss, uschar **valueptr, uschar **error)
2086{
2087check_host_block *cb = (check_host_block *)arg;
32d668a5 2088int mlen = -1;
059ec3d9 2089int maskoffset;
32d668a5 2090BOOL iplookup = FALSE;
059ec3d9 2091BOOL isquery = FALSE;
32d668a5 2092BOOL isiponly = cb->host_name != NULL && cb->host_name[0] == 0;
1688f43b 2093uschar *t;
32d668a5 2094uschar *semicolon;
059ec3d9
PH
2095uschar **aliases;
2096
2097/* Optimize for the special case when the pattern is "*". */
2098
2099if (*ss == '*' && ss[1] == 0) return OK;
2100
2101/* If the pattern is empty, it matches only in the case when there is no host -
2102this can occur in ACL checking for SMTP input using the -bs option. In this
2103situation, the host address is the empty string. */
2104
2105if (cb->host_address[0] == 0) return (*ss == 0)? OK : FAIL;
2106if (*ss == 0) return FAIL;
2107
32d668a5
PH
2108/* If the pattern is precisely "@" then match against the primary host name,
2109provided that host name matching is permitted; if it's "@[]" match against the
2110local host's IP addresses. */
059ec3d9
PH
2111
2112if (*ss == '@')
2113 {
32d668a5
PH
2114 if (ss[1] == 0)
2115 {
2116 if (isiponly) return ERROR;
2117 ss = primary_hostname;
2118 }
059ec3d9
PH
2119 else if (Ustrcmp(ss, "@[]") == 0)
2120 {
2121 ip_address_item *ip;
2122 for (ip = host_find_interfaces(); ip != NULL; ip = ip->next)
2123 if (Ustrcmp(ip->address, cb->host_address) == 0) return OK;
2124 return FAIL;
2125 }
2126 }
2127
2128/* If the pattern is an IP address, optionally followed by a bitmask count, do
2129a (possibly masked) comparision with the current IP address. */
2130
7e66e54d 2131if (string_is_ip_address(ss, &maskoffset) != 0)
059ec3d9
PH
2132 return (host_is_in_net(cb->host_address, ss, maskoffset)? OK : FAIL);
2133
1688f43b
PH
2134/* The pattern is not an IP address. A common error that people make is to omit
2135one component of an IPv4 address, either by accident, or believing that, for
2136example, 1.2.3/24 is the same as 1.2.3.0/24, or 1.2.3 is the same as 1.2.3.0,
2137which it isn't. (Those applications that do accept 1.2.3 as an IP address
2138interpret it as 1.2.0.3 because the final component becomes 16-bit - this is an
2139ancient specification.) To aid in debugging these cases, we give a specific
2140error if the pattern contains only digits and dots or contains a slash preceded
2141only by digits and dots (a slash at the start indicates a file name and of
2142course slashes may be present in lookups, but not preceded only by digits and
2143dots). */
2144
2145for (t = ss; isdigit(*t) || *t == '.'; t++);
2146if (*t == 0 || (*t == '/' && t != ss))
2147 {
2148 *error = US"malformed IPv4 address or address mask";
2149 return ERROR;
2150 }
2151
32d668a5 2152/* See if there is a semicolon in the pattern */
059ec3d9 2153
32d668a5
PH
2154semicolon = Ustrchr(ss, ';');
2155
2156/* If we are doing an IP address only match, then all lookups must be IP
df199fec 2157address lookups, even if there is no "net-". */
32d668a5
PH
2158
2159if (isiponly)
059ec3d9 2160 {
32d668a5
PH
2161 iplookup = semicolon != NULL;
2162 }
059ec3d9 2163
32d668a5 2164/* Otherwise, if the item is of the form net[n]-lookup;<file|query> then it is
df199fec
PH
2165a lookup on a masked IP network, in textual form. We obey this code even if we
2166have already set iplookup, so as to skip over the "net-" prefix and to set the
2167mask length. The net- stuff really only applies to single-key lookups where the
2168key is implicit. For query-style lookups the key is specified in the query.
2169From release 4.30, the use of net- for query style is no longer needed, but we
2170retain it for backward compatibility. */
2171
2172if (Ustrncmp(ss, "net", 3) == 0 && semicolon != NULL)
32d668a5
PH
2173 {
2174 mlen = 0;
2175 for (t = ss + 3; isdigit(*t); t++) mlen = mlen * 10 + *t - '0';
2176 if (mlen == 0 && t == ss+3) mlen = -1; /* No mask supplied */
2177 iplookup = (*t++ == '-');
2178 }
1688f43b 2179else t = ss;
059ec3d9 2180
32d668a5 2181/* Do the IP address lookup if that is indeed what we have */
059ec3d9 2182
32d668a5
PH
2183if (iplookup)
2184 {
2185 int insize;
2186 int search_type;
2187 int incoming[4];
2188 void *handle;
2189 uschar *filename, *key, *result;
2190 uschar buffer[64];
059ec3d9 2191
32d668a5 2192 /* Find the search type */
059ec3d9 2193
32d668a5 2194 search_type = search_findtype(t, semicolon - t);
059ec3d9 2195
32d668a5
PH
2196 if (search_type < 0) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s",
2197 search_error_message);
059ec3d9 2198
13b685f9
PH
2199 /* Adjust parameters for the type of lookup. For a query-style lookup, there
2200 is no file name, and the "key" is just the query. For query-style with a file
2201 name, we have to fish the file off the start of the query. For a single-key
2202 lookup, the key is the current IP address, masked appropriately, and
2203 reconverted to text form, with the mask appended. For IPv6 addresses, specify
6a3bceb1
PH
2204 dot separators instead of colons, except when the lookup type is "iplsearch".
2205 */
059ec3d9 2206
13b685f9
PH
2207 if (mac_islookup(search_type, lookup_absfilequery))
2208 {
2209 filename = semicolon + 1;
2210 key = filename;
2211 while (*key != 0 && !isspace(*key)) key++;
2212 filename = string_copyn(filename, key - filename);
2213 while (isspace(*key)) key++;
2214 }
2215 else if (mac_islookup(search_type, lookup_querystyle))
32d668a5
PH
2216 {
2217 filename = NULL;
2218 key = semicolon + 1;
2219 }
6a3bceb1 2220 else /* Single-key style */
32d668a5 2221 {
6a3bceb1
PH
2222 int sep = (Ustrcmp(lookup_list[search_type].name, "iplsearch") == 0)?
2223 ':' : '.';
32d668a5
PH
2224 insize = host_aton(cb->host_address, incoming);
2225 host_mask(insize, incoming, mlen);
6a3bceb1 2226 (void)host_nmtoa(insize, incoming, mlen, buffer, sep);
32d668a5
PH
2227 key = buffer;
2228 filename = semicolon + 1;
059ec3d9 2229 }
32d668a5
PH
2230
2231 /* Now do the actual lookup; note that there is no search_close() because
2232 of the caching arrangements. */
2233
2234 handle = search_open(filename, search_type, 0, NULL, NULL);
2235 if (handle == NULL) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s",
2236 search_error_message);
2237 result = search_find(handle, filename, key, -1, NULL, 0, 0, NULL);
2238 if (valueptr != NULL) *valueptr = result;
2239 return (result != NULL)? OK : search_find_defer? DEFER: FAIL;
059ec3d9
PH
2240 }
2241
2242/* The pattern is not an IP address or network reference of any kind. That is,
32d668a5
PH
2243it is a host name pattern. If this is an IP only match, there's an error in the
2244host list. */
2245
2246if (isiponly)
2247 {
2248 *error = US"cannot match host name in match_ip list";
2249 return ERROR;
2250 }
2251
2252/* Check the characters of the pattern to see if they comprise only letters,
2253digits, full stops, and hyphens (the constituents of domain names). Allow
2254underscores, as they are all too commonly found. Sigh. Also, if
2255allow_utf8_domains is set, allow top-bit characters. */
059ec3d9
PH
2256
2257for (t = ss; *t != 0; t++)
2258 if (!isalnum(*t) && *t != '.' && *t != '-' && *t != '_' &&
2259 (!allow_utf8_domains || *t < 128)) break;
2260
2261/* If the pattern is a complete domain name, with no fancy characters, look up
2262its IP address and match against that. Note that a multi-homed host will add
2263items to the chain. */
2264
2265if (*t == 0)
2266 {
2267 int rc;
2268 host_item h;
2269 h.next = NULL;
2270 h.name = ss;
2271 h.address = NULL;
2272 h.mx = MX_NONE;
9b8fadde 2273
322050c2 2274 rc = host_find_byname(&h, NULL, HOST_FIND_QUALIFY_SINGLE, NULL, FALSE);
059ec3d9
PH
2275 if (rc == HOST_FOUND || rc == HOST_FOUND_LOCAL)
2276 {
2277 host_item *hh;
2278 for (hh = &h; hh != NULL; hh = hh->next)
2279 {
96776534 2280 if (host_is_in_net(hh->address, cb->host_address, 0)) return OK;
059ec3d9
PH
2281 }
2282 return FAIL;
2283 }
2284 if (rc == HOST_FIND_AGAIN) return DEFER;
2285 *error = string_sprintf("failed to find IP address for %s", ss);
2286 return ERROR;
2287 }
2288
2289/* Almost all subsequent comparisons require the host name, and can be done
2290using the general string matching function. When this function is called for
2291outgoing hosts, the name is always given explicitly. If it is NULL, it means we
2292must use sender_host_name and its aliases, looking them up if necessary. */
2293
2294if (cb->host_name != NULL) /* Explicit host name given */
2295 return match_check_string(cb->host_name, ss, -1, TRUE, TRUE, TRUE,
2296 valueptr);
2297
2298/* Host name not given; in principle we need the sender host name and its
2299aliases. However, for query-style lookups, we do not need the name if the
2300query does not contain $sender_host_name. From release 4.23, a reference to
2301$sender_host_name causes it to be looked up, so we don't need to do the lookup
2302on spec. */
2303
2304if ((semicolon = Ustrchr(ss, ';')) != NULL)
2305 {
2306 uschar *affix;
2307 int partial, affixlen, starflags, id;
2308
2309 *semicolon = 0;
2310 id = search_findtype_partial(ss, &partial, &affix, &affixlen, &starflags);
2311 *semicolon=';';
2312
2313 if (id < 0) /* Unknown lookup type */
2314 {
2315 log_write(0, LOG_MAIN|LOG_PANIC, "%s in host list item \"%s\"",
2316 search_error_message, ss);
2317 return DEFER;
2318 }
13b685f9 2319 isquery = mac_islookup(id, lookup_querystyle|lookup_absfilequery);
059ec3d9
PH
2320 }
2321
2322if (isquery)
2323 {
2324 switch(match_check_string(US"", ss, -1, TRUE, TRUE, TRUE, valueptr))
2325 {
2326 case OK: return OK;
2327 case DEFER: return DEFER;
2328 default: return FAIL;
2329 }
2330 }
2331
2332/* Not a query-style lookup; must ensure the host name is present, and then we
2333do a check on the name and all its aliases. */
2334
2335if (sender_host_name == NULL)
2336 {
2337 HDEBUG(D_host_lookup)
2338 debug_printf("sender host name required, to match against %s\n", ss);
2339 if (host_lookup_failed || host_name_lookup() != OK)
2340 {
2341 *error = string_sprintf("failed to find host name for %s",
2342 sender_host_address);;
2343 return ERROR;
2344 }
2345 host_build_sender_fullhost();
2346 }
2347
2348/* Match on the sender host name, using the general matching function */
2349
2350switch(match_check_string(sender_host_name, ss, -1, TRUE, TRUE, TRUE,
2351 valueptr))
2352 {
2353 case OK: return OK;
2354 case DEFER: return DEFER;
2355 }
2356
2357/* If there are aliases, try matching on them. */
2358
2359aliases = sender_host_aliases;
2360while (*aliases != NULL)
2361 {
2362 switch(match_check_string(*aliases++, ss, -1, TRUE, TRUE, TRUE, valueptr))
2363 {
2364 case OK: return OK;
2365 case DEFER: return DEFER;
2366 }
2367 }
2368return FAIL;
2369}
2370
2371
2372
2373
2374/*************************************************
2375* Check a specific host matches a host list *
2376*************************************************/
2377
2378/* This function is passed a host list containing items in a number of
2379different formats and the identity of a host. Its job is to determine whether
2380the given host is in the set of hosts defined by the list. The host name is
2381passed as a pointer so that it can be looked up if needed and not already
2382known. This is commonly the case when called from verify_check_host() to check
2383an incoming connection. When called from elsewhere the host name should usually
2384be set.
2385
2386This function is now just a front end to match_check_list(), which runs common
2387code for scanning a list. We pass it the check_host() function to perform a
2388single test.
2389
2390Arguments:
2391 listptr pointer to the host list
2392 cache_bits pointer to cache for named lists, or NULL
2393 host_name the host name or NULL, implying use sender_host_name and
2394 sender_host_aliases, looking them up if required
2395 host_address the IP address
2396 valueptr if not NULL, data from a lookup is passed back here
2397
2398Returns: OK if the host is in the defined set
2399 FAIL if the host is not in the defined set,
2400 DEFER if a data lookup deferred (not a host lookup)
2401
2402If the host name was needed in order to make a comparison, and could not be
2403determined from the IP address, the result is FAIL unless the item
2404"+allow_unknown" was met earlier in the list, in which case OK is returned. */
2405
2406int
2407verify_check_this_host(uschar **listptr, unsigned int *cache_bits,
2408 uschar *host_name, uschar *host_address, uschar **valueptr)
2409{
d4eb88df 2410int rc;
059ec3d9 2411unsigned int *local_cache_bits = cache_bits;
d4eb88df 2412uschar *save_host_address = deliver_host_address;
059ec3d9
PH
2413check_host_block cb;
2414cb.host_name = host_name;
2415cb.host_address = host_address;
2416
2417if (valueptr != NULL) *valueptr = NULL;
2418
2419/* If the host address starts off ::ffff: it is an IPv6 address in
2420IPv4-compatible mode. Find the IPv4 part for checking against IPv4
2421addresses. */
2422
2423cb.host_ipv4 = (Ustrncmp(host_address, "::ffff:", 7) == 0)?
2424 host_address + 7 : host_address;
2425
8e669ac1
PH
2426/* During the running of the check, put the IP address into $host_address. In
2427the case of calls from the smtp transport, it will already be there. However,
2428in other calls (e.g. when testing ignore_target_hosts), it won't. Just to be on
d4eb88df
PH
2429the safe side, any existing setting is preserved, though as I write this
2430(November 2004) I can't see any cases where it is actually needed. */
2431
2432deliver_host_address = host_address;
2433rc = match_check_list(
2434 listptr, /* the list */
2435 0, /* separator character */
2436 &hostlist_anchor, /* anchor pointer */
2437 &local_cache_bits, /* cache pointer */
2438 check_host, /* function for testing */
2439 &cb, /* argument for function */
2440 MCL_HOST, /* type of check */
8e669ac1 2441 (host_address == sender_host_address)?
d4eb88df
PH
2442 US"host" : host_address, /* text for debugging */
2443 valueptr); /* where to pass back data */
2444deliver_host_address = save_host_address;
8e669ac1 2445return rc;
059ec3d9
PH
2446}
2447
2448
2449
2450
2451/*************************************************
2452* Check the remote host matches a list *
2453*************************************************/
2454
2455/* This is a front end to verify_check_this_host(), created because checking
2456the remote host is a common occurrence. With luck, a good compiler will spot
2457the tail recursion and optimize it. If there's no host address, this is
2458command-line SMTP input - check against an empty string for the address.
2459
2460Arguments:
2461 listptr pointer to the host list
2462
2463Returns: the yield of verify_check_this_host(),
2464 i.e. OK, FAIL, or DEFER
2465*/
2466
2467int
2468verify_check_host(uschar **listptr)
2469{
2470return verify_check_this_host(listptr, sender_host_cache, NULL,
2471 (sender_host_address == NULL)? US"" : sender_host_address, NULL);
2472}
2473
2474
2475
2476
2477
2478/*************************************************
2479* Invert an IP address for a DNS black list *
2480*************************************************/
2481
2482/*
2483Arguments:
2484 buffer where to put the answer
2485 address the address to invert
2486*/
2487
2488static void
2489invert_address(uschar *buffer, uschar *address)
2490{
2491int bin[4];
2492uschar *bptr = buffer;
2493
2494/* If this is an IPv4 address mapped into IPv6 format, adjust the pointer
2495to the IPv4 part only. */
2496
2497if (Ustrncmp(address, "::ffff:", 7) == 0) address += 7;
2498
2499/* Handle IPv4 address: when HAVE_IPV6 is false, the result of host_aton() is
2500always 1. */
2501
2502if (host_aton(address, bin) == 1)
2503 {
2504 int i;
2505 int x = bin[0];
2506 for (i = 0; i < 4; i++)
2507 {
2508 sprintf(CS bptr, "%d.", x & 255);
2509 while (*bptr) bptr++;
2510 x >>= 8;
2511 }
2512 }
2513
2514/* Handle IPv6 address. Actually, as far as I know, there are no IPv6 addresses
2515in any DNS black lists, and the format in which they will be looked up is
2516unknown. This is just a guess. */
2517
2518#if HAVE_IPV6
2519else
2520 {
2521 int i, j;
2522 for (j = 3; j >= 0; j--)
2523 {
2524 int x = bin[j];
2525 for (i = 0; i < 8; i++)
2526 {
2527 sprintf(CS bptr, "%x.", x & 15);
2528 while (*bptr) bptr++;
2529 x >>= 4;
2530 }
2531 }
2532 }
2533#endif
d6f6e0dc
PH
2534
2535/* Remove trailing period -- this is needed so that both arbitrary
2536dnsbl keydomains and inverted addresses may be combined with the
2537same format string, "%s.%s" */
2538
2539*(--bptr) = 0;
059ec3d9
PH
2540}
2541
2542
2543
2544/*************************************************
0bcb2a0e
PH
2545* Perform a single dnsbl lookup *
2546*************************************************/
2547
d6f6e0dc
PH
2548/* This function is called from verify_check_dnsbl() below. It is also called
2549recursively from within itself when domain and domain_txt are different
2550pointers, in order to get the TXT record from the alternate domain.
0bcb2a0e
PH
2551
2552Arguments:
d6f6e0dc
PH
2553 domain the outer dnsbl domain
2554 domain_txt alternate domain to lookup TXT record on success; when the
2555 same domain is to be used, domain_txt == domain (that is,
2556 the pointers must be identical, not just the text)
8e669ac1 2557 keydomain the current keydomain (for debug message)
d6f6e0dc
PH
2558 prepend subdomain to lookup (like keydomain, but
2559 reversed if IP address)
2560 iplist the list of matching IP addresses, or NULL for "any"
8e669ac1 2561 bitmask true if bitmask matching is wanted
431b7361
PH
2562 match_type condition for 'succeed' result
2563 0 => Any RR in iplist (=)
2564 1 => No RR in iplist (!=)
2565 2 => All RRs in iplist (==)
2566 3 => Some RRs not in iplist (!==)
2567 the two bits are defined as MT_NOT and MT_ALL
8e669ac1 2568 defer_return what to return for a defer
0bcb2a0e
PH
2569
2570Returns: OK if lookup succeeded
2571 FAIL if not
2572*/
2573
2574static int
d6f6e0dc 2575one_check_dnsbl(uschar *domain, uschar *domain_txt, uschar *keydomain,
431b7361 2576 uschar *prepend, uschar *iplist, BOOL bitmask, int match_type,
d6f6e0dc 2577 int defer_return)
8e669ac1 2578{
0bcb2a0e
PH
2579dns_answer dnsa;
2580dns_scan dnss;
2581tree_node *t;
2582dnsbl_cache_block *cb;
2583int old_pool = store_pool;
d6f6e0dc
PH
2584uschar query[256]; /* DNS domain max length */
2585
2586/* Construct the specific query domainname */
2587
2588if (!string_format(query, sizeof(query), "%s.%s", prepend, domain))
2589 {
2590 log_write(0, LOG_MAIN|LOG_PANIC, "dnslist query is too long "
2591 "(ignored): %s...", query);
2592 return FAIL;
2593 }
0bcb2a0e
PH
2594
2595/* Look for this query in the cache. */
2596
2597t = tree_search(dnsbl_cache, query);
2598
2599/* If not cached from a previous lookup, we must do a DNS lookup, and
2600cache the result in permanent memory. */
2601
2602if (t == NULL)
2603 {
2604 store_pool = POOL_PERM;
2605
2606 /* Set up a tree entry to cache the lookup */
2607
2608 t = store_get(sizeof(tree_node) + Ustrlen(query));
2609 Ustrcpy(t->name, query);
2610 t->data.ptr = cb = store_get(sizeof(dnsbl_cache_block));
2611 (void)tree_insertnode(&dnsbl_cache, t);
2612
2613 /* Do the DNS loopup . */
2614
2615 HDEBUG(D_dnsbl) debug_printf("new DNS lookup for %s\n", query);
2616 cb->rc = dns_basic_lookup(&dnsa, query, T_A);
2617 cb->text_set = FALSE;
2618 cb->text = NULL;
2619 cb->rhs = NULL;
2620
2621 /* If the lookup succeeded, cache the RHS address. The code allows for
2622 more than one address - this was for complete generality and the possible
2623 use of A6 records. However, A6 records have been reduced to experimental
2624 status (August 2001) and may die out. So they may never get used at all,
2625 let alone in dnsbl records. However, leave the code here, just in case.
2626
2627 Quite apart from one A6 RR generating multiple addresses, there are DNS
2628 lists that return more than one A record, so we must handle multiple
2629 addresses generated in that way as well. */
2630
2631 if (cb->rc == DNS_SUCCEED)
2632 {
2633 dns_record *rr;
2634 dns_address **addrp = &(cb->rhs);
2635 for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);
2636 rr != NULL;
2637 rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT))
2638 {
2639 if (rr->type == T_A)
2640 {
2641 dns_address *da = dns_address_from_rr(&dnsa, rr);
2642 if (da != NULL)
2643 {
2644 *addrp = da;
2645 while (da->next != NULL) da = da->next;
2646 addrp = &(da->next);
2647 }
2648 }
2649 }
2650
2651 /* If we didn't find any A records, change the return code. This can
2652 happen when there is a CNAME record but there are no A records for what
2653 it points to. */
2654
2655 if (cb->rhs == NULL) cb->rc = DNS_NODATA;
2656 }
2657
2658 store_pool = old_pool;
2659 }
2660
2661/* Previous lookup was cached */
2662
2663else
2664 {
2665 HDEBUG(D_dnsbl) debug_printf("using result of previous DNS lookup\n");
2666 cb = t->data.ptr;
2667 }
2668
2669/* We now have the result of the DNS lookup, either newly done, or cached
2670from a previous call. If the lookup succeeded, check against the address
2671list if there is one. This may be a positive equality list (introduced by
2672"="), a negative equality list (introduced by "!="), a positive bitmask
2673list (introduced by "&"), or a negative bitmask list (introduced by "!&").*/
2674
2675if (cb->rc == DNS_SUCCEED)
2676 {
2677 dns_address *da = NULL;
2678 uschar *addlist = cb->rhs->address;
2679
2680 /* For A and AAAA records, there may be multiple addresses from multiple
2681 records. For A6 records (currently not expected to be used) there may be
2682 multiple addresses from a single record. */
2683
2684 for (da = cb->rhs->next; da != NULL; da = da->next)
2685 addlist = string_sprintf("%s, %s", addlist, da->address);
2686
2687 HDEBUG(D_dnsbl) debug_printf("DNS lookup for %s succeeded (yielding %s)\n",
2688 query, addlist);
2689
2690 /* Address list check; this can be either for equality, or via a bitmask.
2691 In the latter case, all the bits must match. */
2692
2693 if (iplist != NULL)
2694 {
431b7361 2695 for (da = cb->rhs; da != NULL; da = da->next)
0bcb2a0e 2696 {
431b7361
PH
2697 int ipsep = ',';
2698 uschar ip[46];
2699 uschar *ptr = iplist;
2700 uschar *res;
2701
0bcb2a0e 2702 /* Handle exact matching */
431b7361 2703
0bcb2a0e
PH
2704 if (!bitmask)
2705 {
431b7361 2706 while ((res = string_nextinlist(&ptr, &ipsep, ip, sizeof(ip))) != NULL)
0bcb2a0e
PH
2707 {
2708 if (Ustrcmp(CS da->address, ip) == 0) break;
2709 }
2710 }
431b7361 2711
0bcb2a0e 2712 /* Handle bitmask matching */
431b7361 2713
0bcb2a0e
PH
2714 else
2715 {
2716 int address[4];
2717 int mask = 0;
2718
2719 /* At present, all known DNS blocking lists use A records, with
2720 IPv4 addresses on the RHS encoding the information they return. I
2721 wonder if this will linger on as the last vestige of IPv4 when IPv6
2722 is ubiquitous? Anyway, for now we use paranoia code to completely
2723 ignore IPv6 addresses. The default mask is 0, which always matches.
2724 We change this only for IPv4 addresses in the list. */
2725
431b7361 2726 if (host_aton(da->address, address) == 1) mask = address[0];
0bcb2a0e
PH
2727
2728 /* Scan the returned addresses, skipping any that are IPv6 */
2729
431b7361 2730 while ((res = string_nextinlist(&ptr, &ipsep, ip, sizeof(ip))) != NULL)
0bcb2a0e 2731 {
431b7361
PH
2732 if (host_aton(ip, address) != 1) continue;
2733 if ((address[0] & mask) == address[0]) break;
0bcb2a0e
PH
2734 }
2735 }
2736
431b7361
PH
2737 /* If either
2738
2739 (a) An IP address in an any ('=') list matched, or
2740 (b) No IP address in an all ('==') list matched
0bcb2a0e 2741
431b7361
PH
2742 then we're done searching. */
2743
2744 if (((match_type & MT_ALL) != 0) == (res == NULL)) break;
0bcb2a0e
PH
2745 }
2746
431b7361 2747 /* If da == NULL, either
0bcb2a0e 2748
431b7361
PH
2749 (a) No IP address in an any ('=') list matched, or
2750 (b) An IP address in an all ('==') list didn't match
0bcb2a0e 2751
431b7361
PH
2752 so behave as if the DNSBL lookup had not succeeded, i.e. the host is not on
2753 the list. */
0bcb2a0e 2754
431b7361 2755 if ((match_type == MT_NOT || match_type == MT_ALL) != (da == NULL))
0bcb2a0e
PH
2756 {
2757 HDEBUG(D_dnsbl)
2758 {
431b7361
PH
2759 uschar *res = NULL;
2760 switch(match_type)
2761 {
2762 case 0:
2763 res = US"was no match";
2764 break;
2765 case MT_NOT:
2766 res = US"was an exclude match";
2767 break;
2768 case MT_ALL:
2769 res = US"was an IP address that did not match";
2770 break;
2771 case MT_NOT|MT_ALL:
2772 res = US"were no IP addresses that did not match";
2773 break;
2774 }
0bcb2a0e 2775 debug_printf("=> but we are not accepting this block class because\n");
431b7361
PH
2776 debug_printf("=> there %s for %s%c%s\n",
2777 res,
2778 ((match_type & MT_ALL) == 0)? "" : "=",
2779 bitmask? '&' : '=', iplist);
0bcb2a0e 2780 }
8e669ac1 2781 return FAIL;
0bcb2a0e
PH
2782 }
2783 }
2784
d6f6e0dc
PH
2785 /* Either there was no IP list, or the record matched, implying that the
2786 domain is on the list. We now want to find a corresponding TXT record. If an
2787 alternate domain is specified for the TXT record, call this function
2788 recursively to look that up; this has the side effect of re-checking that
2789 there is indeed an A record at the alternate domain. */
2790
2791 if (domain_txt != domain)
2792 return one_check_dnsbl(domain_txt, domain_txt, keydomain, prepend, NULL,
431b7361 2793 FALSE, match_type, defer_return);
d6f6e0dc
PH
2794
2795 /* If there is no alternate domain, look up a TXT record in the main domain
2796 if it has not previously been cached. */
0bcb2a0e
PH
2797
2798 if (!cb->text_set)
2799 {
2800 cb->text_set = TRUE;
2801 if (dns_basic_lookup(&dnsa, query, T_TXT) == DNS_SUCCEED)
2802 {
2803 dns_record *rr;
2804 for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);
2805 rr != NULL;
2806 rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT))
2807 if (rr->type == T_TXT) break;
2808 if (rr != NULL)
2809 {
2810 int len = (rr->data)[0];
2811 if (len > 511) len = 127;
2812 store_pool = POOL_PERM;
2813 cb->text = string_sprintf("%.*s", len, (const uschar *)(rr->data+1));
2814 store_pool = old_pool;
2815 }
2816 }
2817 }
2818
2819 dnslist_value = addlist;
2820 dnslist_text = cb->text;
2821 return OK;
2822 }
2823
2824/* There was a problem with the DNS lookup */
2825
2826if (cb->rc != DNS_NOMATCH && cb->rc != DNS_NODATA)
2827 {
2828 log_write(L_dnslist_defer, LOG_MAIN,
2829 "DNS list lookup defer (probably timeout) for %s: %s", query,
2830 (defer_return == OK)? US"assumed in list" :
2831 (defer_return == FAIL)? US"assumed not in list" :
2832 US"returned DEFER");
2833 return defer_return;
2834 }
2835
2836/* No entry was found in the DNS; continue for next domain */
2837
2838HDEBUG(D_dnsbl)
2839 {
2840 debug_printf("DNS lookup for %s failed\n", query);
2841 debug_printf("=> that means %s is not listed at %s\n",
2842 keydomain, domain);
2843 }
2844
2845return FAIL;
2846}
2847
2848
2849
2850
2851/*************************************************
059ec3d9
PH
2852* Check host against DNS black lists *
2853*************************************************/
2854
2855/* This function runs checks against a list of DNS black lists, until one
2856matches. Each item on the list can be of the form
2857
2858 domain=ip-address/key
2859
2860The domain is the right-most domain that is used for the query, for example,
2861blackholes.mail-abuse.org. If the IP address is present, there is a match only
2862if the DNS lookup returns a matching IP address. Several addresses may be
2863given, comma-separated, for example: x.y.z=127.0.0.1,127.0.0.2.
2864
2865If no key is given, what is looked up in the domain is the inverted IP address
2866of the current client host. If a key is given, it is used to construct the
d6f6e0dc 2867domain for the lookup. For example:
059ec3d9
PH
2868
2869 dsn.rfc-ignorant.org/$sender_address_domain
2870
2871After finding a match in the DNS, the domain is placed in $dnslist_domain, and
2872then we check for a TXT record for an error message, and if found, save its
2873value in $dnslist_text. We also cache everything in a tree, to optimize
2874multiple lookups.
2875
d6f6e0dc
PH
2876The TXT record is normally looked up in the same domain as the A record, but
2877when many lists are combined in a single DNS domain, this will not be a very
2878specific message. It is possible to specify a different domain for looking up
2879TXT records; this is given before the main domain, comma-separated. For
2880example:
2881
2882 dnslists = http.dnsbl.sorbs.net,dnsbl.sorbs.net=127.0.0.2 : \
2883 socks.dnsbl.sorbs.net,dnsbl.sorbs.net=127.0.0.3
2884
2885The caching ensures that only one lookup in dnsbl.sorbs.net is done.
2886
059ec3d9
PH
2887Note: an address for testing RBL is 192.203.178.39
2888Note: an address for testing DUL is 192.203.178.4
2889Note: a domain for testing RFCI is example.tld.dsn.rfc-ignorant.org
2890
2891Arguments:
2892 listptr the domain/address/data list
2893
2894Returns: OK successful lookup (i.e. the address is on the list), or
2895 lookup deferred after +include_unknown
2896 FAIL name not found, or no data found for the given type, or
2897 lookup deferred after +exclude_unknown (default)
2898 DEFER lookup failure, if +defer_unknown was set
2899*/
2900
2901int
2902verify_check_dnsbl(uschar **listptr)
2903{
2904int sep = 0;
2905int defer_return = FAIL;
059ec3d9
PH
2906uschar *list = *listptr;
2907uschar *domain;
2908uschar *s;
2909uschar buffer[1024];
059ec3d9
PH
2910uschar revadd[128]; /* Long enough for IPv6 address */
2911
2912/* Indicate that the inverted IP address is not yet set up */
2913
2914revadd[0] = 0;
2915
0bcb2a0e
PH
2916/* In case this is the first time the DNS resolver is being used. */
2917
2918dns_init(FALSE, FALSE);
2919
059ec3d9
PH
2920/* Loop through all the domains supplied, until something matches */
2921
2922while ((domain = string_nextinlist(&list, &sep, buffer, sizeof(buffer))) != NULL)
2923 {
0bcb2a0e 2924 int rc;
059ec3d9 2925 BOOL bitmask = FALSE;
431b7361 2926 int match_type = 0;
d6f6e0dc
PH
2927 uschar *domain_txt;
2928 uschar *comma;
059ec3d9
PH
2929 uschar *iplist;
2930 uschar *key;
059ec3d9
PH
2931
2932 HDEBUG(D_dnsbl) debug_printf("DNS list check: %s\n", domain);
2933
2934 /* Deal with special values that change the behaviour on defer */
2935
2936 if (domain[0] == '+')
2937 {
2938 if (strcmpic(domain, US"+include_unknown") == 0) defer_return = OK;
2939 else if (strcmpic(domain, US"+exclude_unknown") == 0) defer_return = FAIL;
2940 else if (strcmpic(domain, US"+defer_unknown") == 0) defer_return = DEFER;
2941 else
2942 log_write(0, LOG_MAIN|LOG_PANIC, "unknown item in dnslist (ignored): %s",
2943 domain);
2944 continue;
2945 }
2946
2947 /* See if there's explicit data to be looked up */
2948
2949 key = Ustrchr(domain, '/');
2950 if (key != NULL) *key++ = 0;
2951
2952 /* See if there's a list of addresses supplied after the domain name. This is
431b7361
PH
2953 introduced by an = or a & character; if preceded by = we require all matches
2954 and if preceded by ! we invert the result. */
059ec3d9
PH
2955
2956 iplist = Ustrchr(domain, '=');
2957 if (iplist == NULL)
2958 {
2959 bitmask = TRUE;
2960 iplist = Ustrchr(domain, '&');
2961 }
2962
431b7361 2963 if (iplist != NULL) /* Found either = or & */
059ec3d9 2964 {
431b7361 2965 if (iplist > domain && iplist[-1] == '!') /* Handle preceding ! */
059ec3d9 2966 {
431b7361 2967 match_type |= MT_NOT;
059ec3d9
PH
2968 iplist[-1] = 0;
2969 }
431b7361
PH
2970
2971 *iplist++ = 0; /* Terminate domain, move on */
2972
2973 /* If we found = (bitmask == FALSE), check for == or =& */
2974
2975 if (!bitmask && (*iplist == '=' || *iplist == '&'))
2976 {
2977 bitmask = *iplist++ == '&';
2978 match_type |= MT_ALL;
2979 }
059ec3d9
PH
2980 }
2981
d6f6e0dc
PH
2982 /* If there is a comma in the domain, it indicates that a second domain for
2983 looking up TXT records is provided, before the main domain. Otherwise we must
2984 set domain_txt == domain. */
2985
2986 domain_txt = domain;
2987 comma = Ustrchr(domain, ',');
2988 if (comma != NULL)
2989 {
2990 *comma++ = 0;
2991 domain = comma;
2992 }
2993
059ec3d9
PH
2994 /* Check that what we have left is a sensible domain name. There is no reason
2995 why these domains should in fact use the same syntax as hosts and email
2996 domains, but in practice they seem to. However, there is little point in
2997 actually causing an error here, because that would no doubt hold up incoming
2998 mail. Instead, I'll just log it. */
2999
3000 for (s = domain; *s != 0; s++)
3001 {
3002 if (!isalnum(*s) && *s != '-' && *s != '.')
3003 {
3004 log_write(0, LOG_MAIN, "dnslists domain \"%s\" contains "
3005 "strange characters - is this right?", domain);
3006 break;
3007 }
3008 }
3009
d6f6e0dc
PH
3010 /* Check the alternate domain if present */
3011
3012 if (domain_txt != domain) for (s = domain_txt; *s != 0; s++)
3013 {
3014 if (!isalnum(*s) && *s != '-' && *s != '.')
3015 {
3016 log_write(0, LOG_MAIN, "dnslists domain \"%s\" contains "
3017 "strange characters - is this right?", domain_txt);
3018 break;
3019 }
3020 }
3021
8e669ac1 3022 /* If there is no key string, construct the query by adding the domain name
0bcb2a0e 3023 onto the inverted host address, and perform a single DNS lookup. */
8e669ac1 3024
059ec3d9
PH
3025 if (key == NULL)
3026 {
3027 if (sender_host_address == NULL) return FAIL; /* can never match */
3028 if (revadd[0] == 0) invert_address(revadd, sender_host_address);
d6f6e0dc 3029 rc = one_check_dnsbl(domain, domain_txt, sender_host_address, revadd,
431b7361 3030 iplist, bitmask, match_type, defer_return);
0bcb2a0e
PH
3031 if (rc == OK)
3032 {
d6f6e0dc 3033 dnslist_domain = string_copy(domain_txt);
93655c46 3034 dnslist_matched = string_copy(sender_host_address);
8e669ac1 3035 HDEBUG(D_dnsbl) debug_printf("=> that means %s is listed at %s\n",
d6f6e0dc 3036 sender_host_address, dnslist_domain);
0bcb2a0e 3037 }
0bcb2a0e 3038 if (rc != FAIL) return rc; /* OK or DEFER */
059ec3d9 3039 }
8e669ac1
PH
3040
3041 /* If there is a key string, it can be a list of domains or IP addresses to
0bcb2a0e 3042 be concatenated with the main domain. */
8e669ac1 3043
059ec3d9
PH
3044 else
3045 {
0bcb2a0e 3046 int keysep = 0;
8e669ac1
PH
3047 BOOL defer = FALSE;
3048 uschar *keydomain;
0bcb2a0e 3049 uschar keybuffer[256];
d6f6e0dc 3050 uschar keyrevadd[128];
8e669ac1
PH
3051
3052 while ((keydomain = string_nextinlist(&key, &keysep, keybuffer,
0bcb2a0e 3053 sizeof(keybuffer))) != NULL)
8e669ac1 3054 {
d6f6e0dc
PH
3055 uschar *prepend = keydomain;
3056
7e66e54d 3057 if (string_is_ip_address(keydomain, NULL) != 0)
059ec3d9 3058 {
0bcb2a0e 3059 invert_address(keyrevadd, keydomain);
d6f6e0dc 3060 prepend = keyrevadd;
059ec3d9 3061 }
8e669ac1 3062
d6f6e0dc 3063 rc = one_check_dnsbl(domain, domain_txt, keydomain, prepend, iplist,
431b7361 3064 bitmask, match_type, defer_return);
8e669ac1 3065
0bcb2a0e 3066 if (rc == OK)
059ec3d9 3067 {
d6f6e0dc 3068 dnslist_domain = string_copy(domain_txt);
93655c46 3069 dnslist_matched = string_copy(keydomain);
8e669ac1 3070 HDEBUG(D_dnsbl) debug_printf("=> that means %s is listed at %s\n",
d6f6e0dc 3071 keydomain, dnslist_domain);
8e669ac1 3072 return OK;
059ec3d9 3073 }
8e669ac1 3074
c38d6da9
PH
3075 /* If the lookup deferred, remember this fact. We keep trying the rest
3076 of the list to see if we get a useful result, and if we don't, we return
3077 DEFER at the end. */
059ec3d9 3078
c38d6da9 3079 if (rc == DEFER) defer = TRUE;
0bcb2a0e 3080 } /* continue with next keystring domain/address */
c38d6da9
PH
3081
3082 if (defer) return DEFER;
8e669ac1 3083 }
0bcb2a0e 3084 } /* continue with next dnsdb outer domain */
059ec3d9
PH
3085
3086return FAIL;
3087}
3088
3089/* End of verify.c */