projects / exim.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Handle IPv6 addresses with SPF.
[exim.git] / src / src / retry.c
1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4
5 /* Copyright (c) University of Cambridge 1995 - 2009 */
6 /* See the file NOTICE for conditions of use and distribution. */
7
8 /* Functions concerned with retrying unsuccessful deliveries. */
9
10
11 #include "exim.h"
12
13
14
15 /*************************************************
16 * Check the ultimate address timeout *
17 *************************************************/
18
19 /* This function tests whether a message has been on the queue longer than
20 the maximum retry time for a particular host.
21
22 Arguments:
23 host_key the key to look up a host retry rule
24 domain the domain to look up a domain retry rule
25 basic_errno a specific error number, or zero if none
26 more_errno additional data for the error
27 now the time
28
29 Returns: TRUE if the ultimate timeout has been reached
30 */
31
32 static BOOL
33 ultimate_address_timeout(uschar *host_key, uschar *domain, int basic_errno,
34 int more_errno, time_t now)
35 {
36 BOOL address_timeout = TRUE; /* no rule => timed out */
37
38 retry_config *retry =
39 retry_find_config(host_key+2, domain, basic_errno, more_errno);
40
41 if (retry != NULL && retry->rules != NULL)
42 {
43 retry_rule *last_rule;
44 for (last_rule = retry->rules;
45 last_rule->next != NULL;
46 last_rule = last_rule->next);
47 DEBUG(D_transport|D_retry)
48 debug_printf(" received_time=%d diff=%d timeout=%d\n",
49 received_time, (int)(now - received_time), last_rule->timeout);
50 address_timeout = (now - received_time > last_rule->timeout);
51 }
52 else
53 {
54 DEBUG(D_transport|D_retry)
55 debug_printf("no retry rule found: assume timed out\n");
56 }
57
58 return address_timeout;
59 }
60
61
62
63 /*************************************************
64 * Set status of a host+address item *
65 *************************************************/
66
67 /* This function is passed a host_item which contains a host name and an
68 IP address string. Its job is to set the status of the address if it is not
69 already set (indicated by hstatus_unknown). The possible values are:
70
71 hstatus_usable the address is not listed in the unusable tree, and does
72 not have a retry record, OR the time is past the next
73 try time, OR the message has been on the queue for more
74 than the maximum retry time for a failing host
75
76 hstatus_unusable the address is listed in the unusable tree, or does have
77 a retry record, and the time is not yet at the next retry
78 time.
79
80 hstatus_unusable_expired as above, but also the retry time has expired
81 for this address.
82
83 The reason a delivery is permitted when a message has been around for a very
84 long time is to allow the ultimate address timeout to operate after a delivery
85 failure. Otherwise some messages may stick around without being tried for too
86 long.
87
88 If a host retry record is retrieved from the hints database, the time of last
89 trying is filled into the last_try field of the host block. If a host is
90 generally usable, a check is made to see if there is a retry delay on this
91 specific message at this host.
92
93 If a non-standard port is being used, it is added to the retry key.
94
95 Arguments:
96 domain the address domain
97 host pointer to a host item
98 portstring "" for standard port, ":xxxx" for a non-standard port
99 include_ip_address TRUE to include the address in the key - this is
100 usual, but sometimes is not wanted
101 retry_host_key where to put a pointer to the key for the host-specific
102 retry record, if one is read and the host is usable
103 retry_message_key where to put a pointer to the key for the message+host
104 retry record, if one is read and the host is usable
105
106 Returns: TRUE if the host has expired but is usable because
107 its retry time has come
108 */
109
110 BOOL
111 retry_check_address(uschar *domain, host_item *host, uschar *portstring,
112 BOOL include_ip_address, uschar **retry_host_key, uschar **retry_message_key)
113 {
114 BOOL yield = FALSE;
115 time_t now = time(NULL);
116 uschar *host_key, *message_key;
117 open_db dbblock;
118 open_db *dbm_file;
119 tree_node *node;
120 dbdata_retry *host_retry_record, *message_retry_record;
121
122 *retry_host_key = *retry_message_key = NULL;
123
124 DEBUG(D_transport|D_retry) debug_printf("checking status of %s\n", host->name);
125
126 /* Do nothing if status already set; otherwise initialize status as usable. */
127
128 if (host->status != hstatus_unknown) return FALSE;
129 host->status = hstatus_usable;
130
131 /* Generate the host key for the unusable tree and the retry database. Ensure
132 host names are lower cased (that's what %S does). */
133
134 host_key = include_ip_address?
135 string_sprintf("T:%S:%s%s", host->name, host->address, portstring) :
136 string_sprintf("T:%S%s", host->name, portstring);
137
138 /* Generate the message-specific key */
139
140 message_key = string_sprintf("%s:%s", host_key, message_id);
141
142 /* Search the tree of unusable IP addresses. This is filled in when deliveries
143 fail, because the retry database itself is not updated until the end of all
144 deliveries (so as to do it all in one go). The tree records addresses that have
145 become unusable during this delivery process (i.e. those that will get put into
146 the retry database when it is updated). */
147
148 node = tree_search(tree_unusable, host_key);
149 if (node != NULL)
150 {
151 DEBUG(D_transport|D_retry) debug_printf("found in tree of unusables\n");
152 host->status = (node->data.val > 255)?
153 hstatus_unusable_expired : hstatus_unusable;
154 host->why = node->data.val & 255;
155 return FALSE;
156 }
157
158 /* Open the retry database, giving up if there isn't one. Otherwise, search for
159 the retry records, and then close the database again. */
160
161 if ((dbm_file = dbfn_open(US"retry", O_RDONLY, &dbblock, FALSE)) == NULL)
162 {
163 DEBUG(D_deliver|D_retry|D_hints_lookup)
164 debug_printf("no retry data available\n");
165 return FALSE;
166 }
167 host_retry_record = dbfn_read(dbm_file, host_key);
168 message_retry_record = dbfn_read(dbm_file, message_key);
169 dbfn_close(dbm_file);
170
171 /* Ignore the data if it is too old - too long since it was written */
172
173 if (host_retry_record == NULL)
174 {
175 DEBUG(D_transport|D_retry) debug_printf("no host retry record\n");
176 }
177 else if (now - host_retry_record->time_stamp > retry_data_expire)
178 {
179 host_retry_record = NULL;
180 DEBUG(D_transport|D_retry) debug_printf("host retry record too old\n");
181 }
182
183 if (message_retry_record == NULL)
184 {
185 DEBUG(D_transport|D_retry) debug_printf("no message retry record\n");
186 }
187 else if (now - message_retry_record->time_stamp > retry_data_expire)
188 {
189 message_retry_record = NULL;
190 DEBUG(D_transport|D_retry) debug_printf("message retry record too old\n");
191 }
192
193 /* If there's a host-specific retry record, check for reaching the retry
194 time (or forcing). If not, and the host is not expired, check for the message
195 having been around for longer than the maximum retry time for this host or
196 address. Allow the delivery if it has. Otherwise set the appropriate unusable
197 flag and return FALSE. Otherwise arrange to return TRUE if this is an expired
198 host. */
199
200 if (host_retry_record != NULL)
201 {
202 *retry_host_key = host_key;
203
204 /* We have not reached the next try time. Check for the ultimate address
205 timeout if the host has not expired. */
206
207 if (now < host_retry_record->next_try && !deliver_force)
208 {
209 DEBUG(D_transport|D_retry)
210 {
211 debug_printf("host retry time not reached: checking ultimate address "
212 "timeout\n");
213 debug_printf(" now=%d first_failed=%d next_try=%d expired=%d\n",
214 (int)now, (int)host_retry_record->first_failed,
215 (int)host_retry_record->next_try,
216 host_retry_record->expired);
217 }
218
219 if (!host_retry_record->expired &&
220 ultimate_address_timeout(host_key, domain,
221 host_retry_record->basic_errno, host_retry_record->more_errno, now))
222 {
223 DEBUG(D_transport|D_retry)
224 debug_printf("on queue longer than maximum retry for "
225 "address - allowing delivery\n");
226 return FALSE;
227 }
228
229 /* We have not hit the ultimate address timeout; host is unusable. */
230
231 host->status = (host_retry_record->expired)?
232 hstatus_unusable_expired : hstatus_unusable;
233 host->why = hwhy_retry;
234 host->last_try = host_retry_record->last_try;
235 return FALSE;
236 }
237
238 /* Host is usable; set return TRUE if expired. */
239
240 yield = host_retry_record->expired;
241 }
242
243 /* It's OK to try the host. If there's a message-specific retry record, check
244 for reaching its retry time (or forcing). If not, mark the host unusable,
245 unless the ultimate address timeout has been reached. */
246
247 if (message_retry_record != NULL)
248 {
249 *retry_message_key = message_key;
250 if (now < message_retry_record->next_try && !deliver_force)
251 {
252 DEBUG(D_transport|D_retry)
253 {
254 debug_printf("host+message retry time not reached: checking ultimate "
255 "address timeout\n");
256 debug_printf(" now=%d first_failed=%d next_try=%d expired=%d\n",
257 (int)now, (int)message_retry_record->first_failed,
258 (int)message_retry_record->next_try, message_retry_record->expired);
259 }
260 if (!ultimate_address_timeout(host_key, domain, 0, 0, now))
261 {
262 host->status = hstatus_unusable;
263 host->why = hwhy_retry;
264 }
265 else
266 {
267 DEBUG(D_transport|D_retry)
268 debug_printf("on queue longer than maximum retry for "
269 "address - allowing delivery\n");
270 }
271 return FALSE;
272 }
273 }
274
275 return yield;
276 }
277
278
279
280
281 /*************************************************
282 * Add a retry item to an address *
283 *************************************************/
284
285 /* Retry items are chained onto an address when it is deferred either by router
286 or by a transport, or if it succeeds or fails and there was a previous retry
287 item that now needs to be deleted. Sometimes there can be both kinds of item:
288 for example, if routing was deferred but then succeeded, and delivery then
289 deferred. In that case there is a delete item for the routing retry, and an
290 updating item for the delivery.
291
292 (But note that that is only visible at the outer level, because in remote
293 delivery subprocesses, the address starts "clean", with no retry items carried
294 in.)
295
296 These items are used at the end of a delivery attempt to update the retry
297 database. The keys start R: for routing delays and T: for transport delays.
298
299 Arguments:
300 addr the address block onto which to hang the item
301 key the retry key
302 flags delete, host, and message flags, copied into the block
303
304 Returns: nothing
305 */
306
307 void
308 retry_add_item(address_item *addr, uschar *key, int flags)
309 {
310 retry_item *rti = store_get(sizeof(retry_item));
311 rti->next = addr->retries;
312 addr->retries = rti;
313 rti->key = key;
314 rti->basic_errno = addr->basic_errno;
315 rti->more_errno = addr->more_errno;
316 rti->message = addr->message;
317 rti->flags = flags;
318
319 DEBUG(D_transport|D_retry)
320 {
321 int letter = rti->more_errno & 255;
322 debug_printf("added retry item for %s: errno=%d more_errno=", rti->key,
323 rti->basic_errno);
324 if (letter == 'A' || letter == 'M')
325 debug_printf("%d,%c", (rti->more_errno >> 8) & 255, letter);
326 else
327 debug_printf("%d", rti->more_errno);
328 debug_printf(" flags=%d\n", flags);
329 }
330 }
331
332
333
334 /*************************************************
335 * Find retry configuration data *
336 *************************************************/
337
338 /* Search the in-store retry information for the first retry item that applies
339 to a given destination. If the key contains an @ we are probably handling a
340 local delivery and have a complete address to search for; this happens when
341 retry_use_local_part is set on a router. Otherwise, the key is likely to be a
342 host name for a remote delivery, or a domain name for a local delivery. We
343 prepend *@ on the front of it so that it will match a retry item whose address
344 item pattern is independent of the local part. The alternate key, if set, is
345 always just a domain, so we treat it likewise.
346
347 Arguments:
348 key key for which retry info is wanted
349 alternate alternative key, always just a domain
350 basic_errno specific error predicate on the retry rule, or zero
351 more_errno additional data for errno predicate
352
353 Returns: pointer to retry rule, or NULL
354 */
355
356 retry_config *
357 retry_find_config(uschar *key, uschar *alternate, int basic_errno,
358 int more_errno)
359 {
360 int replace = 0;
361 uschar *use_key, *use_alternate;
362 uschar *colon = Ustrchr(key, ':');
363 retry_config *yield;
364
365 /* If there's a colon in the key, there are two possibilities:
366
367 (1) This is a key for a host, ip address, and possibly port, in the format
368
369 hostname:ip+port
370
371 In this case, we temporarily replace the colon with a zero, to terminate
372 the string after the host name.
373
374 (2) This is a key for a pipe, file, or autoreply delivery, in the format
375
376 pipe-or-file-or-auto:x@y
377
378 where x@y is the original address that provoked the delivery. The pipe or
379 file or auto will start with | or / or >, whereas a host name will start
380 with a letter or a digit. In this case we want to use the original address
381 to search for a retry rule. */
382
383 if (colon != NULL)
384 {
385 if (isalnum(*key))
386 replace = ':';
387 else
388 key = Ustrrchr(key, ':') + 1; /* Take from the last colon */
389 }
390
391 if (replace == 0) colon = key + Ustrlen(key);
392 *colon = 0;
393
394 /* Sort out the keys */
395
396 use_key = (Ustrchr(key, '@') != NULL)? key : string_sprintf("*@%s", key);
397 use_alternate = (alternate == NULL)? NULL : string_sprintf("*@%s", alternate);
398
399 /* Scan the configured retry items. */
400
401 for (yield = retries; yield != NULL; yield = yield->next)
402 {
403 uschar *plist = yield->pattern;
404 uschar *slist = yield->senders;
405
406 /* If a specific error is set for this item, check that we are handling that
407 specific error, and if so, check any additional error information if
408 required. */
409
410 if (yield->basic_errno != 0)
411 {
412 /* Special code is required for quota errors, as these can either be system
413 quota errors, or Exim's own quota imposition, which has a different error
414 number. Full partitions are also treated in the same way as quota errors.
415 */
416
417 if (yield->basic_errno == ERRNO_EXIMQUOTA)
418 {
419 if ((basic_errno != ERRNO_EXIMQUOTA && basic_errno != errno_quota &&
420 basic_errno != ENOSPC) ||
421 (yield->more_errno != 0 && yield->more_errno > more_errno))
422 continue;
423 }
424
425 /* The TLSREQUIRED error also covers TLSFAILURE. These are subtly different
426 errors, but not worth separating at this level. */
427
428 else if (yield->basic_errno == ERRNO_TLSREQUIRED)
429 {
430 if (basic_errno != ERRNO_TLSREQUIRED && basic_errno != ERRNO_TLSFAILURE)
431 continue;
432 }
433
434 /* Handle 4xx responses to MAIL, RCPT, or DATA. The code that was received
435 is in the 2nd least significant byte of more_errno (with 400 subtracted).
436 The required value is coded in the 2nd least significant byte of the
437 yield->more_errno field as follows:
438
439 255 => any 4xx code
440 >= 100 => the decade must match the value less 100
441 < 100 => the exact value must match
442 */
443
444 else if (yield->basic_errno == ERRNO_MAIL4XX ||
445 yield->basic_errno == ERRNO_RCPT4XX ||
446 yield->basic_errno == ERRNO_DATA4XX)
447 {
448 int wanted;
449 if (basic_errno != yield->basic_errno) continue;
450 wanted = (yield->more_errno >> 8) & 255;
451 if (wanted != 255)
452 {
453 int evalue = (more_errno >> 8) & 255;
454 if (wanted >= 100)
455 {
456 if ((evalue/10)*10 != wanted - 100) continue;
457 }
458 else if (evalue != wanted) continue;
459 }
460 }
461
462 /* There are some special cases for timeouts */
463
464 else if (yield->basic_errno == ETIMEDOUT)
465 {
466 if (basic_errno != ETIMEDOUT) continue;
467
468 /* Just RTEF_CTOUT in the rule => don't care about 'A'/'M' addresses */
469 if (yield->more_errno == RTEF_CTOUT)
470 {
471 if ((more_errno & RTEF_CTOUT) == 0) continue;
472 }
473
474 else if (yield->more_errno != 0)
475 {
476 int cf_errno = more_errno;
477 if ((yield->more_errno & RTEF_CTOUT) == 0) cf_errno &= ~RTEF_CTOUT;
478 if (yield->more_errno != cf_errno) continue;
479 }
480 }
481
482 /* Default checks for exact match */
483
484 else
485 {
486 if (yield->basic_errno != basic_errno ||
487 (yield->more_errno != 0 && yield->more_errno != more_errno))
488 continue;
489 }
490 }
491
492 /* If the "senders" condition is set, check it. Note that sender_address may
493 be null during -brt checking, in which case we do not use this rule. */
494
495 if (slist != NULL && (sender_address == NULL ||
496 match_address_list(sender_address, TRUE, TRUE, &slist, NULL, -1, 0,
497 NULL) != OK))
498 continue;
499
500 /* Check for a match between the address list item at the start of this retry
501 rule and either the main or alternate keys. */
502
503 if (match_address_list(use_key, TRUE, TRUE, &plist, NULL, -1, UCHAR_MAX+1,
504 NULL) == OK ||
505 (use_alternate != NULL &&
506 match_address_list(use_alternate, TRUE, TRUE, &plist, NULL, -1,
507 UCHAR_MAX+1, NULL) == OK))
508 break;
509 }
510
511 *colon = replace;
512 return yield;
513 }
514
515
516
517
518 /*************************************************
519 * Update retry database *
520 *************************************************/
521
522 /* Update the retry data for any directing/routing/transporting that was
523 deferred, or delete it for those that succeeded after a previous defer. This is
524 done all in one go to minimize opening/closing/locking of the database file.
525
526 Note that, because SMTP delivery involves a list of destinations to try, there
527 may be defer-type retry information for some of them even when the message was
528 successfully delivered. Likewise if it eventually failed.
529
530 This function may move addresses from the defer to the failed queue if the
531 ultimate retry time has expired.
532
533 Arguments:
534 addr_defer queue of deferred addresses
535 addr_failed queue of failed addresses
536 addr_succeed queue of successful addresses
537
538 Returns: nothing
539 */
540
541 void
542 retry_update(address_item **addr_defer, address_item **addr_failed,
543 address_item **addr_succeed)
544 {
545 open_db dbblock;
546 open_db *dbm_file = NULL;
547 time_t now = time(NULL);
548 int i;
549
550 DEBUG(D_retry) debug_printf("Processing retry items\n");
551
552 /* Three-times loop to handle succeeded, failed, and deferred addresses.
553 Deferred addresses must be handled after failed ones, because some may be moved
554 to the failed chain if they have timed out. */
555
556 for (i = 0; i < 3; i++)
557 {
558 address_item *endaddr, *addr;
559 address_item *last_first = NULL;
560 address_item **paddr = (i==0)? addr_succeed :
561 (i==1)? addr_failed : addr_defer;
562 address_item **saved_paddr = NULL;
563
564 DEBUG(D_retry) debug_printf("%s addresses:\n", (i == 0)? "Succeeded" :
565 (i == 1)? "Failed" : "Deferred");
566
567 /* Loop for each address on the chain. For deferred addresses, the whole
568 address times out unless one of its retry addresses has a retry rule that
569 hasn't yet timed out. Deferred addresses should not be requesting deletion
570 of retry items, but just in case they do by accident, treat that case
571 as "not timed out".
572
573 As well as handling the addresses themselves, we must also process any
574 retry items for any parent addresses - these are typically "delete" items,
575 because the parent must have succeeded in order to generate the child. */
576
577 while ((endaddr = *paddr) != NULL)
578 {
579 BOOL timed_out = FALSE;
580 retry_item *rti;
581
582 for (addr = endaddr; addr != NULL; addr = addr->parent)
583 {
584 int update_count = 0;
585 int timedout_count = 0;
586
587 DEBUG(D_retry) debug_printf("%s%s\n", addr->address, (addr->retries == NULL)?
588 ": no retry items" : "");
589
590 /* Loop for each retry item. */
591
592 for (rti = addr->retries; rti != NULL; rti = rti->next)
593 {
594 uschar *message;
595 int message_length, message_space, failing_interval, next_try;
596 retry_rule *rule, *final_rule;
597 retry_config *retry;
598 dbdata_retry *retry_record;
599
600 /* Open the retry database if it is not already open; failure to open
601 the file is logged, but otherwise ignored - deferred addresses will
602 get retried at the next opportunity. Not opening earlier than this saves
603 opening if no addresses have retry items - common when none have yet
604 reached their retry next try time. */
605
606 if (dbm_file == NULL)
607 dbm_file = dbfn_open(US"retry", O_RDWR, &dbblock, TRUE);
608
609 if (dbm_file == NULL)
610 {
611 DEBUG(D_deliver|D_retry|D_hints_lookup)
612 debug_printf("retry database not available for updating\n");
613 return;
614 }
615
616 /* If there are no deferred addresses, that is, if this message is
617 completing, and the retry item is for a message-specific SMTP error,
618 force it to be deleted, because there's no point in keeping data for
619 no-longer-existing messages. This situation can occur when a domain has
620 two hosts and a message-specific error occurs for the first of them,
621 but the address gets delivered to the second one. This optimization
622 doesn't succeed in cleaning out all the dead entries, but it helps. */
623
624 if (*addr_defer == NULL && (rti->flags & rf_message) != 0)
625 rti->flags |= rf_delete;
626
627 /* Handle the case of a request to delete the retry info for this
628 destination. */
629
630 if ((rti->flags & rf_delete) != 0)
631 {
632 (void)dbfn_delete(dbm_file, rti->key);
633 DEBUG(D_retry)
634 debug_printf("deleted retry information for %s\n", rti->key);
635 continue;
636 }
637
638 /* Count the number of non-delete retry items. This is so that we
639 can compare it to the count of timed_out ones, to check whether
640 all are timed out. */
641
642 update_count++;
643
644 /* Get the retry information for this destination and error code, if
645 any. If this item is for a remote host with ip address, then pass
646 the domain name as an alternative to search for. If no retry
647 information is found, we can't generate a retry time, so there is
648 no point updating the database. This retry item is timed out. */
649
650 if ((retry = retry_find_config(rti->key + 2,
651 ((rti->flags & rf_host) != 0)? addr->domain : NULL,
652 rti->basic_errno, rti->more_errno)) == NULL)
653 {
654 DEBUG(D_retry) debug_printf("No configured retry item for %s%s%s\n",
655 rti->key,
656 ((rti->flags & rf_host) != 0)? US" or " : US"",
657 ((rti->flags & rf_host) != 0)? addr->domain : US"");
658 if (addr == endaddr) timedout_count++;
659 continue;
660 }
661
662 DEBUG(D_retry)
663 {
664 if ((rti->flags & rf_host) != 0)
665 debug_printf("retry for %s (%s) = %s %d %d\n", rti->key,
666 addr->domain, retry->pattern, retry->basic_errno,
667 retry->more_errno);
668 else
669 debug_printf("retry for %s = %s %d %d\n", rti->key, retry->pattern,
670 retry->basic_errno, retry->more_errno);
671 }
672
673 /* Set up the message for the database retry record. Because DBM
674 records have a maximum data length, we enforce a limit. There isn't
675 much point in keeping a huge message here, anyway. */
676
677 message = (rti->basic_errno > 0)? US strerror(rti->basic_errno) :
678 (rti->message == NULL)?
679 US"unknown error" : string_printing(rti->message);
680 message_length = Ustrlen(message);
681 if (message_length > 150) message_length = 150;
682
683 /* Read a retry record from the database or construct a new one.
684 Ignore an old one if it is too old since it was last updated. */
685
686 retry_record = dbfn_read(dbm_file, rti->key);
687 if (retry_record != NULL &&
688 now - retry_record->time_stamp > retry_data_expire)
689 retry_record = NULL;
690
691 if (retry_record == NULL)
692 {
693 retry_record = store_get(sizeof(dbdata_retry) + message_length);
694 message_space = message_length;
695 retry_record->first_failed = now;
696 retry_record->last_try = now;
697 retry_record->next_try = now;
698 retry_record->expired = FALSE;
699 retry_record->text[0] = 0; /* just in case */
700 }
701 else message_space = Ustrlen(retry_record->text);
702
703 /* Compute how long this destination has been failing */
704
705 failing_interval = now - retry_record->first_failed;
706 DEBUG(D_retry) debug_printf("failing_interval=%d message_age=%d\n",
707 failing_interval, message_age);
708
709 /* For a non-host error, if the message has been on the queue longer
710 than the recorded time of failure, use the message's age instead. This
711 can happen when some messages can be delivered and others cannot; a
712 successful delivery will reset the first_failed time, and this can lead
713 to a failing message being retried too often. */
714
715 if ((rti->flags & rf_host) == 0 && message_age > failing_interval)
716 failing_interval = message_age;
717
718 /* Search for the current retry rule. The cutoff time of the
719 last rule is handled differently to the others. The rule continues
720 to operate for ever (the global maximum interval will eventually
721 limit the gaps) but its cutoff time determines when an individual
722 destination times out. If there are no retry rules, the destination
723 always times out, but we can't compute a retry time. */
724
725 final_rule = NULL;
726 for (rule = retry->rules; rule != NULL; rule = rule->next)
727 {
728 if (failing_interval <= rule->timeout) break;
729 final_rule = rule;
730 }
731
732 /* If there's an un-timed out rule, the destination has not
733 yet timed out, so the address as a whole has not timed out (but we are
734 interested in this only for the end address). Make sure the expired
735 flag is false (can be forced via fixdb from outside, but ensure it is
736 consistent with the rules whenever we go through here). */
737
738 if (rule != NULL)
739 {
740 retry_record->expired = FALSE;
741 }
742
743 /* Otherwise, set the retry timeout expired, and set the final rule
744 as the one from which to compute the next retry time. Subsequent
745 messages will fail immediately until the retry time is reached (unless
746 there are other, still active, retries). */
747
748 else
749 {
750 rule = final_rule;
751 retry_record->expired = TRUE;
752 if (addr == endaddr) timedout_count++;
753 }
754
755 /* There is a special case to consider when some messages get through
756 to a destination and others don't. This can happen locally when a
757 large message pushes a user over quota, and it can happen remotely
758 when a machine is on a dodgy Internet connection. The messages that
759 get through wipe the retry information, causing those that don't to
760 stay on the queue longer than the final retry time. In order to
761 avoid this, we check, using the time of arrival of the message, to
762 see if it has been on the queue for more than the final cutoff time,
763 and if so, cause this retry item to time out, and the retry time to
764 be set to "now" so that any subsequent messages in the same condition
765 also get tried. We search for the last rule onwards from the one that
766 is in use. If there are no retry rules for the item, rule will be null
767 and timedout_count will already have been updated.
768
769 This implements "timeout this rule if EITHER the host (or routing or
770 directing) has been failing for more than the maximum time, OR if the
771 message has been on the queue for more than the maximum time."
772
773 February 2006: It is possible that this code is no longer needed
774 following the change to the retry calculation to use the message age if
775 it is larger than the time since first failure. It may be that the
776 expired flag is always set when the other conditions are met. However,
777 this is a small bit of code, and it does no harm to leave it in place,
778 just in case. */
779
780 if (received_time <= retry_record->first_failed &&
781 addr == endaddr && !retry_record->expired && rule != NULL)
782 {
783 retry_rule *last_rule;
784 for (last_rule = rule;
785 last_rule->next != NULL;
786 last_rule = last_rule->next);
787 if (now - received_time > last_rule->timeout)
788 {
789 DEBUG(D_retry) debug_printf("on queue longer than maximum retry\n");
790 timedout_count++;
791 rule = NULL;
792 }
793 }
794
795 /* Compute the next try time from the rule, subject to the global
796 maximum, and update the retry database. If rule == NULL it means
797 there were no rules at all (and the timeout will be set expired),
798 or we have a message that is older than the final timeout. In this
799 case set the next retry time to now, so that one delivery attempt
800 happens for subsequent messages. */
801
802 if (rule == NULL) next_try = now; else
803 {
804 if (rule->rule == 'F') next_try = now + rule->p1;
805 else /* rule = 'G' or 'H' */
806 {
807 int last_predicted_gap =
808 retry_record->next_try - retry_record->last_try;
809 int last_actual_gap = now - retry_record->last_try;
810 int lastgap = (last_predicted_gap < last_actual_gap)?
811 last_predicted_gap : last_actual_gap;
812 int next_gap = (lastgap * rule->p2)/1000;
813 if (rule->rule == 'G')
814 {
815 next_try = now + ((lastgap < rule->p1)? rule->p1 : next_gap);
816 }
817 else /* The 'H' rule */
818 {
819 next_try = now + rule->p1;
820 if (next_gap > rule->p1)
821 next_try += random_number(next_gap - rule->p1)/2 +
822 (next_gap - rule->p1)/2;
823 }
824 }
825 }
826
827 /* Impose a global retry max */
828
829 if (next_try - now > retry_interval_max)
830 next_try = now + retry_interval_max;
831
832 /* If the new message length is greater than the previous one, we
833 have to copy the record first. */
834
835 if (message_length > message_space)
836 {
837 dbdata_retry *newr = store_get(sizeof(dbdata_retry) + message_length);
838 memcpy(newr, retry_record, sizeof(dbdata_retry));
839 retry_record = newr;
840 }
841
842 /* Set up the retry record; message_length may be less than the string
843 length for very long error strings. */
844
845 retry_record->last_try = now;
846 retry_record->next_try = next_try;
847 retry_record->basic_errno = rti->basic_errno;
848 retry_record->more_errno = rti->more_errno;
849 Ustrncpy(retry_record->text, message, message_length);
850 retry_record->text[message_length] = 0;
851
852 DEBUG(D_retry)
853 {
854 int letter = retry_record->more_errno & 255;
855 debug_printf("Writing retry data for %s\n", rti->key);
856 debug_printf(" first failed=%d last try=%d next try=%d expired=%d\n",
857 (int)retry_record->first_failed, (int)retry_record->last_try,
858 (int)retry_record->next_try, retry_record->expired);
859 debug_printf(" errno=%d more_errno=", retry_record->basic_errno);
860 if (letter == 'A' || letter == 'M')
861 debug_printf("%d,%c", (retry_record->more_errno >> 8) & 255,
862 letter);
863 else
864 debug_printf("%d", retry_record->more_errno);
865 debug_printf(" %s\n", retry_record->text);
866 }
867
868 (void)dbfn_write(dbm_file, rti->key, retry_record,
869 sizeof(dbdata_retry) + message_length);
870 } /* Loop for each retry item */
871
872 /* If all the non-delete retry items are timed out, the address is
873 timed out, provided that we didn't skip any hosts because their retry
874 time was not reached (or because of hosts_max_try). */
875
876 if (update_count > 0 && update_count == timedout_count)
877 {
878 if (!testflag(endaddr, af_retry_skipped))
879 {
880 DEBUG(D_retry) debug_printf("timed out: all retries expired\n");
881 timed_out = TRUE;
882 }
883 else
884 {
885 DEBUG(D_retry)
886 debug_printf("timed out but some hosts were skipped\n");
887 }
888 }
889 } /* Loop for an address and its parents */
890
891 /* If this is a deferred address, and retry processing was requested by
892 means of one or more retry items, and they all timed out, move the address
893 to the failed queue, and restart this loop without updating paddr.
894
895 If there were several addresses batched in the same remote delivery, only
896 the original top one will have host retry items attached to it, but we want
897 to handle all the same. Each will have a pointer back to its "top" address,
898 and they will now precede the item with the retries because addresses are
899 inverted when added to these final queues. We have saved information about
900 them in passing (below) so they can all be cut out at once. */
901
902 if (i == 2) /* Handling defers */
903 {
904 if (endaddr->retries != NULL && timed_out)
905 {
906 if (last_first == endaddr) paddr = saved_paddr;
907 addr = *paddr;
908 *paddr = endaddr->next;
909
910 endaddr->next = *addr_failed;
911 *addr_failed = addr;
912
913 for (;; addr = addr->next)
914 {
915 setflag(addr, af_retry_timedout);
916 addr->message = (addr->message == NULL)? US"retry timeout exceeded" :
917 string_sprintf("%s: retry timeout exceeded", addr->message);
918 addr->user_message = (addr->user_message == NULL)?
919 US"retry timeout exceeded" :
920 string_sprintf("%s: retry timeout exceeded", addr->user_message);
921 log_write(0, LOG_MAIN, "** %s%s%s%s: retry timeout exceeded",
922 addr->address,
923 (addr->parent == NULL)? US"" : US" <",
924 (addr->parent == NULL)? US"" : addr->parent->address,
925 (addr->parent == NULL)? US"" : US">");
926
927 if (addr == endaddr) break;
928 }
929
930 continue; /* Restart from changed *paddr */
931 }
932
933 /* This address is to remain on the defer chain. If it has a "first"
934 pointer, save the pointer to it in case we want to fail the set of
935 addresses when we get to the first one. */
936
937 if (endaddr->first != last_first)
938 {
939 last_first = endaddr->first;
940 saved_paddr = paddr;
941 }
942 }
943
944 /* All cases (succeed, fail, defer left on queue) */
945
946 paddr = &(endaddr->next); /* Advance to next address */
947 } /* Loop for all addresses */
948 } /* Loop for succeed, fail, defer */
949
950 /* Close and unlock the database */
951
952 if (dbm_file != NULL) dbfn_close(dbm_file);
953
954 DEBUG(D_retry) debug_printf("end of retry processing\n");
955 }
956
957 /* End of retry.c */
Unnamed repository; edit this file 'description' to name the repository.