projects / exim.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Copyright year bumps for substantive changes 2017
[exim.git] / src / src / smtp_out.c
1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4
5 /* Copyright (c) University of Cambridge 1995 - 2017 */
6 /* See the file NOTICE for conditions of use and distribution. */
7
8 /* A number of functions for driving outgoing SMTP calls. */
9
10
11 #include "exim.h"
12 #include "transports/smtp.h"
13
14
15
16 /*************************************************
17 * Find an outgoing interface *
18 *************************************************/
19
20 /* This function is called from the smtp transport and also from the callout
21 code in verify.c. Its job is to expand a string to get a list of interfaces,
22 and choose a suitable one (IPv4 or IPv6) for the outgoing address.
23
24 Arguments:
25 istring string interface setting, may be NULL, meaning "any", in
26 which case the function does nothing
27 host_af AF_INET or AF_INET6 for the outgoing IP address
28 addr the mail address being handled (for setting errors)
29 interface point this to the interface
30 msg to add to any error message
31
32 Returns: TRUE on success, FALSE on failure, with error message
33 set in addr and transport_return set to PANIC
34 */
35
36 BOOL
37 smtp_get_interface(uschar *istring, int host_af, address_item *addr,
38 uschar **interface, uschar *msg)
39 {
40 const uschar * expint;
41 uschar *iface;
42 int sep = 0;
43
44 if (!istring) return TRUE;
45
46 if (!(expint = expand_string(istring)))
47 {
48 if (expand_string_forcedfail) return TRUE;
49 addr->transport_return = PANIC;
50 addr->message = string_sprintf("failed to expand \"interface\" "
51 "option for %s: %s", msg, expand_string_message);
52 return FALSE;
53 }
54
55 while (isspace(*expint)) expint++;
56 if (*expint == 0) return TRUE;
57
58 while ((iface = string_nextinlist(&expint, &sep, big_buffer,
59 big_buffer_size)))
60 {
61 if (string_is_ip_address(iface, NULL) == 0)
62 {
63 addr->transport_return = PANIC;
64 addr->message = string_sprintf("\"%s\" is not a valid IP "
65 "address for the \"interface\" option for %s",
66 iface, msg);
67 return FALSE;
68 }
69
70 if (((Ustrchr(iface, ':') == NULL)? AF_INET:AF_INET6) == host_af)
71 break;
72 }
73
74 if (iface) *interface = string_copy(iface);
75 return TRUE;
76 }
77
78
79
80 /*************************************************
81 * Find an outgoing port *
82 *************************************************/
83
84 /* This function is called from the smtp transport and also from the callout
85 code in verify.c. Its job is to find a port number. Note that getservbyname()
86 produces the number in network byte order.
87
88 Arguments:
89 rstring raw (unexpanded) string representation of the port
90 addr the mail address being handled (for setting errors)
91 port stick the port in here
92 msg for adding to error message
93
94 Returns: TRUE on success, FALSE on failure, with error message set
95 in addr, and transport_return set to PANIC
96 */
97
98 BOOL
99 smtp_get_port(uschar *rstring, address_item *addr, int *port, uschar *msg)
100 {
101 uschar *pstring = expand_string(rstring);
102
103 if (!pstring)
104 {
105 addr->transport_return = PANIC;
106 addr->message = string_sprintf("failed to expand \"%s\" (\"port\" option) "
107 "for %s: %s", rstring, msg, expand_string_message);
108 return FALSE;
109 }
110
111 if (isdigit(*pstring))
112 {
113 uschar *end;
114 *port = Ustrtol(pstring, &end, 0);
115 if (end != pstring + Ustrlen(pstring))
116 {
117 addr->transport_return = PANIC;
118 addr->message = string_sprintf("invalid port number for %s: %s", msg,
119 pstring);
120 return FALSE;
121 }
122 }
123
124 else
125 {
126 struct servent *smtp_service = getservbyname(CS pstring, "tcp");
127 if (!smtp_service)
128 {
129 addr->transport_return = PANIC;
130 addr->message = string_sprintf("TCP port \"%s\" is not defined for %s",
131 pstring, msg);
132 return FALSE;
133 }
134 *port = ntohs(smtp_service->s_port);
135 }
136
137 return TRUE;
138 }
139
140
141
142
143 #ifdef TCP_FASTOPEN
144 static void
145 tfo_out_check(int sock)
146 {
147 # if defined(TCP_INFO) && defined(EXIM_HAVE_TCPI_UNACKED)
148 struct tcp_info tinfo;
149 socklen_t len = sizeof(tinfo);
150
151 if (getsockopt(sock, IPPROTO_TCP, TCP_INFO, &tinfo, &len) == 0)
152 {
153 switch (tcp_out_fastopen)
154 {
155 /* This is a somewhat dubious detection method; totally undocumented so likely
156 to fail in future kernels. There seems to be no documented way. What we really
157 want to know is if the server sent smtp-banner data before our ACK of his SYN,ACK
158 hit him. What this (possibly?) detects is whether we sent a TFO cookie with our
159 SYN, as distinct from a TFO request. This gets a false-positive when the server
160 key is rotated; we send the old one (which this test sees) but the server returns
161 the new one and does not send its SMTP banner before we ACK his SYN,ACK.
162 To force that rotation case:
163 '# echo -n "00000000-00000000-00000000-0000000" >/proc/sys/net/ipv4/tcp_fastopen_key'
164 The kernel seems to be counting unack'd packets. */
165
166 case 1:
167 if (tinfo.tcpi_unacked > 1)
168 {
169 DEBUG(D_transport|D_v)
170 debug_printf("TCP_FASTOPEN tcpi_unacked %d\n", tinfo.tcpi_unacked);
171 tcp_out_fastopen = 2;
172 }
173 break;
174
175 #ifdef notdef /* This seems to always fire, meaning that we cannot tell
176 whether the server accepted data we sent. For now assume
177 that it did. */
178
179 /* If there was data-on-SYN but we had to retrasnmit it, declare no TFO */
180
181 case 2:
182 if (!(tinfo.tcpi_options & TCPI_OPT_SYN_DATA))
183 {
184 DEBUG(D_transport|D_v) debug_printf("TFO: had to retransmit\n");
185 tcp_out_fastopen = 0;
186 }
187 break;
188 #endif
189 }
190
191 }
192 # endif
193 }
194 #endif
195
196
197 /* Arguments as for smtp_connect(), plus
198 early_data if non-NULL, data to be sent - preferably in the TCP SYN segment
199
200 Returns: connected socket number, or -1 with errno set
201 */
202
203 int
204 smtp_sock_connect(host_item * host, int host_af, int port, uschar * interface,
205 transport_instance * tb, int timeout, const blob * early_data)
206 {
207 smtp_transport_options_block * ob =
208 (smtp_transport_options_block *)tb->options_block;
209 const uschar * dscp = ob->dscp;
210 int dscp_value;
211 int dscp_level;
212 int dscp_option;
213 int sock;
214 int save_errno = 0;
215 const blob * fastopen_blob = NULL;
216
217
218 #ifndef DISABLE_EVENT
219 deliver_host_address = host->address;
220 deliver_host_port = port;
221 if (event_raise(tb->event_action, US"tcp:connect", NULL)) return -1;
222 #endif
223
224 if ((sock = ip_socket(SOCK_STREAM, host_af)) < 0) return -1;
225
226 /* Set TCP_NODELAY; Exim does its own buffering. */
227
228 if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, US &on, sizeof(on)))
229 HDEBUG(D_transport|D_acl|D_v)
230 debug_printf_indent("failed to set NODELAY: %s ", strerror(errno));
231
232 /* Set DSCP value, if we can. For now, if we fail to set the value, we don't
233 bomb out, just log it and continue in default traffic class. */
234
235 if (dscp && dscp_lookup(dscp, host_af, &dscp_level, &dscp_option, &dscp_value))
236 {
237 HDEBUG(D_transport|D_acl|D_v)
238 debug_printf_indent("DSCP \"%s\"=%x ", dscp, dscp_value);
239 if (setsockopt(sock, dscp_level, dscp_option, &dscp_value, sizeof(dscp_value)) < 0)
240 HDEBUG(D_transport|D_acl|D_v)
241 debug_printf_indent("failed to set DSCP: %s ", strerror(errno));
242 /* If the kernel supports IPv4 and IPv6 on an IPv6 socket, we need to set the
243 option for both; ignore failures here */
244 if (host_af == AF_INET6 &&
245 dscp_lookup(dscp, AF_INET, &dscp_level, &dscp_option, &dscp_value))
246 (void) setsockopt(sock, dscp_level, dscp_option, &dscp_value, sizeof(dscp_value));
247 }
248
249 /* Bind to a specific interface if requested. Caller must ensure the interface
250 is the same type (IPv4 or IPv6) as the outgoing address. */
251
252 if (interface && ip_bind(sock, host_af, interface, 0) < 0)
253 {
254 save_errno = errno;
255 HDEBUG(D_transport|D_acl|D_v)
256 debug_printf_indent("unable to bind outgoing SMTP call to %s: %s", interface,
257 strerror(errno));
258 }
259
260 /* Connect to the remote host, and add keepalive to the socket before returning
261 it, if requested. If the build supports TFO, request it - and if the caller
262 requested some early-data then include that in the TFO request. */
263
264 else
265 {
266 #ifdef TCP_FASTOPEN
267 if (verify_check_given_host(&ob->hosts_try_fastopen, host) == OK)
268 fastopen_blob = early_data ? early_data : &tcp_fastopen_nodata;
269 #endif
270
271 if (ip_connect(sock, host_af, host->address, port, timeout, fastopen_blob) < 0)
272 save_errno = errno;
273 else if (early_data && !fastopen_blob && early_data->data && early_data->len)
274 if (send(sock, early_data->data, early_data->len, 0) < 0)
275 save_errno = errno;
276 }
277
278 /* Either bind() or connect() failed */
279
280 if (save_errno != 0)
281 {
282 HDEBUG(D_transport|D_acl|D_v)
283 {
284 debug_printf_indent("failed: %s", CUstrerror(save_errno));
285 if (save_errno == ETIMEDOUT)
286 debug_printf(" (timeout=%s)", readconf_printtime(timeout));
287 debug_printf("\n");
288 }
289 (void)close(sock);
290 errno = save_errno;
291 return -1;
292 }
293
294 /* Both bind() and connect() succeeded */
295
296 else
297 {
298 union sockaddr_46 interface_sock;
299 EXIM_SOCKLEN_T size = sizeof(interface_sock);
300 HDEBUG(D_transport|D_acl|D_v) debug_printf_indent("connected\n");
301 if (getsockname(sock, (struct sockaddr *)(&interface_sock), &size) == 0)
302 sending_ip_address = host_ntoa(-1, &interface_sock, NULL, &sending_port);
303 else
304 {
305 log_write(0, LOG_MAIN | ((errno == ECONNRESET)? 0 : LOG_PANIC),
306 "getsockname() failed: %s", strerror(errno));
307 close(sock);
308 return -1;
309 }
310 if (ob->keepalive) ip_keepalive(sock, host->address, TRUE);
311 #ifdef TCP_FASTOPEN
312 if (fastopen_blob) tfo_out_check(sock);
313 #endif
314 return sock;
315 }
316 }
317
318
319
320
321
322 void
323 smtp_port_for_connect(host_item * host, int port)
324 {
325 if (host->port != PORT_NONE)
326 {
327 HDEBUG(D_transport|D_acl|D_v)
328 debug_printf_indent("Transport port=%d replaced by host-specific port=%d\n", port,
329 host->port);
330 port = host->port;
331 }
332 else host->port = port; /* Set the port actually used */
333 }
334
335
336 /*************************************************
337 * Connect to remote host *
338 *************************************************/
339
340 /* Create a socket, and connect it to a remote host. IPv6 addresses are
341 detected by checking for a colon in the address. AF_INET6 is defined even on
342 non-IPv6 systems, to enable the code to be less messy. However, on such systems
343 host->address will always be an IPv4 address.
344
345 Arguments:
346 host host item containing name and address and port
347 host_af AF_INET or AF_INET6
348 interface outgoing interface address or NULL
349 timeout timeout value or 0
350 tb transport
351
352 Returns: connected socket number, or -1 with errno set
353 */
354
355 int
356 smtp_connect(host_item *host, int host_af, uschar *interface,
357 int timeout, transport_instance * tb)
358 {
359 int port = host->port;
360 #ifdef SUPPORT_SOCKS
361 smtp_transport_options_block * ob =
362 (smtp_transport_options_block *)tb->options_block;
363 #endif
364
365 callout_address = string_sprintf("[%s]:%d", host->address, port);
366
367 HDEBUG(D_transport|D_acl|D_v)
368 {
369 uschar * s = US" ";
370 if (interface) s = string_sprintf(" from %s ", interface);
371 #ifdef SUPPORT_SOCKS
372 if (ob->socks_proxy) s = string_sprintf("%svia proxy ", s);
373 #endif
374 debug_printf_indent("Connecting to %s %s%s... ", host->name, callout_address, s);
375 }
376
377 /* Create and connect the socket */
378
379 #ifdef SUPPORT_SOCKS
380 if (ob->socks_proxy)
381 return socks_sock_connect(host, host_af, port, interface, tb, timeout);
382 #endif
383
384 return smtp_sock_connect(host, host_af, port, interface, tb, timeout, NULL);
385 }
386
387
388 /*************************************************
389 * Flush outgoing command buffer *
390 *************************************************/
391
392 /* This function is called only from smtp_write_command() below. It flushes
393 the buffer of outgoing commands. There is more than one in the buffer only when
394 pipelining.
395
396 Argument:
397 outblock the SMTP output block
398 mode further data expected, or plain
399
400 Returns: TRUE if OK, FALSE on error, with errno set
401 */
402
403 static BOOL
404 flush_buffer(smtp_outblock * outblock, int mode)
405 {
406 int rc;
407 int n = outblock->ptr - outblock->buffer;
408 BOOL more = mode == SCMD_MORE;
409
410 HDEBUG(D_transport|D_acl) debug_printf_indent("cmd buf flush %d bytes%s\n", n,
411 more ? " (more expected)" : "");
412
413 #ifdef SUPPORT_TLS
414 if (tls_out.active == outblock->sock)
415 rc = tls_write(FALSE, outblock->buffer, n, more);
416 else
417 #endif
418 rc = send(outblock->sock, outblock->buffer, n,
419 #ifdef MSG_MORE
420 more ? MSG_MORE : 0
421 #else
422 0
423 #endif
424 );
425
426 if (rc <= 0)
427 {
428 HDEBUG(D_transport|D_acl) debug_printf_indent("send failed: %s\n", strerror(errno));
429 return FALSE;
430 }
431
432 outblock->ptr = outblock->buffer;
433 outblock->cmd_count = 0;
434 return TRUE;
435 }
436
437
438
439 /*************************************************
440 * Write SMTP command *
441 *************************************************/
442
443 /* The formatted command is left in big_buffer so that it can be reflected in
444 any error message.
445
446 Arguments:
447 outblock contains buffer for pipelining, and socket
448 mode buffer, write-with-more-likely, write
449 format a format, starting with one of
450 of HELO, MAIL FROM, RCPT TO, DATA, ".", or QUIT.
451 If NULL, flush pipeline buffer only.
452 ... data for the format
453
454 Returns: 0 if command added to pipelining buffer, with nothing transmitted
455 +n if n commands transmitted (may still have buffered the new one)
456 -1 on error, with errno set
457 */
458
459 int
460 smtp_write_command(smtp_outblock * outblock, int mode, const char *format, ...)
461 {
462 int count;
463 int rc = 0;
464 va_list ap;
465
466 if (format)
467 {
468 va_start(ap, format);
469 if (!string_vformat(big_buffer, big_buffer_size, CS format, ap))
470 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "overlong write_command in outgoing "
471 "SMTP");
472 va_end(ap);
473 count = Ustrlen(big_buffer);
474
475 if (count > outblock->buffersize)
476 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "overlong write_command in outgoing "
477 "SMTP");
478
479 if (count > outblock->buffersize - (outblock->ptr - outblock->buffer))
480 {
481 rc = outblock->cmd_count; /* flush resets */
482 if (!flush_buffer(outblock, SCMD_FLUSH)) return -1;
483 }
484
485 Ustrncpy(CS outblock->ptr, big_buffer, count);
486 outblock->ptr += count;
487 outblock->cmd_count++;
488 count -= 2;
489 big_buffer[count] = 0; /* remove \r\n for error message */
490
491 /* We want to hide the actual data sent in AUTH transactions from reflections
492 and logs. While authenticating, a flag is set in the outblock to enable this.
493 The AUTH command itself gets any data flattened. Other lines are flattened
494 completely. */
495
496 if (outblock->authenticating)
497 {
498 uschar *p = big_buffer;
499 if (Ustrncmp(big_buffer, "AUTH ", 5) == 0)
500 {
501 p += 5;
502 while (isspace(*p)) p++;
503 while (!isspace(*p)) p++;
504 while (isspace(*p)) p++;
505 }
506 while (*p != 0) *p++ = '*';
507 }
508
509 HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP>> %s\n", big_buffer);
510 }
511
512 if (mode != SCMD_BUFFER)
513 {
514 rc += outblock->cmd_count; /* flush resets */
515 if (!flush_buffer(outblock, mode)) return -1;
516 }
517
518 return rc;
519 }
520
521
522
523 /*************************************************
524 * Read one line of SMTP response *
525 *************************************************/
526
527 /* This function reads one line of SMTP response from the server host. This may
528 not be a complete response - it could be just part of a multiline response. We
529 have to use a buffer for incoming packets, because when pipelining or using
530 LMTP, there may well be more than one response in a single packet. This
531 function is called only from the one that follows.
532
533 Arguments:
534 inblock the SMTP input block (contains holding buffer, socket, etc.)
535 buffer where to put the line
536 size space available for the line
537 timeout the timeout to use when reading a packet
538
539 Returns: length of a line that has been put in the buffer
540 -1 otherwise, with errno set
541 */
542
543 static int
544 read_response_line(smtp_inblock *inblock, uschar *buffer, int size, int timeout)
545 {
546 uschar *p = buffer;
547 uschar *ptr = inblock->ptr;
548 uschar *ptrend = inblock->ptrend;
549 int sock = inblock->sock;
550
551 /* Loop for reading multiple packets or reading another packet after emptying
552 a previously-read one. */
553
554 for (;;)
555 {
556 int rc;
557
558 /* If there is data in the input buffer left over from last time, copy
559 characters from it until the end of a line, at which point we can return,
560 having removed any whitespace (which will include CR) at the end of the line.
561 The rules for SMTP say that lines end in CRLF, but there are have been cases
562 of hosts using just LF, and other MTAs are reported to handle this, so we
563 just look for LF. If we run out of characters before the end of a line,
564 carry on to read the next incoming packet. */
565
566 while (ptr < ptrend)
567 {
568 int c = *ptr++;
569 if (c == '\n')
570 {
571 while (p > buffer && isspace(p[-1])) p--;
572 *p = 0;
573 inblock->ptr = ptr;
574 return p - buffer;
575 }
576 *p++ = c;
577 if (--size < 4)
578 {
579 *p = 0; /* Leave malformed line for error message */
580 errno = ERRNO_SMTPFORMAT;
581 return -1;
582 }
583 }
584
585 /* Need to read a new input packet. */
586
587 if((rc = ip_recv(sock, inblock->buffer, inblock->buffersize, timeout)) <= 0)
588 {
589 DEBUG(D_deliver|D_transport|D_acl)
590 debug_printf_indent(errno ? " SMTP(%s)<<\n" : " SMTP(closed)<<\n",
591 strerror(errno));
592 break;
593 }
594
595 /* Another block of data has been successfully read. Set up the pointers
596 and let the loop continue. */
597
598 ptrend = inblock->ptrend = inblock->buffer + rc;
599 ptr = inblock->buffer;
600 DEBUG(D_transport|D_acl) debug_printf_indent("read response data: size=%d\n", rc);
601 }
602
603 /* Get here if there has been some kind of recv() error; errno is set, but we
604 ensure that the result buffer is empty before returning. */
605
606 *buffer = 0;
607 return -1;
608 }
609
610
611
612
613
614 /*************************************************
615 * Read SMTP response *
616 *************************************************/
617
618 /* This function reads an SMTP response with a timeout, and returns the
619 response in the given buffer, as a string. A multiline response will contain
620 newline characters between the lines. The function also analyzes the first
621 digit of the reply code and returns FALSE if it is not acceptable. FALSE is
622 also returned after a reading error. In this case buffer[0] will be zero, and
623 the error code will be in errno.
624
625 Arguments:
626 inblock the SMTP input block (contains holding buffer, socket, etc.)
627 buffer where to put the response
628 size the size of the buffer
629 okdigit the expected first digit of the response
630 timeout the timeout to use, in seconds
631
632 Returns: TRUE if a valid, non-error response was received; else FALSE
633 */
634
635 BOOL
636 smtp_read_response(smtp_inblock *inblock, uschar *buffer, int size, int okdigit,
637 int timeout)
638 {
639 uschar *ptr = buffer;
640 int count;
641
642 errno = 0; /* Ensure errno starts out zero */
643
644 /* This is a loop to read and concatenate the lines that make up a multi-line
645 response. */
646
647 for (;;)
648 {
649 if ((count = read_response_line(inblock, ptr, size, timeout)) < 0)
650 return FALSE;
651
652 HDEBUG(D_transport|D_acl|D_v)
653 debug_printf_indent(" %s %s\n", (ptr == buffer)? "SMTP<<" : " ", ptr);
654
655 /* Check the format of the response: it must start with three digits; if
656 these are followed by a space or end of line, the response is complete. If
657 they are followed by '-' this is a multi-line response and we must look for
658 another line until the final line is reached. The only use made of multi-line
659 responses is to pass them back as error messages. We therefore just
660 concatenate them all within the buffer, which should be large enough to
661 accept any reasonable number of lines. */
662
663 if (count < 3 ||
664 !isdigit(ptr[0]) ||
665 !isdigit(ptr[1]) ||
666 !isdigit(ptr[2]) ||
667 (ptr[3] != '-' && ptr[3] != ' ' && ptr[3] != 0))
668 {
669 errno = ERRNO_SMTPFORMAT; /* format error */
670 return FALSE;
671 }
672
673 /* If the line we have just read is a terminal line, line, we are done.
674 Otherwise more data has to be read. */
675
676 if (ptr[3] != '-') break;
677
678 /* Move the reading pointer upwards in the buffer and insert \n between the
679 components of a multiline response. Space is left for this by read_response_
680 line(). */
681
682 ptr += count;
683 *ptr++ = '\n';
684 size -= count + 1;
685 }
686
687 /* Return a value that depends on the SMTP return code. On some systems a
688 non-zero value of errno has been seen at this point, so ensure it is zero,
689 because the caller of this function looks at errno when FALSE is returned, to
690 distinguish between an unexpected return code and other errors such as
691 timeouts, lost connections, etc. */
692
693 errno = 0;
694 return buffer[0] == okdigit;
695 }
696
697 /* End of smtp_out.c */
698 /* vi: aw ai sw=2
699 */
Unnamed repository; edit this file 'description' to name the repository.