383d202b9ab73004e316056026cc9f54de908e27
[exim.git] / src / src / transports / smtp.c
1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4
5 /* Copyright (c) University of Cambridge 1995 - 2018 */
6 /* See the file NOTICE for conditions of use and distribution. */
7
8 #include "../exim.h"
9 #include "smtp.h"
10
11 #if defined(SUPPORT_DANE) && defined(DISABLE_TLS)
12 # error TLS is required for DANE
13 #endif
14
15
16 /* Options specific to the smtp transport. This transport also supports LMTP
17 over TCP/IP. The options must be in alphabetic order (note that "_" comes
18 before the lower case letters). Some live in the transport_instance block so as
19 to be publicly visible; these are flagged with opt_public. */
20
21 optionlist smtp_transport_options[] = {
22 { "*expand_multi_domain", opt_stringptr | opt_hidden | opt_public,
23 (void *)offsetof(transport_instance, expand_multi_domain) },
24 { "*expand_retry_include_ip_address", opt_stringptr | opt_hidden,
25 (void *)(offsetof(smtp_transport_options_block, expand_retry_include_ip_address)) },
26
27 { "address_retry_include_sender", opt_bool,
28 (void *)offsetof(smtp_transport_options_block, address_retry_include_sender) },
29 { "allow_localhost", opt_bool,
30 (void *)offsetof(smtp_transport_options_block, allow_localhost) },
31 #ifdef EXPERIMENTAL_ARC
32 { "arc_sign", opt_stringptr,
33 (void *)offsetof(smtp_transport_options_block, arc_sign) },
34 #endif
35 { "authenticated_sender", opt_stringptr,
36 (void *)offsetof(smtp_transport_options_block, authenticated_sender) },
37 { "authenticated_sender_force", opt_bool,
38 (void *)offsetof(smtp_transport_options_block, authenticated_sender_force) },
39 { "command_timeout", opt_time,
40 (void *)offsetof(smtp_transport_options_block, command_timeout) },
41 { "connect_timeout", opt_time,
42 (void *)offsetof(smtp_transport_options_block, connect_timeout) },
43 { "connection_max_messages", opt_int | opt_public,
44 (void *)offsetof(transport_instance, connection_max_messages) },
45 # ifdef SUPPORT_DANE
46 { "dane_require_tls_ciphers", opt_stringptr,
47 (void *)offsetof(smtp_transport_options_block, dane_require_tls_ciphers) },
48 # endif
49 { "data_timeout", opt_time,
50 (void *)offsetof(smtp_transport_options_block, data_timeout) },
51 { "delay_after_cutoff", opt_bool,
52 (void *)offsetof(smtp_transport_options_block, delay_after_cutoff) },
53 #ifndef DISABLE_DKIM
54 { "dkim_canon", opt_stringptr,
55 (void *)offsetof(smtp_transport_options_block, dkim.dkim_canon) },
56 { "dkim_domain", opt_stringptr,
57 (void *)offsetof(smtp_transport_options_block, dkim.dkim_domain) },
58 { "dkim_hash", opt_stringptr,
59 (void *)offsetof(smtp_transport_options_block, dkim.dkim_hash) },
60 { "dkim_identity", opt_stringptr,
61 (void *)offsetof(smtp_transport_options_block, dkim.dkim_identity) },
62 { "dkim_private_key", opt_stringptr,
63 (void *)offsetof(smtp_transport_options_block, dkim.dkim_private_key) },
64 { "dkim_selector", opt_stringptr,
65 (void *)offsetof(smtp_transport_options_block, dkim.dkim_selector) },
66 { "dkim_sign_headers", opt_stringptr,
67 (void *)offsetof(smtp_transport_options_block, dkim.dkim_sign_headers) },
68 { "dkim_strict", opt_stringptr,
69 (void *)offsetof(smtp_transport_options_block, dkim.dkim_strict) },
70 { "dkim_timestamps", opt_stringptr,
71 (void *)offsetof(smtp_transport_options_block, dkim.dkim_timestamps) },
72 #endif
73 { "dns_qualify_single", opt_bool,
74 (void *)offsetof(smtp_transport_options_block, dns_qualify_single) },
75 { "dns_search_parents", opt_bool,
76 (void *)offsetof(smtp_transport_options_block, dns_search_parents) },
77 { "dnssec_request_domains", opt_stringptr,
78 (void *)offsetof(smtp_transport_options_block, dnssec.request) },
79 { "dnssec_require_domains", opt_stringptr,
80 (void *)offsetof(smtp_transport_options_block, dnssec.require) },
81 { "dscp", opt_stringptr,
82 (void *)offsetof(smtp_transport_options_block, dscp) },
83 { "fallback_hosts", opt_stringptr,
84 (void *)offsetof(smtp_transport_options_block, fallback_hosts) },
85 { "final_timeout", opt_time,
86 (void *)offsetof(smtp_transport_options_block, final_timeout) },
87 { "gethostbyname", opt_bool,
88 (void *)offsetof(smtp_transport_options_block, gethostbyname) },
89 { "helo_data", opt_stringptr,
90 (void *)offsetof(smtp_transport_options_block, helo_data) },
91 { "hosts", opt_stringptr,
92 (void *)offsetof(smtp_transport_options_block, hosts) },
93 { "hosts_avoid_esmtp", opt_stringptr,
94 (void *)offsetof(smtp_transport_options_block, hosts_avoid_esmtp) },
95 { "hosts_avoid_pipelining", opt_stringptr,
96 (void *)offsetof(smtp_transport_options_block, hosts_avoid_pipelining) },
97 #ifndef DISABLE_TLS
98 { "hosts_avoid_tls", opt_stringptr,
99 (void *)offsetof(smtp_transport_options_block, hosts_avoid_tls) },
100 #endif
101 { "hosts_max_try", opt_int,
102 (void *)offsetof(smtp_transport_options_block, hosts_max_try) },
103 { "hosts_max_try_hardlimit", opt_int,
104 (void *)offsetof(smtp_transport_options_block, hosts_max_try_hardlimit) },
105 #ifndef DISABLE_TLS
106 { "hosts_nopass_tls", opt_stringptr,
107 (void *)offsetof(smtp_transport_options_block, hosts_nopass_tls) },
108 { "hosts_noproxy_tls", opt_stringptr,
109 (void *)offsetof(smtp_transport_options_block, hosts_noproxy_tls) },
110 #endif
111 { "hosts_override", opt_bool,
112 (void *)offsetof(smtp_transport_options_block, hosts_override) },
113 #ifndef DISABLE_PIPE_CONNECT
114 { "hosts_pipe_connect", opt_stringptr,
115 (void *)offsetof(smtp_transport_options_block, hosts_pipe_connect) },
116 #endif
117 { "hosts_randomize", opt_bool,
118 (void *)offsetof(smtp_transport_options_block, hosts_randomize) },
119 #if !defined(DISABLE_TLS) && !defined(DISABLE_OCSP)
120 { "hosts_request_ocsp", opt_stringptr,
121 (void *)offsetof(smtp_transport_options_block, hosts_request_ocsp) },
122 #endif
123 { "hosts_require_auth", opt_stringptr,
124 (void *)offsetof(smtp_transport_options_block, hosts_require_auth) },
125 #ifndef DISABLE_TLS
126 # ifdef SUPPORT_DANE
127 { "hosts_require_dane", opt_stringptr,
128 (void *)offsetof(smtp_transport_options_block, hosts_require_dane) },
129 # endif
130 # ifndef DISABLE_OCSP
131 { "hosts_require_ocsp", opt_stringptr,
132 (void *)offsetof(smtp_transport_options_block, hosts_require_ocsp) },
133 # endif
134 { "hosts_require_tls", opt_stringptr,
135 (void *)offsetof(smtp_transport_options_block, hosts_require_tls) },
136 #endif
137 { "hosts_try_auth", opt_stringptr,
138 (void *)offsetof(smtp_transport_options_block, hosts_try_auth) },
139 { "hosts_try_chunking", opt_stringptr,
140 (void *)offsetof(smtp_transport_options_block, hosts_try_chunking) },
141 #ifdef SUPPORT_DANE
142 { "hosts_try_dane", opt_stringptr,
143 (void *)offsetof(smtp_transport_options_block, hosts_try_dane) },
144 #endif
145 { "hosts_try_fastopen", opt_stringptr,
146 (void *)offsetof(smtp_transport_options_block, hosts_try_fastopen) },
147 #ifndef DISABLE_PRDR
148 { "hosts_try_prdr", opt_stringptr,
149 (void *)offsetof(smtp_transport_options_block, hosts_try_prdr) },
150 #endif
151 #ifndef DISABLE_TLS
152 { "hosts_verify_avoid_tls", opt_stringptr,
153 (void *)offsetof(smtp_transport_options_block, hosts_verify_avoid_tls) },
154 #endif
155 { "interface", opt_stringptr,
156 (void *)offsetof(smtp_transport_options_block, interface) },
157 { "keepalive", opt_bool,
158 (void *)offsetof(smtp_transport_options_block, keepalive) },
159 { "lmtp_ignore_quota", opt_bool,
160 (void *)offsetof(smtp_transport_options_block, lmtp_ignore_quota) },
161 { "max_rcpt", opt_int | opt_public,
162 (void *)offsetof(transport_instance, max_addresses) },
163 { "multi_domain", opt_expand_bool | opt_public,
164 (void *)offsetof(transport_instance, multi_domain) },
165 { "port", opt_stringptr,
166 (void *)offsetof(smtp_transport_options_block, port) },
167 { "protocol", opt_stringptr,
168 (void *)offsetof(smtp_transport_options_block, protocol) },
169 { "retry_include_ip_address", opt_expand_bool,
170 (void *)offsetof(smtp_transport_options_block, retry_include_ip_address) },
171 { "serialize_hosts", opt_stringptr,
172 (void *)offsetof(smtp_transport_options_block, serialize_hosts) },
173 { "size_addition", opt_int,
174 (void *)offsetof(smtp_transport_options_block, size_addition) },
175 #ifdef SUPPORT_SOCKS
176 { "socks_proxy", opt_stringptr,
177 (void *)offsetof(smtp_transport_options_block, socks_proxy) },
178 #endif
179 #ifndef DISABLE_TLS
180 { "tls_certificate", opt_stringptr,
181 (void *)offsetof(smtp_transport_options_block, tls_certificate) },
182 { "tls_crl", opt_stringptr,
183 (void *)offsetof(smtp_transport_options_block, tls_crl) },
184 { "tls_dh_min_bits", opt_int,
185 (void *)offsetof(smtp_transport_options_block, tls_dh_min_bits) },
186 { "tls_privatekey", opt_stringptr,
187 (void *)offsetof(smtp_transport_options_block, tls_privatekey) },
188 { "tls_require_ciphers", opt_stringptr,
189 (void *)offsetof(smtp_transport_options_block, tls_require_ciphers) },
190 # ifdef EXPERIMENTAL_TLS_RESUME
191 { "tls_resumption_hosts", opt_stringptr,
192 (void *)offsetof(smtp_transport_options_block, tls_resumption_hosts) },
193 # endif
194 { "tls_sni", opt_stringptr,
195 (void *)offsetof(smtp_transport_options_block, tls_sni) },
196 { "tls_tempfail_tryclear", opt_bool,
197 (void *)offsetof(smtp_transport_options_block, tls_tempfail_tryclear) },
198 { "tls_try_verify_hosts", opt_stringptr,
199 (void *)offsetof(smtp_transport_options_block, tls_try_verify_hosts) },
200 { "tls_verify_cert_hostnames", opt_stringptr,
201 (void *)offsetof(smtp_transport_options_block,tls_verify_cert_hostnames)},
202 { "tls_verify_certificates", opt_stringptr,
203 (void *)offsetof(smtp_transport_options_block, tls_verify_certificates) },
204 { "tls_verify_hosts", opt_stringptr,
205 (void *)offsetof(smtp_transport_options_block, tls_verify_hosts) },
206 #endif
207 #ifdef SUPPORT_I18N
208 { "utf8_downconvert", opt_stringptr,
209 (void *)offsetof(smtp_transport_options_block, utf8_downconvert) },
210 #endif
211 };
212
213 /* Size of the options list. An extern variable has to be used so that its
214 address can appear in the tables drtables.c. */
215
216 int smtp_transport_options_count = nelem(smtp_transport_options);
217
218
219 #ifdef MACRO_PREDEF
220
221 /* Dummy values */
222 smtp_transport_options_block smtp_transport_option_defaults = {0};
223 void smtp_transport_init(transport_instance *tblock) {}
224 BOOL smtp_transport_entry(transport_instance *tblock, address_item *addr) {return FALSE;}
225 void smtp_transport_closedown(transport_instance *tblock) {}
226
227 #else /*!MACRO_PREDEF*/
228
229
230 /* Default private options block for the smtp transport. */
231
232 smtp_transport_options_block smtp_transport_option_defaults = {
233 .hosts = NULL,
234 .fallback_hosts = NULL,
235 .hostlist = NULL,
236 .fallback_hostlist = NULL,
237 .helo_data = US"$primary_hostname",
238 .interface = NULL,
239 .port = NULL,
240 .protocol = US"smtp",
241 .dscp = NULL,
242 .serialize_hosts = NULL,
243 .hosts_try_auth = NULL,
244 .hosts_require_auth = NULL,
245 .hosts_try_chunking = US"*",
246 #ifdef SUPPORT_DANE
247 .hosts_try_dane = US"*",
248 .hosts_require_dane = NULL,
249 .dane_require_tls_ciphers = NULL,
250 #endif
251 .hosts_try_fastopen = US"*",
252 #ifndef DISABLE_PRDR
253 .hosts_try_prdr = US"*",
254 #endif
255 #ifndef DISABLE_OCSP
256 .hosts_request_ocsp = US"*", /* hosts_request_ocsp (except under DANE; tls_client_start()) */
257 .hosts_require_ocsp = NULL,
258 #endif
259 .hosts_require_tls = NULL,
260 .hosts_avoid_tls = NULL,
261 .hosts_verify_avoid_tls = NULL,
262 .hosts_avoid_pipelining = NULL,
263 #ifndef DISABLE_PIPE_CONNECT
264 .hosts_pipe_connect = NULL,
265 #endif
266 .hosts_avoid_esmtp = NULL,
267 #ifndef DISABLE_TLS
268 .hosts_nopass_tls = NULL,
269 .hosts_noproxy_tls = NULL,
270 #endif
271 .command_timeout = 5*60,
272 .connect_timeout = 5*60,
273 .data_timeout = 5*60,
274 .final_timeout = 10*60,
275 .size_addition = 1024,
276 .hosts_max_try = 5,
277 .hosts_max_try_hardlimit = 50,
278 .address_retry_include_sender = TRUE,
279 .allow_localhost = FALSE,
280 .authenticated_sender_force = FALSE,
281 .gethostbyname = FALSE,
282 .dns_qualify_single = TRUE,
283 .dns_search_parents = FALSE,
284 .dnssec = { .request=NULL, .require=NULL },
285 .delay_after_cutoff = TRUE,
286 .hosts_override = FALSE,
287 .hosts_randomize = FALSE,
288 .keepalive = TRUE,
289 .lmtp_ignore_quota = FALSE,
290 .expand_retry_include_ip_address = NULL,
291 .retry_include_ip_address = TRUE,
292 #ifdef SUPPORT_SOCKS
293 .socks_proxy = NULL,
294 #endif
295 #ifndef DISABLE_TLS
296 .tls_certificate = NULL,
297 .tls_crl = NULL,
298 .tls_privatekey = NULL,
299 .tls_require_ciphers = NULL,
300 .tls_sni = NULL,
301 .tls_verify_certificates = US"system",
302 .tls_dh_min_bits = EXIM_CLIENT_DH_DEFAULT_MIN_BITS,
303 .tls_tempfail_tryclear = TRUE,
304 # ifdef EXPERIMENTAL_TLS_RESUME
305 .tls_resumption_hosts = NULL,
306 # endif
307 .tls_verify_hosts = NULL,
308 .tls_try_verify_hosts = US"*",
309 .tls_verify_cert_hostnames = US"*",
310 #endif
311 #ifdef SUPPORT_I18N
312 .utf8_downconvert = NULL,
313 #endif
314 #ifndef DISABLE_DKIM
315 .dkim =
316 {.dkim_domain = NULL,
317 .dkim_identity = NULL,
318 .dkim_private_key = NULL,
319 .dkim_selector = NULL,
320 .dkim_canon = NULL,
321 .dkim_sign_headers = NULL,
322 .dkim_strict = NULL,
323 .dkim_hash = US"sha256",
324 .dkim_timestamps = NULL,
325 .dot_stuffed = FALSE,
326 .force_bodyhash = FALSE,
327 # ifdef EXPERIMENTAL_ARC
328 .arc_signspec = NULL,
329 # endif
330 },
331 # ifdef EXPERIMENTAL_ARC
332 .arc_sign = NULL,
333 # endif
334 #endif
335 };
336
337 /* some DSN flags for use later */
338
339 static int rf_list[] = {rf_notify_never, rf_notify_success,
340 rf_notify_failure, rf_notify_delay };
341
342 static uschar *rf_names[] = { US"NEVER", US"SUCCESS", US"FAILURE", US"DELAY" };
343
344
345
346 /* Local statics */
347
348 static uschar *smtp_command; /* Points to last cmd for error messages */
349 static uschar *mail_command; /* Points to MAIL cmd for error messages */
350 static uschar *data_command = US""; /* Points to DATA cmd for error messages */
351 static BOOL update_waiting; /* TRUE to update the "wait" database */
352
353 /*XXX move to smtp_context */
354 static BOOL pipelining_active; /* current transaction is in pipe mode */
355
356
357 static unsigned ehlo_response(uschar * buf, unsigned checks);
358
359
360 /******************************************************************************/
361
362 void
363 smtp_deliver_init(void)
364 {
365 if (!regex_PIPELINING) regex_PIPELINING =
366 regex_must_compile(US"\\n250[\\s\\-]PIPELINING(\\s|\\n|$)", FALSE, TRUE);
367
368 if (!regex_SIZE) regex_SIZE =
369 regex_must_compile(US"\\n250[\\s\\-]SIZE(\\s|\\n|$)", FALSE, TRUE);
370
371 if (!regex_AUTH) regex_AUTH =
372 regex_must_compile(AUTHS_REGEX, FALSE, TRUE);
373
374 #ifndef DISABLE_TLS
375 if (!regex_STARTTLS) regex_STARTTLS =
376 regex_must_compile(US"\\n250[\\s\\-]STARTTLS(\\s|\\n|$)", FALSE, TRUE);
377 #endif
378
379 if (!regex_CHUNKING) regex_CHUNKING =
380 regex_must_compile(US"\\n250[\\s\\-]CHUNKING(\\s|\\n|$)", FALSE, TRUE);
381
382 #ifndef DISABLE_PRDR
383 if (!regex_PRDR) regex_PRDR =
384 regex_must_compile(US"\\n250[\\s\\-]PRDR(\\s|\\n|$)", FALSE, TRUE);
385 #endif
386
387 #ifdef SUPPORT_I18N
388 if (!regex_UTF8) regex_UTF8 =
389 regex_must_compile(US"\\n250[\\s\\-]SMTPUTF8(\\s|\\n|$)", FALSE, TRUE);
390 #endif
391
392 if (!regex_DSN) regex_DSN =
393 regex_must_compile(US"\\n250[\\s\\-]DSN(\\s|\\n|$)", FALSE, TRUE);
394
395 if (!regex_IGNOREQUOTA) regex_IGNOREQUOTA =
396 regex_must_compile(US"\\n250[\\s\\-]IGNOREQUOTA(\\s|\\n|$)", FALSE, TRUE);
397
398 #ifndef DISABLE_PIPE_CONNECT
399 if (!regex_EARLY_PIPE) regex_EARLY_PIPE =
400 regex_must_compile(US"\\n250[\\s\\-]" EARLY_PIPE_FEATURE_NAME "(\\s|\\n|$)", FALSE, TRUE);
401 #endif
402 }
403
404
405 /*************************************************
406 * Setup entry point *
407 *************************************************/
408
409 /* This function is called when the transport is about to be used,
410 but before running it in a sub-process. It is used for two things:
411
412 (1) To set the fallback host list in addresses, when delivering.
413 (2) To pass back the interface, port, protocol, and other options, for use
414 during callout verification.
415
416 Arguments:
417 tblock pointer to the transport instance block
418 addrlist list of addresses about to be transported
419 tf if not NULL, pointer to block in which to return options
420 uid the uid that will be set (not used)
421 gid the gid that will be set (not used)
422 errmsg place for error message (not used)
423
424 Returns: OK always (FAIL, DEFER not used)
425 */
426
427 static int
428 smtp_transport_setup(transport_instance *tblock, address_item *addrlist,
429 transport_feedback *tf, uid_t uid, gid_t gid, uschar **errmsg)
430 {
431 smtp_transport_options_block *ob = SOB tblock->options_block;
432
433 errmsg = errmsg; /* Keep picky compilers happy */
434 uid = uid;
435 gid = gid;
436
437 /* Pass back options if required. This interface is getting very messy. */
438
439 if (tf)
440 {
441 tf->interface = ob->interface;
442 tf->port = ob->port;
443 tf->protocol = ob->protocol;
444 tf->hosts = ob->hosts;
445 tf->hosts_override = ob->hosts_override;
446 tf->hosts_randomize = ob->hosts_randomize;
447 tf->gethostbyname = ob->gethostbyname;
448 tf->qualify_single = ob->dns_qualify_single;
449 tf->search_parents = ob->dns_search_parents;
450 tf->helo_data = ob->helo_data;
451 }
452
453 /* Set the fallback host list for all the addresses that don't have fallback
454 host lists, provided that the local host wasn't present in the original host
455 list. */
456
457 if (!testflag(addrlist, af_local_host_removed))
458 for (; addrlist; addrlist = addrlist->next)
459 if (!addrlist->fallback_hosts) addrlist->fallback_hosts = ob->fallback_hostlist;
460
461 return OK;
462 }
463
464
465
466 /*************************************************
467 * Initialization entry point *
468 *************************************************/
469
470 /* Called for each instance, after its options have been read, to
471 enable consistency checks to be done, or anything else that needs
472 to be set up.
473
474 Argument: pointer to the transport instance block
475 Returns: nothing
476 */
477
478 void
479 smtp_transport_init(transport_instance *tblock)
480 {
481 smtp_transport_options_block *ob = SOB tblock->options_block;
482
483 /* Retry_use_local_part defaults FALSE if unset */
484
485 if (tblock->retry_use_local_part == TRUE_UNSET)
486 tblock->retry_use_local_part = FALSE;
487
488 /* Set the default port according to the protocol */
489
490 if (!ob->port)
491 ob->port = strcmpic(ob->protocol, US"lmtp") == 0
492 ? US"lmtp"
493 : strcmpic(ob->protocol, US"smtps") == 0
494 ? US"smtps" : US"smtp";
495
496 /* Set up the setup entry point, to be called before subprocesses for this
497 transport. */
498
499 tblock->setup = smtp_transport_setup;
500
501 /* Complain if any of the timeouts are zero. */
502
503 if (ob->command_timeout <= 0 || ob->data_timeout <= 0 ||
504 ob->final_timeout <= 0)
505 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
506 "command, data, or final timeout value is zero for %s transport",
507 tblock->name);
508
509 /* If hosts_override is set and there are local hosts, set the global
510 flag that stops verify from showing router hosts. */
511
512 if (ob->hosts_override && ob->hosts != NULL) tblock->overrides_hosts = TRUE;
513
514 /* If there are any fallback hosts listed, build a chain of host items
515 for them, but do not do any lookups at this time. */
516
517 host_build_hostlist(&(ob->fallback_hostlist), ob->fallback_hosts, FALSE);
518 }
519
520
521
522
523
524 /*************************************************
525 * Set delivery info into all active addresses *
526 *************************************************/
527
528 /* Only addresses whose status is >= PENDING are relevant. A lesser
529 status means that an address is not currently being processed.
530
531 Arguments:
532 addrlist points to a chain of addresses
533 errno_value to put in each address's errno field
534 msg to put in each address's message field
535 rc to put in each address's transport_return field
536 pass_message if TRUE, set the "pass message" flag in the address
537 host if set, mark addrs as having used this host
538 smtp_greeting from peer
539 helo_response from peer
540
541 If errno_value has the special value ERRNO_CONNECTTIMEOUT, ETIMEDOUT is put in
542 the errno field, and RTEF_CTOUT is ORed into the more_errno field, to indicate
543 this particular type of timeout.
544
545 Returns: nothing
546 */
547
548 static void
549 set_errno(address_item *addrlist, int errno_value, uschar *msg, int rc,
550 BOOL pass_message, host_item * host
551 #ifdef EXPERIMENTAL_DSN_INFO
552 , const uschar * smtp_greeting, const uschar * helo_response
553 #endif
554 )
555 {
556 int orvalue = 0;
557 if (errno_value == ERRNO_CONNECTTIMEOUT)
558 {
559 errno_value = ETIMEDOUT;
560 orvalue = RTEF_CTOUT;
561 }
562 for (address_item * addr = addrlist; addr; addr = addr->next)
563 if (addr->transport_return >= PENDING)
564 {
565 addr->basic_errno = errno_value;
566 addr->more_errno |= orvalue;
567 if (msg)
568 {
569 addr->message = msg;
570 if (pass_message) setflag(addr, af_pass_message);
571 }
572 addr->transport_return = rc;
573 if (host)
574 {
575 addr->host_used = host;
576 #ifdef EXPERIMENTAL_DSN_INFO
577 if (smtp_greeting)
578 {uschar * s = Ustrchr(smtp_greeting, '\n'); if (s) *s = '\0';}
579 addr->smtp_greeting = smtp_greeting;
580
581 if (helo_response)
582 {uschar * s = Ustrchr(helo_response, '\n'); if (s) *s = '\0';}
583 addr->helo_response = helo_response;
584 #endif
585 }
586 }
587 }
588
589 static void
590 set_errno_nohost(address_item *addrlist, int errno_value, uschar *msg, int rc,
591 BOOL pass_message)
592 {
593 set_errno(addrlist, errno_value, msg, rc, pass_message, NULL
594 #ifdef EXPERIMENTAL_DSN_INFO
595 , NULL, NULL
596 #endif
597 );
598 }
599
600
601 /*************************************************
602 * Check an SMTP response *
603 *************************************************/
604
605 /* This function is given an errno code and the SMTP response buffer
606 to analyse, together with the host identification for generating messages. It
607 sets an appropriate message and puts the first digit of the response code into
608 the yield variable. If no response was actually read, a suitable digit is
609 chosen.
610
611 Arguments:
612 host the current host, to get its name for messages
613 errno_value pointer to the errno value
614 more_errno from the top address for use with ERRNO_FILTER_FAIL
615 buffer the SMTP response buffer
616 yield where to put a one-digit SMTP response code
617 message where to put an error message
618 pass_message set TRUE if message is an SMTP response
619
620 Returns: TRUE if an SMTP "QUIT" command should be sent, else FALSE
621 */
622
623 static BOOL
624 check_response(host_item *host, int *errno_value, int more_errno,
625 uschar *buffer, int *yield, uschar **message, BOOL *pass_message)
626 {
627 uschar * pl = pipelining_active ? US"pipelined " : US"";
628 const uschar * s;
629
630 *yield = '4'; /* Default setting is to give a temporary error */
631
632 switch(*errno_value)
633 {
634 case ETIMEDOUT: /* Handle response timeout */
635 *message = US string_sprintf("SMTP timeout after %s%s",
636 pl, smtp_command);
637 if (transport_count > 0)
638 *message = US string_sprintf("%s (%d bytes written)", *message,
639 transport_count);
640 return FALSE;
641
642 case ERRNO_SMTPFORMAT: /* Handle malformed SMTP response */
643 s = string_printing(buffer);
644 while (isspace(*s)) s++;
645 *message = *s == 0
646 ? string_sprintf("Malformed SMTP reply (an empty line) "
647 "in response to %s%s", pl, smtp_command)
648 : string_sprintf("Malformed SMTP reply in response to %s%s: %s",
649 pl, smtp_command, s);
650 return FALSE;
651
652 case ERRNO_TLSFAILURE: /* Handle bad first read; can happen with
653 GnuTLS and TLS1.3 */
654 *message = US"bad first read from TLS conn";
655 return TRUE;
656
657 case ERRNO_FILTER_FAIL: /* Handle a failed filter process error;
658 can't send QUIT as we mustn't end the DATA. */
659 *message = string_sprintf("transport filter process failed (%d)%s",
660 more_errno,
661 more_errno == EX_EXECFAILED ? ": unable to execute command" : "");
662 return FALSE;
663
664 case ERRNO_CHHEADER_FAIL: /* Handle a failed add_headers expansion;
665 can't send QUIT as we mustn't end the DATA. */
666 *message =
667 string_sprintf("failed to expand headers_add or headers_remove: %s",
668 expand_string_message);
669 return FALSE;
670
671 case ERRNO_WRITEINCOMPLETE: /* failure to write a complete data block */
672 *message = US"failed to write a data block";
673 return FALSE;
674
675 #ifdef SUPPORT_I18N
676 case ERRNO_UTF8_FWD: /* no advertised SMTPUTF8, for international message */
677 *message = US"utf8 support required but not offered for forwarding";
678 DEBUG(D_deliver|D_transport) debug_printf("%s\n", *message);
679 return TRUE;
680 #endif
681 }
682
683 /* Handle error responses from the remote mailer. */
684
685 if (buffer[0] != 0)
686 {
687 *message = string_sprintf("SMTP error from remote mail server after %s%s: "
688 "%s", pl, smtp_command, s = string_printing(buffer));
689 *pass_message = TRUE;
690 *yield = buffer[0];
691 return TRUE;
692 }
693
694 /* No data was read. If there is no errno, this must be the EOF (i.e.
695 connection closed) case, which causes deferral. An explicit connection reset
696 error has the same effect. Otherwise, put the host's identity in the message,
697 leaving the errno value to be interpreted as well. In all cases, we have to
698 assume the connection is now dead. */
699
700 if (*errno_value == 0 || *errno_value == ECONNRESET)
701 {
702 *errno_value = ERRNO_SMTPCLOSED;
703 *message = US string_sprintf("Remote host closed connection "
704 "in response to %s%s", pl, smtp_command);
705 }
706 else
707 *message = US string_sprintf("%s [%s]", host->name, host->address);
708
709 return FALSE;
710 }
711
712
713
714 /*************************************************
715 * Write error message to logs *
716 *************************************************/
717
718 /* This writes to the main log and to the message log.
719
720 Arguments:
721 host the current host
722 detail the current message (addr_item->message)
723 basic_errno the errno (addr_item->basic_errno)
724
725 Returns: nothing
726 */
727
728 static void
729 write_logs(const host_item *host, const uschar *suffix, int basic_errno)
730 {
731 gstring * message = LOGGING(outgoing_port)
732 ? string_fmt_append(NULL, "H=%s [%s]:%d", host->name, host->address,
733 host->port == PORT_NONE ? 25 : host->port)
734 : string_fmt_append(NULL, "H=%s [%s]", host->name, host->address);
735
736 if (suffix)
737 {
738 message = string_fmt_append(message, ": %s", suffix);
739 if (basic_errno > 0)
740 message = string_fmt_append(message, ": %s", strerror(basic_errno));
741 }
742 else
743 message = string_fmt_append(message, " %s", exim_errstr(basic_errno));
744
745 log_write(0, LOG_MAIN, "%s", string_from_gstring(message));
746 deliver_msglog("%s %s\n", tod_stamp(tod_log), message->s);
747 }
748
749 static void
750 msglog_line(host_item * host, uschar * message)
751 {
752 deliver_msglog("%s H=%s [%s] %s\n", tod_stamp(tod_log),
753 host->name, host->address, message);
754 }
755
756
757
758 #ifndef DISABLE_EVENT
759 /*************************************************
760 * Post-defer action *
761 *************************************************/
762
763 /* This expands an arbitrary per-transport string.
764 It might, for example, be used to write to the database log.
765
766 Arguments:
767 addr the address item containing error information
768 host the current host
769
770 Returns: nothing
771 */
772
773 static void
774 deferred_event_raise(address_item *addr, host_item *host)
775 {
776 uschar * action = addr->transport->event_action;
777 const uschar * save_domain;
778 uschar * save_local;
779
780 if (!action)
781 return;
782
783 save_domain = deliver_domain;
784 save_local = deliver_localpart;
785
786 /*XXX would ip & port already be set up? */
787 deliver_host_address = string_copy(host->address);
788 deliver_host_port = host->port == PORT_NONE ? 25 : host->port;
789 event_defer_errno = addr->basic_errno;
790
791 router_name = addr->router->name;
792 transport_name = addr->transport->name;
793 deliver_domain = addr->domain;
794 deliver_localpart = addr->local_part;
795
796 (void) event_raise(action, US"msg:host:defer",
797 addr->message
798 ? addr->basic_errno > 0
799 ? string_sprintf("%s: %s", addr->message, strerror(addr->basic_errno))
800 : string_copy(addr->message)
801 : addr->basic_errno > 0
802 ? string_copy(US strerror(addr->basic_errno))
803 : NULL);
804
805 deliver_localpart = save_local;
806 deliver_domain = save_domain;
807 router_name = transport_name = NULL;
808 }
809 #endif
810
811 /*************************************************
812 * Reap SMTP specific responses *
813 *************************************************/
814 static int
815 smtp_discard_responses(smtp_context * sx, smtp_transport_options_block * ob,
816 int count)
817 {
818 uschar flushbuffer[4096];
819
820 while (count-- > 0)
821 {
822 if (!smtp_read_response(sx, flushbuffer, sizeof(flushbuffer),
823 '2', ob->command_timeout)
824 && (errno != 0 || flushbuffer[0] == 0))
825 break;
826 }
827 return count;
828 }
829
830
831 /* Return boolean success */
832
833 static BOOL
834 smtp_reap_banner(smtp_context * sx)
835 {
836 BOOL good_response = smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),
837 '2', (SOB sx->conn_args.ob)->command_timeout);
838 #ifdef EXPERIMENTAL_DSN_INFO
839 sx->smtp_greeting = string_copy(sx->buffer);
840 #endif
841 return good_response;
842 }
843
844 static BOOL
845 smtp_reap_ehlo(smtp_context * sx)
846 {
847 if (!smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '2',
848 (SOB sx->conn_args.ob)->command_timeout))
849 {
850 if (errno != 0 || sx->buffer[0] == 0 || sx->lmtp)
851 {
852 #ifdef EXPERIMENTAL_DSN_INFO
853 sx->helo_response = string_copy(sx->buffer);
854 #endif
855 return FALSE;
856 }
857 sx->esmtp = FALSE;
858 }
859 #ifdef EXPERIMENTAL_DSN_INFO
860 sx->helo_response = string_copy(sx->buffer);
861 #endif
862 #ifndef DISABLE_EVENT
863 (void) event_raise(sx->conn_args.tblock->event_action,
864 US"smtp:ehlo", sx->buffer);
865 #endif
866 return TRUE;
867 }
868
869
870
871 #ifndef DISABLE_PIPE_CONNECT
872 static uschar *
873 ehlo_cache_key(const smtp_context * sx)
874 {
875 host_item * host = sx->conn_args.host;
876 return Ustrchr(host->address, ':')
877 ? string_sprintf("[%s]:%d.EHLO", host->address,
878 host->port == PORT_NONE ? sx->port : host->port)
879 : string_sprintf("%s:%d.EHLO", host->address,
880 host->port == PORT_NONE ? sx->port : host->port);
881 }
882
883 static void
884 write_ehlo_cache_entry(const smtp_context * sx)
885 {
886 open_db dbblock, * dbm_file;
887
888 if ((dbm_file = dbfn_open(US"misc", O_RDWR, &dbblock, TRUE, TRUE)))
889 {
890 uschar * ehlo_resp_key = ehlo_cache_key(sx);
891 dbdata_ehlo_resp er = { .data = sx->ehlo_resp };
892
893 HDEBUG(D_transport) debug_printf("writing clr %04x/%04x cry %04x/%04x\n",
894 sx->ehlo_resp.cleartext_features, sx->ehlo_resp.cleartext_auths,
895 sx->ehlo_resp.crypted_features, sx->ehlo_resp.crypted_auths);
896
897 dbfn_write(dbm_file, ehlo_resp_key, &er, (int)sizeof(er));
898 dbfn_close(dbm_file);
899 }
900 }
901
902 static void
903 invalidate_ehlo_cache_entry(smtp_context * sx)
904 {
905 open_db dbblock, * dbm_file;
906
907 if ( sx->early_pipe_active
908 && (dbm_file = dbfn_open(US"misc", O_RDWR, &dbblock, TRUE, TRUE)))
909 {
910 uschar * ehlo_resp_key = ehlo_cache_key(sx);
911 dbfn_delete(dbm_file, ehlo_resp_key);
912 dbfn_close(dbm_file);
913 }
914 }
915
916 static BOOL
917 read_ehlo_cache_entry(smtp_context * sx)
918 {
919 open_db dbblock;
920 open_db * dbm_file;
921
922 if (!(dbm_file = dbfn_open(US"misc", O_RDONLY, &dbblock, FALSE, TRUE)))
923 { DEBUG(D_transport) debug_printf("ehlo-cache: no misc DB\n"); }
924 else
925 {
926 uschar * ehlo_resp_key = ehlo_cache_key(sx);
927 dbdata_ehlo_resp * er;
928
929 if (!(er = dbfn_read(dbm_file, ehlo_resp_key)))
930 { DEBUG(D_transport) debug_printf("no ehlo-resp record\n"); }
931 else if (time(NULL) - er->time_stamp > retry_data_expire)
932 {
933 DEBUG(D_transport) debug_printf("ehlo-resp record too old\n");
934 dbfn_close(dbm_file);
935 if ((dbm_file = dbfn_open(US"misc", O_RDWR, &dbblock, TRUE, TRUE)))
936 dbfn_delete(dbm_file, ehlo_resp_key);
937 }
938 else
939 {
940 sx->ehlo_resp = er->data;
941 dbfn_close(dbm_file);
942 DEBUG(D_transport) debug_printf(
943 "EHLO response bits from cache: cleartext 0x%04x crypted 0x%04x\n",
944 er->data.cleartext_features, er->data.crypted_features);
945 return TRUE;
946 }
947 dbfn_close(dbm_file);
948 }
949 return FALSE;
950 }
951
952
953
954 /* Return an auths bitmap for the set of AUTH methods offered by the server
955 which match our authenticators. */
956
957 static unsigned short
958 study_ehlo_auths(smtp_context * sx)
959 {
960 uschar * names;
961 auth_instance * au;
962 uschar authnum;
963 unsigned short authbits = 0;
964
965 if (!sx->esmtp) return 0;
966 if (!regex_AUTH) regex_AUTH = regex_must_compile(AUTHS_REGEX, FALSE, TRUE);
967 if (!regex_match_and_setup(regex_AUTH, sx->buffer, 0, -1)) return 0;
968 expand_nmax = -1; /* reset */
969 names = string_copyn(expand_nstring[1], expand_nlength[1]);
970
971 for (au = auths, authnum = 0; au; au = au->next, authnum++) if (au->client)
972 {
973 const uschar * list = names;
974 int sep = ' ';
975 uschar name[32];
976
977 while (string_nextinlist(&list, &sep, name, sizeof(name)))
978 if (strcmpic(au->public_name, name) == 0)
979 { authbits |= BIT(authnum); break; }
980 }
981
982 DEBUG(D_transport)
983 debug_printf("server offers %s AUTH, methods '%s', bitmap 0x%04x\n",
984 tls_out.active.sock >= 0 ? "crypted" : "plaintext", names, authbits);
985
986 if (tls_out.active.sock >= 0)
987 sx->ehlo_resp.crypted_auths = authbits;
988 else
989 sx->ehlo_resp.cleartext_auths = authbits;
990 return authbits;
991 }
992
993
994
995
996 /* Wait for and check responses for early-pipelining.
997
998 Called from the lower-level smtp_read_response() function
999 used for general code that assume synchronisation, if context
1000 flags indicate outstanding early-pipelining commands. Also
1001 called fom sync_responses() which handles pipelined commands.
1002
1003 Arguments:
1004 sx smtp connection context
1005 countp number of outstanding responses, adjusted on return
1006
1007 Return:
1008 OK all well
1009 DEFER error on first read of TLS'd conn
1010 FAIL SMTP error in response
1011 */
1012 int
1013 smtp_reap_early_pipe(smtp_context * sx, int * countp)
1014 {
1015 BOOL pending_BANNER = sx->pending_BANNER;
1016 BOOL pending_EHLO = sx->pending_EHLO;
1017 int rc = FAIL;
1018
1019 sx->pending_BANNER = FALSE; /* clear early to avoid recursion */
1020 sx->pending_EHLO = FALSE;
1021
1022 if (pending_BANNER)
1023 {
1024 DEBUG(D_transport) debug_printf("%s expect banner\n", __FUNCTION__);
1025 (*countp)--;
1026 if (!smtp_reap_banner(sx))
1027 {
1028 DEBUG(D_transport) debug_printf("bad banner\n");
1029 if (tls_out.active.sock >= 0) rc = DEFER;
1030 goto fail;
1031 }
1032 }
1033
1034 if (pending_EHLO)
1035 {
1036 unsigned peer_offered;
1037 unsigned short authbits = 0, * ap;
1038
1039 DEBUG(D_transport) debug_printf("%s expect ehlo\n", __FUNCTION__);
1040 (*countp)--;
1041 if (!smtp_reap_ehlo(sx))
1042 {
1043 DEBUG(D_transport) debug_printf("bad response for EHLO\n");
1044 if (tls_out.active.sock >= 0) rc = DEFER;
1045 goto fail;
1046 }
1047
1048 /* Compare the actual EHLO response to the cached value we assumed;
1049 on difference, dump or rewrite the cache and arrange for a retry. */
1050
1051 ap = tls_out.active.sock < 0
1052 ? &sx->ehlo_resp.cleartext_auths : &sx->ehlo_resp.crypted_auths;
1053
1054 peer_offered = ehlo_response(sx->buffer,
1055 (tls_out.active.sock < 0 ? OPTION_TLS : 0)
1056 | OPTION_CHUNKING | OPTION_PRDR | OPTION_DSN | OPTION_PIPE | OPTION_SIZE
1057 | OPTION_UTF8 | OPTION_EARLY_PIPE
1058 );
1059 if ( peer_offered != sx->peer_offered
1060 || (authbits = study_ehlo_auths(sx)) != *ap)
1061 {
1062 HDEBUG(D_transport)
1063 debug_printf("EHLO %s extensions changed, 0x%04x/0x%04x -> 0x%04x/0x%04x\n",
1064 tls_out.active.sock < 0 ? "cleartext" : "crypted",
1065 sx->peer_offered, *ap, peer_offered, authbits);
1066 *(tls_out.active.sock < 0
1067 ? &sx->ehlo_resp.cleartext_features : &sx->ehlo_resp.crypted_features) = peer_offered;
1068 *ap = authbits;
1069 if (peer_offered & OPTION_EARLY_PIPE)
1070 write_ehlo_cache_entry(sx);
1071 else
1072 invalidate_ehlo_cache_entry(sx);
1073
1074 return OK; /* just carry on */
1075 }
1076 }
1077 return OK;
1078
1079 fail:
1080 invalidate_ehlo_cache_entry(sx);
1081 (void) smtp_discard_responses(sx, sx->conn_args.ob, *countp);
1082 return rc;
1083 }
1084 #endif
1085
1086
1087 /*************************************************
1088 * Synchronize SMTP responses *
1089 *************************************************/
1090
1091 /* This function is called from smtp_deliver() to receive SMTP responses from
1092 the server, and match them up with the commands to which they relate. When
1093 PIPELINING is not in use, this function is called after every command, and is
1094 therefore somewhat over-engineered, but it is simpler to use a single scheme
1095 that works both with and without PIPELINING instead of having two separate sets
1096 of code.
1097
1098 The set of commands that are buffered up with pipelining may start with MAIL
1099 and may end with DATA; in between are RCPT commands that correspond to the
1100 addresses whose status is PENDING_DEFER. All other commands (STARTTLS, AUTH,
1101 etc.) are never buffered.
1102
1103 Errors after MAIL or DATA abort the whole process leaving the response in the
1104 buffer. After MAIL, pending responses are flushed, and the original command is
1105 re-instated in big_buffer for error messages. For RCPT commands, the remote is
1106 permitted to reject some recipient addresses while accepting others. However
1107 certain errors clearly abort the whole process. Set the value in
1108 transport_return to PENDING_OK if the address is accepted. If there is a
1109 subsequent general error, it will get reset accordingly. If not, it will get
1110 converted to OK at the end.
1111
1112 Arguments:
1113 sx smtp connection context
1114 count the number of responses to read
1115 pending_DATA 0 if last command sent was not DATA
1116 +1 if previously had a good recipient
1117 -1 if not previously had a good recipient
1118
1119 Returns: 3 if at least one address had 2xx and one had 5xx
1120 2 if at least one address had 5xx but none had 2xx
1121 1 if at least one host had a 2xx response, but none had 5xx
1122 0 no address had 2xx or 5xx but no errors (all 4xx, or just DATA)
1123 -1 timeout while reading RCPT response
1124 -2 I/O or other non-response error for RCPT
1125 -3 DATA or MAIL failed - errno and buffer set
1126 -4 banner or EHLO failed (early-pipelining)
1127 -5 banner or EHLO failed (early-pipelining, TLS)
1128 */
1129
1130 static int
1131 sync_responses(smtp_context * sx, int count, int pending_DATA)
1132 {
1133 address_item * addr = sx->sync_addr;
1134 smtp_transport_options_block * ob = sx->conn_args.ob;
1135 int yield = 0;
1136
1137 #ifndef DISABLE_PIPE_CONNECT
1138 int rc;
1139 if ((rc = smtp_reap_early_pipe(sx, &count)) != OK)
1140 return rc == FAIL ? -4 : -5;
1141 #endif
1142
1143 /* Handle the response for a MAIL command. On error, reinstate the original
1144 command in big_buffer for error message use, and flush any further pending
1145 responses before returning, except after I/O errors and timeouts. */
1146
1147 if (sx->pending_MAIL)
1148 {
1149 DEBUG(D_transport) debug_printf("%s expect mail\n", __FUNCTION__);
1150 count--;
1151 if (!smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),
1152 '2', ob->command_timeout))
1153 {
1154 DEBUG(D_transport) debug_printf("bad response for MAIL\n");
1155 Ustrcpy(big_buffer, mail_command); /* Fits, because it came from there! */
1156 if (errno == ERRNO_TLSFAILURE)
1157 return -5;
1158 if (errno == 0 && sx->buffer[0] != 0)
1159 {
1160 int save_errno = 0;
1161 if (sx->buffer[0] == '4')
1162 {
1163 save_errno = ERRNO_MAIL4XX;
1164 addr->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
1165 }
1166 count = smtp_discard_responses(sx, ob, count);
1167 errno = save_errno;
1168 }
1169
1170 if (pending_DATA) count--; /* Number of RCPT responses to come */
1171 while (count-- > 0) /* Mark any pending addrs with the host used */
1172 {
1173 while (addr->transport_return != PENDING_DEFER) addr = addr->next;
1174 addr->host_used = sx->conn_args.host;
1175 addr = addr->next;
1176 }
1177 return -3;
1178 }
1179 }
1180
1181 if (pending_DATA) count--; /* Number of RCPT responses to come */
1182
1183 /* Read and handle the required number of RCPT responses, matching each one up
1184 with an address by scanning for the next address whose status is PENDING_DEFER.
1185 */
1186
1187 while (count-- > 0)
1188 {
1189 while (addr->transport_return != PENDING_DEFER)
1190 if (!(addr = addr->next))
1191 return -2;
1192
1193 /* The address was accepted */
1194 addr->host_used = sx->conn_args.host;
1195
1196 DEBUG(D_transport) debug_printf("%s expect rcpt\n", __FUNCTION__);
1197 if (smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),
1198 '2', ob->command_timeout))
1199 {
1200 yield |= 1;
1201 addr->transport_return = PENDING_OK;
1202
1203 /* If af_dr_retry_exists is set, there was a routing delay on this address;
1204 ensure that any address-specific retry record is expunged. We do this both
1205 for the basic key and for the version that also includes the sender. */
1206
1207 if (testflag(addr, af_dr_retry_exists))
1208 {
1209 uschar *altkey = string_sprintf("%s:<%s>", addr->address_retry_key,
1210 sender_address);
1211 retry_add_item(addr, altkey, rf_delete);
1212 retry_add_item(addr, addr->address_retry_key, rf_delete);
1213 }
1214 }
1215
1216 /* Error on first TLS read */
1217
1218 else if (errno == ERRNO_TLSFAILURE)
1219 return -5;
1220
1221 /* Timeout while reading the response */
1222
1223 else if (errno == ETIMEDOUT)
1224 {
1225 uschar *message = string_sprintf("SMTP timeout after RCPT TO:<%s>",
1226 transport_rcpt_address(addr, sx->conn_args.tblock->rcpt_include_affixes));
1227 set_errno_nohost(sx->first_addr, ETIMEDOUT, message, DEFER, FALSE);
1228 retry_add_item(addr, addr->address_retry_key, 0);
1229 update_waiting = FALSE;
1230 return -1;
1231 }
1232
1233 /* Handle other errors in obtaining an SMTP response by returning -1. This
1234 will cause all the addresses to be deferred. Restore the SMTP command in
1235 big_buffer for which we are checking the response, so the error message
1236 makes sense. */
1237
1238 else if (errno != 0 || sx->buffer[0] == 0)
1239 {
1240 gstring gs = { .size = big_buffer_size, .ptr = 0, .s = big_buffer }, * g = &gs;
1241
1242 /* Use taint-unchecked routines for writing into big_buffer, trusting
1243 that we'll never expand it. */
1244
1245 g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, "RCPT TO:<%s>",
1246 transport_rcpt_address(addr, sx->conn_args.tblock->rcpt_include_affixes));
1247 string_from_gstring(g);
1248 return -2;
1249 }
1250
1251 /* Handle SMTP permanent and temporary response codes. */
1252
1253 else
1254 {
1255 addr->message =
1256 string_sprintf("SMTP error from remote mail server after RCPT TO:<%s>: "
1257 "%s", transport_rcpt_address(addr, sx->conn_args.tblock->rcpt_include_affixes),
1258 string_printing(sx->buffer));
1259 setflag(addr, af_pass_message);
1260 if (!sx->verify)
1261 msglog_line(sx->conn_args.host, addr->message);
1262
1263 /* The response was 5xx */
1264
1265 if (sx->buffer[0] == '5')
1266 {
1267 addr->transport_return = FAIL;
1268 yield |= 2;
1269 }
1270
1271 /* The response was 4xx */
1272
1273 else
1274 {
1275 addr->transport_return = DEFER;
1276 addr->basic_errno = ERRNO_RCPT4XX;
1277 addr->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
1278
1279 if (!sx->verify)
1280 {
1281 #ifndef DISABLE_EVENT
1282 event_defer_errno = addr->more_errno;
1283 msg_event_raise(US"msg:rcpt:host:defer", addr);
1284 #endif
1285
1286 /* Log temporary errors if there are more hosts to be tried.
1287 If not, log this last one in the == line. */
1288
1289 if (sx->conn_args.host->next)
1290 if (LOGGING(outgoing_port))
1291 log_write(0, LOG_MAIN, "H=%s [%s]:%d %s", sx->conn_args.host->name,
1292 sx->conn_args.host->address,
1293 sx->port == PORT_NONE ? 25 : sx->port, addr->message);
1294 else
1295 log_write(0, LOG_MAIN, "H=%s [%s]: %s", sx->conn_args.host->name,
1296 sx->conn_args.host->address, addr->message);
1297
1298 #ifndef DISABLE_EVENT
1299 else
1300 msg_event_raise(US"msg:rcpt:defer", addr);
1301 #endif
1302
1303 /* Do not put this message on the list of those waiting for specific
1304 hosts, as otherwise it is likely to be tried too often. */
1305
1306 update_waiting = FALSE;
1307
1308 /* Add a retry item for the address so that it doesn't get tried again
1309 too soon. If address_retry_include_sender is true, add the sender address
1310 to the retry key. */
1311
1312 retry_add_item(addr,
1313 ob->address_retry_include_sender
1314 ? string_sprintf("%s:<%s>", addr->address_retry_key, sender_address)
1315 : addr->address_retry_key,
1316 0);
1317 }
1318 }
1319 }
1320 } /* Loop for next RCPT response */
1321
1322 /* Update where to start at for the next block of responses, unless we
1323 have already handled all the addresses. */
1324
1325 if (addr) sx->sync_addr = addr->next;
1326
1327 /* Handle a response to DATA. If we have not had any good recipients, either
1328 previously or in this block, the response is ignored. */
1329
1330 if (pending_DATA != 0)
1331 {
1332 DEBUG(D_transport) debug_printf("%s expect data\n", __FUNCTION__);
1333 if (!smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),
1334 '3', ob->command_timeout))
1335 {
1336 int code;
1337 uschar *msg;
1338 BOOL pass_message;
1339
1340 if (errno == ERRNO_TLSFAILURE) /* Error on first TLS read */
1341 return -5;
1342
1343 if (pending_DATA > 0 || (yield & 1) != 0)
1344 {
1345 if (errno == 0 && sx->buffer[0] == '4')
1346 {
1347 errno = ERRNO_DATA4XX;
1348 sx->first_addr->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
1349 }
1350 return -3;
1351 }
1352 (void)check_response(sx->conn_args.host, &errno, 0, sx->buffer, &code, &msg, &pass_message);
1353 DEBUG(D_transport) debug_printf("%s\nerror for DATA ignored: pipelining "
1354 "is in use and there were no good recipients\n", msg);
1355 }
1356 }
1357
1358 /* All responses read and handled; MAIL (if present) received 2xx and DATA (if
1359 present) received 3xx. If any RCPTs were handled and yielded anything other
1360 than 4xx, yield will be set non-zero. */
1361
1362 return yield;
1363 }
1364
1365
1366
1367
1368
1369 /* Try an authenticator's client entry */
1370
1371 static int
1372 try_authenticator(smtp_context * sx, auth_instance * au)
1373 {
1374 smtp_transport_options_block * ob = sx->conn_args.ob; /* transport options */
1375 host_item * host = sx->conn_args.host; /* host to deliver to */
1376 int rc;
1377
1378 sx->outblock.authenticating = TRUE;
1379 rc = (au->info->clientcode)(au, sx, ob->command_timeout,
1380 sx->buffer, sizeof(sx->buffer));
1381 sx->outblock.authenticating = FALSE;
1382 DEBUG(D_transport) debug_printf("%s authenticator yielded %d\n", au->name, rc);
1383
1384 /* A temporary authentication failure must hold up delivery to
1385 this host. After a permanent authentication failure, we carry on
1386 to try other authentication methods. If all fail hard, try to
1387 deliver the message unauthenticated unless require_auth was set. */
1388
1389 switch(rc)
1390 {
1391 case OK:
1392 f.smtp_authenticated = TRUE; /* stops the outer loop */
1393 client_authenticator = au->name;
1394 if (au->set_client_id)
1395 client_authenticated_id = expand_string(au->set_client_id);
1396 break;
1397
1398 /* Failure after writing a command */
1399
1400 case FAIL_SEND:
1401 return FAIL_SEND;
1402
1403 /* Failure after reading a response */
1404
1405 case FAIL:
1406 if (errno != 0 || sx->buffer[0] != '5') return FAIL;
1407 log_write(0, LOG_MAIN, "%s authenticator failed H=%s [%s] %s",
1408 au->name, host->name, host->address, sx->buffer);
1409 break;
1410
1411 /* Failure by some other means. In effect, the authenticator
1412 decided it wasn't prepared to handle this case. Typically this
1413 is the result of "fail" in an expansion string. Do we need to
1414 log anything here? Feb 2006: a message is now put in the buffer
1415 if logging is required. */
1416
1417 case CANCELLED:
1418 if (*sx->buffer != 0)
1419 log_write(0, LOG_MAIN, "%s authenticator cancelled "
1420 "authentication H=%s [%s] %s", au->name, host->name,
1421 host->address, sx->buffer);
1422 break;
1423
1424 /* Internal problem, message in buffer. */
1425
1426 case ERROR:
1427 set_errno_nohost(sx->addrlist, ERRNO_AUTHPROB, string_copy(sx->buffer),
1428 DEFER, FALSE);
1429 return ERROR;
1430 }
1431 return OK;
1432 }
1433
1434
1435
1436
1437 /* Do the client side of smtp-level authentication.
1438
1439 Arguments:
1440 sx smtp connection context
1441
1442 sx->buffer should have the EHLO response from server (gets overwritten)
1443
1444 Returns:
1445 OK Success, or failed (but not required): global "smtp_authenticated" set
1446 DEFER Failed authentication (and was required)
1447 ERROR Internal problem
1448
1449 FAIL_SEND Failed communications - transmit
1450 FAIL - response
1451 */
1452
1453 static int
1454 smtp_auth(smtp_context * sx)
1455 {
1456 host_item * host = sx->conn_args.host; /* host to deliver to */
1457 smtp_transport_options_block * ob = sx->conn_args.ob; /* transport options */
1458 int require_auth = verify_check_given_host(CUSS &ob->hosts_require_auth, host);
1459 #ifndef DISABLE_PIPE_CONNECT
1460 unsigned short authbits = tls_out.active.sock >= 0
1461 ? sx->ehlo_resp.crypted_auths : sx->ehlo_resp.cleartext_auths;
1462 #endif
1463 uschar * fail_reason = US"server did not advertise AUTH support";
1464
1465 f.smtp_authenticated = FALSE;
1466 client_authenticator = client_authenticated_id = client_authenticated_sender = NULL;
1467
1468 if (!regex_AUTH)
1469 regex_AUTH = regex_must_compile(AUTHS_REGEX, FALSE, TRUE);
1470
1471 /* Is the server offering AUTH? */
1472
1473 if ( sx->esmtp
1474 &&
1475 #ifndef DISABLE_PIPE_CONNECT
1476 sx->early_pipe_active ? authbits
1477 :
1478 #endif
1479 regex_match_and_setup(regex_AUTH, sx->buffer, 0, -1)
1480 )
1481 {
1482 uschar * names = NULL;
1483 expand_nmax = -1; /* reset */
1484
1485 #ifndef DISABLE_PIPE_CONNECT
1486 if (!sx->early_pipe_active)
1487 #endif
1488 names = string_copyn(expand_nstring[1], expand_nlength[1]);
1489
1490 /* Must not do this check until after we have saved the result of the
1491 regex match above as the check could be another RE. */
1492
1493 if ( require_auth == OK
1494 || verify_check_given_host(CUSS &ob->hosts_try_auth, host) == OK)
1495 {
1496 DEBUG(D_transport) debug_printf("scanning authentication mechanisms\n");
1497 fail_reason = US"no common mechanisms were found";
1498
1499 #ifndef DISABLE_PIPE_CONNECT
1500 if (sx->early_pipe_active)
1501 {
1502 /* Scan our authenticators (which support use by a client and were offered
1503 by the server (checked at cache-write time)), not suppressed by
1504 client_condition. If one is found, attempt to authenticate by calling its
1505 client function. We are limited to supporting up to 16 authenticator
1506 public-names by the number of bits in a short. */
1507
1508 auth_instance * au;
1509 uschar bitnum;
1510 int rc;
1511
1512 for (bitnum = 0, au = auths;
1513 !f.smtp_authenticated && au && bitnum < 16;
1514 bitnum++, au = au->next) if (authbits & BIT(bitnum))
1515 {
1516 if ( au->client_condition
1517 && !expand_check_condition(au->client_condition, au->name,
1518 US"client authenticator"))
1519 {
1520 DEBUG(D_transport) debug_printf("skipping %s authenticator: %s\n",
1521 au->name, "client_condition is false");
1522 continue;
1523 }
1524
1525 /* Found data for a listed mechanism. Call its client entry. Set
1526 a flag in the outblock so that data is overwritten after sending so
1527 that reflections don't show it. */
1528
1529 fail_reason = US"authentication attempt(s) failed";
1530
1531 if ((rc = try_authenticator(sx, au)) != OK)
1532 return rc;
1533 }
1534 }
1535 else
1536 #endif
1537
1538 /* Scan the configured authenticators looking for one which is configured
1539 for use as a client, which is not suppressed by client_condition, and
1540 whose name matches an authentication mechanism supported by the server.
1541 If one is found, attempt to authenticate by calling its client function.
1542 */
1543
1544 for (auth_instance * au = auths; !f.smtp_authenticated && au; au = au->next)
1545 {
1546 uschar *p = names;
1547
1548 if ( !au->client
1549 || ( au->client_condition
1550 && !expand_check_condition(au->client_condition, au->name,
1551 US"client authenticator")))
1552 {
1553 DEBUG(D_transport) debug_printf("skipping %s authenticator: %s\n",
1554 au->name,
1555 (au->client)? "client_condition is false" :
1556 "not configured as a client");
1557 continue;
1558 }
1559
1560 /* Loop to scan supported server mechanisms */
1561
1562 while (*p)
1563 {
1564 int len = Ustrlen(au->public_name);
1565 int rc;
1566
1567 while (isspace(*p)) p++;
1568
1569 if (strncmpic(au->public_name, p, len) != 0 ||
1570 (p[len] != 0 && !isspace(p[len])))
1571 {
1572 while (*p != 0 && !isspace(*p)) p++;
1573 continue;
1574 }
1575
1576 /* Found data for a listed mechanism. Call its client entry. Set
1577 a flag in the outblock so that data is overwritten after sending so
1578 that reflections don't show it. */
1579
1580 fail_reason = US"authentication attempt(s) failed";
1581
1582 if ((rc = try_authenticator(sx, au)) != OK)
1583 return rc;
1584
1585 break; /* If not authenticated, try next authenticator */
1586 } /* Loop for scanning supported server mechanisms */
1587 } /* Loop for further authenticators */
1588 }
1589 }
1590
1591 /* If we haven't authenticated, but are required to, give up. */
1592
1593 if (require_auth == OK && !f.smtp_authenticated)
1594 {
1595 set_errno_nohost(sx->addrlist, ERRNO_AUTHFAIL,
1596 string_sprintf("authentication required but %s", fail_reason), DEFER,
1597 FALSE);
1598 return DEFER;
1599 }
1600
1601 return OK;
1602 }
1603
1604
1605 /* Construct AUTH appendix string for MAIL TO */
1606 /*
1607 Arguments
1608 buffer to build string
1609 addrlist chain of potential addresses to deliver
1610 ob transport options
1611
1612 Globals f.smtp_authenticated
1613 client_authenticated_sender
1614 Return True on error, otherwise buffer has (possibly empty) terminated string
1615 */
1616
1617 static BOOL
1618 smtp_mail_auth_str(uschar *buffer, unsigned bufsize, address_item *addrlist,
1619 smtp_transport_options_block *ob)
1620 {
1621 uschar * local_authenticated_sender = authenticated_sender;
1622
1623 #ifdef notdef
1624 debug_printf("smtp_mail_auth_str: as<%s> os<%s> SA<%s>\n", authenticated_sender, ob->authenticated_sender, f.smtp_authenticated?"Y":"N");
1625 #endif
1626
1627 if (ob->authenticated_sender)
1628 {
1629 uschar *new = expand_string(ob->authenticated_sender);
1630 if (!new)
1631 {
1632 if (!f.expand_string_forcedfail)
1633 {
1634 uschar *message = string_sprintf("failed to expand "
1635 "authenticated_sender: %s", expand_string_message);
1636 set_errno_nohost(addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE);
1637 return TRUE;
1638 }
1639 }
1640 else if (*new) local_authenticated_sender = new;
1641 }
1642
1643 /* Add the authenticated sender address if present */
1644
1645 if ( (f.smtp_authenticated || ob->authenticated_sender_force)
1646 && local_authenticated_sender)
1647 {
1648 string_format_nt(buffer, bufsize, " AUTH=%s",
1649 auth_xtextencode(local_authenticated_sender,
1650 Ustrlen(local_authenticated_sender)));
1651 client_authenticated_sender = string_copy(local_authenticated_sender);
1652 }
1653 else
1654 *buffer= 0;
1655
1656 return FALSE;
1657 }
1658
1659
1660
1661 #ifdef SUPPORT_DANE
1662 /* Lookup TLSA record for host/port.
1663 Return: OK success with dnssec; DANE mode
1664 DEFER Do not use this host now, may retry later
1665 FAIL_FORCED No TLSA record; DANE not usable
1666 FAIL Do not use this connection
1667 */
1668
1669 int
1670 tlsa_lookup(const host_item * host, dns_answer * dnsa, BOOL dane_required)
1671 {
1672 /* move this out to host.c given the similarity to dns_lookup() ? */
1673 uschar buffer[300];
1674 const uschar * fullname = buffer;
1675 int rc;
1676 BOOL sec;
1677
1678 /* TLSA lookup string */
1679 (void)sprintf(CS buffer, "_%d._tcp.%.256s", host->port, host->name);
1680
1681 rc = dns_lookup(dnsa, buffer, T_TLSA, &fullname);
1682 sec = dns_is_secure(dnsa);
1683 DEBUG(D_transport)
1684 debug_printf("TLSA lookup ret %d %sDNSSEC\n", rc, sec ? "" : "not ");
1685
1686 switch (rc)
1687 {
1688 case DNS_AGAIN:
1689 return DEFER; /* just defer this TLS'd conn */
1690
1691 case DNS_SUCCEED:
1692 if (sec)
1693 {
1694 DEBUG(D_transport)
1695 {
1696 dns_scan dnss;
1697 for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;
1698 rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
1699 if (rr->type == T_TLSA && rr->size > 3)
1700 {
1701 uint16_t payload_length = rr->size - 3;
1702 uschar s[MAX_TLSA_EXPANDED_SIZE], * sp = s, * p = US rr->data;
1703
1704 sp += sprintf(CS sp, "%d ", *p++); /* usage */
1705 sp += sprintf(CS sp, "%d ", *p++); /* selector */
1706 sp += sprintf(CS sp, "%d ", *p++); /* matchtype */
1707 while (payload_length-- > 0 && sp-s < (MAX_TLSA_EXPANDED_SIZE - 4))
1708 sp += sprintf(CS sp, "%02x", *p++);
1709
1710 debug_printf(" %s\n", s);
1711 }
1712 }
1713 return OK;
1714 }
1715 log_write(0, LOG_MAIN,
1716 "DANE error: TLSA lookup for %s not DNSSEC", host->name);
1717 /*FALLTRHOUGH*/
1718
1719 case DNS_NODATA: /* no TLSA RR for this lookup */
1720 case DNS_NOMATCH: /* no records at all for this lookup */
1721 return dane_required ? FAIL : FAIL_FORCED;
1722
1723 default:
1724 case DNS_FAIL:
1725 return dane_required ? FAIL : DEFER;
1726 }
1727 }
1728 #endif
1729
1730
1731
1732 typedef struct smtp_compare_s
1733 {
1734 uschar *current_sender_address;
1735 struct transport_instance *tblock;
1736 } smtp_compare_t;
1737
1738
1739 /* Create a unique string that identifies this message, it is based on
1740 sender_address, helo_data and tls_certificate if enabled.
1741 */
1742
1743 static uschar *
1744 smtp_local_identity(uschar * sender, struct transport_instance * tblock)
1745 {
1746 address_item * addr1;
1747 uschar * if1 = US"";
1748 uschar * helo1 = US"";
1749 #ifndef DISABLE_TLS
1750 uschar * tlsc1 = US"";
1751 #endif
1752 uschar * save_sender_address = sender_address;
1753 uschar * local_identity = NULL;
1754 smtp_transport_options_block * ob = SOB tblock->options_block;
1755
1756 sender_address = sender;
1757
1758 addr1 = deliver_make_addr (sender, TRUE);
1759 deliver_set_expansions(addr1);
1760
1761 if (ob->interface)
1762 if1 = expand_string(ob->interface);
1763
1764 if (ob->helo_data)
1765 helo1 = expand_string(ob->helo_data);
1766
1767 #ifndef DISABLE_TLS
1768 if (ob->tls_certificate)
1769 tlsc1 = expand_string(ob->tls_certificate);
1770 local_identity = string_sprintf ("%s^%s^%s", if1, helo1, tlsc1);
1771 #else
1772 local_identity = string_sprintf ("%s^%s", if1, helo1);
1773 #endif
1774
1775 deliver_set_expansions(NULL);
1776 sender_address = save_sender_address;
1777
1778 return local_identity;
1779 }
1780
1781
1782
1783 /* This routine is a callback that is called from transport_check_waiting.
1784 This function will evaluate the incoming message versus the previous
1785 message. If the incoming message is using a different local identity then
1786 we will veto this new message. */
1787
1788 static BOOL
1789 smtp_are_same_identities(uschar * message_id, smtp_compare_t * s_compare)
1790 {
1791 uschar * message_local_identity,
1792 * current_local_identity,
1793 * new_sender_address;
1794
1795 current_local_identity =
1796 smtp_local_identity(s_compare->current_sender_address, s_compare->tblock);
1797
1798 if (!(new_sender_address = deliver_get_sender_address(message_id)))
1799 return 0;
1800
1801 message_local_identity =
1802 smtp_local_identity(new_sender_address, s_compare->tblock);
1803
1804 return Ustrcmp(current_local_identity, message_local_identity) == 0;
1805 }
1806
1807
1808
1809 static unsigned
1810 ehlo_response(uschar * buf, unsigned checks)
1811 {
1812 size_t bsize = Ustrlen(buf);
1813
1814 /* debug_printf("%s: check for 0x%04x\n", __FUNCTION__, checks); */
1815
1816 #ifndef DISABLE_TLS
1817 if ( checks & OPTION_TLS
1818 && pcre_exec(regex_STARTTLS, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
1819 #endif
1820 checks &= ~OPTION_TLS;
1821
1822 if ( checks & OPTION_IGNQ
1823 && pcre_exec(regex_IGNOREQUOTA, NULL, CS buf, bsize, 0,
1824 PCRE_EOPT, NULL, 0) < 0)
1825 checks &= ~OPTION_IGNQ;
1826
1827 if ( checks & OPTION_CHUNKING
1828 && pcre_exec(regex_CHUNKING, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
1829 checks &= ~OPTION_CHUNKING;
1830
1831 #ifndef DISABLE_PRDR
1832 if ( checks & OPTION_PRDR
1833 && pcre_exec(regex_PRDR, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
1834 #endif
1835 checks &= ~OPTION_PRDR;
1836
1837 #ifdef SUPPORT_I18N
1838 if ( checks & OPTION_UTF8
1839 && pcre_exec(regex_UTF8, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
1840 #endif
1841 checks &= ~OPTION_UTF8;
1842
1843 if ( checks & OPTION_DSN
1844 && pcre_exec(regex_DSN, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
1845 checks &= ~OPTION_DSN;
1846
1847 if ( checks & OPTION_PIPE
1848 && pcre_exec(regex_PIPELINING, NULL, CS buf, bsize, 0,
1849 PCRE_EOPT, NULL, 0) < 0)
1850 checks &= ~OPTION_PIPE;
1851
1852 if ( checks & OPTION_SIZE
1853 && pcre_exec(regex_SIZE, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
1854 checks &= ~OPTION_SIZE;
1855
1856 #ifndef DISABLE_PIPE_CONNECT
1857 if ( checks & OPTION_EARLY_PIPE
1858 && pcre_exec(regex_EARLY_PIPE, NULL, CS buf, bsize, 0,
1859 PCRE_EOPT, NULL, 0) < 0)
1860 #endif
1861 checks &= ~OPTION_EARLY_PIPE;
1862
1863 /* debug_printf("%s: found 0x%04x\n", __FUNCTION__, checks); */
1864 return checks;
1865 }
1866
1867
1868
1869 /* Callback for emitting a BDAT data chunk header.
1870
1871 If given a nonzero size, first flush any buffered SMTP commands
1872 then emit the command.
1873
1874 Reap previous SMTP command responses if requested, and always reap
1875 the response from a previous BDAT command.
1876
1877 Args:
1878 tctx transport context
1879 chunk_size value for SMTP BDAT command
1880 flags
1881 tc_chunk_last add LAST option to SMTP BDAT command
1882 tc_reap_prev reap response to previous SMTP commands
1883
1884 Returns:
1885 OK or ERROR
1886 DEFER TLS error on first read (EHLO-resp); errno set
1887 */
1888
1889 static int
1890 smtp_chunk_cmd_callback(transport_ctx * tctx, unsigned chunk_size,
1891 unsigned flags)
1892 {
1893 smtp_transport_options_block * ob = SOB tctx->tblock->options_block;
1894 smtp_context * sx = tctx->smtp_context;
1895 int cmd_count = 0;
1896 int prev_cmd_count;
1897
1898 /* Write SMTP chunk header command. If not reaping responses, note that
1899 there may be more writes (like, the chunk data) done soon. */
1900
1901 if (chunk_size > 0)
1902 {
1903 #ifndef DISABLE_PIPE_CONNECT
1904 BOOL new_conn = !!(sx->outblock.conn_args);
1905 #endif
1906 if((cmd_count = smtp_write_command(sx,
1907 flags & tc_reap_prev ? SCMD_FLUSH : SCMD_MORE,
1908 "BDAT %u%s\r\n", chunk_size, flags & tc_chunk_last ? " LAST" : "")
1909 ) < 0) return ERROR;
1910 if (flags & tc_chunk_last)
1911 data_command = string_copy(big_buffer); /* Save for later error message */
1912 #ifndef DISABLE_PIPE_CONNECT
1913 /* That command write could have been the one that made the connection.
1914 Copy the fd from the client conn ctx (smtp transport specific) to the
1915 generic transport ctx. */
1916
1917 if (new_conn)
1918 tctx->u.fd = sx->outblock.cctx->sock;
1919 #endif
1920 }
1921
1922 prev_cmd_count = cmd_count += sx->cmd_count;
1923
1924 /* Reap responses for any previous, but not one we just emitted */
1925
1926 if (chunk_size > 0)
1927 prev_cmd_count--;
1928 if (sx->pending_BDAT)
1929 prev_cmd_count--;
1930
1931 if (flags & tc_reap_prev && prev_cmd_count > 0)
1932 {
1933 DEBUG(D_transport) debug_printf("look for %d responses"
1934 " for previous pipelined cmds\n", prev_cmd_count);
1935
1936 switch(sync_responses(sx, prev_cmd_count, 0))
1937 {
1938 case 1: /* 2xx (only) => OK */
1939 case 3: sx->good_RCPT = TRUE; /* 2xx & 5xx => OK & progress made */
1940 case 2: sx->completed_addr = TRUE; /* 5xx (only) => progress made */
1941 case 0: break; /* No 2xx or 5xx, but no probs */
1942
1943 case -5: errno = ERRNO_TLSFAILURE;
1944 return DEFER;
1945 #ifndef DISABLE_PIPE_CONNECT
1946 case -4: /* non-2xx for pipelined banner or EHLO */
1947 #endif
1948 case -1: /* Timeout on RCPT */
1949 default: return ERROR; /* I/O error, or any MAIL/DATA error */
1950 }
1951 cmd_count = 1;
1952 if (!sx->pending_BDAT)
1953 pipelining_active = FALSE;
1954 }
1955
1956 /* Reap response for an outstanding BDAT */
1957
1958 if (sx->pending_BDAT)
1959 {
1960 DEBUG(D_transport) debug_printf("look for one response for BDAT\n");
1961
1962 if (!smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '2',
1963 ob->command_timeout))
1964 {
1965 if (errno == 0 && sx->buffer[0] == '4')
1966 {
1967 errno = ERRNO_DATA4XX; /*XXX does this actually get used? */
1968 sx->addrlist->more_errno |=
1969 ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
1970 }
1971 return ERROR;
1972 }
1973 cmd_count--;
1974 sx->pending_BDAT = FALSE;
1975 pipelining_active = FALSE;
1976 }
1977 else if (chunk_size > 0)
1978 sx->pending_BDAT = TRUE;
1979
1980
1981 sx->cmd_count = cmd_count;
1982 return OK;
1983 }
1984
1985
1986
1987
1988
1989 /*************************************************
1990 * Make connection for given message *
1991 *************************************************/
1992
1993 /*
1994 Arguments:
1995 ctx connection context
1996 suppress_tls if TRUE, don't attempt a TLS connection - this is set for
1997 a second attempt after TLS initialization fails
1998
1999 Returns: OK - the connection was made and the delivery attempted;
2000 fd is set in the conn context, tls_out set up.
2001 DEFER - the connection could not be made, or something failed
2002 while setting up the SMTP session, or there was a
2003 non-message-specific error, such as a timeout.
2004 ERROR - helo_data or add_headers or authenticated_sender is
2005 specified for this transport, and the string failed
2006 to expand
2007 */
2008 int
2009 smtp_setup_conn(smtp_context * sx, BOOL suppress_tls)
2010 {
2011 smtp_transport_options_block * ob = sx->conn_args.tblock->options_block;
2012 BOOL pass_message = FALSE;
2013 uschar * message = NULL;
2014 int yield = OK;
2015 #ifndef DISABLE_TLS
2016 uschar * tls_errstr;
2017 #endif
2018
2019 sx->conn_args.ob = ob;
2020
2021 sx->lmtp = strcmpic(ob->protocol, US"lmtp") == 0;
2022 sx->smtps = strcmpic(ob->protocol, US"smtps") == 0;
2023 sx->ok = FALSE;
2024 sx->send_rset = TRUE;
2025 sx->send_quit = TRUE;
2026 sx->setting_up = TRUE;
2027 sx->esmtp = TRUE;
2028 sx->esmtp_sent = FALSE;
2029 #ifdef SUPPORT_I18N
2030 sx->utf8_needed = FALSE;
2031 #endif
2032 sx->dsn_all_lasthop = TRUE;
2033 #ifdef SUPPORT_DANE
2034 sx->conn_args.dane = FALSE;
2035 sx->dane_required =
2036 verify_check_given_host(CUSS &ob->hosts_require_dane, sx->conn_args.host) == OK;
2037 #endif
2038 #ifndef DISABLE_PIPE_CONNECT
2039 sx->early_pipe_active = sx->early_pipe_ok = FALSE;
2040 sx->ehlo_resp.cleartext_features = sx->ehlo_resp.crypted_features = 0;
2041 sx->pending_BANNER = sx->pending_EHLO = FALSE;
2042 #endif
2043
2044 if ((sx->max_rcpt = sx->conn_args.tblock->max_addresses) == 0) sx->max_rcpt = 999999;
2045 sx->peer_offered = 0;
2046 sx->avoid_option = 0;
2047 sx->igquotstr = US"";
2048 if (!sx->helo_data) sx->helo_data = ob->helo_data;
2049 #ifdef EXPERIMENTAL_DSN_INFO
2050 sx->smtp_greeting = NULL;
2051 sx->helo_response = NULL;
2052 #endif
2053
2054 smtp_command = US"initial connection";
2055 sx->buffer[0] = '\0';
2056
2057 /* Set up the buffer for reading SMTP response packets. */
2058
2059 sx->inblock.buffer = sx->inbuffer;
2060 sx->inblock.buffersize = sizeof(sx->inbuffer);
2061 sx->inblock.ptr = sx->inbuffer;
2062 sx->inblock.ptrend = sx->inbuffer;
2063
2064 /* Set up the buffer for holding SMTP commands while pipelining */
2065
2066 sx->outblock.buffer = sx->outbuffer;
2067 sx->outblock.buffersize = sizeof(sx->outbuffer);
2068 sx->outblock.ptr = sx->outbuffer;
2069 sx->outblock.cmd_count = 0;
2070 sx->outblock.authenticating = FALSE;
2071 sx->outblock.conn_args = NULL;
2072
2073 /* Reset the parameters of a TLS session. */
2074
2075 tls_out.bits = 0;
2076 tls_out.cipher = NULL; /* the one we may use for this transport */
2077 tls_out.ourcert = NULL;
2078 tls_out.peercert = NULL;
2079 tls_out.peerdn = NULL;
2080 #ifdef USE_OPENSSL
2081 tls_out.sni = NULL;
2082 #endif
2083 tls_out.ocsp = OCSP_NOT_REQ;
2084 #ifdef EXPERIMENTAL_TLS_RESUME
2085 tls_out.resumption = 0;
2086 #endif
2087
2088 /* Flip the legacy TLS-related variables over to the outbound set in case
2089 they're used in the context of the transport. Don't bother resetting
2090 afterward (when being used by a transport) as we're in a subprocess.
2091 For verify, unflipped once the callout is dealt with */
2092
2093 tls_modify_variables(&tls_out);
2094
2095 #ifdef DISABLE_TLS
2096 if (sx->smtps)
2097 {
2098 set_errno_nohost(sx->addrlist, ERRNO_TLSFAILURE, US"TLS support not available",
2099 DEFER, FALSE);
2100 return ERROR;
2101 }
2102 #endif
2103
2104 /* Make a connection to the host if this isn't a continued delivery, and handle
2105 the initial interaction and HELO/EHLO/LHLO. Connect timeout errors are handled
2106 specially so they can be identified for retries. */
2107
2108 if (!continue_hostname)
2109 {
2110 if (sx->verify)
2111 HDEBUG(D_verify) debug_printf("interface=%s port=%d\n", sx->conn_args.interface, sx->port);
2112
2113 /* Get the actual port the connection will use, into sx->conn_args.host */
2114
2115 smtp_port_for_connect(sx->conn_args.host, sx->port);
2116
2117 #ifdef SUPPORT_DANE
2118 /* Do TLSA lookup for DANE */
2119 {
2120 tls_out.dane_verified = FALSE;
2121 tls_out.tlsa_usage = 0;
2122
2123 if (sx->conn_args.host->dnssec == DS_YES)
2124 {
2125 int rc;
2126 if( sx->dane_required
2127 || verify_check_given_host(CUSS &ob->hosts_try_dane, sx->conn_args.host) == OK
2128 )
2129 switch (rc = tlsa_lookup(sx->conn_args.host, &sx->conn_args.tlsa_dnsa, sx->dane_required))
2130 {
2131 case OK: sx->conn_args.dane = TRUE;
2132 ob->tls_tempfail_tryclear = FALSE;
2133 break;
2134 case FAIL_FORCED: break;
2135 default: set_errno_nohost(sx->addrlist, ERRNO_DNSDEFER,
2136 string_sprintf("DANE error: tlsa lookup %s",
2137 rc_to_string(rc)),
2138 rc, FALSE);
2139 # ifndef DISABLE_EVENT
2140 (void) event_raise(sx->conn_args.tblock->event_action,
2141 US"dane:fail", sx->dane_required
2142 ? US"dane-required" : US"dnssec-invalid");
2143 # endif
2144 return rc;
2145 }
2146 }
2147 else if (sx->dane_required)
2148 {
2149 set_errno_nohost(sx->addrlist, ERRNO_DNSDEFER,
2150 string_sprintf("DANE error: %s lookup not DNSSEC", sx->conn_args.host->name),
2151 FAIL, FALSE);
2152 # ifndef DISABLE_EVENT
2153 (void) event_raise(sx->conn_args.tblock->event_action,
2154 US"dane:fail", US"dane-required");
2155 # endif
2156 return FAIL;
2157 }
2158 }
2159 #endif /*DANE*/
2160
2161 /* Make the TCP connection */
2162
2163 sx->cctx.tls_ctx = NULL;
2164 sx->inblock.cctx = sx->outblock.cctx = &sx->cctx;
2165 sx->avoid_option = sx->peer_offered = smtp_peer_options = 0;
2166
2167 #ifndef DISABLE_PIPE_CONNECT
2168 if ( verify_check_given_host(CUSS &ob->hosts_pipe_connect,
2169 sx->conn_args.host) == OK)
2170
2171 /* We don't find out the local ip address until the connect, so if
2172 the helo string might use it avoid doing early-pipelining. */
2173
2174 if ( !sx->helo_data
2175 || !Ustrstr(sx->helo_data, "$sending_ip_address")
2176 || Ustrstr(sx->helo_data, "def:sending_ip_address")
2177 )
2178 {
2179 sx->early_pipe_ok = TRUE;
2180 if ( read_ehlo_cache_entry(sx)
2181 && sx->ehlo_resp.cleartext_features & OPTION_EARLY_PIPE)
2182 {
2183 DEBUG(D_transport)
2184 debug_printf("Using cached cleartext PIPE_CONNECT\n");
2185 sx->early_pipe_active = TRUE;
2186 sx->peer_offered = sx->ehlo_resp.cleartext_features;
2187 }
2188 }
2189 else DEBUG(D_transport)
2190 debug_printf("helo needs $sending_ip_address\n");
2191
2192 if (sx->early_pipe_active)
2193 sx->outblock.conn_args = &sx->conn_args;
2194 else
2195 #endif
2196 {
2197 if ((sx->cctx.sock = smtp_connect(&sx->conn_args, NULL)) < 0)
2198 {
2199 set_errno_nohost(sx->addrlist,
2200 errno == ETIMEDOUT ? ERRNO_CONNECTTIMEOUT : errno,
2201 sx->verify ? US strerror(errno) : NULL,
2202 DEFER, FALSE);
2203 sx->send_quit = FALSE;
2204 return DEFER;
2205 }
2206 }
2207 /* Expand the greeting message while waiting for the initial response. (Makes
2208 sense if helo_data contains ${lookup dnsdb ...} stuff). The expansion is
2209 delayed till here so that $sending_interface and $sending_port are set. */
2210 /*XXX early-pipe: they still will not be. Is there any way to find out what they
2211 will be? Somehow I doubt it. */
2212
2213 if (sx->helo_data)
2214 if (!(sx->helo_data = expand_string(sx->helo_data)))
2215 if (sx->verify)
2216 log_write(0, LOG_MAIN|LOG_PANIC,
2217 "<%s>: failed to expand transport's helo_data value for callout: %s",
2218 sx->addrlist->address, expand_string_message);
2219
2220 #ifdef SUPPORT_I18N
2221 if (sx->helo_data)
2222 {
2223 expand_string_message = NULL;
2224 if ((sx->helo_data = string_domain_utf8_to_alabel(sx->helo_data,
2225 &expand_string_message)),
2226 expand_string_message)
2227 if (sx->verify)
2228 log_write(0, LOG_MAIN|LOG_PANIC,
2229 "<%s>: failed to expand transport's helo_data value for callout: %s",
2230 sx->addrlist->address, expand_string_message);
2231 else
2232 sx->helo_data = NULL;
2233 }
2234 #endif
2235
2236 /* The first thing is to wait for an initial OK response. The dreaded "goto"
2237 is nevertheless a reasonably clean way of programming this kind of logic,
2238 where you want to escape on any error. */
2239
2240 if (!sx->smtps)
2241 {
2242 #ifndef DISABLE_PIPE_CONNECT
2243 if (sx->early_pipe_active)
2244 {
2245 sx->pending_BANNER = TRUE; /* sync_responses() must eventually handle */
2246 sx->outblock.cmd_count = 1;
2247 }
2248 else
2249 #endif
2250 {
2251 #ifdef TCP_QUICKACK
2252 (void) setsockopt(sx->cctx.sock, IPPROTO_TCP, TCP_QUICKACK, US &off,
2253 sizeof(off));
2254 #endif
2255 if (!smtp_reap_banner(sx))
2256 goto RESPONSE_FAILED;
2257 }
2258
2259 #ifndef DISABLE_EVENT
2260 {
2261 uschar * s;
2262 lookup_dnssec_authenticated = sx->conn_args.host->dnssec==DS_YES ? US"yes"
2263 : sx->conn_args.host->dnssec==DS_NO ? US"no" : NULL;
2264 s = event_raise(sx->conn_args.tblock->event_action, US"smtp:connect", sx->buffer);
2265 if (s)
2266 {
2267 set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL,
2268 string_sprintf("deferred by smtp:connect event expansion: %s", s),
2269 DEFER, FALSE);
2270 yield = DEFER;
2271 goto SEND_QUIT;
2272 }
2273 }
2274 #endif
2275
2276 /* Now check if the helo_data expansion went well, and sign off cleanly if
2277 it didn't. */
2278
2279 if (!sx->helo_data)
2280 {
2281 message = string_sprintf("failed to expand helo_data: %s",
2282 expand_string_message);
2283 set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE);
2284 yield = DEFER;
2285 goto SEND_QUIT;
2286 }
2287 }
2288
2289 /** Debugging without sending a message
2290 sx->addrlist->transport_return = DEFER;
2291 goto SEND_QUIT;
2292 **/
2293
2294 /* Errors that occur after this point follow an SMTP command, which is
2295 left in big_buffer by smtp_write_command() for use in error messages. */
2296
2297 smtp_command = big_buffer;
2298
2299 /* Tell the remote who we are...
2300
2301 February 1998: A convention has evolved that ESMTP-speaking MTAs include the
2302 string "ESMTP" in their greeting lines, so make Exim send EHLO if the
2303 greeting is of this form. The assumption was that the far end supports it
2304 properly... but experience shows that there are some that give 5xx responses,
2305 even though the banner includes "ESMTP" (there's a bloody-minded one that
2306 says "ESMTP not spoken here"). Cope with that case.
2307
2308 September 2000: Time has passed, and it seems reasonable now to always send
2309 EHLO at the start. It is also convenient to make the change while installing
2310 the TLS stuff.
2311
2312 July 2003: Joachim Wieland met a broken server that advertises "PIPELINING"
2313 but times out after sending MAIL FROM, RCPT TO and DATA all together. There
2314 would be no way to send out the mails, so there is now a host list
2315 "hosts_avoid_esmtp" that disables ESMTP for special hosts and solves the
2316 PIPELINING problem as well. Maybe it can also be useful to cure other
2317 problems with broken servers.
2318
2319 Exim originally sent "Helo" at this point and ran for nearly a year that way.
2320 Then somebody tried it with a Microsoft mailer... It seems that all other
2321 mailers use upper case for some reason (the RFC is quite clear about case
2322 independence) so, for peace of mind, I gave in. */
2323
2324 sx->esmtp = verify_check_given_host(CUSS &ob->hosts_avoid_esmtp, sx->conn_args.host) != OK;
2325
2326 /* Alas; be careful, since this goto is not an error-out, so conceivably
2327 we might set data between here and the target which we assume to exist
2328 and be usable. I can see this coming back to bite us. */
2329 #ifndef DISABLE_TLS
2330 if (sx->smtps)
2331 {
2332 smtp_peer_options |= OPTION_TLS;
2333 suppress_tls = FALSE;
2334 ob->tls_tempfail_tryclear = FALSE;
2335 smtp_command = US"SSL-on-connect";
2336 goto TLS_NEGOTIATE;
2337 }
2338 #endif
2339
2340 if (sx->esmtp)
2341 {
2342 if (smtp_write_command(sx,
2343 #ifndef DISABLE_PIPE_CONNECT
2344 sx->early_pipe_active ? SCMD_BUFFER :
2345 #endif
2346 SCMD_FLUSH,
2347 "%s %s\r\n", sx->lmtp ? "LHLO" : "EHLO", sx->helo_data) < 0)
2348 goto SEND_FAILED;
2349 sx->esmtp_sent = TRUE;
2350
2351 #ifndef DISABLE_PIPE_CONNECT
2352 if (sx->early_pipe_active)
2353 {
2354 sx->pending_EHLO = TRUE;
2355
2356 /* If we have too many authenticators to handle and might need to AUTH
2357 for this transport, pipeline no further as we will need the
2358 list of auth methods offered. Reap the banner and EHLO. */
2359
2360 if ( (ob->hosts_require_auth || ob->hosts_try_auth)
2361 && f.smtp_in_early_pipe_no_auth)
2362 {
2363 DEBUG(D_transport) debug_printf("may need to auth, so pipeline no further\n");
2364 if (smtp_write_command(sx, SCMD_FLUSH, NULL) < 0)
2365 goto SEND_FAILED;
2366 if (sync_responses(sx, 2, 0) != 0)
2367 {
2368 HDEBUG(D_transport)
2369 debug_printf("failed reaping pipelined cmd responses\n");
2370 goto RESPONSE_FAILED;
2371 }
2372 sx->early_pipe_active = FALSE;
2373 }
2374 }
2375 else
2376 #endif
2377 if (!smtp_reap_ehlo(sx))
2378 goto RESPONSE_FAILED;
2379 }
2380 else
2381 DEBUG(D_transport)
2382 debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
2383
2384 #ifndef DISABLE_PIPE_CONNECT
2385 if (!sx->early_pipe_active)
2386 #endif
2387 if (!sx->esmtp)
2388 {
2389 BOOL good_response;
2390 int n = sizeof(sx->buffer);
2391 uschar * rsp = sx->buffer;
2392
2393 if (sx->esmtp_sent && (n = Ustrlen(sx->buffer)) < sizeof(sx->buffer)/2)
2394 { rsp = sx->buffer + n + 1; n = sizeof(sx->buffer) - n; }
2395
2396 if (smtp_write_command(sx, SCMD_FLUSH, "HELO %s\r\n", sx->helo_data) < 0)
2397 goto SEND_FAILED;
2398 good_response = smtp_read_response(sx, rsp, n, '2', ob->command_timeout);
2399 #ifdef EXPERIMENTAL_DSN_INFO
2400 sx->helo_response = string_copy(rsp);
2401 #endif
2402 if (!good_response)
2403 {
2404 /* Handle special logging for a closed connection after HELO
2405 when had previously sent EHLO */
2406
2407 if (rsp != sx->buffer && rsp[0] == 0 && (errno == 0 || errno == ECONNRESET))
2408 {
2409 errno = ERRNO_SMTPCLOSED;
2410 goto EHLOHELO_FAILED;
2411 }
2412 memmove(sx->buffer, rsp, Ustrlen(rsp));
2413 goto RESPONSE_FAILED;
2414 }
2415 }
2416
2417 if (sx->esmtp || sx->lmtp)
2418 {
2419 #ifndef DISABLE_PIPE_CONNECT
2420 if (!sx->early_pipe_active)
2421 #endif
2422 {
2423 sx->peer_offered = ehlo_response(sx->buffer,
2424 OPTION_TLS /* others checked later */
2425 #ifndef DISABLE_PIPE_CONNECT
2426 | (sx->early_pipe_ok
2427 ? OPTION_IGNQ
2428 | OPTION_CHUNKING | OPTION_PRDR | OPTION_DSN | OPTION_PIPE | OPTION_SIZE
2429 #ifdef SUPPORT_I18N
2430 | OPTION_UTF8
2431 #endif
2432 | OPTION_EARLY_PIPE
2433 : 0
2434 )
2435 #endif
2436 );
2437 #ifndef DISABLE_PIPE_CONNECT
2438 if (sx->early_pipe_ok)
2439 {
2440 sx->ehlo_resp.cleartext_features = sx->peer_offered;
2441
2442 if ( (sx->peer_offered & (OPTION_PIPE | OPTION_EARLY_PIPE))
2443 == (OPTION_PIPE | OPTION_EARLY_PIPE))
2444 {
2445 DEBUG(D_transport) debug_printf("PIPE_CONNECT usable in future for this IP\n");
2446 sx->ehlo_resp.cleartext_auths = study_ehlo_auths(sx);
2447 write_ehlo_cache_entry(sx);
2448 }
2449 }
2450 #endif
2451 }
2452
2453 /* Set tls_offered if the response to EHLO specifies support for STARTTLS. */
2454
2455 #ifndef DISABLE_TLS
2456 smtp_peer_options |= sx->peer_offered & OPTION_TLS;
2457 #endif
2458 }
2459 }
2460
2461 /* For continuing deliveries down the same channel, having re-exec'd the socket
2462 is the standard input; for a socket held open from verify it is recorded
2463 in the cutthrough context block. Either way we don't need to redo EHLO here
2464 (but may need to do so for TLS - see below).
2465 Set up the pointer to where subsequent commands will be left, for
2466 error messages. Note that smtp_peer_options will have been
2467 set from the command line if they were set in the process that passed the
2468 connection on. */
2469
2470 /*XXX continue case needs to propagate DSN_INFO, prob. in deliver.c
2471 as the continue goes via transport_pass_socket() and doublefork and exec.
2472 It does not wait. Unclear how we keep separate host's responses
2473 separate - we could match up by host ip+port as a bodge. */
2474
2475 else
2476 {
2477 if (cutthrough.cctx.sock >= 0 && cutthrough.callout_hold_only)
2478 {
2479 sx->cctx = cutthrough.cctx;
2480 sx->conn_args.host->port = sx->port = cutthrough.host.port;
2481 }
2482 else
2483 {
2484 sx->cctx.sock = 0; /* stdin */
2485 sx->cctx.tls_ctx = NULL;
2486 smtp_port_for_connect(sx->conn_args.host, sx->port); /* Record the port that was used */
2487 }
2488 sx->inblock.cctx = sx->outblock.cctx = &sx->cctx;
2489 smtp_command = big_buffer;
2490 sx->helo_data = NULL; /* ensure we re-expand ob->helo_data */
2491
2492 /* For a continued connection with TLS being proxied for us, or a
2493 held-open verify connection with TLS, nothing more to do. */
2494
2495 if ( continue_proxy_cipher
2496 || (cutthrough.cctx.sock >= 0 && cutthrough.callout_hold_only
2497 && cutthrough.is_tls)
2498 )
2499 {
2500 sx->peer_offered = smtp_peer_options;
2501 sx->pipelining_used = pipelining_active = !!(smtp_peer_options & OPTION_PIPE);
2502 HDEBUG(D_transport) debug_printf("continued connection, %s TLS\n",
2503 continue_proxy_cipher ? "proxied" : "verify conn with");
2504 return OK;
2505 }
2506 HDEBUG(D_transport) debug_printf("continued connection, no TLS\n");
2507 }
2508
2509 /* If TLS is available on this connection, whether continued or not, attempt to
2510 start up a TLS session, unless the host is in hosts_avoid_tls. If successful,
2511 send another EHLO - the server may give a different answer in secure mode. We
2512 use a separate buffer for reading the response to STARTTLS so that if it is
2513 negative, the original EHLO data is available for subsequent analysis, should
2514 the client not be required to use TLS. If the response is bad, copy the buffer
2515 for error analysis. */
2516
2517 #ifndef DISABLE_TLS
2518 if ( smtp_peer_options & OPTION_TLS
2519 && !suppress_tls
2520 && verify_check_given_host(CUSS &ob->hosts_avoid_tls, sx->conn_args.host) != OK
2521 && ( !sx->verify
2522 || verify_check_given_host(CUSS &ob->hosts_verify_avoid_tls, sx->conn_args.host) != OK
2523 ) )
2524 {
2525 uschar buffer2[4096];
2526
2527 if (smtp_write_command(sx, SCMD_FLUSH, "STARTTLS\r\n") < 0)
2528 goto SEND_FAILED;
2529
2530 #ifndef DISABLE_PIPE_CONNECT
2531 /* If doing early-pipelining reap the banner and EHLO-response but leave
2532 the response for the STARTTLS we just sent alone. */
2533
2534 if (sx->early_pipe_active && sync_responses(sx, 2, 0) != 0)
2535 {
2536 HDEBUG(D_transport)
2537 debug_printf("failed reaping pipelined cmd responses\n");
2538 goto RESPONSE_FAILED;
2539 }
2540 #endif
2541
2542 /* If there is an I/O error, transmission of this message is deferred. If
2543 there is a temporary rejection of STARRTLS and tls_tempfail_tryclear is
2544 false, we also defer. However, if there is a temporary rejection of STARTTLS
2545 and tls_tempfail_tryclear is true, or if there is an outright rejection of
2546 STARTTLS, we carry on. This means we will try to send the message in clear,
2547 unless the host is in hosts_require_tls (tested below). */
2548
2549 if (!smtp_read_response(sx, buffer2, sizeof(buffer2), '2', ob->command_timeout))
2550 {
2551 if ( errno != 0
2552 || buffer2[0] == 0
2553 || (buffer2[0] == '4' && !ob->tls_tempfail_tryclear)
2554 )
2555 {
2556 Ustrncpy(sx->buffer, buffer2, sizeof(sx->buffer));
2557 sx->buffer[sizeof(sx->buffer)-1] = '\0';
2558 goto RESPONSE_FAILED;
2559 }
2560 }
2561
2562 /* STARTTLS accepted: try to negotiate a TLS session. */
2563
2564 else
2565 TLS_NEGOTIATE:
2566 {
2567 if (!tls_client_start(&sx->cctx, &sx->conn_args, sx->addrlist, &tls_out, &tls_errstr))
2568 {
2569 /* TLS negotiation failed; give an error. From outside, this function may
2570 be called again to try in clear on a new connection, if the options permit
2571 it for this host. */
2572 #ifdef USE_GNUTLS
2573 GNUTLS_CONN_FAILED:
2574 #endif
2575 DEBUG(D_tls) debug_printf("TLS session fail: %s\n", tls_errstr);
2576
2577 # ifdef SUPPORT_DANE
2578 if (sx->conn_args.dane)
2579 {
2580 log_write(0, LOG_MAIN,
2581 "DANE attempt failed; TLS connection to %s [%s]: %s",
2582 sx->conn_args.host->name, sx->conn_args.host->address, tls_errstr);
2583 # ifndef DISABLE_EVENT
2584 (void) event_raise(sx->conn_args.tblock->event_action,
2585 US"dane:fail", US"validation-failure"); /* could do with better detail */
2586 # endif
2587 }
2588 # endif
2589
2590 errno = ERRNO_TLSFAILURE;
2591 message = string_sprintf("TLS session: %s", tls_errstr);
2592 sx->send_quit = FALSE;
2593 goto TLS_FAILED;
2594 }
2595
2596 /* TLS session is set up */
2597
2598 smtp_peer_options_wrap = smtp_peer_options;
2599 for (address_item * addr = sx->addrlist; addr; addr = addr->next)
2600 if (addr->transport_return == PENDING_DEFER)
2601 {
2602 addr->cipher = tls_out.cipher;
2603 addr->ourcert = tls_out.ourcert;
2604 addr->peercert = tls_out.peercert;
2605 addr->peerdn = tls_out.peerdn;
2606 addr->ocsp = tls_out.ocsp;
2607 }
2608 }
2609 }
2610
2611 /* if smtps, we'll have smtp_command set to something else; always safe to
2612 reset it here. */
2613 smtp_command = big_buffer;
2614
2615 /* If we started TLS, redo the EHLO/LHLO exchange over the secure channel. If
2616 helo_data is null, we are dealing with a connection that was passed from
2617 another process, and so we won't have expanded helo_data above. We have to
2618 expand it here. $sending_ip_address and $sending_port are set up right at the
2619 start of the Exim process (in exim.c). */
2620
2621 if (tls_out.active.sock >= 0)
2622 {
2623 uschar * greeting_cmd;
2624
2625 if (!sx->helo_data && !(sx->helo_data = expand_string(ob->helo_data)))
2626 {
2627 uschar *message = string_sprintf("failed to expand helo_data: %s",
2628 expand_string_message);
2629 set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE);
2630 yield = DEFER;
2631 goto SEND_QUIT;
2632 }
2633
2634 #ifndef DISABLE_PIPE_CONNECT
2635 /* For SMTPS there is no cleartext early-pipe; use the crypted permission bit.
2636 We're unlikely to get the group sent and delivered before the server sends its
2637 banner, but it's still worth sending as a group.
2638 For STARTTLS allow for cleartext early-pipe but no crypted early-pipe, but not
2639 the reverse. */
2640
2641 if (sx->smtps ? sx->early_pipe_ok : sx->early_pipe_active)
2642 {
2643 sx->peer_offered = sx->ehlo_resp.crypted_features;
2644 if ((sx->early_pipe_active =
2645 !!(sx->ehlo_resp.crypted_features & OPTION_EARLY_PIPE)))
2646 DEBUG(D_transport) debug_printf("Using cached crypted PIPE_CONNECT\n");
2647 }
2648 #endif
2649
2650 /* For SMTPS we need to wait for the initial OK response. */
2651 if (sx->smtps)
2652 #ifndef DISABLE_PIPE_CONNECT
2653 if (sx->early_pipe_active)
2654 {
2655 sx->pending_BANNER = TRUE;
2656 sx->outblock.cmd_count = 1;
2657 }
2658 else
2659 #endif
2660 if (!smtp_reap_banner(sx))
2661 goto RESPONSE_FAILED;
2662
2663 if (sx->lmtp)
2664 greeting_cmd = US"LHLO";
2665 else if (sx->esmtp)
2666 greeting_cmd = US"EHLO";
2667 else
2668 {
2669 greeting_cmd = US"HELO";
2670 DEBUG(D_transport)
2671 debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
2672 }
2673
2674 if (smtp_write_command(sx,
2675 #ifndef DISABLE_PIPE_CONNECT
2676 sx->early_pipe_active ? SCMD_BUFFER :
2677 #endif
2678 SCMD_FLUSH,
2679 "%s %s\r\n", greeting_cmd, sx->helo_data) < 0)
2680 goto SEND_FAILED;
2681
2682 #ifndef DISABLE_PIPE_CONNECT
2683 if (sx->early_pipe_active)
2684 sx->pending_EHLO = TRUE;
2685 else
2686 #endif
2687 {
2688 if (!smtp_reap_ehlo(sx))
2689 #ifdef USE_GNUTLS
2690 {
2691 /* The GnuTLS layer in Exim only spots a server-rejection of a client
2692 cert late, under TLS1.3 - which means here; the first time we try to
2693 receive crypted data. Treat it as if it was a connect-time failure.
2694 See also the early-pipe equivalent... which will be hard; every call
2695 to sync_responses will need to check the result.
2696 It would be nicer to have GnuTLS check the cert during the handshake.
2697 Can it do that, with all the flexibility we need? */
2698
2699 tls_errstr = US"error on first read";
2700 goto GNUTLS_CONN_FAILED;
2701 }
2702 #else
2703 goto RESPONSE_FAILED;
2704 #endif
2705 smtp_peer_options = 0;
2706 }
2707 }
2708
2709 /* If the host is required to use a secure channel, ensure that we
2710 have one. */
2711
2712 else if ( sx->smtps
2713 # ifdef SUPPORT_DANE
2714 || sx->conn_args.dane
2715 # endif
2716 || verify_check_given_host(CUSS &ob->hosts_require_tls, sx->conn_args.host) == OK
2717 )
2718 {
2719 errno = ERRNO_TLSREQUIRED;
2720 message = string_sprintf("a TLS session is required, but %s",
2721 smtp_peer_options & OPTION_TLS
2722 ? "an attempt to start TLS failed" : "the server did not offer TLS support");
2723 # if defined(SUPPORT_DANE) && !defined(DISABLE_EVENT)
2724 if (sx->conn_args.dane)
2725 (void) event_raise(sx->conn_args.tblock->event_action, US"dane:fail",
2726 smtp_peer_options & OPTION_TLS
2727 ? US"validation-failure" /* could do with better detail */
2728 : US"starttls-not-supported");
2729 # endif
2730 goto TLS_FAILED;
2731 }
2732 #endif /*DISABLE_TLS*/
2733
2734 /* If TLS is active, we have just started it up and re-done the EHLO command,
2735 so its response needs to be analyzed. If TLS is not active and this is a
2736 continued session down a previously-used socket, we haven't just done EHLO, so
2737 we skip this. */
2738
2739 if (continue_hostname == NULL
2740 #ifndef DISABLE_TLS
2741 || tls_out.active.sock >= 0
2742 #endif
2743 )
2744 {
2745 if (sx->esmtp || sx->lmtp)
2746 {
2747 #ifndef DISABLE_PIPE_CONNECT
2748 if (!sx->early_pipe_active)
2749 #endif
2750 {
2751 sx->peer_offered = ehlo_response(sx->buffer,
2752 0 /* no TLS */
2753 #ifndef DISABLE_PIPE_CONNECT
2754 | (sx->lmtp && ob->lmtp_ignore_quota ? OPTION_IGNQ : 0)
2755 | OPTION_DSN | OPTION_PIPE | OPTION_SIZE
2756 | OPTION_CHUNKING | OPTION_PRDR | OPTION_UTF8
2757 | (tls_out.active.sock >= 0 ? OPTION_EARLY_PIPE : 0) /* not for lmtp */
2758
2759 #else
2760
2761 | (sx->lmtp && ob->lmtp_ignore_quota ? OPTION_IGNQ : 0)
2762 | OPTION_CHUNKING
2763 | OPTION_PRDR
2764 # ifdef SUPPORT_I18N
2765 | (sx->addrlist->prop.utf8_msg ? OPTION_UTF8 : 0)
2766 /*XXX if we hand peercaps on to continued-conn processes,
2767 must not depend on this addr */
2768 # endif
2769 | OPTION_DSN
2770 | OPTION_PIPE
2771 | (ob->size_addition >= 0 ? OPTION_SIZE : 0)
2772 #endif
2773 );
2774 #ifndef DISABLE_PIPE_CONNECT
2775 if (tls_out.active.sock >= 0)
2776 sx->ehlo_resp.crypted_features = sx->peer_offered;
2777 #endif
2778 }
2779
2780 /* Set for IGNOREQUOTA if the response to LHLO specifies support and the
2781 lmtp_ignore_quota option was set. */
2782
2783 sx->igquotstr = sx->peer_offered & OPTION_IGNQ ? US" IGNOREQUOTA" : US"";
2784
2785 /* If the response to EHLO specified support for the SIZE parameter, note
2786 this, provided size_addition is non-negative. */
2787
2788 smtp_peer_options |= sx->peer_offered & OPTION_SIZE;
2789
2790 /* Note whether the server supports PIPELINING. If hosts_avoid_esmtp matched
2791 the current host, esmtp will be false, so PIPELINING can never be used. If
2792 the current host matches hosts_avoid_pipelining, don't do it. */
2793
2794 if ( sx->peer_offered & OPTION_PIPE
2795 && verify_check_given_host(CUSS &ob->hosts_avoid_pipelining, sx->conn_args.host) != OK)
2796 smtp_peer_options |= OPTION_PIPE;
2797
2798 DEBUG(D_transport) debug_printf("%susing PIPELINING\n",
2799 smtp_peer_options & OPTION_PIPE ? "" : "not ");
2800
2801 if ( sx->peer_offered & OPTION_CHUNKING
2802 && verify_check_given_host(CUSS &ob->hosts_try_chunking, sx->conn_args.host) != OK)
2803 sx->peer_offered &= ~OPTION_CHUNKING;
2804
2805 if (sx->peer_offered & OPTION_CHUNKING)
2806 DEBUG(D_transport) debug_printf("CHUNKING usable\n");
2807
2808 #ifndef DISABLE_PRDR
2809 if ( sx->peer_offered & OPTION_PRDR
2810 && verify_check_given_host(CUSS &ob->hosts_try_prdr, sx->conn_args.host) != OK)
2811 sx->peer_offered &= ~OPTION_PRDR;
2812
2813 if (sx->peer_offered & OPTION_PRDR)
2814 DEBUG(D_transport) debug_printf("PRDR usable\n");
2815 #endif
2816
2817 /* Note if the server supports DSN */
2818 smtp_peer_options |= sx->peer_offered & OPTION_DSN;
2819 DEBUG(D_transport) debug_printf("%susing DSN\n",
2820 sx->peer_offered & OPTION_DSN ? "" : "not ");
2821
2822 #ifndef DISABLE_PIPE_CONNECT
2823 if ( sx->early_pipe_ok
2824 && !sx->early_pipe_active
2825 && tls_out.active.sock >= 0
2826 && smtp_peer_options & OPTION_PIPE
2827 && ( sx->ehlo_resp.cleartext_features | sx->ehlo_resp.crypted_features)
2828 & OPTION_EARLY_PIPE)
2829 {
2830 DEBUG(D_transport) debug_printf("PIPE_CONNECT usable in future for this IP\n");
2831 sx->ehlo_resp.crypted_auths = study_ehlo_auths(sx);
2832 write_ehlo_cache_entry(sx);
2833 }
2834 #endif
2835
2836 /* Note if the response to EHLO specifies support for the AUTH extension.
2837 If it has, check that this host is one we want to authenticate to, and do
2838 the business. The host name and address must be available when the
2839 authenticator's client driver is running. */
2840
2841 switch (yield = smtp_auth(sx))
2842 {
2843 default: goto SEND_QUIT;
2844 case OK: break;
2845 case FAIL_SEND: goto SEND_FAILED;
2846 case FAIL: goto RESPONSE_FAILED;
2847 }
2848 }
2849 }
2850 sx->pipelining_used = pipelining_active = !!(smtp_peer_options & OPTION_PIPE);
2851
2852 /* The setting up of the SMTP call is now complete. Any subsequent errors are
2853 message-specific. */
2854
2855 sx->setting_up = FALSE;
2856
2857 #ifdef SUPPORT_I18N
2858 if (sx->addrlist->prop.utf8_msg)
2859 {
2860 uschar * s;
2861
2862 /* If the transport sets a downconversion mode it overrides any set by ACL
2863 for the message. */
2864
2865 if ((s = ob->utf8_downconvert))
2866 {
2867 if (!(s = expand_string(s)))
2868 {
2869 message = string_sprintf("failed to expand utf8_downconvert: %s",
2870 expand_string_message);
2871 set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE);
2872 yield = DEFER;
2873 goto SEND_QUIT;
2874 }
2875 switch (*s)
2876 {
2877 case '1': sx->addrlist->prop.utf8_downcvt = TRUE;
2878 sx->addrlist->prop.utf8_downcvt_maybe = FALSE;
2879 break;
2880 case '0': sx->addrlist->prop.utf8_downcvt = FALSE;
2881 sx->addrlist->prop.utf8_downcvt_maybe = FALSE;
2882 break;
2883 case '-': if (s[1] == '1')
2884 {
2885 sx->addrlist->prop.utf8_downcvt = FALSE;
2886 sx->addrlist->prop.utf8_downcvt_maybe = TRUE;
2887 }
2888 break;
2889 }
2890 }
2891
2892 sx->utf8_needed = !sx->addrlist->prop.utf8_downcvt
2893 && !sx->addrlist->prop.utf8_downcvt_maybe;
2894 DEBUG(D_transport) if (!sx->utf8_needed)
2895 debug_printf("utf8: %s downconvert\n",
2896 sx->addrlist->prop.utf8_downcvt ? "mandatory" : "optional");
2897 }
2898
2899 /* If this is an international message we need the host to speak SMTPUTF8 */
2900 if (sx->utf8_needed && !(sx->peer_offered & OPTION_UTF8))
2901 {
2902 errno = ERRNO_UTF8_FWD;
2903 goto RESPONSE_FAILED;
2904 }
2905 #endif /*SUPPORT_I18N*/
2906
2907 return OK;
2908
2909
2910 {
2911 int code;
2912
2913 RESPONSE_FAILED:
2914 if (errno == ECONNREFUSED) /* first-read error on a TFO conn */
2915 {
2916 /* There is a testing facility for simulating a connection timeout, as I
2917 can't think of any other way of doing this. It converts a connection
2918 refused into a timeout if the timeout is set to 999999. This is done for
2919 a 3whs connection in ip_connect(), but a TFO connection does not error
2920 there - instead it gets ECONNREFUSED on the first data read. Tracking
2921 that a TFO really was done is too hard, or we would set a
2922 sx->pending_conn_done bit and test that in smtp_reap_banner() and
2923 smtp_reap_ehlo(). That would let us also add the conn-timeout to the
2924 cmd-timeout. */
2925
2926 if (f.running_in_test_harness && ob->connect_timeout == 999999)
2927 errno = ETIMEDOUT;
2928 set_errno_nohost(sx->addrlist,
2929 errno == ETIMEDOUT ? ERRNO_CONNECTTIMEOUT : errno,
2930 sx->verify ? US strerror(errno) : NULL,
2931 DEFER, FALSE);
2932 sx->send_quit = FALSE;
2933 return DEFER;
2934 }
2935
2936 /* really an error on an SMTP read */
2937 message = NULL;
2938 sx->send_quit = check_response(sx->conn_args.host, &errno, sx->addrlist->more_errno,
2939 sx->buffer, &code, &message, &pass_message);
2940 yield = DEFER;
2941 goto FAILED;
2942
2943 SEND_FAILED:
2944 code = '4';
2945 message = US string_sprintf("send() to %s [%s] failed: %s",
2946 sx->conn_args.host->name, sx->conn_args.host->address, strerror(errno));
2947 sx->send_quit = FALSE;
2948 yield = DEFER;
2949 goto FAILED;
2950
2951 EHLOHELO_FAILED:
2952 code = '4';
2953 message = string_sprintf("Remote host closed connection in response to %s"
2954 " (EHLO response was: %s)", smtp_command, sx->buffer);
2955 sx->send_quit = FALSE;
2956 yield = DEFER;
2957 goto FAILED;
2958
2959 /* This label is jumped to directly when a TLS negotiation has failed,
2960 or was not done for a host for which it is required. Values will be set
2961 in message and errno, and setting_up will always be true. Treat as
2962 a temporary error. */
2963
2964 #ifndef DISABLE_TLS
2965 TLS_FAILED:
2966 code = '4', yield = DEFER;
2967 goto FAILED;
2968 #endif
2969
2970 /* The failure happened while setting up the call; see if the failure was
2971 a 5xx response (this will either be on connection, or following HELO - a 5xx
2972 after EHLO causes it to try HELO). If so, and there are no more hosts to try,
2973 fail all addresses, as this host is never going to accept them. For other
2974 errors during setting up (timeouts or whatever), defer all addresses, and
2975 yield DEFER, so that the host is not tried again for a while.
2976
2977 XXX This peeking for another host feels like a layering violation. We want
2978 to note the host as unusable, but down here we shouldn't know if this was
2979 the last host to try for the addr(list). Perhaps the upper layer should be
2980 the one to do set_errno() ? The problem is that currently the addr is where
2981 errno etc. are stashed, but until we run out of hosts to try the errors are
2982 host-specific. Maybe we should enhance the host_item definition? */
2983
2984 FAILED:
2985 sx->ok = FALSE; /* For when reached by GOTO */
2986 set_errno(sx->addrlist, errno, message,
2987 sx->conn_args.host->next
2988 ? DEFER
2989 : code == '5'
2990 #ifdef SUPPORT_I18N
2991 || errno == ERRNO_UTF8_FWD
2992 #endif
2993 ? FAIL : DEFER,
2994 pass_message,
2995 errno == ECONNREFUSED ? NULL : sx->conn_args.host
2996 #ifdef EXPERIMENTAL_DSN_INFO
2997 , sx->smtp_greeting, sx->helo_response
2998 #endif
2999 );
3000 }
3001
3002
3003 SEND_QUIT:
3004
3005 if (sx->send_quit)
3006 (void)smtp_write_command(sx, SCMD_FLUSH, "QUIT\r\n");
3007
3008 #ifndef DISABLE_TLS
3009 if (sx->cctx.tls_ctx)
3010 {
3011 tls_close(sx->cctx.tls_ctx, TLS_SHUTDOWN_NOWAIT);
3012 sx->cctx.tls_ctx = NULL;
3013 }
3014 #endif
3015
3016 /* Close the socket, and return the appropriate value, first setting
3017 works because the NULL setting is passed back to the calling process, and
3018 remote_max_parallel is forced to 1 when delivering over an existing connection,
3019 */
3020
3021 HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP(close)>>\n");
3022 if (sx->send_quit)
3023 {
3024 shutdown(sx->cctx.sock, SHUT_WR);
3025 if (fcntl(sx->cctx.sock, F_SETFL, O_NONBLOCK) == 0)
3026 for (int i = 16; read(sx->cctx.sock, sx->inbuffer, sizeof(sx->inbuffer)) > 0 && i > 0;)
3027 i--; /* drain socket */
3028 sx->send_quit = FALSE;
3029 }
3030 (void)close(sx->cctx.sock);
3031 sx->cctx.sock = -1;
3032
3033 #ifndef DISABLE_EVENT
3034 (void) event_raise(sx->conn_args.tblock->event_action, US"tcp:close", NULL);
3035 #endif
3036
3037 continue_transport = NULL;
3038 continue_hostname = NULL;
3039 return yield;
3040 }
3041
3042
3043
3044
3045 /* Create the string of options that will be appended to the MAIL FROM:
3046 in the connection context buffer */
3047
3048 static int
3049 build_mailcmd_options(smtp_context * sx, address_item * addrlist)
3050 {
3051 uschar * p = sx->buffer;
3052 address_item * addr;
3053 int address_count;
3054
3055 *p = 0;
3056
3057 /* If we know the receiving MTA supports the SIZE qualification, and we know it,
3058 send it, adding something to the message size to allow for imprecision
3059 and things that get added en route. Exim keeps the number of lines
3060 in a message, so we can give an accurate value for the original message, but we
3061 need some additional to handle added headers. (Double "." characters don't get
3062 included in the count.) */
3063
3064 if ( message_size > 0
3065 && sx->peer_offered & OPTION_SIZE && !(sx->avoid_option & OPTION_SIZE))
3066 {
3067 /*XXX problem here under spool_files_wireformat?
3068 Or just forget about lines? Or inflate by a fixed proportion? */
3069
3070 sprintf(CS p, " SIZE=%d", message_size+message_linecount+(SOB sx->conn_args.ob)->size_addition);
3071 while (*p) p++;
3072 }
3073
3074 #ifndef DISABLE_PRDR
3075 /* If it supports Per-Recipient Data Responses, and we have more than one recipient,
3076 request that */
3077
3078 sx->prdr_active = FALSE;
3079 if (sx->peer_offered & OPTION_PRDR)
3080 for (address_item * addr = addrlist; addr; addr = addr->next)
3081 if (addr->transport_return == PENDING_DEFER)
3082 {
3083 for (addr = addr->next; addr; addr = addr->next)
3084 if (addr->transport_return == PENDING_DEFER)
3085 { /* at least two recipients to send */
3086 sx->prdr_active = TRUE;
3087 sprintf(CS p, " PRDR"); p += 5;
3088 break;
3089 }
3090 break;
3091 }
3092 #endif
3093
3094 #ifdef SUPPORT_I18N
3095 /* If it supports internationalised messages, and this meesage need that,
3096 request it */
3097
3098 if ( sx->peer_offered & OPTION_UTF8
3099 && addrlist->prop.utf8_msg
3100 && !addrlist->prop.utf8_downcvt
3101 )
3102 Ustrcpy(p, US" SMTPUTF8"), p += 9;
3103 #endif
3104
3105 /* check if all addresses have DSN-lasthop flag; do not send RET and ENVID if so */
3106 for (sx->dsn_all_lasthop = TRUE, addr = addrlist, address_count = 0;
3107 addr && address_count < sx->max_rcpt;
3108 addr = addr->next) if (addr->transport_return == PENDING_DEFER)
3109 {
3110 address_count++;
3111 if (!(addr->dsn_flags & rf_dsnlasthop))
3112 {
3113 sx->dsn_all_lasthop = FALSE;
3114 break;
3115 }
3116 }
3117
3118 /* Add any DSN flags to the mail command */
3119
3120 if (sx->peer_offered & OPTION_DSN && !sx->dsn_all_lasthop)
3121 {
3122 if (dsn_ret == dsn_ret_hdrs)
3123 { Ustrcpy(p, US" RET=HDRS"); p += 9; }
3124 else if (dsn_ret == dsn_ret_full)
3125 { Ustrcpy(p, US" RET=FULL"); p += 9; }
3126
3127 if (dsn_envid)
3128 {
3129 string_format(p, sizeof(sx->buffer) - (p-sx->buffer), " ENVID=%s", dsn_envid);
3130 while (*p) p++;
3131 }
3132 }
3133
3134 /* If an authenticated_sender override has been specified for this transport
3135 instance, expand it. If the expansion is forced to fail, and there was already
3136 an authenticated_sender for this message, the original value will be used.
3137 Other expansion failures are serious. An empty result is ignored, but there is
3138 otherwise no check - this feature is expected to be used with LMTP and other
3139 cases where non-standard addresses (e.g. without domains) might be required. */
3140
3141 if (smtp_mail_auth_str(p, sizeof(sx->buffer) - (p-sx->buffer), addrlist, sx->conn_args.ob))
3142 return ERROR;
3143
3144 return OK;
3145 }
3146
3147
3148 static void
3149 build_rcptcmd_options(smtp_context * sx, const address_item * addr)
3150 {
3151 uschar * p = sx->buffer;
3152 *p = 0;
3153
3154 /* Add any DSN flags to the rcpt command */
3155
3156 if (sx->peer_offered & OPTION_DSN && !(addr->dsn_flags & rf_dsnlasthop))
3157 {
3158 if (addr->dsn_flags & rf_dsnflags)
3159 {
3160 BOOL first = TRUE;
3161
3162 Ustrcpy(p, US" NOTIFY=");
3163 while (*p) p++;
3164 for (int i = 0; i < nelem(rf_list); i++) if (addr->dsn_flags & rf_list[i])
3165 {
3166 if (!first) *p++ = ',';
3167 first = FALSE;
3168 Ustrcpy(p, rf_names[i]);
3169 while (*p) p++;
3170 }
3171 }
3172
3173 if (addr->dsn_orcpt)
3174 {
3175 string_format(p, sizeof(sx->buffer) - (p-sx->buffer), " ORCPT=%s",
3176 addr->dsn_orcpt);
3177 while (*p) p++;
3178 }
3179 }
3180 }
3181
3182
3183
3184 /*
3185 Return:
3186 0 good, rcpt results in addr->transport_return (PENDING_OK, DEFER, FAIL)
3187 -1 MAIL response error
3188 -2 any non-MAIL read i/o error
3189 -3 non-MAIL response timeout
3190 -4 internal error; channel still usable
3191 -5 transmit failed
3192 */
3193
3194 int
3195 smtp_write_mail_and_rcpt_cmds(smtp_context * sx, int * yield)
3196 {
3197 address_item * addr;
3198 int address_count;
3199 int rc;
3200
3201 if (build_mailcmd_options(sx, sx->first_addr) != OK)
3202 {
3203 *yield = ERROR;
3204 return -4;
3205 }
3206
3207 /* From here until we send the DATA command, we can make use of PIPELINING
3208 if the server host supports it. The code has to be able to check the responses
3209 at any point, for when the buffer fills up, so we write it totally generally.
3210 When PIPELINING is off, each command written reports that it has flushed the
3211 buffer. */
3212
3213 sx->pending_MAIL = TRUE; /* The block starts with MAIL */
3214
3215 {
3216 uschar * s = sx->from_addr;
3217 #ifdef SUPPORT_I18N
3218 uschar * errstr = NULL;
3219
3220 /* If we must downconvert, do the from-address here. Remember we had to
3221 for the to-addresses (done below), and also (ugly) for re-doing when building
3222 the delivery log line. */
3223
3224 if ( sx->addrlist->prop.utf8_msg
3225 && (sx->addrlist->prop.utf8_downcvt || !(sx->peer_offered & OPTION_UTF8))
3226 )
3227 {
3228 if (s = string_address_utf8_to_alabel(s, &errstr), errstr)
3229 {
3230 set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL, errstr, DEFER, FALSE);
3231 *yield = ERROR;
3232 return -4;
3233 }
3234 setflag(sx->addrlist, af_utf8_downcvt);
3235 }
3236 #endif
3237
3238 rc = smtp_write_command(sx, pipelining_active ? SCMD_BUFFER : SCMD_FLUSH,
3239 "MAIL FROM:<%s>%s\r\n", s, sx->buffer);
3240 }
3241
3242 mail_command = string_copy(big_buffer); /* Save for later error message */
3243
3244 switch(rc)
3245 {
3246 case -1: /* Transmission error */
3247 return -5;
3248
3249 case +1: /* Cmd was sent */
3250 if (!smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '2',
3251 (SOB sx->conn_args.ob)->command_timeout))
3252 {
3253 if (errno == 0 && sx->buffer[0] == '4')
3254 {
3255 errno = ERRNO_MAIL4XX;
3256 sx->addrlist->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
3257 }
3258 return -1;
3259 }
3260 sx->pending_MAIL = FALSE;
3261 break;
3262
3263 /* otherwise zero: command queued for pipeline */
3264 }
3265
3266 /* Pass over all the relevant recipient addresses for this host, which are the
3267 ones that have status PENDING_DEFER. If we are using PIPELINING, we can send
3268 several before we have to read the responses for those seen so far. This
3269 checking is done by a subroutine because it also needs to be done at the end.
3270 Send only up to max_rcpt addresses at a time, leaving next_addr pointing to
3271 the next one if not all are sent.
3272
3273 In the MUA wrapper situation, we want to flush the PIPELINING buffer for the
3274 last address because we want to abort if any recipients have any kind of
3275 problem, temporary or permanent. We know that all recipient addresses will have
3276 the PENDING_DEFER status, because only one attempt is ever made, and we know
3277 that max_rcpt will be large, so all addresses will be done at once.
3278
3279 For verify we flush the pipeline after any (the only) rcpt address. */
3280
3281 for (addr = sx->first_addr, address_count = 0;
3282 addr && address_count < sx->max_rcpt;
3283 addr = addr->next) if (addr->transport_return == PENDING_DEFER)
3284 {
3285 int count;
3286 BOOL no_flush;
3287 uschar * rcpt_addr;
3288
3289 addr->dsn_aware = sx->peer_offered & OPTION_DSN
3290 ? dsn_support_yes : dsn_support_no;
3291
3292 address_count++;
3293 no_flush = pipelining_active && !sx->verify
3294 && (!mua_wrapper || addr->next && address_count < sx->max_rcpt);
3295
3296 build_rcptcmd_options(sx, addr);
3297
3298 /* Now send the RCPT command, and process outstanding responses when
3299 necessary. After a timeout on RCPT, we just end the function, leaving the
3300 yield as OK, because this error can often mean that there is a problem with
3301 just one address, so we don't want to delay the host. */
3302
3303 rcpt_addr = transport_rcpt_address(addr, sx->conn_args.tblock->rcpt_include_affixes);
3304
3305 #ifdef SUPPORT_I18N
3306 if ( testflag(sx->addrlist, af_utf8_downcvt)
3307 && !(rcpt_addr = string_address_utf8_to_alabel(rcpt_addr, NULL))
3308 )
3309 {
3310 /*XXX could we use a per-address errstr here? Not fail the whole send? */
3311 errno = ERRNO_EXPANDFAIL;
3312 return -5; /*XXX too harsh? */
3313 }
3314 #endif
3315
3316 count = smtp_write_command(sx, no_flush ? SCMD_BUFFER : SCMD_FLUSH,
3317 "RCPT TO:<%s>%s%s\r\n", rcpt_addr, sx->igquotstr, sx->buffer);
3318
3319 if (count < 0) return -5;
3320 if (count > 0)
3321 {
3322 switch(sync_responses(sx, count, 0))
3323 {
3324 case 3: sx->ok = TRUE; /* 2xx & 5xx => OK & progress made */
3325 case 2: sx->completed_addr = TRUE; /* 5xx (only) => progress made */
3326 break;
3327
3328 case 1: sx->ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
3329 if (!sx->lmtp) /* can't tell about progress yet */
3330 sx->completed_addr = TRUE;
3331 case 0: /* No 2xx or 5xx, but no probs */
3332 break;
3333
3334 case -1: return -3; /* Timeout on RCPT */
3335 case -2: return -2; /* non-MAIL read i/o error */
3336 default: return -1; /* any MAIL error */
3337
3338 #ifndef DISABLE_PIPE_CONNECT
3339 case -4: return -1; /* non-2xx for pipelined banner or EHLO */
3340 case -5: return -1; /* TLS first-read error */
3341 #endif
3342 }
3343 sx->pending_MAIL = FALSE; /* Dealt with MAIL */
3344 }
3345 } /* Loop for next address */
3346
3347 sx->next_addr = addr;
3348 return 0;
3349 }
3350
3351
3352 #ifndef DISABLE_TLS
3353 /*****************************************************
3354 * Proxy TLS connection for another transport process *
3355 ******************************************************/
3356 /*
3357 Close the unused end of the pipe, fork once more, then use the given buffer
3358 as a staging area, and select on both the given fd and the TLS'd client-fd for
3359 data to read (per the coding in ip_recv() and fd_ready() this is legitimate).
3360 Do blocking full-size writes, and reads under a timeout. Once both input
3361 channels are closed, exit the process.
3362
3363 Arguments:
3364 ct_ctx tls context
3365 buf space to use for buffering
3366 bufsiz size of buffer
3367 pfd pipe filedescriptor array; [0] is comms to proxied process
3368 timeout per-read timeout, seconds
3369
3370 Does not return.
3371 */
3372
3373 void
3374 smtp_proxy_tls(void * ct_ctx, uschar * buf, size_t bsize, int * pfd,
3375 int timeout)
3376 {
3377 fd_set rfds, efds;
3378 int max_fd = MAX(pfd[0], tls_out.active.sock) + 1;
3379 int rc, i;
3380
3381 close(pfd[1]);
3382 if ((rc = fork()))
3383 {
3384 DEBUG(D_transport) debug_printf("proxy-proc final-pid %d\n", rc);
3385 _exit(rc < 0 ? EXIT_FAILURE : EXIT_SUCCESS);
3386 }
3387
3388 testharness_pause_ms(100); /* let parent debug out */
3389 set_process_info("proxying TLS connection for continued transport");
3390 FD_ZERO(&rfds);
3391 FD_SET(tls_out.active.sock, &rfds);
3392 FD_SET(pfd[0], &rfds);
3393
3394 for (int fd_bits = 3; fd_bits; )
3395 {
3396 time_t time_left = timeout;
3397 time_t time_start = time(NULL);
3398
3399 /* wait for data */
3400 efds = rfds;
3401 do
3402 {
3403 struct timeval tv = { time_left, 0 };
3404
3405 rc = select(max_fd,
3406 (SELECT_ARG2_TYPE *)&rfds, NULL, (SELECT_ARG2_TYPE *)&efds, &tv);
3407
3408 if (rc < 0 && errno == EINTR)
3409 if ((time_left -= time(NULL) - time_start) > 0) continue;
3410
3411 if (rc <= 0)
3412 {
3413 DEBUG(D_transport) if (rc == 0) debug_printf("%s: timed out\n", __FUNCTION__);
3414 goto done;
3415 }
3416
3417 if (FD_ISSET(tls_out.active.sock, &efds) || FD_ISSET(pfd[0], &efds))
3418 {
3419 DEBUG(D_transport) debug_printf("select: exceptional cond on %s fd\n",
3420 FD_ISSET(pfd[0], &efds) ? "proxy" : "tls");
3421 goto done;
3422 }
3423 }
3424 while (rc < 0 || !(FD_ISSET(tls_out.active.sock, &rfds) || FD_ISSET(pfd[0], &rfds)));
3425
3426 /* handle inbound data */
3427 if (FD_ISSET(tls_out.active.sock, &rfds))
3428 if ((rc = tls_read(ct_ctx, buf, bsize)) <= 0)
3429 {
3430 fd_bits &= ~1;
3431 FD_CLR(tls_out.active.sock, &rfds);
3432 shutdown(pfd[0], SHUT_WR);
3433 timeout = 5;
3434 }
3435 else
3436 {
3437 for (int nbytes = 0; rc - nbytes > 0; nbytes += i)
3438 if ((i = write(pfd[0], buf + nbytes, rc - nbytes)) < 0) goto done;
3439 }
3440 else if (fd_bits & 1)
3441 FD_SET(tls_out.active.sock, &rfds);
3442
3443 /* handle outbound data */
3444 if (FD_ISSET(pfd[0], &rfds))
3445 if ((rc = read(pfd[0], buf, bsize)) <= 0)
3446 {
3447 fd_bits = 0;
3448 tls_close(ct_ctx, TLS_SHUTDOWN_NOWAIT);
3449 ct_ctx = NULL;
3450 }
3451 else
3452 {
3453 for (int nbytes = 0; rc - nbytes > 0; nbytes += i)
3454 if ((i = tls_write(ct_ctx, buf + nbytes, rc - nbytes, FALSE)) < 0)
3455 goto done;
3456 }
3457 else if (fd_bits & 2)
3458 FD_SET(pfd[0], &rfds);
3459 }
3460
3461 done:
3462 testharness_pause_ms(100); /* let logging complete */
3463 exim_exit(0, US"TLS proxy");
3464 }
3465 #endif
3466
3467
3468 /*************************************************
3469 * Deliver address list to given host *
3470 *************************************************/
3471
3472 /* If continue_hostname is not null, we get here only when continuing to
3473 deliver down an existing channel. The channel was passed as the standard
3474 input. TLS is never active on a passed channel; the previous process always
3475 closes it down before passing the connection on.
3476
3477 Otherwise, we have to make a connection to the remote host, and do the
3478 initial protocol exchange.
3479
3480 When running as an MUA wrapper, if the sender or any recipient is rejected,
3481 temporarily or permanently, we force failure for all recipients.
3482
3483 Arguments:
3484 addrlist chain of potential addresses to deliver; only those whose
3485 transport_return field is set to PENDING_DEFER are currently
3486 being processed; others should be skipped - they have either
3487 been delivered to an earlier host or IP address, or been
3488 failed by one of them.
3489 host host to deliver to
3490 host_af AF_INET or AF_INET6
3491 defport default TCP/IP port to use if host does not specify, in host
3492 byte order
3493 interface interface to bind to, or NULL
3494 tblock transport instance block
3495 message_defer set TRUE if yield is OK, but all addresses were deferred
3496 because of a non-recipient, non-host failure, that is, a
3497 4xx response to MAIL FROM, DATA, or ".". This is a defer
3498 that is specific to the message.
3499 suppress_tls if TRUE, don't attempt a TLS connection - this is set for
3500 a second attempt after TLS initialization fails
3501
3502 Returns: OK - the connection was made and the delivery attempted;
3503 the result for each address is in its data block.
3504 DEFER - the connection could not be made, or something failed
3505 while setting up the SMTP session, or there was a
3506 non-message-specific error, such as a timeout.
3507 ERROR - a filter command is specified for this transport,
3508 and there was a problem setting it up; OR helo_data
3509 or add_headers or authenticated_sender is specified
3510 for this transport, and the string failed to expand
3511 */
3512
3513 static int
3514 smtp_deliver(address_item *addrlist, host_item *host, int host_af, int defport,
3515 uschar *interface, transport_instance *tblock,
3516 BOOL *message_defer, BOOL suppress_tls)
3517 {
3518 smtp_transport_options_block * ob = SOB tblock->options_block;
3519 int yield = OK;
3520 int save_errno;
3521 int rc;
3522 struct timeval start_delivery_time;
3523
3524 BOOL pass_message = FALSE;
3525 uschar *message = NULL;
3526 uschar new_message_id[MESSAGE_ID_LENGTH + 1];
3527
3528 smtp_context sx;
3529
3530 gettimeofday(&start_delivery_time, NULL);
3531 suppress_tls = suppress_tls; /* stop compiler warning when no TLS support */
3532 *message_defer = FALSE;
3533
3534 sx.addrlist = addrlist;
3535 sx.conn_args.host = host;
3536 sx.conn_args.host_af = host_af,
3537 sx.port = defport;
3538 sx.conn_args.interface = interface;
3539 sx.helo_data = NULL;
3540 sx.conn_args.tblock = tblock;
3541 sx.verify = FALSE;
3542 sx.sync_addr = sx.first_addr = addrlist;
3543
3544 /* Get the channel set up ready for a message (MAIL FROM being the next
3545 SMTP command to send */
3546
3547 if ((rc = smtp_setup_conn(&sx, suppress_tls)) != OK)
3548 return rc;
3549
3550 /* If there is a filter command specified for this transport, we can now
3551 set it up. This cannot be done until the identify of the host is known. */
3552
3553 if (tblock->filter_command)
3554 {
3555 transport_filter_timeout = tblock->filter_timeout;
3556
3557 /* On failure, copy the error to all addresses, abandon the SMTP call, and
3558 yield ERROR. */
3559
3560 if (!transport_set_up_command(&transport_filter_argv,
3561 tblock->filter_command, TRUE, DEFER, addrlist,
3562 string_sprintf("%.50s transport", tblock->name), NULL))
3563 {
3564 set_errno_nohost(addrlist->next, addrlist->basic_errno, addrlist->message, DEFER,
3565 FALSE);
3566 yield = ERROR;
3567 goto SEND_QUIT;
3568 }
3569
3570 if ( transport_filter_argv
3571 && *transport_filter_argv
3572 && **transport_filter_argv
3573 && sx.peer_offered & OPTION_CHUNKING
3574 #ifndef DISABLE_DKIM
3575 /* When dkim signing, chunking is handled even with a transport-filter */
3576 && !(ob->dkim.dkim_private_key && ob->dkim.dkim_domain && ob->dkim.dkim_selector)
3577 && !ob->dkim.force_bodyhash
3578 #endif
3579 )
3580 {
3581 sx.peer_offered &= ~OPTION_CHUNKING;
3582 DEBUG(D_transport) debug_printf("CHUNKING not usable due to transport filter\n");
3583 }
3584 }
3585
3586 /* For messages that have more than the maximum number of envelope recipients,
3587 we want to send several transactions down the same SMTP connection. (See
3588 comments in deliver.c as to how this reconciles, heuristically, with
3589 remote_max_parallel.) This optimization was added to Exim after the following
3590 code was already working. The simplest way to put it in without disturbing the
3591 code was to use a goto to jump back to this point when there is another
3592 transaction to handle. */
3593
3594 SEND_MESSAGE:
3595 sx.from_addr = return_path;
3596 sx.sync_addr = sx.first_addr;
3597 sx.ok = FALSE;
3598 sx.send_rset = TRUE;
3599 sx.completed_addr = FALSE;
3600
3601
3602 /* If we are a continued-connection-after-verify the MAIL and RCPT
3603 commands were already sent; do not re-send but do mark the addrs as
3604 having been accepted up to RCPT stage. A traditional cont-conn
3605 always has a sequence number greater than one. */
3606
3607 if (continue_hostname && continue_sequence == 1)
3608 {
3609 sx.peer_offered = smtp_peer_options;
3610 sx.pending_MAIL = FALSE;
3611 sx.ok = TRUE;
3612 sx.next_addr = NULL;
3613
3614 for (address_item * addr = addrlist; addr; addr = addr->next)
3615 addr->transport_return = PENDING_OK;
3616 }
3617 else
3618 {
3619 /* Initiate a message transfer. */
3620
3621 switch(smtp_write_mail_and_rcpt_cmds(&sx, &yield))
3622 {
3623 case 0: break;
3624 case -1: case -2: goto RESPONSE_FAILED;
3625 case -3: goto END_OFF;
3626 case -4: goto SEND_QUIT;
3627 default: goto SEND_FAILED;
3628 }
3629
3630 /* If we are an MUA wrapper, abort if any RCPTs were rejected, either
3631 permanently or temporarily. We should have flushed and synced after the last
3632 RCPT. */
3633
3634 if (mua_wrapper)
3635 {
3636 address_item * a;
3637 unsigned cnt;
3638
3639 for (a = sx.first_addr, cnt = 0; a && cnt < sx.max_rcpt; a = a->next, cnt++)
3640 if (a->transport_return != PENDING_OK)
3641 {
3642 /*XXX could we find a better errno than 0 here? */
3643 set_errno_nohost(addrlist, 0, a->message, FAIL,
3644 testflag(a, af_pass_message));
3645 sx.ok = FALSE;
3646 break;
3647 }
3648 }
3649 }
3650
3651 /* If ok is TRUE, we know we have got at least one good recipient, and must now
3652 send DATA, but if it is FALSE (in the normal, non-wrapper case), we may still
3653 have a good recipient buffered up if we are pipelining. We don't want to waste
3654 time sending DATA needlessly, so we only send it if either ok is TRUE or if we
3655 are pipelining. The responses are all handled by sync_responses().
3656 If using CHUNKING, do not send a BDAT until we know how big a chunk we want
3657 to send is. */
3658
3659 if ( !(sx.peer_offered & OPTION_CHUNKING)
3660 && (sx.ok || (pipelining_active && !mua_wrapper)))
3661 {
3662 int count = smtp_write_command(&sx, SCMD_FLUSH, "DATA\r\n");
3663
3664 if (count < 0) goto SEND_FAILED;
3665 switch(sync_responses(&sx, count, sx.ok ? +1 : -1))
3666 {
3667 case 3: sx.ok = TRUE; /* 2xx & 5xx => OK & progress made */
3668 case 2: sx.completed_addr = TRUE; /* 5xx (only) => progress made */
3669 break;
3670
3671 case 1: sx.ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
3672 if (!sx.lmtp) sx.completed_addr = TRUE; /* can't tell about progress yet */
3673 case 0: break; /* No 2xx or 5xx, but no probs */
3674
3675 case -1: goto END_OFF; /* Timeout on RCPT */
3676
3677 #ifndef DISABLE_PIPE_CONNECT
3678 case -5: /* TLS first-read error */
3679 case -4: HDEBUG(D_transport)
3680 debug_printf("failed reaping pipelined cmd responses\n");
3681 #endif
3682 default: goto RESPONSE_FAILED; /* I/O error, or any MAIL/DATA error */
3683 }
3684 pipelining_active = FALSE;
3685 data_command = string_copy(big_buffer); /* Save for later error message */
3686 }
3687
3688 /* If there were no good recipients (but otherwise there have been no
3689 problems), just set ok TRUE, since we have handled address-specific errors
3690 already. Otherwise, it's OK to send the message. Use the check/escape mechanism
3691 for handling the SMTP dot-handling protocol, flagging to apply to headers as
3692 well as body. Set the appropriate timeout value to be used for each chunk.
3693 (Haven't been able to make it work using select() for writing yet.) */
3694
3695 if (!(sx.peer_offered & OPTION_CHUNKING) && !sx.ok)
3696 {
3697 /* Save the first address of the next batch. */
3698 sx.first_addr = sx.next_addr;
3699
3700 sx.ok = TRUE;
3701 }
3702 else
3703 {
3704 transport_ctx tctx = {
3705 .u = {.fd = sx.cctx.sock}, /*XXX will this need TLS info? */
3706 .tblock = tblock,
3707 .addr = addrlist,
3708 .check_string = US".",
3709 .escape_string = US"..", /* Escaping strings */
3710 .options =
3711 topt_use_crlf | topt_escape_headers
3712 | (tblock->body_only ? topt_no_headers : 0)
3713 | (tblock->headers_only ? topt_no_body : 0)
3714 | (tblock->return_path_add ? topt_add_return_path : 0)
3715 | (tblock->delivery_date_add ? topt_add_delivery_date : 0)
3716 | (tblock->envelope_to_add ? topt_add_envelope_to : 0)
3717 };
3718
3719 /* If using CHUNKING we need a callback from the generic transport
3720 support to us, for the sending of BDAT smtp commands and the reaping
3721 of responses. The callback needs a whole bunch of state so set up
3722 a transport-context structure to be passed around. */
3723
3724 if (sx.peer_offered & OPTION_CHUNKING)
3725 {
3726 tctx.check_string = tctx.escape_string = NULL;
3727 tctx.options |= topt_use_bdat;
3728 tctx.chunk_cb = smtp_chunk_cmd_callback;
3729 sx.pending_BDAT = FALSE;
3730 sx.good_RCPT = sx.ok;
3731 sx.cmd_count = 0;
3732 tctx.smtp_context = &sx;
3733 }
3734 else
3735 tctx.options |= topt_end_dot;
3736
3737 /* Save the first address of the next batch. */
3738 sx.first_addr = sx.next_addr;
3739
3740 /* Responses from CHUNKING commands go in buffer. Otherwise,
3741 there has not been a response. */
3742
3743 sx.buffer[0] = 0;
3744
3745 sigalrm_seen = FALSE;
3746 transport_write_timeout = ob->data_timeout;
3747 smtp_command = US"sending data block"; /* For error messages */
3748 DEBUG(D_transport|D_v)
3749 if (sx.peer_offered & OPTION_CHUNKING)
3750 debug_printf(" will write message using CHUNKING\n");
3751 else
3752 debug_printf(" SMTP>> writing message and terminating \".\"\n");
3753 transport_count = 0;
3754
3755 #ifndef DISABLE_DKIM
3756 {
3757 # ifdef MEASURE_TIMING
3758 struct timeval t0;
3759 gettimeofday(&t0, NULL);
3760 # endif
3761 dkim_exim_sign_init();
3762 # ifdef EXPERIMENTAL_ARC
3763 {
3764 uschar * s = ob->arc_sign;
3765 if (s)
3766 {
3767 if (!(ob->dkim.arc_signspec = s = expand_string(s)))
3768 {
3769 if (!f.expand_string_forcedfail)
3770 {
3771 message = US"failed to expand arc_sign";
3772 sx.ok = FALSE;
3773 goto SEND_FAILED;
3774 }
3775 }
3776 else if (*s)
3777 {
3778 /* Ask dkim code to hash the body for ARC */
3779 (void) arc_ams_setup_sign_bodyhash();
3780 ob->dkim.force_bodyhash = TRUE;
3781 }
3782 }
3783 }
3784 # endif
3785 # ifdef MEASURE_TIMING
3786 report_time_since(&t0, US"dkim_exim_sign_init (delta)");
3787 # endif
3788 }
3789 sx.ok = dkim_transport_write_message(&tctx, &ob->dkim, CUSS &message);
3790 #else
3791 sx.ok = transport_write_message(&tctx, 0);
3792 #endif
3793
3794 /* transport_write_message() uses write() because it is called from other
3795 places to write to non-sockets. This means that under some OS (e.g. Solaris)
3796 it can exit with "Broken pipe" as its error. This really means that the
3797 socket got closed at the far end. */
3798
3799 transport_write_timeout = 0; /* for subsequent transports */
3800
3801 /* Failure can either be some kind of I/O disaster (including timeout),
3802 or the failure of a transport filter or the expansion of added headers.
3803 Or, when CHUNKING, it can be a protocol-detected failure. */
3804
3805 if (!sx.ok)
3806 if (message) goto SEND_FAILED;