Logging: outgoing_port on temporary errors for non-last hosts
[exim.git] / src / src / transports / smtp.c
1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4
5 /* Copyright (c) University of Cambridge 1995 - 2018 */
6 /* See the file NOTICE for conditions of use and distribution. */
7
8 #include "../exim.h"
9 #include "smtp.h"
10
11
12 /* Options specific to the smtp transport. This transport also supports LMTP
13 over TCP/IP. The options must be in alphabetic order (note that "_" comes
14 before the lower case letters). Some live in the transport_instance block so as
15 to be publicly visible; these are flagged with opt_public. */
16
17 optionlist smtp_transport_options[] = {
18 { "*expand_multi_domain", opt_stringptr | opt_hidden | opt_public,
19 (void *)offsetof(transport_instance, expand_multi_domain) },
20 { "*expand_retry_include_ip_address", opt_stringptr | opt_hidden,
21 (void *)(offsetof(smtp_transport_options_block, expand_retry_include_ip_address)) },
22
23 { "address_retry_include_sender", opt_bool,
24 (void *)offsetof(smtp_transport_options_block, address_retry_include_sender) },
25 { "allow_localhost", opt_bool,
26 (void *)offsetof(smtp_transport_options_block, allow_localhost) },
27 #ifdef EXPERIMENTAL_ARC
28 { "arc_sign", opt_stringptr,
29 (void *)offsetof(smtp_transport_options_block, arc_sign) },
30 #endif
31 { "authenticated_sender", opt_stringptr,
32 (void *)offsetof(smtp_transport_options_block, authenticated_sender) },
33 { "authenticated_sender_force", opt_bool,
34 (void *)offsetof(smtp_transport_options_block, authenticated_sender_force) },
35 { "command_timeout", opt_time,
36 (void *)offsetof(smtp_transport_options_block, command_timeout) },
37 { "connect_timeout", opt_time,
38 (void *)offsetof(smtp_transport_options_block, connect_timeout) },
39 { "connection_max_messages", opt_int | opt_public,
40 (void *)offsetof(transport_instance, connection_max_messages) },
41 # ifdef SUPPORT_DANE
42 { "dane_require_tls_ciphers", opt_stringptr,
43 (void *)offsetof(smtp_transport_options_block, dane_require_tls_ciphers) },
44 # endif
45 { "data_timeout", opt_time,
46 (void *)offsetof(smtp_transport_options_block, data_timeout) },
47 { "delay_after_cutoff", opt_bool,
48 (void *)offsetof(smtp_transport_options_block, delay_after_cutoff) },
49 #ifndef DISABLE_DKIM
50 { "dkim_canon", opt_stringptr,
51 (void *)offsetof(smtp_transport_options_block, dkim.dkim_canon) },
52 { "dkim_domain", opt_stringptr,
53 (void *)offsetof(smtp_transport_options_block, dkim.dkim_domain) },
54 { "dkim_hash", opt_stringptr,
55 (void *)offsetof(smtp_transport_options_block, dkim.dkim_hash) },
56 { "dkim_identity", opt_stringptr,
57 (void *)offsetof(smtp_transport_options_block, dkim.dkim_identity) },
58 { "dkim_private_key", opt_stringptr,
59 (void *)offsetof(smtp_transport_options_block, dkim.dkim_private_key) },
60 { "dkim_selector", opt_stringptr,
61 (void *)offsetof(smtp_transport_options_block, dkim.dkim_selector) },
62 { "dkim_sign_headers", opt_stringptr,
63 (void *)offsetof(smtp_transport_options_block, dkim.dkim_sign_headers) },
64 { "dkim_strict", opt_stringptr,
65 (void *)offsetof(smtp_transport_options_block, dkim.dkim_strict) },
66 { "dkim_timestamps", opt_stringptr,
67 (void *)offsetof(smtp_transport_options_block, dkim.dkim_timestamps) },
68 #endif
69 { "dns_qualify_single", opt_bool,
70 (void *)offsetof(smtp_transport_options_block, dns_qualify_single) },
71 { "dns_search_parents", opt_bool,
72 (void *)offsetof(smtp_transport_options_block, dns_search_parents) },
73 { "dnssec_request_domains", opt_stringptr,
74 (void *)offsetof(smtp_transport_options_block, dnssec.request) },
75 { "dnssec_require_domains", opt_stringptr,
76 (void *)offsetof(smtp_transport_options_block, dnssec.require) },
77 { "dscp", opt_stringptr,
78 (void *)offsetof(smtp_transport_options_block, dscp) },
79 { "fallback_hosts", opt_stringptr,
80 (void *)offsetof(smtp_transport_options_block, fallback_hosts) },
81 { "final_timeout", opt_time,
82 (void *)offsetof(smtp_transport_options_block, final_timeout) },
83 { "gethostbyname", opt_bool,
84 (void *)offsetof(smtp_transport_options_block, gethostbyname) },
85 { "helo_data", opt_stringptr,
86 (void *)offsetof(smtp_transport_options_block, helo_data) },
87 { "hosts", opt_stringptr,
88 (void *)offsetof(smtp_transport_options_block, hosts) },
89 { "hosts_avoid_esmtp", opt_stringptr,
90 (void *)offsetof(smtp_transport_options_block, hosts_avoid_esmtp) },
91 { "hosts_avoid_pipelining", opt_stringptr,
92 (void *)offsetof(smtp_transport_options_block, hosts_avoid_pipelining) },
93 #ifdef SUPPORT_TLS
94 { "hosts_avoid_tls", opt_stringptr,
95 (void *)offsetof(smtp_transport_options_block, hosts_avoid_tls) },
96 #endif
97 { "hosts_max_try", opt_int,
98 (void *)offsetof(smtp_transport_options_block, hosts_max_try) },
99 { "hosts_max_try_hardlimit", opt_int,
100 (void *)offsetof(smtp_transport_options_block, hosts_max_try_hardlimit) },
101 #ifdef SUPPORT_TLS
102 { "hosts_nopass_tls", opt_stringptr,
103 (void *)offsetof(smtp_transport_options_block, hosts_nopass_tls) },
104 { "hosts_noproxy_tls", opt_stringptr,
105 (void *)offsetof(smtp_transport_options_block, hosts_noproxy_tls) },
106 #endif
107 { "hosts_override", opt_bool,
108 (void *)offsetof(smtp_transport_options_block, hosts_override) },
109 #ifdef EXPERIMENTAL_PIPE_CONNECT
110 { "hosts_pipe_connect", opt_stringptr,
111 (void *)offsetof(smtp_transport_options_block, hosts_pipe_connect) },
112 #endif
113 { "hosts_randomize", opt_bool,
114 (void *)offsetof(smtp_transport_options_block, hosts_randomize) },
115 #if defined(SUPPORT_TLS) && !defined(DISABLE_OCSP)
116 { "hosts_request_ocsp", opt_stringptr,
117 (void *)offsetof(smtp_transport_options_block, hosts_request_ocsp) },
118 #endif
119 { "hosts_require_auth", opt_stringptr,
120 (void *)offsetof(smtp_transport_options_block, hosts_require_auth) },
121 #ifdef SUPPORT_TLS
122 # ifdef SUPPORT_DANE
123 { "hosts_require_dane", opt_stringptr,
124 (void *)offsetof(smtp_transport_options_block, hosts_require_dane) },
125 # endif
126 # ifndef DISABLE_OCSP
127 { "hosts_require_ocsp", opt_stringptr,
128 (void *)offsetof(smtp_transport_options_block, hosts_require_ocsp) },
129 # endif
130 { "hosts_require_tls", opt_stringptr,
131 (void *)offsetof(smtp_transport_options_block, hosts_require_tls) },
132 #endif
133 { "hosts_try_auth", opt_stringptr,
134 (void *)offsetof(smtp_transport_options_block, hosts_try_auth) },
135 { "hosts_try_chunking", opt_stringptr,
136 (void *)offsetof(smtp_transport_options_block, hosts_try_chunking) },
137 #if defined(SUPPORT_TLS) && defined(SUPPORT_DANE)
138 { "hosts_try_dane", opt_stringptr,
139 (void *)offsetof(smtp_transport_options_block, hosts_try_dane) },
140 #endif
141 { "hosts_try_fastopen", opt_stringptr,
142 (void *)offsetof(smtp_transport_options_block, hosts_try_fastopen) },
143 #ifndef DISABLE_PRDR
144 { "hosts_try_prdr", opt_stringptr,
145 (void *)offsetof(smtp_transport_options_block, hosts_try_prdr) },
146 #endif
147 #ifdef SUPPORT_TLS
148 { "hosts_verify_avoid_tls", opt_stringptr,
149 (void *)offsetof(smtp_transport_options_block, hosts_verify_avoid_tls) },
150 #endif
151 { "interface", opt_stringptr,
152 (void *)offsetof(smtp_transport_options_block, interface) },
153 { "keepalive", opt_bool,
154 (void *)offsetof(smtp_transport_options_block, keepalive) },
155 { "lmtp_ignore_quota", opt_bool,
156 (void *)offsetof(smtp_transport_options_block, lmtp_ignore_quota) },
157 { "max_rcpt", opt_int | opt_public,
158 (void *)offsetof(transport_instance, max_addresses) },
159 { "multi_domain", opt_expand_bool | opt_public,
160 (void *)offsetof(transport_instance, multi_domain) },
161 { "port", opt_stringptr,
162 (void *)offsetof(smtp_transport_options_block, port) },
163 { "protocol", opt_stringptr,
164 (void *)offsetof(smtp_transport_options_block, protocol) },
165 { "retry_include_ip_address", opt_expand_bool,
166 (void *)offsetof(smtp_transport_options_block, retry_include_ip_address) },
167 { "serialize_hosts", opt_stringptr,
168 (void *)offsetof(smtp_transport_options_block, serialize_hosts) },
169 { "size_addition", opt_int,
170 (void *)offsetof(smtp_transport_options_block, size_addition) },
171 #ifdef SUPPORT_SOCKS
172 { "socks_proxy", opt_stringptr,
173 (void *)offsetof(smtp_transport_options_block, socks_proxy) },
174 #endif
175 #ifdef SUPPORT_TLS
176 { "tls_certificate", opt_stringptr,
177 (void *)offsetof(smtp_transport_options_block, tls_certificate) },
178 { "tls_crl", opt_stringptr,
179 (void *)offsetof(smtp_transport_options_block, tls_crl) },
180 { "tls_dh_min_bits", opt_int,
181 (void *)offsetof(smtp_transport_options_block, tls_dh_min_bits) },
182 { "tls_privatekey", opt_stringptr,
183 (void *)offsetof(smtp_transport_options_block, tls_privatekey) },
184 { "tls_require_ciphers", opt_stringptr,
185 (void *)offsetof(smtp_transport_options_block, tls_require_ciphers) },
186 { "tls_sni", opt_stringptr,
187 (void *)offsetof(smtp_transport_options_block, tls_sni) },
188 { "tls_tempfail_tryclear", opt_bool,
189 (void *)offsetof(smtp_transport_options_block, tls_tempfail_tryclear) },
190 { "tls_try_verify_hosts", opt_stringptr,
191 (void *)offsetof(smtp_transport_options_block, tls_try_verify_hosts) },
192 { "tls_verify_cert_hostnames", opt_stringptr,
193 (void *)offsetof(smtp_transport_options_block,tls_verify_cert_hostnames)},
194 { "tls_verify_certificates", opt_stringptr,
195 (void *)offsetof(smtp_transport_options_block, tls_verify_certificates) },
196 { "tls_verify_hosts", opt_stringptr,
197 (void *)offsetof(smtp_transport_options_block, tls_verify_hosts) },
198 #endif
199 #ifdef SUPPORT_I18N
200 { "utf8_downconvert", opt_stringptr,
201 (void *)offsetof(smtp_transport_options_block, utf8_downconvert) },
202 #endif
203 };
204
205 /* Size of the options list. An extern variable has to be used so that its
206 address can appear in the tables drtables.c. */
207
208 int smtp_transport_options_count = nelem(smtp_transport_options);
209
210
211 #ifdef MACRO_PREDEF
212
213 /* Dummy values */
214 smtp_transport_options_block smtp_transport_option_defaults = {0};
215 void smtp_transport_init(transport_instance *tblock) {}
216 BOOL smtp_transport_entry(transport_instance *tblock, address_item *addr) {return FALSE;}
217 void smtp_transport_closedown(transport_instance *tblock) {}
218
219 #else /*!MACRO_PREDEF*/
220
221
222 /* Default private options block for the smtp transport. */
223
224 smtp_transport_options_block smtp_transport_option_defaults = {
225 .hosts = NULL,
226 .fallback_hosts = NULL,
227 .hostlist = NULL,
228 .fallback_hostlist = NULL,
229 .helo_data = US"$primary_hostname",
230 .interface = NULL,
231 .port = NULL,
232 .protocol = US"smtp",
233 .dscp = NULL,
234 .serialize_hosts = NULL,
235 .hosts_try_auth = NULL,
236 .hosts_require_auth = NULL,
237 .hosts_try_chunking = US"*",
238 #ifdef SUPPORT_DANE
239 .hosts_try_dane = NULL,
240 .hosts_require_dane = NULL,
241 .dane_require_tls_ciphers = NULL,
242 #endif
243 .hosts_try_fastopen = NULL,
244 #ifndef DISABLE_PRDR
245 .hosts_try_prdr = US"*",
246 #endif
247 #ifndef DISABLE_OCSP
248 .hosts_request_ocsp = US"*", /* hosts_request_ocsp (except under DANE; tls_client_start()) */
249 .hosts_require_ocsp = NULL,
250 #endif
251 .hosts_require_tls = NULL,
252 .hosts_avoid_tls = NULL,
253 .hosts_verify_avoid_tls = NULL,
254 .hosts_avoid_pipelining = NULL,
255 #ifdef EXPERIMENTAL_PIPE_CONNECT
256 .hosts_pipe_connect = NULL,
257 #endif
258 .hosts_avoid_esmtp = NULL,
259 #ifdef SUPPORT_TLS
260 .hosts_nopass_tls = NULL,
261 .hosts_noproxy_tls = US"*",
262 #endif
263 .command_timeout = 5*60,
264 .connect_timeout = 5*60,
265 .data_timeout = 5*60,
266 .final_timeout = 10*60,
267 .size_addition = 1024,
268 .hosts_max_try = 5,
269 .hosts_max_try_hardlimit = 50,
270 .address_retry_include_sender = TRUE,
271 .allow_localhost = FALSE,
272 .authenticated_sender_force = FALSE,
273 .gethostbyname = FALSE,
274 .dns_qualify_single = TRUE,
275 .dns_search_parents = FALSE,
276 .dnssec = { .request=NULL, .require=NULL },
277 .delay_after_cutoff = TRUE,
278 .hosts_override = FALSE,
279 .hosts_randomize = FALSE,
280 .keepalive = TRUE,
281 .lmtp_ignore_quota = FALSE,
282 .expand_retry_include_ip_address = NULL,
283 .retry_include_ip_address = TRUE,
284 #ifdef SUPPORT_SOCKS
285 .socks_proxy = NULL,
286 #endif
287 #ifdef SUPPORT_TLS
288 .tls_certificate = NULL,
289 .tls_crl = NULL,
290 .tls_privatekey = NULL,
291 .tls_require_ciphers = NULL,
292 .tls_sni = NULL,
293 .tls_verify_certificates = US"system",
294 .tls_dh_min_bits = EXIM_CLIENT_DH_DEFAULT_MIN_BITS,
295 .tls_tempfail_tryclear = TRUE,
296 .tls_verify_hosts = NULL,
297 .tls_try_verify_hosts = US"*",
298 .tls_verify_cert_hostnames = US"*",
299 #endif
300 #ifdef SUPPORT_I18N
301 .utf8_downconvert = NULL,
302 #endif
303 #ifndef DISABLE_DKIM
304 .dkim =
305 {.dkim_domain = NULL,
306 .dkim_identity = NULL,
307 .dkim_private_key = NULL,
308 .dkim_selector = NULL,
309 .dkim_canon = NULL,
310 .dkim_sign_headers = NULL,
311 .dkim_strict = NULL,
312 .dkim_hash = US"sha256",
313 .dkim_timestamps = NULL,
314 .dot_stuffed = FALSE,
315 .force_bodyhash = FALSE,
316 # ifdef EXPERIMENTAL_ARC
317 .arc_signspec = NULL,
318 # endif
319 },
320 # ifdef EXPERIMENTAL_ARC
321 .arc_sign = NULL,
322 # endif
323 #endif
324 };
325
326 /* some DSN flags for use later */
327
328 static int rf_list[] = {rf_notify_never, rf_notify_success,
329 rf_notify_failure, rf_notify_delay };
330
331 static uschar *rf_names[] = { US"NEVER", US"SUCCESS", US"FAILURE", US"DELAY" };
332
333
334
335 /* Local statics */
336
337 static uschar *smtp_command; /* Points to last cmd for error messages */
338 static uschar *mail_command; /* Points to MAIL cmd for error messages */
339 static uschar *data_command = US""; /* Points to DATA cmd for error messages */
340 static BOOL update_waiting; /* TRUE to update the "wait" database */
341
342 /*XXX move to smtp_context */
343 static BOOL pipelining_active; /* current transaction is in pipe mode */
344
345
346 static unsigned ehlo_response(uschar * buf, unsigned checks);
347
348
349 /*************************************************
350 * Setup entry point *
351 *************************************************/
352
353 /* This function is called when the transport is about to be used,
354 but before running it in a sub-process. It is used for two things:
355
356 (1) To set the fallback host list in addresses, when delivering.
357 (2) To pass back the interface, port, protocol, and other options, for use
358 during callout verification.
359
360 Arguments:
361 tblock pointer to the transport instance block
362 addrlist list of addresses about to be transported
363 tf if not NULL, pointer to block in which to return options
364 uid the uid that will be set (not used)
365 gid the gid that will be set (not used)
366 errmsg place for error message (not used)
367
368 Returns: OK always (FAIL, DEFER not used)
369 */
370
371 static int
372 smtp_transport_setup(transport_instance *tblock, address_item *addrlist,
373 transport_feedback *tf, uid_t uid, gid_t gid, uschar **errmsg)
374 {
375 smtp_transport_options_block *ob = SOB tblock->options_block;
376
377 errmsg = errmsg; /* Keep picky compilers happy */
378 uid = uid;
379 gid = gid;
380
381 /* Pass back options if required. This interface is getting very messy. */
382
383 if (tf)
384 {
385 tf->interface = ob->interface;
386 tf->port = ob->port;
387 tf->protocol = ob->protocol;
388 tf->hosts = ob->hosts;
389 tf->hosts_override = ob->hosts_override;
390 tf->hosts_randomize = ob->hosts_randomize;
391 tf->gethostbyname = ob->gethostbyname;
392 tf->qualify_single = ob->dns_qualify_single;
393 tf->search_parents = ob->dns_search_parents;
394 tf->helo_data = ob->helo_data;
395 }
396
397 /* Set the fallback host list for all the addresses that don't have fallback
398 host lists, provided that the local host wasn't present in the original host
399 list. */
400
401 if (!testflag(addrlist, af_local_host_removed))
402 for (; addrlist; addrlist = addrlist->next)
403 if (!addrlist->fallback_hosts) addrlist->fallback_hosts = ob->fallback_hostlist;
404
405 return OK;
406 }
407
408
409
410 /*************************************************
411 * Initialization entry point *
412 *************************************************/
413
414 /* Called for each instance, after its options have been read, to
415 enable consistency checks to be done, or anything else that needs
416 to be set up.
417
418 Argument: pointer to the transport instance block
419 Returns: nothing
420 */
421
422 void
423 smtp_transport_init(transport_instance *tblock)
424 {
425 smtp_transport_options_block *ob = SOB tblock->options_block;
426
427 /* Retry_use_local_part defaults FALSE if unset */
428
429 if (tblock->retry_use_local_part == TRUE_UNSET)
430 tblock->retry_use_local_part = FALSE;
431
432 /* Set the default port according to the protocol */
433
434 if (!ob->port)
435 ob->port = strcmpic(ob->protocol, US"lmtp") == 0
436 ? US"lmtp"
437 : strcmpic(ob->protocol, US"smtps") == 0
438 ? US"smtps" : US"smtp";
439
440 /* Set up the setup entry point, to be called before subprocesses for this
441 transport. */
442
443 tblock->setup = smtp_transport_setup;
444
445 /* Complain if any of the timeouts are zero. */
446
447 if (ob->command_timeout <= 0 || ob->data_timeout <= 0 ||
448 ob->final_timeout <= 0)
449 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
450 "command, data, or final timeout value is zero for %s transport",
451 tblock->name);
452
453 /* If hosts_override is set and there are local hosts, set the global
454 flag that stops verify from showing router hosts. */
455
456 if (ob->hosts_override && ob->hosts != NULL) tblock->overrides_hosts = TRUE;
457
458 /* If there are any fallback hosts listed, build a chain of host items
459 for them, but do not do any lookups at this time. */
460
461 host_build_hostlist(&(ob->fallback_hostlist), ob->fallback_hosts, FALSE);
462 }
463
464
465
466
467
468 /*************************************************
469 * Set delivery info into all active addresses *
470 *************************************************/
471
472 /* Only addresses whose status is >= PENDING are relevant. A lesser
473 status means that an address is not currently being processed.
474
475 Arguments:
476 addrlist points to a chain of addresses
477 errno_value to put in each address's errno field
478 msg to put in each address's message field
479 rc to put in each address's transport_return field
480 pass_message if TRUE, set the "pass message" flag in the address
481 host if set, mark addrs as having used this host
482 smtp_greeting from peer
483 helo_response from peer
484
485 If errno_value has the special value ERRNO_CONNECTTIMEOUT, ETIMEDOUT is put in
486 the errno field, and RTEF_CTOUT is ORed into the more_errno field, to indicate
487 this particular type of timeout.
488
489 Returns: nothing
490 */
491
492 static void
493 set_errno(address_item *addrlist, int errno_value, uschar *msg, int rc,
494 BOOL pass_message, host_item * host
495 #ifdef EXPERIMENTAL_DSN_INFO
496 , const uschar * smtp_greeting, const uschar * helo_response
497 #endif
498 )
499 {
500 address_item *addr;
501 int orvalue = 0;
502 if (errno_value == ERRNO_CONNECTTIMEOUT)
503 {
504 errno_value = ETIMEDOUT;
505 orvalue = RTEF_CTOUT;
506 }
507 for (addr = addrlist; addr; addr = addr->next)
508 if (addr->transport_return >= PENDING)
509 {
510 addr->basic_errno = errno_value;
511 addr->more_errno |= orvalue;
512 if (msg)
513 {
514 addr->message = msg;
515 if (pass_message) setflag(addr, af_pass_message);
516 }
517 addr->transport_return = rc;
518 if (host)
519 {
520 addr->host_used = host;
521 #ifdef EXPERIMENTAL_DSN_INFO
522 if (smtp_greeting)
523 {uschar * s = Ustrchr(smtp_greeting, '\n'); if (s) *s = '\0';}
524 addr->smtp_greeting = smtp_greeting;
525
526 if (helo_response)
527 {uschar * s = Ustrchr(helo_response, '\n'); if (s) *s = '\0';}
528 addr->helo_response = helo_response;
529 #endif
530 }
531 }
532 }
533
534 static void
535 set_errno_nohost(address_item *addrlist, int errno_value, uschar *msg, int rc,
536 BOOL pass_message)
537 {
538 set_errno(addrlist, errno_value, msg, rc, pass_message, NULL
539 #ifdef EXPERIMENTAL_DSN_INFO
540 , NULL, NULL
541 #endif
542 );
543 }
544
545
546 /*************************************************
547 * Check an SMTP response *
548 *************************************************/
549
550 /* This function is given an errno code and the SMTP response buffer
551 to analyse, together with the host identification for generating messages. It
552 sets an appropriate message and puts the first digit of the response code into
553 the yield variable. If no response was actually read, a suitable digit is
554 chosen.
555
556 Arguments:
557 host the current host, to get its name for messages
558 errno_value pointer to the errno value
559 more_errno from the top address for use with ERRNO_FILTER_FAIL
560 buffer the SMTP response buffer
561 yield where to put a one-digit SMTP response code
562 message where to put an error message
563 pass_message set TRUE if message is an SMTP response
564
565 Returns: TRUE if an SMTP "QUIT" command should be sent, else FALSE
566 */
567
568 static BOOL
569 check_response(host_item *host, int *errno_value, int more_errno,
570 uschar *buffer, int *yield, uschar **message, BOOL *pass_message)
571 {
572 uschar * pl = pipelining_active ? US"pipelined " : US"";
573 const uschar * s;
574
575 *yield = '4'; /* Default setting is to give a temporary error */
576
577 switch(*errno_value)
578 {
579 case ETIMEDOUT: /* Handle response timeout */
580 *message = US string_sprintf("SMTP timeout after %s%s",
581 pl, smtp_command);
582 if (transport_count > 0)
583 *message = US string_sprintf("%s (%d bytes written)", *message,
584 transport_count);
585 return FALSE;
586
587 case ERRNO_SMTPFORMAT: /* Handle malformed SMTP response */
588 s = string_printing(buffer);
589 while (isspace(*s)) s++;
590 *message = *s == 0
591 ? string_sprintf("Malformed SMTP reply (an empty line) "
592 "in response to %s%s", pl, smtp_command)
593 : string_sprintf("Malformed SMTP reply in response to %s%s: %s",
594 pl, smtp_command, s);
595 return FALSE;
596
597 case ERRNO_FILTER_FAIL: /* Handle a failed filter process error;
598 can't send QUIT as we mustn't end the DATA. */
599 *message = string_sprintf("transport filter process failed (%d)%s",
600 more_errno,
601 more_errno == EX_EXECFAILED ? ": unable to execute command" : "");
602 return FALSE;
603
604 case ERRNO_CHHEADER_FAIL: /* Handle a failed add_headers expansion;
605 can't send QUIT as we mustn't end the DATA. */
606 *message =
607 string_sprintf("failed to expand headers_add or headers_remove: %s",
608 expand_string_message);
609 return FALSE;
610
611 case ERRNO_WRITEINCOMPLETE: /* failure to write a complete data block */
612 *message = string_sprintf("failed to write a data block");
613 return FALSE;
614
615 #ifdef SUPPORT_I18N
616 case ERRNO_UTF8_FWD: /* no advertised SMTPUTF8, for international message */
617 *message = US"utf8 support required but not offered for forwarding";
618 DEBUG(D_deliver|D_transport) debug_printf("%s\n", *message);
619 return TRUE;
620 #endif
621 }
622
623 /* Handle error responses from the remote mailer. */
624
625 if (buffer[0] != 0)
626 {
627 *message = string_sprintf("SMTP error from remote mail server after %s%s: "
628 "%s", pl, smtp_command, s = string_printing(buffer));
629 *pass_message = TRUE;
630 *yield = buffer[0];
631 return TRUE;
632 }
633
634 /* No data was read. If there is no errno, this must be the EOF (i.e.
635 connection closed) case, which causes deferral. An explicit connection reset
636 error has the same effect. Otherwise, put the host's identity in the message,
637 leaving the errno value to be interpreted as well. In all cases, we have to
638 assume the connection is now dead. */
639
640 if (*errno_value == 0 || *errno_value == ECONNRESET)
641 {
642 *errno_value = ERRNO_SMTPCLOSED;
643 *message = US string_sprintf("Remote host closed connection "
644 "in response to %s%s", pl, smtp_command);
645 }
646 else
647 *message = US string_sprintf("%s [%s]", host->name, host->address);
648
649 return FALSE;
650 }
651
652
653
654 /*************************************************
655 * Write error message to logs *
656 *************************************************/
657
658 /* This writes to the main log and to the message log.
659
660 Arguments:
661 host the current host
662 detail the current message (addr_item->message)
663 basic_errno the errno (addr_item->basic_errno)
664
665 Returns: nothing
666 */
667
668 static void
669 write_logs(const host_item *host, const uschar *suffix, int basic_errno)
670 {
671 gstring * message = LOGGING(outgoing_port)
672 ? string_fmt_append(NULL, "H=%s [%s]:%d", host->name, host->address,
673 host->port == PORT_NONE ? 25 : host->port)
674 : string_fmt_append(NULL, "H=%s [%s]", host->name, host->address);
675
676 if (suffix)
677 {
678 message = string_fmt_append(message, ": %s", suffix);
679 if (basic_errno > 0)
680 message = string_fmt_append(message, ": %s", strerror(basic_errno));
681 }
682 else
683 message = string_fmt_append(message, " %s", exim_errstr(basic_errno));
684
685 log_write(0, LOG_MAIN, "%s", string_from_gstring(message));
686 deliver_msglog("%s %s\n", tod_stamp(tod_log), message->s);
687 }
688
689 static void
690 msglog_line(host_item * host, uschar * message)
691 {
692 deliver_msglog("%s H=%s [%s] %s\n", tod_stamp(tod_log),
693 host->name, host->address, message);
694 }
695
696
697
698 #ifndef DISABLE_EVENT
699 /*************************************************
700 * Post-defer action *
701 *************************************************/
702
703 /* This expands an arbitrary per-transport string.
704 It might, for example, be used to write to the database log.
705
706 Arguments:
707 addr the address item containing error information
708 host the current host
709
710 Returns: nothing
711 */
712
713 static void
714 deferred_event_raise(address_item *addr, host_item *host)
715 {
716 uschar * action = addr->transport->event_action;
717 const uschar * save_domain;
718 uschar * save_local;
719
720 if (!action)
721 return;
722
723 save_domain = deliver_domain;
724 save_local = deliver_localpart;
725
726 /*XXX would ip & port already be set up? */
727 deliver_host_address = string_copy(host->address);
728 deliver_host_port = host->port == PORT_NONE ? 25 : host->port;
729 event_defer_errno = addr->basic_errno;
730
731 router_name = addr->router->name;
732 transport_name = addr->transport->name;
733 deliver_domain = addr->domain;
734 deliver_localpart = addr->local_part;
735
736 (void) event_raise(action, US"msg:host:defer",
737 addr->message
738 ? addr->basic_errno > 0
739 ? string_sprintf("%s: %s", addr->message, strerror(addr->basic_errno))
740 : string_copy(addr->message)
741 : addr->basic_errno > 0
742 ? string_copy(US strerror(addr->basic_errno))
743 : NULL);
744
745 deliver_localpart = save_local;
746 deliver_domain = save_domain;
747 router_name = transport_name = NULL;
748 }
749 #endif
750
751 /*************************************************
752 * Reap SMTP specific responses *
753 *************************************************/
754 static int
755 smtp_discard_responses(smtp_context * sx, smtp_transport_options_block * ob,
756 int count)
757 {
758 uschar flushbuffer[4096];
759
760 while (count-- > 0)
761 {
762 if (!smtp_read_response(sx, flushbuffer, sizeof(flushbuffer),
763 '2', ob->command_timeout)
764 && (errno != 0 || flushbuffer[0] == 0))
765 break;
766 }
767 return count;
768 }
769
770
771 /* Return boolean success */
772
773 static BOOL
774 smtp_reap_banner(smtp_context * sx)
775 {
776 BOOL good_response = smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),
777 '2', (SOB sx->conn_args.ob)->command_timeout);
778 #ifdef EXPERIMENTAL_DSN_INFO
779 sx->smtp_greeting = string_copy(sx->buffer);
780 #endif
781 return good_response;
782 }
783
784 static BOOL
785 smtp_reap_ehlo(smtp_context * sx)
786 {
787 if (!smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '2',
788 (SOB sx->conn_args.ob)->command_timeout))
789 {
790 if (errno != 0 || sx->buffer[0] == 0 || sx->lmtp)
791 {
792 #ifdef EXPERIMENTAL_DSN_INFO
793 sx->helo_response = string_copy(sx->buffer);
794 #endif
795 return FALSE;
796 }
797 sx->esmtp = FALSE;
798 }
799 #ifdef EXPERIMENTAL_DSN_INFO
800 sx->helo_response = string_copy(sx->buffer);
801 #endif
802 return TRUE;
803 }
804
805
806
807 #ifdef EXPERIMENTAL_PIPE_CONNECT
808 static uschar *
809 ehlo_cache_key(const smtp_context * sx)
810 {
811 host_item * host = sx->conn_args.host;
812 return Ustrchr(host->address, ':')
813 ? string_sprintf("[%s]:%d.EHLO", host->address,
814 host->port == PORT_NONE ? sx->port : host->port)
815 : string_sprintf("%s:%d.EHLO", host->address,
816 host->port == PORT_NONE ? sx->port : host->port);
817 }
818
819 static void
820 write_ehlo_cache_entry(const smtp_context * sx)
821 {
822 open_db dbblock, * dbm_file;
823
824 if ((dbm_file = dbfn_open(US"misc", O_RDWR, &dbblock, TRUE)))
825 {
826 uschar * ehlo_resp_key = ehlo_cache_key(sx);
827 dbdata_ehlo_resp er = { .data = sx->ehlo_resp };
828
829 dbfn_write(dbm_file, ehlo_resp_key, &er, (int)sizeof(er));
830 dbfn_close(dbm_file);
831 }
832 }
833
834 static void
835 invalidate_ehlo_cache_entry(smtp_context * sx)
836 {
837 open_db dbblock, * dbm_file;
838
839 if ( sx->early_pipe_active
840 && (dbm_file = dbfn_open(US"misc", O_RDWR, &dbblock, TRUE)))
841 {
842 uschar * ehlo_resp_key = ehlo_cache_key(sx);
843 dbfn_delete(dbm_file, ehlo_resp_key);
844 dbfn_close(dbm_file);
845 }
846 }
847
848 static BOOL
849 read_ehlo_cache_entry(smtp_context * sx)
850 {
851 open_db dbblock;
852 open_db * dbm_file;
853
854 if (!(dbm_file = dbfn_open(US"misc", O_RDONLY, &dbblock, FALSE)))
855 { DEBUG(D_transport) debug_printf("ehlo-cache: no misc DB\n"); }
856 else
857 {
858 uschar * ehlo_resp_key = ehlo_cache_key(sx);
859 dbdata_ehlo_resp * er;
860
861 if (!(er = dbfn_read(dbm_file, ehlo_resp_key)))
862 { DEBUG(D_transport) debug_printf("no ehlo-resp record\n"); }
863 else if (time(NULL) - er->time_stamp > retry_data_expire)
864 {
865 DEBUG(D_transport) debug_printf("ehlo-resp record too old\n");
866 dbfn_close(dbm_file);
867 if ((dbm_file = dbfn_open(US"misc", O_RDWR, &dbblock, TRUE)))
868 dbfn_delete(dbm_file, ehlo_resp_key);
869 }
870 else
871 {
872 sx->ehlo_resp = er->data;
873 dbfn_close(dbm_file);
874 DEBUG(D_transport) debug_printf(
875 "EHLO response bits from cache: cleartext 0x%04x crypted 0x%04x\n",
876 er->data.cleartext_features, er->data.crypted_features);
877 return TRUE;
878 }
879 dbfn_close(dbm_file);
880 }
881 return FALSE;
882 }
883
884
885
886 /* Return an auths bitmap for the set of AUTH methods offered by the server
887 which match our authenticators. */
888
889 static unsigned short
890 study_ehlo_auths(smtp_context * sx)
891 {
892 uschar * names;
893 auth_instance * au;
894 uschar authnum;
895 unsigned short authbits = 0;
896
897 if (!sx->esmtp) return 0;
898 if (!regex_AUTH) regex_AUTH = regex_must_compile(AUTHS_REGEX, FALSE, TRUE);
899 if (!regex_match_and_setup(regex_AUTH, sx->buffer, 0, -1)) return 0;
900 expand_nmax = -1; /* reset */
901 names = string_copyn(expand_nstring[1], expand_nlength[1]);
902
903 for (au = auths, authnum = 0; au; au = au->next, authnum++) if (au->client)
904 {
905 const uschar * list = names;
906 int sep = ' ';
907 uschar name[32];
908
909 while (string_nextinlist(&list, &sep, name, sizeof(name)))
910 if (strcmpic(au->public_name, name) == 0)
911 { authbits |= BIT(authnum); break; }
912 }
913
914 DEBUG(D_transport)
915 debug_printf("server offers %s AUTH, methods '%s', bitmap 0x%04x\n",
916 tls_out.active.sock >= 0 ? "crypted" : "plaintext", names, authbits);
917
918 if (tls_out.active.sock >= 0)
919 sx->ehlo_resp.crypted_auths = authbits;
920 else
921 sx->ehlo_resp.cleartext_auths = authbits;
922 return authbits;
923 }
924
925
926
927
928 /* Wait for and check responses for early-pipelining.
929
930 Called from the lower-level smtp_read_response() function
931 used for general code that assume synchronisation, if context
932 flags indicate outstanding early-pipelining commands. Also
933 called fom sync_responses() which handles pipelined commands.
934
935 Arguments:
936 sx smtp connection context
937 countp number of outstanding responses, adjusted on return
938
939 Return:
940 OK all well
941 FAIL SMTP error in response
942 */
943 int
944 smtp_reap_early_pipe(smtp_context * sx, int * countp)
945 {
946 BOOL pending_BANNER = sx->pending_BANNER;
947 BOOL pending_EHLO = sx->pending_EHLO;
948
949 sx->pending_BANNER = FALSE; /* clear early to avoid recursion */
950 sx->pending_EHLO = FALSE;
951
952 if (pending_BANNER)
953 {
954 DEBUG(D_transport) debug_printf("%s expect banner\n", __FUNCTION__);
955 (*countp)--;
956 if (!smtp_reap_banner(sx))
957 {
958 DEBUG(D_transport) debug_printf("bad banner\n");
959 goto fail;
960 }
961 }
962
963 if (pending_EHLO)
964 {
965 unsigned peer_offered;
966 unsigned short authbits = 0, * ap;
967
968 DEBUG(D_transport) debug_printf("%s expect ehlo\n", __FUNCTION__);
969 (*countp)--;
970 if (!smtp_reap_ehlo(sx))
971 {
972 DEBUG(D_transport) debug_printf("bad response for EHLO\n");
973 goto fail;
974 }
975
976 /* Compare the actual EHLO response to the cached value we assumed;
977 on difference, dump or rewrite the cache and arrange for a retry. */
978
979 ap = tls_out.active.sock < 0
980 ? &sx->ehlo_resp.cleartext_auths : &sx->ehlo_resp.crypted_auths;
981
982 peer_offered = ehlo_response(sx->buffer,
983 (tls_out.active.sock < 0 ? OPTION_TLS : OPTION_REQUIRETLS)
984 | OPTION_CHUNKING | OPTION_PRDR | OPTION_DSN | OPTION_PIPE | OPTION_SIZE
985 | OPTION_UTF8 | OPTION_EARLY_PIPE
986 );
987 if ( peer_offered != sx->peer_offered
988 || (authbits = study_ehlo_auths(sx)) != *ap)
989 {
990 HDEBUG(D_transport)
991 debug_printf("EHLO extensions changed, 0x%04x/0x%04x -> 0x%04x/0x%04x\n",
992 sx->peer_offered, *ap, peer_offered, authbits);
993 *ap = authbits;
994 if (peer_offered & OPTION_EARLY_PIPE)
995 write_ehlo_cache_entry(sx);
996 else
997 invalidate_ehlo_cache_entry(sx);
998
999 return OK; /* just carry on */
1000 }
1001 }
1002 return OK;
1003
1004 fail:
1005 invalidate_ehlo_cache_entry(sx);
1006 (void) smtp_discard_responses(sx, sx->conn_args.ob, *countp);
1007 return FAIL;
1008 }
1009 #endif
1010
1011
1012 /*************************************************
1013 * Synchronize SMTP responses *
1014 *************************************************/
1015
1016 /* This function is called from smtp_deliver() to receive SMTP responses from
1017 the server, and match them up with the commands to which they relate. When
1018 PIPELINING is not in use, this function is called after every command, and is
1019 therefore somewhat over-engineered, but it is simpler to use a single scheme
1020 that works both with and without PIPELINING instead of having two separate sets
1021 of code.
1022
1023 The set of commands that are buffered up with pipelining may start with MAIL
1024 and may end with DATA; in between are RCPT commands that correspond to the
1025 addresses whose status is PENDING_DEFER. All other commands (STARTTLS, AUTH,
1026 etc.) are never buffered.
1027
1028 Errors after MAIL or DATA abort the whole process leaving the response in the
1029 buffer. After MAIL, pending responses are flushed, and the original command is
1030 re-instated in big_buffer for error messages. For RCPT commands, the remote is
1031 permitted to reject some recipient addresses while accepting others. However
1032 certain errors clearly abort the whole process. Set the value in
1033 transport_return to PENDING_OK if the address is accepted. If there is a
1034 subsequent general error, it will get reset accordingly. If not, it will get
1035 converted to OK at the end.
1036
1037 Arguments:
1038 sx smtp connection context
1039 count the number of responses to read
1040 pending_DATA 0 if last command sent was not DATA
1041 +1 if previously had a good recipient
1042 -1 if not previously had a good recipient
1043
1044 Returns: 3 if at least one address had 2xx and one had 5xx
1045 2 if at least one address had 5xx but none had 2xx
1046 1 if at least one host had a 2xx response, but none had 5xx
1047 0 no address had 2xx or 5xx but no errors (all 4xx, or just DATA)
1048 -1 timeout while reading RCPT response
1049 -2 I/O or other non-response error for RCPT
1050 -3 DATA or MAIL failed - errno and buffer set
1051 -4 banner or EHLO failed (early-pipelining)
1052 */
1053
1054 static int
1055 sync_responses(smtp_context * sx, int count, int pending_DATA)
1056 {
1057 address_item * addr = sx->sync_addr;
1058 smtp_transport_options_block * ob = sx->conn_args.ob;
1059 int yield = 0;
1060
1061 #ifdef EXPERIMENTAL_PIPE_CONNECT
1062 if (smtp_reap_early_pipe(sx, &count) != OK)
1063 return -4;
1064 #endif
1065
1066 /* Handle the response for a MAIL command. On error, reinstate the original
1067 command in big_buffer for error message use, and flush any further pending
1068 responses before returning, except after I/O errors and timeouts. */
1069
1070 if (sx->pending_MAIL)
1071 {
1072 DEBUG(D_transport) debug_printf("%s expect mail\n", __FUNCTION__);
1073 count--;
1074 if (!smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),
1075 '2', ob->command_timeout))
1076 {
1077 DEBUG(D_transport) debug_printf("bad response for MAIL\n");
1078 Ustrcpy(big_buffer, mail_command); /* Fits, because it came from there! */
1079 if (errno == 0 && sx->buffer[0] != 0)
1080 {
1081 int save_errno = 0;
1082 if (sx->buffer[0] == '4')
1083 {
1084 save_errno = ERRNO_MAIL4XX;
1085 addr->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
1086 }
1087 count = smtp_discard_responses(sx, ob, count);
1088 errno = save_errno;
1089 }
1090
1091 if (pending_DATA) count--; /* Number of RCPT responses to come */
1092 while (count-- > 0) /* Mark any pending addrs with the host used */
1093 {
1094 while (addr->transport_return != PENDING_DEFER) addr = addr->next;
1095 addr->host_used = sx->conn_args.host;
1096 addr = addr->next;
1097 }
1098 return -3;
1099 }
1100 }
1101
1102 if (pending_DATA) count--; /* Number of RCPT responses to come */
1103
1104 /* Read and handle the required number of RCPT responses, matching each one up
1105 with an address by scanning for the next address whose status is PENDING_DEFER.
1106 */
1107
1108 while (count-- > 0)
1109 {
1110 while (addr->transport_return != PENDING_DEFER)
1111 if (!(addr = addr->next))
1112 return -2;
1113
1114 /* The address was accepted */
1115 addr->host_used = sx->conn_args.host;
1116
1117 DEBUG(D_transport) debug_printf("%s expect rcpt\n", __FUNCTION__);
1118 if (smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),
1119 '2', ob->command_timeout))
1120 {
1121 yield |= 1;
1122 addr->transport_return = PENDING_OK;
1123
1124 /* If af_dr_retry_exists is set, there was a routing delay on this address;
1125 ensure that any address-specific retry record is expunged. We do this both
1126 for the basic key and for the version that also includes the sender. */
1127
1128 if (testflag(addr, af_dr_retry_exists))
1129 {
1130 uschar *altkey = string_sprintf("%s:<%s>", addr->address_retry_key,
1131 sender_address);
1132 retry_add_item(addr, altkey, rf_delete);
1133 retry_add_item(addr, addr->address_retry_key, rf_delete);
1134 }
1135 }
1136
1137 /* Timeout while reading the response */
1138
1139 else if (errno == ETIMEDOUT)
1140 {
1141 uschar *message = string_sprintf("SMTP timeout after RCPT TO:<%s>",
1142 transport_rcpt_address(addr, sx->conn_args.tblock->rcpt_include_affixes));
1143 set_errno_nohost(sx->first_addr, ETIMEDOUT, message, DEFER, FALSE);
1144 retry_add_item(addr, addr->address_retry_key, 0);
1145 update_waiting = FALSE;
1146 return -1;
1147 }
1148
1149 /* Handle other errors in obtaining an SMTP response by returning -1. This
1150 will cause all the addresses to be deferred. Restore the SMTP command in
1151 big_buffer for which we are checking the response, so the error message
1152 makes sense. */
1153
1154 else if (errno != 0 || sx->buffer[0] == 0)
1155 {
1156 string_format(big_buffer, big_buffer_size, "RCPT TO:<%s>",
1157 transport_rcpt_address(addr, sx->conn_args.tblock->rcpt_include_affixes));
1158 return -2;
1159 }
1160
1161 /* Handle SMTP permanent and temporary response codes. */
1162
1163 else
1164 {
1165 addr->message =
1166 string_sprintf("SMTP error from remote mail server after RCPT TO:<%s>: "
1167 "%s", transport_rcpt_address(addr, sx->conn_args.tblock->rcpt_include_affixes),
1168 string_printing(sx->buffer));
1169 setflag(addr, af_pass_message);
1170 if (!sx->verify)
1171 msglog_line(sx->conn_args.host, addr->message);
1172
1173 /* The response was 5xx */
1174
1175 if (sx->buffer[0] == '5')
1176 {
1177 addr->transport_return = FAIL;
1178 yield |= 2;
1179 }
1180
1181 /* The response was 4xx */
1182
1183 else
1184 {
1185 addr->transport_return = DEFER;
1186 addr->basic_errno = ERRNO_RCPT4XX;
1187 addr->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
1188
1189 if (!sx->verify)
1190 {
1191 #ifndef DISABLE_EVENT
1192 event_defer_errno = addr->more_errno;
1193 msg_event_raise(US"msg:rcpt:host:defer", addr);
1194 #endif
1195
1196 /* Log temporary errors if there are more hosts to be tried.
1197 If not, log this last one in the == line. */
1198
1199 if (sx->conn_args.host->next)
1200 if (LOGGING(outgoing_port))
1201 log_write(0, LOG_MAIN, "H=%s [%s]:%d %s", sx->conn_args.host->name,
1202 sx->conn_args.host->address,
1203 sx->port == PORT_NONE ? 25 : sx->port, addr->message);
1204 else
1205 log_write(0, LOG_MAIN, "H=%s [%s]: %s", sx->conn_args.host->name,
1206 sx->conn_args.host->address, addr->message);
1207
1208 #ifndef DISABLE_EVENT
1209 else
1210 msg_event_raise(US"msg:rcpt:defer", addr);
1211 #endif
1212
1213 /* Do not put this message on the list of those waiting for specific
1214 hosts, as otherwise it is likely to be tried too often. */
1215
1216 update_waiting = FALSE;
1217
1218 /* Add a retry item for the address so that it doesn't get tried again
1219 too soon. If address_retry_include_sender is true, add the sender address
1220 to the retry key. */
1221
1222 retry_add_item(addr,
1223 ob->address_retry_include_sender
1224 ? string_sprintf("%s:<%s>", addr->address_retry_key, sender_address)
1225 : addr->address_retry_key,
1226 0);
1227 }
1228 }
1229 }
1230 } /* Loop for next RCPT response */
1231
1232 /* Update where to start at for the next block of responses, unless we
1233 have already handled all the addresses. */
1234
1235 if (addr) sx->sync_addr = addr->next;
1236
1237 /* Handle a response to DATA. If we have not had any good recipients, either
1238 previously or in this block, the response is ignored. */
1239
1240 if (pending_DATA != 0)
1241 {
1242 DEBUG(D_transport) debug_printf("%s expect data\n", __FUNCTION__);
1243 if (!smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),
1244 '3', ob->command_timeout))
1245 {
1246 int code;
1247 uschar *msg;
1248 BOOL pass_message;
1249 if (pending_DATA > 0 || (yield & 1) != 0)
1250 {
1251 if (errno == 0 && sx->buffer[0] == '4')
1252 {
1253 errno = ERRNO_DATA4XX;
1254 sx->first_addr->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
1255 }
1256 return -3;
1257 }
1258 (void)check_response(sx->conn_args.host, &errno, 0, sx->buffer, &code, &msg, &pass_message);
1259 DEBUG(D_transport) debug_printf("%s\nerror for DATA ignored: pipelining "
1260 "is in use and there were no good recipients\n", msg);
1261 }
1262 }
1263
1264 /* All responses read and handled; MAIL (if present) received 2xx and DATA (if
1265 present) received 3xx. If any RCPTs were handled and yielded anything other
1266 than 4xx, yield will be set non-zero. */
1267
1268 return yield;
1269 }
1270
1271
1272
1273
1274
1275 /* Try an authenticator's client entry */
1276
1277 static int
1278 try_authenticator(smtp_context * sx, auth_instance * au)
1279 {
1280 smtp_transport_options_block * ob = sx->conn_args.ob; /* transport options */
1281 host_item * host = sx->conn_args.host; /* host to deliver to */
1282 int rc;
1283
1284 sx->outblock.authenticating = TRUE;
1285 rc = (au->info->clientcode)(au, sx, ob->command_timeout,
1286 sx->buffer, sizeof(sx->buffer));
1287 sx->outblock.authenticating = FALSE;
1288 DEBUG(D_transport) debug_printf("%s authenticator yielded %d\n", au->name, rc);
1289
1290 /* A temporary authentication failure must hold up delivery to
1291 this host. After a permanent authentication failure, we carry on
1292 to try other authentication methods. If all fail hard, try to
1293 deliver the message unauthenticated unless require_auth was set. */
1294
1295 switch(rc)
1296 {
1297 case OK:
1298 f.smtp_authenticated = TRUE; /* stops the outer loop */
1299 client_authenticator = au->name;
1300 if (au->set_client_id)
1301 client_authenticated_id = expand_string(au->set_client_id);
1302 break;
1303
1304 /* Failure after writing a command */
1305
1306 case FAIL_SEND:
1307 return FAIL_SEND;
1308
1309 /* Failure after reading a response */
1310
1311 case FAIL:
1312 if (errno != 0 || sx->buffer[0] != '5') return FAIL;
1313 log_write(0, LOG_MAIN, "%s authenticator failed H=%s [%s] %s",
1314 au->name, host->name, host->address, sx->buffer);
1315 break;
1316
1317 /* Failure by some other means. In effect, the authenticator
1318 decided it wasn't prepared to handle this case. Typically this
1319 is the result of "fail" in an expansion string. Do we need to
1320 log anything here? Feb 2006: a message is now put in the buffer
1321 if logging is required. */
1322
1323 case CANCELLED:
1324 if (*sx->buffer != 0)
1325 log_write(0, LOG_MAIN, "%s authenticator cancelled "
1326 "authentication H=%s [%s] %s", au->name, host->name,
1327 host->address, sx->buffer);
1328 break;
1329
1330 /* Internal problem, message in buffer. */
1331
1332 case ERROR:
1333 set_errno_nohost(sx->addrlist, ERRNO_AUTHPROB, string_copy(sx->buffer),
1334 DEFER, FALSE);
1335 return ERROR;
1336 }
1337 return OK;
1338 }
1339
1340
1341
1342
1343 /* Do the client side of smtp-level authentication.
1344
1345 Arguments:
1346 sx smtp connection context
1347
1348 sx->buffer should have the EHLO response from server (gets overwritten)
1349
1350 Returns:
1351 OK Success, or failed (but not required): global "smtp_authenticated" set
1352 DEFER Failed authentication (and was required)
1353 ERROR Internal problem
1354
1355 FAIL_SEND Failed communications - transmit
1356 FAIL - response
1357 */
1358
1359 static int
1360 smtp_auth(smtp_context * sx)
1361 {
1362 host_item * host = sx->conn_args.host; /* host to deliver to */
1363 smtp_transport_options_block * ob = sx->conn_args.ob; /* transport options */
1364 int require_auth = verify_check_given_host(CUSS &ob->hosts_require_auth, host);
1365 #ifdef EXPERIMENTAL_PIPE_CONNECT
1366 unsigned short authbits = tls_out.active.sock >= 0
1367 ? sx->ehlo_resp.crypted_auths : sx->ehlo_resp.cleartext_auths;
1368 #endif
1369 uschar * fail_reason = US"server did not advertise AUTH support";
1370
1371 f.smtp_authenticated = FALSE;
1372 client_authenticator = client_authenticated_id = client_authenticated_sender = NULL;
1373
1374 if (!regex_AUTH)
1375 regex_AUTH = regex_must_compile(AUTHS_REGEX, FALSE, TRUE);
1376
1377 /* Is the server offering AUTH? */
1378
1379 if ( sx->esmtp
1380 &&
1381 #ifdef EXPERIMENTAL_PIPE_CONNECT
1382 sx->early_pipe_active ? authbits
1383 :
1384 #endif
1385 regex_match_and_setup(regex_AUTH, sx->buffer, 0, -1)
1386 )
1387 {
1388 uschar * names = NULL;
1389 expand_nmax = -1; /* reset */
1390
1391 #ifdef EXPERIMENTAL_PIPE_CONNECT
1392 if (!sx->early_pipe_active)
1393 #endif
1394 names = string_copyn(expand_nstring[1], expand_nlength[1]);
1395
1396 /* Must not do this check until after we have saved the result of the
1397 regex match above as the check could be another RE. */
1398
1399 if ( require_auth == OK
1400 || verify_check_given_host(CUSS &ob->hosts_try_auth, host) == OK)
1401 {
1402 auth_instance * au;
1403
1404 DEBUG(D_transport) debug_printf("scanning authentication mechanisms\n");
1405 fail_reason = US"no common mechanisms were found";
1406
1407 #ifdef EXPERIMENTAL_PIPE_CONNECT
1408 if (sx->early_pipe_active)
1409 {
1410 /* Scan our authenticators (which support use by a client and were offered
1411 by the server (checked at cache-write time)), not suppressed by
1412 client_condition. If one is found, attempt to authenticate by calling its
1413 client function. We are limited to supporting up to 16 authenticator
1414 public-names by the number of bits in a short. */
1415
1416 uschar bitnum;
1417 int rc;
1418
1419 for (bitnum = 0, au = auths;
1420 !f.smtp_authenticated && au && bitnum < 16;
1421 bitnum++, au = au->next) if (authbits & BIT(bitnum))
1422 {
1423 if ( au->client_condition
1424 && !expand_check_condition(au->client_condition, au->name,
1425 US"client authenticator"))
1426 {
1427 DEBUG(D_transport) debug_printf("skipping %s authenticator: %s\n",
1428 au->name, "client_condition is false");
1429 continue;
1430 }
1431
1432 /* Found data for a listed mechanism. Call its client entry. Set
1433 a flag in the outblock so that data is overwritten after sending so
1434 that reflections don't show it. */
1435
1436 fail_reason = US"authentication attempt(s) failed";
1437
1438 if ((rc = try_authenticator(sx, au)) != OK)
1439 return rc;
1440 }
1441 }
1442 else
1443 #endif
1444
1445 /* Scan the configured authenticators looking for one which is configured
1446 for use as a client, which is not suppressed by client_condition, and
1447 whose name matches an authentication mechanism supported by the server.
1448 If one is found, attempt to authenticate by calling its client function.
1449 */
1450
1451 for (au = auths; !f.smtp_authenticated && au; au = au->next)
1452 {
1453 uschar *p = names;
1454
1455 if ( !au->client
1456 || ( au->client_condition
1457 && !expand_check_condition(au->client_condition, au->name,
1458 US"client authenticator")))
1459 {
1460 DEBUG(D_transport) debug_printf("skipping %s authenticator: %s\n",
1461 au->name,
1462 (au->client)? "client_condition is false" :
1463 "not configured as a client");
1464 continue;
1465 }
1466
1467 /* Loop to scan supported server mechanisms */
1468
1469 while (*p)
1470 {
1471 int len = Ustrlen(au->public_name);
1472 int rc;
1473
1474 while (isspace(*p)) p++;
1475
1476 if (strncmpic(au->public_name, p, len) != 0 ||
1477 (p[len] != 0 && !isspace(p[len])))
1478 {
1479 while (*p != 0 && !isspace(*p)) p++;
1480 continue;
1481 }
1482
1483 /* Found data for a listed mechanism. Call its client entry. Set
1484 a flag in the outblock so that data is overwritten after sending so
1485 that reflections don't show it. */
1486
1487 fail_reason = US"authentication attempt(s) failed";
1488
1489 if ((rc = try_authenticator(sx, au)) != OK)
1490 return rc;
1491
1492 break; /* If not authenticated, try next authenticator */
1493 } /* Loop for scanning supported server mechanisms */
1494 } /* Loop for further authenticators */
1495 }
1496 }
1497
1498 /* If we haven't authenticated, but are required to, give up. */
1499
1500 if (require_auth == OK && !f.smtp_authenticated)
1501 {
1502 set_errno_nohost(sx->addrlist, ERRNO_AUTHFAIL,
1503 string_sprintf("authentication required but %s", fail_reason), DEFER,
1504 FALSE);
1505 return DEFER;
1506 }
1507
1508 return OK;
1509 }
1510
1511
1512 /* Construct AUTH appendix string for MAIL TO */
1513 /*
1514 Arguments
1515 buffer to build string
1516 addrlist chain of potential addresses to deliver
1517 ob transport options
1518
1519 Globals f.smtp_authenticated
1520 client_authenticated_sender
1521 Return True on error, otherwise buffer has (possibly empty) terminated string
1522 */
1523
1524 BOOL
1525 smtp_mail_auth_str(uschar *buffer, unsigned bufsize, address_item *addrlist,
1526 smtp_transport_options_block *ob)
1527 {
1528 uschar *local_authenticated_sender = authenticated_sender;
1529
1530 #ifdef notdef
1531 debug_printf("smtp_mail_auth_str: as<%s> os<%s> SA<%s>\n", authenticated_sender, ob->authenticated_sender, f.smtp_authenticated?"Y":"N");
1532 #endif
1533
1534 if (ob->authenticated_sender != NULL)
1535 {
1536 uschar *new = expand_string(ob->authenticated_sender);
1537 if (new == NULL)
1538 {
1539 if (!f.expand_string_forcedfail)
1540 {
1541 uschar *message = string_sprintf("failed to expand "
1542 "authenticated_sender: %s", expand_string_message);
1543 set_errno_nohost(addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE);
1544 return TRUE;
1545 }
1546 }
1547 else if (new[0] != 0) local_authenticated_sender = new;
1548 }
1549
1550 /* Add the authenticated sender address if present */
1551
1552 if ((f.smtp_authenticated || ob->authenticated_sender_force) &&
1553 local_authenticated_sender != NULL)
1554 {
1555 string_format(buffer, bufsize, " AUTH=%s",
1556 auth_xtextencode(local_authenticated_sender,
1557 Ustrlen(local_authenticated_sender)));
1558 client_authenticated_sender = string_copy(local_authenticated_sender);
1559 }
1560 else
1561 *buffer= 0;
1562
1563 return FALSE;
1564 }
1565
1566
1567
1568 #ifdef SUPPORT_DANE
1569 /* Lookup TLSA record for host/port.
1570 Return: OK success with dnssec; DANE mode
1571 DEFER Do not use this host now, may retry later
1572 FAIL_FORCED No TLSA record; DANE not usable
1573 FAIL Do not use this connection
1574 */
1575
1576 int
1577 tlsa_lookup(const host_item * host, dns_answer * dnsa, BOOL dane_required)
1578 {
1579 /* move this out to host.c given the similarity to dns_lookup() ? */
1580 uschar buffer[300];
1581 const uschar * fullname = buffer;
1582 int rc;
1583 BOOL sec;
1584
1585 /* TLSA lookup string */
1586 (void)sprintf(CS buffer, "_%d._tcp.%.256s", host->port, host->name);
1587
1588 rc = dns_lookup(dnsa, buffer, T_TLSA, &fullname);
1589 sec = dns_is_secure(dnsa);
1590 DEBUG(D_transport)
1591 debug_printf("TLSA lookup ret %d %sDNSSEC\n", rc, sec ? "" : "not ");
1592
1593 switch (rc)
1594 {
1595 case DNS_AGAIN:
1596 return DEFER; /* just defer this TLS'd conn */
1597
1598 case DNS_SUCCEED:
1599 if (sec)
1600 {
1601 DEBUG(D_transport)
1602 {
1603 dns_scan dnss;
1604 dns_record * rr;
1605 for (rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;
1606 rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
1607 if (rr->type == T_TLSA && rr->size > 3)
1608 {
1609 uint16_t payload_length = rr->size - 3;
1610 uschar s[MAX_TLSA_EXPANDED_SIZE], * sp = s, * p = US rr->data;
1611
1612 sp += sprintf(CS sp, "%d ", *p++); /* usage */
1613 sp += sprintf(CS sp, "%d ", *p++); /* selector */
1614 sp += sprintf(CS sp, "%d ", *p++); /* matchtype */
1615 while (payload_length-- > 0 && sp-s < (MAX_TLSA_EXPANDED_SIZE - 4))
1616 sp += sprintf(CS sp, "%02x", *p++);
1617
1618 debug_printf(" %s\n", s);
1619 }
1620 }
1621 return OK;
1622 }
1623 log_write(0, LOG_MAIN,
1624 "DANE error: TLSA lookup for %s not DNSSEC", host->name);
1625 /*FALLTRHOUGH*/
1626
1627 case DNS_NODATA: /* no TLSA RR for this lookup */
1628 case DNS_NOMATCH: /* no records at all for this lookup */
1629 return dane_required ? FAIL : FAIL_FORCED;
1630
1631 default:
1632 case DNS_FAIL:
1633 return dane_required ? FAIL : DEFER;
1634 }
1635 }
1636 #endif
1637
1638
1639
1640 typedef struct smtp_compare_s
1641 {
1642 uschar *current_sender_address;
1643 struct transport_instance *tblock;
1644 } smtp_compare_t;
1645
1646
1647 /* Create a unique string that identifies this message, it is based on
1648 sender_address, helo_data and tls_certificate if enabled.
1649 */
1650
1651 static uschar *
1652 smtp_local_identity(uschar * sender, struct transport_instance * tblock)
1653 {
1654 address_item * addr1;
1655 uschar * if1 = US"";
1656 uschar * helo1 = US"";
1657 #ifdef SUPPORT_TLS
1658 uschar * tlsc1 = US"";
1659 #endif
1660 uschar * save_sender_address = sender_address;
1661 uschar * local_identity = NULL;
1662 smtp_transport_options_block * ob = SOB tblock->options_block;
1663
1664 sender_address = sender;
1665
1666 addr1 = deliver_make_addr (sender, TRUE);
1667 deliver_set_expansions(addr1);
1668
1669 if (ob->interface)
1670 if1 = expand_string(ob->interface);
1671
1672 if (ob->helo_data)
1673 helo1 = expand_string(ob->helo_data);
1674
1675 #ifdef SUPPORT_TLS
1676 if (ob->tls_certificate)
1677 tlsc1 = expand_string(ob->tls_certificate);
1678 local_identity = string_sprintf ("%s^%s^%s", if1, helo1, tlsc1);
1679 #else
1680 local_identity = string_sprintf ("%s^%s", if1, helo1);
1681 #endif
1682
1683 deliver_set_expansions(NULL);
1684 sender_address = save_sender_address;
1685
1686 return local_identity;
1687 }
1688
1689
1690
1691 /* This routine is a callback that is called from transport_check_waiting.
1692 This function will evaluate the incoming message versus the previous
1693 message. If the incoming message is using a different local identity then
1694 we will veto this new message. */
1695
1696 static BOOL
1697 smtp_are_same_identities(uschar * message_id, smtp_compare_t * s_compare)
1698 {
1699 uschar * message_local_identity,
1700 * current_local_identity,
1701 * new_sender_address;
1702
1703 current_local_identity =
1704 smtp_local_identity(s_compare->current_sender_address, s_compare->tblock);
1705
1706 if (!(new_sender_address = deliver_get_sender_address(message_id)))
1707 return 0;
1708
1709 message_local_identity =
1710 smtp_local_identity(new_sender_address, s_compare->tblock);
1711
1712 return Ustrcmp(current_local_identity, message_local_identity) == 0;
1713 }
1714
1715
1716
1717 static unsigned
1718 ehlo_response(uschar * buf, unsigned checks)
1719 {
1720 size_t bsize = Ustrlen(buf);
1721
1722 /* debug_printf("%s: check for 0x%04x\n", __FUNCTION__, checks); */
1723
1724 #ifdef SUPPORT_TLS
1725 # ifdef EXPERIMENTAL_REQUIRETLS
1726 if ( checks & OPTION_REQUIRETLS
1727 && pcre_exec(regex_REQUIRETLS, NULL, CS buf,bsize, 0, PCRE_EOPT, NULL,0) < 0)
1728 # endif
1729 checks &= ~OPTION_REQUIRETLS;
1730
1731 if ( checks & OPTION_TLS
1732 && pcre_exec(regex_STARTTLS, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
1733 #endif
1734 checks &= ~OPTION_TLS;
1735
1736 if ( checks & OPTION_IGNQ
1737 && pcre_exec(regex_IGNOREQUOTA, NULL, CS buf, bsize, 0,
1738 PCRE_EOPT, NULL, 0) < 0)
1739 checks &= ~OPTION_IGNQ;
1740
1741 if ( checks & OPTION_CHUNKING
1742 && pcre_exec(regex_CHUNKING, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
1743 checks &= ~OPTION_CHUNKING;
1744
1745 #ifndef DISABLE_PRDR
1746 if ( checks & OPTION_PRDR
1747 && pcre_exec(regex_PRDR, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
1748 #endif
1749 checks &= ~OPTION_PRDR;
1750
1751 #ifdef SUPPORT_I18N
1752 if ( checks & OPTION_UTF8
1753 && pcre_exec(regex_UTF8, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
1754 #endif
1755 checks &= ~OPTION_UTF8;
1756
1757 if ( checks & OPTION_DSN
1758 && pcre_exec(regex_DSN, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
1759 checks &= ~OPTION_DSN;
1760
1761 if ( checks & OPTION_PIPE
1762 && pcre_exec(regex_PIPELINING, NULL, CS buf, bsize, 0,
1763 PCRE_EOPT, NULL, 0) < 0)
1764 checks &= ~OPTION_PIPE;
1765
1766 if ( checks & OPTION_SIZE
1767 && pcre_exec(regex_SIZE, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
1768 checks &= ~OPTION_SIZE;
1769
1770 #ifdef EXPERIMENTAL_PIPE_CONNECT
1771 if ( checks & OPTION_EARLY_PIPE
1772 && pcre_exec(regex_EARLY_PIPE, NULL, CS buf, bsize, 0,
1773 PCRE_EOPT, NULL, 0) < 0)
1774 #endif
1775 checks &= ~OPTION_EARLY_PIPE;
1776
1777 /* debug_printf("%s: found 0x%04x\n", __FUNCTION__, checks); */
1778 return checks;
1779 }
1780
1781
1782
1783 /* Callback for emitting a BDAT data chunk header.
1784
1785 If given a nonzero size, first flush any buffered SMTP commands
1786 then emit the command.
1787
1788 Reap previous SMTP command responses if requested, and always reap
1789 the response from a previous BDAT command.
1790
1791 Args:
1792 tctx transport context
1793 chunk_size value for SMTP BDAT command
1794 flags
1795 tc_chunk_last add LAST option to SMTP BDAT command
1796 tc_reap_prev reap response to previous SMTP commands
1797
1798 Returns: OK or ERROR
1799 */
1800
1801 static int
1802 smtp_chunk_cmd_callback(transport_ctx * tctx, unsigned chunk_size,
1803 unsigned flags)
1804 {
1805 smtp_transport_options_block * ob = SOB tctx->tblock->options_block;
1806 smtp_context * sx = tctx->smtp_context;
1807 int cmd_count = 0;
1808 int prev_cmd_count;
1809
1810 /* Write SMTP chunk header command. If not reaping responses, note that
1811 there may be more writes (like, the chunk data) done soon. */
1812
1813 if (chunk_size > 0)
1814 {
1815 #ifdef EXPERIMENTAL_PIPE_CONNECT
1816 BOOL new_conn = !!(sx->outblock.conn_args);
1817 #endif
1818 if((cmd_count = smtp_write_command(sx,
1819 flags & tc_reap_prev ? SCMD_FLUSH : SCMD_MORE,
1820 "BDAT %u%s\r\n", chunk_size, flags & tc_chunk_last ? " LAST" : "")
1821 ) < 0) return ERROR;
1822 if (flags & tc_chunk_last)
1823 data_command = string_copy(big_buffer); /* Save for later error message */
1824 #ifdef EXPERIMENTAL_PIPE_CONNECT
1825 /* That command write could have been the one that made the connection.
1826 Copy the fd from the client conn ctx (smtp transport specific) to the
1827 generic transport ctx. */
1828
1829 if (new_conn)
1830 tctx->u.fd = sx->outblock.cctx->sock;
1831 #endif
1832 }
1833
1834 prev_cmd_count = cmd_count += sx->cmd_count;
1835
1836 /* Reap responses for any previous, but not one we just emitted */
1837
1838 if (chunk_size > 0)
1839 prev_cmd_count--;
1840 if (sx->pending_BDAT)
1841 prev_cmd_count--;
1842
1843 if (flags & tc_reap_prev && prev_cmd_count > 0)
1844 {
1845 DEBUG(D_transport) debug_printf("look for %d responses"
1846 " for previous pipelined cmds\n", prev_cmd_count);
1847
1848 switch(sync_responses(sx, prev_cmd_count, 0))
1849 {
1850 case 1: /* 2xx (only) => OK */
1851 case 3: sx->good_RCPT = TRUE; /* 2xx & 5xx => OK & progress made */
1852 case 2: sx->completed_addr = TRUE; /* 5xx (only) => progress made */
1853 case 0: break; /* No 2xx or 5xx, but no probs */
1854
1855 case -1: /* Timeout on RCPT */
1856 #ifdef EXPERIMENTAL_PIPE_CONNECT
1857 case -4: /* non-2xx for pipelined banner or EHLO */
1858 #endif
1859 default: return ERROR; /* I/O error, or any MAIL/DATA error */
1860 }
1861 cmd_count = 1;
1862 if (!sx->pending_BDAT)
1863 pipelining_active = FALSE;
1864 }
1865
1866 /* Reap response for an outstanding BDAT */
1867
1868 if (sx->pending_BDAT)
1869 {
1870 DEBUG(D_transport) debug_printf("look for one response for BDAT\n");
1871
1872 if (!smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '2',
1873 ob->command_timeout))
1874 {
1875 if (errno == 0 && sx->buffer[0] == '4')
1876 {
1877 errno = ERRNO_DATA4XX; /*XXX does this actually get used? */
1878 sx->addrlist->more_errno |=
1879 ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
1880 }
1881 return ERROR;
1882 }
1883 cmd_count--;
1884 sx->pending_BDAT = FALSE;
1885 pipelining_active = FALSE;
1886 }
1887 else if (chunk_size > 0)
1888 sx->pending_BDAT = TRUE;
1889
1890
1891 sx->cmd_count = cmd_count;
1892 return OK;
1893 }
1894
1895
1896
1897
1898
1899 /*************************************************
1900 * Make connection for given message *
1901 *************************************************/
1902
1903 /*
1904 Arguments:
1905 ctx connection context
1906 suppress_tls if TRUE, don't attempt a TLS connection - this is set for
1907 a second attempt after TLS initialization fails
1908
1909 Returns: OK - the connection was made and the delivery attempted;
1910 fd is set in the conn context, tls_out set up.
1911 DEFER - the connection could not be made, or something failed
1912 while setting up the SMTP session, or there was a
1913 non-message-specific error, such as a timeout.
1914 ERROR - helo_data or add_headers or authenticated_sender is
1915 specified for this transport, and the string failed
1916 to expand
1917 */
1918 int
1919 smtp_setup_conn(smtp_context * sx, BOOL suppress_tls)
1920 {
1921 #if defined(SUPPORT_TLS) && defined(SUPPORT_DANE)
1922 dns_answer tlsa_dnsa;
1923 #endif
1924 smtp_transport_options_block * ob = sx->conn_args.tblock->options_block;
1925 BOOL pass_message = FALSE;
1926 uschar * message = NULL;
1927 int yield = OK;
1928 int rc;
1929
1930 sx->conn_args.ob = ob;
1931
1932 sx->lmtp = strcmpic(ob->protocol, US"lmtp") == 0;
1933 sx->smtps = strcmpic(ob->protocol, US"smtps") == 0;
1934 sx->ok = FALSE;
1935 sx->send_rset = TRUE;
1936 sx->send_quit = TRUE;
1937 sx->setting_up = TRUE;
1938 sx->esmtp = TRUE;
1939 sx->esmtp_sent = FALSE;
1940 #ifdef SUPPORT_I18N
1941 sx->utf8_needed = FALSE;
1942 #endif
1943 sx->dsn_all_lasthop = TRUE;
1944 #if defined(SUPPORT_TLS) && defined(SUPPORT_DANE)
1945 sx->dane = FALSE;
1946 sx->dane_required =
1947 verify_check_given_host(CUSS &ob->hosts_require_dane, sx->conn_args.host) == OK;
1948 #endif
1949 #ifdef EXPERIMENTAL_PIPE_CONNECT
1950 sx->early_pipe_active = sx->early_pipe_ok = FALSE;
1951 sx->ehlo_resp.cleartext_features = sx->ehlo_resp.crypted_features = 0;
1952 sx->pending_BANNER = sx->pending_EHLO = FALSE;
1953 #endif
1954
1955 if ((sx->max_rcpt = sx->conn_args.tblock->max_addresses) == 0) sx->max_rcpt = 999999;
1956 sx->peer_offered = 0;
1957 sx->avoid_option = 0;
1958 sx->igquotstr = US"";
1959 if (!sx->helo_data) sx->helo_data = ob->helo_data;
1960 #ifdef EXPERIMENTAL_DSN_INFO
1961 sx->smtp_greeting = NULL;
1962 sx->helo_response = NULL;
1963 #endif
1964
1965 smtp_command = US"initial connection";
1966 sx->buffer[0] = '\0';
1967
1968 /* Set up the buffer for reading SMTP response packets. */
1969
1970 sx->inblock.buffer = sx->inbuffer;
1971 sx->inblock.buffersize = sizeof(sx->inbuffer);
1972 sx->inblock.ptr = sx->inbuffer;
1973 sx->inblock.ptrend = sx->inbuffer;
1974
1975 /* Set up the buffer for holding SMTP commands while pipelining */
1976
1977 sx->outblock.buffer = sx->outbuffer;
1978 sx->outblock.buffersize = sizeof(sx->outbuffer);
1979 sx->outblock.ptr = sx->outbuffer;
1980 sx->outblock.cmd_count = 0;
1981 sx->outblock.authenticating = FALSE;
1982 sx->outblock.conn_args = NULL;
1983
1984 /* Reset the parameters of a TLS session. */
1985
1986 tls_out.bits = 0;
1987 tls_out.cipher = NULL; /* the one we may use for this transport */
1988 tls_out.ourcert = NULL;
1989 tls_out.peercert = NULL;
1990 tls_out.peerdn = NULL;
1991 #if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
1992 tls_out.sni = NULL;
1993 #endif
1994 tls_out.ocsp = OCSP_NOT_REQ;
1995
1996 /* Flip the legacy TLS-related variables over to the outbound set in case
1997 they're used in the context of the transport. Don't bother resetting
1998 afterward (when being used by a transport) as we're in a subprocess.
1999 For verify, unflipped once the callout is dealt with */
2000
2001 tls_modify_variables(&tls_out);
2002
2003 #ifndef SUPPORT_TLS
2004 if (sx->smtps)
2005 {
2006 set_errno_nohost(sx->addrlist, ERRNO_TLSFAILURE, US"TLS support not available",
2007 DEFER, FALSE);
2008 return ERROR;
2009 }
2010 #endif
2011
2012 /* Make a connection to the host if this isn't a continued delivery, and handle
2013 the initial interaction and HELO/EHLO/LHLO. Connect timeout errors are handled
2014 specially so they can be identified for retries. */
2015
2016 if (!continue_hostname)
2017 {
2018 if (sx->verify)
2019 HDEBUG(D_verify) debug_printf("interface=%s port=%d\n", sx->conn_args.interface, sx->port);
2020
2021 /* Get the actual port the connection will use, into sx->conn_args.host */
2022
2023 smtp_port_for_connect(sx->conn_args.host, sx->port);
2024
2025 #if defined(SUPPORT_TLS) && defined(SUPPORT_DANE)
2026 /* Do TLSA lookup for DANE */
2027 {
2028 tls_out.dane_verified = FALSE;
2029 tls_out.tlsa_usage = 0;
2030
2031 if (sx->conn_args.host->dnssec == DS_YES)
2032 {
2033 if( sx->dane_required
2034 || verify_check_given_host(CUSS &ob->hosts_try_dane, sx->conn_args.host) == OK
2035 )
2036 switch (rc = tlsa_lookup(sx->conn_args.host, &tlsa_dnsa, sx->dane_required))
2037 {
2038 case OK: sx->dane = TRUE;
2039 ob->tls_tempfail_tryclear = FALSE;
2040 break;
2041 case FAIL_FORCED: break;
2042 default: set_errno_nohost(sx->addrlist, ERRNO_DNSDEFER,
2043 string_sprintf("DANE error: tlsa lookup %s",
2044 rc == DEFER ? "DEFER" : "FAIL"),
2045 rc, FALSE);
2046 # ifndef DISABLE_EVENT
2047 (void) event_raise(sx->conn_args.tblock->event_action,
2048 US"dane:fail", sx->dane_required
2049 ? US"dane-required" : US"dnssec-invalid");
2050 # endif
2051 return rc;
2052 }
2053 }
2054 else if (sx->dane_required)
2055 {
2056 set_errno_nohost(sx->addrlist, ERRNO_DNSDEFER,
2057 string_sprintf("DANE error: %s lookup not DNSSEC", sx->conn_args.host->name),
2058 FAIL, FALSE);
2059 # ifndef DISABLE_EVENT
2060 (void) event_raise(sx->conn_args.tblock->event_action,
2061 US"dane:fail", US"dane-required");
2062 # endif
2063 return FAIL;
2064 }
2065 }
2066 #endif /*DANE*/
2067
2068 /* Make the TCP connection */
2069
2070 sx->cctx.tls_ctx = NULL;
2071 sx->inblock.cctx = sx->outblock.cctx = &sx->cctx;
2072 sx->avoid_option = sx->peer_offered = smtp_peer_options = 0;
2073
2074 #ifdef EXPERIMENTAL_PIPE_CONNECT
2075 if (verify_check_given_host(CUSS &ob->hosts_pipe_connect, sx->conn_args.host) == OK)
2076 {
2077 sx->early_pipe_ok = TRUE;
2078 if ( read_ehlo_cache_entry(sx)
2079 && sx->ehlo_resp.cleartext_features & OPTION_EARLY_PIPE)
2080 {
2081 DEBUG(D_transport) debug_printf("Using cached cleartext PIPE_CONNECT\n");
2082 sx->early_pipe_active = TRUE;
2083 sx->peer_offered = sx->ehlo_resp.cleartext_features;
2084 }
2085 }
2086
2087 if (sx->early_pipe_active)
2088 sx->outblock.conn_args = &sx->conn_args;
2089 else
2090 #endif
2091 {
2092 if ((sx->cctx.sock = smtp_connect(&sx->conn_args, NULL)) < 0)
2093 {
2094 uschar * msg = NULL;
2095 if (sx->verify)
2096 {
2097 msg = US strerror(errno);
2098 HDEBUG(D_verify) debug_printf("connect: %s\n", msg);
2099 }
2100 set_errno_nohost(sx->addrlist,
2101 errno == ETIMEDOUT ? ERRNO_CONNECTTIMEOUT : errno,
2102 sx->verify ? string_sprintf("could not connect: %s", msg)
2103 : NULL,
2104 DEFER, FALSE);
2105 sx->send_quit = FALSE;
2106 return DEFER;
2107 }
2108 }
2109 /* Expand the greeting message while waiting for the initial response. (Makes
2110 sense if helo_data contains ${lookup dnsdb ...} stuff). The expansion is
2111 delayed till here so that $sending_interface and $sending_port are set. */
2112 /*XXX early-pipe: they still will not be. Is there any way to find out what they
2113 will be? Somehow I doubt it. */
2114
2115 if (sx->helo_data)
2116 if (!(sx->helo_data = expand_string(sx->helo_data)))
2117 if (sx->verify)
2118 log_write(0, LOG_MAIN|LOG_PANIC,
2119 "<%s>: failed to expand transport's helo_data value for callout: %s",
2120 sx->addrlist->address, expand_string_message);
2121
2122 #ifdef SUPPORT_I18N
2123 if (sx->helo_data)
2124 {
2125 expand_string_message = NULL;
2126 if ((sx->helo_data = string_domain_utf8_to_alabel(sx->helo_data,
2127 &expand_string_message)),
2128 expand_string_message)
2129 if (sx->verify)
2130 log_write(0, LOG_MAIN|LOG_PANIC,
2131 "<%s>: failed to expand transport's helo_data value for callout: %s",
2132 sx->addrlist->address, expand_string_message);
2133 else
2134 sx->helo_data = NULL;
2135 }
2136 #endif
2137
2138 /* The first thing is to wait for an initial OK response. The dreaded "goto"
2139 is nevertheless a reasonably clean way of programming this kind of logic,
2140 where you want to escape on any error. */
2141
2142 if (!sx->smtps)
2143 {
2144 #ifdef EXPERIMENTAL_PIPE_CONNECT
2145 if (sx->early_pipe_active)
2146 {
2147 sx->pending_BANNER = TRUE; /* sync_responses() must eventually handle */
2148 sx->outblock.cmd_count = 1;
2149 }
2150 else
2151 #endif
2152 {
2153 #ifdef TCP_QUICKACK
2154 (void) setsockopt(sx->cctx.sock, IPPROTO_TCP, TCP_QUICKACK, US &off,
2155 sizeof(off));
2156 #endif
2157 if (!smtp_reap_banner(sx))
2158 goto RESPONSE_FAILED;
2159 }
2160
2161 #ifndef DISABLE_EVENT
2162 {
2163 uschar * s;
2164 lookup_dnssec_authenticated = sx->conn_args.host->dnssec==DS_YES ? US"yes"
2165 : sx->conn_args.host->dnssec==DS_NO ? US"no" : NULL;
2166 s = event_raise(sx->conn_args.tblock->event_action, US"smtp:connect", sx->buffer);
2167 if (s)
2168 {
2169 set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL,
2170 string_sprintf("deferred by smtp:connect event expansion: %s", s),
2171 DEFER, FALSE);
2172 yield = DEFER;
2173 goto SEND_QUIT;
2174 }
2175 }
2176 #endif
2177
2178 /* Now check if the helo_data expansion went well, and sign off cleanly if
2179 it didn't. */
2180
2181 if (!sx->helo_data)
2182 {
2183 message = string_sprintf("failed to expand helo_data: %s",
2184 expand_string_message);
2185 set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE);
2186 yield = DEFER;
2187 goto SEND_QUIT;
2188 }
2189 }
2190
2191 /** Debugging without sending a message
2192 sx->addrlist->transport_return = DEFER;
2193 goto SEND_QUIT;
2194 **/
2195
2196 /* Errors that occur after this point follow an SMTP command, which is
2197 left in big_buffer by smtp_write_command() for use in error messages. */
2198
2199 smtp_command = big_buffer;
2200
2201 /* Tell the remote who we are...
2202
2203 February 1998: A convention has evolved that ESMTP-speaking MTAs include the
2204 string "ESMTP" in their greeting lines, so make Exim send EHLO if the
2205 greeting is of this form. The assumption was that the far end supports it
2206 properly... but experience shows that there are some that give 5xx responses,
2207 even though the banner includes "ESMTP" (there's a bloody-minded one that
2208 says "ESMTP not spoken here"). Cope with that case.
2209
2210 September 2000: Time has passed, and it seems reasonable now to always send
2211 EHLO at the start. It is also convenient to make the change while installing
2212 the TLS stuff.
2213
2214 July 2003: Joachim Wieland met a broken server that advertises "PIPELINING"
2215 but times out after sending MAIL FROM, RCPT TO and DATA all together. There
2216 would be no way to send out the mails, so there is now a host list
2217 "hosts_avoid_esmtp" that disables ESMTP for special hosts and solves the
2218 PIPELINING problem as well. Maybe it can also be useful to cure other
2219 problems with broken servers.
2220
2221 Exim originally sent "Helo" at this point and ran for nearly a year that way.
2222 Then somebody tried it with a Microsoft mailer... It seems that all other
2223 mailers use upper case for some reason (the RFC is quite clear about case
2224 independence) so, for peace of mind, I gave in. */
2225
2226 sx->esmtp = verify_check_given_host(CUSS &ob->hosts_avoid_esmtp, sx->conn_args.host) != OK;
2227
2228 /* Alas; be careful, since this goto is not an error-out, so conceivably
2229 we might set data between here and the target which we assume to exist
2230 and be usable. I can see this coming back to bite us. */
2231 #ifdef SUPPORT_TLS
2232 if (sx->smtps)
2233 {
2234 smtp_peer_options |= OPTION_TLS;
2235 suppress_tls = FALSE;
2236 ob->tls_tempfail_tryclear = FALSE;
2237 smtp_command = US"SSL-on-connect";
2238 goto TLS_NEGOTIATE;
2239 }
2240 #endif
2241
2242 if (sx->esmtp)
2243 {
2244 if (smtp_write_command(sx,
2245 #ifdef EXPERIMENTAL_PIPE_CONNECT
2246 sx->early_pipe_active ? SCMD_BUFFER :
2247 #endif
2248 SCMD_FLUSH,
2249 "%s %s\r\n", sx->lmtp ? "LHLO" : "EHLO", sx->helo_data) < 0)
2250 goto SEND_FAILED;
2251 sx->esmtp_sent = TRUE;
2252
2253 #ifdef EXPERIMENTAL_PIPE_CONNECT
2254 if (sx->early_pipe_active)
2255 {
2256 sx->pending_EHLO = TRUE;
2257
2258 /* If we have too many authenticators to handle and might need to AUTH
2259 for this transport, pipeline no further as we will need the
2260 list of auth methods offered. Reap the banner and EHLO. */
2261
2262 if ( (ob->hosts_require_auth || ob->hosts_try_auth)
2263 && f.smtp_in_early_pipe_no_auth)
2264 {
2265 DEBUG(D_transport) debug_printf("may need to auth, so pipeline no further\n");
2266 if (smtp_write_command(sx, SCMD_FLUSH, NULL) < 0)
2267 goto SEND_FAILED;
2268 if (sync_responses(sx, 2, 0) != 0)
2269 {
2270 HDEBUG(D_transport)
2271 debug_printf("failed reaping pipelined cmd responses\n");
2272 goto RESPONSE_FAILED;
2273 }
2274 sx->early_pipe_active = FALSE;
2275 }
2276 }
2277 else
2278 #endif
2279 if (!smtp_reap_ehlo(sx))
2280 goto RESPONSE_FAILED;
2281 }
2282 else
2283 DEBUG(D_transport)
2284 debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
2285
2286 #ifdef EXPERIMENTAL_PIPE_CONNECT
2287 if (!sx->early_pipe_active)
2288 #endif
2289 if (!sx->esmtp)
2290 {
2291 BOOL good_response;
2292 int n = sizeof(sx->buffer);
2293 uschar * rsp = sx->buffer;
2294
2295 if (sx->esmtp_sent && (n = Ustrlen(sx->buffer)) < sizeof(sx->buffer)/2)
2296 { rsp = sx->buffer + n + 1; n = sizeof(sx->buffer) - n; }
2297
2298 if (smtp_write_command(sx, SCMD_FLUSH, "HELO %s\r\n", sx->helo_data) < 0)
2299 goto SEND_FAILED;
2300 good_response = smtp_read_response(sx, rsp, n, '2', ob->command_timeout);
2301 #ifdef EXPERIMENTAL_DSN_INFO
2302 sx->helo_response = string_copy(rsp);
2303 #endif
2304 if (!good_response)
2305 {
2306 /* Handle special logging for a closed connection after HELO
2307 when had previously sent EHLO */
2308
2309 if (rsp != sx->buffer && rsp[0] == 0 && (errno == 0 || errno == ECONNRESET))
2310 {
2311 errno = ERRNO_SMTPCLOSED;
2312 goto EHLOHELO_FAILED;
2313 }
2314 memmove(sx->buffer, rsp, Ustrlen(rsp));
2315 goto RESPONSE_FAILED;
2316 }
2317 }
2318
2319 if (sx->esmtp || sx->lmtp)
2320 {
2321 #ifdef EXPERIMENTAL_PIPE_CONNECT
2322 if (!sx->early_pipe_active)
2323 #endif
2324 {
2325 sx->peer_offered = ehlo_response(sx->buffer,
2326 OPTION_TLS /* others checked later */
2327 #ifdef EXPERIMENTAL_PIPE_CONNECT
2328 | (sx->early_pipe_ok
2329 ? OPTION_IGNQ
2330 | OPTION_CHUNKING | OPTION_PRDR | OPTION_DSN | OPTION_PIPE | OPTION_SIZE
2331 #ifdef SUPPORT_I18N
2332 | OPTION_UTF8
2333 #endif
2334 | OPTION_EARLY_PIPE
2335 : 0
2336 )
2337 #endif
2338 );
2339 #ifdef EXPERIMENTAL_PIPE_CONNECT
2340 if (sx->early_pipe_ok)
2341 {
2342 sx->ehlo_resp.cleartext_features = sx->peer_offered;
2343
2344 if ( (sx->peer_offered & (OPTION_PIPE | OPTION_EARLY_PIPE))
2345 == (OPTION_PIPE | OPTION_EARLY_PIPE))
2346 {
2347 DEBUG(D_transport) debug_printf("PIPE_CONNECT usable in future for this IP\n");
2348 sx->ehlo_resp.cleartext_auths = study_ehlo_auths(sx);
2349 write_ehlo_cache_entry(sx);
2350 }
2351 }
2352 #endif
2353 }
2354
2355 /* Set tls_offered if the response to EHLO specifies support for STARTTLS. */
2356
2357 #ifdef SUPPORT_TLS
2358 smtp_peer_options |= sx->peer_offered & OPTION_TLS;
2359 #endif
2360 }
2361 }
2362
2363 /* For continuing deliveries down the same channel, having re-exec'd the socket
2364 is the standard input; for a socket held open from verify it is recorded
2365 in the cutthrough context block. Either way we don't need to redo EHLO here
2366 (but may need to do so for TLS - see below).
2367 Set up the pointer to where subsequent commands will be left, for
2368 error messages. Note that smtp_peer_options will have been
2369 set from the command line if they were set in the process that passed the
2370 connection on. */
2371
2372 /*XXX continue case needs to propagate DSN_INFO, prob. in deliver.c
2373 as the continue goes via transport_pass_socket() and doublefork and exec.
2374 It does not wait. Unclear how we keep separate host's responses
2375 separate - we could match up by host ip+port as a bodge. */
2376
2377 else
2378 {
2379 if (cutthrough.cctx.sock >= 0 && cutthrough.callout_hold_only)
2380 {
2381 sx->cctx = cutthrough.cctx;
2382 sx->conn_args.host->port = sx->port = cutthrough.host.port;
2383 }
2384 else
2385 {
2386 sx->cctx.sock = 0; /* stdin */
2387 sx->cctx.tls_ctx = NULL;
2388 smtp_port_for_connect(sx->conn_args.host, sx->port); /* Record the port that was used */
2389 }
2390 sx->inblock.cctx = sx->outblock.cctx = &sx->cctx;
2391 smtp_command = big_buffer;
2392 sx->helo_data = NULL; /* ensure we re-expand ob->helo_data */
2393
2394 /* For a continued connection with TLS being proxied for us, or a
2395 held-open verify connection with TLS, nothing more to do. */
2396
2397 if ( continue_proxy_cipher
2398 || (cutthrough.cctx.sock >= 0 && cutthrough.callout_hold_only
2399 && cutthrough.is_tls)
2400 )
2401 {
2402 sx->peer_offered = smtp_peer_options;
2403 sx->pipelining_used = pipelining_active = !!(smtp_peer_options & OPTION_PIPE);
2404 HDEBUG(D_transport) debug_printf("continued connection, %s TLS\n",
2405 continue_proxy_cipher ? "proxied" : "verify conn with");
2406 return OK;
2407 }
2408 HDEBUG(D_transport) debug_printf("continued connection, no TLS\n");
2409 }
2410
2411 /* If TLS is available on this connection, whether continued or not, attempt to
2412 start up a TLS session, unless the host is in hosts_avoid_tls. If successful,
2413 send another EHLO - the server may give a different answer in secure mode. We
2414 use a separate buffer for reading the response to STARTTLS so that if it is
2415 negative, the original EHLO data is available for subsequent analysis, should
2416 the client not be required to use TLS. If the response is bad, copy the buffer
2417 for error analysis. */
2418
2419 #ifdef SUPPORT_TLS
2420 if ( smtp_peer_options & OPTION_TLS
2421 && !suppress_tls
2422 && verify_check_given_host(CUSS &ob->hosts_avoid_tls, sx->conn_args.host) != OK
2423 && ( !sx->verify
2424 || verify_check_given_host(CUSS &ob->hosts_verify_avoid_tls, sx->conn_args.host) != OK
2425 ) )
2426 {
2427 uschar buffer2[4096];
2428
2429 if (smtp_write_command(sx, SCMD_FLUSH, "STARTTLS\r\n") < 0)
2430 goto SEND_FAILED;
2431
2432 #ifdef EXPERIMENTAL_PIPE_CONNECT
2433 /* If doing early-pipelining reap the banner and EHLO-response but leave
2434 the response for the STARTTLS we just sent alone. */
2435
2436 if (sx->early_pipe_active && sync_responses(sx, 2, 0) != 0)
2437 {
2438 HDEBUG(D_transport)
2439 debug_printf("failed reaping pipelined cmd responses\n");
2440 goto RESPONSE_FAILED;
2441 }
2442 #endif
2443
2444 /* If there is an I/O error, transmission of this message is deferred. If
2445 there is a temporary rejection of STARRTLS and tls_tempfail_tryclear is
2446 false, we also defer. However, if there is a temporary rejection of STARTTLS
2447 and tls_tempfail_tryclear is true, or if there is an outright rejection of
2448 STARTTLS, we carry on. This means we will try to send the message in clear,
2449 unless the host is in hosts_require_tls (tested below). */
2450
2451 if (!smtp_read_response(sx, buffer2, sizeof(buffer2), '2', ob->command_timeout))
2452 {
2453 if ( errno != 0
2454 || buffer2[0] == 0
2455 || (buffer2[0] == '4' && !ob->tls_tempfail_tryclear)
2456 )
2457 {
2458 Ustrncpy(sx->buffer, buffer2, sizeof(sx->buffer));
2459 sx->buffer[sizeof(sx->buffer)-1] = '\0';
2460 goto RESPONSE_FAILED;
2461 }
2462 }
2463
2464 /* STARTTLS accepted: try to negotiate a TLS session. */
2465
2466 else
2467 TLS_NEGOTIATE:
2468 {
2469 address_item * addr;
2470 uschar * errstr;
2471 sx->cctx.tls_ctx = tls_client_start(sx->cctx.sock, sx->conn_args.host,
2472 sx->addrlist, sx->conn_args.tblock,
2473 # ifdef SUPPORT_DANE
2474 sx->dane ? &tlsa_dnsa : NULL,
2475 # endif
2476 &tls_out, &errstr);
2477
2478 if (!sx->cctx.tls_ctx)
2479 {
2480 /* TLS negotiation failed; give an error. From outside, this function may
2481 be called again to try in clear on a new connection, if the options permit
2482 it for this host. */
2483 DEBUG(D_tls) debug_printf("TLS session fail: %s\n", errstr);
2484
2485 # ifdef SUPPORT_DANE
2486 if (sx->dane)
2487 {
2488 log_write(0, LOG_MAIN,
2489 "DANE attempt failed; TLS connection to %s [%s]: %s",
2490 sx->conn_args.host->name, sx->conn_args.host->address, errstr);
2491 # ifndef DISABLE_EVENT
2492 (void) event_raise(sx->conn_args.tblock->event_action,
2493 US"dane:fail", US"validation-failure"); /* could do with better detail */
2494 # endif
2495 }
2496 # endif
2497
2498 errno = ERRNO_TLSFAILURE;
2499 message = string_sprintf("TLS session: %s", errstr);
2500 sx->send_quit = FALSE;
2501 goto TLS_FAILED;
2502 }
2503
2504 /* TLS session is set up */
2505
2506 smtp_peer_options_wrap = smtp_peer_options;
2507 for (addr = sx->addrlist; addr; addr = addr->next)
2508 if (addr->transport_return == PENDING_DEFER)
2509 {
2510 addr->cipher = tls_out.cipher;
2511 addr->ourcert = tls_out.ourcert;
2512 addr->peercert = tls_out.peercert;
2513 addr->peerdn = tls_out.peerdn;
2514 addr->ocsp = tls_out.ocsp;
2515 }
2516 }
2517 }
2518
2519 /* if smtps, we'll have smtp_command set to something else; always safe to
2520 reset it here. */
2521 smtp_command = big_buffer;
2522
2523 /* If we started TLS, redo the EHLO/LHLO exchange over the secure channel. If
2524 helo_data is null, we are dealing with a connection that was passed from
2525 another process, and so we won't have expanded helo_data above. We have to
2526 expand it here. $sending_ip_address and $sending_port are set up right at the
2527 start of the Exim process (in exim.c). */
2528
2529 if (tls_out.active.sock >= 0)
2530 {
2531 uschar * greeting_cmd;
2532
2533 if (!sx->helo_data && !(sx->helo_data = expand_string(ob->helo_data)))
2534 {
2535 uschar *message = string_sprintf("failed to expand helo_data: %s",
2536 expand_string_message);
2537 set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE);
2538 yield = DEFER;
2539 goto SEND_QUIT;
2540 }
2541
2542 #ifdef EXPERIMENTAL_PIPE_CONNECT
2543 /* For SMTPS there is no cleartext early-pipe; use the crypted permission bit.
2544 We're unlikely to get the group sent and delivered before the server sends its
2545 banner, but it's still worth sending as a group.
2546 For STARTTLS allow for cleartext early-pipe but no crypted early-pipe, but not
2547 the reverse. */
2548
2549 if (sx->smtps ? sx->early_pipe_ok : sx->early_pipe_active)
2550 {
2551 sx->peer_offered = sx->ehlo_resp.crypted_features;
2552 if ((sx->early_pipe_active =
2553 !!(sx->ehlo_resp.crypted_features & OPTION_EARLY_PIPE)))
2554 DEBUG(D_transport) debug_printf("Using cached crypted PIPE_CONNECT\n");
2555 }
2556 #endif
2557
2558 /* For SMTPS we need to wait for the initial OK response. */
2559 if (sx->smtps)
2560 #ifdef EXPERIMENTAL_PIPE_CONNECT
2561 if (sx->early_pipe_active)
2562 {
2563 sx->pending_BANNER = TRUE;
2564 sx->outblock.cmd_count = 1;
2565 }
2566 else
2567 #endif
2568 if (!smtp_reap_banner(sx))
2569 goto RESPONSE_FAILED;
2570
2571 if (sx->lmtp)
2572 greeting_cmd = US"LHLO";
2573 else if (sx->esmtp)
2574 greeting_cmd = US"EHLO";
2575 else
2576 {
2577 greeting_cmd = US"HELO";
2578 DEBUG(D_transport)
2579 debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
2580 }
2581
2582 if (smtp_write_command(sx,
2583 #ifdef EXPERIMENTAL_PIPE_CONNECT
2584 sx->early_pipe_active ? SCMD_BUFFER :
2585 #endif
2586 SCMD_FLUSH,
2587 "%s %s\r\n", greeting_cmd, sx->helo_data) < 0)
2588 goto SEND_FAILED;
2589
2590 #ifdef EXPERIMENTAL_PIPE_CONNECT
2591 if (sx->early_pipe_active)
2592 sx->pending_EHLO = TRUE;
2593 else
2594 #endif
2595 {
2596 if (!smtp_reap_ehlo(sx))
2597 goto RESPONSE_FAILED;
2598 smtp_peer_options = 0;
2599 }
2600 }
2601
2602 /* If the host is required to use a secure channel, ensure that we
2603 have one. */
2604
2605 else if ( sx->smtps
2606 # ifdef SUPPORT_DANE
2607 || sx->dane
2608 # endif
2609 # ifdef EXPERIMENTAL_REQUIRETLS
2610 || tls_requiretls & REQUIRETLS_MSG
2611 # endif
2612 || verify_check_given_host(CUSS &ob->hosts_require_tls, sx->conn_args.host) == OK
2613 )
2614 {
2615 errno =
2616 # ifdef EXPERIMENTAL_REQUIRETLS
2617 tls_requiretls & REQUIRETLS_MSG ? ERRNO_REQUIRETLS :
2618 # endif
2619 ERRNO_TLSREQUIRED;
2620 message = string_sprintf("a TLS session is required, but %s",
2621 smtp_peer_options & OPTION_TLS
2622 ? "an attempt to start TLS failed" : "the server did not offer TLS support");
2623 # if defined(SUPPORT_DANE) && !defined(DISABLE_EVENT)
2624 if (sx->dane)
2625 (void) event_raise(sx->conn_args.tblock->event_action, US"dane:fail",
2626 smtp_peer_options & OPTION_TLS
2627 ? US"validation-failure" /* could do with better detail */
2628 : US"starttls-not-supported");
2629 # endif
2630 goto TLS_FAILED;
2631 }
2632 #endif /*SUPPORT_TLS*/
2633
2634 /* If TLS is active, we have just started it up and re-done the EHLO command,
2635 so its response needs to be analyzed. If TLS is not active and this is a
2636 continued session down a previously-used socket, we haven't just done EHLO, so
2637 we skip this. */
2638
2639 if (continue_hostname == NULL
2640 #ifdef SUPPORT_TLS
2641 || tls_out.active.sock >= 0
2642 #endif
2643 )
2644 {
2645 if (sx->esmtp || sx->lmtp)
2646 {
2647 #ifdef EXPERIMENTAL_PIPE_CONNECT
2648 if (!sx->early_pipe_active)
2649 #endif
2650 {
2651 sx->peer_offered = ehlo_response(sx->buffer,
2652 0 /* no TLS */
2653 #ifdef EXPERIMENTAL_PIPE_CONNECT
2654 | (sx->lmtp && ob->lmtp_ignore_quota ? OPTION_IGNQ : 0)
2655 | OPTION_DSN | OPTION_PIPE | OPTION_SIZE
2656 | OPTION_CHUNKING | OPTION_PRDR | OPTION_UTF8 | OPTION_REQUIRETLS
2657 | (tls_out.active.sock >= 0 ? OPTION_EARLY_PIPE : 0) /* not for lmtp */
2658
2659 #else
2660
2661 | (sx->lmtp && ob->lmtp_ignore_quota ? OPTION_IGNQ : 0)
2662 | OPTION_CHUNKING
2663 | OPTION_PRDR
2664 # ifdef SUPPORT_I18N
2665 | (sx->addrlist->prop.utf8_msg ? OPTION_UTF8 : 0)
2666 /*XXX if we hand peercaps on to continued-conn processes,
2667 must not depend on this addr */
2668 # endif
2669 | OPTION_DSN
2670 | OPTION_PIPE
2671 | (ob->size_addition >= 0 ? OPTION_SIZE : 0)
2672 # if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS)
2673 | (tls_requiretls & REQUIRETLS_MSG ? OPTION_REQUIRETLS : 0)
2674 # endif
2675 #endif
2676 );
2677 #ifdef EXPERIMENTAL_PIPE_CONNECT
2678 if (tls_out.active.sock >= 0)
2679 sx->ehlo_resp.crypted_features = sx->peer_offered;
2680 #endif
2681 }
2682
2683 /* Set for IGNOREQUOTA if the response to LHLO specifies support and the
2684 lmtp_ignore_quota option was set. */
2685
2686 sx->igquotstr = sx->peer_offered & OPTION_IGNQ ? US" IGNOREQUOTA" : US"";
2687
2688 /* If the response to EHLO specified support for the SIZE parameter, note
2689 this, provided size_addition is non-negative. */
2690
2691 smtp_peer_options |= sx->peer_offered & OPTION_SIZE;
2692
2693 /* Note whether the server supports PIPELINING. If hosts_avoid_esmtp matched
2694 the current host, esmtp will be false, so PIPELINING can never be used. If
2695 the current host matches hosts_avoid_pipelining, don't do it. */
2696
2697 if ( sx->peer_offered & OPTION_PIPE
2698 && verify_check_given_host(CUSS &ob->hosts_avoid_pipelining, sx->conn_args.host) != OK)
2699 smtp_peer_options |= OPTION_PIPE;
2700
2701 DEBUG(D_transport) debug_printf("%susing PIPELINING\n",
2702 smtp_peer_options & OPTION_PIPE ? "" : "not ");
2703
2704 if ( sx->peer_offered & OPTION_CHUNKING
2705 && verify_check_given_host(CUSS &ob->hosts_try_chunking, sx->conn_args.host) != OK)
2706 sx->peer_offered &= ~OPTION_CHUNKING;
2707
2708 if (sx->peer_offered & OPTION_CHUNKING)
2709 DEBUG(D_transport) debug_printf("CHUNKING usable\n");
2710
2711 #ifndef DISABLE_PRDR
2712 if ( sx->peer_offered & OPTION_PRDR
2713 && verify_check_given_host(CUSS &ob->hosts_try_prdr, sx->conn_args.host) != OK)
2714 sx->peer_offered &= ~OPTION_PRDR;
2715
2716 if (sx->peer_offered & OPTION_PRDR)
2717 DEBUG(D_transport) debug_printf("PRDR usable\n");
2718 #endif
2719
2720 /* Note if the server supports DSN */
2721 smtp_peer_options |= sx->peer_offered & OPTION_DSN;
2722 DEBUG(D_transport) debug_printf("%susing DSN\n",
2723 sx->peer_offered & OPTION_DSN ? "" : "not ");
2724
2725 #if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS)
2726 if (sx->peer_offered & OPTION_REQUIRETLS)
2727 {
2728 smtp_peer_options |= OPTION_REQUIRETLS;
2729 DEBUG(D_transport) debug_printf(
2730 tls_requiretls & REQUIRETLS_MSG
2731 ? "using REQUIRETLS\n" : "REQUIRETLS offered\n");
2732 }
2733 #endif
2734
2735 #ifdef EXPERIMENTAL_PIPE_CONNECT
2736 if ( sx->early_pipe_ok
2737 && !sx->early_pipe_active
2738 && tls_out.active.sock >= 0
2739 && smtp_peer_options & OPTION_PIPE
2740 && ( sx->ehlo_resp.cleartext_features | sx->ehlo_resp.crypted_features)
2741 & OPTION_EARLY_PIPE)
2742 {
2743 DEBUG(D_transport) debug_printf("PIPE_CONNECT usable in future for this IP\n");
2744 sx->ehlo_resp.crypted_auths = study_ehlo_auths(sx);
2745 write_ehlo_cache_entry(sx);
2746 }
2747 #endif
2748
2749 /* Note if the response to EHLO specifies support for the AUTH extension.
2750 If it has, check that this host is one we want to authenticate to, and do
2751 the business. The host name and address must be available when the
2752 authenticator's client driver is running. */
2753
2754 switch (yield = smtp_auth(sx))
2755 {
2756 default: goto SEND_QUIT;
2757 case OK: break;
2758 case FAIL_SEND: goto SEND_FAILED;
2759 case FAIL: goto RESPONSE_FAILED;
2760 }
2761 }
2762 }
2763 sx->pipelining_used = pipelining_active = !!(smtp_peer_options & OPTION_PIPE);
2764
2765 /* The setting up of the SMTP call is now complete. Any subsequent errors are
2766 message-specific. */
2767
2768 sx->setting_up = FALSE;
2769
2770 #ifdef SUPPORT_I18N
2771 if (sx->addrlist->prop.utf8_msg)
2772 {
2773 uschar * s;
2774
2775 /* If the transport sets a downconversion mode it overrides any set by ACL
2776 for the message. */
2777
2778 if ((s = ob->utf8_downconvert))
2779 {
2780 if (!(s = expand_string(s)))
2781 {
2782 message = string_sprintf("failed to expand utf8_downconvert: %s",
2783 expand_string_message);
2784 set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE);
2785 yield = DEFER;
2786 goto SEND_QUIT;
2787 }
2788 switch (*s)
2789 {
2790 case '1': sx->addrlist->prop.utf8_downcvt = TRUE;
2791 sx->addrlist->prop.utf8_downcvt_maybe = FALSE;
2792 break;
2793 case '0': sx->addrlist->prop.utf8_downcvt = FALSE;
2794 sx->addrlist->prop.utf8_downcvt_maybe = FALSE;
2795 break;
2796 case '-': if (s[1] == '1')
2797 {
2798 sx->addrlist->prop.utf8_downcvt = FALSE;
2799 sx->addrlist->prop.utf8_downcvt_maybe = TRUE;
2800 }
2801 break;
2802 }
2803 }
2804
2805 sx->utf8_needed = !sx->addrlist->prop.utf8_downcvt
2806 && !sx->addrlist->prop.utf8_downcvt_maybe;
2807 DEBUG(D_transport) if (!sx->utf8_needed)
2808 debug_printf("utf8: %s downconvert\n",
2809 sx->addrlist->prop.utf8_downcvt ? "mandatory" : "optional");
2810 }
2811
2812 /* If this is an international message we need the host to speak SMTPUTF8 */
2813 if (sx->utf8_needed && !(sx->peer_offered & OPTION_UTF8))
2814 {
2815 errno = ERRNO_UTF8_FWD;
2816 goto RESPONSE_FAILED;
2817 }
2818 #endif /*SUPPORT_I18N*/
2819
2820 #if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS)
2821 /*XXX should tls_requiretls actually be per-addr? */
2822
2823 if ( tls_requiretls & REQUIRETLS_MSG
2824 && !(sx->peer_offered & OPTION_REQUIRETLS)
2825 )
2826 {
2827 sx->setting_up = TRUE;
2828 errno = ERRNO_REQUIRETLS;
2829 message = US"REQUIRETLS support is required from the server"
2830 " but it was not offered";
2831 DEBUG(D_transport) debug_printf("%s\n", message);
2832 goto TLS_FAILED;
2833 }
2834 #endif
2835
2836 return OK;
2837
2838
2839 {
2840 int code;
2841
2842 RESPONSE_FAILED:
2843 message = NULL;
2844 sx->send_quit = check_response(sx->conn_args.host, &errno, sx->addrlist->more_errno,
2845 sx->buffer, &code, &message, &pass_message);
2846 yield = DEFER;
2847 goto FAILED;
2848
2849 SEND_FAILED:
2850 code = '4';
2851 message = US string_sprintf("send() to %s [%s] failed: %s",
2852 sx->conn_args.host->name, sx->conn_args.host->address, strerror(errno));
2853 sx->send_quit = FALSE;
2854 yield = DEFER;
2855 goto FAILED;
2856
2857 EHLOHELO_FAILED:
2858 code = '4';
2859 message = string_sprintf("Remote host closed connection in response to %s"
2860 " (EHLO response was: %s)", smtp_command, sx->buffer);
2861 sx->send_quit = FALSE;
2862 yield = DEFER;
2863 goto FAILED;
2864
2865 /* This label is jumped to directly when a TLS negotiation has failed,
2866 or was not done for a host for which it is required. Values will be set
2867 in message and errno, and setting_up will always be true. Treat as
2868 a temporary error. */
2869
2870 #ifdef SUPPORT_TLS
2871 TLS_FAILED:
2872 # ifdef EXPERIMENTAL_REQUIRETLS
2873 if (errno == ERRNO_REQUIRETLS)
2874 code = '5', yield = FAIL;
2875 /*XXX DSN will be labelled 500; prefer 530 5.7.4 */
2876 else
2877 # endif
2878 code = '4', yield = DEFER;
2879 goto FAILED;
2880 #endif
2881
2882 /* The failure happened while setting up the call; see if the failure was
2883 a 5xx response (this will either be on connection, or following HELO - a 5xx
2884 after EHLO causes it to try HELO). If so, and there are no more hosts to try,
2885 fail all addresses, as this host is never going to accept them. For other
2886 errors during setting up (timeouts or whatever), defer all addresses, and
2887 yield DEFER, so that the host is not tried again for a while.
2888
2889 XXX This peeking for another host feels like a layering violation. We want
2890 to note the host as unusable, but down here we shouldn't know if this was
2891 the last host to try for the addr(list). Perhaps the upper layer should be
2892 the one to do set_errno() ? The problem is that currently the addr is where
2893 errno etc. are stashed, but until we run out of hosts to try the errors are
2894 host-specific. Maybe we should enhance the host_item definition? */
2895
2896 FAILED:
2897 sx->ok = FALSE; /* For when reached by GOTO */
2898 set_errno(sx->addrlist, errno, message,
2899 sx->conn_args.host->next
2900 ? DEFER
2901 : code == '5'
2902 #ifdef SUPPORT_I18N
2903 || errno == ERRNO_UTF8_FWD
2904 #endif
2905 ? FAIL : DEFER,
2906 pass_message, sx->conn_args.host
2907 #ifdef EXPERIMENTAL_DSN_INFO
2908 , sx->smtp_greeting, sx->helo_response
2909 #endif
2910 );
2911 }
2912
2913
2914 SEND_QUIT:
2915
2916 if (sx->send_quit)
2917 (void)smtp_write_command(sx, SCMD_FLUSH, "QUIT\r\n");
2918
2919 #ifdef SUPPORT_TLS
2920 if (sx->cctx.tls_ctx)
2921 {
2922 tls_close(sx->cctx.tls_ctx, TLS_SHUTDOWN_NOWAIT);
2923 sx->cctx.tls_ctx = NULL;
2924 }
2925 #endif
2926
2927 /* Close the socket, and return the appropriate value, first setting
2928 works because the NULL setting is passed back to the calling process, and
2929 remote_max_parallel is forced to 1 when delivering over an existing connection,
2930 */
2931
2932 HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP(close)>>\n");
2933 if (sx->send_quit)
2934 {
2935 shutdown(sx->cctx.sock, SHUT_WR);
2936 if (fcntl(sx->cctx.sock, F_SETFL, O_NONBLOCK) == 0)
2937 for (rc = 16; read(sx->cctx.sock, sx->inbuffer, sizeof(sx->inbuffer)) > 0 && rc > 0;)
2938 rc--; /* drain socket */
2939 sx->send_quit = FALSE;
2940 }
2941 (void)close(sx->cctx.sock);
2942 sx->cctx.sock = -1;
2943
2944 #ifndef DISABLE_EVENT
2945 (void) event_raise(sx->conn_args.tblock->event_action, US"tcp:close", NULL);
2946 #endif
2947
2948 continue_transport = NULL;
2949 continue_hostname = NULL;
2950 return yield;
2951 }
2952
2953
2954
2955
2956 /* Create the string of options that will be appended to the MAIL FROM:
2957 in the connection context buffer */
2958
2959 static int
2960 build_mailcmd_options(smtp_context * sx, address_item * addrlist)
2961 {
2962 uschar * p = sx->buffer;
2963 address_item * addr;
2964 int address_count;
2965
2966 *p = 0;
2967
2968 /* If we know the receiving MTA supports the SIZE qualification, and we know it,
2969 send it, adding something to the message size to allow for imprecision
2970 and things that get added en route. Exim keeps the number of lines
2971 in a message, so we can give an accurate value for the original message, but we
2972 need some additional to handle added headers. (Double "." characters don't get
2973 included in the count.) */
2974
2975 if ( message_size > 0
2976 && sx->peer_offered & OPTION_SIZE && !(sx->avoid_option & OPTION_SIZE))
2977 {
2978 /*XXX problem here under spool_files_wireformat?
2979 Or just forget about lines? Or inflate by a fixed proportion? */
2980
2981 sprintf(CS p, " SIZE=%d", message_size+message_linecount+(SOB sx->conn_args.ob)->size_addition);
2982 while (*p) p++;
2983 }
2984
2985 #ifndef DISABLE_PRDR
2986 /* If it supports Per-Recipient Data Reponses, and we have omre than one recipient,
2987 request that */
2988
2989 sx->prdr_active = FALSE;
2990 if (sx->peer_offered & OPTION_PRDR)
2991 for (addr = addrlist; addr; addr = addr->next)
2992 if (addr->transport_return == PENDING_DEFER)
2993 {
2994 for (addr = addr->next; addr; addr = addr->next)
2995 if (addr->transport_return == PENDING_DEFER)
2996 { /* at least two recipients to send */
2997 sx->prdr_active = TRUE;
2998 sprintf(CS p, " PRDR"); p += 5;
2999 break;
3000 }
3001 break;
3002 }
3003 #endif
3004
3005 #ifdef SUPPORT_I18N
3006 /* If it supports internationalised messages, and this meesage need that,
3007 request it */
3008
3009 if ( sx->peer_offered & OPTION_UTF8
3010 && addrlist->prop.utf8_msg
3011 && !addrlist->prop.utf8_downcvt
3012 )
3013 Ustrcpy(p, " SMTPUTF8"), p += 9;
3014 #endif
3015
3016 #if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS)
3017 if (tls_requiretls & REQUIRETLS_MSG)
3018 Ustrcpy(p, " REQUIRETLS") , p += 11;
3019 #endif
3020
3021 /* check if all addresses have DSN-lasthop flag; do not send RET and ENVID if so */
3022 for (sx->dsn_all_lasthop = TRUE, addr = addrlist, address_count = 0;
3023 addr && address_count < sx->max_rcpt;
3024 addr = addr->next) if (addr->transport_return == PENDING_DEFER)
3025 {
3026 address_count++;
3027 if (!(addr->dsn_flags & rf_dsnlasthop))
3028 {
3029 sx->dsn_all_lasthop = FALSE;
3030 break;
3031 }
3032 }
3033
3034 /* Add any DSN flags to the mail command */
3035
3036 if (sx->peer_offered & OPTION_DSN && !sx->dsn_all_lasthop)
3037 {
3038 if (dsn_ret == dsn_ret_hdrs)
3039 { Ustrcpy(p, " RET=HDRS"); p += 9; }
3040 else if (dsn_ret == dsn_ret_full)
3041 { Ustrcpy(p, " RET=FULL"); p += 9; }
3042
3043 if (dsn_envid)
3044 {
3045 string_format(p, sizeof(sx->buffer) - (p-sx->buffer), " ENVID=%s", dsn_envid);
3046 while (*p) p++;
3047 }
3048 }
3049
3050 /* If an authenticated_sender override has been specified for this transport
3051 instance, expand it. If the expansion is forced to fail, and there was already
3052 an authenticated_sender for this message, the original value will be used.
3053 Other expansion failures are serious. An empty result is ignored, but there is
3054 otherwise no check - this feature is expected to be used with LMTP and other
3055 cases where non-standard addresses (e.g. without domains) might be required. */
3056
3057 if (smtp_mail_auth_str(p, sizeof(sx->buffer) - (p-sx->buffer), addrlist, sx->conn_args.ob))
3058 return ERROR;
3059
3060 return OK;
3061 }
3062
3063
3064 static void
3065 build_rcptcmd_options(smtp_context * sx, const address_item * addr)
3066 {
3067 uschar * p = sx->buffer;
3068 *p = 0;
3069
3070 /* Add any DSN flags to the rcpt command */
3071
3072 if (sx->peer_offered & OPTION_DSN && !(addr->dsn_flags & rf_dsnlasthop))
3073 {
3074 if (addr->dsn_flags & rf_dsnflags)
3075 {
3076 int i;
3077 BOOL first = TRUE;
3078
3079 Ustrcpy(p, " NOTIFY=");
3080 while (*p) p++;
3081 for (i = 0; i < nelem(rf_list); i++) if (addr->dsn_flags & rf_list[i])
3082 {
3083 if (!first) *p++ = ',';
3084 first = FALSE;
3085 Ustrcpy(p, rf_names[i]);
3086 while (*p) p++;
3087 }
3088 }
3089
3090 if (addr->dsn_orcpt)
3091 {
3092 string_format(p, sizeof(sx->buffer) - (p-sx->buffer), " ORCPT=%s",
3093 addr->dsn_orcpt);
3094 while (*p) p++;
3095 }
3096 }
3097 }
3098
3099
3100
3101 /*
3102 Return:
3103 0 good, rcpt results in addr->transport_return (PENDING_OK, DEFER, FAIL)
3104 -1 MAIL response error
3105 -2 any non-MAIL read i/o error
3106 -3 non-MAIL response timeout
3107 -4 internal error; channel still usable
3108 -5 transmit failed
3109 */
3110
3111 int
3112 smtp_write_mail_and_rcpt_cmds(smtp_context * sx, int * yield)
3113 {
3114 address_item * addr;
3115 int address_count;
3116 int rc;
3117
3118 if (build_mailcmd_options(sx, sx->first_addr) != OK)
3119 {
3120 *yield = ERROR;
3121 return -4;
3122 }
3123
3124 /* From here until we send the DATA command, we can make use of PIPELINING
3125 if the server host supports it. The code has to be able to check the responses
3126 at any point, for when the buffer fills up, so we write it totally generally.
3127 When PIPELINING is off, each command written reports that it has flushed the
3128 buffer. */
3129
3130 sx->pending_MAIL = TRUE; /* The block starts with MAIL */
3131
3132 {
3133 uschar * s = sx->from_addr;
3134 #ifdef SUPPORT_I18N
3135 uschar * errstr = NULL;
3136
3137 /* If we must downconvert, do the from-address here. Remember we had to
3138 for the to-addresses (done below), and also (ugly) for re-doing when building
3139 the delivery log line. */
3140
3141 if ( sx->addrlist->prop.utf8_msg
3142 && (sx->addrlist->prop.utf8_downcvt || !(sx->peer_offered & OPTION_UTF8))
3143 )
3144 {
3145 if (s = string_address_utf8_to_alabel(s, &errstr), errstr)
3146 {
3147 set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL, errstr, DEFER, FALSE);
3148 *yield = ERROR;
3149 return -4;
3150 }
3151 setflag(sx->addrlist, af_utf8_downcvt);
3152 }
3153 #endif
3154
3155 rc = smtp_write_command(sx, pipelining_active ? SCMD_BUFFER : SCMD_FLUSH,
3156 "MAIL FROM:<%s>%s\r\n", s, sx->buffer);
3157 }
3158
3159 mail_command = string_copy(big_buffer); /* Save for later error message */
3160
3161 switch(rc)
3162 {
3163 case -1: /* Transmission error */
3164 return -5;
3165
3166 case +1: /* Cmd was sent */
3167 if (!smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '2',
3168 (SOB sx->conn_args.ob)->command_timeout))
3169 {
3170 if (errno == 0 && sx->buffer[0] == '4')
3171 {
3172 errno = ERRNO_MAIL4XX;
3173 sx->addrlist->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
3174 }
3175 return -1;
3176 }
3177 sx->pending_MAIL = FALSE;
3178 break;
3179
3180 /* otherwise zero: command queued for pipeline */
3181 }
3182
3183 /* Pass over all the relevant recipient addresses for this host, which are the
3184 ones that have status PENDING_DEFER. If we are using PIPELINING, we can send
3185 several before we have to read the responses for those seen so far. This
3186 checking is done by a subroutine because it also needs to be done at the end.
3187 Send only up to max_rcpt addresses at a time, leaving next_addr pointing to
3188 the next one if not all are sent.
3189
3190 In the MUA wrapper situation, we want to flush the PIPELINING buffer for the
3191 last address because we want to abort if any recipients have any kind of
3192 problem, temporary or permanent. We know that all recipient addresses will have
3193 the PENDING_DEFER status, because only one attempt is ever made, and we know
3194 that max_rcpt will be large, so all addresses will be done at once.
3195
3196 For verify we flush the pipeline after any (the only) rcpt address. */
3197
3198 for (addr = sx->first_addr, address_count = 0;
3199 addr && address_count < sx->max_rcpt;
3200 addr = addr->next) if (addr->transport_return == PENDING_DEFER)
3201 {
3202 int count;
3203 BOOL no_flush;
3204 uschar * rcpt_addr;
3205
3206 addr->dsn_aware = sx->peer_offered & OPTION_DSN
3207 ? dsn_support_yes : dsn_support_no;
3208
3209 address_count++;
3210 no_flush = pipelining_active && !sx->verify
3211 && (!mua_wrapper || addr->next && address_count < sx->max_rcpt);
3212
3213 build_rcptcmd_options(sx, addr);
3214
3215 /* Now send the RCPT command, and process outstanding responses when
3216 necessary. After a timeout on RCPT, we just end the function, leaving the
3217 yield as OK, because this error can often mean that there is a problem with
3218 just one address, so we don't want to delay the host. */
3219
3220 rcpt_addr = transport_rcpt_address(addr, sx->conn_args.tblock->rcpt_include_affixes);
3221
3222 #ifdef SUPPORT_I18N
3223 if ( testflag(sx->addrlist, af_utf8_downcvt)
3224 && !(rcpt_addr = string_address_utf8_to_alabel(rcpt_addr, NULL))
3225 )
3226 {
3227 /*XXX could we use a per-address errstr here? Not fail the whole send? */
3228 errno = ERRNO_EXPANDFAIL;
3229 return -5; /*XXX too harsh? */
3230 }
3231 #endif
3232
3233 count = smtp_write_command(sx, no_flush ? SCMD_BUFFER : SCMD_FLUSH,
3234 "RCPT TO:<%s>%s%s\r\n", rcpt_addr, sx->igquotstr, sx->buffer);
3235
3236 if (count < 0) return -5;
3237 if (count > 0)
3238 {
3239 switch(sync_responses(sx, count, 0))
3240 {
3241 case 3: sx->ok = TRUE; /* 2xx & 5xx => OK & progress made */
3242 case 2: sx->completed_addr = TRUE; /* 5xx (only) => progress made */
3243 break;
3244
3245 case 1: sx->ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
3246 if (!sx->lmtp) /* can't tell about progress yet */
3247 sx->completed_addr = TRUE;
3248 case 0: /* No 2xx or 5xx, but no probs */
3249 break;
3250
3251 case -1: return -3; /* Timeout on RCPT */
3252 case -2: return -2; /* non-MAIL read i/o error */
3253 default: return -1; /* any MAIL error */
3254
3255 #ifdef EXPERIMENTAL_PIPE_CONNECT
3256 case -4: return -1; /* non-2xx for pipelined banner or EHLO */
3257 #endif
3258 }
3259 sx->pending_MAIL = FALSE; /* Dealt with MAIL */
3260 }
3261 } /* Loop for next address */
3262
3263 sx->next_addr = addr;
3264 return 0;
3265 }
3266
3267
3268 #ifdef SUPPORT_TLS
3269 /*****************************************************
3270 * Proxy TLS connection for another transport process *
3271 ******************************************************/
3272 /*
3273 Close the unused end of the pipe, fork once more, then use the given buffer
3274 as a staging area, and select on both the given fd and the TLS'd client-fd for
3275 data to read (per the coding in ip_recv() and fd_ready() this is legitimate).
3276 Do blocking full-size writes, and reads under a timeout. Once both input
3277 channels are closed, exit the process.
3278
3279 Arguments:
3280 ct_ctx tls context
3281 buf space to use for buffering
3282 bufsiz size of buffer
3283 pfd pipe filedescriptor array; [0] is comms to proxied process
3284 timeout per-read timeout, seconds
3285 */
3286
3287 vo