DANE: ignore undersized TLSA records
[exim.git] / src / src / transports / smtp.c
1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4
5 /* Copyright (c) University of Cambridge 1995 - 2018 */
6 /* See the file NOTICE for conditions of use and distribution. */
7
8 #include "../exim.h"
9 #include "smtp.h"
10
11
12 /* Options specific to the smtp transport. This transport also supports LMTP
13 over TCP/IP. The options must be in alphabetic order (note that "_" comes
14 before the lower case letters). Some live in the transport_instance block so as
15 to be publicly visible; these are flagged with opt_public. */
16
17 optionlist smtp_transport_options[] = {
18 { "*expand_multi_domain", opt_stringptr | opt_hidden | opt_public,
19 (void *)offsetof(transport_instance, expand_multi_domain) },
20 { "*expand_retry_include_ip_address", opt_stringptr | opt_hidden,
21 (void *)(offsetof(smtp_transport_options_block, expand_retry_include_ip_address)) },
22
23 { "address_retry_include_sender", opt_bool,
24 (void *)offsetof(smtp_transport_options_block, address_retry_include_sender) },
25 { "allow_localhost", opt_bool,
26 (void *)offsetof(smtp_transport_options_block, allow_localhost) },
27 #ifdef EXPERIMENTAL_ARC
28 { "arc_sign", opt_stringptr,
29 (void *)offsetof(smtp_transport_options_block, arc_sign) },
30 #endif
31 { "authenticated_sender", opt_stringptr,
32 (void *)offsetof(smtp_transport_options_block, authenticated_sender) },
33 { "authenticated_sender_force", opt_bool,
34 (void *)offsetof(smtp_transport_options_block, authenticated_sender_force) },
35 { "command_timeout", opt_time,
36 (void *)offsetof(smtp_transport_options_block, command_timeout) },
37 { "connect_timeout", opt_time,
38 (void *)offsetof(smtp_transport_options_block, connect_timeout) },
39 { "connection_max_messages", opt_int | opt_public,
40 (void *)offsetof(transport_instance, connection_max_messages) },
41 # ifdef SUPPORT_DANE
42 { "dane_require_tls_ciphers", opt_stringptr,
43 (void *)offsetof(smtp_transport_options_block, dane_require_tls_ciphers) },
44 # endif
45 { "data_timeout", opt_time,
46 (void *)offsetof(smtp_transport_options_block, data_timeout) },
47 { "delay_after_cutoff", opt_bool,
48 (void *)offsetof(smtp_transport_options_block, delay_after_cutoff) },
49 #ifndef DISABLE_DKIM
50 { "dkim_canon", opt_stringptr,
51 (void *)offsetof(smtp_transport_options_block, dkim.dkim_canon) },
52 { "dkim_domain", opt_stringptr,
53 (void *)offsetof(smtp_transport_options_block, dkim.dkim_domain) },
54 { "dkim_hash", opt_stringptr,
55 (void *)offsetof(smtp_transport_options_block, dkim.dkim_hash) },
56 { "dkim_identity", opt_stringptr,
57 (void *)offsetof(smtp_transport_options_block, dkim.dkim_identity) },
58 { "dkim_private_key", opt_stringptr,
59 (void *)offsetof(smtp_transport_options_block, dkim.dkim_private_key) },
60 { "dkim_selector", opt_stringptr,
61 (void *)offsetof(smtp_transport_options_block, dkim.dkim_selector) },
62 { "dkim_sign_headers", opt_stringptr,
63 (void *)offsetof(smtp_transport_options_block, dkim.dkim_sign_headers) },
64 { "dkim_strict", opt_stringptr,
65 (void *)offsetof(smtp_transport_options_block, dkim.dkim_strict) },
66 { "dkim_timestamps", opt_stringptr,
67 (void *)offsetof(smtp_transport_options_block, dkim.dkim_timestamps) },
68 #endif
69 { "dns_qualify_single", opt_bool,
70 (void *)offsetof(smtp_transport_options_block, dns_qualify_single) },
71 { "dns_search_parents", opt_bool,
72 (void *)offsetof(smtp_transport_options_block, dns_search_parents) },
73 { "dnssec_request_domains", opt_stringptr,
74 (void *)offsetof(smtp_transport_options_block, dnssec.request) },
75 { "dnssec_require_domains", opt_stringptr,
76 (void *)offsetof(smtp_transport_options_block, dnssec.require) },
77 { "dscp", opt_stringptr,
78 (void *)offsetof(smtp_transport_options_block, dscp) },
79 { "fallback_hosts", opt_stringptr,
80 (void *)offsetof(smtp_transport_options_block, fallback_hosts) },
81 { "final_timeout", opt_time,
82 (void *)offsetof(smtp_transport_options_block, final_timeout) },
83 { "gethostbyname", opt_bool,
84 (void *)offsetof(smtp_transport_options_block, gethostbyname) },
85 { "helo_data", opt_stringptr,
86 (void *)offsetof(smtp_transport_options_block, helo_data) },
87 { "hosts", opt_stringptr,
88 (void *)offsetof(smtp_transport_options_block, hosts) },
89 { "hosts_avoid_esmtp", opt_stringptr,
90 (void *)offsetof(smtp_transport_options_block, hosts_avoid_esmtp) },
91 { "hosts_avoid_pipelining", opt_stringptr,
92 (void *)offsetof(smtp_transport_options_block, hosts_avoid_pipelining) },
93 #ifdef SUPPORT_TLS
94 { "hosts_avoid_tls", opt_stringptr,
95 (void *)offsetof(smtp_transport_options_block, hosts_avoid_tls) },
96 #endif
97 { "hosts_max_try", opt_int,
98 (void *)offsetof(smtp_transport_options_block, hosts_max_try) },
99 { "hosts_max_try_hardlimit", opt_int,
100 (void *)offsetof(smtp_transport_options_block, hosts_max_try_hardlimit) },
101 #ifdef SUPPORT_TLS
102 { "hosts_nopass_tls", opt_stringptr,
103 (void *)offsetof(smtp_transport_options_block, hosts_nopass_tls) },
104 { "hosts_noproxy_tls", opt_stringptr,
105 (void *)offsetof(smtp_transport_options_block, hosts_noproxy_tls) },
106 #endif
107 { "hosts_override", opt_bool,
108 (void *)offsetof(smtp_transport_options_block, hosts_override) },
109 { "hosts_randomize", opt_bool,
110 (void *)offsetof(smtp_transport_options_block, hosts_randomize) },
111 #if defined(SUPPORT_TLS) && !defined(DISABLE_OCSP)
112 { "hosts_request_ocsp", opt_stringptr,
113 (void *)offsetof(smtp_transport_options_block, hosts_request_ocsp) },
114 #endif
115 { "hosts_require_auth", opt_stringptr,
116 (void *)offsetof(smtp_transport_options_block, hosts_require_auth) },
117 #ifdef SUPPORT_TLS
118 # ifdef SUPPORT_DANE
119 { "hosts_require_dane", opt_stringptr,
120 (void *)offsetof(smtp_transport_options_block, hosts_require_dane) },
121 # endif
122 # ifndef DISABLE_OCSP
123 { "hosts_require_ocsp", opt_stringptr,
124 (void *)offsetof(smtp_transport_options_block, hosts_require_ocsp) },
125 # endif
126 { "hosts_require_tls", opt_stringptr,
127 (void *)offsetof(smtp_transport_options_block, hosts_require_tls) },
128 #endif
129 { "hosts_try_auth", opt_stringptr,
130 (void *)offsetof(smtp_transport_options_block, hosts_try_auth) },
131 { "hosts_try_chunking", opt_stringptr,
132 (void *)offsetof(smtp_transport_options_block, hosts_try_chunking) },
133 #if defined(SUPPORT_TLS) && defined(SUPPORT_DANE)
134 { "hosts_try_dane", opt_stringptr,
135 (void *)offsetof(smtp_transport_options_block, hosts_try_dane) },
136 #endif
137 { "hosts_try_fastopen", opt_stringptr,
138 (void *)offsetof(smtp_transport_options_block, hosts_try_fastopen) },
139 #ifndef DISABLE_PRDR
140 { "hosts_try_prdr", opt_stringptr,
141 (void *)offsetof(smtp_transport_options_block, hosts_try_prdr) },
142 #endif
143 #ifdef SUPPORT_TLS
144 { "hosts_verify_avoid_tls", opt_stringptr,
145 (void *)offsetof(smtp_transport_options_block, hosts_verify_avoid_tls) },
146 #endif
147 { "interface", opt_stringptr,
148 (void *)offsetof(smtp_transport_options_block, interface) },
149 { "keepalive", opt_bool,
150 (void *)offsetof(smtp_transport_options_block, keepalive) },
151 { "lmtp_ignore_quota", opt_bool,
152 (void *)offsetof(smtp_transport_options_block, lmtp_ignore_quota) },
153 { "max_rcpt", opt_int | opt_public,
154 (void *)offsetof(transport_instance, max_addresses) },
155 { "multi_domain", opt_expand_bool | opt_public,
156 (void *)offsetof(transport_instance, multi_domain) },
157 { "port", opt_stringptr,
158 (void *)offsetof(smtp_transport_options_block, port) },
159 { "protocol", opt_stringptr,
160 (void *)offsetof(smtp_transport_options_block, protocol) },
161 { "retry_include_ip_address", opt_expand_bool,
162 (void *)offsetof(smtp_transport_options_block, retry_include_ip_address) },
163 { "serialize_hosts", opt_stringptr,
164 (void *)offsetof(smtp_transport_options_block, serialize_hosts) },
165 { "size_addition", opt_int,
166 (void *)offsetof(smtp_transport_options_block, size_addition) },
167 #ifdef SUPPORT_SOCKS
168 { "socks_proxy", opt_stringptr,
169 (void *)offsetof(smtp_transport_options_block, socks_proxy) },
170 #endif
171 #ifdef SUPPORT_TLS
172 { "tls_certificate", opt_stringptr,
173 (void *)offsetof(smtp_transport_options_block, tls_certificate) },
174 { "tls_crl", opt_stringptr,
175 (void *)offsetof(smtp_transport_options_block, tls_crl) },
176 { "tls_dh_min_bits", opt_int,
177 (void *)offsetof(smtp_transport_options_block, tls_dh_min_bits) },
178 { "tls_privatekey", opt_stringptr,
179 (void *)offsetof(smtp_transport_options_block, tls_privatekey) },
180 { "tls_require_ciphers", opt_stringptr,
181 (void *)offsetof(smtp_transport_options_block, tls_require_ciphers) },
182 { "tls_sni", opt_stringptr,
183 (void *)offsetof(smtp_transport_options_block, tls_sni) },
184 { "tls_tempfail_tryclear", opt_bool,
185 (void *)offsetof(smtp_transport_options_block, tls_tempfail_tryclear) },
186 { "tls_try_verify_hosts", opt_stringptr,
187 (void *)offsetof(smtp_transport_options_block, tls_try_verify_hosts) },
188 { "tls_verify_cert_hostnames", opt_stringptr,
189 (void *)offsetof(smtp_transport_options_block,tls_verify_cert_hostnames)},
190 { "tls_verify_certificates", opt_stringptr,
191 (void *)offsetof(smtp_transport_options_block, tls_verify_certificates) },
192 { "tls_verify_hosts", opt_stringptr,
193 (void *)offsetof(smtp_transport_options_block, tls_verify_hosts) },
194 #endif
195 #ifdef SUPPORT_I18N
196 { "utf8_downconvert", opt_stringptr,
197 (void *)offsetof(smtp_transport_options_block, utf8_downconvert) },
198 #endif
199 };
200
201 /* Size of the options list. An extern variable has to be used so that its
202 address can appear in the tables drtables.c. */
203
204 int smtp_transport_options_count = nelem(smtp_transport_options);
205
206
207 #ifdef MACRO_PREDEF
208
209 /* Dummy values */
210 smtp_transport_options_block smtp_transport_option_defaults = {0};
211 void smtp_transport_init(transport_instance *tblock) {}
212 BOOL smtp_transport_entry(transport_instance *tblock, address_item *addr) {return FALSE;}
213 void smtp_transport_closedown(transport_instance *tblock) {}
214
215 #else /*!MACRO_PREDEF*/
216
217
218 /* Default private options block for the smtp transport. */
219
220 smtp_transport_options_block smtp_transport_option_defaults = {
221 .hosts = NULL,
222 .fallback_hosts = NULL,
223 .hostlist = NULL,
224 .fallback_hostlist = NULL,
225 .helo_data = US"$primary_hostname",
226 .interface = NULL,
227 .port = NULL,
228 .protocol = US"smtp",
229 .dscp = NULL,
230 .serialize_hosts = NULL,
231 .hosts_try_auth = NULL,
232 .hosts_require_auth = NULL,
233 .hosts_try_chunking = US"*",
234 #ifdef SUPPORT_DANE
235 .hosts_try_dane = NULL,
236 .hosts_require_dane = NULL,
237 .dane_require_tls_ciphers = NULL,
238 #endif
239 .hosts_try_fastopen = NULL,
240 #ifndef DISABLE_PRDR
241 .hosts_try_prdr = US"*",
242 #endif
243 #ifndef DISABLE_OCSP
244 .hosts_request_ocsp = US"*", /* hosts_request_ocsp (except under DANE; tls_client_start()) */
245 .hosts_require_ocsp = NULL,
246 #endif
247 .hosts_require_tls = NULL,
248 .hosts_avoid_tls = NULL,
249 .hosts_verify_avoid_tls = NULL,
250 .hosts_avoid_pipelining = NULL,
251 .hosts_avoid_esmtp = NULL,
252 #ifdef SUPPORT_TLS
253 .hosts_nopass_tls = NULL,
254 .hosts_noproxy_tls = US"*",
255 #endif
256 .command_timeout = 5*60,
257 .connect_timeout = 5*60,
258 .data_timeout = 5*60,
259 .final_timeout = 10*60,
260 .size_addition = 1024,
261 .hosts_max_try = 5,
262 .hosts_max_try_hardlimit = 50,
263 .address_retry_include_sender = TRUE,
264 .allow_localhost = FALSE,
265 .authenticated_sender_force = FALSE,
266 .gethostbyname = FALSE,
267 .dns_qualify_single = TRUE,
268 .dns_search_parents = FALSE,
269 .dnssec = { .request=NULL, .require=NULL },
270 .delay_after_cutoff = TRUE,
271 .hosts_override = FALSE,
272 .hosts_randomize = FALSE,
273 .keepalive = TRUE,
274 .lmtp_ignore_quota = FALSE,
275 .expand_retry_include_ip_address = NULL,
276 .retry_include_ip_address = TRUE,
277 #ifdef SUPPORT_SOCKS
278 .socks_proxy = NULL,
279 #endif
280 #ifdef SUPPORT_TLS
281 .tls_certificate = NULL,
282 .tls_crl = NULL,
283 .tls_privatekey = NULL,
284 .tls_require_ciphers = NULL,
285 .tls_sni = NULL,
286 .tls_verify_certificates = US"system",
287 .tls_dh_min_bits = EXIM_CLIENT_DH_DEFAULT_MIN_BITS,
288 .tls_tempfail_tryclear = TRUE,
289 .tls_verify_hosts = NULL,
290 .tls_try_verify_hosts = US"*",
291 .tls_verify_cert_hostnames = US"*",
292 #endif
293 #ifdef SUPPORT_I18N
294 .utf8_downconvert = NULL,
295 #endif
296 #ifndef DISABLE_DKIM
297 .dkim =
298 {.dkim_domain = NULL,
299 .dkim_identity = NULL,
300 .dkim_private_key = NULL,
301 .dkim_selector = NULL,
302 .dkim_canon = NULL,
303 .dkim_sign_headers = NULL,
304 .dkim_strict = NULL,
305 .dkim_hash = US"sha256",
306 .dkim_timestamps = NULL,
307 .dot_stuffed = FALSE,
308 .force_bodyhash = FALSE,
309 # ifdef EXPERIMENTAL_ARC
310 .arc_signspec = NULL,
311 # endif
312 },
313 # ifdef EXPERIMENTAL_ARC
314 .arc_sign = NULL,
315 # endif
316 #endif
317 };
318
319 /* some DSN flags for use later */
320
321 static int rf_list[] = {rf_notify_never, rf_notify_success,
322 rf_notify_failure, rf_notify_delay };
323
324 static uschar *rf_names[] = { US"NEVER", US"SUCCESS", US"FAILURE", US"DELAY" };
325
326
327
328 /* Local statics */
329
330 static uschar *smtp_command; /* Points to last cmd for error messages */
331 static uschar *mail_command; /* Points to MAIL cmd for error messages */
332 static uschar *data_command = US""; /* Points to DATA cmd for error messages */
333 static BOOL update_waiting; /* TRUE to update the "wait" database */
334
335 /*XXX move to smtp_context */
336 static BOOL pipelining_active; /* current transaction is in pipe mode */
337
338
339 /*************************************************
340 * Setup entry point *
341 *************************************************/
342
343 /* This function is called when the transport is about to be used,
344 but before running it in a sub-process. It is used for two things:
345
346 (1) To set the fallback host list in addresses, when delivering.
347 (2) To pass back the interface, port, protocol, and other options, for use
348 during callout verification.
349
350 Arguments:
351 tblock pointer to the transport instance block
352 addrlist list of addresses about to be transported
353 tf if not NULL, pointer to block in which to return options
354 uid the uid that will be set (not used)
355 gid the gid that will be set (not used)
356 errmsg place for error message (not used)
357
358 Returns: OK always (FAIL, DEFER not used)
359 */
360
361 static int
362 smtp_transport_setup(transport_instance *tblock, address_item *addrlist,
363 transport_feedback *tf, uid_t uid, gid_t gid, uschar **errmsg)
364 {
365 smtp_transport_options_block *ob =
366 (smtp_transport_options_block *)(tblock->options_block);
367
368 errmsg = errmsg; /* Keep picky compilers happy */
369 uid = uid;
370 gid = gid;
371
372 /* Pass back options if required. This interface is getting very messy. */
373
374 if (tf)
375 {
376 tf->interface = ob->interface;
377 tf->port = ob->port;
378 tf->protocol = ob->protocol;
379 tf->hosts = ob->hosts;
380 tf->hosts_override = ob->hosts_override;
381 tf->hosts_randomize = ob->hosts_randomize;
382 tf->gethostbyname = ob->gethostbyname;
383 tf->qualify_single = ob->dns_qualify_single;
384 tf->search_parents = ob->dns_search_parents;
385 tf->helo_data = ob->helo_data;
386 }
387
388 /* Set the fallback host list for all the addresses that don't have fallback
389 host lists, provided that the local host wasn't present in the original host
390 list. */
391
392 if (!testflag(addrlist, af_local_host_removed))
393 for (; addrlist; addrlist = addrlist->next)
394 if (!addrlist->fallback_hosts) addrlist->fallback_hosts = ob->fallback_hostlist;
395
396 return OK;
397 }
398
399
400
401 /*************************************************
402 * Initialization entry point *
403 *************************************************/
404
405 /* Called for each instance, after its options have been read, to
406 enable consistency checks to be done, or anything else that needs
407 to be set up.
408
409 Argument: pointer to the transport instance block
410 Returns: nothing
411 */
412
413 void
414 smtp_transport_init(transport_instance *tblock)
415 {
416 smtp_transport_options_block *ob =
417 (smtp_transport_options_block *)(tblock->options_block);
418
419 /* Retry_use_local_part defaults FALSE if unset */
420
421 if (tblock->retry_use_local_part == TRUE_UNSET)
422 tblock->retry_use_local_part = FALSE;
423
424 /* Set the default port according to the protocol */
425
426 if (ob->port == NULL)
427 ob->port = (strcmpic(ob->protocol, US"lmtp") == 0)? US"lmtp" :
428 (strcmpic(ob->protocol, US"smtps") == 0)? US"smtps" : US"smtp";
429
430 /* Set up the setup entry point, to be called before subprocesses for this
431 transport. */
432
433 tblock->setup = smtp_transport_setup;
434
435 /* Complain if any of the timeouts are zero. */
436
437 if (ob->command_timeout <= 0 || ob->data_timeout <= 0 ||
438 ob->final_timeout <= 0)
439 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
440 "command, data, or final timeout value is zero for %s transport",
441 tblock->name);
442
443 /* If hosts_override is set and there are local hosts, set the global
444 flag that stops verify from showing router hosts. */
445
446 if (ob->hosts_override && ob->hosts != NULL) tblock->overrides_hosts = TRUE;
447
448 /* If there are any fallback hosts listed, build a chain of host items
449 for them, but do not do any lookups at this time. */
450
451 host_build_hostlist(&(ob->fallback_hostlist), ob->fallback_hosts, FALSE);
452 }
453
454
455
456
457
458 /*************************************************
459 * Set delivery info into all active addresses *
460 *************************************************/
461
462 /* Only addresses whose status is >= PENDING are relevant. A lesser
463 status means that an address is not currently being processed.
464
465 Arguments:
466 addrlist points to a chain of addresses
467 errno_value to put in each address's errno field
468 msg to put in each address's message field
469 rc to put in each address's transport_return field
470 pass_message if TRUE, set the "pass message" flag in the address
471 host if set, mark addrs as having used this host
472 smtp_greeting from peer
473 helo_response from peer
474
475 If errno_value has the special value ERRNO_CONNECTTIMEOUT, ETIMEDOUT is put in
476 the errno field, and RTEF_CTOUT is ORed into the more_errno field, to indicate
477 this particular type of timeout.
478
479 Returns: nothing
480 */
481
482 static void
483 set_errno(address_item *addrlist, int errno_value, uschar *msg, int rc,
484 BOOL pass_message, host_item * host
485 #ifdef EXPERIMENTAL_DSN_INFO
486 , const uschar * smtp_greeting, const uschar * helo_response
487 #endif
488 )
489 {
490 address_item *addr;
491 int orvalue = 0;
492 if (errno_value == ERRNO_CONNECTTIMEOUT)
493 {
494 errno_value = ETIMEDOUT;
495 orvalue = RTEF_CTOUT;
496 }
497 for (addr = addrlist; addr; addr = addr->next)
498 if (addr->transport_return >= PENDING)
499 {
500 addr->basic_errno = errno_value;
501 addr->more_errno |= orvalue;
502 if (msg)
503 {
504 addr->message = msg;
505 if (pass_message) setflag(addr, af_pass_message);
506 }
507 addr->transport_return = rc;
508 if (host)
509 {
510 addr->host_used = host;
511 #ifdef EXPERIMENTAL_DSN_INFO
512 if (smtp_greeting)
513 {uschar * s = Ustrchr(smtp_greeting, '\n'); if (s) *s = '\0';}
514 addr->smtp_greeting = smtp_greeting;
515
516 if (helo_response)
517 {uschar * s = Ustrchr(helo_response, '\n'); if (s) *s = '\0';}
518 addr->helo_response = helo_response;
519 #endif
520 }
521 }
522 }
523
524 static void
525 set_errno_nohost(address_item *addrlist, int errno_value, uschar *msg, int rc,
526 BOOL pass_message)
527 {
528 set_errno(addrlist, errno_value, msg, rc, pass_message, NULL
529 #ifdef EXPERIMENTAL_DSN_INFO
530 , NULL, NULL
531 #endif
532 );
533 }
534
535
536 /*************************************************
537 * Check an SMTP response *
538 *************************************************/
539
540 /* This function is given an errno code and the SMTP response buffer
541 to analyse, together with the host identification for generating messages. It
542 sets an appropriate message and puts the first digit of the response code into
543 the yield variable. If no response was actually read, a suitable digit is
544 chosen.
545
546 Arguments:
547 host the current host, to get its name for messages
548 errno_value pointer to the errno value
549 more_errno from the top address for use with ERRNO_FILTER_FAIL
550 buffer the SMTP response buffer
551 yield where to put a one-digit SMTP response code
552 message where to put an error message
553 pass_message set TRUE if message is an SMTP response
554
555 Returns: TRUE if an SMTP "QUIT" command should be sent, else FALSE
556 */
557
558 static BOOL
559 check_response(host_item *host, int *errno_value, int more_errno,
560 uschar *buffer, int *yield, uschar **message, BOOL *pass_message)
561 {
562 uschar * pl = pipelining_active ? US"pipelined " : US"";
563 const uschar * s;
564
565 *yield = '4'; /* Default setting is to give a temporary error */
566
567 switch(*errno_value)
568 {
569 case ETIMEDOUT: /* Handle response timeout */
570 *message = US string_sprintf("SMTP timeout after %s%s",
571 pl, smtp_command);
572 if (transport_count > 0)
573 *message = US string_sprintf("%s (%d bytes written)", *message,
574 transport_count);
575 return FALSE;
576
577 case ERRNO_SMTPFORMAT: /* Handle malformed SMTP response */
578 s = string_printing(buffer);
579 while (isspace(*s)) s++;
580 *message = *s == 0
581 ? string_sprintf("Malformed SMTP reply (an empty line) "
582 "in response to %s%s", pl, smtp_command)
583 : string_sprintf("Malformed SMTP reply in response to %s%s: %s",
584 pl, smtp_command, s);
585 return FALSE;
586
587 case ERRNO_FILTER_FAIL: /* Handle a failed filter process error;
588 can't send QUIT as we mustn't end the DATA. */
589 *message = string_sprintf("transport filter process failed (%d)%s",
590 more_errno,
591 more_errno == EX_EXECFAILED ? ": unable to execute command" : "");
592 return FALSE;
593
594 case ERRNO_CHHEADER_FAIL: /* Handle a failed add_headers expansion;
595 can't send QUIT as we mustn't end the DATA. */
596 *message =
597 string_sprintf("failed to expand headers_add or headers_remove: %s",
598 expand_string_message);
599 return FALSE;
600
601 case ERRNO_WRITEINCOMPLETE: /* failure to write a complete data block */
602 *message = string_sprintf("failed to write a data block");
603 return FALSE;
604
605 #ifdef SUPPORT_I18N
606 case ERRNO_UTF8_FWD: /* no advertised SMTPUTF8, for international message */
607 *message = US"utf8 support required but not offered for forwarding";
608 DEBUG(D_deliver|D_transport) debug_printf("%s\n", *message);
609 return TRUE;
610 #endif
611 }
612
613 /* Handle error responses from the remote mailer. */
614
615 if (buffer[0] != 0)
616 {
617 *message = string_sprintf("SMTP error from remote mail server after %s%s: "
618 "%s", pl, smtp_command, s = string_printing(buffer));
619 *pass_message = TRUE;
620 *yield = buffer[0];
621 return TRUE;
622 }
623
624 /* No data was read. If there is no errno, this must be the EOF (i.e.
625 connection closed) case, which causes deferral. An explicit connection reset
626 error has the same effect. Otherwise, put the host's identity in the message,
627 leaving the errno value to be interpreted as well. In all cases, we have to
628 assume the connection is now dead. */
629
630 if (*errno_value == 0 || *errno_value == ECONNRESET)
631 {
632 *errno_value = ERRNO_SMTPCLOSED;
633 *message = US string_sprintf("Remote host closed connection "
634 "in response to %s%s", pl, smtp_command);
635 }
636 else
637 *message = US string_sprintf("%s [%s]", host->name, host->address);
638
639 return FALSE;
640 }
641
642
643
644 /*************************************************
645 * Write error message to logs *
646 *************************************************/
647
648 /* This writes to the main log and to the message log.
649
650 Arguments:
651 host the current host
652 detail the current message (addr_item->message)
653 basic_errno the errno (addr_item->basic_errno)
654
655 Returns: nothing
656 */
657
658 static void
659 write_logs(const host_item *host, const uschar *suffix, int basic_errno)
660 {
661
662
663 uschar *message = LOGGING(outgoing_port)
664 ? string_sprintf("H=%s [%s]:%d", host->name, host->address,
665 host->port == PORT_NONE ? 25 : host->port)
666 : string_sprintf("H=%s [%s]", host->name, host->address);
667
668 if (suffix)
669 {
670 message = string_sprintf("%s: %s", message, suffix);
671 if (basic_errno > 0)
672 message = string_sprintf("%s: %s", message, strerror(basic_errno));
673 }
674 else
675 message = string_sprintf("%s %s", message, exim_errstr(basic_errno));
676
677 log_write(0, LOG_MAIN, "%s", message);
678 deliver_msglog("%s %s\n", tod_stamp(tod_log), message);
679 }
680
681 static void
682 msglog_line(host_item * host, uschar * message)
683 {
684 deliver_msglog("%s H=%s [%s] %s\n", tod_stamp(tod_log),
685 host->name, host->address, message);
686 }
687
688
689
690 #ifndef DISABLE_EVENT
691 /*************************************************
692 * Post-defer action *
693 *************************************************/
694
695 /* This expands an arbitrary per-transport string.
696 It might, for example, be used to write to the database log.
697
698 Arguments:
699 addr the address item containing error information
700 host the current host
701
702 Returns: nothing
703 */
704
705 static void
706 deferred_event_raise(address_item *addr, host_item *host)
707 {
708 uschar * action = addr->transport->event_action;
709 const uschar * save_domain;
710 uschar * save_local;
711
712 if (!action)
713 return;
714
715 save_domain = deliver_domain;
716 save_local = deliver_localpart;
717
718 /*XXX would ip & port already be set up? */
719 deliver_host_address = string_copy(host->address);
720 deliver_host_port = host->port == PORT_NONE ? 25 : host->port;
721 event_defer_errno = addr->basic_errno;
722
723 router_name = addr->router->name;
724 transport_name = addr->transport->name;
725 deliver_domain = addr->domain;
726 deliver_localpart = addr->local_part;
727
728 (void) event_raise(action, US"msg:host:defer",
729 addr->message
730 ? addr->basic_errno > 0
731 ? string_sprintf("%s: %s", addr->message, strerror(addr->basic_errno))
732 : string_copy(addr->message)
733 : addr->basic_errno > 0
734 ? string_copy(US strerror(addr->basic_errno))
735 : NULL);
736
737 deliver_localpart = save_local;
738 deliver_domain = save_domain;
739 router_name = transport_name = NULL;
740 }
741 #endif
742
743 /*************************************************
744 * Synchronize SMTP responses *
745 *************************************************/
746
747 /* This function is called from smtp_deliver() to receive SMTP responses from
748 the server, and match them up with the commands to which they relate. When
749 PIPELINING is not in use, this function is called after every command, and is
750 therefore somewhat over-engineered, but it is simpler to use a single scheme
751 that works both with and without PIPELINING instead of having two separate sets
752 of code.
753
754 The set of commands that are buffered up with pipelining may start with MAIL
755 and may end with DATA; in between are RCPT commands that correspond to the
756 addresses whose status is PENDING_DEFER. All other commands (STARTTLS, AUTH,
757 etc.) are never buffered.
758
759 Errors after MAIL or DATA abort the whole process leaving the response in the
760 buffer. After MAIL, pending responses are flushed, and the original command is
761 re-instated in big_buffer for error messages. For RCPT commands, the remote is
762 permitted to reject some recipient addresses while accepting others. However
763 certain errors clearly abort the whole process. Set the value in
764 transport_return to PENDING_OK if the address is accepted. If there is a
765 subsequent general error, it will get reset accordingly. If not, it will get
766 converted to OK at the end.
767
768 Arguments:
769 sx smtp connection context
770 count the number of responses to read
771 pending_DATA 0 if last command sent was not DATA
772 +1 if previously had a good recipient
773 -1 if not previously had a good recipient
774
775 Returns: 3 if at least one address had 2xx and one had 5xx
776 2 if at least one address had 5xx but none had 2xx
777 1 if at least one host had a 2xx response, but none had 5xx
778 0 no address had 2xx or 5xx but no errors (all 4xx, or just DATA)
779 -1 timeout while reading RCPT response
780 -2 I/O or other non-response error for RCPT
781 -3 DATA or MAIL failed - errno and buffer set
782 */
783
784 static int
785 sync_responses(smtp_context * sx, int count, int pending_DATA)
786 {
787 address_item *addr = sx->sync_addr;
788 smtp_transport_options_block *ob =
789 (smtp_transport_options_block *)sx->tblock->options_block;
790 int yield = 0;
791
792 /* Handle the response for a MAIL command. On error, reinstate the original
793 command in big_buffer for error message use, and flush any further pending
794 responses before returning, except after I/O errors and timeouts. */
795
796 if (sx->pending_MAIL)
797 {
798 DEBUG(D_transport) debug_printf("%s expect mail\n", __FUNCTION__);
799 count--;
800 if (!smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),
801 '2', ob->command_timeout))
802 {
803 DEBUG(D_transport) debug_printf("bad response for MAIL\n");
804 Ustrcpy(big_buffer, mail_command); /* Fits, because it came from there! */
805 if (errno == 0 && sx->buffer[0] != 0)
806 {
807 uschar flushbuffer[4096];
808 int save_errno = 0;
809 if (sx->buffer[0] == '4')
810 {
811 save_errno = ERRNO_MAIL4XX;
812 addr->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
813 }
814 while (count-- > 0)
815 {
816 if (!smtp_read_response(sx, flushbuffer, sizeof(flushbuffer),
817 '2', ob->command_timeout)
818 && (errno != 0 || flushbuffer[0] == 0))
819 break;
820 }
821 errno = save_errno;
822 }
823
824 if (pending_DATA) count--; /* Number of RCPT responses to come */
825 while (count-- > 0) /* Mark any pending addrs with the host used */
826 {
827 while (addr->transport_return != PENDING_DEFER) addr = addr->next;
828 addr->host_used = sx->host;
829 addr = addr->next;
830 }
831 return -3;
832 }
833 }
834
835 if (pending_DATA) count--; /* Number of RCPT responses to come */
836
837 /* Read and handle the required number of RCPT responses, matching each one up
838 with an address by scanning for the next address whose status is PENDING_DEFER.
839 */
840
841 while (count-- > 0)
842 {
843 while (addr->transport_return != PENDING_DEFER)
844 if (!(addr = addr->next))
845 return -2;
846
847 /* The address was accepted */
848 addr->host_used = sx->host;
849
850 DEBUG(D_transport) debug_printf("%s expect rcpt\n", __FUNCTION__);
851 if (smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),
852 '2', ob->command_timeout))
853 {
854 yield |= 1;
855 addr->transport_return = PENDING_OK;
856
857 /* If af_dr_retry_exists is set, there was a routing delay on this address;
858 ensure that any address-specific retry record is expunged. We do this both
859 for the basic key and for the version that also includes the sender. */
860
861 if (testflag(addr, af_dr_retry_exists))
862 {
863 uschar *altkey = string_sprintf("%s:<%s>", addr->address_retry_key,
864 sender_address);
865 retry_add_item(addr, altkey, rf_delete);
866 retry_add_item(addr, addr->address_retry_key, rf_delete);
867 }
868 }
869
870 /* Timeout while reading the response */
871
872 else if (errno == ETIMEDOUT)
873 {
874 uschar *message = string_sprintf("SMTP timeout after RCPT TO:<%s>",
875 transport_rcpt_address(addr, sx->tblock->rcpt_include_affixes));
876 set_errno_nohost(sx->first_addr, ETIMEDOUT, message, DEFER, FALSE);
877 retry_add_item(addr, addr->address_retry_key, 0);
878 update_waiting = FALSE;
879 return -1;
880 }
881
882 /* Handle other errors in obtaining an SMTP response by returning -1. This
883 will cause all the addresses to be deferred. Restore the SMTP command in
884 big_buffer for which we are checking the response, so the error message
885 makes sense. */
886
887 else if (errno != 0 || sx->buffer[0] == 0)
888 {
889 string_format(big_buffer, big_buffer_size, "RCPT TO:<%s>",
890 transport_rcpt_address(addr, sx->tblock->rcpt_include_affixes));
891 return -2;
892 }
893
894 /* Handle SMTP permanent and temporary response codes. */
895
896 else
897 {
898 addr->message =
899 string_sprintf("SMTP error from remote mail server after RCPT TO:<%s>: "
900 "%s", transport_rcpt_address(addr, sx->tblock->rcpt_include_affixes),
901 string_printing(sx->buffer));
902 setflag(addr, af_pass_message);
903 if (!sx->verify)
904 msglog_line(sx->host, addr->message);
905
906 /* The response was 5xx */
907
908 if (sx->buffer[0] == '5')
909 {
910 addr->transport_return = FAIL;
911 yield |= 2;
912 }
913
914 /* The response was 4xx */
915
916 else
917 {
918 addr->transport_return = DEFER;
919 addr->basic_errno = ERRNO_RCPT4XX;
920 addr->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
921
922 if (!sx->verify)
923 {
924 #ifndef DISABLE_EVENT
925 event_defer_errno = addr->more_errno;
926 msg_event_raise(US"msg:rcpt:host:defer", addr);
927 #endif
928
929 /* Log temporary errors if there are more hosts to be tried.
930 If not, log this last one in the == line. */
931
932 if (sx->host->next)
933 log_write(0, LOG_MAIN, "H=%s [%s]: %s",
934 sx->host->name, sx->host->address, addr->message);
935
936 #ifndef DISABLE_EVENT
937 else
938 msg_event_raise(US"msg:rcpt:defer", addr);
939 #endif
940
941 /* Do not put this message on the list of those waiting for specific
942 hosts, as otherwise it is likely to be tried too often. */
943
944 update_waiting = FALSE;
945
946 /* Add a retry item for the address so that it doesn't get tried again
947 too soon. If address_retry_include_sender is true, add the sender address
948 to the retry key. */
949
950 retry_add_item(addr,
951 ob->address_retry_include_sender
952 ? string_sprintf("%s:<%s>", addr->address_retry_key, sender_address)
953 : addr->address_retry_key,
954 0);
955 }
956 }
957 }
958 } /* Loop for next RCPT response */
959
960 /* Update where to start at for the next block of responses, unless we
961 have already handled all the addresses. */
962
963 if (addr) sx->sync_addr = addr->next;
964
965 /* Handle a response to DATA. If we have not had any good recipients, either
966 previously or in this block, the response is ignored. */
967
968 if (pending_DATA != 0)
969 {
970 DEBUG(D_transport) debug_printf("%s expect data\n", __FUNCTION__);
971 if (!smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),
972 '3', ob->command_timeout))
973 {
974 int code;
975 uschar *msg;
976 BOOL pass_message;
977 if (pending_DATA > 0 || (yield & 1) != 0)
978 {
979 if (errno == 0 && sx->buffer[0] == '4')
980 {
981 errno = ERRNO_DATA4XX;
982 sx->first_addr->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
983 }
984 return -3;
985 }
986 (void)check_response(sx->host, &errno, 0, sx->buffer, &code, &msg, &pass_message);
987 DEBUG(D_transport) debug_printf("%s\nerror for DATA ignored: pipelining "
988 "is in use and there were no good recipients\n", msg);
989 }
990 }
991
992 /* All responses read and handled; MAIL (if present) received 2xx and DATA (if
993 present) received 3xx. If any RCPTs were handled and yielded anything other
994 than 4xx, yield will be set non-zero. */
995
996 return yield;
997 }
998
999
1000
1001 /* Do the client side of smtp-level authentication */
1002 /*
1003 Arguments:
1004 sx smtp connection
1005 buffer EHLO response from server (gets overwritten)
1006
1007 Returns:
1008 OK Success, or failed (but not required): global "smtp_authenticated" set
1009 DEFER Failed authentication (and was required)
1010 ERROR Internal problem
1011
1012 FAIL_SEND Failed communications - transmit
1013 FAIL - response
1014 */
1015
1016 static int
1017 smtp_auth(smtp_context * sx, uschar * buffer, unsigned bufsize)
1018 {
1019 smtp_transport_options_block * ob = sx->ob;
1020 int require_auth;
1021 uschar *fail_reason = US"server did not advertise AUTH support";
1022
1023 f.smtp_authenticated = FALSE;
1024 client_authenticator = client_authenticated_id = client_authenticated_sender = NULL;
1025 require_auth = verify_check_given_host(CUSS &ob->hosts_require_auth, sx->host);
1026
1027 if (sx->esmtp && !regex_AUTH) regex_AUTH =
1028 regex_must_compile(US"\\n250[\\s\\-]AUTH\\s+([\\-\\w\\s]+)(?:\\n|$)",
1029 FALSE, TRUE);
1030
1031 if (sx->esmtp && regex_match_and_setup(regex_AUTH, buffer, 0, -1))
1032 {
1033 uschar *names = string_copyn(expand_nstring[1], expand_nlength[1]);
1034 expand_nmax = -1; /* reset */
1035
1036 /* Must not do this check until after we have saved the result of the
1037 regex match above. */
1038
1039 if (require_auth == OK ||
1040 verify_check_given_host(CUSS &ob->hosts_try_auth, sx->host) == OK)
1041 {
1042 auth_instance *au;
1043 fail_reason = US"no common mechanisms were found";
1044
1045 DEBUG(D_transport) debug_printf("scanning authentication mechanisms\n");
1046
1047 /* Scan the configured authenticators looking for one which is configured
1048 for use as a client, which is not suppressed by client_condition, and
1049 whose name matches an authentication mechanism supported by the server.
1050 If one is found, attempt to authenticate by calling its client function.
1051 */
1052
1053 for (au = auths; !f.smtp_authenticated && au; au = au->next)
1054 {
1055 uschar *p = names;
1056 if (!au->client ||
1057 (au->client_condition != NULL &&
1058 !expand_check_condition(au->client_condition, au->name,
1059 US"client authenticator")))
1060 {
1061 DEBUG(D_transport) debug_printf("skipping %s authenticator: %s\n",
1062 au->name,
1063 (au->client)? "client_condition is false" :
1064 "not configured as a client");
1065 continue;
1066 }
1067
1068 /* Loop to scan supported server mechanisms */
1069
1070 while (*p)
1071 {
1072 int rc;
1073 int len = Ustrlen(au->public_name);
1074 while (isspace(*p)) p++;
1075
1076 if (strncmpic(au->public_name, p, len) != 0 ||
1077 (p[len] != 0 && !isspace(p[len])))
1078 {
1079 while (*p != 0 && !isspace(*p)) p++;
1080 continue;
1081 }
1082
1083 /* Found data for a listed mechanism. Call its client entry. Set
1084 a flag in the outblock so that data is overwritten after sending so
1085 that reflections don't show it. */
1086
1087 fail_reason = US"authentication attempt(s) failed";
1088 sx->outblock.authenticating = TRUE;
1089 rc = (au->info->clientcode)(au, sx,
1090 ob->command_timeout, buffer, bufsize);
1091 sx->outblock.authenticating = FALSE;
1092 DEBUG(D_transport) debug_printf("%s authenticator yielded %d\n",
1093 au->name, rc);
1094
1095 /* A temporary authentication failure must hold up delivery to
1096 this host. After a permanent authentication failure, we carry on
1097 to try other authentication methods. If all fail hard, try to
1098 deliver the message unauthenticated unless require_auth was set. */
1099
1100 switch(rc)
1101 {
1102 case OK:
1103 f.smtp_authenticated = TRUE; /* stops the outer loop */
1104 client_authenticator = au->name;
1105 if (au->set_client_id != NULL)
1106 client_authenticated_id = expand_string(au->set_client_id);
1107 break;
1108
1109 /* Failure after writing a command */
1110
1111 case FAIL_SEND:
1112 return FAIL_SEND;
1113
1114 /* Failure after reading a response */
1115
1116 case FAIL:
1117 if (errno != 0 || buffer[0] != '5') return FAIL;
1118 log_write(0, LOG_MAIN, "%s authenticator failed H=%s [%s] %s",
1119 au->name, sx->host->name, sx->host->address, buffer);
1120 break;
1121
1122 /* Failure by some other means. In effect, the authenticator
1123 decided it wasn't prepared to handle this case. Typically this
1124 is the result of "fail" in an expansion string. Do we need to
1125 log anything here? Feb 2006: a message is now put in the buffer
1126 if logging is required. */
1127
1128 case CANCELLED:
1129 if (*buffer != 0)
1130 log_write(0, LOG_MAIN, "%s authenticator cancelled "
1131 "authentication H=%s [%s] %s", au->name, sx->host->name,
1132 sx->host->address, buffer);
1133 break;
1134
1135 /* Internal problem, message in buffer. */
1136
1137 case ERROR:
1138 set_errno_nohost(sx->addrlist, ERRNO_AUTHPROB, string_copy(buffer),
1139 DEFER, FALSE);
1140 return ERROR;
1141 }
1142
1143 break; /* If not authenticated, try next authenticator */
1144 } /* Loop for scanning supported server mechanisms */
1145 } /* Loop for further authenticators */
1146 }
1147 }
1148
1149 /* If we haven't authenticated, but are required to, give up. */
1150
1151 if (require_auth == OK && !f.smtp_authenticated)
1152 {
1153 set_errno_nohost(sx->addrlist, ERRNO_AUTHFAIL,
1154 string_sprintf("authentication required but %s", fail_reason), DEFER,
1155 FALSE);
1156 return DEFER;
1157 }
1158
1159 return OK;
1160 }
1161
1162
1163 /* Construct AUTH appendix string for MAIL TO */
1164 /*
1165 Arguments
1166 buffer to build string
1167 addrlist chain of potential addresses to deliver
1168 ob transport options
1169
1170 Globals f.smtp_authenticated
1171 client_authenticated_sender
1172 Return True on error, otherwise buffer has (possibly empty) terminated string
1173 */
1174
1175 BOOL
1176 smtp_mail_auth_str(uschar *buffer, unsigned bufsize, address_item *addrlist,
1177 smtp_transport_options_block *ob)
1178 {
1179 uschar *local_authenticated_sender = authenticated_sender;
1180
1181 #ifdef notdef
1182 debug_printf("smtp_mail_auth_str: as<%s> os<%s> SA<%s>\n", authenticated_sender, ob->authenticated_sender, f.smtp_authenticated?"Y":"N");
1183 #endif
1184
1185 if (ob->authenticated_sender != NULL)
1186 {
1187 uschar *new = expand_string(ob->authenticated_sender);
1188 if (new == NULL)
1189 {
1190 if (!f.expand_string_forcedfail)
1191 {
1192 uschar *message = string_sprintf("failed to expand "
1193 "authenticated_sender: %s", expand_string_message);
1194 set_errno_nohost(addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE);
1195 return TRUE;
1196 }
1197 }
1198 else if (new[0] != 0) local_authenticated_sender = new;
1199 }
1200
1201 /* Add the authenticated sender address if present */
1202
1203 if ((f.smtp_authenticated || ob->authenticated_sender_force) &&
1204 local_authenticated_sender != NULL)
1205 {
1206 string_format(buffer, bufsize, " AUTH=%s",
1207 auth_xtextencode(local_authenticated_sender,
1208 Ustrlen(local_authenticated_sender)));
1209 client_authenticated_sender = string_copy(local_authenticated_sender);
1210 }
1211 else
1212 *buffer= 0;
1213
1214 return FALSE;
1215 }
1216
1217
1218
1219 #ifdef SUPPORT_DANE
1220 /* Lookup TLSA record for host/port.
1221 Return: OK success with dnssec; DANE mode
1222 DEFER Do not use this host now, may retry later
1223 FAIL_FORCED No TLSA record; DANE not usable
1224 FAIL Do not use this connection
1225 */
1226
1227 int
1228 tlsa_lookup(const host_item * host, dns_answer * dnsa, BOOL dane_required)
1229 {
1230 /* move this out to host.c given the similarity to dns_lookup() ? */
1231 uschar buffer[300];
1232 const uschar * fullname = buffer;
1233 int rc;
1234 BOOL sec;
1235
1236 /* TLSA lookup string */
1237 (void)sprintf(CS buffer, "_%d._tcp.%.256s", host->port, host->name);
1238
1239 rc = dns_lookup(dnsa, buffer, T_TLSA, &fullname);
1240 sec = dns_is_secure(dnsa);
1241 DEBUG(D_transport)
1242 debug_printf("TLSA lookup ret %d %sDNSSEC\n", rc, sec ? "" : "not ");
1243
1244 switch (rc)
1245 {
1246 case DNS_AGAIN:
1247 return DEFER; /* just defer this TLS'd conn */
1248
1249 case DNS_SUCCEED:
1250 if (sec)
1251 {
1252 DEBUG(D_transport)
1253 {
1254 dns_scan dnss;
1255 dns_record * rr;
1256 for (rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;
1257 rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
1258 if (rr->type == T_TLSA && rr->size > 3)
1259 {
1260 uint16_t payload_length = rr->size - 3;
1261 uschar s[MAX_TLSA_EXPANDED_SIZE], * sp = s, * p = US rr->data;
1262
1263 sp += sprintf(CS sp, "%d ", *p++); /* usage */
1264 sp += sprintf(CS sp, "%d ", *p++); /* selector */
1265 sp += sprintf(CS sp, "%d ", *p++); /* matchtype */
1266 while (payload_length-- > 0 && sp-s < (MAX_TLSA_EXPANDED_SIZE - 4))
1267 sp += sprintf(CS sp, "%02x", *p++);
1268
1269 debug_printf(" %s\n", s);
1270 }
1271 }
1272 return OK;
1273 }
1274 log_write(0, LOG_MAIN,
1275 "DANE error: TLSA lookup for %s not DNSSEC", host->name);
1276 /*FALLTRHOUGH*/
1277
1278 case DNS_NODATA: /* no TLSA RR for this lookup */
1279 case DNS_NOMATCH: /* no records at all for this lookup */
1280 return dane_required ? FAIL : FAIL_FORCED;
1281
1282 default:
1283 case DNS_FAIL:
1284 return dane_required ? FAIL : DEFER;
1285 }
1286 }
1287 #endif
1288
1289
1290
1291 typedef struct smtp_compare_s
1292 {
1293 uschar *current_sender_address;
1294 struct transport_instance *tblock;
1295 } smtp_compare_t;
1296
1297
1298 /* Create a unique string that identifies this message, it is based on
1299 sender_address, helo_data and tls_certificate if enabled.
1300 */
1301
1302 static uschar *
1303 smtp_local_identity(uschar * sender, struct transport_instance * tblock)
1304 {
1305 address_item * addr1;
1306 uschar * if1 = US"";
1307 uschar * helo1 = US"";
1308 #ifdef SUPPORT_TLS
1309 uschar * tlsc1 = US"";
1310 #endif
1311 uschar * save_sender_address = sender_address;
1312 uschar * local_identity = NULL;
1313 smtp_transport_options_block * ob =
1314 (smtp_transport_options_block *)tblock->options_block;
1315
1316 sender_address = sender;
1317
1318 addr1 = deliver_make_addr (sender, TRUE);
1319 deliver_set_expansions(addr1);
1320
1321 if (ob->interface)
1322 if1 = expand_string(ob->interface);
1323
1324 if (ob->helo_data)
1325 helo1 = expand_string(ob->helo_data);
1326
1327 #ifdef SUPPORT_TLS
1328 if (ob->tls_certificate)
1329 tlsc1 = expand_string(ob->tls_certificate);
1330 local_identity = string_sprintf ("%s^%s^%s", if1, helo1, tlsc1);
1331 #else
1332 local_identity = string_sprintf ("%s^%s", if1, helo1);
1333 #endif
1334
1335 deliver_set_expansions(NULL);
1336 sender_address = save_sender_address;
1337
1338 return local_identity;
1339 }
1340
1341
1342
1343 /* This routine is a callback that is called from transport_check_waiting.
1344 This function will evaluate the incoming message versus the previous
1345 message. If the incoming message is using a different local identity then
1346 we will veto this new message. */
1347
1348 static BOOL
1349 smtp_are_same_identities(uschar * message_id, smtp_compare_t * s_compare)
1350 {
1351 uschar * message_local_identity,
1352 * current_local_identity,
1353 * new_sender_address;
1354
1355 current_local_identity =
1356 smtp_local_identity(s_compare->current_sender_address, s_compare->tblock);
1357
1358 if (!(new_sender_address = deliver_get_sender_address(message_id)))
1359 return 0;
1360
1361 message_local_identity =
1362 smtp_local_identity(new_sender_address, s_compare->tblock);
1363
1364 return Ustrcmp(current_local_identity, message_local_identity) == 0;
1365 }
1366
1367
1368
1369 static unsigned
1370 ehlo_response(uschar * buf, unsigned checks)
1371 {
1372 size_t bsize = Ustrlen(buf);
1373
1374 #ifdef SUPPORT_TLS
1375 if ( checks & OPTION_TLS
1376 && pcre_exec(regex_STARTTLS, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
1377 checks &= ~OPTION_TLS;
1378
1379 # ifdef EXPERIMENTAL_REQUIRETLS
1380 if ( checks & OPTION_REQUIRETLS
1381 && pcre_exec(regex_REQUIRETLS, NULL, CS buf,bsize, 0, PCRE_EOPT, NULL,0) < 0)
1382 checks &= ~OPTION_REQUIRETLS;
1383 # endif
1384 #endif
1385
1386 if ( checks & OPTION_IGNQ
1387 && pcre_exec(regex_IGNOREQUOTA, NULL, CS buf, bsize, 0,
1388 PCRE_EOPT, NULL, 0) < 0)
1389 checks &= ~OPTION_IGNQ;
1390
1391 if ( checks & OPTION_CHUNKING
1392 && pcre_exec(regex_CHUNKING, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
1393 checks &= ~OPTION_CHUNKING;
1394
1395 #ifndef DISABLE_PRDR
1396 if ( checks & OPTION_PRDR
1397 && pcre_exec(regex_PRDR, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
1398 checks &= ~OPTION_PRDR;
1399 #endif
1400
1401 #ifdef SUPPORT_I18N
1402 if ( checks & OPTION_UTF8
1403 && pcre_exec(regex_UTF8, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
1404 checks &= ~OPTION_UTF8;
1405 #endif
1406
1407 if ( checks & OPTION_DSN
1408 && pcre_exec(regex_DSN, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
1409 checks &= ~OPTION_DSN;
1410
1411 if ( checks & OPTION_PIPE
1412 && pcre_exec(regex_PIPELINING, NULL, CS buf, bsize, 0,
1413 PCRE_EOPT, NULL, 0) < 0)
1414 checks &= ~OPTION_PIPE;
1415
1416 if ( checks & OPTION_SIZE
1417 && pcre_exec(regex_SIZE, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
1418 checks &= ~OPTION_SIZE;
1419
1420 return checks;
1421 }
1422
1423
1424
1425 /* Callback for emitting a BDAT data chunk header.
1426
1427 If given a nonzero size, first flush any buffered SMTP commands
1428 then emit the command.
1429
1430 Reap previous SMTP command responses if requested, and always reap
1431 the response from a previous BDAT command.
1432
1433 Args:
1434 tctx transport context
1435 chunk_size value for SMTP BDAT command
1436 flags
1437 tc_chunk_last add LAST option to SMTP BDAT command
1438 tc_reap_prev reap response to previous SMTP commands
1439
1440 Returns: OK or ERROR
1441 */
1442
1443 static int
1444 smtp_chunk_cmd_callback(transport_ctx * tctx, unsigned chunk_size,
1445 unsigned flags)
1446 {
1447 smtp_transport_options_block * ob =
1448 (smtp_transport_options_block *)(tctx->tblock->options_block);
1449 smtp_context * sx = tctx->smtp_context;
1450 int cmd_count = 0;
1451 int prev_cmd_count;
1452
1453 /* Write SMTP chunk header command. If not reaping responses, note that
1454 there may be more writes (like, the chunk data) done soon. */
1455
1456 if (chunk_size > 0)
1457 {
1458 if((cmd_count = smtp_write_command(sx,
1459 flags & tc_reap_prev ? SCMD_FLUSH : SCMD_MORE,
1460 "BDAT %u%s\r\n", chunk_size, flags & tc_chunk_last ? " LAST" : "")
1461 ) < 0) return ERROR;
1462 if (flags & tc_chunk_last)
1463 data_command = string_copy(big_buffer); /* Save for later error message */
1464 }
1465
1466 prev_cmd_count = cmd_count += sx->cmd_count;
1467
1468 /* Reap responses for any previous, but not one we just emitted */
1469
1470 if (chunk_size > 0)
1471 prev_cmd_count--;
1472 if (sx->pending_BDAT)
1473 prev_cmd_count--;
1474
1475 if (flags & tc_reap_prev && prev_cmd_count > 0)
1476 {
1477 DEBUG(D_transport) debug_printf("look for %d responses"
1478 " for previous pipelined cmds\n", prev_cmd_count);
1479
1480 switch(sync_responses(sx, prev_cmd_count, 0))
1481 {
1482 case 1: /* 2xx (only) => OK */
1483 case 3: sx->good_RCPT = TRUE; /* 2xx & 5xx => OK & progress made */
1484 case 2: sx->completed_addr = TRUE; /* 5xx (only) => progress made */
1485 case 0: break; /* No 2xx or 5xx, but no probs */
1486
1487 case -1: /* Timeout on RCPT */
1488 default: return ERROR; /* I/O error, or any MAIL/DATA error */
1489 }
1490 cmd_count = 1;
1491 if (!sx->pending_BDAT)
1492 pipelining_active = FALSE;
1493 }
1494
1495 /* Reap response for an outstanding BDAT */
1496
1497 if (sx->pending_BDAT)
1498 {
1499 DEBUG(D_transport) debug_printf("look for one response for BDAT\n");
1500
1501 if (!smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '2',
1502 ob->command_timeout))
1503 {
1504 if (errno == 0 && sx->buffer[0] == '4')
1505 {
1506 errno = ERRNO_DATA4XX; /*XXX does this actually get used? */
1507 sx->addrlist->more_errno |=
1508 ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
1509 }
1510 return ERROR;
1511 }
1512 cmd_count--;
1513 sx->pending_BDAT = FALSE;
1514 pipelining_active = FALSE;
1515 }
1516 else if (chunk_size > 0)
1517 sx->pending_BDAT = TRUE;
1518
1519
1520 sx->cmd_count = cmd_count;
1521 return OK;
1522 }
1523
1524
1525
1526 /*************************************************
1527 * Make connection for given message *
1528 *************************************************/
1529
1530 /*
1531 Arguments:
1532 ctx connection context
1533 suppress_tls if TRUE, don't attempt a TLS connection - this is set for
1534 a second attempt after TLS initialization fails
1535
1536 Returns: OK - the connection was made and the delivery attempted;
1537 fd is set in the conn context, tls_out set up.
1538 DEFER - the connection could not be made, or something failed
1539 while setting up the SMTP session, or there was a
1540 non-message-specific error, such as a timeout.
1541 ERROR - helo_data or add_headers or authenticated_sender is
1542 specified for this transport, and the string failed
1543 to expand
1544 */
1545 int
1546 smtp_setup_conn(smtp_context * sx, BOOL suppress_tls)
1547 {
1548 #if defined(SUPPORT_TLS) && defined(SUPPORT_DANE)
1549 dns_answer tlsa_dnsa;
1550 #endif
1551 BOOL pass_message = FALSE;
1552 uschar * message = NULL;
1553 int yield = OK;
1554 int rc;
1555
1556 sx->ob = (smtp_transport_options_block *) sx->tblock->options_block;
1557
1558 sx->lmtp = strcmpic(sx->ob->protocol, US"lmtp") == 0;
1559 sx->smtps = strcmpic(sx->ob->protocol, US"smtps") == 0;
1560 sx->ok = FALSE;
1561 sx->send_rset = TRUE;
1562 sx->send_quit = TRUE;
1563 sx->setting_up = TRUE;
1564 sx->esmtp = TRUE;
1565 sx->esmtp_sent = FALSE;
1566 #ifdef SUPPORT_I18N
1567 sx->utf8_needed = FALSE;
1568 #endif
1569 sx->dsn_all_lasthop = TRUE;
1570 #if defined(SUPPORT_TLS) && defined(SUPPORT_DANE)
1571 sx->dane = FALSE;
1572 sx->dane_required =
1573 verify_check_given_host(CUSS &sx->ob->hosts_require_dane, sx->host) == OK;
1574 #endif
1575
1576 if ((sx->max_rcpt = sx->tblock->max_addresses) == 0) sx->max_rcpt = 999999;
1577 sx->peer_offered = 0;
1578 sx->avoid_option = 0;
1579 sx->igquotstr = US"";
1580 if (!sx->helo_data) sx->helo_data = sx->ob->helo_data;
1581 #ifdef EXPERIMENTAL_DSN_INFO
1582 sx->smtp_greeting = NULL;
1583 sx->helo_response = NULL;
1584 #endif
1585
1586 smtp_command = US"initial connection";
1587 sx->buffer[0] = '\0';
1588
1589 /* Set up the buffer for reading SMTP response packets. */
1590
1591 sx->inblock.buffer = sx->inbuffer;
1592 sx->inblock.buffersize = sizeof(sx->inbuffer);
1593 sx->inblock.ptr = sx->inbuffer;
1594 sx->inblock.ptrend = sx->inbuffer;
1595
1596 /* Set up the buffer for holding SMTP commands while pipelining */
1597
1598 sx->outblock.buffer = sx->outbuffer;
1599 sx->outblock.buffersize = sizeof(sx->outbuffer);
1600 sx->outblock.ptr = sx->outbuffer;
1601 sx->outblock.cmd_count = 0;
1602 sx->outblock.authenticating = FALSE;
1603
1604 /* Reset the parameters of a TLS session. */
1605
1606 tls_out.bits = 0;
1607 tls_out.cipher = NULL; /* the one we may use for this transport */
1608 tls_out.ourcert = NULL;
1609 tls_out.peercert = NULL;
1610 tls_out.peerdn = NULL;
1611 #if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
1612 tls_out.sni = NULL;
1613 #endif
1614 tls_out.ocsp = OCSP_NOT_REQ;
1615
1616 /* Flip the legacy TLS-related variables over to the outbound set in case
1617 they're used in the context of the transport. Don't bother resetting
1618 afterward (when being used by a transport) as we're in a subprocess.
1619 For verify, unflipped once the callout is dealt with */
1620
1621 tls_modify_variables(&tls_out);
1622
1623 #ifndef SUPPORT_TLS
1624 if (sx->smtps)
1625 {
1626 set_errno_nohost(sx->addrlist, ERRNO_TLSFAILURE, US"TLS support not available",
1627 DEFER, FALSE);
1628 return ERROR;
1629 }
1630 #endif
1631
1632 /* Make a connection to the host if this isn't a continued delivery, and handle
1633 the initial interaction and HELO/EHLO/LHLO. Connect timeout errors are handled
1634 specially so they can be identified for retries. */
1635
1636 if (!continue_hostname)
1637 {
1638 if (sx->verify)
1639 HDEBUG(D_verify) debug_printf("interface=%s port=%d\n", sx->interface, sx->port);
1640
1641 /* Get the actual port the connection will use, into sx->host */
1642
1643 smtp_port_for_connect(sx->host, sx->port);
1644
1645 #if defined(SUPPORT_TLS) && defined(SUPPORT_DANE)
1646 /* Do TLSA lookup for DANE */
1647 {
1648 tls_out.dane_verified = FALSE;
1649 tls_out.tlsa_usage = 0;
1650
1651 if (sx->host->dnssec == DS_YES)
1652 {
1653 if( sx->dane_required
1654 || verify_check_given_host(CUSS &sx->ob->hosts_try_dane, sx->host) == OK
1655 )
1656 switch (rc = tlsa_lookup(sx->host, &tlsa_dnsa, sx->dane_required))
1657 {
1658 case OK: sx->dane = TRUE;
1659 sx->ob->tls_tempfail_tryclear = FALSE;
1660 break;
1661 case FAIL_FORCED: break;
1662 default: set_errno_nohost(sx->addrlist, ERRNO_DNSDEFER,
1663 string_sprintf("DANE error: tlsa lookup %s",
1664 rc == DEFER ? "DEFER" : "FAIL"),
1665 rc, FALSE);
1666 # ifndef DISABLE_EVENT
1667 (void) event_raise(sx->tblock->event_action,
1668 US"dane:fail", sx->dane_required
1669 ? US"dane-required" : US"dnssec-invalid");
1670 # endif
1671 return rc;
1672 }
1673 }
1674 else if (sx->dane_required)
1675 {
1676 set_errno_nohost(sx->addrlist, ERRNO_DNSDEFER,
1677 string_sprintf("DANE error: %s lookup not DNSSEC", sx->host->name),
1678 FAIL, FALSE);
1679 # ifndef DISABLE_EVENT
1680 (void) event_raise(sx->tblock->event_action,
1681 US"dane:fail", US"dane-required");
1682 # endif
1683 return FAIL;
1684 }
1685 }
1686 #endif /*DANE*/
1687
1688 /* Make the TCP connection */
1689
1690 sx->cctx.sock =
1691 smtp_connect(sx->host, sx->host_af, sx->interface,
1692 sx->ob->connect_timeout, sx->tblock);
1693 sx->cctx.tls_ctx = NULL;
1694 sx->inblock.cctx = sx->outblock.cctx = &sx->cctx;
1695
1696 if (sx->cctx.sock < 0)
1697 {
1698 uschar * msg = NULL;
1699 if (sx->verify)
1700 {
1701 msg = US strerror(errno);
1702 HDEBUG(D_verify) debug_printf("connect: %s\n", msg);
1703 }
1704 set_errno_nohost(sx->addrlist,
1705 errno == ETIMEDOUT ? ERRNO_CONNECTTIMEOUT : errno,
1706 sx->verify ? string_sprintf("could not connect: %s", msg)
1707 : NULL,
1708 DEFER, FALSE);
1709 sx->send_quit = FALSE;
1710 return DEFER;
1711 }
1712
1713 /* Expand the greeting message while waiting for the initial response. (Makes
1714 sense if helo_data contains ${lookup dnsdb ...} stuff). The expansion is
1715 delayed till here so that $sending_interface and $sending_port are set. */
1716
1717 if (sx->helo_data)
1718 if (!(sx->helo_data = expand_string(sx->helo_data)))
1719 if (sx->verify)
1720 log_write(0, LOG_MAIN|LOG_PANIC,
1721 "<%s>: failed to expand transport's helo_data value for callout: %s",
1722 sx->addrlist->address, expand_string_message);
1723
1724 #ifdef SUPPORT_I18N
1725 if (sx->helo_data)
1726 {
1727 expand_string_message = NULL;
1728 if ((sx->helo_data = string_domain_utf8_to_alabel(sx->helo_data,
1729 &expand_string_message)),
1730 expand_string_message)
1731 if (sx->verify)
1732 log_write(0, LOG_MAIN|LOG_PANIC,
1733 "<%s>: failed to expand transport's helo_data value for callout: %s",
1734 sx->addrlist->address, expand_string_message);
1735 else
1736 sx->helo_data = NULL;
1737 }
1738 #endif
1739
1740 /* The first thing is to wait for an initial OK response. The dreaded "goto"
1741 is nevertheless a reasonably clean way of programming this kind of logic,
1742 where you want to escape on any error. */
1743
1744 if (!sx->smtps)
1745 {
1746 BOOL good_response;
1747
1748 #ifdef TCP_QUICKACK
1749 (void) setsockopt(sx->cctx.sock, IPPROTO_TCP, TCP_QUICKACK, US &off, sizeof(off));
1750 #endif
1751 good_response = smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),
1752 '2', sx->ob->command_timeout);
1753 #ifdef EXPERIMENTAL_DSN_INFO
1754 sx->smtp_greeting = string_copy(sx->buffer);
1755 #endif
1756 if (!good_response) goto RESPONSE_FAILED;
1757
1758 #ifndef DISABLE_EVENT
1759 {
1760 uschar * s;
1761 lookup_dnssec_authenticated = sx->host->dnssec==DS_YES ? US"yes"
1762 : sx->host->dnssec==DS_NO ? US"no" : NULL;
1763 s = event_raise(sx->tblock->event_action, US"smtp:connect", sx->buffer);
1764 if (s)
1765 {
1766 set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL,
1767 string_sprintf("deferred by smtp:connect event expansion: %s", s),
1768 DEFER, FALSE);
1769 yield = DEFER;
1770 goto SEND_QUIT;
1771 }
1772 }
1773 #endif
1774
1775 /* Now check if the helo_data expansion went well, and sign off cleanly if
1776 it didn't. */
1777
1778 if (!sx->helo_data)
1779 {
1780 message = string_sprintf("failed to expand helo_data: %s",
1781 expand_string_message);
1782 set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE);
1783 yield = DEFER;
1784 goto SEND_QUIT;
1785 }
1786 }
1787
1788 /** Debugging without sending a message
1789 sx->addrlist->transport_return = DEFER;
1790 goto SEND_QUIT;
1791 **/
1792
1793 /* Errors that occur after this point follow an SMTP command, which is
1794 left in big_buffer by smtp_write_command() for use in error messages. */
1795
1796 smtp_command = big_buffer;
1797
1798 /* Tell the remote who we are...
1799
1800 February 1998: A convention has evolved that ESMTP-speaking MTAs include the
1801 string "ESMTP" in their greeting lines, so make Exim send EHLO if the
1802 greeting is of this form. The assumption was that the far end supports it
1803 properly... but experience shows that there are some that give 5xx responses,
1804 even though the banner includes "ESMTP" (there's a bloody-minded one that
1805 says "ESMTP not spoken here"). Cope with that case.
1806
1807 September 2000: Time has passed, and it seems reasonable now to always send
1808 EHLO at the start. It is also convenient to make the change while installing
1809 the TLS stuff.
1810
1811 July 2003: Joachim Wieland met a broken server that advertises "PIPELINING"
1812 but times out after sending MAIL FROM, RCPT TO and DATA all together. There
1813 would be no way to send out the mails, so there is now a host list
1814 "hosts_avoid_esmtp" that disables ESMTP for special hosts and solves the
1815 PIPELINING problem as well. Maybe it can also be useful to cure other
1816 problems with broken servers.
1817
1818 Exim originally sent "Helo" at this point and ran for nearly a year that way.
1819 Then somebody tried it with a Microsoft mailer... It seems that all other
1820 mailers use upper case for some reason (the RFC is quite clear about case
1821 independence) so, for peace of mind, I gave in. */
1822
1823 sx->esmtp = verify_check_given_host(CUSS &sx->ob->hosts_avoid_esmtp, sx->host) != OK;
1824
1825 /* Alas; be careful, since this goto is not an error-out, so conceivably
1826 we might set data between here and the target which we assume to exist
1827 and be usable. I can see this coming back to bite us. */
1828 #ifdef SUPPORT_TLS
1829 if (sx->smtps)
1830 {
1831 smtp_peer_options |= OPTION_TLS;
1832 suppress_tls = FALSE;
1833 sx->ob->tls_tempfail_tryclear = FALSE;
1834 smtp_command = US"SSL-on-connect";
1835 goto TLS_NEGOTIATE;
1836 }
1837 #endif
1838
1839 if (sx->esmtp)
1840 {
1841 if (smtp_write_command(sx, SCMD_FLUSH, "%s %s\r\n",
1842 sx->lmtp ? "LHLO" : "EHLO", sx->helo_data) < 0)
1843 goto SEND_FAILED;
1844 sx->esmtp_sent = TRUE;
1845 if (!smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '2',
1846 sx->ob->command_timeout))
1847 {
1848 if (errno != 0 || sx->buffer[0] == 0 || sx->lmtp)
1849 {
1850 #ifdef EXPERIMENTAL_DSN_INFO
1851 sx->helo_response = string_copy(sx->buffer);
1852 #endif
1853 goto RESPONSE_FAILED;
1854 }
1855 sx->esmtp = FALSE;
1856 }
1857 #ifdef EXPERIMENTAL_DSN_INFO
1858 sx->helo_response = string_copy(sx->buffer);
1859 #endif
1860 }
1861 else
1862 DEBUG(D_transport)
1863 debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
1864
1865 if (!sx->esmtp)
1866 {
1867 BOOL good_response;
1868 int n = sizeof(sx->buffer);
1869 uschar * rsp = sx->buffer;
1870
1871 if (sx->esmtp_sent && (n = Ustrlen(sx->buffer)) < sizeof(sx->buffer)/2)
1872 { rsp = sx->buffer + n + 1; n = sizeof(sx->buffer) - n; }
1873
1874 if (smtp_write_command(sx, SCMD_FLUSH, "HELO %s\r\n", sx->helo_data) < 0)
1875 goto SEND_FAILED;
1876 good_response = smtp_read_response(sx, rsp, n, '2', sx->ob->command_timeout);
1877 #ifdef EXPERIMENTAL_DSN_INFO
1878 sx->helo_response = string_copy(rsp);
1879 #endif
1880 if (!good_response)
1881 {
1882 /* Handle special logging for a closed connection after HELO
1883 when had previously sent EHLO */
1884
1885 if (rsp != sx->buffer && rsp[0] == 0 && (errno == 0 || errno == ECONNRESET))
1886 {
1887 errno = ERRNO_SMTPCLOSED;
1888 goto EHLOHELO_FAILED;
1889 }
1890 memmove(sx->buffer, rsp, Ustrlen(rsp));
1891 goto RESPONSE_FAILED;
1892 }
1893 }
1894
1895 sx->avoid_option = sx->peer_offered = smtp_peer_options = 0;
1896
1897 if (sx->esmtp || sx->lmtp)
1898 {
1899 sx->peer_offered = ehlo_response(sx->buffer,
1900 OPTION_TLS /* others checked later */
1901 );
1902
1903 /* Set tls_offered if the response to EHLO specifies support for STARTTLS. */
1904
1905 #ifdef SUPPORT_TLS
1906 smtp_peer_options |= sx->peer_offered & OPTION_TLS;
1907 #endif
1908 }
1909 }
1910
1911 /* For continuing deliveries down the same channel, having re-exec'd the socket
1912 is the standard input; for a socket held open from verify it is recorded
1913 in the cutthrough context block. Either way we don't need to redo EHLO here
1914 (but may need to do so for TLS - see below).
1915 Set up the pointer to where subsequent commands will be left, for
1916 error messages. Note that smtp_peer_options will have been
1917 set from the command line if they were set in the process that passed the
1918 connection on. */
1919
1920 /*XXX continue case needs to propagate DSN_INFO, prob. in deliver.c
1921 as the continue goes via transport_pass_socket() and doublefork and exec.
1922 It does not wait. Unclear how we keep separate host's responses
1923 separate - we could match up by host ip+port as a bodge. */
1924
1925 else
1926 {
1927 if (cutthrough.cctx.sock >= 0 && cutthrough.callout_hold_only)
1928 {
1929 sx->cctx = cutthrough.cctx;
1930 sx->host->port = sx->port = cutthrough.host.port;
1931 }
1932 else
1933 {
1934 sx->cctx.sock = 0; /* stdin */
1935 sx->cctx.tls_ctx = NULL;
1936 smtp_port_for_connect(sx->host, sx->port); /* Record the port that was used */
1937 }
1938 sx->inblock.cctx = sx->outblock.cctx = &sx->cctx;
1939 smtp_command = big_buffer;
1940 sx->helo_data = NULL; /* ensure we re-expand ob->helo_data */
1941
1942 /* For a continued connection with TLS being proxied for us, or a
1943 held-open verify connection with TLS, nothing more to do. */
1944
1945 if ( continue_proxy_cipher
1946 || (cutthrough.cctx.sock >= 0 && cutthrough.callout_hold_only
1947 && cutthrough.is_tls)
1948 )
1949 {
1950 sx->peer_offered = smtp_peer_options;
1951 sx->pipelining_used = pipelining_active = !!(smtp_peer_options & OPTION_PIPE);
1952 HDEBUG(D_transport) debug_printf("continued connection, %s TLS\n",
1953 continue_proxy_cipher ? "proxied" : "verify conn with");
1954 return OK;
1955 }
1956 HDEBUG(D_transport) debug_printf("continued connection, no TLS\n");
1957 }
1958
1959 /* If TLS is available on this connection, whether continued or not, attempt to
1960 start up a TLS session, unless the host is in hosts_avoid_tls. If successful,
1961 send another EHLO - the server may give a different answer in secure mode. We
1962 use a separate buffer for reading the response to STARTTLS so that if it is
1963 negative, the original EHLO data is available for subsequent analysis, should
1964 the client not be required to use TLS. If the response is bad, copy the buffer
1965 for error analysis. */
1966
1967 #ifdef SUPPORT_TLS
1968 if ( smtp_peer_options & OPTION_TLS
1969 && !suppress_tls
1970 && verify_check_given_host(CUSS &sx->ob->hosts_avoid_tls, sx->host) != OK
1971 && ( !sx->verify
1972 || verify_check_given_host(CUSS &sx->ob->hosts_verify_avoid_tls, sx->host) != OK
1973 ) )
1974 {
1975 uschar buffer2[4096];
1976 if (smtp_write_command(sx, SCMD_FLUSH, "STARTTLS\r\n") < 0)
1977 goto SEND_FAILED;
1978
1979 /* If there is an I/O error, transmission of this message is deferred. If
1980 there is a temporary rejection of STARRTLS and tls_tempfail_tryclear is
1981 false, we also defer. However, if there is a temporary rejection of STARTTLS
1982 and tls_tempfail_tryclear is true, or if there is an outright rejection of
1983 STARTTLS, we carry on. This means we will try to send the message in clear,
1984 unless the host is in hosts_require_tls (tested below). */
1985
1986 if (!smtp_read_response(sx, buffer2, sizeof(buffer2), '2',
1987 sx->ob->command_timeout))
1988 {
1989 if ( errno != 0
1990 || buffer2[0] == 0
1991 || (buffer2[0] == '4' && !sx->ob->tls_tempfail_tryclear)
1992 )
1993 {
1994 Ustrncpy(sx->buffer, buffer2, sizeof(sx->buffer));
1995 sx->buffer[sizeof(sx->buffer)-1] = '\0';
1996 goto RESPONSE_FAILED;
1997 }
1998 }
1999
2000 /* STARTTLS accepted: try to negotiate a TLS session. */
2001
2002 else
2003 TLS_NEGOTIATE:
2004 {
2005 address_item * addr;
2006 uschar * errstr;
2007 sx->cctx.tls_ctx = tls_client_start(sx->cctx.sock, sx->host,
2008 sx->addrlist, sx->tblock,
2009 # ifdef SUPPORT_DANE
2010 sx->dane ? &tlsa_dnsa : NULL,
2011 # endif
2012 &tls_out, &errstr);
2013
2014 if (!sx->cctx.tls_ctx)
2015 {
2016 /* TLS negotiation failed; give an error. From outside, this function may
2017 be called again to try in clear on a new connection, if the options permit
2018 it for this host. */
2019 DEBUG(D_tls) debug_printf("TLS session fail: %s\n", errstr);
2020
2021 # ifdef SUPPORT_DANE
2022 if (sx->dane)
2023 {
2024 log_write(0, LOG_MAIN,
2025 "DANE attempt failed; TLS connection to %s [%s]: %s",
2026 sx->host->name, sx->host->address, errstr);
2027 # ifndef DISABLE_EVENT
2028 (void) event_raise(sx->tblock->event_action,
2029 US"dane:fail", US"validation-failure"); /* could do with better detail */
2030 # endif
2031 }
2032 # endif
2033
2034 errno = ERRNO_TLSFAILURE;
2035 message = string_sprintf("TLS session: %s", errstr);
2036 sx->send_quit = FALSE;
2037 goto TLS_FAILED;
2038 }
2039
2040 /* TLS session is set up */
2041
2042 smtp_peer_options_wrap = smtp_peer_options;
2043 for (addr = sx->addrlist; addr; addr = addr->next)
2044 if (addr->transport_return == PENDING_DEFER)
2045 {
2046 addr->cipher = tls_out.cipher;
2047 addr->ourcert = tls_out.ourcert;
2048 addr->peercert = tls_out.peercert;
2049 addr->peerdn = tls_out.peerdn;
2050 addr->ocsp = tls_out.ocsp;
2051 }
2052 }
2053 }
2054
2055 /* if smtps, we'll have smtp_command set to something else; always safe to
2056 reset it here. */
2057 smtp_command = big_buffer;
2058
2059 /* If we started TLS, redo the EHLO/LHLO exchange over the secure channel. If
2060 helo_data is null, we are dealing with a connection that was passed from
2061 another process, and so we won't have expanded helo_data above. We have to
2062 expand it here. $sending_ip_address and $sending_port are set up right at the
2063 start of the Exim process (in exim.c). */
2064
2065 if (tls_out.active.sock >= 0)
2066 {
2067 char *greeting_cmd;
2068 BOOL good_response;
2069
2070 if (!sx->helo_data && !(sx->helo_data = expand_string(sx->ob->helo_data)))
2071 {
2072 uschar *message = string_sprintf("failed to expand helo_data: %s",
2073 expand_string_message);
2074 set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE);
2075 yield = DEFER;
2076 goto SEND_QUIT;
2077 }
2078
2079 /* For SMTPS we need to wait for the initial OK response. */
2080 if (sx->smtps)
2081 {
2082 good_response = smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),
2083 '2', sx->ob->command_timeout);
2084 #ifdef EXPERIMENTAL_DSN_INFO
2085 sx->smtp_greeting = string_copy(sx->buffer);
2086 #endif
2087 if (!good_response) goto RESPONSE_FAILED;
2088 }
2089
2090 if (sx->esmtp)
2091 greeting_cmd = "EHLO";
2092 else
2093 {
2094 greeting_cmd = "HELO";
2095 DEBUG(D_transport)
2096 debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
2097 }
2098
2099 if (smtp_write_command(sx, SCMD_FLUSH, "%s %s\r\n",
2100 sx->lmtp ? "LHLO" : greeting_cmd, sx->helo_data) < 0)
2101 goto SEND_FAILED;
2102 good_response = smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),
2103 '2', sx->ob->command_timeout);
2104 #ifdef EXPERIMENTAL_DSN_INFO
2105 sx->helo_response = string_copy(sx->buffer);
2106 #endif
2107 if (!good_response) goto RESPONSE_FAILED;
2108 smtp_peer_options = 0;
2109 }
2110
2111 /* If the host is required to use a secure channel, ensure that we
2112 have one. */
2113
2114 else if ( sx->smtps
2115 # ifdef SUPPORT_DANE
2116 || sx->dane
2117 # endif
2118 # ifdef EXPERIMENTAL_REQUIRETLS
2119 || tls_requiretls & REQUIRETLS_MSG
2120 # endif
2121 || verify_check_given_host(CUSS &sx->ob->hosts_require_tls, sx->host) == OK
2122 )
2123 {
2124 errno =
2125 # ifdef EXPERIMENTAL_REQUIRETLS
2126 tls_requiretls & REQUIRETLS_MSG ? ERRNO_REQUIRETLS :
2127 # endif
2128 ERRNO_TLSREQUIRED;
2129 message = string_sprintf("a TLS session is required, but %s",
2130 smtp_peer_options & OPTION_TLS
2131 ? "an attempt to start TLS failed" : "the server did not offer TLS support");
2132 # if defined(SUPPORT_DANE) && !defined(DISABLE_EVENT)
2133 if (sx->dane)
2134 (void) event_raise(sx->tblock->event_action, US"dane:fail",
2135 smtp_peer_options & OPTION_TLS
2136 ? US"validation-failure" /* could do with better detail */
2137 : US"starttls-not-supported");
2138 # endif
2139 goto TLS_FAILED;
2140 }
2141 #endif /*SUPPORT_TLS*/
2142
2143 /* If TLS is active, we have just started it up and re-done the EHLO command,
2144 so its response needs to be analyzed. If TLS is not active and this is a
2145 continued session down a previously-used socket, we haven't just done EHLO, so
2146 we skip this. */
2147
2148 if (continue_hostname == NULL
2149 #ifdef SUPPORT_TLS
2150 || tls_out.active.sock >= 0
2151 #endif
2152 )
2153 {
2154 if (sx->esmtp || sx->lmtp)
2155 {
2156 sx->peer_offered = ehlo_response(sx->buffer,
2157 0 /* no TLS */
2158 | (sx->lmtp && sx->ob->lmtp_ignore_quota ? OPTION_IGNQ : 0)
2159 | OPTION_CHUNKING
2160 | OPTION_PRDR
2161 #ifdef SUPPORT_I18N
2162 | (sx->addrlist->prop.utf8_msg ? OPTION_UTF8 : 0)
2163 /*XXX if we hand peercaps on to continued-conn processes,
2164 must not depend on this addr */
2165 #endif
2166 | OPTION_DSN
2167 | OPTION_PIPE
2168 | (sx->ob->size_addition >= 0 ? OPTION_SIZE : 0)
2169 #if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS)
2170 | (tls_requiretls & REQUIRETLS_MSG ? OPTION_REQUIRETLS : 0)
2171 #endif
2172 );
2173
2174 /* Set for IGNOREQUOTA if the response to LHLO specifies support and the
2175 lmtp_ignore_quota option was set. */
2176
2177 sx->igquotstr = sx->peer_offered & OPTION_IGNQ ? US" IGNOREQUOTA" : US"";
2178
2179 /* If the response to EHLO specified support for the SIZE parameter, note
2180 this, provided size_addition is non-negative. */
2181
2182 smtp_peer_options |= sx->peer_offered & OPTION_SIZE;
2183
2184 /* Note whether the server supports PIPELINING. If hosts_avoid_esmtp matched
2185 the current host, esmtp will be false, so PIPELINING can never be used. If
2186 the current host matches hosts_avoid_pipelining, don't do it. */
2187
2188 if ( sx->peer_offered & OPTION_PIPE
2189 && verify_check_given_host(CUSS &sx->ob->hosts_avoid_pipelining, sx->host) != OK)
2190 smtp_peer_options |= OPTION_PIPE;
2191
2192 DEBUG(D_transport) debug_printf("%susing PIPELINING\n",
2193 smtp_peer_options & OPTION_PIPE ? "" : "not ");
2194
2195 if ( sx->peer_offered & OPTION_CHUNKING
2196 && verify_check_given_host(CUSS &sx->ob->hosts_try_chunking, sx->host) != OK)
2197 sx->peer_offered &= ~OPTION_CHUNKING;
2198
2199 if (sx->peer_offered & OPTION_CHUNKING)
2200 {DEBUG(D_transport) debug_printf("CHUNKING usable\n");}
2201
2202 #ifndef DISABLE_PRDR
2203 if ( sx->peer_offered & OPTION_PRDR
2204 && verify_check_given_host(CUSS &sx->ob->hosts_try_prdr, sx->host) != OK)
2205 sx->peer_offered &= ~OPTION_PRDR;
2206
2207 if (sx->peer_offered & OPTION_PRDR)
2208 {DEBUG(D_transport) debug_printf("PRDR usable\n");}
2209 #endif
2210
2211 /* Note if the server supports DSN */
2212 smtp_peer_options |= sx->peer_offered & OPTION_DSN;
2213 DEBUG(D_transport) debug_printf("%susing DSN\n",
2214 sx->peer_offered & OPTION_DSN ? "" : "not ");
2215
2216 #if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS)
2217 if (sx->peer_offered & OPTION_REQUIRETLS)
2218 {
2219 smtp_peer_options |= OPTION_REQUIRETLS;
2220 DEBUG(D_transport) debug_printf(
2221 tls_requiretls & REQUIRETLS_MSG
2222 ? "using REQUIRETLS\n" : "REQUIRETLS offered\n");
2223 }
2224 #endif
2225
2226 /* Note if the response to EHLO specifies support for the AUTH extension.
2227 If it has, check that this host is one we want to authenticate to, and do
2228 the business. The host name and address must be available when the
2229 authenticator's client driver is running. */
2230
2231 switch (yield = smtp_auth(sx, sx->buffer, sizeof(sx->buffer)))
2232 {
2233 default: goto SEND_QUIT;
2234 case OK: break;
2235 case FAIL_SEND: goto SEND_FAILED;
2236 case FAIL: goto RESPONSE_FAILED;
2237 }
2238 }
2239 }
2240 sx->pipelining_used = pipelining_active = !!(smtp_peer_options & OPTION_PIPE);
2241
2242 /* The setting up of the SMTP call is now complete. Any subsequent errors are
2243 message-specific. */
2244
2245 sx->setting_up = FALSE;
2246
2247 #ifdef SUPPORT_I18N
2248 if (sx->addrlist->prop.utf8_msg)
2249 {
2250 uschar * s;
2251
2252 /* If the transport sets a downconversion mode it overrides any set by ACL
2253 for the message. */
2254
2255 if ((s = sx->ob->utf8_downconvert))
2256 {
2257 if (!(s = expand_string(s)))
2258 {
2259 message = string_sprintf("failed to expand utf8_downconvert: %s",
2260 expand_string_message);
2261 set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE);
2262 yield = DEFER;
2263 goto SEND_QUIT;
2264 }
2265 switch (*s)
2266 {
2267 case '1': sx->addrlist->prop.utf8_downcvt = TRUE;
2268 sx->addrlist->prop.utf8_downcvt_maybe = FALSE;
2269 break;
2270 case '0': sx->addrlist->prop.utf8_downcvt = FALSE;
2271 sx->addrlist->prop.utf8_downcvt_maybe = FALSE;
2272 break;
2273 case '-': if (s[1] == '1')
2274 {
2275 sx->addrlist->prop.utf8_downcvt = FALSE;
2276 sx->addrlist->prop.utf8_downcvt_maybe = TRUE;
2277 }
2278 break;
2279 }
2280 }
2281
2282 sx->utf8_needed = !sx->addrlist->prop.utf8_downcvt
2283 && !sx->addrlist->prop.utf8_downcvt_maybe;
2284 DEBUG(D_transport) if (!sx->utf8_needed)
2285 debug_printf("utf8: %s downconvert\n",
2286 sx->addrlist->prop.utf8_downcvt ? "mandatory" : "optional");
2287 }
2288
2289 /* If this is an international message we need the host to speak SMTPUTF8 */
2290 if (sx->utf8_needed && !(sx->peer_offered & OPTION_UTF8))
2291 {
2292 errno = ERRNO_UTF8_FWD;
2293 goto RESPONSE_FAILED;
2294 }
2295 #endif /*SUPPORT_I18N*/
2296
2297 #if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS)
2298 /*XXX should tls_requiretls actually be per-addr? */
2299
2300 if ( tls_requiretls & REQUIRETLS_MSG
2301 && !(sx->peer_offered & OPTION_REQUIRETLS)
2302 )
2303 {
2304 sx->setting_up = TRUE;
2305 errno = ERRNO_REQUIRETLS;
2306 message = US"REQUIRETLS support is required from the server"
2307 " but it was not offered";
2308 DEBUG(D_transport) debug_printf("%s\n", message);
2309 goto TLS_FAILED;
2310 }
2311 #endif
2312
2313 return OK;
2314
2315
2316 {
2317 int code;
2318
2319 RESPONSE_FAILED:
2320 message = NULL;
2321 sx->send_quit = check_response(sx->host, &errno, sx->addrlist->more_errno,
2322 sx->buffer, &code, &message, &pass_message);
2323 yield = DEFER;
2324 goto FAILED;
2325
2326 SEND_FAILED:
2327 code = '4';
2328 message = US string_sprintf("send() to %s [%s] failed: %s",
2329 sx->host->name, sx->host->address, strerror(errno));
2330 sx->send_quit = FALSE;
2331 yield = DEFER;
2332 goto FAILED;
2333
2334 EHLOHELO_FAILED:
2335 code = '4';
2336 message = string_sprintf("Remote host closed connection in response to %s"
2337 " (EHLO response was: %s)", smtp_command, sx->buffer);
2338 sx->send_quit = FALSE;
2339 yield = DEFER;
2340 goto FAILED;
2341
2342 /* This label is jumped to directly when a TLS negotiation has failed,
2343 or was not done for a host for which it is required. Values will be set
2344 in message and errno, and setting_up will always be true. Treat as
2345 a temporary error. */
2346
2347 #ifdef SUPPORT_TLS
2348 TLS_FAILED:
2349 # ifdef EXPERIMENTAL_REQUIRETLS
2350 if (errno == ERRNO_REQUIRETLS)
2351 code = '5', yield = FAIL;
2352 /*XXX DSN will be labelled 500; prefer 530 5.7.4 */
2353 else
2354 # endif
2355 code = '4', yield = DEFER;
2356 goto FAILED;
2357 #endif
2358
2359 /* The failure happened while setting up the call; see if the failure was
2360 a 5xx response (this will either be on connection, or following HELO - a 5xx
2361 after EHLO causes it to try HELO). If so, and there are no more hosts to try,
2362 fail all addresses, as this host is never going to accept them. For other
2363 errors during setting up (timeouts or whatever), defer all addresses, and
2364 yield DEFER, so that the host is not tried again for a while.
2365
2366 XXX This peeking for another host feels like a layering violation. We want
2367 to note the host as unusable, but down here we shouldn't know if this was
2368 the last host to try for the addr(list). Perhaps the upper layer should be
2369 the one to do set_errno() ? The problem is that currently the addr is where
2370 errno etc. are stashed, but until we run out of hosts to try the errors are
2371 host-specific. Maybe we should enhance the host_item definition? */
2372
2373 FAILED:
2374 sx->ok = FALSE; /* For when reached by GOTO */
2375 set_errno(sx->addrlist, errno, message,
2376 sx->host->next
2377 ? DEFER
2378 : code == '5'
2379 #ifdef SUPPORT_I18N
2380 || errno == ERRNO_UTF8_FWD
2381 #endif
2382 ? FAIL : DEFER,
2383 pass_message, sx->host
2384 #ifdef EXPERIMENTAL_DSN_INFO
2385 , sx->smtp_greeting, sx->helo_response
2386 #endif
2387 );
2388 }
2389
2390
2391 SEND_QUIT:
2392
2393 if (sx->send_quit)
2394 (void)smtp_write_command(sx, SCMD_FLUSH, "QUIT\r\n");
2395
2396 #ifdef SUPPORT_TLS
2397 if (sx->cctx.tls_ctx)
2398 {
2399 tls_close(sx->cctx.tls_ctx, TLS_SHUTDOWN_NOWAIT);
2400 sx->cctx.tls_ctx = NULL;
2401 }
2402 #endif
2403
2404 /* Close the socket, and return the appropriate value, first setting
2405 works because the NULL setting is passed back to the calling process, and
2406 remote_max_parallel is forced to 1 when delivering over an existing connection,
2407 */
2408
2409 HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP(close)>>\n");
2410 if (sx->send_quit)
2411 {
2412 shutdown(sx->cctx.sock, SHUT_WR);
2413 if (fcntl(sx->cctx.sock, F_SETFL, O_NONBLOCK) == 0)
2414 for (rc = 16; read(sx->cctx.sock, sx->inbuffer, sizeof(sx->inbuffer)) > 0 && rc > 0;)
2415 rc--; /* drain socket */
2416 sx->send_quit = FALSE;
2417 }
2418 (void)close(sx->cctx.sock);
2419 sx->cctx.sock = -1;
2420
2421 #ifndef DISABLE_EVENT
2422 (void) event_raise(sx->tblock->event_action, US"tcp:close", NULL);
2423 #endif
2424
2425 continue_transport = NULL;
2426 continue_hostname = NULL;
2427 return yield;
2428 }
2429
2430
2431
2432
2433 /* Create the string of options that will be appended to the MAIL FROM:
2434 in the connection context buffer */
2435
2436 static int
2437 build_mailcmd_options(smtp_context * sx, address_item * addrlist)
2438 {
2439 uschar * p = sx->buffer;
2440 address_item * addr;
2441 int address_count;
2442
2443 *p = 0;
2444
2445 /* If we know the receiving MTA supports the SIZE qualification, and we know it,
2446 send it, adding something to the message size to allow for imprecision
2447 and things that get added en route. Exim keeps the number of lines
2448 in a message, so we can give an accurate value for the original message, but we
2449 need some additional to handle added headers. (Double "." characters don't get
2450 included in the count.) */
2451
2452 if ( message_size > 0
2453 && sx->peer_offered & OPTION_SIZE && !(sx->avoid_option & OPTION_SIZE))
2454 {
2455 /*XXX problem here under spool_files_wireformat?
2456 Or just forget about lines? Or inflate by a fixed proportion? */
2457
2458 sprintf(CS p, " SIZE=%d", message_size+message_linecount+sx->ob->size_addition);
2459 while (*p) p++;
2460 }
2461
2462 #ifndef DISABLE_PRDR
2463 /* If it supports Per-Recipient Data Reponses, and we have omre than one recipient,
2464 request that */
2465
2466 sx->prdr_active = FALSE;
2467 if (sx->peer_offered & OPTION_PRDR)
2468 for (addr = addrlist; addr; addr = addr->next)
2469 if (addr->transport_return == PENDING_DEFER)
2470 {
2471 for (addr = addr->next; addr; addr = addr->next)
2472 if (addr->transport_return == PENDING_DEFER)
2473 { /* at least two recipients to send */
2474 sx->prdr_active = TRUE;
2475 sprintf(CS p, " PRDR"); p += 5;
2476 break;
2477 }
2478 break;
2479 }
2480 #endif
2481
2482 #ifdef SUPPORT_I18N
2483 /* If it supports internationalised messages, and this meesage need that,
2484 request it */
2485
2486 if ( sx->peer_offered & OPTION_UTF8
2487 && addrlist->prop.utf8_msg
2488 && !addrlist->prop.utf8_downcvt
2489 )
2490 Ustrcpy(p, " SMTPUTF8"), p += 9;
2491 #endif
2492
2493 #if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS)
2494 if (tls_requiretls & REQUIRETLS_MSG)
2495 Ustrcpy(p, " REQUIRETLS") , p += 11;
2496 #endif
2497
2498 /* check if all addresses have DSN-lasthop flag; do not send RET and ENVID if so */
2499 for (sx->dsn_all_lasthop = TRUE, addr = addrlist, address_count = 0;
2500 addr && address_count < sx->max_rcpt;
2501 addr = addr->next) if (addr->transport_return == PENDING_DEFER)
2502 {
2503 address_count++;
2504 if (!(addr->dsn_flags & rf_dsnlasthop))
2505 {
2506 sx->dsn_all_lasthop = FALSE;
2507 break;
2508 }
2509 }
2510
2511 /* Add any DSN flags to the mail command */
2512
2513 if (sx->peer_offered & OPTION_DSN && !sx->dsn_all_lasthop)
2514 {
2515 if (dsn_ret == dsn_ret_hdrs)
2516 { Ustrcpy(p, " RET=HDRS"); p += 9; }
2517 else if (dsn_ret == dsn_ret_full)
2518 { Ustrcpy(p, " RET=FULL"); p += 9; }
2519
2520 if (dsn_envid)
2521 {
2522 string_format(p, sizeof(sx->buffer) - (p-sx->buffer), " ENVID=%s", dsn_envid);
2523 while (*p) p++;
2524 }
2525 }
2526
2527 /* If an authenticated_sender override has been specified for this transport
2528 instance, expand it. If the expansion is forced to fail, and there was already
2529 an authenticated_sender for this message, the original value will be used.
2530 Other expansion failures are serious. An empty result is ignored, but there is
2531 otherwise no check - this feature is expected to be used with LMTP and other
2532 cases where non-standard addresses (e.g. without domains) might be required. */
2533
2534 if (smtp_mail_auth_str(p, sizeof(sx->buffer) - (p-sx->buffer), addrlist, sx->ob))
2535 return ERROR;
2536
2537 return OK;
2538 }
2539
2540
2541 static void
2542 build_rcptcmd_options(smtp_context * sx, const address_item * addr)
2543 {
2544 uschar * p = sx->buffer;
2545 *p = 0;
2546
2547 /* Add any DSN flags to the rcpt command */
2548
2549 if (sx->peer_offered & OPTION_DSN && !(addr->dsn_flags & rf_dsnlasthop))
2550 {
2551 if (addr->dsn_flags & rf_dsnflags)
2552 {
2553 int i;
2554 BOOL first = TRUE;
2555
2556 Ustrcpy(p, " NOTIFY=");
2557 while (*p) p++;
2558 for (i = 0; i < nelem(rf_list); i++) if (addr->dsn_flags & rf_list[i])
2559 {
2560 if (!first) *p++ = ',';
2561 first = FALSE;
2562 Ustrcpy(p, rf_names[i]);
2563 while (*p) p++;
2564 }
2565 }
2566
2567 if (addr->dsn_orcpt)
2568 {
2569 string_format(p, sizeof(sx->buffer) - (p-sx->buffer), " ORCPT=%s",
2570 addr->dsn_orcpt);
2571 while (*p) p++;
2572 }
2573 }
2574 }
2575
2576
2577
2578 /*
2579 Return:
2580 0 good, rcpt results in addr->transport_return (PENDING_OK, DEFER, FAIL)
2581 -1 MAIL response error
2582 -2 any non-MAIL read i/o error
2583 -3 non-MAIL response timeout
2584 -4 internal error; channel still usable
2585 -5 transmit failed
2586 */
2587
2588 int
2589 smtp_write_mail_and_rcpt_cmds(smtp_context * sx, int * yield)
2590 {
2591 address_item * addr;
2592 int address_count;
2593 int rc;
2594
2595 if (build_mailcmd_options(sx, sx->first_addr) != OK)
2596 {
2597 *yield = ERROR;
2598 return -4;
2599 }
2600
2601 /* From here until we send the DATA command, we can make use of PIPELINING
2602 if the server host supports it. The code has to be able to check the responses
2603 at any point, for when the buffer fills up, so we write it totally generally.
2604 When PIPELINING is off, each command written reports that it has flushed the
2605 buffer. */
2606
2607 sx->pending_MAIL = TRUE; /* The block starts with MAIL */
2608
2609 {
2610 uschar * s = sx->from_addr;
2611 #ifdef SUPPORT_I18N
2612 uschar * errstr = NULL;
2613
2614 /* If we must downconvert, do the from-address here. Remember we had to
2615 for the to-addresses (done below), and also (ugly) for re-doing when building
2616 the delivery log line. */
2617
2618 if ( sx->addrlist->prop.utf8_msg
2619 && (sx->addrlist->prop.utf8_downcvt || !(sx->peer_offered & OPTION_UTF8))
2620 )
2621 {
2622 if (s = string_address_utf8_to_alabel(s, &errstr), errstr)
2623 {
2624 set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL, errstr, DEFER, FALSE);
2625 *yield = ERROR;
2626 return -4;
2627 }
2628 setflag(sx->addrlist, af_utf8_downcvt);
2629 }
2630 #endif
2631
2632 rc = smtp_write_command(sx, pipelining_active ? SCMD_BUFFER : SCMD_FLUSH,
2633 "MAIL FROM:<%s>%s\r\n", s, sx->buffer);
2634 }
2635
2636 mail_command = string_copy(big_buffer); /* Save for later error message */
2637
2638 switch(rc)
2639 {
2640 case -1: /* Transmission error */
2641 return -5;
2642
2643 case +1: /* Cmd was sent */
2644 if (!smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '2',
2645 sx->ob->command_timeout))
2646 {
2647 if (errno == 0 && sx->buffer[0] == '4')
2648 {
2649 errno = ERRNO_MAIL4XX;
2650 sx->addrlist->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
2651 }
2652 return -1;
2653 }
2654 sx->pending_MAIL = FALSE;
2655 break;
2656
2657 /* otherwise zero: command queued for pipeline */
2658 }
2659
2660 /* Pass over all the relevant recipient addresses for this host, which are the
2661 ones that have status PENDING_DEFER. If we are using PIPELINING, we can send
2662 several before we have to read the responses for those seen so far. This
2663 checking is done by a subroutine because it also needs to be done at the end.
2664 Send only up to max_rcpt addresses at a time, leaving next_addr pointing to
2665 the next one if not all are sent.
2666
2667 In the MUA wrapper situation, we want to flush the PIPELINING buffer for the
2668 last address because we want to abort if any recipients have any kind of
2669 problem, temporary or permanent. We know that all recipient addresses will have
2670 the PENDING_DEFER status, because only one attempt is ever made, and we know
2671 that max_rcpt will be large, so all addresses will be done at once.
2672
2673 For verify we flush the pipeline after any (the only) rcpt address. */
2674
2675 for (addr = sx->first_addr, address_count = 0;
2676 addr && address_count < sx->max_rcpt;
2677 addr = addr->next) if (addr->transport_return == PENDING_DEFER)
2678 {
2679 int count;
2680 BOOL no_flush;
2681 uschar * rcpt_addr;
2682
2683 if (tcp_out_fastopen && !f.tcp_out_fastopen_logged)
2684 {
2685 setflag(addr, af_tcp_fastopen_conn);
2686 if (tcp_out_fastopen > 1) setflag(addr, af_tcp_fastopen);
2687 }
2688
2689 addr->dsn_aware = sx->peer_offered & OPTION_DSN
2690 ? dsn_support_yes : dsn_support_no;
2691
2692 address_count++;
2693 no_flush = pipelining_active && !sx->verify
2694 && (!mua_wrapper || addr->next && address_count < sx->max_rcpt);
2695
2696 build_rcptcmd_options(sx, addr);
2697
2698 /* Now send the RCPT command, and process outstanding responses when
2699 necessary. After a timeout on RCPT, we just end the function, leaving the
2700 yield as OK, because this error can often mean that there is a problem with
2701 just one address, so we don't want to delay the host. */
2702
2703 rcpt_addr = transport_rcpt_address(addr, sx->tblock->rcpt_include_affixes);
2704
2705 #ifdef SUPPORT_I18N
2706 if ( testflag(sx->addrlist, af_utf8_downcvt)
2707 && !(rcpt_addr = string_address_utf8_to_alabel(rcpt_addr, NULL))
2708 )
2709 {
2710 /*XXX could we use a per-address errstr here? Not fail the whole send? */
2711 errno = ERRNO_EXPANDFAIL;
2712 return -5; /*XXX too harsh? */
2713 }
2714 #endif
2715
2716 count = smtp_write_command(sx, no_flush ? SCMD_BUFFER : SCMD_FLUSH,
2717 "RCPT TO:<%s>%s%s\r\n", rcpt_addr, sx->igquotstr, sx->buffer);
2718
2719 if (count < 0) return -5;
2720 if (count > 0)
2721 {
2722 switch(sync_responses(sx, count, 0))
2723 {
2724 case 3: sx->ok = TRUE; /* 2xx & 5xx => OK & progress made */
2725 case 2: sx->completed_addr = TRUE; /* 5xx (only) => progress made */
2726 break;
2727
2728 case 1: sx->ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
2729 if (!sx->lmtp) /* can't tell about progress yet */
2730 sx->completed_addr = TRUE;
2731 case 0: /* No 2xx or 5xx, but no probs */
2732 break;
2733
2734 case -1: return -3; /* Timeout on RCPT */
2735 case -2: return -2; /* non-MAIL read i/o error */
2736 default: return -1; /* any MAIL error */
2737 }
2738 sx->pending_MAIL = FALSE; /* Dealt with MAIL */
2739 }
2740 } /* Loop for next address */
2741
2742 f.tcp_out_fastopen_logged = TRUE;
2743 sx->next_addr = addr;
2744 return 0;
2745 }
2746
2747
2748 #ifdef SUPPORT_TLS
2749 /*****************************************************
2750 * Proxy TLS connection for another transport process *
2751 ******************************************************/
2752 /*
2753 Close the unused end of the pipe, fork once more, then use the given buffer
2754 as a staging area, and select on both the given fd and the TLS'd client-fd for
2755 data to read (per the coding in ip_recv() and fd_ready() this is legitimate).
2756 Do blocking full-size writes, and reads under a timeout. Once both input
2757 channels are closed, exit the process.
2758
2759 Arguments:
2760 ct_ctx tls context
2761 buf space to use for buffering
2762 bufsiz size of buffer
2763 pfd pipe filedescriptor array; [0] is comms to proxied process
2764 timeout per-read timeout, seconds
2765 */
2766
2767 void
2768 smtp_proxy_tls(void * ct_ctx, uschar * buf, size_t bsize, int * pfd,
2769 int timeout)
2770 {
2771 fd_set rfds, efds;
2772 int max_fd = MAX(pfd[0], tls_out.active.sock) + 1;
2773 int rc, i, fd_bits, nbytes;
2774
2775 close(pfd[1]);
2776 if ((rc = fork()))
2777 {
2778 DEBUG(D_transport) debug_printf("proxy-proc final-pid %d\n", rc);
2779 _exit(rc < 0 ? EXIT_FAILURE : EXIT_SUCCESS);
2780 }
2781
2782 if (f.running_in_test_harness) millisleep(100); /* let parent debug out */
2783 set_process_info("proxying TLS connection for continued transport");
2784 FD_ZERO(&rfds);
2785 FD_SET(tls_out.active.sock, &rfds);
2786 FD_SET(pfd[0], &rfds);
2787
2788 for (fd_bits = 3; fd_bits; )
2789 {
2790 time_t time_left = timeout;
2791 time_t time_start = time(NULL);
2792
2793 /* wait for data */
2794 efds = rfds;
2795 do
2796 {
2797 struct timeval tv = { time_left, 0 };
2798
2799 rc = select(max_fd,
2800 (SELECT_ARG2_TYPE *)&rfds, NULL, (SELECT_ARG2_TYPE *)&efds, &tv);
2801
2802 if (rc < 0 && errno == EINTR)
2803 if ((time_left -= time(NULL) - time_start) > 0) continue;
2804
2805 if (rc <= 0)
2806 {
2807 DEBUG(D_transport) if (rc == 0) debug_printf("%s: timed out\n", __FUNCTION__);
2808 goto done;
2809 }
2810
2811 if (FD_ISSET(tls_out.active.sock, &efds) || FD_ISSET(pfd[0], &efds))
2812 {
2813 DEBUG(D_transport) debug_printf("select: exceptional cond on %s fd\n",
2814 FD_ISSET(pfd[0], &efds) ? "proxy" : "tls");
2815 goto done;
2816 }
2817 }
2818 while (rc < 0 || !(FD_ISSET(tls_out.active.sock, &rfds) || FD_ISSET(pfd[0], &rfds)));
2819
2820 /* handle inbound data */
2821 if (FD_ISSET(tls_out.active.sock, &rfds))
2822 if ((rc = tls_read(ct_ctx, buf, bsize)) <= 0)
2823 {
2824 fd_bits &= ~1;
2825 FD_CLR(tls_out.active.sock, &rfds);
2826 shutdown(pfd[0], SHUT_WR);
2827 timeout = 5;
2828 }
2829 else
2830 {
2831 for (nbytes = 0; rc - nbytes > 0; nbytes += i)
2832 if ((i = write(pfd[0], buf + nbytes, rc - nbytes)) < 0) goto done;
2833 }
2834 else if (fd_bits & 1)
2835 FD_SET(tls_out.active.sock, &rfds);
2836
2837 /* handle outbound data */
2838 if (FD_ISSET(pfd[0], &rfds))
2839 if ((rc = read(pfd[0], buf, bsize)) <= 0)
2840 {
2841 fd_bits = 0;
2842 tls_close(ct_ctx, TLS_SHUTDOWN_NOWAIT);
2843 ct_ctx = NULL;
2844 }
2845 else
2846 {
2847 for (nbytes = 0; rc - nbytes > 0; nbytes += i)
2848 if ((i = tls_write(ct_ctx, buf + nbytes, rc - nbytes, FALSE)) < 0)
2849 goto done;
2850 }
2851 else if (fd_bits & 2)
2852 FD_SET(pfd[0], &rfds);
2853 }
2854
2855 done:
2856 if (f.running_in_test_harness) millisleep(100); /* let logging complete */
2857 exim_exit(0, US"TLS proxy");
2858 }
2859 #endif
2860
2861
2862 /*************************************************
2863 * Deliver address list to given host *
2864 *************************************************/
2865
2866 /* If continue_hostname is not null, we get here only when continuing to
2867 deliver down an existing channel. The channel was passed as the standard
2868 input. TLS is never active on a passed channel; the previous process always
2869 closes it down before passing the connection on.
2870
2871 Otherwise, we have to make a connection to the remote host, and do the
2872 initial protocol exchange.
2873
2874 When running as an MUA wrapper, if the sender or any recipient is rejected,
2875 temporarily or permanently, we force failure for all recipients.
2876
2877 Arguments:
2878 addrlist chain of potential addresses to deliver; only those whose
2879 transport_return field is set to PENDING_DEFER are currently
2880 being processed; others should be skipped - they have either
2881 been delivered to an earlier host or IP address, or been
2882 failed by one of them.
2883 host host to deliver to
2884 host_af AF_INET or AF_INET6
2885 defport default TCP/IP port to use if host does not specify, in host
2886 byte order
2887 interface interface to bind to, or NULL
2888 tblock transport instance block
2889 message_defer set TRUE if yield is OK, but all addresses were deferred
2890 because of a non-recipient, non-host failure, that is, a
2891 4xx response to MAIL FROM, DATA, or ".". This is a defer
2892 that is specific to the message.
2893 suppress_tls if TRUE, don't attempt a TLS connection - this is set for
2894 a second attempt after TLS initialization fails
2895
2896 Returns: OK - the connection was made and the delivery attempted;
2897 the result for each address is in its data block.
2898 DEFER - the connection could not be made, or something failed
2899 while setting up the SMTP session, or there was a
2900 non-message-specific error, such as a timeout.
2901 ERROR - a filter command is specified for this transport,
2902 and there was a problem setting it up; OR helo_data
2903 or add_headers or authenticated_sender is specified
2904 for this transport, and the string failed to expand
2905 */
2906
2907 static int
2908 smtp_deliver(address_item *addrlist, host_item *host, int host_af, int defport,
2909 uschar *interface, transport_instance *tblock,
2910 BOOL *message_defer, BOOL suppress_tls)
2911 {
2912 address_item *addr;
2913 int yield = OK;
2914 int save_errno;
2915 int rc;
2916 struct timeval start_delivery_time;
2917
2918 BOOL pass_message = FALSE;
2919 uschar *message = NULL;
2920 uschar new_message_id[MESSAGE_ID_LENGTH + 1];
2921
2922 smtp_context sx;
2923
2924 gettimeofday(&start_delivery_time, NULL);
2925 suppress_tls = suppress_tls; /* stop compiler warning when no TLS support */
2926 *message_defer = FALSE;
2927
2928 sx.addrlist = addrlist;
2929 sx.host = host;
2930 sx.host_af = host_af,
2931 sx.port = defport;
2932 sx.interface = interface;
2933 sx.helo_data = NULL;
2934 sx.tblock = tblock;
2935 sx.verify = FALSE;
2936
2937 /* Get the channel set up ready for a message (MAIL FROM being the next
2938 SMTP command to send */
2939
2940 if ((rc = smtp_setup_conn(&sx, suppress_tls)) != OK)
2941 return rc;
2942
2943 /* If there is a filter command specified for this transport, we can now
2944 set it up. This cannot be done until the identify of the host is known. */
2945
2946 if (tblock->filter_command)
2947 {
2948 transport_filter_timeout = tblock->filter_timeout;
2949
2950 /* On failure, copy the error to all addresses, abandon the SMTP call, and
2951 yield ERROR. */
2952
2953 if (!transport_set_up_command(&transport_filter_argv,
2954 tblock->filter_command, TRUE, DEFER, addrlist,
2955 string_sprintf("%.50s transport", tblock->name), NULL))
2956 {
2957 set_errno_nohost(addrlist->next, addrlist->basic_errno, addrlist->message, DEFER,
2958 FALSE);
2959 yield = ERROR;
2960 goto SEND_QUIT;
2961 }
2962
2963 if ( transport_filter_argv
2964 && *transport_filter_argv
2965 && **transport_filter_argv
2966 && sx.peer_offered & OPTION_CHUNKING
2967 )
2968 {
2969 sx.peer_offered &= ~OPTION_CHUNKING;
2970 DEBUG(D_transport) debug_printf("CHUNKING not usable due to transport filter\n");
2971 }
2972 }
2973
2974 sx.first_addr = addrlist;
2975
2976 /* For messages that have more than the maximum number of envelope recipients,
2977 we want to send several transactions down the same SMTP connection. (See
2978 comments in deliver.c as to how this reconciles, heuristically, with
2979 remote_max_parallel.) This optimization was added to Exim after the following
2980 code was already working. The simplest way to put it in without disturbing the
2981 code was to use a goto to jump back to this point when there is another
2982 transaction to handle. */
2983
2984 SEND_MESSAGE:
2985 sx.from_addr = return_path;
2986 sx.sync_addr = sx.first_addr;
2987 sx.ok = FALSE;
2988 sx.send_rset = TRUE;
2989 sx.completed_addr = FALSE;
2990
2991
2992 /* If we are a continued-connection-after-verify the MAIL and RCPT
2993 commands were already sent; do not re-send but do mark the addrs as
2994 having been accepted up to RCPT stage. A traditional cont-conn
2995 always has a sequence number greater than one. */
2996
2997 if (continue_hostname && continue_sequence == 1)
2998 {
2999 address_item * addr;
3000
3001 sx.peer_offered = smtp_peer_options;
3002 sx.pending_MAIL = FALSE;
3003 sx.ok = TRUE;
3004 sx.next_addr = NULL;
3005
3006 for (addr = addrlist; addr; addr = addr->next)
3007 addr->transport_return = PENDING_OK;
3008 }
3009 else
3010 {
3011 /* Initiate a message transfer. */
3012
3013 switch(smtp_write_mail_and_rcpt_cmds(&sx, &yield))
3014 {
3015 case 0: break;
3016 case -1: case -2: goto RESPONSE_FAILED;
3017 case -3: goto END_OFF;
3018 case -4: goto SEND_QUIT;
3019 default: goto SEND_FAILED;
3020 }
3021
3022 /* If we are an MUA wrapper, abort if any RCPTs were rejected, either
3023 permanently or temporarily. We should have flushed and synced after the last
3024 RCPT. */
3025
3026 if (mua_wrapper)
3027 {
3028 address_item * a;
3029 unsigned cnt;
3030
3031 for (a = sx.first_addr, cnt = 0; a && cnt < sx.max_rcpt; a = a->next, cnt++)
3032 if (a->transport_return != PENDING_OK)
3033 {
3034 /*XXX could we find a better errno than 0 here? */
3035 set_errno_nohost(addrlist, 0, a->message, FAIL,
3036 testflag(a, af_pass_message));
3037 sx.ok = FALSE;
3038 break;
3039 }
3040 }
3041 }
3042
3043 /* If ok is TRUE, we know we have got at least one good recipient, and must now
3044 send DATA, but if it is FALSE (in the normal, non-wrapper case), we may still
3045 have a good recipient buffered up if we are pipelining. We don't want to waste
3046 time sending DATA needlessly, so we only send it if either ok is TRUE or if we
3047 are pipelining. The responses are all handled by sync_responses().
3048 If using CHUNKING, do not send a BDAT until we know how big a chunk we want
3049 to send is. */
3050
3051 if ( !(sx.peer_offered & OPTION_CHUNKING)
3052 && (sx.ok || (pipelining_active && !mua_wrapper)))
3053 {
3054 int count = smtp_write_command(&sx, SCMD_FLUSH, "DATA\r\n");
3055
3056 if (count < 0) goto SEND_FAILED;
3057 switch(sync_responses(&sx, count, sx.ok ? +1 : -1))
3058 {
3059 case 3: sx.ok = TRUE; /* 2xx & 5xx => OK & progress made */
3060 case 2: sx.completed_addr = TRUE; /* 5xx (only) => progress made */
3061 break;
3062
3063 case 1: sx.ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
3064 if (!sx.lmtp) sx.completed_addr = TRUE; /* can't tell about progress yet */
3065 case 0: break; /* No 2xx or 5xx, but no probs */
3066
3067 case -1: goto END_OFF; /* Timeout on RCPT */
3068 default: goto RESPONSE_FAILED; /* I/O error, or any MAIL/DATA error */
3069 }
3070 pipelining_active = FALSE;
3071 data_command = string_copy(big_buffer); /* Save for later error message */
3072 }
3073
3074 /* If there were no good recipients (but otherwise there have been no
3075 problems), just set ok TRUE, since we have handled address-specific errors
3076 already. Otherwise, it's OK to send the message. Use the check/escape mechanism
3077 for handling the SMTP dot-handling protocol, flagging to apply to headers as
3078 well as body. Set the appropriate timeout value to be used for each chunk.
3079 (Haven't been able to make it work using select() for writing yet.) */
3080
3081 if (!(sx.peer_offered & OPTION_CHUNKING) && !sx.ok)
3082 {
3083 /* Save the first address of the next batch. */
3084 sx.first_addr = sx.next_addr;
3085
3086 sx.ok = TRUE;
3087 }
3088 else
3089 {
3090 transport_ctx tctx = {
3091 {sx.cctx.sock}, /*XXX will this need TLS info? */
3092 tblock,
3093 addrlist,
3094 US".", US"..", /* Escaping strings */
3095 topt_use_crlf | topt_escape_headers
3096 | (tblock->body_only ? topt_no_headers : 0)
3097 | (tblock->headers_only ? topt_no_body : 0)
3098 | (tblock->return_path_add ? topt_add_return_path : 0)
3099 | (tblock->delivery_date_add ? topt_add_delivery_date : 0)
3100 | (tblock->envelope_to_add ? topt_add_envelope_to : 0)
3101 };
3102
3103 /* If using CHUNKING we need a callback from the generic transport
3104 support to us, for the sending of BDAT smtp commands and the reaping
3105 of responses. The callback needs a whole bunch of state so set up
3106 a transport-context structure to be passed around. */
3107
3108 if (sx.peer_offered & OPTION_CHUNKING)
3109 {
3110 tctx.check_string = tctx.escape_string = NULL;
3111 tctx.options |= topt_use_bdat;
3112 tctx.chunk_cb = smtp_chunk_cmd_callback;
3113 sx.pending_BDAT = FALSE;
3114 sx.good_RCPT = sx.ok;
3115 sx.cmd_count = 0;
3116 tctx.smtp_context = &sx;
3117 }
3118 else
3119 tctx.options |= topt_end_dot;
3120
3121 /* Save the first address of the next batch. */
3122 sx.first_addr = sx.next_addr;
3123
3124 /* Responses from CHUNKING commands go in buffer. Otherwise,
3125 there has not been a response. */
3126
3127 sx.buffer[0] = 0;
3128
3129 sigalrm_seen = FALSE;
3130 transport_write_timeout = sx.ob->data_timeout;
3131 smtp_command = US"sending data block"; /* For error messages */
3132 DEBUG(D_transport|D_v)
3133 if (sx.peer_offered & OPTION_CHUNKING)
3134 debug_printf(" will write message using CHUNKING\n");
3135 else
3136 debug_printf(" SMTP>> writing message and terminating \".\"\n");
3137 transport_count = 0;
3138
3139 #ifndef DISABLE_DKIM
3140 dkim_exim_sign_init();
3141 # ifdef EXPERIMENTAL_ARC
3142 {
3143 uschar * s = sx.ob->arc_sign;
3144 if (s)
3145 {
3146 if (!(sx.ob->dkim.arc_signspec = s = expand_string(s)))
3147 {
3148 if (!f.expand_string_forcedfail)
3149 {
3150 message = US"failed to expand arc_sign";
3151 sx.ok = FALSE;
3152 goto SEND_FAILED;
3153 }
3154 }
3155 else if (*s)
3156 {
3157 /* Ask dkim code to hash the body for ARC */
3158 (void) arc_ams_setup_sign_bodyhash();
3159 sx.ob->dkim.force_bodyhash = TRUE;
3160 }
3161 }
3162 }
3163 # endif
3164 sx.ok = dkim_transport_write_message(&tctx, &sx.ob->dkim, CUSS &message);
3165 #else
3166 sx.ok = transport_write_message(&tctx, 0);
3167 #endif
3168
3169 /* transport_write_message() uses write() because it is called from other
3170 places to write to non-sockets. This means that under some OS (e.g. Solaris)
3171 it can exit with "Broken pipe" as its error. This really means that the
3172 socket got closed at the far end. */
3173
3174 transport_write_timeout = 0; /* for subsequent transports */
3175
3176 /* Failure can either be some kind of I/O disaster (including timeout),
3177 or the failure of a transport filter or the expansion of added headers.
3178 Or, when CHUNKING, it can be a protocol-detected failure. */
3179
3180 if (!sx.ok)
3181 if (message) goto SEND_FAILED;
3182 else goto RESPONSE_FAILED;
3183
3184 /* We used to send the terminating "." explicitly here, but because of
3185 buffering effects at both ends of TCP/IP connections, you don't gain
3186 anything by keeping it separate, so it might as well go in the final
3187 data buffer for efficiency. This is now done by setting the topt_end_dot
3188 flag above. */
3189
3190 smtp_command = US"end of data";
3191
3192 if (sx.peer_offered & OPTION_CHUNKING && sx.cmd_count > 1)
3193 {
3194 /* Reap any outstanding MAIL & RCPT commands, but not a DATA-go-ahead */
3195 switch(sync_responses(&sx, sx.cmd_count-1, 0))
3196 {
3197 case 3: sx.ok = TRUE; /* 2xx & 5xx => OK & progress made */
3198 case 2: sx.completed_addr = TRUE; /* 5xx (only) => progress made */
3199 break;
3200
3201 case 1: sx.ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
3202 if (!sx.lmtp) sx.completed_addr = TRUE; /* can't tell about progress yet */
3203 case 0: break; /* No 2xx or 5xx, but no probs */
3204
3205 case -1: goto END_OFF; /* Timeout on RCPT */
3206 default: goto RESPONSE_FAILED; /* I/O error, or any MAIL/DATA error */
3207 }
3208 }
3209
3210 #ifndef DISABLE_PRDR
3211 /* For PRDR we optionally get a partial-responses warning
3212 * followed by the individual responses, before going on with
3213 * the overall response. If we don't get the warning then deal
3214 * with per non-PRDR. */
3215 if(sx.prdr_active)
3216 {
3217 sx.ok = smtp_read_response(&sx, sx.buffer, sizeof(sx.buffer), '3',
3218 sx.ob->final_timeout);
3219 if (!sx.ok && errno == 0) switch(sx.buffer[0])
3220 {
3221 case '2': sx.prdr_active = FALSE;
3222 sx.ok = TRUE;
3223 break;
3224 case '4': errno = ERRNO_DATA4XX;
3225 addrlist->more_errno |=
3226 ((sx.buffer[1] - '0')*10 + sx.buffer[2] - '0') << 8;
3227 break;
3228 }
3229 }
3230 else
3231 #endif
3232
3233 /* For non-PRDR SMTP, we now read a single response that applies to the
3234 whole message. If it is OK, then all the addresses have been delivered. */
3235
3236 if (!sx.lmtp)
3237 {
3238 sx.ok = smtp_read_response(&sx, sx.buffer, sizeof(sx.buffer), '2',
3239 sx.ob->final_timeout);
3240 if (!sx.ok && errno == 0 && sx.buffer[0] == '4')
3241 {
3242 errno = ERRNO_DATA4XX;
3243 addrlist->more_errno |= ((sx.buffer[1] - '0')*10 + sx.buffer[2] - '0') << 8;
3244 }
3245 }
3246
3247 /* For LMTP, we get back a response for every RCPT command that we sent;
3248 some may be accepted and some rejected. For those that get a response, their
3249 status is fixed; any that are accepted have been handed over, even if later
3250 responses crash - at least, that's how I read RFC 2033.
3251
3252 If all went well, mark the recipient addresses as completed, record which
3253 host/IPaddress they were delivered to, and cut out RSET when sending another
3254 message down the same channel. Write the completed addresses to the journal
3255 now so that they are recorded in case there is a crash of hardware or
3256 software before the spool gets updated. Also record the final SMTP
3257 confirmation if needed (for SMTP only). */
3258
3259 if (sx.ok)
3260 {
3261 int flag = '=';
3262 struct timeval delivery_time;
3263 int len;
3264 uschar * conf = NULL;
3265
3266 timesince(&delivery_time, &start_delivery_time);
3267 sx.send_rset = FALSE;
3268 pipelining_active = FALSE;
3269
3270 <