projects / exim.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'patch-1' of https://github.com/bes-internal/exim into master-bes-rateli...
[exim.git] / src / src / transports / smtp.c
1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4
5 /* Copyright (c) University of Cambridge 1995 - 2012 */
6 /* See the file NOTICE for conditions of use and distribution. */
7
8 #include "../exim.h"
9 #include "smtp.h"
10
11 #define PENDING 256
12 #define PENDING_DEFER (PENDING + DEFER)
13 #define PENDING_OK (PENDING + OK)
14
15
16 /* Options specific to the smtp transport. This transport also supports LMTP
17 over TCP/IP. The options must be in alphabetic order (note that "_" comes
18 before the lower case letters). Some live in the transport_instance block so as
19 to be publicly visible; these are flagged with opt_public. */
20
21 optionlist smtp_transport_options[] = {
22 { "address_retry_include_sender", opt_bool,
23 (void *)offsetof(smtp_transport_options_block, address_retry_include_sender) },
24 { "allow_localhost", opt_bool,
25 (void *)offsetof(smtp_transport_options_block, allow_localhost) },
26 { "authenticated_sender", opt_stringptr,
27 (void *)offsetof(smtp_transport_options_block, authenticated_sender) },
28 { "authenticated_sender_force", opt_bool,
29 (void *)offsetof(smtp_transport_options_block, authenticated_sender_force) },
30 { "command_timeout", opt_time,
31 (void *)offsetof(smtp_transport_options_block, command_timeout) },
32 { "connect_timeout", opt_time,
33 (void *)offsetof(smtp_transport_options_block, connect_timeout) },
34 { "connection_max_messages", opt_int | opt_public,
35 (void *)offsetof(transport_instance, connection_max_messages) },
36 { "data_timeout", opt_time,
37 (void *)offsetof(smtp_transport_options_block, data_timeout) },
38 { "delay_after_cutoff", opt_bool,
39 (void *)offsetof(smtp_transport_options_block, delay_after_cutoff) },
40 #ifndef DISABLE_DKIM
41 { "dkim_canon", opt_stringptr,
42 (void *)offsetof(smtp_transport_options_block, dkim_canon) },
43 { "dkim_domain", opt_stringptr,
44 (void *)offsetof(smtp_transport_options_block, dkim_domain) },
45 { "dkim_private_key", opt_stringptr,
46 (void *)offsetof(smtp_transport_options_block, dkim_private_key) },
47 { "dkim_selector", opt_stringptr,
48 (void *)offsetof(smtp_transport_options_block, dkim_selector) },
49 { "dkim_sign_headers", opt_stringptr,
50 (void *)offsetof(smtp_transport_options_block, dkim_sign_headers) },
51 { "dkim_strict", opt_stringptr,
52 (void *)offsetof(smtp_transport_options_block, dkim_strict) },
53 #endif
54 { "dns_qualify_single", opt_bool,
55 (void *)offsetof(smtp_transport_options_block, dns_qualify_single) },
56 { "dns_search_parents", opt_bool,
57 (void *)offsetof(smtp_transport_options_block, dns_search_parents) },
58 { "dscp", opt_stringptr,
59 (void *)offsetof(smtp_transport_options_block, dscp) },
60 { "fallback_hosts", opt_stringptr,
61 (void *)offsetof(smtp_transport_options_block, fallback_hosts) },
62 { "final_timeout", opt_time,
63 (void *)offsetof(smtp_transport_options_block, final_timeout) },
64 { "gethostbyname", opt_bool,
65 (void *)offsetof(smtp_transport_options_block, gethostbyname) },
66 #ifdef SUPPORT_TLS
67 /* These are no longer honoured, as of Exim 4.80; for now, we silently
68 ignore; a later release will warn, and a later-still release will remove
69 these options, so that using them becomes an error. */
70 { "gnutls_require_kx", opt_stringptr,
71 (void *)offsetof(smtp_transport_options_block, gnutls_require_kx) },
72 { "gnutls_require_mac", opt_stringptr,
73 (void *)offsetof(smtp_transport_options_block, gnutls_require_mac) },
74 { "gnutls_require_protocols", opt_stringptr,
75 (void *)offsetof(smtp_transport_options_block, gnutls_require_proto) },
76 #endif
77 { "helo_data", opt_stringptr,
78 (void *)offsetof(smtp_transport_options_block, helo_data) },
79 { "hosts", opt_stringptr,
80 (void *)offsetof(smtp_transport_options_block, hosts) },
81 { "hosts_avoid_esmtp", opt_stringptr,
82 (void *)offsetof(smtp_transport_options_block, hosts_avoid_esmtp) },
83 { "hosts_avoid_pipelining", opt_stringptr,
84 (void *)offsetof(smtp_transport_options_block, hosts_avoid_pipelining) },
85 #ifdef SUPPORT_TLS
86 { "hosts_avoid_tls", opt_stringptr,
87 (void *)offsetof(smtp_transport_options_block, hosts_avoid_tls) },
88 #endif
89 { "hosts_max_try", opt_int,
90 (void *)offsetof(smtp_transport_options_block, hosts_max_try) },
91 { "hosts_max_try_hardlimit", opt_int,
92 (void *)offsetof(smtp_transport_options_block, hosts_max_try_hardlimit) },
93 #ifdef SUPPORT_TLS
94 { "hosts_nopass_tls", opt_stringptr,
95 (void *)offsetof(smtp_transport_options_block, hosts_nopass_tls) },
96 #endif
97 { "hosts_override", opt_bool,
98 (void *)offsetof(smtp_transport_options_block, hosts_override) },
99 { "hosts_randomize", opt_bool,
100 (void *)offsetof(smtp_transport_options_block, hosts_randomize) },
101 { "hosts_require_auth", opt_stringptr,
102 (void *)offsetof(smtp_transport_options_block, hosts_require_auth) },
103 #ifdef SUPPORT_TLS
104 # if defined EXPERIMENTAL_OCSP
105 { "hosts_require_ocsp", opt_stringptr,
106 (void *)offsetof(smtp_transport_options_block, hosts_require_ocsp) },
107 # endif
108 { "hosts_require_tls", opt_stringptr,
109 (void *)offsetof(smtp_transport_options_block, hosts_require_tls) },
110 #endif
111 { "hosts_try_auth", opt_stringptr,
112 (void *)offsetof(smtp_transport_options_block, hosts_try_auth) },
113 #ifdef EXPERIMENTAL_PRDR
114 { "hosts_try_prdr", opt_stringptr,
115 (void *)offsetof(smtp_transport_options_block, hosts_try_prdr) },
116 #endif
117 #ifdef SUPPORT_TLS
118 { "hosts_verify_avoid_tls", opt_stringptr,
119 (void *)offsetof(smtp_transport_options_block, hosts_verify_avoid_tls) },
120 #endif
121 { "interface", opt_stringptr,
122 (void *)offsetof(smtp_transport_options_block, interface) },
123 { "keepalive", opt_bool,
124 (void *)offsetof(smtp_transport_options_block, keepalive) },
125 { "lmtp_ignore_quota", opt_bool,
126 (void *)offsetof(smtp_transport_options_block, lmtp_ignore_quota) },
127 { "max_rcpt", opt_int | opt_public,
128 (void *)offsetof(transport_instance, max_addresses) },
129 { "multi_domain", opt_bool | opt_public,
130 (void *)offsetof(transport_instance, multi_domain) },
131 { "port", opt_stringptr,
132 (void *)offsetof(smtp_transport_options_block, port) },
133 { "protocol", opt_stringptr,
134 (void *)offsetof(smtp_transport_options_block, protocol) },
135 { "retry_include_ip_address", opt_bool,
136 (void *)offsetof(smtp_transport_options_block, retry_include_ip_address) },
137 { "serialize_hosts", opt_stringptr,
138 (void *)offsetof(smtp_transport_options_block, serialize_hosts) },
139 { "size_addition", opt_int,
140 (void *)offsetof(smtp_transport_options_block, size_addition) }
141 #ifdef SUPPORT_TLS
142 ,{ "tls_certificate", opt_stringptr,
143 (void *)offsetof(smtp_transport_options_block, tls_certificate) },
144 { "tls_crl", opt_stringptr,
145 (void *)offsetof(smtp_transport_options_block, tls_crl) },
146 { "tls_dh_min_bits", opt_int,
147 (void *)offsetof(smtp_transport_options_block, tls_dh_min_bits) },
148 { "tls_privatekey", opt_stringptr,
149 (void *)offsetof(smtp_transport_options_block, tls_privatekey) },
150 { "tls_require_ciphers", opt_stringptr,
151 (void *)offsetof(smtp_transport_options_block, tls_require_ciphers) },
152 { "tls_sni", opt_stringptr,
153 (void *)offsetof(smtp_transport_options_block, tls_sni) },
154 { "tls_tempfail_tryclear", opt_bool,
155 (void *)offsetof(smtp_transport_options_block, tls_tempfail_tryclear) },
156 { "tls_verify_certificates", opt_stringptr,
157 (void *)offsetof(smtp_transport_options_block, tls_verify_certificates) }
158 #endif
159 #ifdef EXPERIMENTAL_TPDA
160 ,{ "tpda_host_defer_action", opt_stringptr,
161 (void *)offsetof(smtp_transport_options_block, tpda_host_defer_action) },
162 #endif
163 };
164
165 /* Size of the options list. An extern variable has to be used so that its
166 address can appear in the tables drtables.c. */
167
168 int smtp_transport_options_count =
169 sizeof(smtp_transport_options)/sizeof(optionlist);
170
171 /* Default private options block for the smtp transport. */
172
173 smtp_transport_options_block smtp_transport_option_defaults = {
174 NULL, /* hosts */
175 NULL, /* fallback_hosts */
176 NULL, /* hostlist */
177 NULL, /* fallback_hostlist */
178 NULL, /* authenticated_sender */
179 US"$primary_hostname", /* helo_data */
180 NULL, /* interface */
181 NULL, /* port */
182 US"smtp", /* protocol */
183 NULL, /* DSCP */
184 NULL, /* serialize_hosts */
185 NULL, /* hosts_try_auth */
186 NULL, /* hosts_require_auth */
187 #ifdef EXPERIMENTAL_PRDR
188 NULL, /* hosts_try_prdr */
189 #endif
190 #ifdef EXPERIMENTAL_OCSP
191 NULL, /* hosts_require_ocsp */
192 #endif
193 NULL, /* hosts_require_tls */
194 NULL, /* hosts_avoid_tls */
195 US"*", /* hosts_verify_avoid_tls */
196 NULL, /* hosts_avoid_pipelining */
197 NULL, /* hosts_avoid_esmtp */
198 NULL, /* hosts_nopass_tls */
199 5*60, /* command_timeout */
200 5*60, /* connect_timeout; shorter system default overrides */
201 5*60, /* data timeout */
202 10*60, /* final timeout */
203 1024, /* size_addition */
204 5, /* hosts_max_try */
205 50, /* hosts_max_try_hardlimit */
206 TRUE, /* address_retry_include_sender */
207 FALSE, /* allow_localhost */
208 FALSE, /* authenticated_sender_force */
209 FALSE, /* gethostbyname */
210 TRUE, /* dns_qualify_single */
211 FALSE, /* dns_search_parents */
212 TRUE, /* delay_after_cutoff */
213 FALSE, /* hosts_override */
214 FALSE, /* hosts_randomize */
215 TRUE, /* keepalive */
216 FALSE, /* lmtp_ignore_quota */
217 TRUE /* retry_include_ip_address */
218 #ifdef SUPPORT_TLS
219 ,NULL, /* tls_certificate */
220 NULL, /* tls_crl */
221 NULL, /* tls_privatekey */
222 NULL, /* tls_require_ciphers */
223 NULL, /* gnutls_require_kx */
224 NULL, /* gnutls_require_mac */
225 NULL, /* gnutls_require_proto */
226 NULL, /* tls_sni */
227 NULL, /* tls_verify_certificates */
228 EXIM_CLIENT_DH_DEFAULT_MIN_BITS,
229 /* tls_dh_min_bits */
230 TRUE /* tls_tempfail_tryclear */
231 #endif
232 #ifndef DISABLE_DKIM
233 ,NULL, /* dkim_canon */
234 NULL, /* dkim_domain */
235 NULL, /* dkim_private_key */
236 NULL, /* dkim_selector */
237 NULL, /* dkim_sign_headers */
238 NULL /* dkim_strict */
239 #endif
240 #ifdef EXPERIMENTAL_TPDA
241 ,NULL /* tpda_host_defer_action */
242 #endif
243 };
244
245
246 /* Local statics */
247
248 static uschar *smtp_command; /* Points to last cmd for error messages */
249 static uschar *mail_command; /* Points to MAIL cmd for error messages */
250 static BOOL update_waiting; /* TRUE to update the "wait" database */
251
252
253 /*************************************************
254 * Setup entry point *
255 *************************************************/
256
257 /* This function is called when the transport is about to be used,
258 but before running it in a sub-process. It is used for two things:
259
260 (1) To set the fallback host list in addresses, when delivering.
261 (2) To pass back the interface, port, protocol, and other options, for use
262 during callout verification.
263
264 Arguments:
265 tblock pointer to the transport instance block
266 addrlist list of addresses about to be transported
267 tf if not NULL, pointer to block in which to return options
268 uid the uid that will be set (not used)
269 gid the gid that will be set (not used)
270 errmsg place for error message (not used)
271
272 Returns: OK always (FAIL, DEFER not used)
273 */
274
275 static int
276 smtp_transport_setup(transport_instance *tblock, address_item *addrlist,
277 transport_feedback *tf, uid_t uid, gid_t gid, uschar **errmsg)
278 {
279 smtp_transport_options_block *ob =
280 (smtp_transport_options_block *)(tblock->options_block);
281
282 errmsg = errmsg; /* Keep picky compilers happy */
283 uid = uid;
284 gid = gid;
285
286 /* Pass back options if required. This interface is getting very messy. */
287
288 if (tf != NULL)
289 {
290 tf->interface = ob->interface;
291 tf->port = ob->port;
292 tf->protocol = ob->protocol;
293 tf->hosts = ob->hosts;
294 tf->hosts_override = ob->hosts_override;
295 tf->hosts_randomize = ob->hosts_randomize;
296 tf->gethostbyname = ob->gethostbyname;
297 tf->qualify_single = ob->dns_qualify_single;
298 tf->search_parents = ob->dns_search_parents;
299 tf->helo_data = ob->helo_data;
300 }
301
302 /* Set the fallback host list for all the addresses that don't have fallback
303 host lists, provided that the local host wasn't present in the original host
304 list. */
305
306 if (!testflag(addrlist, af_local_host_removed))
307 {
308 for (; addrlist != NULL; addrlist = addrlist->next)
309 if (addrlist->fallback_hosts == NULL)
310 addrlist->fallback_hosts = ob->fallback_hostlist;
311 }
312
313 return OK;
314 }
315
316
317
318 /*************************************************
319 * Initialization entry point *
320 *************************************************/
321
322 /* Called for each instance, after its options have been read, to
323 enable consistency checks to be done, or anything else that needs
324 to be set up.
325
326 Argument: pointer to the transport instance block
327 Returns: nothing
328 */
329
330 void
331 smtp_transport_init(transport_instance *tblock)
332 {
333 smtp_transport_options_block *ob =
334 (smtp_transport_options_block *)(tblock->options_block);
335
336 /* Retry_use_local_part defaults FALSE if unset */
337
338 if (tblock->retry_use_local_part == TRUE_UNSET)
339 tblock->retry_use_local_part = FALSE;
340
341 /* Set the default port according to the protocol */
342
343 if (ob->port == NULL)
344 ob->port = (strcmpic(ob->protocol, US"lmtp") == 0)? US"lmtp" :
345 (strcmpic(ob->protocol, US"smtps") == 0)? US"smtps" : US"smtp";
346
347 /* Set up the setup entry point, to be called before subprocesses for this
348 transport. */
349
350 tblock->setup = smtp_transport_setup;
351
352 /* Complain if any of the timeouts are zero. */
353
354 if (ob->command_timeout <= 0 || ob->data_timeout <= 0 ||
355 ob->final_timeout <= 0)
356 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
357 "command, data, or final timeout value is zero for %s transport",
358 tblock->name);
359
360 /* If hosts_override is set and there are local hosts, set the global
361 flag that stops verify from showing router hosts. */
362
363 if (ob->hosts_override && ob->hosts != NULL) tblock->overrides_hosts = TRUE;
364
365 /* If there are any fallback hosts listed, build a chain of host items
366 for them, but do not do any lookups at this time. */
367
368 host_build_hostlist(&(ob->fallback_hostlist), ob->fallback_hosts, FALSE);
369 }
370
371
372
373
374
375 /*************************************************
376 * Set delivery info into all active addresses *
377 *************************************************/
378
379 /* Only addresses whose status is >= PENDING are relevant. A lesser
380 status means that an address is not currently being processed.
381
382 Arguments:
383 addrlist points to a chain of addresses
384 errno_value to put in each address's errno field
385 msg to put in each address's message field
386 rc to put in each address's transport_return field
387 pass_message if TRUE, set the "pass message" flag in the address
388
389 If errno_value has the special value ERRNO_CONNECTTIMEOUT, ETIMEDOUT is put in
390 the errno field, and RTEF_CTOUT is ORed into the more_errno field, to indicate
391 this particular type of timeout.
392
393 Returns: nothing
394 */
395
396 static void
397 set_errno(address_item *addrlist, int errno_value, uschar *msg, int rc,
398 BOOL pass_message)
399 {
400 address_item *addr;
401 int orvalue = 0;
402 if (errno_value == ERRNO_CONNECTTIMEOUT)
403 {
404 errno_value = ETIMEDOUT;
405 orvalue = RTEF_CTOUT;
406 }
407 for (addr = addrlist; addr != NULL; addr = addr->next)
408 {
409 if (addr->transport_return < PENDING) continue;
410 addr->basic_errno = errno_value;
411 addr->more_errno |= orvalue;
412 if (msg != NULL)
413 {
414 addr->message = msg;
415 if (pass_message) setflag(addr, af_pass_message);
416 }
417 addr->transport_return = rc;
418 }
419 }
420
421
422
423 /*************************************************
424 * Check an SMTP response *
425 *************************************************/
426
427 /* This function is given an errno code and the SMTP response buffer
428 to analyse, together with the host identification for generating messages. It
429 sets an appropriate message and puts the first digit of the response code into
430 the yield variable. If no response was actually read, a suitable digit is
431 chosen.
432
433 Arguments:
434 host the current host, to get its name for messages
435 errno_value pointer to the errno value
436 more_errno from the top address for use with ERRNO_FILTER_FAIL
437 buffer the SMTP response buffer
438 yield where to put a one-digit SMTP response code
439 message where to put an errror message
440 pass_message set TRUE if message is an SMTP response
441
442 Returns: TRUE if an SMTP "QUIT" command should be sent, else FALSE
443 */
444
445 static BOOL check_response(host_item *host, int *errno_value, int more_errno,
446 uschar *buffer, int *yield, uschar **message, BOOL *pass_message)
447 {
448 uschar *pl = US"";
449
450 if (smtp_use_pipelining &&
451 (Ustrcmp(smtp_command, "MAIL") == 0 ||
452 Ustrcmp(smtp_command, "RCPT") == 0 ||
453 Ustrcmp(smtp_command, "DATA") == 0))
454 pl = US"pipelined ";
455
456 *yield = '4'; /* Default setting is to give a temporary error */
457
458 /* Handle response timeout */
459
460 if (*errno_value == ETIMEDOUT)
461 {
462 *message = US string_sprintf("SMTP timeout while connected to %s [%s] "
463 "after %s%s", host->name, host->address, pl, smtp_command);
464 if (transport_count > 0)
465 *message = US string_sprintf("%s (%d bytes written)", *message,
466 transport_count);
467 return FALSE;
468 }
469
470 /* Handle malformed SMTP response */
471
472 if (*errno_value == ERRNO_SMTPFORMAT)
473 {
474 uschar *malfresp = string_printing(buffer);
475 while (isspace(*malfresp)) malfresp++;
476 if (*malfresp == 0)
477 *message = string_sprintf("Malformed SMTP reply (an empty line) from "
478 "%s [%s] in response to %s%s", host->name, host->address, pl,
479 smtp_command);
480 else
481 *message = string_sprintf("Malformed SMTP reply from %s [%s] in response "
482 "to %s%s: %s", host->name, host->address, pl, smtp_command, malfresp);
483 return FALSE;
484 }
485
486 /* Handle a failed filter process error; can't send QUIT as we mustn't
487 end the DATA. */
488
489 if (*errno_value == ERRNO_FILTER_FAIL)
490 {
491 *message = US string_sprintf("transport filter process failed (%d)%s",
492 more_errno,
493 (more_errno == EX_EXECFAILED)? ": unable to execute command" : "");
494 return FALSE;
495 }
496
497 /* Handle a failed add_headers expansion; can't send QUIT as we mustn't
498 end the DATA. */
499
500 if (*errno_value == ERRNO_CHHEADER_FAIL)
501 {
502 *message =
503 US string_sprintf("failed to expand headers_add or headers_remove: %s",
504 expand_string_message);
505 return FALSE;
506 }
507
508 /* Handle failure to write a complete data block */
509
510 if (*errno_value == ERRNO_WRITEINCOMPLETE)
511 {
512 *message = US string_sprintf("failed to write a data block");
513 return FALSE;
514 }
515
516 /* Handle error responses from the remote mailer. */
517
518 if (buffer[0] != 0)
519 {
520 uschar *s = string_printing(buffer);
521 *message = US string_sprintf("SMTP error from remote mail server after %s%s: "
522 "host %s [%s]: %s", pl, smtp_command, host->name, host->address, s);
523 *pass_message = TRUE;
524 *yield = buffer[0];
525 return TRUE;
526 }
527
528 /* No data was read. If there is no errno, this must be the EOF (i.e.
529 connection closed) case, which causes deferral. An explicit connection reset
530 error has the same effect. Otherwise, put the host's identity in the message,
531 leaving the errno value to be interpreted as well. In all cases, we have to
532 assume the connection is now dead. */
533
534 if (*errno_value == 0 || *errno_value == ECONNRESET)
535 {
536 *errno_value = ERRNO_SMTPCLOSED;
537 *message = US string_sprintf("Remote host %s [%s] closed connection "
538 "in response to %s%s", host->name, host->address, pl, smtp_command);
539 }
540 else *message = US string_sprintf("%s [%s]", host->name, host->address);
541
542 return FALSE;
543 }
544
545
546
547 /*************************************************
548 * Write error message to logs *
549 *************************************************/
550
551 /* This writes to the main log and to the message log.
552
553 Arguments:
554 addr the address item containing error information
555 host the current host
556
557 Returns: nothing
558 */
559
560 static void
561 write_logs(address_item *addr, host_item *host)
562 {
563 if (addr->message != NULL)
564 {
565 uschar *message = addr->message;
566 if (addr->basic_errno > 0)
567 message = string_sprintf("%s: %s", message, strerror(addr->basic_errno));
568 log_write(0, LOG_MAIN, "%s", message);
569 deliver_msglog("%s %s\n", tod_stamp(tod_log), message);
570 }
571 else
572 {
573 uschar *msg =
574 ((log_extra_selector & LX_outgoing_port) != 0)?
575 string_sprintf("%s [%s]:%d", host->name, host->address,
576 (host->port == PORT_NONE)? 25 : host->port)
577 :
578 string_sprintf("%s [%s]", host->name, host->address);
579 log_write(0, LOG_MAIN, "%s %s", msg, strerror(addr->basic_errno));
580 deliver_msglog("%s %s %s\n", tod_stamp(tod_log), msg,
581 strerror(addr->basic_errno));
582 }
583 }
584
585
586
587 #ifdef EXPERIMENTAL_TPDA
588 /*************************************************
589 * Post-defer action *
590 *************************************************/
591
592 /* This expands an arbitrary per-transport string.
593 It might, for example, be used to write to the database log.
594
595 Arguments:
596 ob transport options block
597 addr the address item containing error information
598 host the current host
599
600 Returns: nothing
601 */
602
603 static void
604 tpda_deferred(smtp_transport_options_block *ob, address_item *addr, host_item *host)
605 {
606 uschar *action = ob->tpda_host_defer_action;
607 if (!action)
608 return;
609
610 tpda_delivery_ip = string_copy(host->address);
611 tpda_delivery_port = (host->port == PORT_NONE)? 25 : host->port;
612 tpda_delivery_fqdn = string_copy(host->name);
613 tpda_delivery_local_part = string_copy(addr->local_part);
614 tpda_delivery_domain = string_copy(addr->domain);
615 tpda_defer_errno = addr->basic_errno;
616
617 tpda_defer_errstr = addr->message
618 ? addr->basic_errno > 0
619 ? string_sprintf("%s: %s", addr->message, strerror(addr->basic_errno))
620 : string_copy(addr->message)
621 : addr->basic_errno > 0
622 ? string_copy(strerror(addr->basic_errno))
623 : NULL;
624
625 DEBUG(D_transport)
626 debug_printf(" TPDA(host defer): tpda_host_defer_action=|%s| tpda_delivery_IP=%s\n",
627 action, tpda_delivery_ip);
628
629 router_name = addr->router->name;
630 transport_name = addr->transport->name;
631 if (!expand_string(action) && *expand_string_message)
632 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand tpda_defer_action in %s: %s\n",
633 transport_name, expand_string_message);
634 router_name = transport_name = NULL;
635 }
636 #endif
637
638
639
640 /*************************************************
641 * Synchronize SMTP responses *
642 *************************************************/
643
644 /* This function is called from smtp_deliver() to receive SMTP responses from
645 the server, and match them up with the commands to which they relate. When
646 PIPELINING is not in use, this function is called after every command, and is
647 therefore somewhat over-engineered, but it is simpler to use a single scheme
648 that works both with and without PIPELINING instead of having two separate sets
649 of code.
650
651 The set of commands that are buffered up with pipelining may start with MAIL
652 and may end with DATA; in between are RCPT commands that correspond to the
653 addresses whose status is PENDING_DEFER. All other commands (STARTTLS, AUTH,
654 etc.) are never buffered.
655
656 Errors after MAIL or DATA abort the whole process leaving the response in the
657 buffer. After MAIL, pending responses are flushed, and the original command is
658 re-instated in big_buffer for error messages. For RCPT commands, the remote is
659 permitted to reject some recipient addresses while accepting others. However
660 certain errors clearly abort the whole process. Set the value in
661 transport_return to PENDING_OK if the address is accepted. If there is a
662 subsequent general error, it will get reset accordingly. If not, it will get
663 converted to OK at the end.
664
665 Arguments:
666 addrlist the complete address list
667 include_affixes TRUE if affixes include in RCPT
668 sync_addr ptr to the ptr of the one to start scanning at (updated)
669 host the host we are connected to
670 count the number of responses to read
671 address_retry_
672 include_sender true if 4xx retry is to include the sender it its key
673 pending_MAIL true if the first response is for MAIL
674 pending_DATA 0 if last command sent was not DATA
675 +1 if previously had a good recipient
676 -1 if not previously had a good recipient
677 inblock incoming SMTP block
678 timeout timeout value
679 buffer buffer for reading response
680 buffsize size of buffer
681
682 Returns: 3 if at least one address had 2xx and one had 5xx
683 2 if at least one address had 5xx but none had 2xx
684 1 if at least one host had a 2xx response, but none had 5xx
685 0 no address had 2xx or 5xx but no errors (all 4xx, or just DATA)
686 -1 timeout while reading RCPT response
687 -2 I/O or other non-response error for RCPT
688 -3 DATA or MAIL failed - errno and buffer set
689 */
690
691 static int
692 sync_responses(address_item *addrlist, BOOL include_affixes,
693 address_item **sync_addr, host_item *host, int count,
694 BOOL address_retry_include_sender, BOOL pending_MAIL,
695 int pending_DATA, smtp_inblock *inblock, int timeout, uschar *buffer,
696 int buffsize)
697 {
698 address_item *addr = *sync_addr;
699 int yield = 0;
700
701 /* Handle the response for a MAIL command. On error, reinstate the original
702 command in big_buffer for error message use, and flush any further pending
703 responses before returning, except after I/O errors and timeouts. */
704
705 if (pending_MAIL)
706 {
707 count--;
708 if (!smtp_read_response(inblock, buffer, buffsize, '2', timeout))
709 {
710 Ustrcpy(big_buffer, mail_command); /* Fits, because it came from there! */
711 if (errno == 0 && buffer[0] != 0)
712 {
713 uschar flushbuffer[4096];
714 int save_errno = 0;
715 if (buffer[0] == '4')
716 {
717 save_errno = ERRNO_MAIL4XX;
718 addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
719 }
720 while (count-- > 0)
721 {
722 if (!smtp_read_response(inblock, flushbuffer, sizeof(flushbuffer),
723 '2', timeout)
724 && (errno != 0 || flushbuffer[0] == 0))
725 break;
726 }
727 errno = save_errno;
728 }
729 return -3;
730 }
731 }
732
733 if (pending_DATA) count--; /* Number of RCPT responses to come */
734
735 /* Read and handle the required number of RCPT responses, matching each one up
736 with an address by scanning for the next address whose status is PENDING_DEFER.
737 */
738
739 while (count-- > 0)
740 {
741 while (addr->transport_return != PENDING_DEFER) addr = addr->next;
742
743 /* The address was accepted */
744
745 if (smtp_read_response(inblock, buffer, buffsize, '2', timeout))
746 {
747 yield |= 1;
748 addr->transport_return = PENDING_OK;
749
750 /* If af_dr_retry_exists is set, there was a routing delay on this address;
751 ensure that any address-specific retry record is expunged. We do this both
752 for the basic key and for the version that also includes the sender. */
753
754 if (testflag(addr, af_dr_retry_exists))
755 {
756 uschar *altkey = string_sprintf("%s:<%s>", addr->address_retry_key,
757 sender_address);
758 retry_add_item(addr, altkey, rf_delete);
759 retry_add_item(addr, addr->address_retry_key, rf_delete);
760 }
761 }
762
763 /* Timeout while reading the response */
764
765 else if (errno == ETIMEDOUT)
766 {
767 int save_errno = errno;
768 uschar *message = string_sprintf("SMTP timeout while connected to %s [%s] "
769 "after RCPT TO:<%s>", host->name, host->address,
770 transport_rcpt_address(addr, include_affixes));
771 set_errno(addrlist, save_errno, message, DEFER, FALSE);
772 retry_add_item(addr, addr->address_retry_key, 0);
773 update_waiting = FALSE;
774 return -1;
775 }
776
777 /* Handle other errors in obtaining an SMTP response by returning -1. This
778 will cause all the addresses to be deferred. Restore the SMTP command in
779 big_buffer for which we are checking the response, so the error message
780 makes sense. */
781
782 else if (errno != 0 || buffer[0] == 0)
783 {
784 string_format(big_buffer, big_buffer_size, "RCPT TO:<%s>",
785 transport_rcpt_address(addr, include_affixes));
786 return -2;
787 }
788
789 /* Handle SMTP permanent and temporary response codes. */
790
791 else
792 {
793 addr->message =
794 string_sprintf("SMTP error from remote mail server after RCPT TO:<%s>: "
795 "host %s [%s]: %s", transport_rcpt_address(addr, include_affixes),
796 host->name, host->address, string_printing(buffer));
797 setflag(addr, af_pass_message);
798 deliver_msglog("%s %s\n", tod_stamp(tod_log), addr->message);
799
800 /* The response was 5xx */
801
802 if (buffer[0] == '5')
803 {
804 addr->transport_return = FAIL;
805 yield |= 2;
806 }
807
808 /* The response was 4xx */
809
810 else
811 {
812 addr->transport_return = DEFER;
813 addr->basic_errno = ERRNO_RCPT4XX;
814 addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
815
816 /* Log temporary errors if there are more hosts to be tried. */
817
818 if (host->next != NULL) log_write(0, LOG_MAIN, "%s", addr->message);
819
820 /* Do not put this message on the list of those waiting for specific
821 hosts, as otherwise it is likely to be tried too often. */
822
823 update_waiting = FALSE;
824
825 /* Add a retry item for the address so that it doesn't get tried again
826 too soon. If address_retry_include_sender is true, add the sender address
827 to the retry key. */
828
829 if (address_retry_include_sender)
830 {
831 uschar *altkey = string_sprintf("%s:<%s>", addr->address_retry_key,
832 sender_address);
833 retry_add_item(addr, altkey, 0);
834 }
835 else retry_add_item(addr, addr->address_retry_key, 0);
836 }
837 }
838 } /* Loop for next RCPT response */
839
840 /* Update where to start at for the next block of responses, unless we
841 have already handled all the addresses. */
842
843 if (addr != NULL) *sync_addr = addr->next;
844
845 /* Handle a response to DATA. If we have not had any good recipients, either
846 previously or in this block, the response is ignored. */
847
848 if (pending_DATA != 0 &&
849 !smtp_read_response(inblock, buffer, buffsize, '3', timeout))
850 {
851 int code;
852 uschar *msg;
853 BOOL pass_message;
854 if (pending_DATA > 0 || (yield & 1) != 0)
855 {
856 if (errno == 0 && buffer[0] == '4')
857 {
858 errno = ERRNO_DATA4XX;
859 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
860 }
861 return -3;
862 }
863 (void)check_response(host, &errno, 0, buffer, &code, &msg, &pass_message);
864 DEBUG(D_transport) debug_printf("%s\nerror for DATA ignored: pipelining "
865 "is in use and there were no good recipients\n", msg);
866 }
867
868 /* All responses read and handled; MAIL (if present) received 2xx and DATA (if
869 present) received 3xx. If any RCPTs were handled and yielded anything other
870 than 4xx, yield will be set non-zero. */
871
872 return yield;
873 }
874
875
876
877 /* Do the client side of smtp-level authentication */
878 /*
879 Arguments:
880 buffer EHLO response from server (gets overwritten)
881 addrlist chain of potential addresses to deliver
882 host host to deliver to
883 ob transport options
884 ibp, obp comms channel control blocks
885
886 Returns:
887 OK Success, or failed (but not required): global "smtp_authenticated" set
888 DEFER Failed authentication (and was required)
889 ERROR Internal problem
890
891 FAIL_SEND Failed communications - transmit
892 FAIL - response
893 */
894
895 int
896 smtp_auth(uschar *buffer, unsigned bufsize, address_item *addrlist, host_item *host,
897 smtp_transport_options_block *ob, BOOL is_esmtp,
898 smtp_inblock *ibp, smtp_outblock *obp)
899 {
900 int require_auth;
901 uschar *fail_reason = US"server did not advertise AUTH support";
902
903 smtp_authenticated = FALSE;
904 client_authenticator = client_authenticated_id = client_authenticated_sender = NULL;
905 require_auth = verify_check_this_host(&(ob->hosts_require_auth), NULL,
906 host->name, host->address, NULL);
907
908 if (is_esmtp && !regex_AUTH) regex_AUTH =
909 regex_must_compile(US"\\n250[\\s\\-]AUTH\\s+([\\-\\w\\s]+)(?:\\n|$)",
910 FALSE, TRUE);
911
912 if (is_esmtp && regex_match_and_setup(regex_AUTH, buffer, 0, -1))
913 {
914 uschar *names = string_copyn(expand_nstring[1], expand_nlength[1]);
915 expand_nmax = -1; /* reset */
916
917 /* Must not do this check until after we have saved the result of the
918 regex match above. */
919
920 if (require_auth == OK ||
921 verify_check_this_host(&(ob->hosts_try_auth), NULL, host->name,
922 host->address, NULL) == OK)
923 {
924 auth_instance *au;
925 fail_reason = US"no common mechanisms were found";
926
927 DEBUG(D_transport) debug_printf("scanning authentication mechanisms\n");
928
929 /* Scan the configured authenticators looking for one which is configured
930 for use as a client, which is not suppressed by client_condition, and
931 whose name matches an authentication mechanism supported by the server.
932 If one is found, attempt to authenticate by calling its client function.
933 */
934
935 for (au = auths; !smtp_authenticated && au != NULL; au = au->next)
936 {
937 uschar *p = names;
938 if (!au->client ||
939 (au->client_condition != NULL &&
940 !expand_check_condition(au->client_condition, au->name,
941 US"client authenticator")))
942 {
943 DEBUG(D_transport) debug_printf("skipping %s authenticator: %s\n",
944 au->name,
945 (au->client)? "client_condition is false" :
946 "not configured as a client");
947 continue;
948 }
949
950 /* Loop to scan supported server mechanisms */
951
952 while (*p != 0)
953 {
954 int rc;
955 int len = Ustrlen(au->public_name);
956 while (isspace(*p)) p++;
957
958 if (strncmpic(au->public_name, p, len) != 0 ||
959 (p[len] != 0 && !isspace(p[len])))
960 {
961 while (*p != 0 && !isspace(*p)) p++;
962 continue;
963 }
964
965 /* Found data for a listed mechanism. Call its client entry. Set
966 a flag in the outblock so that data is overwritten after sending so
967 that reflections don't show it. */
968
969 fail_reason = US"authentication attempt(s) failed";
970 obp->authenticating = TRUE;
971 rc = (au->info->clientcode)(au, ibp, obp,
972 ob->command_timeout, buffer, bufsize);
973 obp->authenticating = FALSE;
974 DEBUG(D_transport) debug_printf("%s authenticator yielded %d\n",
975 au->name, rc);
976
977 /* A temporary authentication failure must hold up delivery to
978 this host. After a permanent authentication failure, we carry on
979 to try other authentication methods. If all fail hard, try to
980 deliver the message unauthenticated unless require_auth was set. */
981
982 switch(rc)
983 {
984 case OK:
985 smtp_authenticated = TRUE; /* stops the outer loop */
986 client_authenticator = au->name;
987 if (au->set_client_id != NULL)
988 client_authenticated_id = expand_string(au->set_client_id);
989 break;
990
991 /* Failure after writing a command */
992
993 case FAIL_SEND:
994 return FAIL_SEND;
995
996 /* Failure after reading a response */
997
998 case FAIL:
999 if (errno != 0 || buffer[0] != '5') return FAIL;
1000 log_write(0, LOG_MAIN, "%s authenticator failed H=%s [%s] %s",
1001 au->name, host->name, host->address, buffer);
1002 break;
1003
1004 /* Failure by some other means. In effect, the authenticator
1005 decided it wasn't prepared to handle this case. Typically this
1006 is the result of "fail" in an expansion string. Do we need to
1007 log anything here? Feb 2006: a message is now put in the buffer
1008 if logging is required. */
1009
1010 case CANCELLED:
1011 if (*buffer != 0)
1012 log_write(0, LOG_MAIN, "%s authenticator cancelled "
1013 "authentication H=%s [%s] %s", au->name, host->name,
1014 host->address, buffer);
1015 break;
1016
1017 /* Internal problem, message in buffer. */
1018
1019 case ERROR:
1020 set_errno(addrlist, 0, string_copy(buffer), DEFER, FALSE);
1021 return ERROR;
1022 }
1023
1024 break; /* If not authenticated, try next authenticator */
1025 } /* Loop for scanning supported server mechanisms */
1026 } /* Loop for further authenticators */
1027 }
1028 }
1029
1030 /* If we haven't authenticated, but are required to, give up. */
1031
1032 if (require_auth == OK && !smtp_authenticated)
1033 {
1034 set_errno(addrlist, ERRNO_AUTHFAIL,
1035 string_sprintf("authentication required but %s", fail_reason), DEFER,
1036 FALSE);
1037 return DEFER;
1038 }
1039
1040 return OK;
1041 }
1042
1043
1044 /* Construct AUTH appendix string for MAIL TO */
1045 /*
1046 Arguments
1047 buffer to build string
1048 addrlist chain of potential addresses to deliver
1049 ob transport options
1050
1051 Globals smtp_authenticated
1052 client_authenticated_sender
1053 Return True on error, otherwise buffer has (possibly empty) terminated string
1054 */
1055
1056 BOOL
1057 smtp_mail_auth_str(uschar *buffer, unsigned bufsize, address_item *addrlist,
1058 smtp_transport_options_block *ob)
1059 {
1060 uschar *local_authenticated_sender = authenticated_sender;
1061
1062 #ifdef notdef
1063 debug_printf("smtp_mail_auth_str: as<%s> os<%s> SA<%s>\n", authenticated_sender, ob->authenticated_sender, smtp_authenticated?"Y":"N");
1064 #endif
1065
1066 if (ob->authenticated_sender != NULL)
1067 {
1068 uschar *new = expand_string(ob->authenticated_sender);
1069 if (new == NULL)
1070 {
1071 if (!expand_string_forcedfail)
1072 {
1073 uschar *message = string_sprintf("failed to expand "
1074 "authenticated_sender: %s", expand_string_message);
1075 set_errno(addrlist, 0, message, DEFER, FALSE);
1076 return TRUE;
1077 }
1078 }
1079 else if (new[0] != 0) local_authenticated_sender = new;
1080 }
1081
1082 /* Add the authenticated sender address if present */
1083
1084 if ((smtp_authenticated || ob->authenticated_sender_force) &&
1085 local_authenticated_sender != NULL)
1086 {
1087 string_format(buffer, bufsize, " AUTH=%s",
1088 auth_xtextencode(local_authenticated_sender,
1089 Ustrlen(local_authenticated_sender)));
1090 client_authenticated_sender = string_copy(local_authenticated_sender);
1091 }
1092 else
1093 *buffer= 0;
1094
1095 return FALSE;
1096 }
1097
1098
1099
1100 /*************************************************
1101 * Deliver address list to given host *
1102 *************************************************/
1103
1104 /* If continue_hostname is not null, we get here only when continuing to
1105 deliver down an existing channel. The channel was passed as the standard
1106 input. TLS is never active on a passed channel; the previous process always
1107 closes it down before passing the connection on.
1108
1109 Otherwise, we have to make a connection to the remote host, and do the
1110 initial protocol exchange.
1111
1112 When running as an MUA wrapper, if the sender or any recipient is rejected,
1113 temporarily or permanently, we force failure for all recipients.
1114
1115 Arguments:
1116 addrlist chain of potential addresses to deliver; only those whose
1117 transport_return field is set to PENDING_DEFER are currently
1118 being processed; others should be skipped - they have either
1119 been delivered to an earlier host or IP address, or been
1120 failed by one of them.
1121 host host to deliver to
1122 host_af AF_INET or AF_INET6
1123 port default TCP/IP port to use, in host byte order
1124 interface interface to bind to, or NULL
1125 tblock transport instance block
1126 copy_host TRUE if host set in addr->host_used must be copied, because
1127 it is specific to this call of the transport
1128 message_defer set TRUE if yield is OK, but all addresses were deferred
1129 because of a non-recipient, non-host failure, that is, a
1130 4xx response to MAIL FROM, DATA, or ".". This is a defer
1131 that is specific to the message.
1132 suppress_tls if TRUE, don't attempt a TLS connection - this is set for
1133 a second attempt after TLS initialization fails
1134
1135 Returns: OK - the connection was made and the delivery attempted;
1136 the result for each address is in its data block.
1137 DEFER - the connection could not be made, or something failed
1138 while setting up the SMTP session, or there was a
1139 non-message-specific error, such as a timeout.
1140 ERROR - a filter command is specified for this transport,
1141 and there was a problem setting it up; OR helo_data
1142 or add_headers or authenticated_sender is specified
1143 for this transport, and the string failed to expand
1144 */
1145
1146 static int
1147 smtp_deliver(address_item *addrlist, host_item *host, int host_af, int port,
1148 uschar *interface, transport_instance *tblock, BOOL copy_host,
1149 BOOL *message_defer, BOOL suppress_tls)
1150 {
1151 address_item *addr;
1152 address_item *sync_addr;
1153 address_item *first_addr = addrlist;
1154 int yield = OK;
1155 int address_count;
1156 int save_errno;
1157 int rc;
1158 time_t start_delivery_time = time(NULL);
1159 smtp_transport_options_block *ob =
1160 (smtp_transport_options_block *)(tblock->options_block);
1161 BOOL lmtp = strcmpic(ob->protocol, US"lmtp") == 0;
1162 BOOL smtps = strcmpic(ob->protocol, US"smtps") == 0;
1163 BOOL ok = FALSE;
1164 BOOL send_rset = TRUE;
1165 BOOL send_quit = TRUE;
1166 BOOL setting_up = TRUE;
1167 BOOL completed_address = FALSE;
1168 BOOL esmtp = TRUE;
1169 BOOL pending_MAIL;
1170 BOOL pass_message = FALSE;
1171 #ifdef EXPERIMENTAL_PRDR
1172 BOOL prdr_offered = FALSE;
1173 BOOL prdr_active;
1174 #endif
1175 smtp_inblock inblock;
1176 smtp_outblock outblock;
1177 int max_rcpt = tblock->max_addresses;
1178 uschar *igquotstr = US"";
1179 uschar *helo_data = NULL;
1180 uschar *message = NULL;
1181 uschar new_message_id[MESSAGE_ID_LENGTH + 1];
1182 uschar *p;
1183 uschar buffer[4096];
1184 uschar inbuffer[4096];
1185 uschar outbuffer[1024];
1186
1187 suppress_tls = suppress_tls; /* stop compiler warning when no TLS support */
1188
1189 *message_defer = FALSE;
1190 smtp_command = US"initial connection";
1191 if (max_rcpt == 0) max_rcpt = 999999;
1192
1193 /* Set up the buffer for reading SMTP response packets. */
1194
1195 inblock.buffer = inbuffer;
1196 inblock.buffersize = sizeof(inbuffer);
1197 inblock.ptr = inbuffer;
1198 inblock.ptrend = inbuffer;
1199
1200 /* Set up the buffer for holding SMTP commands while pipelining */
1201
1202 outblock.buffer = outbuffer;
1203 outblock.buffersize = sizeof(outbuffer);
1204 outblock.ptr = outbuffer;
1205 outblock.cmd_count = 0;
1206 outblock.authenticating = FALSE;
1207
1208 /* Reset the parameters of a TLS session. */
1209
1210 tls_in.bits = 0;
1211 tls_in.cipher = NULL; /* for back-compatible behaviour */
1212 tls_in.peerdn = NULL;
1213 #if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
1214 tls_in.sni = NULL;
1215 #endif
1216
1217 tls_out.bits = 0;
1218 tls_out.cipher = NULL; /* the one we may use for this transport */
1219 tls_out.peerdn = NULL;
1220 #if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
1221 tls_out.sni = NULL;
1222 #endif
1223
1224 #ifndef SUPPORT_TLS
1225 if (smtps)
1226 {
1227 set_errno(addrlist, 0, US"TLS support not available", DEFER, FALSE);
1228 return ERROR;
1229 }
1230 #endif
1231
1232 /* Make a connection to the host if this isn't a continued delivery, and handle
1233 the initial interaction and HELO/EHLO/LHLO. Connect timeout errors are handled
1234 specially so they can be identified for retries. */
1235
1236 if (continue_hostname == NULL)
1237 {
1238 inblock.sock = outblock.sock =
1239 smtp_connect(host, host_af, port, interface, ob->connect_timeout,
1240 ob->keepalive, ob->dscp); /* This puts port into host->port */
1241
1242 if (inblock.sock < 0)
1243 {
1244 set_errno(addrlist, (errno == ETIMEDOUT)? ERRNO_CONNECTTIMEOUT : errno,
1245 NULL, DEFER, FALSE);
1246 return DEFER;
1247 }
1248
1249 /* Expand the greeting message while waiting for the initial response. (Makes
1250 sense if helo_data contains ${lookup dnsdb ...} stuff). The expansion is
1251 delayed till here so that $sending_interface and $sending_port are set. */
1252
1253 helo_data = expand_string(ob->helo_data);
1254
1255 /* The first thing is to wait for an initial OK response. The dreaded "goto"
1256 is nevertheless a reasonably clean way of programming this kind of logic,
1257 where you want to escape on any error. */
1258
1259 if (!smtps)
1260 {
1261 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1262 ob->command_timeout)) goto RESPONSE_FAILED;
1263
1264 /* Now check if the helo_data expansion went well, and sign off cleanly if
1265 it didn't. */
1266
1267 if (helo_data == NULL)
1268 {
1269 uschar *message = string_sprintf("failed to expand helo_data: %s",
1270 expand_string_message);
1271 set_errno(addrlist, 0, message, DEFER, FALSE);
1272 yield = DEFER;
1273 goto SEND_QUIT;
1274 }
1275 }
1276
1277 /** Debugging without sending a message
1278 addrlist->transport_return = DEFER;
1279 goto SEND_QUIT;
1280 **/
1281
1282 /* Errors that occur after this point follow an SMTP command, which is
1283 left in big_buffer by smtp_write_command() for use in error messages. */
1284
1285 smtp_command = big_buffer;
1286
1287 /* Tell the remote who we are...
1288
1289 February 1998: A convention has evolved that ESMTP-speaking MTAs include the
1290 string "ESMTP" in their greeting lines, so make Exim send EHLO if the
1291 greeting is of this form. The assumption was that the far end supports it
1292 properly... but experience shows that there are some that give 5xx responses,
1293 even though the banner includes "ESMTP" (there's a bloody-minded one that
1294 says "ESMTP not spoken here"). Cope with that case.
1295
1296 September 2000: Time has passed, and it seems reasonable now to always send
1297 EHLO at the start. It is also convenient to make the change while installing
1298 the TLS stuff.
1299
1300 July 2003: Joachim Wieland met a broken server that advertises "PIPELINING"
1301 but times out after sending MAIL FROM, RCPT TO and DATA all together. There
1302 would be no way to send out the mails, so there is now a host list
1303 "hosts_avoid_esmtp" that disables ESMTP for special hosts and solves the
1304 PIPELINING problem as well. Maybe it can also be useful to cure other
1305 problems with broken servers.
1306
1307 Exim originally sent "Helo" at this point and ran for nearly a year that way.
1308 Then somebody tried it with a Microsoft mailer... It seems that all other
1309 mailers use upper case for some reason (the RFC is quite clear about case
1310 independence) so, for peace of mind, I gave in. */
1311
1312 esmtp = verify_check_this_host(&(ob->hosts_avoid_esmtp), NULL,
1313 host->name, host->address, NULL) != OK;
1314
1315 /* Alas; be careful, since this goto is not an error-out, so conceivably
1316 we might set data between here and the target which we assume to exist
1317 and be usable. I can see this coming back to bite us. */
1318 #ifdef SUPPORT_TLS
1319 if (smtps)
1320 {
1321 tls_offered = TRUE;
1322 suppress_tls = FALSE;
1323 ob->tls_tempfail_tryclear = FALSE;
1324 smtp_command = US"SSL-on-connect";
1325 goto TLS_NEGOTIATE;
1326 }
1327 #endif
1328
1329 if (esmtp)
1330 {
1331 if (smtp_write_command(&outblock, FALSE, "%s %s\r\n",
1332 lmtp? "LHLO" : "EHLO", helo_data) < 0)
1333 goto SEND_FAILED;
1334 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1335 ob->command_timeout))
1336 {
1337 if (errno != 0 || buffer[0] == 0 || lmtp) goto RESPONSE_FAILED;
1338 esmtp = FALSE;
1339 }
1340 }
1341 else
1342 {
1343 DEBUG(D_transport)
1344 debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
1345 }
1346
1347 if (!esmtp)
1348 {
1349 if (smtp_write_command(&outblock, FALSE, "HELO %s\r\n", helo_data) < 0)
1350 goto SEND_FAILED;
1351 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1352 ob->command_timeout)) goto RESPONSE_FAILED;
1353 }
1354
1355 /* Set IGNOREQUOTA if the response to LHLO specifies support and the
1356 lmtp_ignore_quota option was set. */
1357
1358 igquotstr = (lmtp && ob->lmtp_ignore_quota &&
1359 pcre_exec(regex_IGNOREQUOTA, NULL, CS buffer, Ustrlen(CS buffer), 0,
1360 PCRE_EOPT, NULL, 0) >= 0)? US" IGNOREQUOTA" : US"";
1361
1362 /* Set tls_offered if the response to EHLO specifies support for STARTTLS. */
1363
1364 #ifdef SUPPORT_TLS
1365 tls_offered = esmtp &&
1366 pcre_exec(regex_STARTTLS, NULL, CS buffer, Ustrlen(buffer), 0,
1367 PCRE_EOPT, NULL, 0) >= 0;
1368 #endif
1369
1370 #ifdef EXPERIMENTAL_PRDR
1371 prdr_offered = esmtp &&
1372 (pcre_exec(regex_PRDR, NULL, CS buffer, Ustrlen(buffer), 0,
1373 PCRE_EOPT, NULL, 0) >= 0) &&
1374 (verify_check_this_host(&(ob->hosts_try_prdr), NULL, host->name,
1375 host->address, NULL) == OK);
1376
1377 if (prdr_offered)
1378 {DEBUG(D_transport) debug_printf("PRDR usable\n");}
1379 #endif
1380 }
1381
1382 /* For continuing deliveries down the same channel, the socket is the standard
1383 input, and we don't need to redo EHLO here (but may need to do so for TLS - see
1384 below). Set up the pointer to where subsequent commands will be left, for
1385 error messages. Note that smtp_use_size and smtp_use_pipelining will have been
1386 set from the command line if they were set in the process that passed the
1387 connection on. */
1388
1389 else
1390 {
1391 inblock.sock = outblock.sock = fileno(stdin);
1392 smtp_command = big_buffer;
1393 host->port = port; /* Record the port that was used */
1394 }
1395
1396 /* If TLS is available on this connection, whether continued or not, attempt to
1397 start up a TLS session, unless the host is in hosts_avoid_tls. If successful,
1398 send another EHLO - the server may give a different answer in secure mode. We
1399 use a separate buffer for reading the response to STARTTLS so that if it is
1400 negative, the original EHLO data is available for subsequent analysis, should
1401 the client not be required to use TLS. If the response is bad, copy the buffer
1402 for error analysis. */
1403
1404 #ifdef SUPPORT_TLS
1405 if (tls_offered && !suppress_tls &&
1406 verify_check_this_host(&(ob->hosts_avoid_tls), NULL, host->name,
1407 host->address, NULL) != OK)
1408 {
1409 uschar buffer2[4096];
1410 if (smtp_write_command(&outblock, FALSE, "STARTTLS\r\n") < 0)
1411 goto SEND_FAILED;
1412
1413 /* If there is an I/O error, transmission of this message is deferred. If
1414 there is a temporary rejection of STARRTLS and tls_tempfail_tryclear is
1415 false, we also defer. However, if there is a temporary rejection of STARTTLS
1416 and tls_tempfail_tryclear is true, or if there is an outright rejection of
1417 STARTTLS, we carry on. This means we will try to send the message in clear,
1418 unless the host is in hosts_require_tls (tested below). */
1419
1420 if (!smtp_read_response(&inblock, buffer2, sizeof(buffer2), '2',
1421 ob->command_timeout))
1422 {
1423 if (errno != 0 || buffer2[0] == 0 ||
1424 (buffer2[0] == '4' && !ob->tls_tempfail_tryclear))
1425 {
1426 Ustrncpy(buffer, buffer2, sizeof(buffer));
1427 goto RESPONSE_FAILED;
1428 }
1429 }
1430
1431 /* STARTTLS accepted: try to negotiate a TLS session. */
1432
1433 else
1434 TLS_NEGOTIATE:
1435 {
1436 int rc = tls_client_start(inblock.sock,
1437 host,
1438 addrlist,
1439 ob->tls_certificate,
1440 ob->tls_privatekey,
1441 ob->tls_sni,
1442 ob->tls_verify_certificates,
1443 ob->tls_crl,
1444 ob->tls_require_ciphers,
1445 #ifdef EXPERIMENTAL_OCSP
1446 ob->hosts_require_ocsp,
1447 #endif
1448 ob->tls_dh_min_bits,
1449 ob->command_timeout);
1450
1451 /* TLS negotiation failed; give an error. From outside, this function may
1452 be called again to try in clear on a new connection, if the options permit
1453 it for this host. */
1454
1455 if (rc != OK)
1456 {
1457 save_errno = ERRNO_TLSFAILURE;
1458 message = US"failure while setting up TLS session";
1459 send_quit = FALSE;
1460 goto TLS_FAILED;
1461 }
1462
1463 /* TLS session is set up */
1464
1465 for (addr = addrlist; addr != NULL; addr = addr->next)
1466 {
1467 if (addr->transport_return == PENDING_DEFER)
1468 {
1469 addr->cipher = tls_out.cipher;
1470 addr->peerdn = tls_out.peerdn;
1471 }
1472 }
1473 }
1474 }
1475
1476 /* if smtps, we'll have smtp_command set to something else; always safe to
1477 reset it here. */
1478 smtp_command = big_buffer;
1479
1480 /* If we started TLS, redo the EHLO/LHLO exchange over the secure channel. If
1481 helo_data is null, we are dealing with a connection that was passed from
1482 another process, and so we won't have expanded helo_data above. We have to
1483 expand it here. $sending_ip_address and $sending_port are set up right at the
1484 start of the Exim process (in exim.c). */
1485
1486 if (tls_out.active >= 0)
1487 {
1488 char *greeting_cmd;
1489 if (helo_data == NULL)
1490 {
1491 helo_data = expand_string(ob->helo_data);
1492 if (helo_data == NULL)
1493 {
1494 uschar *message = string_sprintf("failed to expand helo_data: %s",
1495 expand_string_message);
1496 set_errno(addrlist, 0, message, DEFER, FALSE);
1497 yield = DEFER;
1498 goto SEND_QUIT;
1499 }
1500 }
1501
1502 /* For SMTPS we need to wait for the initial OK response. */
1503 if (smtps)
1504 {
1505 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1506 ob->command_timeout)) goto RESPONSE_FAILED;
1507 }
1508
1509 if (esmtp)
1510 greeting_cmd = "EHLO";
1511 else
1512 {
1513 greeting_cmd = "HELO";
1514 DEBUG(D_transport)
1515 debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
1516 }
1517
1518 if (smtp_write_command(&outblock, FALSE, "%s %s\r\n",
1519 lmtp? "LHLO" : greeting_cmd, helo_data) < 0)
1520 goto SEND_FAILED;
1521 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1522 ob->command_timeout))
1523 goto RESPONSE_FAILED;
1524 }
1525
1526 /* If the host is required to use a secure channel, ensure that we
1527 have one. */
1528
1529 else if (verify_check_this_host(&(ob->hosts_require_tls), NULL, host->name,
1530 host->address, NULL) == OK)
1531 {
1532 save_errno = ERRNO_TLSREQUIRED;
1533 message = string_sprintf("a TLS session is required for %s [%s], but %s",
1534 host->name, host->address,
1535 tls_offered? "an attempt to start TLS failed" :
1536 "the server did not offer TLS support");
1537 goto TLS_FAILED;
1538 }
1539 #endif
1540
1541 /* If TLS is active, we have just started it up and re-done the EHLO command,
1542 so its response needs to be analyzed. If TLS is not active and this is a
1543 continued session down a previously-used socket, we haven't just done EHLO, so
1544 we skip this. */
1545
1546 if (continue_hostname == NULL
1547 #ifdef SUPPORT_TLS
1548 || tls_out.active >= 0
1549 #endif
1550 )
1551 {
1552 /* Set for IGNOREQUOTA if the response to LHLO specifies support and the
1553 lmtp_ignore_quota option was set. */
1554
1555 igquotstr = (lmtp && ob->lmtp_ignore_quota &&
1556 pcre_exec(regex_IGNOREQUOTA, NULL, CS buffer, Ustrlen(CS buffer), 0,
1557 PCRE_EOPT, NULL, 0) >= 0)? US" IGNOREQUOTA" : US"";
1558
1559 /* If the response to EHLO specified support for the SIZE parameter, note
1560 this, provided size_addition is non-negative. */
1561
1562 smtp_use_size = esmtp && ob->size_addition >= 0 &&
1563 pcre_exec(regex_SIZE, NULL, CS buffer, Ustrlen(CS buffer), 0,
1564 PCRE_EOPT, NULL, 0) >= 0;
1565
1566 /* Note whether the server supports PIPELINING. If hosts_avoid_esmtp matched
1567 the current host, esmtp will be false, so PIPELINING can never be used. If
1568 the current host matches hosts_avoid_pipelining, don't do it. */
1569
1570 smtp_use_pipelining = esmtp &&
1571 verify_check_this_host(&(ob->hosts_avoid_pipelining), NULL, host->name,
1572 host->address, NULL) != OK &&
1573 pcre_exec(regex_PIPELINING, NULL, CS buffer, Ustrlen(CS buffer), 0,
1574 PCRE_EOPT, NULL, 0) >= 0;
1575
1576 DEBUG(D_transport) debug_printf("%susing PIPELINING\n",
1577 smtp_use_pipelining? "" : "not ");
1578
1579 #ifdef EXPERIMENTAL_PRDR
1580 prdr_offered = esmtp &&
1581 pcre_exec(regex_PRDR, NULL, CS buffer, Ustrlen(CS buffer), 0,
1582 PCRE_EOPT, NULL, 0) >= 0 &&
1583 verify_check_this_host(&(ob->hosts_try_prdr), NULL, host->name,
1584 host->address, NULL) == OK;
1585
1586 if (prdr_offered)
1587 {DEBUG(D_transport) debug_printf("PRDR usable\n");}
1588 #endif
1589
1590 /* Note if the response to EHLO specifies support for the AUTH extension.
1591 If it has, check that this host is one we want to authenticate to, and do
1592 the business. The host name and address must be available when the
1593 authenticator's client driver is running. */
1594
1595 switch (yield = smtp_auth(buffer, sizeof(buffer), addrlist, host,
1596 ob, esmtp, &inblock, &outblock))
1597 {
1598 default: goto SEND_QUIT;
1599 case OK: break;
1600 case FAIL_SEND: goto SEND_FAILED;
1601 case FAIL: goto RESPONSE_FAILED;
1602 }
1603 }
1604
1605 /* The setting up of the SMTP call is now complete. Any subsequent errors are
1606 message-specific. */
1607
1608 setting_up = FALSE;
1609
1610 /* If there is a filter command specified for this transport, we can now
1611 set it up. This cannot be done until the identify of the host is known. */
1612
1613 if (tblock->filter_command != NULL)
1614 {
1615 BOOL rc;
1616 uschar buffer[64];
1617 sprintf(CS buffer, "%.50s transport", tblock->name);
1618 rc = transport_set_up_command(&transport_filter_argv, tblock->filter_command,
1619 TRUE, DEFER, addrlist, buffer, NULL);
1620 transport_filter_timeout = tblock->filter_timeout;
1621
1622 /* On failure, copy the error to all addresses, abandon the SMTP call, and
1623 yield ERROR. */
1624
1625 if (!rc)
1626 {
1627 set_errno(addrlist->next, addrlist->basic_errno, addrlist->message, DEFER,
1628 FALSE);
1629 yield = ERROR;
1630 goto SEND_QUIT;
1631 }
1632 }
1633
1634
1635 /* For messages that have more than the maximum number of envelope recipients,
1636 we want to send several transactions down the same SMTP connection. (See
1637 comments in deliver.c as to how this reconciles, heuristically, with
1638 remote_max_parallel.) This optimization was added to Exim after the following
1639 code was already working. The simplest way to put it in without disturbing the
1640 code was to use a goto to jump back to this point when there is another
1641 transaction to handle. */
1642
1643 SEND_MESSAGE:
1644 sync_addr = first_addr;
1645 address_count = 0;
1646 ok = FALSE;
1647 send_rset = TRUE;
1648 completed_address = FALSE;
1649
1650
1651 /* Initiate a message transfer. If we know the receiving MTA supports the SIZE
1652 qualification, send it, adding something to the message size to allow for
1653 imprecision and things that get added en route. Exim keeps the number of lines
1654 in a message, so we can give an accurate value for the original message, but we
1655 need some additional to handle added headers. (Double "." characters don't get
1656 included in the count.) */
1657
1658 p = buffer;
1659 *p = 0;
1660
1661 if (smtp_use_size)
1662 {
1663 sprintf(CS p, " SIZE=%d", message_size+message_linecount+ob->size_addition);
1664 while (*p) p++;
1665 }
1666
1667 #ifdef EXPERIMENTAL_PRDR
1668 prdr_active = FALSE;
1669 if (prdr_offered)
1670 {
1671 for (addr = first_addr; addr; addr = addr->next)
1672 if (addr->transport_return == PENDING_DEFER)
1673 {
1674 for (addr = addr->next; addr; addr = addr->next)
1675 if (addr->transport_return == PENDING_DEFER)
1676 { /* at least two recipients to send */
1677 prdr_active = TRUE;
1678 sprintf(CS p, " PRDR"); p += 5;
1679 goto prdr_is_active;
1680 }
1681 break;
1682 }
1683 }
1684 prdr_is_active:
1685 #endif
1686
1687 /* If an authenticated_sender override has been specified for this transport
1688 instance, expand it. If the expansion is forced to fail, and there was already
1689 an authenticated_sender for this message, the original value will be used.
1690 Other expansion failures are serious. An empty result is ignored, but there is
1691 otherwise no check - this feature is expected to be used with LMTP and other
1692 cases where non-standard addresses (e.g. without domains) might be required. */
1693
1694 if (smtp_mail_auth_str(p, sizeof(buffer) - (p-buffer), addrlist, ob))
1695 return ERROR;
1696
1697 /* From here until we send the DATA command, we can make use of PIPELINING
1698 if the server host supports it. The code has to be able to check the responses
1699 at any point, for when the buffer fills up, so we write it totally generally.
1700 When PIPELINING is off, each command written reports that it has flushed the
1701 buffer. */
1702
1703 pending_MAIL = TRUE; /* The block starts with MAIL */
1704
1705 rc = smtp_write_command(&outblock, smtp_use_pipelining,
1706 "MAIL FROM:<%s>%s\r\n", return_path, buffer);
1707 mail_command = string_copy(big_buffer); /* Save for later error message */
1708
1709 switch(rc)
1710 {
1711 case -1: /* Transmission error */
1712 goto SEND_FAILED;
1713
1714 case +1: /* Block was sent */
1715 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1716 ob->command_timeout))
1717 {
1718 if (errno == 0 && buffer[0] == '4')
1719 {
1720 errno = ERRNO_MAIL4XX;
1721 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
1722 }
1723 goto RESPONSE_FAILED;
1724 }
1725 pending_MAIL = FALSE;
1726 break;
1727 }
1728
1729 /* Pass over all the relevant recipient addresses for this host, which are the
1730 ones that have status PENDING_DEFER. If we are using PIPELINING, we can send
1731 several before we have to read the responses for those seen so far. This
1732 checking is done by a subroutine because it also needs to be done at the end.
1733 Send only up to max_rcpt addresses at a time, leaving first_addr pointing to
1734 the next one if not all are sent.
1735
1736 In the MUA wrapper situation, we want to flush the PIPELINING buffer for the
1737 last address because we want to abort if any recipients have any kind of
1738 problem, temporary or permanent. We know that all recipient addresses will have
1739 the PENDING_DEFER status, because only one attempt is ever made, and we know
1740 that max_rcpt will be large, so all addresses will be done at once. */
1741
1742 for (addr = first_addr;
1743 address_count < max_rcpt && addr != NULL;
1744 addr = addr->next)
1745 {
1746 int count;
1747 BOOL no_flush;
1748
1749 if (addr->transport_return != PENDING_DEFER) continue;
1750
1751 address_count++;
1752 no_flush = smtp_use_pipelining && (!mua_wrapper || addr->next != NULL);
1753
1754 /* Now send the RCPT command, and process outstanding responses when
1755 necessary. After a timeout on RCPT, we just end the function, leaving the
1756 yield as OK, because this error can often mean that there is a problem with
1757 just one address, so we don't want to delay the host. */
1758
1759 count = smtp_write_command(&outblock, no_flush, "RCPT TO:<%s>%s\r\n",
1760 transport_rcpt_address(addr, tblock->rcpt_include_affixes), igquotstr);
1761 if (count < 0) goto SEND_FAILED;
1762 if (count > 0)
1763 {
1764 switch(sync_responses(first_addr, tblock->rcpt_include_affixes,
1765 &sync_addr, host, count, ob->address_retry_include_sender,
1766 pending_MAIL, 0, &inblock, ob->command_timeout, buffer,
1767 sizeof(buffer)))
1768 {
1769 case 3: ok = TRUE; /* 2xx & 5xx => OK & progress made */
1770 case 2: completed_address = TRUE; /* 5xx (only) => progress made */
1771 break;
1772
1773 case 1: ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
1774 if (!lmtp) completed_address = TRUE; /* can't tell about progress yet */
1775 case 0: /* No 2xx or 5xx, but no probs */
1776 break;
1777
1778 case -1: goto END_OFF; /* Timeout on RCPT */
1779 default: goto RESPONSE_FAILED; /* I/O error, or any MAIL error */
1780 }
1781 pending_MAIL = FALSE; /* Dealt with MAIL */
1782 }
1783 } /* Loop for next address */
1784
1785 /* If we are an MUA wrapper, abort if any RCPTs were rejected, either
1786 permanently or temporarily. We should have flushed and synced after the last
1787 RCPT. */
1788
1789 if (mua_wrapper)
1790 {
1791 address_item *badaddr;
1792 for (badaddr = first_addr; badaddr != NULL; badaddr = badaddr->next)
1793 {
1794 if (badaddr->transport_return != PENDING_OK) break;
1795 }
1796 if (badaddr != NULL)
1797 {
1798 set_errno(addrlist, 0, badaddr->message, FAIL,
1799 testflag(badaddr, af_pass_message));
1800 ok = FALSE;
1801 }
1802 }
1803
1804 /* If ok is TRUE, we know we have got at least one good recipient, and must now
1805 send DATA, but if it is FALSE (in the normal, non-wrapper case), we may still
1806 have a good recipient buffered up if we are pipelining. We don't want to waste
1807 time sending DATA needlessly, so we only send it if either ok is TRUE or if we
1808 are pipelining. The responses are all handled by sync_responses(). */
1809
1810 if (ok || (smtp_use_pipelining && !mua_wrapper))
1811 {
1812 int count = smtp_write_command(&outblock, FALSE, "DATA\r\n");
1813 if (count < 0) goto SEND_FAILED;
1814 switch(sync_responses(first_addr, tblock->rcpt_include_affixes, &sync_addr,
1815 host, count, ob->address_retry_include_sender, pending_MAIL,
1816 ok? +1 : -1, &inblock, ob->command_timeout, buffer, sizeof(buffer)))
1817 {
1818 case 3: ok = TRUE; /* 2xx & 5xx => OK & progress made */
1819 case 2: completed_address = TRUE; /* 5xx (only) => progress made */
1820 break;
1821
1822 case 1: ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
1823 if (!lmtp) completed_address = TRUE; /* can't tell about progress yet */
1824 case 0: break; /* No 2xx or 5xx, but no probs */
1825
1826 case -1: goto END_OFF; /* Timeout on RCPT */
1827 default: goto RESPONSE_FAILED; /* I/O error, or any MAIL/DATA error */
1828 }
1829 }
1830
1831 /* Save the first address of the next batch. */
1832
1833 first_addr = addr;
1834
1835 /* If there were no good recipients (but otherwise there have been no
1836 problems), just set ok TRUE, since we have handled address-specific errors
1837 already. Otherwise, it's OK to send the message. Use the check/escape mechanism
1838 for handling the SMTP dot-handling protocol, flagging to apply to headers as
1839 well as body. Set the appropriate timeout value to be used for each chunk.
1840 (Haven't been able to make it work using select() for writing yet.) */
1841
1842 if (!ok) ok = TRUE; else
1843 {
1844 sigalrm_seen = FALSE;
1845 transport_write_timeout = ob->data_timeout;
1846 smtp_command = US"sending data block"; /* For error messages */
1847 DEBUG(D_transport|D_v)
1848 debug_printf(" SMTP>> writing message and terminating \".\"\n");
1849 transport_count = 0;
1850 #ifndef DISABLE_DKIM
1851 ok = dkim_transport_write_message(addrlist, inblock.sock,
1852 topt_use_crlf | topt_end_dot | topt_escape_headers |
1853 (tblock->body_only? topt_no_headers : 0) |
1854 (tblock->headers_only? topt_no_body : 0) |
1855 (tblock->return_path_add? topt_add_return_path : 0) |
1856 (tblock->delivery_date_add? topt_add_delivery_date : 0) |
1857 (tblock->envelope_to_add? topt_add_envelope_to : 0),
1858 0, /* No size limit */
1859 tblock->add_headers, tblock->remove_headers,
1860 US".", US"..", /* Escaping strings */
1861 tblock->rewrite_rules, tblock->rewrite_existflags,
1862 ob->dkim_private_key, ob->dkim_domain, ob->dkim_selector,
1863 ob->dkim_canon, ob->dkim_strict, ob->dkim_sign_headers
1864 );
1865 #else
1866 ok = transport_write_message(addrlist, inblock.sock,
1867 topt_use_crlf | topt_end_dot | topt_escape_headers |
1868 (tblock->body_only? topt_no_headers : 0) |
1869 (tblock->headers_only? topt_no_body : 0) |
1870 (tblock->return_path_add? topt_add_return_path : 0) |
1871 (tblock->delivery_date_add? topt_add_delivery_date : 0) |
1872 (tblock->envelope_to_add? topt_add_envelope_to : 0),
1873 0, /* No size limit */
1874 tblock->add_headers, tblock->remove_headers,
1875 US".", US"..", /* Escaping strings */
1876 tblock->rewrite_rules, tblock->rewrite_existflags);
1877 #endif
1878
1879 /* transport_write_message() uses write() because it is called from other
1880 places to write to non-sockets. This means that under some OS (e.g. Solaris)
1881 it can exit with "Broken pipe" as its error. This really means that the
1882 socket got closed at the far end. */
1883
1884 transport_write_timeout = 0; /* for subsequent transports */
1885
1886 /* Failure can either be some kind of I/O disaster (including timeout),
1887 or the failure of a transport filter or the expansion of added headers. */
1888
1889 if (!ok)
1890 {
1891 buffer[0] = 0; /* There hasn't been a response */
1892 goto RESPONSE_FAILED;
1893 }
1894
1895 /* We used to send the terminating "." explicitly here, but because of
1896 buffering effects at both ends of TCP/IP connections, you don't gain
1897 anything by keeping it separate, so it might as well go in the final
1898 data buffer for efficiency. This is now done by setting the topt_end_dot
1899 flag above. */
1900
1901 smtp_command = US"end of data";
1902
1903 #ifdef EXPERIMENTAL_PRDR
1904 /* For PRDR we optionally get a partial-responses warning
1905 * followed by the individual responses, before going on with
1906 * the overall response. If we don't get the warning then deal
1907 * with per non-PRDR. */
1908 if(prdr_active)
1909 {
1910 ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '3',
1911 ob->final_timeout);
1912 if (!ok && errno == 0)
1913 switch(buffer[0])
1914 {
1915 case '2': prdr_active = FALSE;
1916 ok = TRUE;
1917 break;
1918 case '4': errno = ERRNO_DATA4XX;
1919 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
1920 break;
1921 }
1922 }
1923 else
1924 #endif
1925
1926 /* For non-PRDR SMTP, we now read a single response that applies to the
1927 whole message. If it is OK, then all the addresses have been delivered. */
1928
1929 if (!lmtp)
1930 {
1931 ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1932 ob->final_timeout);
1933 if (!ok && errno == 0 && buffer[0] == '4')
1934 {
1935 errno = ERRNO_DATA4XX;
1936 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
1937 }
1938 }
1939
1940 /* For LMTP, we get back a response for every RCPT command that we sent;
1941 some may be accepted and some rejected. For those that get a response, their
1942 status is fixed; any that are accepted have been handed over, even if later
1943 responses crash - at least, that's how I read RFC 2033.
1944
1945 If all went well, mark the recipient addresses as completed, record which
1946 host/IPaddress they were delivered to, and cut out RSET when sending another
1947 message down the same channel. Write the completed addresses to the journal
1948 now so that they are recorded in case there is a crash of hardware or
1949 software before the spool gets updated. Also record the final SMTP
1950 confirmation if needed (for SMTP only). */
1951
1952 if (ok)
1953 {
1954 int flag = '=';
1955 int delivery_time = (int)(time(NULL) - start_delivery_time);
1956 int len;
1957 host_item *thost;
1958 uschar *conf = NULL;
1959 send_rset = FALSE;
1960
1961 /* Make a copy of the host if it is local to this invocation
1962 of the transport. */
1963
1964 if (copy_host)
1965 {
1966 thost = store_get(sizeof(host_item));
1967 *thost = *host;
1968 thost->name = string_copy(host->name);
1969 thost->address = string_copy(host->address);
1970 }
1971 else thost = host;
1972
1973 /* Set up confirmation if needed - applies only to SMTP */
1974
1975 if (
1976 #ifndef EXPERIMENTAL_TPDA
1977 (log_extra_selector & LX_smtp_confirmation) != 0 &&
1978 #endif
1979 !lmtp
1980 )
1981 {
1982 uschar *s = string_printing(buffer);
1983 conf = (s == buffer)? (uschar *)string_copy(s) : s;
1984 }
1985
1986 /* Process all transported addresses - for LMTP or PRDR, read a status for
1987 each one. */
1988
1989 for (addr = addrlist; addr != first_addr; addr = addr->next)
1990 {
1991 if (addr->transport_return != PENDING_OK) continue;
1992
1993 /* LMTP - if the response fails badly (e.g. timeout), use it for all the
1994 remaining addresses. Otherwise, it's a return code for just the one
1995 address. For temporary errors, add a retry item for the address so that
1996 it doesn't get tried again too soon. */
1997
1998 #ifdef EXPERIMENTAL_PRDR
1999 if (lmtp || prdr_active)
2000 #else
2001 if (lmtp)
2002 #endif
2003 {
2004 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2005 ob->final_timeout))
2006 {
2007 if (errno != 0 || buffer[0] == 0) goto RESPONSE_FAILED;
2008 addr->message = string_sprintf(
2009 #ifdef EXPERIMENTAL_PRDR
2010 "%s error after %s: %s", prdr_active ? "PRDR":"LMTP",
2011 #else
2012 "LMTP error after %s: %s",
2013 #endif
2014 big_buffer, string_printing(buffer));
2015 setflag(addr, af_pass_message); /* Allow message to go to user */
2016 if (buffer[0] == '5')
2017 addr->transport_return = FAIL;
2018 else
2019 {
2020 errno = ERRNO_DATA4XX;
2021 addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
2022 addr->transport_return = DEFER;
2023 #ifdef EXPERIMENTAL_PRDR
2024 if (!prdr_active)
2025 #endif
2026 retry_add_item(addr, addr->address_retry_key, 0);
2027 }
2028 continue;
2029 }
2030 completed_address = TRUE; /* NOW we can set this flag */
2031 if ((log_extra_selector & LX_smtp_confirmation) != 0)
2032 {
2033 uschar *s = string_printing(buffer);
2034 conf = (s == buffer)? (uschar *)string_copy(s) : s;
2035 }
2036 }
2037
2038 /* SMTP, or success return from LMTP for this address. Pass back the
2039 actual host that was used. */
2040
2041 addr->transport_return = OK;
2042 addr->more_errno = delivery_time;
2043 addr->host_used = thost;
2044 addr->special_action = flag;
2045 addr->message = conf;
2046 #ifdef EXPERIMENTAL_PRDR
2047 if (prdr_active) addr->flags |= af_prdr_used;
2048 #endif
2049 flag = '-';
2050
2051 #ifdef EXPERIMENTAL_PRDR
2052 if (!prdr_active)
2053 #endif
2054 {
2055 /* Update the journal. For homonymic addresses, use the base address plus
2056 the transport name. See lots of comments in deliver.c about the reasons
2057 for the complications when homonyms are involved. Just carry on after
2058 write error, as it may prove possible to update the spool file later. */
2059
2060 if (testflag(addr, af_homonym))
2061 sprintf(CS buffer, "%.500s/%s\n", addr->unique + 3, tblock->name);
2062 else
2063 sprintf(CS buffer, "%.500s\n", addr->unique);
2064
2065 DEBUG(D_deliver) debug_printf("journalling %s", buffer);
2066 len = Ustrlen(CS buffer);
2067 if (write(journal_fd, buffer, len) != len)
2068 log_write(0, LOG_MAIN|LOG_PANIC, "failed to write journal for "
2069 "%s: %s", buffer, strerror(errno));
2070 }
2071 }
2072
2073 #ifdef EXPERIMENTAL_PRDR
2074 if (prdr_active)
2075 {
2076 /* PRDR - get the final, overall response. For any non-success
2077 upgrade all the address statuses. */
2078 ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2079 ob->final_timeout);
2080 if (!ok)
2081 {
2082 if(errno == 0 && buffer[0] == '4')
2083 {
2084 errno = ERRNO_DATA4XX;
2085 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
2086 }
2087 for (addr = addrlist; addr != first_addr; addr = addr->next)
2088 if (buffer[0] == '5' || addr->transport_return == OK)
2089 addr->transport_return = PENDING_OK; /* allow set_errno action */
2090 goto RESPONSE_FAILED;
2091 }
2092
2093 /* Update the journal, or setup retry. */
2094 for (addr = addrlist; addr != first_addr; addr = addr->next)
2095 if (addr->transport_return == OK)
2096 {
2097 if (testflag(addr, af_homonym))
2098 sprintf(CS buffer, "%.500s/%s\n", addr->unique + 3, tblock->name);
2099 else
2100 sprintf(CS buffer, "%.500s\n", addr->unique);
2101
2102 DEBUG(D_deliver) debug_printf("journalling(PRDR) %s", buffer);
2103 len = Ustrlen(CS buffer);
2104 if (write(journal_fd, buffer, len) != len)
2105 log_write(0, LOG_MAIN|LOG_PANIC, "failed to write journal for "
2106 "%s: %s", buffer, strerror(errno));
2107 }
2108 else if (addr->transport_return == DEFER)
2109 retry_add_item(addr, addr->address_retry_key, -2);
2110 }
2111 #endif
2112
2113 /* Ensure the journal file is pushed out to disk. */
2114
2115 if (EXIMfsync(journal_fd) < 0)
2116 log_write(0, LOG_MAIN|LOG_PANIC, "failed to fsync journal: %s",
2117 strerror(errno));
2118 }
2119 }
2120
2121
2122 /* Handle general (not specific to one address) failures here. The value of ok
2123 is used to skip over this code on the falling through case. A timeout causes a
2124 deferral. Other errors may defer or fail according to the response code, and
2125 may set up a special errno value, e.g. after connection chopped, which is
2126 assumed if errno == 0 and there is no text in the buffer. If control reaches
2127 here during the setting up phase (i.e. before MAIL FROM) then always defer, as
2128 the problem is not related to this specific message. */
2129
2130 if (!ok)
2131 {
2132 int code;
2133
2134 RESPONSE_FAILED:
2135 save_errno = errno;
2136 message = NULL;
2137 send_quit = check_response(host, &save_errno, addrlist->more_errno,
2138 buffer, &code, &message, &pass_message);
2139 goto FAILED;
2140
2141 SEND_FAILED:
2142 save_errno = errno;
2143 code = '4';
2144 message = US string_sprintf("send() to %s [%s] failed: %s",
2145 host->name, host->address, strerror(save_errno));
2146 send_quit = FALSE;
2147 goto FAILED;
2148
2149 /* This label is jumped to directly when a TLS negotiation has failed,
2150 or was not done for a host for which it is required. Values will be set
2151 in message and save_errno, and setting_up will always be true. Treat as
2152 a temporary error. */
2153
2154 #ifdef SUPPORT_TLS
2155 TLS_FAILED:
2156 code = '4';
2157 #endif
2158
2159 /* If the failure happened while setting up the call, see if the failure was
2160 a 5xx response (this will either be on connection, or following HELO - a 5xx
2161 after EHLO causes it to try HELO). If so, fail all addresses, as this host is
2162 never going to accept them. For other errors during setting up (timeouts or
2163 whatever), defer all addresses, and yield DEFER, so that the host is not
2164 tried again for a while. */
2165
2166 FAILED:
2167 ok = FALSE; /* For when reached by GOTO */
2168
2169 if (setting_up)
2170 {
2171 if (code == '5')
2172 {
2173 set_errno(addrlist, save_errno, message, FAIL, pass_message);
2174 }
2175 else
2176 {
2177 set_errno(addrlist, save_errno, message, DEFER, pass_message);
2178 yield = DEFER;
2179 }
2180 }
2181
2182 /* We want to handle timeouts after MAIL or "." and loss of connection after
2183 "." specially. They can indicate a problem with the sender address or with
2184 the contents of the message rather than a real error on the connection. These
2185 cases are treated in the same way as a 4xx response. This next bit of code
2186 does the classification. */
2187
2188 else
2189 {
2190 BOOL message_error;
2191
2192 switch(save_errno)
2193 {
2194 case 0:
2195 case ERRNO_MAIL4XX:
2196 case ERRNO_DATA4XX:
2197 message_error = TRUE;
2198 break;
2199
2200 case ETIMEDOUT:
2201 message_error = Ustrncmp(smtp_command,"MAIL",4) == 0 ||
2202 Ustrncmp(smtp_command,"end ",4) == 0;
2203 break;
2204
2205 case ERRNO_SMTPCLOSED:
2206 message_error = Ustrncmp(smtp_command,"end ",4) == 0;
2207 break;
2208
2209 default:
2210 message_error = FALSE;
2211 break;
2212 }
2213
2214 /* Handle the cases that are treated as message errors. These are:
2215
2216 (a) negative response or timeout after MAIL
2217 (b) negative response after DATA
2218 (c) negative response or timeout or dropped connection after "."
2219
2220 It won't be a negative response or timeout after RCPT, as that is dealt
2221 with separately above. The action in all cases is to set an appropriate
2222 error code for all the addresses, but to leave yield set to OK because the
2223 host itself has not failed. Of course, it might in practice have failed
2224 when we've had a timeout, but if so, we'll discover that at the next
2225 delivery attempt. For a temporary error, set the message_defer flag, and
2226 write to the logs for information if this is not the last host. The error
2227 for the last host will be logged as part of the address's log line. */
2228
2229 if (message_error)
2230 {
2231 if (mua_wrapper) code = '5'; /* Force hard failure in wrapper mode */
2232 set_errno(addrlist, save_errno, message, (code == '5')? FAIL : DEFER,
2233 pass_message);
2234
2235 /* If there's an errno, the message contains just the identity of
2236 the host. */
2237
2238 if (code != '5') /* Anything other than 5 is treated as temporary */
2239 {
2240 if (save_errno > 0)
2241 message = US string_sprintf("%s: %s", message, strerror(save_errno));
2242 if (host->next != NULL) log_write(0, LOG_MAIN, "%s", message);
2243 deliver_msglog("%s %s\n", tod_stamp(tod_log), message);
2244 *message_defer = TRUE;
2245 }
2246 }
2247
2248 /* Otherwise, we have an I/O error or a timeout other than after MAIL or
2249 ".", or some other transportation error. We defer all addresses and yield
2250 DEFER, except for the case of failed add_headers expansion, or a transport
2251 filter failure, when the yield should be ERROR, to stop it trying other
2252 hosts. */
2253
2254 else
2255 {
2256 yield = (save_errno == ERRNO_CHHEADER_FAIL ||
2257 save_errno == ERRNO_FILTER_FAIL)? ERROR : DEFER;
2258 set_errno(addrlist, save_errno, message, DEFER, pass_message);
2259 }
2260 }
2261 }
2262
2263
2264 /* If all has gone well, send_quit will be set TRUE, implying we can end the
2265 SMTP session tidily. However, if there were too many addresses to send in one
2266 message (indicated by first_addr being non-NULL) we want to carry on with the
2267 rest of them. Also, it is desirable to send more than one message down the SMTP
2268 connection if there are several waiting, provided we haven't already sent so
2269 many as to hit the configured limit. The function transport_check_waiting looks
2270 for a waiting message and returns its id. Then transport_pass_socket tries to
2271 set up a continued delivery by passing the socket on to another process. The
2272 variable send_rset is FALSE if a message has just been successfully transfered.
2273
2274 If we are already sending down a continued channel, there may be further
2275 addresses not yet delivered that are aimed at the same host, but which have not
2276 been passed in this run of the transport. In this case, continue_more will be
2277 true, and all we should do is send RSET if necessary, and return, leaving the
2278 channel open.
2279
2280 However, if no address was disposed of, i.e. all addresses got 4xx errors, we
2281 do not want to continue with other messages down the same channel, because that
2282 can lead to looping between two or more messages, all with the same,
2283 temporarily failing address(es). [The retry information isn't updated yet, so
2284 new processes keep on trying.] We probably also don't want to try more of this
2285 message's addresses either.
2286
2287 If we have started a TLS session, we have to end it before passing the
2288 connection to a new process. However, not all servers can handle this (Exim
2289 can), so we do not pass such a connection on if the host matches
2290 hosts_nopass_tls. */
2291
2292 DEBUG(D_transport)
2293 debug_printf("ok=%d send_quit=%d send_rset=%d continue_more=%d "
2294 "yield=%d first_address is %sNULL\n", ok, send_quit, send_rset,
2295 continue_more, yield, (first_addr == NULL)? "":"not ");
2296
2297 if (completed_address && ok && send_quit)
2298 {
2299 BOOL more;
2300 if (first_addr != NULL || continue_more ||
2301 (
2302 (tls_out.active < 0 ||
2303 verify_check_this_host(&(ob->hosts_nopass_tls), NULL, host->name,
2304 host->address, NULL) != OK)
2305 &&
2306 transport_check_waiting(tblock->name, host->name,
2307 tblock->connection_max_messages, new_message_id, &more)
2308 ))
2309 {
2310 uschar *msg;
2311 BOOL pass_message;
2312
2313 if (send_rset)
2314 {
2315 if (! (ok = smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0))
2316 {
2317 msg = US string_sprintf("send() to %s [%s] failed: %s", host->name,
2318 host->address, strerror(save_errno));
2319 send_quit = FALSE;
2320 }
2321 else if (! (ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2322 ob->command_timeout)))
2323 {
2324 int code;
2325 send_quit = check_response(host, &errno, 0, buffer, &code, &msg,
2326 &pass_message);
2327 if (!send_quit)
2328 {
2329 DEBUG(D_transport) debug_printf("%s\n", msg);
2330 }
2331 }
2332 }
2333
2334 /* Either RSET was not needed, or it succeeded */
2335
2336 if (ok)
2337 {
2338 if (first_addr != NULL) /* More addresses still to be sent */
2339 { /* in this run of the transport */
2340 continue_sequence++; /* Causes * in logging */
2341 goto SEND_MESSAGE;
2342 }
2343 if (continue_more) return yield; /* More addresses for another run */
2344
2345 /* Pass the socket to a new Exim process. Before doing so, we must shut
2346 down TLS. Not all MTAs allow for the continuation of the SMTP session
2347 when TLS is shut down. We test for this by sending a new EHLO. If we
2348 don't get a good response, we don't attempt to pass the socket on. */
2349
2350 #ifdef SUPPORT_TLS
2351 if (tls_out.active >= 0)
2352 {
2353 tls_close(FALSE, TRUE);
2354 if (smtps)
2355 ok = FALSE;
2356 else
2357 ok = smtp_write_command(&outblock,FALSE,"EHLO %s\r\n",helo_data) >= 0 &&
2358 smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2359 ob->command_timeout);
2360 }
2361 #endif
2362
2363 /* If the socket is successfully passed, we musn't send QUIT (or
2364 indeed anything!) from here. */
2365
2366 if (ok && transport_pass_socket(tblock->name, host->name, host->address,
2367 new_message_id, inblock.sock))
2368 {
2369 send_quit = FALSE;
2370 }
2371 }
2372
2373 /* If RSET failed and there are addresses left, they get deferred. */
2374
2375 else set_errno(first_addr, errno, msg, DEFER, FALSE);
2376 }
2377 }
2378
2379 /* End off tidily with QUIT unless the connection has died or the socket has
2380 been passed to another process. There has been discussion on the net about what
2381 to do after sending QUIT. The wording of the RFC suggests that it is necessary
2382 to wait for a response, but on the other hand, there isn't anything one can do
2383 with an error response, other than log it. Exim used to do that. However,
2384 further discussion suggested that it is positively advantageous not to wait for
2385 the response, but to close the session immediately. This is supposed to move
2386 the TCP/IP TIME_WAIT state from the server to the client, thereby removing some
2387 load from the server. (Hosts that are both servers and clients may not see much
2388 difference, of course.) Further discussion indicated that this was safe to do
2389 on Unix systems which have decent implementations of TCP/IP that leave the
2390 connection around for a while (TIME_WAIT) after the application has gone away.
2391 This enables the response sent by the server to be properly ACKed rather than
2392 timed out, as can happen on broken TCP/IP implementations on other OS.
2393
2394 This change is being made on 31-Jul-98. After over a year of trouble-free
2395 operation, the old commented-out code was removed on 17-Sep-99. */
2396
2397 SEND_QUIT:
2398 if (send_quit) (void)smtp_write_command(&outblock, FALSE, "QUIT\r\n");
2399
2400 END_OFF:
2401
2402 #ifdef SUPPORT_TLS
2403 tls_close(FALSE, TRUE);
2404 #endif
2405
2406 /* Close the socket, and return the appropriate value, first setting
2407 continue_transport and continue_hostname NULL to prevent any other addresses
2408 that may include the host from trying to re-use a continuation socket. This
2409 works because the NULL setting is passed back to the calling process, and
2410 remote_max_parallel is forced to 1 when delivering over an existing connection,
2411
2412 If all went well and continue_more is set, we shouldn't actually get here if
2413 there are further addresses, as the return above will be taken. However,
2414 writing RSET might have failed, or there may be other addresses whose hosts are
2415 specified in the transports, and therefore not visible at top level, in which
2416 case continue_more won't get set. */
2417
2418 (void)close(inblock.sock);
2419 continue_transport = NULL;
2420 continue_hostname = NULL;
2421 return yield;
2422 }
2423
2424
2425
2426
2427 /*************************************************
2428 * Closedown entry point *
2429 *************************************************/
2430
2431 /* This function is called when exim is passed an open smtp channel
2432 from another incarnation, but the message which it has been asked
2433 to deliver no longer exists. The channel is on stdin.
2434
2435 We might do fancy things like looking for another message to send down
2436 the channel, but if the one we sought has gone, it has probably been
2437 delivered by some other process that itself will seek further messages,
2438 so just close down our connection.
2439
2440 Argument: pointer to the transport instance block
2441 Returns: nothing
2442 */
2443
2444 void
2445 smtp_transport_closedown(transport_instance *tblock)
2446 {
2447 smtp_transport_options_block *ob =
2448 (smtp_transport_options_block *)(tblock->options_block);
2449 smtp_inblock inblock;
2450 smtp_outblock outblock;
2451 uschar buffer[256];
2452 uschar inbuffer[4096];
2453 uschar outbuffer[16];
2454
2455 inblock.sock = fileno(stdin);
2456 inblock.buffer = inbuffer;
2457 inblock.buffersize = sizeof(inbuffer);
2458 inblock.ptr = inbuffer;
2459 inblock.ptrend = inbuffer;
2460
2461 outblock.sock = inblock.sock;
2462 outblock.buffersize = sizeof(outbuffer);
2463 outblock.buffer = outbuffer;
2464 outblock.ptr = outbuffer;
2465 outblock.cmd_count = 0;
2466 outblock.authenticating = FALSE;
2467
2468 (void)smtp_write_command(&outblock, FALSE, "QUIT\r\n");
2469 (void)smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2470 ob->command_timeout);
2471 (void)close(inblock.sock);
2472 }
2473
2474
2475
2476 /*************************************************
2477 * Prepare addresses for delivery *
2478 *************************************************/
2479
2480 /* This function is called to flush out error settings from previous delivery
2481 attempts to other hosts. It also records whether we got here via an MX record
2482 or not in the more_errno field of the address. We are interested only in
2483 addresses that are still marked DEFER - others may have got delivered to a
2484 previously considered IP address. Set their status to PENDING_DEFER to indicate
2485 which ones are relevant this time.
2486
2487 Arguments:
2488 addrlist the list of addresses
2489 host the host we are delivering to
2490
2491 Returns: the first address for this delivery
2492 */
2493
2494 static address_item *
2495 prepare_addresses(address_item *addrlist, host_item *host)
2496 {
2497 address_item *first_addr = NULL;
2498 address_item *addr;
2499 for (addr = addrlist; addr != NULL; addr = addr->next)
2500 {
2501 if (addr->transport_return != DEFER) continue;
2502 if (first_addr == NULL) first_addr = addr;
2503 addr->transport_return = PENDING_DEFER;
2504 addr->basic_errno = 0;
2505 addr->more_errno = (host->mx >= 0)? 'M' : 'A';
2506 addr->message = NULL;
2507 #ifdef SUPPORT_TLS
2508 addr->cipher = NULL;
2509 addr->peerdn = NULL;
2510 #endif
2511 }
2512 return first_addr;
2513 }
2514
2515
2516
2517 /*************************************************
2518 * Main entry point *
2519 *************************************************/
2520
2521 /* See local README for interface details. As this is a remote transport, it is
2522 given a chain of addresses to be delivered in one connection, if possible. It
2523 always returns TRUE, indicating that each address has its own independent
2524 status set, except if there is a setting up problem, in which case it returns
2525 FALSE. */
2526
2527 BOOL
2528 smtp_transport_entry(
2529 transport_instance *tblock, /* data for this instantiation */
2530 address_item *addrlist) /* addresses we are working on */
2531 {
2532 int cutoff_retry;
2533 int port;
2534 int hosts_defer = 0;
2535 int hosts_fail = 0;
2536 int hosts_looked_up = 0;
2537 int hosts_retry = 0;
2538 int hosts_serial = 0;
2539 int hosts_total = 0;
2540 int total_hosts_tried = 0;
2541 address_item *addr;
2542 BOOL expired = TRUE;
2543 BOOL continuing = continue_hostname != NULL;
2544 uschar *expanded_hosts = NULL;
2545 uschar *pistring;
2546 uschar *tid = string_sprintf("%s transport", tblock->name);
2547 smtp_transport_options_block *ob =
2548 (smtp_transport_options_block *)(tblock->options_block);
2549 host_item *hostlist = addrlist->host_list;
2550 host_item *host = NULL;
2551
2552 DEBUG(D_transport)
2553 {
2554 debug_printf("%s transport entered\n", tblock->name);
2555 for (addr = addrlist; addr != NULL; addr = addr->next)
2556 debug_printf(" %s\n", addr->address);
2557 if (continuing) debug_printf("already connected to %s [%s]\n",
2558 continue_hostname, continue_host_address);
2559 }
2560
2561 /* Set the flag requesting that these hosts be added to the waiting
2562 database if the delivery fails temporarily or if we are running with
2563 queue_smtp or a 2-stage queue run. This gets unset for certain
2564 kinds of error, typically those that are specific to the message. */
2565
2566 update_waiting = TRUE;
2567
2568 /* If a host list is not defined for the addresses - they must all have the
2569 same one in order to be passed to a single transport - or if the transport has
2570 a host list with hosts_override set, use the host list supplied with the
2571 transport. It is an error for this not to exist. */
2572
2573 if (hostlist == NULL || (ob->hosts_override && ob->hosts != NULL))
2574 {
2575 if (ob->hosts == NULL)
2576 {
2577 addrlist->message = string_sprintf("%s transport called with no hosts set",
2578 tblock->name);
2579 addrlist->transport_return = PANIC;
2580 return FALSE; /* Only top address has status */
2581 }
2582
2583 DEBUG(D_transport) debug_printf("using the transport's hosts: %s\n",
2584 ob->hosts);
2585
2586 /* If the transport's host list contains no '$' characters, and we are not
2587 randomizing, it is fixed and therefore a chain of hosts can be built once
2588 and for all, and remembered for subsequent use by other calls to this
2589 transport. If, on the other hand, the host list does contain '$', or we are
2590 randomizing its order, we have to rebuild it each time. In the fixed case,
2591 as the hosts string will never be used again, it doesn't matter that we
2592 replace all the : characters with zeros. */
2593
2594 if (ob->hostlist == NULL)
2595 {
2596 uschar *s = ob->hosts;
2597
2598 if (Ustrchr(s, '$') != NULL)
2599 {
2600 expanded_hosts = expand_string(s);
2601 if (expanded_hosts == NULL)
2602 {
2603 addrlist->message = string_sprintf("failed to expand list of hosts "
2604 "\"%s\" in %s transport: %s", s, tblock->name, expand_string_message);
2605 addrlist->transport_return = search_find_defer? DEFER : PANIC;
2606 return FALSE; /* Only top address has status */
2607 }
2608 DEBUG(D_transport) debug_printf("expanded list of hosts \"%s\" to "
2609 "\"%s\"\n", s, expanded_hosts);
2610 s = expanded_hosts;
2611 }
2612 else
2613 if (ob->hosts_randomize) s = expanded_hosts = string_copy(s);
2614
2615 host_build_hostlist(&hostlist, s, ob->hosts_randomize);
2616
2617 /* Check that the expansion yielded something useful. */
2618 if (hostlist == NULL)
2619 {
2620 addrlist->message =
2621 string_sprintf("%s transport has empty hosts setting", tblock->name);
2622 addrlist->transport_return = PANIC;
2623 return FALSE; /* Only top address has status */
2624 }
2625
2626 /* If there was no expansion of hosts, save the host list for
2627 next time. */
2628
2629 if (expanded_hosts == NULL) ob->hostlist = hostlist;
2630 }
2631
2632 /* This is not the first time this transport has been run in this delivery;
2633 the host list was built previously. */
2634
2635 else hostlist = ob->hostlist;
2636 }
2637
2638 /* The host list was supplied with the address. If hosts_randomize is set, we
2639 must sort it into a random order if it did not come from MX records and has not
2640 already been randomized (but don't bother if continuing down an existing
2641 connection). */
2642
2643 else if (ob->hosts_randomize && hostlist->mx == MX_NONE && !continuing)
2644 {
2645 host_item *newlist = NULL;
2646 while (hostlist != NULL)
2647 {
2648 host_item *h = hostlist;
2649 hostlist = hostlist->next;
2650
2651 h->sort_key = random_number(100);
2652
2653 if (newlist == NULL)
2654 {
2655 h->next = NULL;
2656 newlist = h;
2657 }
2658 else if (h->sort_key < newlist->sort_key)
2659 {
2660 h->next = newlist;
2661 newlist = h;
2662 }
2663 else
2664 {
2665 host_item *hh = newlist;
2666 while (hh->next != NULL)
2667 {
2668 if (h->sort_key < hh->next->sort_key) break;
2669 hh = hh->next;
2670 }
2671 h->next = hh->next;
2672 hh->next = h;
2673 }
2674 }
2675
2676 hostlist = addrlist->host_list = newlist;
2677 }
2678
2679
2680 /* Sort out the default port. */
2681
2682 if (!smtp_get_port(ob->port, addrlist, &port, tid)) return FALSE;
2683
2684
2685 /* For each host-plus-IP-address on the list:
2686
2687 . If this is a continued delivery and the host isn't the one with the
2688 current connection, skip.
2689
2690 . If the status is unusable (i.e. previously failed or retry checked), skip.
2691
2692 . If no IP address set, get the address, either by turning the name into
2693 an address, calling gethostbyname if gethostbyname is on, or by calling
2694 the DNS. The DNS may yield multiple addresses, in which case insert the
2695 extra ones into the list.
2696
2697 . Get the retry data if not previously obtained for this address and set the
2698 field which remembers the state of this address. Skip if the retry time is
2699 not reached. If not, remember whether retry data was found. The retry string
2700 contains both the name and the IP address.
2701
2702 . Scan the list of addresses and mark those whose status is DEFER as
2703 PENDING_DEFER. These are the only ones that will be processed in this cycle
2704 of the hosts loop.
2705
2706 . Make a delivery attempt - addresses marked PENDING_DEFER will be tried.
2707 Some addresses may be successfully delivered, others may fail, and yet
2708 others may get temporary errors and so get marked DEFER.
2709
2710 . The return from the delivery attempt is OK if a connection was made and a
2711 valid SMTP dialogue was completed. Otherwise it is DEFER.
2712
2713 . If OK, add a "remove" retry item for this host/IPaddress, if any.
2714
2715 . If fail to connect, or other defer state, add a retry item.
2716
2717 . If there are any addresses whose status is still DEFER, carry on to the
2718 next host/IPaddress, unless we have tried the number of hosts given
2719 by hosts_max_try or hosts_max_try_hardlimit; otherwise return. Note that
2720 there is some fancy logic for hosts_max_try that means its limit can be
2721 overstepped in some circumstances.
2722
2723 If we get to the end of the list, all hosts have deferred at least one address,
2724 or not reached their retry times. If delay_after_cutoff is unset, it requests a
2725 delivery attempt to those hosts whose last try was before the arrival time of
2726 the current message. To cope with this, we have to go round the loop a second
2727 time. After that, set the status and error data for any addresses that haven't
2728 had it set already. */
2729
2730 for (cutoff_retry = 0; expired &&
2731 cutoff_retry < ((ob->delay_after_cutoff)? 1 : 2);
2732 cutoff_retry++)
2733 {
2734 host_item *nexthost = NULL;
2735 int unexpired_hosts_tried = 0;
2736
2737 for (host = hostlist;
2738 host != NULL &&
2739 unexpired_hosts_tried < ob->hosts_max_try &&
2740 total_hosts_tried < ob->hosts_max_try_hardlimit;
2741 host = nexthost)
2742 {
2743 int rc;
2744 int host_af;
2745 uschar *rs;
2746 BOOL serialized = FALSE;
2747 BOOL host_is_expired = FALSE;
2748 BOOL message_defer = FALSE;
2749 BOOL ifchanges = FALSE;
2750 BOOL some_deferred = FALSE;
2751 address_item *first_addr = NULL;
2752 uschar *interface = NULL;
2753 uschar *retry_host_key = NULL;
2754 uschar *retry_message_key = NULL;
2755 uschar *serialize_key = NULL;
2756
2757 /* Default next host is next host. :-) But this can vary if the
2758 hosts_max_try limit is hit (see below). It may also be reset if a host
2759 address is looked up here (in case the host was multihomed). */
2760
2761 nexthost = host->next;
2762
2763 /* If the address hasn't yet been obtained from the host name, look it up
2764 now, unless the host is already marked as unusable. If it is marked as
2765 unusable, it means that the router was unable to find its IP address (in
2766 the DNS or wherever) OR we are in the 2nd time round the cutoff loop, and
2767 the lookup failed last time. We don't get this far if *all* MX records
2768 point to non-existent hosts; that is treated as a hard error.
2769
2770 We can just skip this host entirely. When the hosts came from the router,
2771 the address will timeout based on the other host(s); when the address is
2772 looked up below, there is an explicit retry record added.
2773
2774 Note that we mustn't skip unusable hosts if the address is not unset; they
2775 may be needed as expired hosts on the 2nd time round the cutoff loop. */
2776
2777 if (host->address == NULL)
2778 {
2779 int new_port, flags;
2780 host_item *hh;
2781 uschar *canonical_name;
2782
2783 if (host->status >= hstatus_unusable)
2784 {
2785 DEBUG(D_transport) debug_printf("%s has no address and is unusable - skipping\n",
2786 host->name);
2787 continue;
2788 }
2789
2790 DEBUG(D_transport) debug_printf("getting address for %s\n", host->name);
2791
2792 /* The host name is permitted to have an attached port. Find it, and
2793 strip it from the name. Just remember it for now. */
2794
2795 new_port = host_item_get_port(host);
2796
2797 /* Count hosts looked up */
2798
2799 hosts_looked_up++;
2800
2801 /* Find by name if so configured, or if it's an IP address. We don't
2802 just copy the IP address, because we need the test-for-local to happen. */
2803
2804 flags = HOST_FIND_BY_A;
2805 if (ob->dns_qualify_single) flags |= HOST_FIND_QUALIFY_SINGLE;
2806 if (ob->dns_search_parents) flags |= HOST_FIND_SEARCH_PARENTS;
2807
2808 if (ob->gethostbyname || string_is_ip_address(host->name, NULL) != 0)
2809 rc = host_find_byname(host, NULL, flags, &canonical_name, TRUE);
2810 else
2811 rc = host_find_bydns(host, NULL, flags, NULL, NULL, NULL,
2812 &canonical_name, NULL);
2813
2814 /* Update the host (and any additional blocks, resulting from
2815 multihoming) with a host-specific port, if any. */
2816
2817 for (hh = host; hh != nexthost; hh = hh->next) hh->port = new_port;
2818
2819 /* Failure to find the host at this time (usually DNS temporary failure)
2820 is really a kind of routing failure rather than a transport failure.
2821 Therefore we add a retry item of the routing kind, not to stop us trying
2822 to look this name up here again, but to ensure the address gets timed
2823 out if the failures go on long enough. A complete failure at this point
2824 commonly points to a configuration error, but the best action is still
2825 to carry on for the next host. */
2826
2827 if (rc == HOST_FIND_AGAIN || rc == HOST_FIND_FAILED)
2828 {
2829 retry_add_item(addrlist, string_sprintf("R:%s", host->name), 0);
2830 expired = FALSE;
2831 if (rc == HOST_FIND_AGAIN) hosts_defer++; else hosts_fail++;
2832 DEBUG(D_transport) debug_printf("rc = %s for %s\n", (rc == HOST_FIND_AGAIN)?
2833 "HOST_FIND_AGAIN" : "HOST_FIND_FAILED", host->name);
2834 host->status = hstatus_unusable;
2835
2836 for (addr = addrlist; addr != NULL; addr = addr->next)
2837 {
2838 if (addr->transport_return != DEFER) continue;
2839 addr->basic_errno = ERRNO_UNKNOWNHOST;
2840 addr->message =
2841 string_sprintf("failed to lookup IP address for %s", host->name);
2842 }
2843 continue;
2844 }
2845
2846 /* If the host is actually the local host, we may have a problem, or
2847 there may be some cunning configuration going on. In the problem case,
2848 log things and give up. The default transport status is already DEFER. */
2849
2850 if (rc == HOST_FOUND_LOCAL && !ob->allow_localhost)
2851 {
2852 for (addr = addrlist; addr != NULL; addr = addr->next)
2853 {
2854 addr->basic_errno = 0;
2855 addr->message = string_sprintf("%s transport found host %s to be "
2856 "local", tblock->name, host->name);
2857 }
2858 goto END_TRANSPORT;
2859 }
2860 } /* End of block for IP address lookup */
2861
2862 /* If this is a continued delivery, we are interested only in the host
2863 which matches the name of the existing open channel. The check is put
2864 here after the local host lookup, in case the name gets expanded as a
2865 result of the lookup. Set expired FALSE, to save the outer loop executing
2866 twice. */
2867
2868 if (continuing && (Ustrcmp(continue_hostname, host->name) != 0 ||
2869 Ustrcmp(continue_host_address, host->address) != 0))
2870 {
2871 expired = FALSE;
2872 continue; /* With next host */
2873 }
2874
2875 /* Reset the default next host in case a multihomed host whose addresses
2876 are not looked up till just above added to the host list. */
2877
2878 nexthost = host->next;
2879
2880 /* If queue_smtp is set (-odqs or the first part of a 2-stage run), or the
2881 domain is in queue_smtp_domains, we don't actually want to attempt any
2882 deliveries. When doing a queue run, queue_smtp_domains is always unset. If
2883 there is a lookup defer in queue_smtp_domains, proceed as if the domain
2884 were not in it. We don't want to hold up all SMTP deliveries! Except when
2885 doing a two-stage queue run, don't do this if forcing. */
2886
2887 if ((!deliver_force || queue_2stage) && (queue_smtp ||
2888 match_isinlist(addrlist->domain, &queue_smtp_domains, 0,
2889 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK))
2890 {
2891 expired = FALSE;
2892 for (addr = addrlist; addr != NULL; addr = addr->next)
2893 {
2894 if (addr->transport_return != DEFER) continue;
2895 addr->message = US"domain matches queue_smtp_domains, or -odqs set";
2896 }
2897 continue; /* With next host */
2898 }
2899
2900 /* Count hosts being considered - purely for an intelligent comment
2901 if none are usable. */
2902
2903 hosts_total++;
2904
2905 /* Set $host and $host address now in case they are needed for the
2906 interface expansion or the serialize_hosts check; they remain set if an
2907 actual delivery happens. */
2908
2909 deliver_host = host->name;
2910 deliver_host_address = host->address;
2911
2912 /* Set up a string for adding to the retry key if the port number is not
2913 the standard SMTP port. A host may have its own port setting that overrides
2914 the default. */
2915
2916 pistring = string_sprintf(":%d", (host->port == PORT_NONE)?
2917 port : host->port);
2918 if (Ustrcmp(pistring, ":25") == 0) pistring = US"";
2919
2920 /* Select IPv4 or IPv6, and choose an outgoing interface. If the interface
2921 string changes upon expansion, we must add it to the key that is used for
2922 retries, because connections to the same host from a different interface
2923 should be treated separately. */
2924
2925 host_af = (Ustrchr(host->address, ':') == NULL)? AF_INET : AF_INET6;
2926 if (!smtp_get_interface(ob->interface, host_af, addrlist, &ifchanges,
2927 &interface, tid))
2928 return FALSE;
2929 if (ifchanges) pistring = string_sprintf("%s/%s", pistring, interface);
2930
2931 /* The first time round the outer loop, check the status of the host by
2932 inspecting the retry data. The second time round, we are interested only
2933 in expired hosts that haven't been tried since this message arrived. */
2934
2935 if (cutoff_retry == 0)
2936 {
2937 /* Ensure the status of the address is set by checking retry data if
2938 necessary. There maybe host-specific retry data (applicable to all
2939 messages) and also data for retries of a specific message at this host.
2940 If either of these retry records are actually read, the keys used are
2941 returned to save recomputing them later. */
2942
2943 host_is_expired = retry_check_address(addrlist->domain, host, pistring,
2944 ob->retry_include_ip_address, &retry_host_key, &retry_message_key);
2945
2946 DEBUG(D_transport) debug_printf("%s [%s]%s status = %s\n", host->name,
2947 (host->address == NULL)? US"" : host->address, pistring,
2948 (host->status == hstatus_usable)? "usable" :
2949 (host->status == hstatus_unusable)? "unusable" :
2950 (host->status == hstatus_unusable_expired)? "unusable (expired)" : "?");
2951
2952 /* Skip this address if not usable at this time, noting if it wasn't
2953 actually expired, both locally and in the address. */
2954
2955 switch (host->status)
2956 {
2957 case hstatus_unusable:
2958 expired = FALSE;
2959 setflag(addrlist, af_retry_skipped);
2960 /* Fall through */
2961
2962 case hstatus_unusable_expired:
2963 switch (host->why)
2964 {
2965 case hwhy_retry: hosts_retry++; break;
2966 case hwhy_failed: hosts_fail++; break;
2967 case hwhy_deferred: hosts_defer++; break;
2968 }
2969
2970 /* If there was a retry message key, implying that previously there
2971 was a message-specific defer, we don't want to update the list of
2972 messages waiting for these hosts. */
2973
2974 if (retry_message_key != NULL) update_waiting = FALSE;
2975 continue; /* With the next host or IP address */
2976 }
2977 }
2978
2979 /* Second time round the loop: if the address is set but expired, and
2980 the message is newer than the last try, let it through. */
2981
2982 else
2983 {
2984 if (host->address == NULL ||
2985 host->status != hstatus_unusable_expired ||
2986 host->last_try > received_time)
2987 continue;
2988 DEBUG(D_transport)
2989 debug_printf("trying expired host %s [%s]%s\n",
2990 host->name, host->address, pistring);
2991 host_is_expired = TRUE;
2992 }
2993
2994 /* Setting "expired=FALSE" doesn't actually mean not all hosts are expired;
2995 it remains TRUE only if all hosts are expired and none are actually tried.
2996 */
2997
2998 expired = FALSE;
2999
3000 /* If this host is listed as one to which access must be serialized,
3001 see if another Exim process has a connection to it, and if so, skip
3002 this host. If not, update the database to record our connection to it
3003 and remember this for later deletion. Do not do any of this if we are
3004 sending the message down a pre-existing connection. */
3005
3006 if (!continuing &&
3007 verify_check_this_host(&(ob->serialize_hosts), NULL, host->name,
3008 host->address, NULL) == OK)
3009 {
3010 serialize_key = string_sprintf("host-serialize-%s", host->name);
3011 if (!enq_start(serialize_key))
3012 {
3013 DEBUG(D_transport)
3014 debug_printf("skipping host %s because another Exim process "
3015 "is connected to it\n", host->name);
3016 hosts_serial++;
3017 continue;
3018 }
3019 serialized = TRUE;
3020 }
3021
3022 /* OK, we have an IP address that is not waiting for its retry time to
3023 arrive (it might be expired) OR (second time round the loop) we have an
3024 expired host that hasn't been tried since the message arrived. Have a go
3025 at delivering the message to it. First prepare the addresses by flushing
3026 out the result of previous attempts, and finding the first address that
3027 is still to be delivered. */
3028
3029 first_addr = prepare_addresses(addrlist, host);
3030
3031 DEBUG(D_transport) debug_printf("delivering %s to %s [%s] (%s%s)\n",
3032 message_id, host->name, host->address, addrlist->address,
3033 (addrlist->next == NULL)? "" : ", ...");
3034
3035 set_process_info("delivering %s to %s [%s] (%s%s)",
3036 message_id, host->name, host->address, addrlist->address,
3037 (addrlist->next == NULL)? "" : ", ...");
3038
3039 /* This is not for real; don't do the delivery. If there are
3040 any remaining hosts, list them. */
3041
3042 if (dont_deliver)
3043 {
3044 host_item *host2;
3045 set_errno(addrlist, 0, NULL, OK, FALSE);
3046 for (addr = addrlist; addr != NULL; addr = addr->next)
3047 {
3048 addr->host_used = host;
3049 addr->special_action = '*';
3050 addr->message = US"delivery bypassed by -N option";
3051 }
3052 DEBUG(D_transport)
3053 {
3054 debug_printf("*** delivery by %s transport bypassed by -N option\n"
3055 "*** host and remaining hosts:\n", tblock->name);
3056 for (host2 = host; host2 != NULL; host2 = host2->next)
3057 debug_printf(" %s [%s]\n", host2->name,
3058 (host2->address == NULL)? US"unset" : host2->address);
3059 }
3060 rc = OK;
3061 }
3062
3063 /* This is for real. If the host is expired, we don't count it for
3064 hosts_max_retry. This ensures that all hosts must expire before an address
3065 is timed out, unless hosts_max_try_hardlimit (which protects against
3066 lunatic DNS configurations) is reached.
3067
3068 If the host is not expired and we are about to hit the hosts_max_retry
3069 limit, check to see if there is a subsequent hosts with a different MX
3070 value. If so, make that the next host, and don't count this one. This is a
3071 heuristic to make sure that different MXs do get tried. With a normal kind
3072 of retry rule, they would get tried anyway when the earlier hosts were
3073 delayed, but if the domain has a "retry every time" type of rule - as is
3074 often used for the the very large ISPs, that won't happen. */
3075
3076 else
3077 {
3078 if (!host_is_expired && ++unexpired_hosts_tried >= ob->hosts_max_try)
3079 {
3080 host_item *h;
3081 DEBUG(D_transport)
3082 debug_printf("hosts_max_try limit reached with this host\n");
3083 for (h = host; h != NULL; h = h->next)
3084 if (h->mx != host->mx) break;
3085 if (h != NULL)
3086 {
3087 nexthost = h;
3088 unexpired_hosts_tried--;
3089 DEBUG(D_transport) debug_printf("however, a higher MX host exists "
3090 "and will be tried\n");
3091 }
3092 }
3093
3094 /* Attempt the delivery. */
3095
3096 total_hosts_tried++;
3097 rc = smtp_deliver(addrlist, host, host_af, port, interface, tblock,
3098 expanded_hosts != NULL, &message_defer, FALSE);
3099
3100 /* Yield is one of:
3101 OK => connection made, each address contains its result;
3102 message_defer is set for message-specific defers (when all
3103 recipients are marked defer)
3104 DEFER => there was a non-message-specific delivery problem;
3105 ERROR => there was a problem setting up the arguments for a filter,
3106 or there was a problem with expanding added headers
3107 */
3108
3109 /* If the result is not OK, there was a non-message-specific problem.
3110 If the result is DEFER, we need to write to the logs saying what happened
3111 for this particular host, except in the case of authentication and TLS
3112 failures, where the log has already been written. If all hosts defer a
3113 general message is written at the end. */
3114
3115 if (rc == DEFER && first_addr->basic_errno != ERRNO_AUTHFAIL &&
3116 first_addr->basic_errno != ERRNO_TLSFAILURE)
3117 write_logs(first_addr, host);
3118
3119 #ifdef EXPERIMENTAL_TPDA
3120 if (rc == DEFER)
3121 tpda_deferred(ob, first_addr, host);
3122 #endif
3123
3124 /* If STARTTLS was accepted, but there was a failure in setting up the
3125 TLS session (usually a certificate screwup), and the host is not in
3126 hosts_require_tls, and tls_tempfail_tryclear is true, try again, with
3127 TLS forcibly turned off. We have to start from scratch with a new SMTP
3128 connection. That's why the retry is done from here, not from within
3129 smtp_deliver(). [Rejections of STARTTLS itself don't screw up the
3130 session, so the in-clear transmission after those errors, if permitted,
3131 happens inside smtp_deliver().] */
3132
3133 #ifdef SUPPORT_TLS
3134 if (rc == DEFER && first_addr->basic_errno == ERRNO_TLSFAILURE &&
3135 ob->tls_tempfail_tryclear &&
3136 verify_check_this_host(&(ob->hosts_require_tls), NULL, host->name,
3137 host->address, NULL) != OK)
3138 {
3139 log_write(0, LOG_MAIN, "TLS session failure: delivering unencrypted "
3140 "to %s [%s] (not in hosts_require_tls)", host->name, host->address);
3141 first_addr = prepare_addresses(addrlist, host);
3142 rc = smtp_deliver(addrlist, host, host_af, port, interface, tblock,
3143 expanded_hosts != NULL, &message_defer, TRUE);
3144 if (rc == DEFER && first_addr->basic_errno != ERRNO_AUTHFAIL)
3145 write_logs(first_addr, host);
3146 #ifdef EXPERIMENTAL_TPDA
3147 if (rc == DEFER)
3148 tpda_deferred(ob, first_addr, host);
3149 #endif
3150 }
3151 #endif
3152 }
3153
3154 /* Delivery attempt finished */
3155
3156 rs = (rc == OK)? US"OK" : (rc == DEFER)? US"DEFER" : (rc == ERROR)?
3157 US"ERROR" : US"?";
3158
3159 set_process_info("delivering %s: just tried %s [%s] for %s%s: result %s",
3160 message_id, host->name, host->address, addrlist->address,
3161 (addrlist->next == NULL)? "" : " (& others)", rs);
3162
3163 /* Release serialization if set up */
3164
3165 if (serialized) enq_end(serialize_key);
3166
3167 /* If the result is DEFER, or if a host retry record is known to exist, we
3168 need to add an item to the retry chain for updating the retry database
3169 at the end of delivery. We only need to add the item to the top address,
3170 of course. Also, if DEFER, we mark the IP address unusable so as to skip it
3171 for any other delivery attempts using the same address. (It is copied into
3172 the unusable tree at the outer level, so even if different address blocks
3173 contain the same address, it still won't get tried again.) */
3174
3175 if (rc == DEFER || retry_host_key != NULL)
3176 {
3177 int delete_flag = (rc != DEFER)? rf_delete : 0;
3178 if (retry_host_key == NULL)
3179 {
3180 retry_host_key = ob->retry_include_ip_address?
3181 string_sprintf("T:%S:%s%s", host->name, host->address, pistring) :
3182 string_sprintf("T:%S%s", host->name, pistring);
3183 }
3184
3185 /* If a delivery of another message over an existing SMTP connection
3186 yields DEFER, we do NOT set up retry data for the host. This covers the
3187 case when there are delays in routing the addresses in the second message
3188 that are so long that the server times out. This is alleviated by not
3189 routing addresses that previously had routing defers when handling an
3190 existing connection, but even so, this case may occur (e.g. if a
3191 previously happily routed address starts giving routing defers). If the
3192 host is genuinely down, another non-continued message delivery will
3193 notice it soon enough. */
3194
3195 if (delete_flag != 0 || !continuing)
3196 retry_add_item(first_addr, retry_host_key, rf_host | delete_flag);
3197
3198 /* We may have tried an expired host, if its retry time has come; ensure
3199 the status reflects the expiry for the benefit of any other addresses. */
3200
3201 if (rc == DEFER)
3202 {
3203 host->status = (host_is_expired)?
3204 hstatus_unusable_expired : hstatus_unusable;
3205 host->why = hwhy_deferred;
3206 }
3207 }
3208
3209 /* If message_defer is set (host was OK, but every recipient got deferred
3210 because of some message-specific problem), or if that had happened
3211 previously so that a message retry key exists, add an appropriate item
3212 to the retry chain. Note that if there was a message defer but now there is
3213 a host defer, the message defer record gets deleted. That seems perfectly
3214 reasonable. Also, stop the message from being remembered as waiting
3215 for specific hosts. */
3216
3217 if (message_defer || retry_message_key != NULL)
3218 {
3219 int delete_flag = message_defer? 0 : rf_delete;
3220 if (retry_message_key == NULL)
3221 {
3222 retry_message_key = ob->retry_include_ip_address?
3223 string_sprintf("T:%S:%s%s:%s", host->name, host->address, pistring,
3224 message_id) :
3225 string_sprintf("T:%S%s:%s", host->name, pistring, message_id);
3226 }
3227 retry_add_item(addrlist, retry_message_key,
3228 rf_message | rf_host | delete_flag);
3229 update_waiting = FALSE;
3230 }
3231
3232 /* Any return other than DEFER (that is, OK or ERROR) means that the
3233 addresses have got their final statuses filled in for this host. In the OK
3234 case, see if any of them are deferred. */
3235
3236 if (rc == OK)
3237 {
3238 for (addr = addrlist; addr != NULL; addr = addr->next)
3239 {
3240 if (addr->transport_return == DEFER)
3241 {
3242 some_deferred = TRUE;
3243 break;
3244 }
3245 }
3246 }
3247
3248 /* If no addresses deferred or the result was ERROR, return. We do this for
3249 ERROR because a failing filter set-up or add_headers expansion is likely to
3250 fail for any host we try. */
3251
3252 if (rc == ERROR || (rc == OK && !some_deferred))
3253 {
3254 DEBUG(D_transport) debug_printf("Leaving %s transport\n", tblock->name);
3255 return TRUE; /* Each address has its status */
3256 }
3257
3258 /* If the result was DEFER or some individual addresses deferred, let
3259 the loop run to try other hosts with the deferred addresses, except for the
3260 case when we were trying to deliver down an existing channel and failed.
3261 Don't try any other hosts in this case. */
3262
3263 if (continuing) break;
3264
3265 /* If the whole delivery, or some individual addresses, were deferred and
3266 there are more hosts that could be tried, do not count this host towards
3267 the hosts_max_try limit if the age of the message is greater than the
3268 maximum retry time for this host. This means we may try try all hosts,
3269 ignoring the limit, when messages have been around for some time. This is
3270 important because if we don't try all hosts, the address will never time
3271 out. NOTE: this does not apply to hosts_max_try_hardlimit. */
3272
3273 if ((rc == DEFER || some_deferred) && nexthost != NULL)
3274 {
3275 BOOL timedout;
3276 retry_config *retry = retry_find_config(host->name, NULL, 0, 0);
3277
3278 if (retry != NULL && retry->rules != NULL)
3279 {
3280 retry_rule *last_rule;
3281 for (last_rule = retry->rules;
3282 last_rule->next != NULL;
3283 last_rule = last_rule->next);
3284 timedout = time(NULL) - received_time > last_rule->timeout;
3285 }
3286 else timedout = TRUE; /* No rule => timed out */
3287
3288 if (timedout)
3289 {
3290 unexpired_hosts_tried--;
3291 DEBUG(D_transport) debug_printf("temporary delivery error(s) override "
3292 "hosts_max_try (message older than host's retry time)\n");
3293 }
3294 }
3295 } /* End of loop for trying multiple hosts. */
3296
3297 /* This is the end of the loop that repeats iff expired is TRUE and
3298 ob->delay_after_cutoff is FALSE. The second time round we will
3299 try those hosts that haven't been tried since the message arrived. */
3300
3301 DEBUG(D_transport)
3302 {
3303 debug_printf("all IP addresses skipped or deferred at least one address\n");
3304 if (expired && !ob->delay_after_cutoff && cutoff_retry == 0)
3305 debug_printf("retrying IP addresses not tried since message arrived\n");
3306 }
3307 }
3308
3309
3310 /* Get here if all IP addresses are skipped or defer at least one address. In
3311 MUA wrapper mode, this will happen only for connection or other non-message-
3312 specific failures. Force the delivery status for all addresses to FAIL. */
3313
3314 if (mua_wrapper)
3315 {
3316 for (addr = addrlist; addr != NULL; addr = addr->next)
3317 addr->transport_return = FAIL;
3318 goto END_TRANSPORT;
3319 }
3320
3321 /* In the normal, non-wrapper case, add a standard message to each deferred
3322 address if there hasn't been an error, that is, if it hasn't actually been
3323 tried this time. The variable "expired" will be FALSE if any deliveries were
3324 actually tried, or if there was at least one host that was not expired. That
3325 is, it is TRUE only if no deliveries were tried and all hosts were expired. If
3326 a delivery has been tried, an error code will be set, and the failing of the
3327 message is handled by the retry code later.
3328
3329 If queue_smtp is set, or this transport was called to send a subsequent message
3330 down an existing TCP/IP connection, and something caused the host not to be
3331 found, we end up here, but can detect these cases and handle them specially. */
3332
3333 for (addr = addrlist; addr != NULL; addr = addr->next)
3334 {
3335 /* If host is not NULL, it means that we stopped processing the host list
3336 because of hosts_max_try or hosts_max_try_hardlimit. In the former case, this
3337 means we need to behave as if some hosts were skipped because their retry
3338 time had not come. Specifically, this prevents the address from timing out.
3339 However, if we have hit hosts_max_try_hardlimit, we want to behave as if all
3340 hosts were tried. */
3341
3342 if (host != NULL)
3343 {
3344 if (total_hosts_tried >= ob->hosts_max_try_hardlimit)
3345 {
3346 DEBUG(D_transport)
3347 debug_printf("hosts_max_try_hardlimit reached: behave as if all "
3348 "hosts were tried\n");
3349 }
3350 else
3351 {
3352 DEBUG(D_transport)
3353 debug_printf("hosts_max_try limit caused some hosts to be skipped\n");
3354 setflag(addr, af_retry_skipped);
3355 }
3356 }
3357
3358 if (queue_smtp) /* no deliveries attempted */
3359 {
3360 addr->transport_return = DEFER;
3361 addr->basic_errno = 0;
3362 addr->message = US"SMTP delivery explicitly queued";
3363 }
3364
3365 else if (addr->transport_return == DEFER &&
3366 (addr->basic_errno == ERRNO_UNKNOWNERROR || addr->basic_errno == 0) &&
3367 addr->message == NULL)
3368 {
3369 addr->basic_errno = ERRNO_HRETRY;
3370 if (continue_hostname != NULL)
3371 {
3372 addr->message = US"no host found for existing SMTP connection";
3373 }
3374 else if (expired)
3375 {
3376 setflag(addr, af_pass_message); /* This is not a security risk */
3377 addr->message = (ob->delay_after_cutoff)?
3378 US"retry time not reached for any host after a long failure period" :
3379 US"all hosts have been failing for a long time and were last tried "
3380 "after this message arrived";
3381
3382 /* If we are already using fallback hosts, or there are no fallback hosts
3383 defined, convert the result to FAIL to cause a bounce. */
3384
3385 if (addr->host_list == addr->fallback_hosts ||
3386 addr->fallback_hosts == NULL)
3387 addr->transport_return = FAIL;
3388 }
3389 else
3390 {
3391 if (hosts_retry == hosts_total)
3392 addr->message = US"retry time not reached for any host";
3393 else if (hosts_fail == hosts_total)
3394 addr->message = US"all host address lookups failed permanently";
3395 else if (hosts_defer == hosts_total)
3396 addr->message = US"all host address lookups failed temporarily";
3397 else if (hosts_serial == hosts_total)
3398 addr->message = US"connection limit reached for all hosts";
3399 else if (hosts_fail+hosts_defer == hosts_total)
3400 addr->message = US"all host address lookups failed";
3401 else addr->message = US"some host address lookups failed and retry time "
3402 "not reached for other hosts or connection limit reached";
3403 }
3404 }
3405 }
3406
3407 /* Update the database which keeps information about which messages are waiting
3408 for which hosts to become available. For some message-specific errors, the
3409 update_waiting flag is turned off because we don't want follow-on deliveries in
3410 those cases. If this transport instance is explicitly limited to one message
3411 per connection then follow-on deliveries are not possible and there's no need
3412 to create/update the per-transport wait-<transport_name> database. */
3413
3414 if (update_waiting && tblock->connection_max_messages != 1)
3415 transport_update_waiting(hostlist, tblock->name);
3416
3417 END_TRANSPORT:
3418
3419 DEBUG(D_transport) debug_printf("Leaving %s transport\n", tblock->name);
3420
3421 return TRUE; /* Each address has its status */
3422 }
3423
3424 /* End of transport/smtp.c */
Unnamed repository; edit this file 'description' to name the repository.