projects / exim.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge tag 'exim-4_82_1'
[exim.git] / src / src / transports / smtp.c
1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4
5 /* Copyright (c) University of Cambridge 1995 - 2014 */
6 /* See the file NOTICE for conditions of use and distribution. */
7
8 #include "../exim.h"
9 #include "smtp.h"
10
11 #define PENDING 256
12 #define PENDING_DEFER (PENDING + DEFER)
13 #define PENDING_OK (PENDING + OK)
14
15
16 /* Options specific to the smtp transport. This transport also supports LMTP
17 over TCP/IP. The options must be in alphabetic order (note that "_" comes
18 before the lower case letters). Some live in the transport_instance block so as
19 to be publicly visible; these are flagged with opt_public. */
20
21 optionlist smtp_transport_options[] = {
22 { "address_retry_include_sender", opt_bool,
23 (void *)offsetof(smtp_transport_options_block, address_retry_include_sender) },
24 { "allow_localhost", opt_bool,
25 (void *)offsetof(smtp_transport_options_block, allow_localhost) },
26 { "authenticated_sender", opt_stringptr,
27 (void *)offsetof(smtp_transport_options_block, authenticated_sender) },
28 { "authenticated_sender_force", opt_bool,
29 (void *)offsetof(smtp_transport_options_block, authenticated_sender_force) },
30 { "command_timeout", opt_time,
31 (void *)offsetof(smtp_transport_options_block, command_timeout) },
32 { "connect_timeout", opt_time,
33 (void *)offsetof(smtp_transport_options_block, connect_timeout) },
34 { "connection_max_messages", opt_int | opt_public,
35 (void *)offsetof(transport_instance, connection_max_messages) },
36 { "data_timeout", opt_time,
37 (void *)offsetof(smtp_transport_options_block, data_timeout) },
38 { "delay_after_cutoff", opt_bool,
39 (void *)offsetof(smtp_transport_options_block, delay_after_cutoff) },
40 #ifndef DISABLE_DKIM
41 { "dkim_canon", opt_stringptr,
42 (void *)offsetof(smtp_transport_options_block, dkim_canon) },
43 { "dkim_domain", opt_stringptr,
44 (void *)offsetof(smtp_transport_options_block, dkim_domain) },
45 { "dkim_private_key", opt_stringptr,
46 (void *)offsetof(smtp_transport_options_block, dkim_private_key) },
47 { "dkim_selector", opt_stringptr,
48 (void *)offsetof(smtp_transport_options_block, dkim_selector) },
49 { "dkim_sign_headers", opt_stringptr,
50 (void *)offsetof(smtp_transport_options_block, dkim_sign_headers) },
51 { "dkim_strict", opt_stringptr,
52 (void *)offsetof(smtp_transport_options_block, dkim_strict) },
53 #endif
54 { "dns_qualify_single", opt_bool,
55 (void *)offsetof(smtp_transport_options_block, dns_qualify_single) },
56 { "dns_search_parents", opt_bool,
57 (void *)offsetof(smtp_transport_options_block, dns_search_parents) },
58 { "dnssec_request_domains", opt_stringptr,
59 (void *)offsetof(smtp_transport_options_block, dnssec_request_domains) },
60 { "dnssec_require_domains", opt_stringptr,
61 (void *)offsetof(smtp_transport_options_block, dnssec_require_domains) },
62 { "dscp", opt_stringptr,
63 (void *)offsetof(smtp_transport_options_block, dscp) },
64 { "fallback_hosts", opt_stringptr,
65 (void *)offsetof(smtp_transport_options_block, fallback_hosts) },
66 { "final_timeout", opt_time,
67 (void *)offsetof(smtp_transport_options_block, final_timeout) },
68 { "gethostbyname", opt_bool,
69 (void *)offsetof(smtp_transport_options_block, gethostbyname) },
70 #ifdef SUPPORT_TLS
71 /* These are no longer honoured, as of Exim 4.80; for now, we silently
72 ignore; a later release will warn, and a later-still release will remove
73 these options, so that using them becomes an error. */
74 { "gnutls_require_kx", opt_stringptr,
75 (void *)offsetof(smtp_transport_options_block, gnutls_require_kx) },
76 { "gnutls_require_mac", opt_stringptr,
77 (void *)offsetof(smtp_transport_options_block, gnutls_require_mac) },
78 { "gnutls_require_protocols", opt_stringptr,
79 (void *)offsetof(smtp_transport_options_block, gnutls_require_proto) },
80 #endif
81 { "helo_data", opt_stringptr,
82 (void *)offsetof(smtp_transport_options_block, helo_data) },
83 { "hosts", opt_stringptr,
84 (void *)offsetof(smtp_transport_options_block, hosts) },
85 { "hosts_avoid_esmtp", opt_stringptr,
86 (void *)offsetof(smtp_transport_options_block, hosts_avoid_esmtp) },
87 { "hosts_avoid_pipelining", opt_stringptr,
88 (void *)offsetof(smtp_transport_options_block, hosts_avoid_pipelining) },
89 #ifdef SUPPORT_TLS
90 { "hosts_avoid_tls", opt_stringptr,
91 (void *)offsetof(smtp_transport_options_block, hosts_avoid_tls) },
92 #endif
93 { "hosts_max_try", opt_int,
94 (void *)offsetof(smtp_transport_options_block, hosts_max_try) },
95 { "hosts_max_try_hardlimit", opt_int,
96 (void *)offsetof(smtp_transport_options_block, hosts_max_try_hardlimit) },
97 #ifdef SUPPORT_TLS
98 { "hosts_nopass_tls", opt_stringptr,
99 (void *)offsetof(smtp_transport_options_block, hosts_nopass_tls) },
100 #endif
101 { "hosts_override", opt_bool,
102 (void *)offsetof(smtp_transport_options_block, hosts_override) },
103 { "hosts_randomize", opt_bool,
104 (void *)offsetof(smtp_transport_options_block, hosts_randomize) },
105 #if defined(SUPPORT_TLS) && !defined(DISABLE_OCSP)
106 { "hosts_request_ocsp", opt_stringptr,
107 (void *)offsetof(smtp_transport_options_block, hosts_request_ocsp) },
108 #endif
109 { "hosts_require_auth", opt_stringptr,
110 (void *)offsetof(smtp_transport_options_block, hosts_require_auth) },
111 #ifdef SUPPORT_TLS
112 # ifndef DISABLE_OCSP
113 { "hosts_require_ocsp", opt_stringptr,
114 (void *)offsetof(smtp_transport_options_block, hosts_require_ocsp) },
115 # endif
116 { "hosts_require_tls", opt_stringptr,
117 (void *)offsetof(smtp_transport_options_block, hosts_require_tls) },
118 #endif
119 { "hosts_try_auth", opt_stringptr,
120 (void *)offsetof(smtp_transport_options_block, hosts_try_auth) },
121 #ifndef DISABLE_PRDR
122 { "hosts_try_prdr", opt_stringptr,
123 (void *)offsetof(smtp_transport_options_block, hosts_try_prdr) },
124 #endif
125 #ifdef SUPPORT_TLS
126 { "hosts_verify_avoid_tls", opt_stringptr,
127 (void *)offsetof(smtp_transport_options_block, hosts_verify_avoid_tls) },
128 #endif
129 { "interface", opt_stringptr,
130 (void *)offsetof(smtp_transport_options_block, interface) },
131 { "keepalive", opt_bool,
132 (void *)offsetof(smtp_transport_options_block, keepalive) },
133 { "lmtp_ignore_quota", opt_bool,
134 (void *)offsetof(smtp_transport_options_block, lmtp_ignore_quota) },
135 { "max_rcpt", opt_int | opt_public,
136 (void *)offsetof(transport_instance, max_addresses) },
137 { "multi_domain", opt_bool | opt_public,
138 (void *)offsetof(transport_instance, multi_domain) },
139 { "port", opt_stringptr,
140 (void *)offsetof(smtp_transport_options_block, port) },
141 { "protocol", opt_stringptr,
142 (void *)offsetof(smtp_transport_options_block, protocol) },
143 { "retry_include_ip_address", opt_bool,
144 (void *)offsetof(smtp_transport_options_block, retry_include_ip_address) },
145 { "serialize_hosts", opt_stringptr,
146 (void *)offsetof(smtp_transport_options_block, serialize_hosts) },
147 { "size_addition", opt_int,
148 (void *)offsetof(smtp_transport_options_block, size_addition) }
149 #ifdef SUPPORT_TLS
150 ,{ "tls_certificate", opt_stringptr,
151 (void *)offsetof(smtp_transport_options_block, tls_certificate) },
152 { "tls_crl", opt_stringptr,
153 (void *)offsetof(smtp_transport_options_block, tls_crl) },
154 { "tls_dh_min_bits", opt_int,
155 (void *)offsetof(smtp_transport_options_block, tls_dh_min_bits) },
156 { "tls_privatekey", opt_stringptr,
157 (void *)offsetof(smtp_transport_options_block, tls_privatekey) },
158 { "tls_require_ciphers", opt_stringptr,
159 (void *)offsetof(smtp_transport_options_block, tls_require_ciphers) },
160 { "tls_sni", opt_stringptr,
161 (void *)offsetof(smtp_transport_options_block, tls_sni) },
162 { "tls_tempfail_tryclear", opt_bool,
163 (void *)offsetof(smtp_transport_options_block, tls_tempfail_tryclear) },
164 { "tls_try_verify_hosts", opt_stringptr,
165 (void *)offsetof(smtp_transport_options_block, tls_try_verify_hosts) },
166 #ifdef EXPERIMENTAL_CERTNAMES
167 { "tls_verify_cert_hostnames", opt_stringptr,
168 (void *)offsetof(smtp_transport_options_block,tls_verify_cert_hostnames)},
169 #endif
170 { "tls_verify_certificates", opt_stringptr,
171 (void *)offsetof(smtp_transport_options_block, tls_verify_certificates) },
172 { "tls_verify_hosts", opt_stringptr,
173 (void *)offsetof(smtp_transport_options_block, tls_verify_hosts) }
174 #endif
175 #ifdef EXPERIMENTAL_TPDA
176 ,{ "tpda_host_defer_action", opt_stringptr,
177 (void *)offsetof(smtp_transport_options_block, tpda_host_defer_action) },
178 #endif
179 };
180
181 /* Size of the options list. An extern variable has to be used so that its
182 address can appear in the tables drtables.c. */
183
184 int smtp_transport_options_count =
185 sizeof(smtp_transport_options)/sizeof(optionlist);
186
187 /* Default private options block for the smtp transport. */
188
189 smtp_transport_options_block smtp_transport_option_defaults = {
190 NULL, /* hosts */
191 NULL, /* fallback_hosts */
192 NULL, /* hostlist */
193 NULL, /* fallback_hostlist */
194 NULL, /* authenticated_sender */
195 US"$primary_hostname", /* helo_data */
196 NULL, /* interface */
197 NULL, /* port */
198 US"smtp", /* protocol */
199 NULL, /* DSCP */
200 NULL, /* serialize_hosts */
201 NULL, /* hosts_try_auth */
202 NULL, /* hosts_require_auth */
203 #ifndef DISABLE_PRDR
204 NULL, /* hosts_try_prdr */
205 #endif
206 #ifndef DISABLE_OCSP
207 US"*", /* hosts_request_ocsp */
208 NULL, /* hosts_require_ocsp */
209 #endif
210 NULL, /* hosts_require_tls */
211 NULL, /* hosts_avoid_tls */
212 US"*", /* hosts_verify_avoid_tls */
213 NULL, /* hosts_avoid_pipelining */
214 NULL, /* hosts_avoid_esmtp */
215 NULL, /* hosts_nopass_tls */
216 5*60, /* command_timeout */
217 5*60, /* connect_timeout; shorter system default overrides */
218 5*60, /* data timeout */
219 10*60, /* final timeout */
220 1024, /* size_addition */
221 5, /* hosts_max_try */
222 50, /* hosts_max_try_hardlimit */
223 TRUE, /* address_retry_include_sender */
224 FALSE, /* allow_localhost */
225 FALSE, /* authenticated_sender_force */
226 FALSE, /* gethostbyname */
227 TRUE, /* dns_qualify_single */
228 FALSE, /* dns_search_parents */
229 NULL, /* dnssec_request_domains */
230 NULL, /* dnssec_require_domains */
231 TRUE, /* delay_after_cutoff */
232 FALSE, /* hosts_override */
233 FALSE, /* hosts_randomize */
234 TRUE, /* keepalive */
235 FALSE, /* lmtp_ignore_quota */
236 TRUE /* retry_include_ip_address */
237 #ifdef SUPPORT_TLS
238 ,NULL, /* tls_certificate */
239 NULL, /* tls_crl */
240 NULL, /* tls_privatekey */
241 NULL, /* tls_require_ciphers */
242 NULL, /* gnutls_require_kx */
243 NULL, /* gnutls_require_mac */
244 NULL, /* gnutls_require_proto */
245 NULL, /* tls_sni */
246 NULL, /* tls_verify_certificates */
247 EXIM_CLIENT_DH_DEFAULT_MIN_BITS,
248 /* tls_dh_min_bits */
249 TRUE, /* tls_tempfail_tryclear */
250 NULL, /* tls_verify_hosts */
251 NULL /* tls_try_verify_hosts */
252 # ifdef EXPERIMENTAL_CERTNAMES
253 ,NULL /* tls_verify_cert_hostnames */
254 # endif
255 #endif
256 #ifndef DISABLE_DKIM
257 ,NULL, /* dkim_canon */
258 NULL, /* dkim_domain */
259 NULL, /* dkim_private_key */
260 NULL, /* dkim_selector */
261 NULL, /* dkim_sign_headers */
262 NULL /* dkim_strict */
263 #endif
264 #ifdef EXPERIMENTAL_TPDA
265 ,NULL /* tpda_host_defer_action */
266 #endif
267 };
268
269 #ifdef EXPERIMENTAL_DSN
270 /* some DSN flags for use later */
271
272 static int rf_list[] = {rf_notify_never, rf_notify_success,
273 rf_notify_failure, rf_notify_delay };
274
275 static uschar *rf_names[] = { "NEVER", "SUCCESS", "FAILURE", "DELAY" };
276 #endif
277
278
279
280 /* Local statics */
281
282 static uschar *smtp_command; /* Points to last cmd for error messages */
283 static uschar *mail_command; /* Points to MAIL cmd for error messages */
284 static BOOL update_waiting; /* TRUE to update the "wait" database */
285
286
287 /*************************************************
288 * Setup entry point *
289 *************************************************/
290
291 /* This function is called when the transport is about to be used,
292 but before running it in a sub-process. It is used for two things:
293
294 (1) To set the fallback host list in addresses, when delivering.
295 (2) To pass back the interface, port, protocol, and other options, for use
296 during callout verification.
297
298 Arguments:
299 tblock pointer to the transport instance block
300 addrlist list of addresses about to be transported
301 tf if not NULL, pointer to block in which to return options
302 uid the uid that will be set (not used)
303 gid the gid that will be set (not used)
304 errmsg place for error message (not used)
305
306 Returns: OK always (FAIL, DEFER not used)
307 */
308
309 static int
310 smtp_transport_setup(transport_instance *tblock, address_item *addrlist,
311 transport_feedback *tf, uid_t uid, gid_t gid, uschar **errmsg)
312 {
313 smtp_transport_options_block *ob =
314 (smtp_transport_options_block *)(tblock->options_block);
315
316 errmsg = errmsg; /* Keep picky compilers happy */
317 uid = uid;
318 gid = gid;
319
320 /* Pass back options if required. This interface is getting very messy. */
321
322 if (tf != NULL)
323 {
324 tf->interface = ob->interface;
325 tf->port = ob->port;
326 tf->protocol = ob->protocol;
327 tf->hosts = ob->hosts;
328 tf->hosts_override = ob->hosts_override;
329 tf->hosts_randomize = ob->hosts_randomize;
330 tf->gethostbyname = ob->gethostbyname;
331 tf->qualify_single = ob->dns_qualify_single;
332 tf->search_parents = ob->dns_search_parents;
333 tf->helo_data = ob->helo_data;
334 }
335
336 /* Set the fallback host list for all the addresses that don't have fallback
337 host lists, provided that the local host wasn't present in the original host
338 list. */
339
340 if (!testflag(addrlist, af_local_host_removed))
341 {
342 for (; addrlist != NULL; addrlist = addrlist->next)
343 if (addrlist->fallback_hosts == NULL)
344 addrlist->fallback_hosts = ob->fallback_hostlist;
345 }
346
347 return OK;
348 }
349
350
351
352 /*************************************************
353 * Initialization entry point *
354 *************************************************/
355
356 /* Called for each instance, after its options have been read, to
357 enable consistency checks to be done, or anything else that needs
358 to be set up.
359
360 Argument: pointer to the transport instance block
361 Returns: nothing
362 */
363
364 void
365 smtp_transport_init(transport_instance *tblock)
366 {
367 smtp_transport_options_block *ob =
368 (smtp_transport_options_block *)(tblock->options_block);
369
370 /* Retry_use_local_part defaults FALSE if unset */
371
372 if (tblock->retry_use_local_part == TRUE_UNSET)
373 tblock->retry_use_local_part = FALSE;
374
375 /* Set the default port according to the protocol */
376
377 if (ob->port == NULL)
378 ob->port = (strcmpic(ob->protocol, US"lmtp") == 0)? US"lmtp" :
379 (strcmpic(ob->protocol, US"smtps") == 0)? US"smtps" : US"smtp";
380
381 /* Set up the setup entry point, to be called before subprocesses for this
382 transport. */
383
384 tblock->setup = smtp_transport_setup;
385
386 /* Complain if any of the timeouts are zero. */
387
388 if (ob->command_timeout <= 0 || ob->data_timeout <= 0 ||
389 ob->final_timeout <= 0)
390 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
391 "command, data, or final timeout value is zero for %s transport",
392 tblock->name);
393
394 /* If hosts_override is set and there are local hosts, set the global
395 flag that stops verify from showing router hosts. */
396
397 if (ob->hosts_override && ob->hosts != NULL) tblock->overrides_hosts = TRUE;
398
399 /* If there are any fallback hosts listed, build a chain of host items
400 for them, but do not do any lookups at this time. */
401
402 host_build_hostlist(&(ob->fallback_hostlist), ob->fallback_hosts, FALSE);
403 }
404
405
406
407
408
409 /*************************************************
410 * Set delivery info into all active addresses *
411 *************************************************/
412
413 /* Only addresses whose status is >= PENDING are relevant. A lesser
414 status means that an address is not currently being processed.
415
416 Arguments:
417 addrlist points to a chain of addresses
418 errno_value to put in each address's errno field
419 msg to put in each address's message field
420 rc to put in each address's transport_return field
421 pass_message if TRUE, set the "pass message" flag in the address
422
423 If errno_value has the special value ERRNO_CONNECTTIMEOUT, ETIMEDOUT is put in
424 the errno field, and RTEF_CTOUT is ORed into the more_errno field, to indicate
425 this particular type of timeout.
426
427 Returns: nothing
428 */
429
430 static void
431 set_errno(address_item *addrlist, int errno_value, uschar *msg, int rc,
432 BOOL pass_message)
433 {
434 address_item *addr;
435 int orvalue = 0;
436 if (errno_value == ERRNO_CONNECTTIMEOUT)
437 {
438 errno_value = ETIMEDOUT;
439 orvalue = RTEF_CTOUT;
440 }
441 for (addr = addrlist; addr != NULL; addr = addr->next)
442 {
443 if (addr->transport_return < PENDING) continue;
444 addr->basic_errno = errno_value;
445 addr->more_errno |= orvalue;
446 if (msg != NULL)
447 {
448 addr->message = msg;
449 if (pass_message) setflag(addr, af_pass_message);
450 }
451 addr->transport_return = rc;
452 }
453 }
454
455
456
457 /*************************************************
458 * Check an SMTP response *
459 *************************************************/
460
461 /* This function is given an errno code and the SMTP response buffer
462 to analyse, together with the host identification for generating messages. It
463 sets an appropriate message and puts the first digit of the response code into
464 the yield variable. If no response was actually read, a suitable digit is
465 chosen.
466
467 Arguments:
468 host the current host, to get its name for messages
469 errno_value pointer to the errno value
470 more_errno from the top address for use with ERRNO_FILTER_FAIL
471 buffer the SMTP response buffer
472 yield where to put a one-digit SMTP response code
473 message where to put an errror message
474 pass_message set TRUE if message is an SMTP response
475
476 Returns: TRUE if an SMTP "QUIT" command should be sent, else FALSE
477 */
478
479 static BOOL check_response(host_item *host, int *errno_value, int more_errno,
480 uschar *buffer, int *yield, uschar **message, BOOL *pass_message)
481 {
482 uschar *pl = US"";
483
484 if (smtp_use_pipelining &&
485 (Ustrcmp(smtp_command, "MAIL") == 0 ||
486 Ustrcmp(smtp_command, "RCPT") == 0 ||
487 Ustrcmp(smtp_command, "DATA") == 0))
488 pl = US"pipelined ";
489
490 *yield = '4'; /* Default setting is to give a temporary error */
491
492 /* Handle response timeout */
493
494 if (*errno_value == ETIMEDOUT)
495 {
496 *message = US string_sprintf("SMTP timeout while connected to %s [%s] "
497 "after %s%s", host->name, host->address, pl, smtp_command);
498 if (transport_count > 0)
499 *message = US string_sprintf("%s (%d bytes written)", *message,
500 transport_count);
501 return FALSE;
502 }
503
504 /* Handle malformed SMTP response */
505
506 if (*errno_value == ERRNO_SMTPFORMAT)
507 {
508 uschar *malfresp = string_printing(buffer);
509 while (isspace(*malfresp)) malfresp++;
510 if (*malfresp == 0)
511 *message = string_sprintf("Malformed SMTP reply (an empty line) from "
512 "%s [%s] in response to %s%s", host->name, host->address, pl,
513 smtp_command);
514 else
515 *message = string_sprintf("Malformed SMTP reply from %s [%s] in response "
516 "to %s%s: %s", host->name, host->address, pl, smtp_command, malfresp);
517 return FALSE;
518 }
519
520 /* Handle a failed filter process error; can't send QUIT as we mustn't
521 end the DATA. */
522
523 if (*errno_value == ERRNO_FILTER_FAIL)
524 {
525 *message = US string_sprintf("transport filter process failed (%d)%s",
526 more_errno,
527 (more_errno == EX_EXECFAILED)? ": unable to execute command" : "");
528 return FALSE;
529 }
530
531 /* Handle a failed add_headers expansion; can't send QUIT as we mustn't
532 end the DATA. */
533
534 if (*errno_value == ERRNO_CHHEADER_FAIL)
535 {
536 *message =
537 US string_sprintf("failed to expand headers_add or headers_remove: %s",
538 expand_string_message);
539 return FALSE;
540 }
541
542 /* Handle failure to write a complete data block */
543
544 if (*errno_value == ERRNO_WRITEINCOMPLETE)
545 {
546 *message = US string_sprintf("failed to write a data block");
547 return FALSE;
548 }
549
550 /* Handle error responses from the remote mailer. */
551
552 if (buffer[0] != 0)
553 {
554 uschar *s = string_printing(buffer);
555 *message = US string_sprintf("SMTP error from remote mail server after %s%s: "
556 "host %s [%s]: %s", pl, smtp_command, host->name, host->address, s);
557 *pass_message = TRUE;
558 *yield = buffer[0];
559 return TRUE;
560 }
561
562 /* No data was read. If there is no errno, this must be the EOF (i.e.
563 connection closed) case, which causes deferral. An explicit connection reset
564 error has the same effect. Otherwise, put the host's identity in the message,
565 leaving the errno value to be interpreted as well. In all cases, we have to
566 assume the connection is now dead. */
567
568 if (*errno_value == 0 || *errno_value == ECONNRESET)
569 {
570 *errno_value = ERRNO_SMTPCLOSED;
571 *message = US string_sprintf("Remote host %s [%s] closed connection "
572 "in response to %s%s", host->name, host->address, pl, smtp_command);
573 }
574 else *message = US string_sprintf("%s [%s]", host->name, host->address);
575
576 return FALSE;
577 }
578
579
580
581 /*************************************************
582 * Write error message to logs *
583 *************************************************/
584
585 /* This writes to the main log and to the message log.
586
587 Arguments:
588 addr the address item containing error information
589 host the current host
590
591 Returns: nothing
592 */
593
594 static void
595 write_logs(address_item *addr, host_item *host)
596 {
597 if (addr->message != NULL)
598 {
599 uschar *message = addr->message;
600 if (addr->basic_errno > 0)
601 message = string_sprintf("%s: %s", message, strerror(addr->basic_errno));
602 log_write(0, LOG_MAIN, "%s", message);
603 deliver_msglog("%s %s\n", tod_stamp(tod_log), message);
604 }
605 else
606 {
607 uschar *msg =
608 ((log_extra_selector & LX_outgoing_port) != 0)?
609 string_sprintf("%s [%s]:%d", host->name, host->address,
610 (host->port == PORT_NONE)? 25 : host->port)
611 :
612 string_sprintf("%s [%s]", host->name, host->address);
613 log_write(0, LOG_MAIN, "%s %s", msg, strerror(addr->basic_errno));
614 deliver_msglog("%s %s %s\n", tod_stamp(tod_log), msg,
615 strerror(addr->basic_errno));
616 }
617 }
618
619
620
621 #ifdef EXPERIMENTAL_TPDA
622 /*************************************************
623 * Post-defer action *
624 *************************************************/
625
626 /* This expands an arbitrary per-transport string.
627 It might, for example, be used to write to the database log.
628
629 Arguments:
630 ob transport options block
631 addr the address item containing error information
632 host the current host
633
634 Returns: nothing
635 */
636
637 static void
638 tpda_deferred(smtp_transport_options_block *ob, address_item *addr, host_item *host)
639 {
640 uschar *action = ob->tpda_host_defer_action;
641 if (!action)
642 return;
643
644 tpda_delivery_ip = string_copy(host->address);
645 tpda_delivery_port = (host->port == PORT_NONE)? 25 : host->port;
646 tpda_delivery_fqdn = string_copy(host->name);
647 tpda_delivery_local_part = string_copy(addr->local_part);
648 tpda_delivery_domain = string_copy(addr->domain);
649 tpda_defer_errno = addr->basic_errno;
650
651 tpda_defer_errstr = addr->message
652 ? addr->basic_errno > 0
653 ? string_sprintf("%s: %s", addr->message, strerror(addr->basic_errno))
654 : string_copy(addr->message)
655 : addr->basic_errno > 0
656 ? string_copy(US strerror(addr->basic_errno))
657 : NULL;
658
659 DEBUG(D_transport)
660 debug_printf(" TPDA(host defer): tpda_host_defer_action=|%s| tpda_delivery_IP=%s\n",
661 action, tpda_delivery_ip);
662
663 router_name = addr->router->name;
664 transport_name = addr->transport->name;
665 if (!expand_string(action) && *expand_string_message)
666 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand tpda_defer_action in %s: %s\n",
667 transport_name, expand_string_message);
668 router_name = transport_name = NULL;
669 }
670 #endif
671
672
673
674 /*************************************************
675 * Synchronize SMTP responses *
676 *************************************************/
677
678 /* This function is called from smtp_deliver() to receive SMTP responses from
679 the server, and match them up with the commands to which they relate. When
680 PIPELINING is not in use, this function is called after every command, and is
681 therefore somewhat over-engineered, but it is simpler to use a single scheme
682 that works both with and without PIPELINING instead of having two separate sets
683 of code.
684
685 The set of commands that are buffered up with pipelining may start with MAIL
686 and may end with DATA; in between are RCPT commands that correspond to the
687 addresses whose status is PENDING_DEFER. All other commands (STARTTLS, AUTH,
688 etc.) are never buffered.
689
690 Errors after MAIL or DATA abort the whole process leaving the response in the
691 buffer. After MAIL, pending responses are flushed, and the original command is
692 re-instated in big_buffer for error messages. For RCPT commands, the remote is
693 permitted to reject some recipient addresses while accepting others. However
694 certain errors clearly abort the whole process. Set the value in
695 transport_return to PENDING_OK if the address is accepted. If there is a
696 subsequent general error, it will get reset accordingly. If not, it will get
697 converted to OK at the end.
698
699 Arguments:
700 addrlist the complete address list
701 include_affixes TRUE if affixes include in RCPT
702 sync_addr ptr to the ptr of the one to start scanning at (updated)
703 host the host we are connected to
704 count the number of responses to read
705 address_retry_
706 include_sender true if 4xx retry is to include the sender it its key
707 pending_MAIL true if the first response is for MAIL
708 pending_DATA 0 if last command sent was not DATA
709 +1 if previously had a good recipient
710 -1 if not previously had a good recipient
711 inblock incoming SMTP block
712 timeout timeout value
713 buffer buffer for reading response
714 buffsize size of buffer
715
716 Returns: 3 if at least one address had 2xx and one had 5xx
717 2 if at least one address had 5xx but none had 2xx
718 1 if at least one host had a 2xx response, but none had 5xx
719 0 no address had 2xx or 5xx but no errors (all 4xx, or just DATA)
720 -1 timeout while reading RCPT response
721 -2 I/O or other non-response error for RCPT
722 -3 DATA or MAIL failed - errno and buffer set
723 */
724
725 static int
726 sync_responses(address_item *addrlist, BOOL include_affixes,
727 address_item **sync_addr, host_item *host, int count,
728 BOOL address_retry_include_sender, BOOL pending_MAIL,
729 int pending_DATA, smtp_inblock *inblock, int timeout, uschar *buffer,
730 int buffsize)
731 {
732 address_item *addr = *sync_addr;
733 int yield = 0;
734
735 /* Handle the response for a MAIL command. On error, reinstate the original
736 command in big_buffer for error message use, and flush any further pending
737 responses before returning, except after I/O errors and timeouts. */
738
739 if (pending_MAIL)
740 {
741 count--;
742 if (!smtp_read_response(inblock, buffer, buffsize, '2', timeout))
743 {
744 Ustrcpy(big_buffer, mail_command); /* Fits, because it came from there! */
745 if (errno == 0 && buffer[0] != 0)
746 {
747 uschar flushbuffer[4096];
748 int save_errno = 0;
749 if (buffer[0] == '4')
750 {
751 save_errno = ERRNO_MAIL4XX;
752 addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
753 }
754 while (count-- > 0)
755 {
756 if (!smtp_read_response(inblock, flushbuffer, sizeof(flushbuffer),
757 '2', timeout)
758 && (errno != 0 || flushbuffer[0] == 0))
759 break;
760 }
761 errno = save_errno;
762 }
763 return -3;
764 }
765 }
766
767 if (pending_DATA) count--; /* Number of RCPT responses to come */
768
769 /* Read and handle the required number of RCPT responses, matching each one up
770 with an address by scanning for the next address whose status is PENDING_DEFER.
771 */
772
773 while (count-- > 0)
774 {
775 while (addr->transport_return != PENDING_DEFER) addr = addr->next;
776
777 /* The address was accepted */
778
779 if (smtp_read_response(inblock, buffer, buffsize, '2', timeout))
780 {
781 yield |= 1;
782 addr->transport_return = PENDING_OK;
783
784 /* If af_dr_retry_exists is set, there was a routing delay on this address;
785 ensure that any address-specific retry record is expunged. We do this both
786 for the basic key and for the version that also includes the sender. */
787
788 if (testflag(addr, af_dr_retry_exists))
789 {
790 uschar *altkey = string_sprintf("%s:<%s>", addr->address_retry_key,
791 sender_address);
792 retry_add_item(addr, altkey, rf_delete);
793 retry_add_item(addr, addr->address_retry_key, rf_delete);
794 }
795 }
796
797 /* Timeout while reading the response */
798
799 else if (errno == ETIMEDOUT)
800 {
801 int save_errno = errno;
802 uschar *message = string_sprintf("SMTP timeout while connected to %s [%s] "
803 "after RCPT TO:<%s>", host->name, host->address,
804 transport_rcpt_address(addr, include_affixes));
805 set_errno(addrlist, save_errno, message, DEFER, FALSE);
806 retry_add_item(addr, addr->address_retry_key, 0);
807 update_waiting = FALSE;
808 return -1;
809 }
810
811 /* Handle other errors in obtaining an SMTP response by returning -1. This
812 will cause all the addresses to be deferred. Restore the SMTP command in
813 big_buffer for which we are checking the response, so the error message
814 makes sense. */
815
816 else if (errno != 0 || buffer[0] == 0)
817 {
818 string_format(big_buffer, big_buffer_size, "RCPT TO:<%s>",
819 transport_rcpt_address(addr, include_affixes));
820 return -2;
821 }
822
823 /* Handle SMTP permanent and temporary response codes. */
824
825 else
826 {
827 addr->message =
828 string_sprintf("SMTP error from remote mail server after RCPT TO:<%s>: "
829 "host %s [%s]: %s", transport_rcpt_address(addr, include_affixes),
830 host->name, host->address, string_printing(buffer));
831 setflag(addr, af_pass_message);
832 deliver_msglog("%s %s\n", tod_stamp(tod_log), addr->message);
833
834 /* The response was 5xx */
835
836 if (buffer[0] == '5')
837 {
838 addr->transport_return = FAIL;
839 yield |= 2;
840 }
841
842 /* The response was 4xx */
843
844 else
845 {
846 addr->transport_return = DEFER;
847 addr->basic_errno = ERRNO_RCPT4XX;
848 addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
849
850 /* Log temporary errors if there are more hosts to be tried. */
851
852 if (host->next != NULL) log_write(0, LOG_MAIN, "%s", addr->message);
853
854 /* Do not put this message on the list of those waiting for specific
855 hosts, as otherwise it is likely to be tried too often. */
856
857 update_waiting = FALSE;
858
859 /* Add a retry item for the address so that it doesn't get tried again
860 too soon. If address_retry_include_sender is true, add the sender address
861 to the retry key. */
862
863 if (address_retry_include_sender)
864 {
865 uschar *altkey = string_sprintf("%s:<%s>", addr->address_retry_key,
866 sender_address);
867 retry_add_item(addr, altkey, 0);
868 }
869 else retry_add_item(addr, addr->address_retry_key, 0);
870 }
871 }
872 } /* Loop for next RCPT response */
873
874 /* Update where to start at for the next block of responses, unless we
875 have already handled all the addresses. */
876
877 if (addr != NULL) *sync_addr = addr->next;
878
879 /* Handle a response to DATA. If we have not had any good recipients, either
880 previously or in this block, the response is ignored. */
881
882 if (pending_DATA != 0 &&
883 !smtp_read_response(inblock, buffer, buffsize, '3', timeout))
884 {
885 int code;
886 uschar *msg;
887 BOOL pass_message;
888 if (pending_DATA > 0 || (yield & 1) != 0)
889 {
890 if (errno == 0 && buffer[0] == '4')
891 {
892 errno = ERRNO_DATA4XX;
893 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
894 }
895 return -3;
896 }
897 (void)check_response(host, &errno, 0, buffer, &code, &msg, &pass_message);
898 DEBUG(D_transport) debug_printf("%s\nerror for DATA ignored: pipelining "
899 "is in use and there were no good recipients\n", msg);
900 }
901
902 /* All responses read and handled; MAIL (if present) received 2xx and DATA (if
903 present) received 3xx. If any RCPTs were handled and yielded anything other
904 than 4xx, yield will be set non-zero. */
905
906 return yield;
907 }
908
909
910
911 /* Do the client side of smtp-level authentication */
912 /*
913 Arguments:
914 buffer EHLO response from server (gets overwritten)
915 addrlist chain of potential addresses to deliver
916 host host to deliver to
917 ob transport options
918 ibp, obp comms channel control blocks
919
920 Returns:
921 OK Success, or failed (but not required): global "smtp_authenticated" set
922 DEFER Failed authentication (and was required)
923 ERROR Internal problem
924
925 FAIL_SEND Failed communications - transmit
926 FAIL - response
927 */
928
929 int
930 smtp_auth(uschar *buffer, unsigned bufsize, address_item *addrlist, host_item *host,
931 smtp_transport_options_block *ob, BOOL is_esmtp,
932 smtp_inblock *ibp, smtp_outblock *obp)
933 {
934 int require_auth;
935 uschar *fail_reason = US"server did not advertise AUTH support";
936
937 smtp_authenticated = FALSE;
938 client_authenticator = client_authenticated_id = client_authenticated_sender = NULL;
939 require_auth = verify_check_this_host(&(ob->hosts_require_auth), NULL,
940 host->name, host->address, NULL);
941
942 if (is_esmtp && !regex_AUTH) regex_AUTH =
943 regex_must_compile(US"\\n250[\\s\\-]AUTH\\s+([\\-\\w\\s]+)(?:\\n|$)",
944 FALSE, TRUE);
945
946 if (is_esmtp && regex_match_and_setup(regex_AUTH, buffer, 0, -1))
947 {
948 uschar *names = string_copyn(expand_nstring[1], expand_nlength[1]);
949 expand_nmax = -1; /* reset */
950
951 /* Must not do this check until after we have saved the result of the
952 regex match above. */
953
954 if (require_auth == OK ||
955 verify_check_this_host(&(ob->hosts_try_auth), NULL, host->name,
956 host->address, NULL) == OK)
957 {
958 auth_instance *au;
959 fail_reason = US"no common mechanisms were found";
960
961 DEBUG(D_transport) debug_printf("scanning authentication mechanisms\n");
962
963 /* Scan the configured authenticators looking for one which is configured
964 for use as a client, which is not suppressed by client_condition, and
965 whose name matches an authentication mechanism supported by the server.
966 If one is found, attempt to authenticate by calling its client function.
967 */
968
969 for (au = auths; !smtp_authenticated && au != NULL; au = au->next)
970 {
971 uschar *p = names;
972 if (!au->client ||
973 (au->client_condition != NULL &&
974 !expand_check_condition(au->client_condition, au->name,
975 US"client authenticator")))
976 {
977 DEBUG(D_transport) debug_printf("skipping %s authenticator: %s\n",
978 au->name,
979 (au->client)? "client_condition is false" :
980 "not configured as a client");
981 continue;
982 }
983
984 /* Loop to scan supported server mechanisms */
985
986 while (*p != 0)
987 {
988 int rc;
989 int len = Ustrlen(au->public_name);
990 while (isspace(*p)) p++;
991
992 if (strncmpic(au->public_name, p, len) != 0 ||
993 (p[len] != 0 && !isspace(p[len])))
994 {
995 while (*p != 0 && !isspace(*p)) p++;
996 continue;
997 }
998
999 /* Found data for a listed mechanism. Call its client entry. Set
1000 a flag in the outblock so that data is overwritten after sending so
1001 that reflections don't show it. */
1002
1003 fail_reason = US"authentication attempt(s) failed";
1004 obp->authenticating = TRUE;
1005 rc = (au->info->clientcode)(au, ibp, obp,
1006 ob->command_timeout, buffer, bufsize);
1007 obp->authenticating = FALSE;
1008 DEBUG(D_transport) debug_printf("%s authenticator yielded %d\n",
1009 au->name, rc);
1010
1011 /* A temporary authentication failure must hold up delivery to
1012 this host. After a permanent authentication failure, we carry on
1013 to try other authentication methods. If all fail hard, try to
1014 deliver the message unauthenticated unless require_auth was set. */
1015
1016 switch(rc)
1017 {
1018 case OK:
1019 smtp_authenticated = TRUE; /* stops the outer loop */
1020 client_authenticator = au->name;
1021 if (au->set_client_id != NULL)
1022 client_authenticated_id = expand_string(au->set_client_id);
1023 break;
1024
1025 /* Failure after writing a command */
1026
1027 case FAIL_SEND:
1028 return FAIL_SEND;
1029
1030 /* Failure after reading a response */
1031
1032 case FAIL:
1033 if (errno != 0 || buffer[0] != '5') return FAIL;
1034 log_write(0, LOG_MAIN, "%s authenticator failed H=%s [%s] %s",
1035 au->name, host->name, host->address, buffer);
1036 break;
1037
1038 /* Failure by some other means. In effect, the authenticator
1039 decided it wasn't prepared to handle this case. Typically this
1040 is the result of "fail" in an expansion string. Do we need to
1041 log anything here? Feb 2006: a message is now put in the buffer
1042 if logging is required. */
1043
1044 case CANCELLED:
1045 if (*buffer != 0)
1046 log_write(0, LOG_MAIN, "%s authenticator cancelled "
1047 "authentication H=%s [%s] %s", au->name, host->name,
1048 host->address, buffer);
1049 break;
1050
1051 /* Internal problem, message in buffer. */
1052
1053 case ERROR:
1054 set_errno(addrlist, 0, string_copy(buffer), DEFER, FALSE);
1055 return ERROR;
1056 }
1057
1058 break; /* If not authenticated, try next authenticator */
1059 } /* Loop for scanning supported server mechanisms */
1060 } /* Loop for further authenticators */
1061 }
1062 }
1063
1064 /* If we haven't authenticated, but are required to, give up. */
1065
1066 if (require_auth == OK && !smtp_authenticated)
1067 {
1068 set_errno(addrlist, ERRNO_AUTHFAIL,
1069 string_sprintf("authentication required but %s", fail_reason), DEFER,
1070 FALSE);
1071 return DEFER;
1072 }
1073
1074 return OK;
1075 }
1076
1077
1078 /* Construct AUTH appendix string for MAIL TO */
1079 /*
1080 Arguments
1081 buffer to build string
1082 addrlist chain of potential addresses to deliver
1083 ob transport options
1084
1085 Globals smtp_authenticated
1086 client_authenticated_sender
1087 Return True on error, otherwise buffer has (possibly empty) terminated string
1088 */
1089
1090 BOOL
1091 smtp_mail_auth_str(uschar *buffer, unsigned bufsize, address_item *addrlist,
1092 smtp_transport_options_block *ob)
1093 {
1094 uschar *local_authenticated_sender = authenticated_sender;
1095
1096 #ifdef notdef
1097 debug_printf("smtp_mail_auth_str: as<%s> os<%s> SA<%s>\n", authenticated_sender, ob->authenticated_sender, smtp_authenticated?"Y":"N");
1098 #endif
1099
1100 if (ob->authenticated_sender != NULL)
1101 {
1102 uschar *new = expand_string(ob->authenticated_sender);
1103 if (new == NULL)
1104 {
1105 if (!expand_string_forcedfail)
1106 {
1107 uschar *message = string_sprintf("failed to expand "
1108 "authenticated_sender: %s", expand_string_message);
1109 set_errno(addrlist, 0, message, DEFER, FALSE);
1110 return TRUE;
1111 }
1112 }
1113 else if (new[0] != 0) local_authenticated_sender = new;
1114 }
1115
1116 /* Add the authenticated sender address if present */
1117
1118 if ((smtp_authenticated || ob->authenticated_sender_force) &&
1119 local_authenticated_sender != NULL)
1120 {
1121 string_format(buffer, bufsize, " AUTH=%s",
1122 auth_xtextencode(local_authenticated_sender,
1123 Ustrlen(local_authenticated_sender)));
1124 client_authenticated_sender = string_copy(local_authenticated_sender);
1125 }
1126 else
1127 *buffer= 0;
1128
1129 return FALSE;
1130 }
1131
1132
1133
1134 /*************************************************
1135 * Deliver address list to given host *
1136 *************************************************/
1137
1138 /* If continue_hostname is not null, we get here only when continuing to
1139 deliver down an existing channel. The channel was passed as the standard
1140 input. TLS is never active on a passed channel; the previous process always
1141 closes it down before passing the connection on.
1142
1143 Otherwise, we have to make a connection to the remote host, and do the
1144 initial protocol exchange.
1145
1146 When running as an MUA wrapper, if the sender or any recipient is rejected,
1147 temporarily or permanently, we force failure for all recipients.
1148
1149 Arguments:
1150 addrlist chain of potential addresses to deliver; only those whose
1151 transport_return field is set to PENDING_DEFER are currently
1152 being processed; others should be skipped - they have either
1153 been delivered to an earlier host or IP address, or been
1154 failed by one of them.
1155 host host to deliver to
1156 host_af AF_INET or AF_INET6
1157 port default TCP/IP port to use, in host byte order
1158 interface interface to bind to, or NULL
1159 tblock transport instance block
1160 copy_host TRUE if host set in addr->host_used must be copied, because
1161 it is specific to this call of the transport
1162 message_defer set TRUE if yield is OK, but all addresses were deferred
1163 because of a non-recipient, non-host failure, that is, a
1164 4xx response to MAIL FROM, DATA, or ".". This is a defer
1165 that is specific to the message.
1166 suppress_tls if TRUE, don't attempt a TLS connection - this is set for
1167 a second attempt after TLS initialization fails
1168
1169 Returns: OK - the connection was made and the delivery attempted;
1170 the result for each address is in its data block.
1171 DEFER - the connection could not be made, or something failed
1172 while setting up the SMTP session, or there was a
1173 non-message-specific error, such as a timeout.
1174 ERROR - a filter command is specified for this transport,
1175 and there was a problem setting it up; OR helo_data
1176 or add_headers or authenticated_sender is specified
1177 for this transport, and the string failed to expand
1178 */
1179
1180 static int
1181 smtp_deliver(address_item *addrlist, host_item *host, int host_af, int port,
1182 uschar *interface, transport_instance *tblock, BOOL copy_host,
1183 BOOL *message_defer, BOOL suppress_tls)
1184 {
1185 address_item *addr;
1186 address_item *sync_addr;
1187 address_item *first_addr = addrlist;
1188 int yield = OK;
1189 int address_count;
1190 int save_errno;
1191 int rc;
1192 time_t start_delivery_time = time(NULL);
1193 smtp_transport_options_block *ob =
1194 (smtp_transport_options_block *)(tblock->options_block);
1195 BOOL lmtp = strcmpic(ob->protocol, US"lmtp") == 0;
1196 BOOL smtps = strcmpic(ob->protocol, US"smtps") == 0;
1197 BOOL ok = FALSE;
1198 BOOL send_rset = TRUE;
1199 BOOL send_quit = TRUE;
1200 BOOL setting_up = TRUE;
1201 BOOL completed_address = FALSE;
1202 BOOL esmtp = TRUE;
1203 BOOL pending_MAIL;
1204 BOOL pass_message = FALSE;
1205 #ifndef DISABLE_PRDR
1206 BOOL prdr_offered = FALSE;
1207 BOOL prdr_active;
1208 #endif
1209 #ifdef EXPERIMENTAL_DSN
1210 BOOL dsn_all_lasthop = TRUE;
1211 #endif
1212 smtp_inblock inblock;
1213 smtp_outblock outblock;
1214 int max_rcpt = tblock->max_addresses;
1215 uschar *igquotstr = US"";
1216 uschar *helo_data = NULL;
1217 uschar *message = NULL;
1218 uschar new_message_id[MESSAGE_ID_LENGTH + 1];
1219 uschar *p;
1220 uschar buffer[4096];
1221 uschar inbuffer[4096];
1222 uschar outbuffer[1024];
1223
1224 suppress_tls = suppress_tls; /* stop compiler warning when no TLS support */
1225
1226 *message_defer = FALSE;
1227 smtp_command = US"initial connection";
1228 if (max_rcpt == 0) max_rcpt = 999999;
1229
1230 /* Set up the buffer for reading SMTP response packets. */
1231
1232 inblock.buffer = inbuffer;
1233 inblock.buffersize = sizeof(inbuffer);
1234 inblock.ptr = inbuffer;
1235 inblock.ptrend = inbuffer;
1236
1237 /* Set up the buffer for holding SMTP commands while pipelining */
1238
1239 outblock.buffer = outbuffer;
1240 outblock.buffersize = sizeof(outbuffer);
1241 outblock.ptr = outbuffer;
1242 outblock.cmd_count = 0;
1243 outblock.authenticating = FALSE;
1244
1245 /* Reset the parameters of a TLS session. */
1246
1247 tls_out.bits = 0;
1248 tls_out.cipher = NULL; /* the one we may use for this transport */
1249 tls_out.ourcert = NULL;
1250 tls_out.peercert = NULL;
1251 tls_out.peerdn = NULL;
1252 #if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
1253 tls_out.sni = NULL;
1254 #endif
1255 tls_out.ocsp = OCSP_NOT_REQ;
1256
1257 /* Flip the legacy TLS-related variables over to the outbound set in case
1258 they're used in the context of the transport. Don't bother resetting
1259 afterward as we're in a subprocess. */
1260
1261 tls_modify_variables(&tls_out);
1262
1263 #ifndef SUPPORT_TLS
1264 if (smtps)
1265 {
1266 set_errno(addrlist, 0, US"TLS support not available", DEFER, FALSE);
1267 return ERROR;
1268 }
1269 #endif
1270
1271 /* Make a connection to the host if this isn't a continued delivery, and handle
1272 the initial interaction and HELO/EHLO/LHLO. Connect timeout errors are handled
1273 specially so they can be identified for retries. */
1274
1275 if (continue_hostname == NULL)
1276 {
1277 inblock.sock = outblock.sock =
1278 smtp_connect(host, host_af, port, interface, ob->connect_timeout,
1279 ob->keepalive, ob->dscp); /* This puts port into host->port */
1280
1281 if (inblock.sock < 0)
1282 {
1283 set_errno(addrlist, (errno == ETIMEDOUT)? ERRNO_CONNECTTIMEOUT : errno,
1284 NULL, DEFER, FALSE);
1285 return DEFER;
1286 }
1287
1288 /* Expand the greeting message while waiting for the initial response. (Makes
1289 sense if helo_data contains ${lookup dnsdb ...} stuff). The expansion is
1290 delayed till here so that $sending_interface and $sending_port are set. */
1291
1292 helo_data = expand_string(ob->helo_data);
1293
1294 /* The first thing is to wait for an initial OK response. The dreaded "goto"
1295 is nevertheless a reasonably clean way of programming this kind of logic,
1296 where you want to escape on any error. */
1297
1298 if (!smtps)
1299 {
1300 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1301 ob->command_timeout)) goto RESPONSE_FAILED;
1302
1303 /* Now check if the helo_data expansion went well, and sign off cleanly if
1304 it didn't. */
1305
1306 if (helo_data == NULL)
1307 {
1308 uschar *message = string_sprintf("failed to expand helo_data: %s",
1309 expand_string_message);
1310 set_errno(addrlist, 0, message, DEFER, FALSE);
1311 yield = DEFER;
1312 goto SEND_QUIT;
1313 }
1314 }
1315
1316 /** Debugging without sending a message
1317 addrlist->transport_return = DEFER;
1318 goto SEND_QUIT;
1319 **/
1320
1321 /* Errors that occur after this point follow an SMTP command, which is
1322 left in big_buffer by smtp_write_command() for use in error messages. */
1323
1324 smtp_command = big_buffer;
1325
1326 /* Tell the remote who we are...
1327
1328 February 1998: A convention has evolved that ESMTP-speaking MTAs include the
1329 string "ESMTP" in their greeting lines, so make Exim send EHLO if the
1330 greeting is of this form. The assumption was that the far end supports it
1331 properly... but experience shows that there are some that give 5xx responses,
1332 even though the banner includes "ESMTP" (there's a bloody-minded one that
1333 says "ESMTP not spoken here"). Cope with that case.
1334
1335 September 2000: Time has passed, and it seems reasonable now to always send
1336 EHLO at the start. It is also convenient to make the change while installing
1337 the TLS stuff.
1338
1339 July 2003: Joachim Wieland met a broken server that advertises "PIPELINING"
1340 but times out after sending MAIL FROM, RCPT TO and DATA all together. There
1341 would be no way to send out the mails, so there is now a host list
1342 "hosts_avoid_esmtp" that disables ESMTP for special hosts and solves the
1343 PIPELINING problem as well. Maybe it can also be useful to cure other
1344 problems with broken servers.
1345
1346 Exim originally sent "Helo" at this point and ran for nearly a year that way.
1347 Then somebody tried it with a Microsoft mailer... It seems that all other
1348 mailers use upper case for some reason (the RFC is quite clear about case
1349 independence) so, for peace of mind, I gave in. */
1350
1351 esmtp = verify_check_this_host(&(ob->hosts_avoid_esmtp), NULL,
1352 host->name, host->address, NULL) != OK;
1353
1354 /* Alas; be careful, since this goto is not an error-out, so conceivably
1355 we might set data between here and the target which we assume to exist
1356 and be usable. I can see this coming back to bite us. */
1357 #ifdef SUPPORT_TLS
1358 if (smtps)
1359 {
1360 tls_offered = TRUE;
1361 suppress_tls = FALSE;
1362 ob->tls_tempfail_tryclear = FALSE;
1363 smtp_command = US"SSL-on-connect";
1364 goto TLS_NEGOTIATE;
1365 }
1366 #endif
1367
1368 if (esmtp)
1369 {
1370 if (smtp_write_command(&outblock, FALSE, "%s %s\r\n",
1371 lmtp? "LHLO" : "EHLO", helo_data) < 0)
1372 goto SEND_FAILED;
1373 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1374 ob->command_timeout))
1375 {
1376 if (errno != 0 || buffer[0] == 0 || lmtp) goto RESPONSE_FAILED;
1377 esmtp = FALSE;
1378 }
1379 }
1380 else
1381 {
1382 DEBUG(D_transport)
1383 debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
1384 }
1385
1386 if (!esmtp)
1387 {
1388 if (smtp_write_command(&outblock, FALSE, "HELO %s\r\n", helo_data) < 0)
1389 goto SEND_FAILED;
1390 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1391 ob->command_timeout)) goto RESPONSE_FAILED;
1392 }
1393
1394 /* Set IGNOREQUOTA if the response to LHLO specifies support and the
1395 lmtp_ignore_quota option was set. */
1396
1397 igquotstr = (lmtp && ob->lmtp_ignore_quota &&
1398 pcre_exec(regex_IGNOREQUOTA, NULL, CS buffer, Ustrlen(CS buffer), 0,
1399 PCRE_EOPT, NULL, 0) >= 0)? US" IGNOREQUOTA" : US"";
1400
1401 /* Set tls_offered if the response to EHLO specifies support for STARTTLS. */
1402
1403 #ifdef SUPPORT_TLS
1404 tls_offered = esmtp &&
1405 pcre_exec(regex_STARTTLS, NULL, CS buffer, Ustrlen(buffer), 0,
1406 PCRE_EOPT, NULL, 0) >= 0;
1407 #endif
1408
1409 #ifndef DISABLE_PRDR
1410 prdr_offered = esmtp &&
1411 (pcre_exec(regex_PRDR, NULL, CS buffer, Ustrlen(buffer), 0,
1412 PCRE_EOPT, NULL, 0) >= 0) &&
1413 (verify_check_this_host(&(ob->hosts_try_prdr), NULL, host->name,
1414 host->address, NULL) == OK);
1415
1416 if (prdr_offered)
1417 {DEBUG(D_transport) debug_printf("PRDR usable\n");}
1418 #endif
1419 }
1420
1421 /* For continuing deliveries down the same channel, the socket is the standard
1422 input, and we don't need to redo EHLO here (but may need to do so for TLS - see
1423 below). Set up the pointer to where subsequent commands will be left, for
1424 error messages. Note that smtp_use_size and smtp_use_pipelining will have been
1425 set from the command line if they were set in the process that passed the
1426 connection on. */
1427
1428 else
1429 {
1430 inblock.sock = outblock.sock = fileno(stdin);
1431 smtp_command = big_buffer;
1432 host->port = port; /* Record the port that was used */
1433 }
1434
1435 /* If TLS is available on this connection, whether continued or not, attempt to
1436 start up a TLS session, unless the host is in hosts_avoid_tls. If successful,
1437 send another EHLO - the server may give a different answer in secure mode. We
1438 use a separate buffer for reading the response to STARTTLS so that if it is
1439 negative, the original EHLO data is available for subsequent analysis, should
1440 the client not be required to use TLS. If the response is bad, copy the buffer
1441 for error analysis. */
1442
1443 #ifdef SUPPORT_TLS
1444 if (tls_offered && !suppress_tls &&
1445 verify_check_this_host(&(ob->hosts_avoid_tls), NULL, host->name,
1446 host->address, NULL) != OK)
1447 {
1448 uschar buffer2[4096];
1449 if (smtp_write_command(&outblock, FALSE, "STARTTLS\r\n") < 0)
1450 goto SEND_FAILED;
1451
1452 /* If there is an I/O error, transmission of this message is deferred. If
1453 there is a temporary rejection of STARRTLS and tls_tempfail_tryclear is
1454 false, we also defer. However, if there is a temporary rejection of STARTTLS
1455 and tls_tempfail_tryclear is true, or if there is an outright rejection of
1456 STARTTLS, we carry on. This means we will try to send the message in clear,
1457 unless the host is in hosts_require_tls (tested below). */
1458
1459 if (!smtp_read_response(&inblock, buffer2, sizeof(buffer2), '2',
1460 ob->command_timeout))
1461 {
1462 if (errno != 0 || buffer2[0] == 0 ||
1463 (buffer2[0] == '4' && !ob->tls_tempfail_tryclear))
1464 {
1465 Ustrncpy(buffer, buffer2, sizeof(buffer));
1466 goto RESPONSE_FAILED;
1467 }
1468 }
1469
1470 /* STARTTLS accepted: try to negotiate a TLS session. */
1471
1472 else
1473 TLS_NEGOTIATE:
1474 {
1475 int rc = tls_client_start(inblock.sock, host, addrlist, ob);
1476
1477 /* TLS negotiation failed; give an error. From outside, this function may
1478 be called again to try in clear on a new connection, if the options permit
1479 it for this host. */
1480
1481 if (rc != OK)
1482 {
1483 save_errno = ERRNO_TLSFAILURE;
1484 message = US"failure while setting up TLS session";
1485 send_quit = FALSE;
1486 goto TLS_FAILED;
1487 }
1488
1489 /* TLS session is set up */
1490
1491 for (addr = addrlist; addr != NULL; addr = addr->next)
1492 {
1493 if (addr->transport_return == PENDING_DEFER)
1494 {
1495 addr->cipher = tls_out.cipher;
1496 addr->ourcert = tls_out.ourcert;
1497 addr->peercert = tls_out.peercert;
1498 addr->peerdn = tls_out.peerdn;
1499 addr->ocsp = tls_out.ocsp;
1500 }
1501 }
1502 }
1503 }
1504
1505 /* if smtps, we'll have smtp_command set to something else; always safe to
1506 reset it here. */
1507 smtp_command = big_buffer;
1508
1509 /* If we started TLS, redo the EHLO/LHLO exchange over the secure channel. If
1510 helo_data is null, we are dealing with a connection that was passed from
1511 another process, and so we won't have expanded helo_data above. We have to
1512 expand it here. $sending_ip_address and $sending_port are set up right at the
1513 start of the Exim process (in exim.c). */
1514
1515 if (tls_out.active >= 0)
1516 {
1517 char *greeting_cmd;
1518 if (helo_data == NULL)
1519 {
1520 helo_data = expand_string(ob->helo_data);
1521 if (helo_data == NULL)
1522 {
1523 uschar *message = string_sprintf("failed to expand helo_data: %s",
1524 expand_string_message);
1525 set_errno(addrlist, 0, message, DEFER, FALSE);
1526 yield = DEFER;
1527 goto SEND_QUIT;
1528 }
1529 }
1530
1531 /* For SMTPS we need to wait for the initial OK response. */
1532 if (smtps)
1533 {
1534 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1535 ob->command_timeout)) goto RESPONSE_FAILED;
1536 }
1537
1538 if (esmtp)
1539 greeting_cmd = "EHLO";
1540 else
1541 {
1542 greeting_cmd = "HELO";
1543 DEBUG(D_transport)
1544 debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
1545 }
1546
1547 if (smtp_write_command(&outblock, FALSE, "%s %s\r\n",
1548 lmtp? "LHLO" : greeting_cmd, helo_data) < 0)
1549 goto SEND_FAILED;
1550 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1551 ob->command_timeout))
1552 goto RESPONSE_FAILED;
1553 }
1554
1555 /* If the host is required to use a secure channel, ensure that we
1556 have one. */
1557
1558 else if (verify_check_this_host(&(ob->hosts_require_tls), NULL, host->name,
1559 host->address, NULL) == OK)
1560 {
1561 save_errno = ERRNO_TLSREQUIRED;
1562 message = string_sprintf("a TLS session is required for %s [%s], but %s",
1563 host->name, host->address,
1564 tls_offered? "an attempt to start TLS failed" :
1565 "the server did not offer TLS support");
1566 goto TLS_FAILED;
1567 }
1568 #endif
1569
1570 /* If TLS is active, we have just started it up and re-done the EHLO command,
1571 so its response needs to be analyzed. If TLS is not active and this is a
1572 continued session down a previously-used socket, we haven't just done EHLO, so
1573 we skip this. */
1574
1575 if (continue_hostname == NULL
1576 #ifdef SUPPORT_TLS
1577 || tls_out.active >= 0
1578 #endif
1579 )
1580 {
1581 /* Set for IGNOREQUOTA if the response to LHLO specifies support and the
1582 lmtp_ignore_quota option was set. */
1583
1584 igquotstr = (lmtp && ob->lmtp_ignore_quota &&
1585 pcre_exec(regex_IGNOREQUOTA, NULL, CS buffer, Ustrlen(CS buffer), 0,
1586 PCRE_EOPT, NULL, 0) >= 0)? US" IGNOREQUOTA" : US"";
1587
1588 /* If the response to EHLO specified support for the SIZE parameter, note
1589 this, provided size_addition is non-negative. */
1590
1591 smtp_use_size = esmtp && ob->size_addition >= 0 &&
1592 pcre_exec(regex_SIZE, NULL, CS buffer, Ustrlen(CS buffer), 0,
1593 PCRE_EOPT, NULL, 0) >= 0;
1594
1595 /* Note whether the server supports PIPELINING. If hosts_avoid_esmtp matched
1596 the current host, esmtp will be false, so PIPELINING can never be used. If
1597 the current host matches hosts_avoid_pipelining, don't do it. */
1598
1599 smtp_use_pipelining = esmtp &&
1600 verify_check_this_host(&(ob->hosts_avoid_pipelining), NULL, host->name,
1601 host->address, NULL) != OK &&
1602 pcre_exec(regex_PIPELINING, NULL, CS buffer, Ustrlen(CS buffer), 0,
1603 PCRE_EOPT, NULL, 0) >= 0;
1604
1605 DEBUG(D_transport) debug_printf("%susing PIPELINING\n",
1606 smtp_use_pipelining? "" : "not ");
1607
1608 #ifndef DISABLE_PRDR
1609 prdr_offered = esmtp &&
1610 pcre_exec(regex_PRDR, NULL, CS buffer, Ustrlen(CS buffer), 0,
1611 PCRE_EOPT, NULL, 0) >= 0 &&
1612 verify_check_this_host(&(ob->hosts_try_prdr), NULL, host->name,
1613 host->address, NULL) == OK;
1614
1615 if (prdr_offered)
1616 {DEBUG(D_transport) debug_printf("PRDR usable\n");}
1617 #endif
1618
1619 #ifdef EXPERIMENTAL_DSN
1620 /* Note if the server supports DSN */
1621 smtp_use_dsn = esmtp && pcre_exec(regex_DSN, NULL, CS buffer, (int)Ustrlen(CS buffer), 0,
1622 PCRE_EOPT, NULL, 0) >= 0;
1623 DEBUG(D_transport) debug_printf("use_dsn=%d\n", smtp_use_dsn);
1624 #endif
1625
1626 /* Note if the response to EHLO specifies support for the AUTH extension.
1627 If it has, check that this host is one we want to authenticate to, and do
1628 the business. The host name and address must be available when the
1629 authenticator's client driver is running. */
1630
1631 switch (yield = smtp_auth(buffer, sizeof(buffer), addrlist, host,
1632 ob, esmtp, &inblock, &outblock))
1633 {
1634 default: goto SEND_QUIT;
1635 case OK: break;
1636 case FAIL_SEND: goto SEND_FAILED;
1637 case FAIL: goto RESPONSE_FAILED;
1638 }
1639 }
1640
1641 /* The setting up of the SMTP call is now complete. Any subsequent errors are
1642 message-specific. */
1643
1644 setting_up = FALSE;
1645
1646 /* If there is a filter command specified for this transport, we can now
1647 set it up. This cannot be done until the identify of the host is known. */
1648
1649 if (tblock->filter_command != NULL)
1650 {
1651 BOOL rc;
1652 uschar buffer[64];
1653 sprintf(CS buffer, "%.50s transport", tblock->name);
1654 rc = transport_set_up_command(&transport_filter_argv, tblock->filter_command,
1655 TRUE, DEFER, addrlist, buffer, NULL);
1656 transport_filter_timeout = tblock->filter_timeout;
1657
1658 /* On failure, copy the error to all addresses, abandon the SMTP call, and
1659 yield ERROR. */
1660
1661 if (!rc)
1662 {
1663 set_errno(addrlist->next, addrlist->basic_errno, addrlist->message, DEFER,
1664 FALSE);
1665 yield = ERROR;
1666 goto SEND_QUIT;
1667 }
1668 }
1669
1670
1671 /* For messages that have more than the maximum number of envelope recipients,
1672 we want to send several transactions down the same SMTP connection. (See
1673 comments in deliver.c as to how this reconciles, heuristically, with
1674 remote_max_parallel.) This optimization was added to Exim after the following
1675 code was already working. The simplest way to put it in without disturbing the
1676 code was to use a goto to jump back to this point when there is another
1677 transaction to handle. */
1678
1679 SEND_MESSAGE:
1680 sync_addr = first_addr;
1681 address_count = 0;
1682 ok = FALSE;
1683 send_rset = TRUE;
1684 completed_address = FALSE;
1685
1686
1687 /* Initiate a message transfer. If we know the receiving MTA supports the SIZE
1688 qualification, send it, adding something to the message size to allow for
1689 imprecision and things that get added en route. Exim keeps the number of lines
1690 in a message, so we can give an accurate value for the original message, but we
1691 need some additional to handle added headers. (Double "." characters don't get
1692 included in the count.) */
1693
1694 p = buffer;
1695 *p = 0;
1696
1697 if (smtp_use_size)
1698 {
1699 sprintf(CS p, " SIZE=%d", message_size+message_linecount+ob->size_addition);
1700 while (*p) p++;
1701 }
1702
1703 #ifndef DISABLE_PRDR
1704 prdr_active = FALSE;
1705 if (prdr_offered)
1706 {
1707 for (addr = first_addr; addr; addr = addr->next)
1708 if (addr->transport_return == PENDING_DEFER)
1709 {
1710 for (addr = addr->next; addr; addr = addr->next)
1711 if (addr->transport_return == PENDING_DEFER)
1712 { /* at least two recipients to send */
1713 prdr_active = TRUE;
1714 sprintf(CS p, " PRDR"); p += 5;
1715 goto prdr_is_active;
1716 }
1717 break;
1718 }
1719 }
1720 prdr_is_active:
1721 #endif
1722
1723 #ifdef EXPERIMENTAL_DSN
1724 /* check if all addresses have lasthop flag */
1725 /* do not send RET and ENVID if true */
1726 dsn_all_lasthop = TRUE;
1727 for (addr = first_addr;
1728 address_count < max_rcpt && addr != NULL;
1729 addr = addr->next)
1730 if ((addr->dsn_flags & rf_dsnlasthop) != 1)
1731 dsn_all_lasthop = FALSE;
1732
1733 /* Add any DSN flags to the mail command */
1734
1735 if ((smtp_use_dsn) && (dsn_all_lasthop == FALSE))
1736 {
1737 if (dsn_ret == dsn_ret_hdrs)
1738 {
1739 strcpy(p, " RET=HDRS");
1740 while (*p) p++;
1741 }
1742 else if (dsn_ret == dsn_ret_full)
1743 {
1744 strcpy(p, " RET=FULL");
1745 while (*p) p++;
1746 }
1747 if (dsn_envid != NULL)
1748 {
1749 string_format(p, sizeof(buffer) - (p-buffer), " ENVID=%s", dsn_envid);
1750 while (*p) p++;
1751 }
1752 }
1753 #endif
1754
1755 /* If an authenticated_sender override has been specified for this transport
1756 instance, expand it. If the expansion is forced to fail, and there was already
1757 an authenticated_sender for this message, the original value will be used.
1758 Other expansion failures are serious. An empty result is ignored, but there is
1759 otherwise no check - this feature is expected to be used with LMTP and other
1760 cases where non-standard addresses (e.g. without domains) might be required. */
1761
1762 if (smtp_mail_auth_str(p, sizeof(buffer) - (p-buffer), addrlist, ob))
1763 return ERROR;
1764
1765 /* From here until we send the DATA command, we can make use of PIPELINING
1766 if the server host supports it. The code has to be able to check the responses
1767 at any point, for when the buffer fills up, so we write it totally generally.
1768 When PIPELINING is off, each command written reports that it has flushed the
1769 buffer. */
1770
1771 pending_MAIL = TRUE; /* The block starts with MAIL */
1772
1773 rc = smtp_write_command(&outblock, smtp_use_pipelining,
1774 "MAIL FROM:<%s>%s\r\n", return_path, buffer);
1775 mail_command = string_copy(big_buffer); /* Save for later error message */
1776
1777 switch(rc)
1778 {
1779 case -1: /* Transmission error */
1780 goto SEND_FAILED;
1781
1782 case +1: /* Block was sent */
1783 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1784 ob->command_timeout))
1785 {
1786 if (errno == 0 && buffer[0] == '4')
1787 {
1788 errno = ERRNO_MAIL4XX;
1789 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
1790 }
1791 goto RESPONSE_FAILED;
1792 }
1793 pending_MAIL = FALSE;
1794 break;
1795 }
1796
1797 /* Pass over all the relevant recipient addresses for this host, which are the
1798 ones that have status PENDING_DEFER. If we are using PIPELINING, we can send
1799 several before we have to read the responses for those seen so far. This
1800 checking is done by a subroutine because it also needs to be done at the end.
1801 Send only up to max_rcpt addresses at a time, leaving first_addr pointing to
1802 the next one if not all are sent.
1803
1804 In the MUA wrapper situation, we want to flush the PIPELINING buffer for the
1805 last address because we want to abort if any recipients have any kind of
1806 problem, temporary or permanent. We know that all recipient addresses will have
1807 the PENDING_DEFER status, because only one attempt is ever made, and we know
1808 that max_rcpt will be large, so all addresses will be done at once. */
1809
1810 for (addr = first_addr;
1811 address_count < max_rcpt && addr != NULL;
1812 addr = addr->next)
1813 {
1814 int count;
1815 BOOL no_flush;
1816
1817 #ifdef EXPERIMENTAL_DSN
1818 if(smtp_use_dsn)
1819 addr->dsn_aware = dsn_support_yes;
1820 else
1821 addr->dsn_aware = dsn_support_no;
1822 #endif
1823
1824 if (addr->transport_return != PENDING_DEFER) continue;
1825
1826 address_count++;
1827 no_flush = smtp_use_pipelining && (!mua_wrapper || addr->next != NULL);
1828
1829 #ifdef EXPERIMENTAL_DSN
1830 /* Add any DSN flags to the rcpt command and add to the sent string */
1831
1832 p = buffer;
1833 *p = 0;
1834
1835 if ((smtp_use_dsn) && ((addr->dsn_flags & rf_dsnlasthop) != 1))
1836 {
1837 if ((addr->dsn_flags & rf_dsnflags) != 0)
1838 {
1839 int i;
1840 BOOL first = TRUE;
1841 strcpy(p, " NOTIFY=");
1842 while (*p) p++;
1843 for (i = 0; i < 4; i++)
1844 {
1845 if ((addr->dsn_flags & rf_list[i]) != 0)
1846 {
1847 if (!first) *p++ = ',';
1848 first = FALSE;
1849 strcpy(p, rf_names[i]);
1850 while (*p) p++;
1851 }
1852 }
1853 }
1854
1855 if (addr->dsn_orcpt != NULL) {
1856 string_format(p, sizeof(buffer) - (p-buffer), " ORCPT=%s",
1857 addr->dsn_orcpt);
1858 while (*p) p++;
1859 }
1860 }
1861 #endif
1862
1863
1864 /* Now send the RCPT command, and process outstanding responses when
1865 necessary. After a timeout on RCPT, we just end the function, leaving the
1866 yield as OK, because this error can often mean that there is a problem with
1867 just one address, so we don't want to delay the host. */
1868
1869 #ifdef EXPERIMENTAL_DSN
1870 count = smtp_write_command(&outblock, no_flush, "RCPT TO:<%s>%s%s\r\n",
1871 transport_rcpt_address(addr, tblock->rcpt_include_affixes), igquotstr, buffer);
1872 #else
1873 count = smtp_write_command(&outblock, no_flush, "RCPT TO:<%s>%s\r\n",
1874 transport_rcpt_address(addr, tblock->rcpt_include_affixes), igquotstr);
1875 #endif
1876
1877 if (count < 0) goto SEND_FAILED;
1878 if (count > 0)
1879 {
1880 switch(sync_responses(first_addr, tblock->rcpt_include_affixes,
1881 &sync_addr, host, count, ob->address_retry_include_sender,
1882 pending_MAIL, 0, &inblock, ob->command_timeout, buffer,
1883 sizeof(buffer)))
1884 {
1885 case 3: ok = TRUE; /* 2xx & 5xx => OK & progress made */
1886 case 2: completed_address = TRUE; /* 5xx (only) => progress made */
1887 break;
1888
1889 case 1: ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
1890 if (!lmtp) completed_address = TRUE; /* can't tell about progress yet */
1891 case 0: /* No 2xx or 5xx, but no probs */
1892 break;
1893
1894 case -1: goto END_OFF; /* Timeout on RCPT */
1895 default: goto RESPONSE_FAILED; /* I/O error, or any MAIL error */
1896 }
1897 pending_MAIL = FALSE; /* Dealt with MAIL */
1898 }
1899 } /* Loop for next address */
1900
1901 /* If we are an MUA wrapper, abort if any RCPTs were rejected, either
1902 permanently or temporarily. We should have flushed and synced after the last
1903 RCPT. */
1904
1905 if (mua_wrapper)
1906 {
1907 address_item *badaddr;
1908 for (badaddr = first_addr; badaddr != NULL; badaddr = badaddr->next)
1909 {
1910 if (badaddr->transport_return != PENDING_OK) break;
1911 }
1912 if (badaddr != NULL)
1913 {
1914 set_errno(addrlist, 0, badaddr->message, FAIL,
1915 testflag(badaddr, af_pass_message));
1916 ok = FALSE;
1917 }
1918 }
1919
1920 /* If ok is TRUE, we know we have got at least one good recipient, and must now
1921 send DATA, but if it is FALSE (in the normal, non-wrapper case), we may still
1922 have a good recipient buffered up if we are pipelining. We don't want to waste
1923 time sending DATA needlessly, so we only send it if either ok is TRUE or if we
1924 are pipelining. The responses are all handled by sync_responses(). */
1925
1926 if (ok || (smtp_use_pipelining && !mua_wrapper))
1927 {
1928 int count = smtp_write_command(&outblock, FALSE, "DATA\r\n");
1929 if (count < 0) goto SEND_FAILED;
1930 switch(sync_responses(first_addr, tblock->rcpt_include_affixes, &sync_addr,
1931 host, count, ob->address_retry_include_sender, pending_MAIL,
1932 ok? +1 : -1, &inblock, ob->command_timeout, buffer, sizeof(buffer)))
1933 {
1934 case 3: ok = TRUE; /* 2xx & 5xx => OK & progress made */
1935 case 2: completed_address = TRUE; /* 5xx (only) => progress made */
1936 break;
1937
1938 case 1: ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
1939 if (!lmtp) completed_address = TRUE; /* can't tell about progress yet */
1940 case 0: break; /* No 2xx or 5xx, but no probs */
1941
1942 case -1: goto END_OFF; /* Timeout on RCPT */
1943 default: goto RESPONSE_FAILED; /* I/O error, or any MAIL/DATA error */
1944 }
1945 }
1946
1947 /* Save the first address of the next batch. */
1948
1949 first_addr = addr;
1950
1951 /* If there were no good recipients (but otherwise there have been no
1952 problems), just set ok TRUE, since we have handled address-specific errors
1953 already. Otherwise, it's OK to send the message. Use the check/escape mechanism
1954 for handling the SMTP dot-handling protocol, flagging to apply to headers as
1955 well as body. Set the appropriate timeout value to be used for each chunk.
1956 (Haven't been able to make it work using select() for writing yet.) */
1957
1958 if (!ok) ok = TRUE; else
1959 {
1960 sigalrm_seen = FALSE;
1961 transport_write_timeout = ob->data_timeout;
1962 smtp_command = US"sending data block"; /* For error messages */
1963 DEBUG(D_transport|D_v)
1964 debug_printf(" SMTP>> writing message and terminating \".\"\n");
1965 transport_count = 0;
1966 #ifndef DISABLE_DKIM
1967 ok = dkim_transport_write_message(addrlist, inblock.sock,
1968 topt_use_crlf | topt_end_dot | topt_escape_headers |
1969 (tblock->body_only? topt_no_headers : 0) |
1970 (tblock->headers_only? topt_no_body : 0) |
1971 (tblock->return_path_add? topt_add_return_path : 0) |
1972 (tblock->delivery_date_add? topt_add_delivery_date : 0) |
1973 (tblock->envelope_to_add? topt_add_envelope_to : 0),
1974 0, /* No size limit */
1975 tblock->add_headers, tblock->remove_headers,
1976 US".", US"..", /* Escaping strings */
1977 tblock->rewrite_rules, tblock->rewrite_existflags,
1978 ob->dkim_private_key, ob->dkim_domain, ob->dkim_selector,
1979 ob->dkim_canon, ob->dkim_strict, ob->dkim_sign_headers
1980 );
1981 #else
1982 ok = transport_write_message(addrlist, inblock.sock,
1983 topt_use_crlf | topt_end_dot | topt_escape_headers |
1984 (tblock->body_only? topt_no_headers : 0) |
1985 (tblock->headers_only? topt_no_body : 0) |
1986 (tblock->return_path_add? topt_add_return_path : 0) |
1987 (tblock->delivery_date_add? topt_add_delivery_date : 0) |
1988 (tblock->envelope_to_add? topt_add_envelope_to : 0),
1989 0, /* No size limit */
1990 tblock->add_headers, tblock->remove_headers,
1991 US".", US"..", /* Escaping strings */
1992 tblock->rewrite_rules, tblock->rewrite_existflags);
1993 #endif
1994
1995 /* transport_write_message() uses write() because it is called from other
1996 places to write to non-sockets. This means that under some OS (e.g. Solaris)
1997 it can exit with "Broken pipe" as its error. This really means that the
1998 socket got closed at the far end. */
1999
2000 transport_write_timeout = 0; /* for subsequent transports */
2001
2002 /* Failure can either be some kind of I/O disaster (including timeout),
2003 or the failure of a transport filter or the expansion of added headers. */
2004
2005 if (!ok)
2006 {
2007 buffer[0] = 0; /* There hasn't been a response */
2008 goto RESPONSE_FAILED;
2009 }
2010
2011 /* We used to send the terminating "." explicitly here, but because of
2012 buffering effects at both ends of TCP/IP connections, you don't gain
2013 anything by keeping it separate, so it might as well go in the final
2014 data buffer for efficiency. This is now done by setting the topt_end_dot
2015 flag above. */
2016
2017 smtp_command = US"end of data";
2018
2019 #ifndef DISABLE_PRDR
2020 /* For PRDR we optionally get a partial-responses warning
2021 * followed by the individual responses, before going on with
2022 * the overall response. If we don't get the warning then deal
2023 * with per non-PRDR. */
2024 if(prdr_active)
2025 {
2026 ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '3',
2027 ob->final_timeout);
2028 if (!ok && errno == 0)
2029 switch(buffer[0])
2030 {
2031 case '2': prdr_active = FALSE;
2032 ok = TRUE;
2033 break;
2034 case '4': errno = ERRNO_DATA4XX;
2035 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
2036 break;
2037 }
2038 }
2039 else
2040 #endif
2041
2042 /* For non-PRDR SMTP, we now read a single response that applies to the
2043 whole message. If it is OK, then all the addresses have been delivered. */
2044
2045 if (!lmtp)
2046 {
2047 ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2048 ob->final_timeout);
2049 if (!ok && errno == 0 && buffer[0] == '4')
2050 {
2051 errno = ERRNO_DATA4XX;
2052 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
2053 }
2054 }
2055
2056 /* For LMTP, we get back a response for every RCPT command that we sent;
2057 some may be accepted and some rejected. For those that get a response, their
2058 status is fixed; any that are accepted have been handed over, even if later
2059 responses crash - at least, that's how I read RFC 2033.
2060
2061 If all went well, mark the recipient addresses as completed, record which
2062 host/IPaddress they were delivered to, and cut out RSET when sending another
2063 message down the same channel. Write the completed addresses to the journal
2064 now so that they are recorded in case there is a crash of hardware or
2065 software before the spool gets updated. Also record the final SMTP
2066 confirmation if needed (for SMTP only). */
2067
2068 if (ok)
2069 {
2070 int flag = '=';
2071 int delivery_time = (int)(time(NULL) - start_delivery_time);
2072 int len;
2073 host_item *thost;
2074 uschar *conf = NULL;
2075 send_rset = FALSE;
2076
2077 /* Make a copy of the host if it is local to this invocation
2078 of the transport. */
2079
2080 if (copy_host)
2081 {
2082 thost = store_get(sizeof(host_item));
2083 *thost = *host;
2084 thost->name = string_copy(host->name);
2085 thost->address = string_copy(host->address);
2086 }
2087 else thost = host;
2088
2089 /* Set up confirmation if needed - applies only to SMTP */
2090
2091 if (
2092 #ifndef EXPERIMENTAL_TPDA
2093 (log_extra_selector & LX_smtp_confirmation) != 0 &&
2094 #endif
2095 !lmtp
2096 )
2097 {
2098 uschar *s = string_printing(buffer);
2099 conf = (s == buffer)? (uschar *)string_copy(s) : s;
2100 }
2101
2102 /* Process all transported addresses - for LMTP or PRDR, read a status for
2103 each one. */
2104
2105 for (addr = addrlist; addr != first_addr; addr = addr->next)
2106 {
2107 if (addr->transport_return != PENDING_OK) continue;
2108
2109 /* LMTP - if the response fails badly (e.g. timeout), use it for all the
2110 remaining addresses. Otherwise, it's a return code for just the one
2111 address. For temporary errors, add a retry item for the address so that
2112 it doesn't get tried again too soon. */
2113
2114 #ifndef DISABLE_PRDR
2115 if (lmtp || prdr_active)
2116 #else
2117 if (lmtp)
2118 #endif
2119 {
2120 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2121 ob->final_timeout))
2122 {
2123 if (errno != 0 || buffer[0] == 0) goto RESPONSE_FAILED;
2124 addr->message = string_sprintf(
2125 #ifndef DISABLE_PRDR
2126 "%s error after %s: %s", prdr_active ? "PRDR":"LMTP",
2127 #else
2128 "LMTP error after %s: %s",
2129 #endif
2130 big_buffer, string_printing(buffer));
2131 setflag(addr, af_pass_message); /* Allow message to go to user */
2132 if (buffer[0] == '5')
2133 addr->transport_return = FAIL;
2134 else
2135 {
2136 errno = ERRNO_DATA4XX;
2137 addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
2138 addr->transport_return = DEFER;
2139 #ifndef DISABLE_PRDR
2140 if (!prdr_active)
2141 #endif
2142 retry_add_item(addr, addr->address_retry_key, 0);
2143 }
2144 continue;
2145 }
2146 completed_address = TRUE; /* NOW we can set this flag */
2147 if ((log_extra_selector & LX_smtp_confirmation) != 0)
2148 {
2149 uschar *s = string_printing(buffer);
2150 conf = (s == buffer)? (uschar *)string_copy(s) : s;
2151 }
2152 }
2153
2154 /* SMTP, or success return from LMTP for this address. Pass back the
2155 actual host that was used. */
2156
2157 addr->transport_return = OK;
2158 addr->more_errno = delivery_time;
2159 addr->host_used = thost;
2160 addr->special_action = flag;
2161 addr->message = conf;
2162 #ifndef DISABLE_PRDR
2163 if (prdr_active) addr->flags |= af_prdr_used;
2164 #endif
2165 flag = '-';
2166
2167 #ifndef DISABLE_PRDR
2168 if (!prdr_active)
2169 #endif
2170 {
2171 /* Update the journal. For homonymic addresses, use the base address plus
2172 the transport name. See lots of comments in deliver.c about the reasons
2173 for the complications when homonyms are involved. Just carry on after
2174 write error, as it may prove possible to update the spool file later. */
2175
2176 if (testflag(addr, af_homonym))
2177 sprintf(CS buffer, "%.500s/%s\n", addr->unique + 3, tblock->name);
2178 else
2179 sprintf(CS buffer, "%.500s\n", addr->unique);
2180
2181 DEBUG(D_deliver) debug_printf("journalling %s", buffer);
2182 len = Ustrlen(CS buffer);
2183 if (write(journal_fd, buffer, len) != len)
2184 log_write(0, LOG_MAIN|LOG_PANIC, "failed to write journal for "
2185 "%s: %s", buffer, strerror(errno));
2186 }
2187 }
2188
2189 #ifndef DISABLE_PRDR
2190 if (prdr_active)
2191 {
2192 /* PRDR - get the final, overall response. For any non-success
2193 upgrade all the address statuses. */
2194 ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2195 ob->final_timeout);
2196 if (!ok)
2197 {
2198 if(errno == 0 && buffer[0] == '4')
2199 {
2200 errno = ERRNO_DATA4XX;
2201 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
2202 }
2203 for (addr = addrlist; addr != first_addr; addr = addr->next)
2204 if (buffer[0] == '5' || addr->transport_return == OK)
2205 addr->transport_return = PENDING_OK; /* allow set_errno action */
2206 goto RESPONSE_FAILED;
2207 }
2208
2209 /* Update the journal, or setup retry. */
2210 for (addr = addrlist; addr != first_addr; addr = addr->next)
2211 if (addr->transport_return == OK)
2212 {
2213 if (testflag(addr, af_homonym))
2214 sprintf(CS buffer, "%.500s/%s\n", addr->unique + 3, tblock->name);
2215 else
2216 sprintf(CS buffer, "%.500s\n", addr->unique);
2217
2218 DEBUG(D_deliver) debug_printf("journalling(PRDR) %s", buffer);
2219 len = Ustrlen(CS buffer);
2220 if (write(journal_fd, buffer, len) != len)
2221 log_write(0, LOG_MAIN|LOG_PANIC, "failed to write journal for "
2222 "%s: %s", buffer, strerror(errno));
2223 }
2224 else if (addr->transport_return == DEFER)
2225 retry_add_item(addr, addr->address_retry_key, -2);
2226 }
2227 #endif
2228
2229 /* Ensure the journal file is pushed out to disk. */
2230
2231 if (EXIMfsync(journal_fd) < 0)
2232 log_write(0, LOG_MAIN|LOG_PANIC, "failed to fsync journal: %s",
2233 strerror(errno));
2234 }
2235 }
2236
2237
2238 /* Handle general (not specific to one address) failures here. The value of ok
2239 is used to skip over this code on the falling through case. A timeout causes a
2240 deferral. Other errors may defer or fail according to the response code, and
2241 may set up a special errno value, e.g. after connection chopped, which is
2242 assumed if errno == 0 and there is no text in the buffer. If control reaches
2243 here during the setting up phase (i.e. before MAIL FROM) then always defer, as
2244 the problem is not related to this specific message. */
2245
2246 if (!ok)
2247 {
2248 int code;
2249
2250 RESPONSE_FAILED:
2251 save_errno = errno;
2252 message = NULL;
2253 send_quit = check_response(host, &save_errno, addrlist->more_errno,
2254 buffer, &code, &message, &pass_message);
2255 goto FAILED;
2256
2257 SEND_FAILED:
2258 save_errno = errno;
2259 code = '4';
2260 message = US string_sprintf("send() to %s [%s] failed: %s",
2261 host->name, host->address, strerror(save_errno));
2262 send_quit = FALSE;
2263 goto FAILED;
2264
2265 /* This label is jumped to directly when a TLS negotiation has failed,
2266 or was not done for a host for which it is required. Values will be set
2267 in message and save_errno, and setting_up will always be true. Treat as
2268 a temporary error. */
2269
2270 #ifdef SUPPORT_TLS
2271 TLS_FAILED:
2272 code = '4';
2273 #endif
2274
2275 /* If the failure happened while setting up the call, see if the failure was
2276 a 5xx response (this will either be on connection, or following HELO - a 5xx
2277 after EHLO causes it to try HELO). If so, fail all addresses, as this host is
2278 never going to accept them. For other errors during setting up (timeouts or
2279 whatever), defer all addresses, and yield DEFER, so that the host is not
2280 tried again for a while. */
2281
2282 FAILED:
2283 ok = FALSE; /* For when reached by GOTO */
2284
2285 if (setting_up)
2286 {
2287 if (code == '5')
2288 {
2289 set_errno(addrlist, save_errno, message, FAIL, pass_message);
2290 }
2291 else
2292 {
2293 set_errno(addrlist, save_errno, message, DEFER, pass_message);
2294 yield = DEFER;
2295 }
2296 }
2297
2298 /* We want to handle timeouts after MAIL or "." and loss of connection after
2299 "." specially. They can indicate a problem with the sender address or with
2300 the contents of the message rather than a real error on the connection. These
2301 cases are treated in the same way as a 4xx response. This next bit of code
2302 does the classification. */
2303
2304 else
2305 {
2306 BOOL message_error;
2307
2308 switch(save_errno)
2309 {
2310 case 0:
2311 case ERRNO_MAIL4XX:
2312 case ERRNO_DATA4XX:
2313 message_error = TRUE;
2314 break;
2315
2316 case ETIMEDOUT:
2317 message_error = Ustrncmp(smtp_command,"MAIL",4) == 0 ||
2318 Ustrncmp(smtp_command,"end ",4) == 0;
2319 break;
2320
2321 case ERRNO_SMTPCLOSED:
2322 message_error = Ustrncmp(smtp_command,"end ",4) == 0;
2323 break;
2324
2325 default:
2326 message_error = FALSE;
2327 break;
2328 }
2329
2330 /* Handle the cases that are treated as message errors. These are:
2331
2332 (a) negative response or timeout after MAIL
2333 (b) negative response after DATA
2334 (c) negative response or timeout or dropped connection after "."
2335
2336 It won't be a negative response or timeout after RCPT, as that is dealt
2337 with separately above. The action in all cases is to set an appropriate
2338 error code for all the addresses, but to leave yield set to OK because the
2339 host itself has not failed. Of course, it might in practice have failed
2340 when we've had a timeout, but if so, we'll discover that at the next
2341 delivery attempt. For a temporary error, set the message_defer flag, and
2342 write to the logs for information if this is not the last host. The error
2343 for the last host will be logged as part of the address's log line. */
2344
2345 if (message_error)
2346 {
2347 if (mua_wrapper) code = '5'; /* Force hard failure in wrapper mode */
2348 set_errno(addrlist, save_errno, message, (code == '5')? FAIL : DEFER,
2349 pass_message);
2350
2351 /* If there's an errno, the message contains just the identity of
2352 the host. */
2353
2354 if (code != '5') /* Anything other than 5 is treated as temporary */
2355 {
2356 if (save_errno > 0)
2357 message = US string_sprintf("%s: %s", message, strerror(save_errno));
2358 if (host->next != NULL) log_write(0, LOG_MAIN, "%s", message);
2359 deliver_msglog("%s %s\n", tod_stamp(tod_log), message);
2360 *message_defer = TRUE;
2361 }
2362 }
2363
2364 /* Otherwise, we have an I/O error or a timeout other than after MAIL or
2365 ".", or some other transportation error. We defer all addresses and yield
2366 DEFER, except for the case of failed add_headers expansion, or a transport
2367 filter failure, when the yield should be ERROR, to stop it trying other
2368 hosts. */
2369
2370 else
2371 {
2372 yield = (save_errno == ERRNO_CHHEADER_FAIL ||
2373 save_errno == ERRNO_FILTER_FAIL)? ERROR : DEFER;
2374 set_errno(addrlist, save_errno, message, DEFER, pass_message);
2375 }
2376 }
2377 }
2378
2379
2380 /* If all has gone well, send_quit will be set TRUE, implying we can end the
2381 SMTP session tidily. However, if there were too many addresses to send in one
2382 message (indicated by first_addr being non-NULL) we want to carry on with the
2383 rest of them. Also, it is desirable to send more than one message down the SMTP
2384 connection if there are several waiting, provided we haven't already sent so
2385 many as to hit the configured limit. The function transport_check_waiting looks
2386 for a waiting message and returns its id. Then transport_pass_socket tries to
2387 set up a continued delivery by passing the socket on to another process. The
2388 variable send_rset is FALSE if a message has just been successfully transfered.
2389
2390 If we are already sending down a continued channel, there may be further
2391 addresses not yet delivered that are aimed at the same host, but which have not
2392 been passed in this run of the transport. In this case, continue_more will be
2393 true, and all we should do is send RSET if necessary, and return, leaving the
2394 channel open.
2395
2396 However, if no address was disposed of, i.e. all addresses got 4xx errors, we
2397 do not want to continue with other messages down the same channel, because that
2398 can lead to looping between two or more messages, all with the same,
2399 temporarily failing address(es). [The retry information isn't updated yet, so
2400 new processes keep on trying.] We probably also don't want to try more of this
2401 message's addresses either.
2402
2403 If we have started a TLS session, we have to end it before passing the
2404 connection to a new process. However, not all servers can handle this (Exim
2405 can), so we do not pass such a connection on if the host matches
2406 hosts_nopass_tls. */
2407
2408 DEBUG(D_transport)
2409 debug_printf("ok=%d send_quit=%d send_rset=%d continue_more=%d "
2410 "yield=%d first_address is %sNULL\n", ok, send_quit, send_rset,
2411 continue_more, yield, (first_addr == NULL)? "":"not ");
2412
2413 if (completed_address && ok && send_quit)
2414 {
2415 BOOL more;
2416 if (first_addr != NULL || continue_more ||
2417 (
2418 (tls_out.active < 0 ||
2419 verify_check_this_host(&(ob->hosts_nopass_tls), NULL, host->name,
2420 host->address, NULL) != OK)
2421 &&
2422 transport_check_waiting(tblock->name, host->name,
2423 tblock->connection_max_messages, new_message_id, &more)
2424 ))
2425 {
2426 uschar *msg;
2427 BOOL pass_message;
2428
2429 if (send_rset)
2430 {
2431 if (! (ok = smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0))
2432 {
2433 msg = US string_sprintf("send() to %s [%s] failed: %s", host->name,
2434 host->address, strerror(save_errno));
2435 send_quit = FALSE;
2436 }
2437 else if (! (ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2438 ob->command_timeout)))
2439 {
2440 int code;
2441 send_quit = check_response(host, &errno, 0, buffer, &code, &msg,
2442 &pass_message);
2443 if (!send_quit)
2444 {
2445 DEBUG(D_transport) debug_printf("%s\n", msg);
2446 }
2447 }
2448 }
2449
2450 /* Either RSET was not needed, or it succeeded */
2451
2452 if (ok)
2453 {
2454 if (first_addr != NULL) /* More addresses still to be sent */
2455 { /* in this run of the transport */
2456 continue_sequence++; /* Causes * in logging */
2457 goto SEND_MESSAGE;
2458 }
2459 if (continue_more) return yield; /* More addresses for another run */
2460
2461 /* Pass the socket to a new Exim process. Before doing so, we must shut
2462 down TLS. Not all MTAs allow for the continuation of the SMTP session
2463 when TLS is shut down. We test for this by sending a new EHLO. If we
2464 don't get a good response, we don't attempt to pass the socket on. */
2465
2466 #ifdef SUPPORT_TLS
2467 if (tls_out.active >= 0)
2468 {
2469 tls_close(FALSE, TRUE);
2470 if (smtps)
2471 ok = FALSE;
2472 else
2473 ok = smtp_write_command(&outblock,FALSE,"EHLO %s\r\n",helo_data) >= 0 &&
2474 smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2475 ob->command_timeout);
2476 }
2477 #endif
2478
2479 /* If the socket is successfully passed, we musn't send QUIT (or
2480 indeed anything!) from here. */
2481
2482 if (ok && transport_pass_socket(tblock->name, host->name, host->address,
2483 new_message_id, inblock.sock))
2484 {
2485 send_quit = FALSE;
2486 }
2487 }
2488
2489 /* If RSET failed and there are addresses left, they get deferred. */
2490
2491 else set_errno(first_addr, errno, msg, DEFER, FALSE);
2492 }
2493 }
2494
2495 /* End off tidily with QUIT unless the connection has died or the socket has
2496 been passed to another process. There has been discussion on the net about what
2497 to do after sending QUIT. The wording of the RFC suggests that it is necessary
2498 to wait for a response, but on the other hand, there isn't anything one can do
2499 with an error response, other than log it. Exim used to do that. However,
2500 further discussion suggested that it is positively advantageous not to wait for
2501 the response, but to close the session immediately. This is supposed to move
2502 the TCP/IP TIME_WAIT state from the server to the client, thereby removing some
2503 load from the server. (Hosts that are both servers and clients may not see much
2504 difference, of course.) Further discussion indicated that this was safe to do
2505 on Unix systems which have decent implementations of TCP/IP that leave the
2506 connection around for a while (TIME_WAIT) after the application has gone away.
2507 This enables the response sent by the server to be properly ACKed rather than
2508 timed out, as can happen on broken TCP/IP implementations on other OS.
2509
2510 This change is being made on 31-Jul-98. After over a year of trouble-free
2511 operation, the old commented-out code was removed on 17-Sep-99. */
2512
2513 SEND_QUIT:
2514 if (send_quit) (void)smtp_write_command(&outblock, FALSE, "QUIT\r\n");
2515
2516 END_OFF:
2517
2518 #ifdef SUPPORT_TLS
2519 tls_close(FALSE, TRUE);
2520 #endif
2521
2522 /* Close the socket, and return the appropriate value, first setting
2523 works because the NULL setting is passed back to the calling process, and
2524 remote_max_parallel is forced to 1 when delivering over an existing connection,
2525
2526 If all went well and continue_more is set, we shouldn't actually get here if
2527 there are further addresses, as the return above will be taken. However,
2528 writing RSET might have failed, or there may be other addresses whose hosts are
2529 specified in the transports, and therefore not visible at top level, in which
2530 case continue_more won't get set. */
2531
2532 (void)close(inblock.sock);
2533 continue_transport = NULL;
2534 continue_hostname = NULL;
2535 return yield;
2536 }
2537
2538
2539
2540
2541 /*************************************************
2542 * Closedown entry point *
2543 *************************************************/
2544
2545 /* This function is called when exim is passed an open smtp channel
2546 from another incarnation, but the message which it has been asked
2547 to deliver no longer exists. The channel is on stdin.
2548
2549 We might do fancy things like looking for another message to send down
2550 the channel, but if the one we sought has gone, it has probably been
2551 delivered by some other process that itself will seek further messages,
2552 so just close down our connection.
2553
2554 Argument: pointer to the transport instance block
2555 Returns: nothing
2556 */
2557
2558 void
2559 smtp_transport_closedown(transport_instance *tblock)
2560 {
2561 smtp_transport_options_block *ob =
2562 (smtp_transport_options_block *)(tblock->options_block);
2563 smtp_inblock inblock;
2564 smtp_outblock outblock;
2565 uschar buffer[256];
2566 uschar inbuffer[4096];
2567 uschar outbuffer[16];
2568
2569 inblock.sock = fileno(stdin);
2570 inblock.buffer = inbuffer;
2571 inblock.buffersize = sizeof(inbuffer);
2572 inblock.ptr = inbuffer;
2573 inblock.ptrend = inbuffer;
2574
2575 outblock.sock = inblock.sock;
2576 outblock.buffersize = sizeof(outbuffer);
2577 outblock.buffer = outbuffer;
2578 outblock.ptr = outbuffer;
2579 outblock.cmd_count = 0;
2580 outblock.authenticating = FALSE;
2581
2582 (void)smtp_write_command(&outblock, FALSE, "QUIT\r\n");
2583 (void)smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2584 ob->command_timeout);
2585 (void)close(inblock.sock);
2586 }
2587
2588
2589
2590 /*************************************************
2591 * Prepare addresses for delivery *
2592 *************************************************/
2593
2594 /* This function is called to flush out error settings from previous delivery
2595 attempts to other hosts. It also records whether we got here via an MX record
2596 or not in the more_errno field of the address. We are interested only in
2597 addresses that are still marked DEFER - others may have got delivered to a
2598 previously considered IP address. Set their status to PENDING_DEFER to indicate
2599 which ones are relevant this time.
2600
2601 Arguments:
2602 addrlist the list of addresses
2603 host the host we are delivering to
2604
2605 Returns: the first address for this delivery
2606 */
2607
2608 static address_item *
2609 prepare_addresses(address_item *addrlist, host_item *host)
2610 {
2611 address_item *first_addr = NULL;
2612 address_item *addr;
2613 for (addr = addrlist; addr != NULL; addr = addr->next)
2614 {
2615 if (addr->transport_return != DEFER) continue;
2616 if (first_addr == NULL) first_addr = addr;
2617 addr->transport_return = PENDING_DEFER;
2618 addr->basic_errno = 0;
2619 addr->more_errno = (host->mx >= 0)? 'M' : 'A';
2620 addr->message = NULL;
2621 #ifdef SUPPORT_TLS
2622 addr->cipher = NULL;
2623 addr->ourcert = NULL;
2624 addr->peercert = NULL;
2625 addr->peerdn = NULL;
2626 addr->ocsp = OCSP_NOT_REQ;
2627 #endif
2628 }
2629 return first_addr;
2630 }
2631
2632
2633
2634 /*************************************************
2635 * Main entry point *
2636 *************************************************/
2637
2638 /* See local README for interface details. As this is a remote transport, it is
2639 given a chain of addresses to be delivered in one connection, if possible. It
2640 always returns TRUE, indicating that each address has its own independent
2641 status set, except if there is a setting up problem, in which case it returns
2642 FALSE. */
2643
2644 BOOL
2645 smtp_transport_entry(
2646 transport_instance *tblock, /* data for this instantiation */
2647 address_item *addrlist) /* addresses we are working on */
2648 {
2649 int cutoff_retry;
2650 int port;
2651 int hosts_defer = 0;
2652 int hosts_fail = 0;
2653 int hosts_looked_up = 0;
2654 int hosts_retry = 0;
2655 int hosts_serial = 0;
2656 int hosts_total = 0;
2657 int total_hosts_tried = 0;
2658 address_item *addr;
2659 BOOL expired = TRUE;
2660 BOOL continuing = continue_hostname != NULL;
2661 uschar *expanded_hosts = NULL;
2662 uschar *pistring;
2663 uschar *tid = string_sprintf("%s transport", tblock->name);
2664 smtp_transport_options_block *ob =
2665 (smtp_transport_options_block *)(tblock->options_block);
2666 host_item *hostlist = addrlist->host_list;
2667 host_item *host = NULL;
2668
2669 DEBUG(D_transport)
2670 {
2671 debug_printf("%s transport entered\n", tblock->name);
2672 for (addr = addrlist; addr != NULL; addr = addr->next)
2673 debug_printf(" %s\n", addr->address);
2674 if (continuing) debug_printf("already connected to %s [%s]\n",
2675 continue_hostname, continue_host_address);
2676 }
2677
2678 /* Set the flag requesting that these hosts be added to the waiting
2679 database if the delivery fails temporarily or if we are running with
2680 queue_smtp or a 2-stage queue run. This gets unset for certain
2681 kinds of error, typically those that are specific to the message. */
2682
2683 update_waiting = TRUE;
2684
2685 /* If a host list is not defined for the addresses - they must all have the
2686 same one in order to be passed to a single transport - or if the transport has
2687 a host list with hosts_override set, use the host list supplied with the
2688 transport. It is an error for this not to exist. */
2689
2690 if (hostlist == NULL || (ob->hosts_override && ob->hosts != NULL))
2691 {
2692 if (ob->hosts == NULL)
2693 {
2694 addrlist->message = string_sprintf("%s transport called with no hosts set",
2695 tblock->name);
2696 addrlist->transport_return = PANIC;
2697 return FALSE; /* Only top address has status */
2698 }
2699
2700 DEBUG(D_transport) debug_printf("using the transport's hosts: %s\n",
2701 ob->hosts);
2702
2703 /* If the transport's host list contains no '$' characters, and we are not
2704 randomizing, it is fixed and therefore a chain of hosts can be built once
2705 and for all, and remembered for subsequent use by other calls to this
2706 transport. If, on the other hand, the host list does contain '$', or we are
2707 randomizing its order, we have to rebuild it each time. In the fixed case,
2708 as the hosts string will never be used again, it doesn't matter that we
2709 replace all the : characters with zeros. */
2710
2711 if (ob->hostlist == NULL)
2712 {
2713 uschar *s = ob->hosts;
2714
2715 if (Ustrchr(s, '$') != NULL)
2716 {
2717 expanded_hosts = expand_string(s);
2718 if (expanded_hosts == NULL)
2719 {
2720 addrlist->message = string_sprintf("failed to expand list of hosts "
2721 "\"%s\" in %s transport: %s", s, tblock->name, expand_string_message);
2722 addrlist->transport_return = search_find_defer? DEFER : PANIC;
2723 return FALSE; /* Only top address has status */
2724 }
2725 DEBUG(D_transport) debug_printf("expanded list of hosts \"%s\" to "
2726 "\"%s\"\n", s, expanded_hosts);
2727 s = expanded_hosts;
2728 }
2729 else
2730 if (ob->hosts_randomize) s = expanded_hosts = string_copy(s);
2731
2732 host_build_hostlist(&hostlist, s, ob->hosts_randomize);
2733
2734 /* Check that the expansion yielded something useful. */
2735 if (hostlist == NULL)
2736 {
2737 addrlist->message =
2738 string_sprintf("%s transport has empty hosts setting", tblock->name);
2739 addrlist->transport_return = PANIC;
2740 return FALSE; /* Only top address has status */
2741 }
2742
2743 /* If there was no expansion of hosts, save the host list for
2744 next time. */
2745
2746 if (expanded_hosts == NULL) ob->hostlist = hostlist;
2747 }
2748
2749 /* This is not the first time this transport has been run in this delivery;
2750 the host list was built previously. */
2751
2752 else hostlist = ob->hostlist;
2753 }
2754
2755 /* The host list was supplied with the address. If hosts_randomize is set, we
2756 must sort it into a random order if it did not come from MX records and has not
2757 already been randomized (but don't bother if continuing down an existing
2758 connection). */
2759
2760 else if (ob->hosts_randomize && hostlist->mx == MX_NONE && !continuing)
2761 {
2762 host_item *newlist = NULL;
2763 while (hostlist != NULL)
2764 {
2765 host_item *h = hostlist;
2766 hostlist = hostlist->next;
2767
2768 h->sort_key = random_number(100);
2769
2770 if (newlist == NULL)
2771 {
2772 h->next = NULL;
2773 newlist = h;
2774 }
2775 else if (h->sort_key < newlist->sort_key)
2776 {
2777 h->next = newlist;
2778 newlist = h;
2779 }
2780 else
2781 {
2782 host_item *hh = newlist;
2783 while (hh->next != NULL)
2784 {
2785 if (h->sort_key < hh->next->sort_key) break;
2786 hh = hh->next;
2787 }
2788 h->next = hh->next;
2789 hh->next = h;
2790 }
2791 }
2792
2793 hostlist = addrlist->host_list = newlist;
2794 }
2795
2796
2797 /* Sort out the default port. */
2798
2799 if (!smtp_get_port(ob->port, addrlist, &port, tid)) return FALSE;
2800
2801
2802 /* For each host-plus-IP-address on the list:
2803
2804 . If this is a continued delivery and the host isn't the one with the
2805 current connection, skip.
2806
2807 . If the status is unusable (i.e. previously failed or retry checked), skip.
2808
2809 . If no IP address set, get the address, either by turning the name into
2810 an address, calling gethostbyname if gethostbyname is on, or by calling
2811 the DNS. The DNS may yield multiple addresses, in which case insert the
2812 extra ones into the list.
2813
2814 . Get the retry data if not previously obtained for this address and set the
2815 field which remembers the state of this address. Skip if the retry time is
2816 not reached. If not, remember whether retry data was found. The retry string
2817 contains both the name and the IP address.
2818
2819 . Scan the list of addresses and mark those whose status is DEFER as
2820 PENDING_DEFER. These are the only ones that will be processed in this cycle
2821 of the hosts loop.
2822
2823 . Make a delivery attempt - addresses marked PENDING_DEFER will be tried.
2824 Some addresses may be successfully delivered, others may fail, and yet
2825 others may get temporary errors and so get marked DEFER.
2826
2827 . The return from the delivery attempt is OK if a connection was made and a
2828 valid SMTP dialogue was completed. Otherwise it is DEFER.
2829
2830 . If OK, add a "remove" retry item for this host/IPaddress, if any.
2831
2832 . If fail to connect, or other defer state, add a retry item.
2833
2834 . If there are any addresses whose status is still DEFER, carry on to the
2835 next host/IPaddress, unless we have tried the number of hosts given
2836 by hosts_max_try or hosts_max_try_hardlimit; otherwise return. Note that
2837 there is some fancy logic for hosts_max_try that means its limit can be
2838 overstepped in some circumstances.
2839
2840 If we get to the end of the list, all hosts have deferred at least one address,
2841 or not reached their retry times. If delay_after_cutoff is unset, it requests a
2842 delivery attempt to those hosts whose last try was before the arrival time of
2843 the current message. To cope with this, we have to go round the loop a second
2844 time. After that, set the status and error data for any addresses that haven't
2845 had it set already. */
2846
2847 for (cutoff_retry = 0; expired &&
2848 cutoff_retry < ((ob->delay_after_cutoff)? 1 : 2);
2849 cutoff_retry++)
2850 {
2851 host_item *nexthost = NULL;
2852 int unexpired_hosts_tried = 0;
2853
2854 for (host = hostlist;
2855 host != NULL &&
2856 unexpired_hosts_tried < ob->hosts_max_try &&
2857 total_hosts_tried < ob->hosts_max_try_hardlimit;
2858 host = nexthost)
2859 {
2860 int rc;
2861 int host_af;
2862 uschar *rs;
2863 BOOL serialized = FALSE;
2864 BOOL host_is_expired = FALSE;
2865 BOOL message_defer = FALSE;
2866 BOOL ifchanges = FALSE;
2867 BOOL some_deferred = FALSE;
2868 address_item *first_addr = NULL;
2869 uschar *interface = NULL;
2870 uschar *retry_host_key = NULL;
2871 uschar *retry_message_key = NULL;
2872 uschar *serialize_key = NULL;
2873
2874 /* Default next host is next host. :-) But this can vary if the
2875 hosts_max_try limit is hit (see below). It may also be reset if a host
2876 address is looked up here (in case the host was multihomed). */
2877
2878 nexthost = host->next;
2879
2880 /* If the address hasn't yet been obtained from the host name, look it up
2881 now, unless the host is already marked as unusable. If it is marked as
2882 unusable, it means that the router was unable to find its IP address (in
2883 the DNS or wherever) OR we are in the 2nd time round the cutoff loop, and
2884 the lookup failed last time. We don't get this far if *all* MX records
2885 point to non-existent hosts; that is treated as a hard error.
2886
2887 We can just skip this host entirely. When the hosts came from the router,
2888 the address will timeout based on the other host(s); when the address is
2889 looked up below, there is an explicit retry record added.
2890
2891 Note that we mustn't skip unusable hosts if the address is not unset; they
2892 may be needed as expired hosts on the 2nd time round the cutoff loop. */
2893
2894 if (host->address == NULL)
2895 {
2896 int new_port, flags;
2897 host_item *hh;
2898 uschar *canonical_name;
2899
2900 if (host->status >= hstatus_unusable)
2901 {
2902 DEBUG(D_transport) debug_printf("%s has no address and is unusable - skipping\n",
2903 host->name);
2904 continue;
2905 }
2906
2907 DEBUG(D_transport) debug_printf("getting address for %s\n", host->name);
2908
2909 /* The host name is permitted to have an attached port. Find it, and
2910 strip it from the name. Just remember it for now. */
2911
2912 new_port = host_item_get_port(host);
2913
2914 /* Count hosts looked up */
2915
2916 hosts_looked_up++;
2917
2918 /* Find by name if so configured, or if it's an IP address. We don't
2919 just copy the IP address, because we need the test-for-local to happen. */
2920
2921 flags = HOST_FIND_BY_A;
2922 if (ob->dns_qualify_single) flags |= HOST_FIND_QUALIFY_SINGLE;
2923 if (ob->dns_search_parents) flags |= HOST_FIND_SEARCH_PARENTS;
2924
2925 if (ob->gethostbyname || string_is_ip_address(host->name, NULL) != 0)
2926 rc = host_find_byname(host, NULL, flags, &canonical_name, TRUE);
2927 else
2928 rc = host_find_bydns(host, NULL, flags, NULL, NULL, NULL,
2929 ob->dnssec_request_domains, ob->dnssec_require_domains,
2930 &canonical_name, NULL);
2931
2932 /* Update the host (and any additional blocks, resulting from
2933 multihoming) with a host-specific port, if any. */
2934
2935 for (hh = host; hh != nexthost; hh = hh->next) hh->port = new_port;
2936
2937 /* Failure to find the host at this time (usually DNS temporary failure)
2938 is really a kind of routing failure rather than a transport failure.
2939 Therefore we add a retry item of the routing kind, not to stop us trying
2940 to look this name up here again, but to ensure the address gets timed
2941 out if the failures go on long enough. A complete failure at this point
2942 commonly points to a configuration error, but the best action is still
2943 to carry on for the next host. */
2944
2945 if (rc == HOST_FIND_AGAIN || rc == HOST_FIND_FAILED)
2946 {
2947 retry_add_item(addrlist, string_sprintf("R:%s", host->name), 0);
2948 expired = FALSE;
2949 if (rc == HOST_FIND_AGAIN) hosts_defer++; else hosts_fail++;
2950 DEBUG(D_transport) debug_printf("rc = %s for %s\n", (rc == HOST_FIND_AGAIN)?
2951 "HOST_FIND_AGAIN" : "HOST_FIND_FAILED", host->name);
2952 host->status = hstatus_unusable;
2953
2954 for (addr = addrlist; addr != NULL; addr = addr->next)
2955 {
2956 if (addr->transport_return != DEFER) continue;
2957 addr->basic_errno = ERRNO_UNKNOWNHOST;
2958 addr->message =
2959 string_sprintf("failed to lookup IP address for %s", host->name);
2960 }
2961 continue;
2962 }
2963
2964 /* If the host is actually the local host, we may have a problem, or
2965 there may be some cunning configuration going on. In the problem case,
2966 log things and give up. The default transport status is already DEFER. */
2967
2968 if (rc == HOST_FOUND_LOCAL && !ob->allow_localhost)
2969 {
2970 for (addr = addrlist; addr != NULL; addr = addr->next)
2971 {
2972 addr->basic_errno = 0;
2973 addr->message = string_sprintf("%s transport found host %s to be "
2974 "local", tblock->name, host->name);
2975 }
2976 goto END_TRANSPORT;
2977 }
2978 } /* End of block for IP address lookup */
2979
2980 /* If this is a continued delivery, we are interested only in the host
2981 which matches the name of the existing open channel. The check is put
2982 here after the local host lookup, in case the name gets expanded as a
2983 result of the lookup. Set expired FALSE, to save the outer loop executing
2984 twice. */
2985
2986 if (continuing && (Ustrcmp(continue_hostname, host->name) != 0 ||
2987 Ustrcmp(continue_host_address, host->address) != 0))
2988 {
2989 expired = FALSE;
2990 continue; /* With next host */
2991 }
2992
2993 /* Reset the default next host in case a multihomed host whose addresses
2994 are not looked up till just above added to the host list. */
2995
2996 nexthost = host->next;
2997
2998 /* If queue_smtp is set (-odqs or the first part of a 2-stage run), or the
2999 domain is in queue_smtp_domains, we don't actually want to attempt any
3000 deliveries. When doing a queue run, queue_smtp_domains is always unset. If
3001 there is a lookup defer in queue_smtp_domains, proceed as if the domain
3002 were not in it. We don't want to hold up all SMTP deliveries! Except when
3003 doing a two-stage queue run, don't do this if forcing. */
3004
3005 if ((!deliver_force || queue_2stage) && (queue_smtp ||
3006 match_isinlist(addrlist->domain, &queue_smtp_domains, 0,
3007 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK))
3008 {
3009 expired = FALSE;
3010 for (addr = addrlist; addr != NULL; addr = addr->next)
3011 {
3012 if (addr->transport_return != DEFER) continue;
3013 addr->message = US"domain matches queue_smtp_domains, or -odqs set";
3014 }
3015 continue; /* With next host */
3016 }
3017
3018 /* Count hosts being considered - purely for an intelligent comment
3019 if none are usable. */
3020
3021 hosts_total++;
3022
3023 /* Set $host and $host address now in case they are needed for the
3024 interface expansion or the serialize_hosts check; they remain set if an
3025 actual delivery happens. */
3026
3027 deliver_host = host->name;
3028 deliver_host_address = host->address;
3029 lookup_dnssec_authenticated = host->dnssec == DS_YES ? US"yes"
3030 : host->dnssec == DS_NO ? US"no"
3031 : US"";
3032
3033 /* Set up a string for adding to the retry key if the port number is not
3034 the standard SMTP port. A host may have its own port setting that overrides
3035 the default. */
3036
3037 pistring = string_sprintf(":%d", (host->port == PORT_NONE)?
3038 port : host->port);
3039 if (Ustrcmp(pistring, ":25") == 0) pistring = US"";
3040
3041 /* Select IPv4 or IPv6, and choose an outgoing interface. If the interface
3042 string changes upon expansion, we must add it to the key that is used for
3043 retries, because connections to the same host from a different interface
3044 should be treated separately. */
3045
3046 host_af = (Ustrchr(host->address, ':') == NULL)? AF_INET : AF_INET6;
3047 if (!smtp_get_interface(ob->interface, host_af, addrlist, &ifchanges,
3048 &interface, tid))
3049 return FALSE;
3050 if (ifchanges) pistring = string_sprintf("%s/%s", pistring, interface);
3051
3052 /* The first time round the outer loop, check the status of the host by
3053 inspecting the retry data. The second time round, we are interested only
3054 in expired hosts that haven't been tried since this message arrived. */
3055
3056 if (cutoff_retry == 0)
3057 {
3058 /* Ensure the status of the address is set by checking retry data if
3059 necessary. There maybe host-specific retry data (applicable to all
3060 messages) and also data for retries of a specific message at this host.
3061 If either of these retry records are actually read, the keys used are
3062 returned to save recomputing them later. */
3063
3064 host_is_expired = retry_check_address(addrlist->domain, host, pistring,
3065 ob->retry_include_ip_address, &retry_host_key, &retry_message_key);
3066
3067 DEBUG(D_transport) debug_printf("%s [%s]%s status = %s\n", host->name,
3068 (host->address == NULL)? US"" : host->address, pistring,
3069 (host->status == hstatus_usable)? "usable" :
3070 (host->status == hstatus_unusable)? "unusable" :
3071 (host->status == hstatus_unusable_expired)? "unusable (expired)" : "?");
3072
3073 /* Skip this address if not usable at this time, noting if it wasn't
3074 actually expired, both locally and in the address. */
3075
3076 switch (host->status)
3077 {
3078 case hstatus_unusable:
3079 expired = FALSE;
3080 setflag(addrlist, af_retry_skipped);
3081 /* Fall through */
3082
3083 case hstatus_unusable_expired:
3084 switch (host->why)
3085 {
3086 case hwhy_retry: hosts_retry++; break;
3087 case hwhy_failed: hosts_fail++; break;
3088 case hwhy_deferred: hosts_defer++; break;
3089 }
3090
3091 /* If there was a retry message key, implying that previously there
3092 was a message-specific defer, we don't want to update the list of
3093 messages waiting for these hosts. */
3094
3095 if (retry_message_key != NULL) update_waiting = FALSE;
3096 continue; /* With the next host or IP address */
3097 }
3098 }
3099
3100 /* Second time round the loop: if the address is set but expired, and
3101 the message is newer than the last try, let it through. */
3102
3103 else
3104 {
3105 if (host->address == NULL ||
3106 host->status != hstatus_unusable_expired ||
3107 host->last_try > received_time)
3108 continue;
3109 DEBUG(D_transport)
3110 debug_printf("trying expired host %s [%s]%s\n",
3111 host->name, host->address, pistring);
3112 host_is_expired = TRUE;
3113 }
3114
3115 /* Setting "expired=FALSE" doesn't actually mean not all hosts are expired;
3116 it remains TRUE only if all hosts are expired and none are actually tried.
3117 */
3118
3119 expired = FALSE;
3120
3121 /* If this host is listed as one to which access must be serialized,
3122 see if another Exim process has a connection to it, and if so, skip
3123 this host. If not, update the database to record our connection to it
3124 and remember this for later deletion. Do not do any of this if we are
3125 sending the message down a pre-existing connection. */
3126
3127 if (!continuing &&
3128 verify_check_this_host(&(ob->serialize_hosts), NULL, host->name,
3129 host->address, NULL) == OK)
3130 {
3131 serialize_key = string_sprintf("host-serialize-%s", host->name);
3132 if (!enq_start(serialize_key))
3133 {
3134 DEBUG(D_transport)
3135 debug_printf("skipping host %s because another Exim process "
3136 "is connected to it\n", host->name);
3137 hosts_serial++;
3138 continue;
3139 }
3140 serialized = TRUE;
3141 }
3142
3143 /* OK, we have an IP address that is not waiting for its retry time to
3144 arrive (it might be expired) OR (second time round the loop) we have an
3145 expired host that hasn't been tried since the message arrived. Have a go
3146 at delivering the message to it. First prepare the addresses by flushing
3147 out the result of previous attempts, and finding the first address that
3148 is still to be delivered. */
3149
3150 first_addr = prepare_addresses(addrlist, host);
3151
3152 DEBUG(D_transport) debug_printf("delivering %s to %s [%s] (%s%s)\n",
3153 message_id, host->name, host->address, addrlist->address,
3154 (addrlist->next == NULL)? "" : ", ...");
3155
3156 set_process_info("delivering %s to %s [%s] (%s%s)",
3157 message_id, host->name, host->address, addrlist->address,
3158 (addrlist->next == NULL)? "" : ", ...");
3159
3160 /* This is not for real; don't do the delivery. If there are
3161 any remaining hosts, list them. */
3162
3163 if (dont_deliver)
3164 {
3165 host_item *host2;
3166 set_errno(addrlist, 0, NULL, OK, FALSE);
3167 for (addr = addrlist; addr != NULL; addr = addr->next)
3168 {
3169 addr->host_used = host;
3170 addr->special_action = '*';
3171 addr->message = US"delivery bypassed by -N option";
3172 }
3173 DEBUG(D_transport)
3174 {
3175 debug_printf("*** delivery by %s transport bypassed by -N option\n"
3176 "*** host and remaining hosts:\n", tblock->name);
3177 for (host2 = host; host2 != NULL; host2 = host2->next)
3178 debug_printf(" %s [%s]\n", host2->name,
3179 (host2->address == NULL)? US"unset" : host2->address);
3180 }
3181 rc = OK;
3182 }
3183
3184 /* This is for real. If the host is expired, we don't count it for
3185 hosts_max_retry. This ensures that all hosts must expire before an address
3186 is timed out, unless hosts_max_try_hardlimit (which protects against
3187 lunatic DNS configurations) is reached.
3188
3189 If the host is not expired and we are about to hit the hosts_max_retry
3190 limit, check to see if there is a subsequent hosts with a different MX
3191 value. If so, make that the next host, and don't count this one. This is a
3192 heuristic to make sure that different MXs do get tried. With a normal kind
3193 of retry rule, they would get tried anyway when the earlier hosts were
3194 delayed, but if the domain has a "retry every time" type of rule - as is
3195 often used for the the very large ISPs, that won't happen. */
3196
3197 else
3198 {
3199 if (!host_is_expired && ++unexpired_hosts_tried >= ob->hosts_max_try)
3200 {
3201 host_item *h;
3202 DEBUG(D_transport)
3203 debug_printf("hosts_max_try limit reached with this host\n");
3204 for (h = host; h != NULL; h = h->next)
3205 if (h->mx != host->mx) break;
3206 if (h != NULL)
3207 {
3208 nexthost = h;
3209 unexpired_hosts_tried--;
3210 DEBUG(D_transport) debug_printf("however, a higher MX host exists "
3211 "and will be tried\n");
3212 }
3213 }
3214
3215 /* Attempt the delivery. */
3216
3217 total_hosts_tried++;
3218 rc = smtp_deliver(addrlist, host, host_af, port, interface, tblock,
3219 expanded_hosts != NULL, &message_defer, FALSE);
3220
3221 /* Yield is one of:
3222 OK => connection made, each address contains its result;
3223 message_defer is set for message-specific defers (when all
3224 recipients are marked defer)
3225 DEFER => there was a non-message-specific delivery problem;
3226 ERROR => there was a problem setting up the arguments for a filter,
3227 or there was a problem with expanding added headers
3228 */
3229
3230 /* If the result is not OK, there was a non-message-specific problem.
3231 If the result is DEFER, we need to write to the logs saying what happened
3232 for this particular host, except in the case of authentication and TLS
3233 failures, where the log has already been written. If all hosts defer a
3234 general message is written at the end. */
3235
3236 if (rc == DEFER && first_addr->basic_errno != ERRNO_AUTHFAIL &&
3237 first_addr->basic_errno != ERRNO_TLSFAILURE)
3238 write_logs(first_addr, host);
3239
3240 #ifdef EXPERIMENTAL_TPDA
3241 if (rc == DEFER)
3242 tpda_deferred(ob, first_addr, host);
3243 #endif
3244
3245 /* If STARTTLS was accepted, but there was a failure in setting up the
3246 TLS session (usually a certificate screwup), and the host is not in
3247 hosts_require_tls, and tls_tempfail_tryclear is true, try again, with
3248 TLS forcibly turned off. We have to start from scratch with a new SMTP
3249 connection. That's why the retry is done from here, not from within
3250 smtp_deliver(). [Rejections of STARTTLS itself don't screw up the
3251 session, so the in-clear transmission after those errors, if permitted,
3252 happens inside smtp_deliver().] */
3253
3254 #ifdef SUPPORT_TLS
3255 if (rc == DEFER && first_addr->basic_errno == ERRNO_TLSFAILURE &&
3256 ob->tls_tempfail_tryclear &&
3257 verify_check_this_host(&(ob->hosts_require_tls), NULL, host->name,
3258 host->address, NULL) != OK)
3259 {
3260 log_write(0, LOG_MAIN, "TLS session failure: delivering unencrypted "
3261 "to %s [%s] (not in hosts_require_tls)", host->name, host->address);
3262 first_addr = prepare_addresses(addrlist, host);
3263 rc = smtp_deliver(addrlist, host, host_af, port, interface, tblock,
3264 expanded_hosts != NULL, &message_defer, TRUE);
3265 if (rc == DEFER && first_addr->basic_errno != ERRNO_AUTHFAIL)
3266 write_logs(first_addr, host);
3267 #ifdef EXPERIMENTAL_TPDA
3268 if (rc == DEFER)
3269 tpda_deferred(ob, first_addr, host);
3270 #endif
3271 }
3272 #endif
3273 }
3274
3275 /* Delivery attempt finished */
3276
3277 rs = (rc == OK)? US"OK" : (rc == DEFER)? US"DEFER" : (rc == ERROR)?
3278 US"ERROR" : US"?";
3279
3280 set_process_info("delivering %s: just tried %s [%s] for %s%s: result %s",
3281 message_id, host->name, host->address, addrlist->address,
3282 (addrlist->next == NULL)? "" : " (& others)", rs);
3283
3284 /* Release serialization if set up */
3285
3286 if (serialized) enq_end(serialize_key);
3287
3288 /* If the result is DEFER, or if a host retry record is known to exist, we
3289 need to add an item to the retry chain for updating the retry database
3290 at the end of delivery. We only need to add the item to the top address,
3291 of course. Also, if DEFER, we mark the IP address unusable so as to skip it
3292 for any other delivery attempts using the same address. (It is copied into
3293 the unusable tree at the outer level, so even if different address blocks
3294 contain the same address, it still won't get tried again.) */
3295
3296 if (rc == DEFER || retry_host_key != NULL)
3297 {
3298 int delete_flag = (rc != DEFER)? rf_delete : 0;
3299 if (retry_host_key == NULL)
3300 {
3301 retry_host_key = ob->retry_include_ip_address?
3302 string_sprintf("T:%S:%s%s", host->name, host->address, pistring) :
3303 string_sprintf("T:%S%s", host->name, pistring);
3304 }
3305
3306 /* If a delivery of another message over an existing SMTP connection
3307 yields DEFER, we do NOT set up retry data for the host. This covers the
3308 case when there are delays in routing the addresses in the second message
3309 that are so long that the server times out. This is alleviated by not
3310 routing addresses that previously had routing defers when handling an
3311 existing connection, but even so, this case may occur (e.g. if a
3312 previously happily routed address starts giving routing defers). If the
3313 host is genuinely down, another non-continued message delivery will
3314 notice it soon enough. */
3315
3316 if (delete_flag != 0 || !continuing)
3317 retry_add_item(first_addr, retry_host_key, rf_host | delete_flag);
3318
3319 /* We may have tried an expired host, if its retry time has come; ensure
3320 the status reflects the expiry for the benefit of any other addresses. */
3321
3322 if (rc == DEFER)
3323 {
3324 host->status = (host_is_expired)?
3325 hstatus_unusable_expired : hstatus_unusable;
3326 host->why = hwhy_deferred;
3327 }
3328 }
3329
3330 /* If message_defer is set (host was OK, but every recipient got deferred
3331 because of some message-specific problem), or if that had happened
3332 previously so that a message retry key exists, add an appropriate item
3333 to the retry chain. Note that if there was a message defer but now there is
3334 a host defer, the message defer record gets deleted. That seems perfectly
3335 reasonable. Also, stop the message from being remembered as waiting
3336 for specific hosts. */
3337
3338 if (message_defer || retry_message_key != NULL)
3339 {
3340 int delete_flag = message_defer? 0 : rf_delete;
3341 if (retry_message_key == NULL)
3342 {
3343 retry_message_key = ob->retry_include_ip_address?
3344 string_sprintf("T:%S:%s%s:%s", host->name, host->address, pistring,
3345 message_id) :
3346 string_sprintf("T:%S%s:%s", host->name, pistring, message_id);
3347 }
3348 retry_add_item(addrlist, retry_message_key,
3349 rf_message | rf_host | delete_flag);
3350 update_waiting = FALSE;
3351 }
3352
3353 /* Any return other than DEFER (that is, OK or ERROR) means that the
3354 addresses have got their final statuses filled in for this host. In the OK
3355 case, see if any of them are deferred. */
3356
3357 if (rc == OK)
3358 {
3359 for (addr = addrlist; addr != NULL; addr = addr->next)
3360 {
3361 if (addr->transport_return == DEFER)
3362 {
3363 some_deferred = TRUE;
3364 break;
3365 }
3366 }
3367 }
3368
3369 /* If no addresses deferred or the result was ERROR, return. We do this for
3370 ERROR because a failing filter set-up or add_headers expansion is likely to
3371 fail for any host we try. */
3372
3373 if (rc == ERROR || (rc == OK && !some_deferred))
3374 {
3375 DEBUG(D_transport) debug_printf("Leaving %s transport\n", tblock->name);
3376 return TRUE; /* Each address has its status */
3377 }
3378
3379 /* If the result was DEFER or some individual addresses deferred, let
3380 the loop run to try other hosts with the deferred addresses, except for the
3381 case when we were trying to deliver down an existing channel and failed.
3382 Don't try any other hosts in this case. */
3383
3384 if (continuing) break;
3385
3386 /* If the whole delivery, or some individual addresses, were deferred and
3387 there are more hosts that could be tried, do not count this host towards
3388 the hosts_max_try limit if the age of the message is greater than the
3389 maximum retry time for this host. This means we may try try all hosts,
3390 ignoring the limit, when messages have been around for some time. This is
3391 important because if we don't try all hosts, the address will never time
3392 out. NOTE: this does not apply to hosts_max_try_hardlimit. */
3393
3394 if ((rc == DEFER || some_deferred) && nexthost != NULL)
3395 {
3396 BOOL timedout;
3397 retry_config *retry = retry_find_config(host->name, NULL, 0, 0);
3398
3399 if (retry != NULL && retry->rules != NULL)
3400 {
3401 retry_rule *last_rule;
3402 for (last_rule = retry->rules;
3403 last_rule->next != NULL;
3404 last_rule = last_rule->next);
3405 timedout = time(NULL) - received_time > last_rule->timeout;
3406 }
3407 else timedout = TRUE; /* No rule => timed out */
3408
3409 if (timedout)
3410 {
3411 unexpired_hosts_tried--;
3412 DEBUG(D_transport) debug_printf("temporary delivery error(s) override "
3413 "hosts_max_try (message older than host's retry time)\n");
3414 }
3415 }
3416 } /* End of loop for trying multiple hosts. */
3417
3418 /* This is the end of the loop that repeats iff expired is TRUE and
3419 ob->delay_after_cutoff is FALSE. The second time round we will
3420 try those hosts that haven't been tried since the message arrived. */
3421
3422 DEBUG(D_transport)
3423 {
3424 debug_printf("all IP addresses skipped or deferred at least one address\n");
3425 if (expired && !ob->delay_after_cutoff && cutoff_retry == 0)
3426 debug_printf("retrying IP addresses not tried since message arrived\n");
3427 }
3428 }
3429
3430
3431 /* Get here if all IP addresses are skipped or defer at least one address. In
3432 MUA wrapper mode, this will happen only for connection or other non-message-
3433 specific failures. Force the delivery status for all addresses to FAIL. */
3434
3435 if (mua_wrapper)
3436 {
3437 for (addr = addrlist; addr != NULL; addr = addr->next)
3438 addr->transport_return = FAIL;
3439 goto END_TRANSPORT;
3440 }
3441
3442 /* In the normal, non-wrapper case, add a standard message to each deferred
3443 address if there hasn't been an error, that is, if it hasn't actually been
3444 tried this time. The variable "expired" will be FALSE if any deliveries were
3445 actually tried, or if there was at least one host that was not expired. That
3446 is, it is TRUE only if no deliveries were tried and all hosts were expired. If
3447 a delivery has been tried, an error code will be set, and the failing of the
3448 message is handled by the retry code later.
3449
3450 If queue_smtp is set, or this transport was called to send a subsequent message
3451 down an existing TCP/IP connection, and something caused the host not to be
3452 found, we end up here, but can detect these cases and handle them specially. */
3453
3454 for (addr = addrlist; addr != NULL; addr = addr->next)
3455 {
3456 /* If host is not NULL, it means that we stopped processing the host list
3457 because of hosts_max_try or hosts_max_try_hardlimit. In the former case, this
3458 means we need to behave as if some hosts were skipped because their retry
3459 time had not come. Specifically, this prevents the address from timing out.
3460 However, if we have hit hosts_max_try_hardlimit, we want to behave as if all
3461 hosts were tried. */
3462
3463 if (host != NULL)
3464 {
3465 if (total_hosts_tried >= ob->hosts_max_try_hardlimit)
3466 {
3467 DEBUG(D_transport)
3468 debug_printf("hosts_max_try_hardlimit reached: behave as if all "
3469 "hosts were tried\n");
3470 }
3471 else
3472 {
3473 DEBUG(D_transport)
3474 debug_printf("hosts_max_try limit caused some hosts to be skipped\n");
3475 setflag(addr, af_retry_skipped);
3476 }
3477 }
3478
3479 if (queue_smtp) /* no deliveries attempted */
3480 {
3481 addr->transport_return = DEFER;
3482 addr->basic_errno = 0;
3483 addr->message = US"SMTP delivery explicitly queued";
3484 }
3485
3486 else if (addr->transport_return == DEFER &&
3487 (addr->basic_errno == ERRNO_UNKNOWNERROR || addr->basic_errno == 0) &&
3488 addr->message == NULL)
3489 {
3490 addr->basic_errno = ERRNO_HRETRY;
3491 if (continue_hostname != NULL)
3492 {
3493 addr->message = US"no host found for existing SMTP connection";
3494 }
3495 else if (expired)
3496 {
3497 setflag(addr, af_pass_message); /* This is not a security risk */
3498 addr->message = (ob->delay_after_cutoff)?
3499 US"retry time not reached for any host after a long failure period" :
3500 US"all hosts have been failing for a long time and were last tried "
3501 "after this message arrived";
3502
3503 /* If we are already using fallback hosts, or there are no fallback hosts
3504 defined, convert the result to FAIL to cause a bounce. */
3505
3506 if (addr->host_list == addr->fallback_hosts ||
3507 addr->fallback_hosts == NULL)
3508 addr->transport_return = FAIL;
3509 }
3510 else
3511 {
3512 if (hosts_retry == hosts_total)
3513 addr->message = US"retry time not reached for any host";
3514 else if (hosts_fail == hosts_total)
3515 addr->message = US"all host address lookups failed permanently";
3516 else if (hosts_defer == hosts_total)
3517 addr->message = US"all host address lookups failed temporarily";
3518 else if (hosts_serial == hosts_total)
3519 addr->message = US"connection limit reached for all hosts";
3520 else if (hosts_fail+hosts_defer == hosts_total)
3521 addr->message = US"all host address lookups failed";
3522 else addr->message = US"some host address lookups failed and retry time "
3523 "not reached for other hosts or connection limit reached";
3524 }
3525 }
3526 }
3527
3528 /* Update the database which keeps information about which messages are waiting
3529 for which hosts to become available. For some message-specific errors, the
3530 update_waiting flag is turned off because we don't want follow-on deliveries in
3531 those cases. If this transport instance is explicitly limited to one message
3532 per connection then follow-on deliveries are not possible and there's no need
3533 to create/update the per-transport wait-<transport_name> database. */
3534
3535 if (update_waiting && tblock->connection_max_messages != 1)
3536 transport_update_waiting(hostlist, tblock->name);
3537
3538 END_TRANSPORT:
3539
3540 DEBUG(D_transport) debug_printf("Leaving %s transport\n", tblock->name);
3541
3542 return TRUE; /* Each address has its status */
3543 }
3544
3545 /* vi: aw ai sw=2
3546 */
3547 /* End of transport/smtp.c */
Unnamed repository; edit this file 'description' to name the repository.