Update DANE draft docs
[exim.git] / src / src / verify.c
1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4
5 /* Copyright (c) University of Cambridge 1995 - 2014 */
6 /* See the file NOTICE for conditions of use and distribution. */
7
8 /* Functions concerned with verifying things. The original code for callout
9 caching was contributed by Kevin Fleming (but I hacked it around a bit). */
10
11
12 #include "exim.h"
13 #include "transports/smtp.h"
14
15 #define CUTTHROUGH_CMD_TIMEOUT 30 /* timeout for cutthrough-routing calls */
16 #define CUTTHROUGH_DATA_TIMEOUT 60 /* timeout for cutthrough-routing calls */
17 address_item cutthrough_addr;
18 static smtp_outblock ctblock;
19 uschar ctbuffer[8192];
20
21
22 /* Structure for caching DNSBL lookups */
23
24 typedef struct dnsbl_cache_block {
25 dns_address *rhs;
26 uschar *text;
27 int rc;
28 BOOL text_set;
29 } dnsbl_cache_block;
30
31
32 /* Anchor for DNSBL cache */
33
34 static tree_node *dnsbl_cache = NULL;
35
36
37 /* Bits for match_type in one_check_dnsbl() */
38
39 #define MT_NOT 1
40 #define MT_ALL 2
41
42
43
44 /*************************************************
45 * Retrieve a callout cache record *
46 *************************************************/
47
48 /* If a record exists, check whether it has expired.
49
50 Arguments:
51 dbm_file an open hints file
52 key the record key
53 type "address" or "domain"
54 positive_expire expire time for positive records
55 negative_expire expire time for negative records
56
57 Returns: the cache record if a non-expired one exists, else NULL
58 */
59
60 static dbdata_callout_cache *
61 get_callout_cache_record(open_db *dbm_file, uschar *key, uschar *type,
62 int positive_expire, int negative_expire)
63 {
64 BOOL negative;
65 int length, expire;
66 time_t now;
67 dbdata_callout_cache *cache_record;
68
69 cache_record = dbfn_read_with_length(dbm_file, key, &length);
70
71 if (cache_record == NULL)
72 {
73 HDEBUG(D_verify) debug_printf("callout cache: no %s record found\n", type);
74 return NULL;
75 }
76
77 /* We treat a record as "negative" if its result field is not positive, or if
78 it is a domain record and the postmaster field is negative. */
79
80 negative = cache_record->result != ccache_accept ||
81 (type[0] == 'd' && cache_record->postmaster_result == ccache_reject);
82 expire = negative? negative_expire : positive_expire;
83 now = time(NULL);
84
85 if (now - cache_record->time_stamp > expire)
86 {
87 HDEBUG(D_verify) debug_printf("callout cache: %s record expired\n", type);
88 return NULL;
89 }
90
91 /* If this is a non-reject domain record, check for the obsolete format version
92 that doesn't have the postmaster and random timestamps, by looking at the
93 length. If so, copy it to a new-style block, replicating the record's
94 timestamp. Then check the additional timestamps. (There's no point wasting
95 effort if connections are rejected.) */
96
97 if (type[0] == 'd' && cache_record->result != ccache_reject)
98 {
99 if (length == sizeof(dbdata_callout_cache_obs))
100 {
101 dbdata_callout_cache *new = store_get(sizeof(dbdata_callout_cache));
102 memcpy(new, cache_record, length);
103 new->postmaster_stamp = new->random_stamp = new->time_stamp;
104 cache_record = new;
105 }
106
107 if (now - cache_record->postmaster_stamp > expire)
108 cache_record->postmaster_result = ccache_unknown;
109
110 if (now - cache_record->random_stamp > expire)
111 cache_record->random_result = ccache_unknown;
112 }
113
114 HDEBUG(D_verify) debug_printf("callout cache: found %s record\n", type);
115 return cache_record;
116 }
117
118
119
120 /*************************************************
121 * Do callout verification for an address *
122 *************************************************/
123
124 /* This function is called from verify_address() when the address has routed to
125 a host list, and a callout has been requested. Callouts are expensive; that is
126 why a cache is used to improve the efficiency.
127
128 Arguments:
129 addr the address that's been routed
130 host_list the list of hosts to try
131 tf the transport feedback block
132
133 ifstring "interface" option from transport, or NULL
134 portstring "port" option from transport, or NULL
135 protocolstring "protocol" option from transport, or NULL
136 callout the per-command callout timeout
137 callout_overall the overall callout timeout (if < 0 use 4*callout)
138 callout_connect the callout connection timeout (if < 0 use callout)
139 options the verification options - these bits are used:
140 vopt_is_recipient => this is a recipient address
141 vopt_callout_no_cache => don't use callout cache
142 vopt_callout_fullpm => if postmaster check, do full one
143 vopt_callout_random => do the "random" thing
144 vopt_callout_recipsender => use real sender for recipient
145 vopt_callout_recippmaster => use postmaster for recipient
146 se_mailfrom MAIL FROM address for sender verify; NULL => ""
147 pm_mailfrom if non-NULL, do the postmaster check with this sender
148
149 Returns: OK/FAIL/DEFER
150 */
151
152 static int
153 do_callout(address_item *addr, host_item *host_list, transport_feedback *tf,
154 int callout, int callout_overall, int callout_connect, int options,
155 uschar *se_mailfrom, uschar *pm_mailfrom)
156 {
157 BOOL is_recipient = (options & vopt_is_recipient) != 0;
158 BOOL callout_no_cache = (options & vopt_callout_no_cache) != 0;
159 BOOL callout_random = (options & vopt_callout_random) != 0;
160
161 int yield = OK;
162 int old_domain_cache_result = ccache_accept;
163 BOOL done = FALSE;
164 uschar *address_key;
165 uschar *from_address;
166 uschar *random_local_part = NULL;
167 uschar *save_deliver_domain = deliver_domain;
168 uschar **failure_ptr = is_recipient?
169 &recipient_verify_failure : &sender_verify_failure;
170 open_db dbblock;
171 open_db *dbm_file = NULL;
172 dbdata_callout_cache new_domain_record;
173 dbdata_callout_cache_address new_address_record;
174 host_item *host;
175 time_t callout_start_time;
176
177 new_domain_record.result = ccache_unknown;
178 new_domain_record.postmaster_result = ccache_unknown;
179 new_domain_record.random_result = ccache_unknown;
180
181 memset(&new_address_record, 0, sizeof(new_address_record));
182
183 /* For a recipient callout, the key used for the address cache record must
184 include the sender address if we are using the real sender in the callout,
185 because that may influence the result of the callout. */
186
187 address_key = addr->address;
188 from_address = US"";
189
190 if (is_recipient)
191 {
192 if ((options & vopt_callout_recipsender) != 0)
193 {
194 address_key = string_sprintf("%s/<%s>", addr->address, sender_address);
195 from_address = sender_address;
196 }
197 else if ((options & vopt_callout_recippmaster) != 0)
198 {
199 address_key = string_sprintf("%s/<postmaster@%s>", addr->address,
200 qualify_domain_sender);
201 from_address = string_sprintf("postmaster@%s", qualify_domain_sender);
202 }
203 }
204
205 /* For a sender callout, we must adjust the key if the mailfrom address is not
206 empty. */
207
208 else
209 {
210 from_address = (se_mailfrom == NULL)? US"" : se_mailfrom;
211 if (from_address[0] != 0)
212 address_key = string_sprintf("%s/<%s>", addr->address, from_address);
213 }
214
215 /* Open the callout cache database, it it exists, for reading only at this
216 stage, unless caching has been disabled. */
217
218 if (callout_no_cache)
219 {
220 HDEBUG(D_verify) debug_printf("callout cache: disabled by no_cache\n");
221 }
222 else if ((dbm_file = dbfn_open(US"callout", O_RDWR, &dbblock, FALSE)) == NULL)
223 {
224 HDEBUG(D_verify) debug_printf("callout cache: not available\n");
225 }
226
227 /* If a cache database is available see if we can avoid the need to do an
228 actual callout by making use of previously-obtained data. */
229
230 if (dbm_file != NULL)
231 {
232 dbdata_callout_cache_address *cache_address_record;
233 dbdata_callout_cache *cache_record = get_callout_cache_record(dbm_file,
234 addr->domain, US"domain",
235 callout_cache_domain_positive_expire,
236 callout_cache_domain_negative_expire);
237
238 /* If an unexpired cache record was found for this domain, see if the callout
239 process can be short-circuited. */
240
241 if (cache_record != NULL)
242 {
243 /* In most cases, if an early command (up to and including MAIL FROM:<>)
244 was rejected, there is no point carrying on. The callout fails. However, if
245 we are doing a recipient verification with use_sender or use_postmaster
246 set, a previous failure of MAIL FROM:<> doesn't count, because this time we
247 will be using a non-empty sender. We have to remember this situation so as
248 not to disturb the cached domain value if this whole verification succeeds
249 (we don't want it turning into "accept"). */
250
251 old_domain_cache_result = cache_record->result;
252
253 if (cache_record->result == ccache_reject ||
254 (*from_address == 0 && cache_record->result == ccache_reject_mfnull))
255 {
256 setflag(addr, af_verify_nsfail);
257 HDEBUG(D_verify)
258 debug_printf("callout cache: domain gave initial rejection, or "
259 "does not accept HELO or MAIL FROM:<>\n");
260 setflag(addr, af_verify_nsfail);
261 addr->user_message = US"(result of an earlier callout reused).";
262 yield = FAIL;
263 *failure_ptr = US"mail";
264 goto END_CALLOUT;
265 }
266
267 /* If a previous check on a "random" local part was accepted, we assume
268 that the server does not do any checking on local parts. There is therefore
269 no point in doing the callout, because it will always be successful. If a
270 random check previously failed, arrange not to do it again, but preserve
271 the data in the new record. If a random check is required but hasn't been
272 done, skip the remaining cache processing. */
273
274 if (callout_random) switch(cache_record->random_result)
275 {
276 case ccache_accept:
277 HDEBUG(D_verify)
278 debug_printf("callout cache: domain accepts random addresses\n");
279 goto END_CALLOUT; /* Default yield is OK */
280
281 case ccache_reject:
282 HDEBUG(D_verify)
283 debug_printf("callout cache: domain rejects random addresses\n");
284 callout_random = FALSE;
285 new_domain_record.random_result = ccache_reject;
286 new_domain_record.random_stamp = cache_record->random_stamp;
287 break;
288
289 default:
290 HDEBUG(D_verify)
291 debug_printf("callout cache: need to check random address handling "
292 "(not cached or cache expired)\n");
293 goto END_CACHE;
294 }
295
296 /* If a postmaster check is requested, but there was a previous failure,
297 there is again no point in carrying on. If a postmaster check is required,
298 but has not been done before, we are going to have to do a callout, so skip
299 remaining cache processing. */
300
301 if (pm_mailfrom != NULL)
302 {
303 if (cache_record->postmaster_result == ccache_reject)
304 {
305 setflag(addr, af_verify_pmfail);
306 HDEBUG(D_verify)
307 debug_printf("callout cache: domain does not accept "
308 "RCPT TO:<postmaster@domain>\n");
309 yield = FAIL;
310 *failure_ptr = US"postmaster";
311 setflag(addr, af_verify_pmfail);
312 addr->user_message = US"(result of earlier verification reused).";
313 goto END_CALLOUT;
314 }
315 if (cache_record->postmaster_result == ccache_unknown)
316 {
317 HDEBUG(D_verify)
318 debug_printf("callout cache: need to check RCPT "
319 "TO:<postmaster@domain> (not cached or cache expired)\n");
320 goto END_CACHE;
321 }
322
323 /* If cache says OK, set pm_mailfrom NULL to prevent a redundant
324 postmaster check if the address itself has to be checked. Also ensure
325 that the value in the cache record is preserved (with its old timestamp).
326 */
327
328 HDEBUG(D_verify) debug_printf("callout cache: domain accepts RCPT "
329 "TO:<postmaster@domain>\n");
330 pm_mailfrom = NULL;
331 new_domain_record.postmaster_result = ccache_accept;
332 new_domain_record.postmaster_stamp = cache_record->postmaster_stamp;
333 }
334 }
335
336 /* We can't give a result based on information about the domain. See if there
337 is an unexpired cache record for this specific address (combined with the
338 sender address if we are doing a recipient callout with a non-empty sender).
339 */
340
341 cache_address_record = (dbdata_callout_cache_address *)
342 get_callout_cache_record(dbm_file,
343 address_key, US"address",
344 callout_cache_positive_expire,
345 callout_cache_negative_expire);
346
347 if (cache_address_record != NULL)
348 {
349 if (cache_address_record->result == ccache_accept)
350 {
351 HDEBUG(D_verify)
352 debug_printf("callout cache: address record is positive\n");
353 }
354 else
355 {
356 HDEBUG(D_verify)
357 debug_printf("callout cache: address record is negative\n");
358 addr->user_message = US"Previous (cached) callout verification failure";
359 *failure_ptr = US"recipient";
360 yield = FAIL;
361 }
362 goto END_CALLOUT;
363 }
364
365 /* Close the cache database while we actually do the callout for real. */
366
367 END_CACHE:
368 dbfn_close(dbm_file);
369 dbm_file = NULL;
370 }
371
372 if (!addr->transport)
373 {
374 HDEBUG(D_verify) debug_printf("cannot callout via null transport\n");
375 }
376 else if (Ustrcmp(addr->transport->driver_name, "smtp") != 0)
377 log_write(0, LOG_MAIN|LOG_PANIC|LOG_CONFIG_FOR, "callout transport '%s': %s is non-smtp",
378 addr->transport->name, addr->transport->driver_name);
379 else
380 {
381 smtp_transport_options_block *ob =
382 (smtp_transport_options_block *)addr->transport->options_block;
383
384 /* The information wasn't available in the cache, so we have to do a real
385 callout and save the result in the cache for next time, unless no_cache is set,
386 or unless we have a previously cached negative random result. If we are to test
387 with a random local part, ensure that such a local part is available. If not,
388 log the fact, but carry on without randomming. */
389
390 if (callout_random && callout_random_local_part != NULL)
391 {
392 random_local_part = expand_string(callout_random_local_part);
393 if (random_local_part == NULL)
394 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand "
395 "callout_random_local_part: %s", expand_string_message);
396 }
397
398 /* Default the connect and overall callout timeouts if not set, and record the
399 time we are starting so that we can enforce it. */
400
401 if (callout_overall < 0) callout_overall = 4 * callout;
402 if (callout_connect < 0) callout_connect = callout;
403 callout_start_time = time(NULL);
404
405 /* Before doing a real callout, if this is an SMTP connection, flush the SMTP
406 output because a callout might take some time. When PIPELINING is active and
407 there are many recipients, the total time for doing lots of callouts can add up
408 and cause the client to time out. So in this case we forgo the PIPELINING
409 optimization. */
410
411 if (smtp_out != NULL && !disable_callout_flush) mac_smtp_fflush();
412
413 /* Now make connections to the hosts and do real callouts. The list of hosts
414 is passed in as an argument. */
415
416 for (host = host_list; host != NULL && !done; host = host->next)
417 {
418 smtp_inblock inblock;
419 smtp_outblock outblock;
420 int host_af;
421 int port = 25;
422 BOOL send_quit = TRUE;
423 uschar *active_hostname = smtp_active_hostname;
424 BOOL lmtp;
425 BOOL smtps;
426 BOOL esmtp;
427 BOOL suppress_tls = FALSE;
428 uschar *interface = NULL; /* Outgoing interface to use; NULL => any */
429 uschar inbuffer[4096];
430 uschar outbuffer[1024];
431 uschar responsebuffer[4096];
432
433 clearflag(addr, af_verify_pmfail); /* postmaster callout flag */
434 clearflag(addr, af_verify_nsfail); /* null sender callout flag */
435
436 /* Skip this host if we don't have an IP address for it. */
437
438 if (host->address == NULL)
439 {
440 DEBUG(D_verify) debug_printf("no IP address for host name %s: skipping\n",
441 host->name);
442 continue;
443 }
444
445 /* Check the overall callout timeout */
446
447 if (time(NULL) - callout_start_time >= callout_overall)
448 {
449 HDEBUG(D_verify) debug_printf("overall timeout for callout exceeded\n");
450 break;
451 }
452
453 /* Set IPv4 or IPv6 */
454
455 host_af = (Ustrchr(host->address, ':') == NULL)? AF_INET:AF_INET6;
456
457 /* Expand and interpret the interface and port strings. The latter will not
458 be used if there is a host-specific port (e.g. from a manualroute router).
459 This has to be delayed till now, because they may expand differently for
460 different hosts. If there's a failure, log it, but carry on with the
461 defaults. */
462
463 deliver_host = host->name;
464 deliver_host_address = host->address;
465 deliver_domain = addr->domain;
466
467 if (!smtp_get_interface(tf->interface, host_af, addr, NULL, &interface,
468 US"callout") ||
469 !smtp_get_port(tf->port, addr, &port, US"callout"))
470 log_write(0, LOG_MAIN|LOG_PANIC, "<%s>: %s", addr->address,
471 addr->message);
472
473 /* Set HELO string according to the protocol */
474 lmtp= Ustrcmp(tf->protocol, "lmtp") == 0;
475 smtps= Ustrcmp(tf->protocol, "smtps") == 0;
476
477
478 HDEBUG(D_verify) debug_printf("interface=%s port=%d\n", interface, port);
479
480 /* Set up the buffer for reading SMTP response packets. */
481
482 inblock.buffer = inbuffer;
483 inblock.buffersize = sizeof(inbuffer);
484 inblock.ptr = inbuffer;
485 inblock.ptrend = inbuffer;
486
487 /* Set up the buffer for holding SMTP commands while pipelining */
488
489 outblock.buffer = outbuffer;
490 outblock.buffersize = sizeof(outbuffer);
491 outblock.ptr = outbuffer;
492 outblock.cmd_count = 0;
493 outblock.authenticating = FALSE;
494
495 /* Reset the parameters of a TLS session */
496 tls_out.cipher = tls_out.peerdn = NULL;
497
498 /* Connect to the host; on failure, just loop for the next one, but we
499 set the error for the last one. Use the callout_connect timeout. */
500
501 tls_retry_connection:
502
503 inblock.sock = outblock.sock =
504 smtp_connect(host, host_af, port, interface, callout_connect, TRUE, NULL);
505 /* reconsider DSCP here */
506 if (inblock.sock < 0)
507 {
508 addr->message = string_sprintf("could not connect to %s [%s]: %s",
509 host->name, host->address, strerror(errno));
510 deliver_host = deliver_host_address = NULL;
511 deliver_domain = save_deliver_domain;
512 continue;
513 }
514
515 /* Expand the helo_data string to find the host name to use. */
516
517 if (tf->helo_data != NULL)
518 {
519 uschar *s = expand_string(tf->helo_data);
520 if (s == NULL)
521 log_write(0, LOG_MAIN|LOG_PANIC, "<%s>: failed to expand transport's "
522 "helo_data value for callout: %s", addr->address,
523 expand_string_message);
524 else active_hostname = s;
525 }
526
527 /* Wait for initial response, and send HELO. The smtp_write_command()
528 function leaves its command in big_buffer. This is used in error responses.
529 Initialize it in case the connection is rejected. */
530
531 Ustrcpy(big_buffer, "initial connection");
532
533 /* Unless ssl-on-connect, wait for the initial greeting */
534 smtps_redo_greeting:
535
536 #ifdef SUPPORT_TLS
537 if (!smtps || (smtps && tls_out.active >= 0))
538 #endif
539 if (!(done= smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), '2', callout)))
540 goto RESPONSE_FAILED;
541
542 /* Not worth checking greeting line for ESMTP support */
543 if (!(esmtp = verify_check_this_host(&(ob->hosts_avoid_esmtp), NULL,
544 host->name, host->address, NULL) != OK))
545 DEBUG(D_transport)
546 debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
547
548 tls_redo_helo:
549
550 #ifdef SUPPORT_TLS
551 if (smtps && tls_out.active < 0) /* ssl-on-connect, first pass */
552 {
553 tls_offered = TRUE;
554 ob->tls_tempfail_tryclear = FALSE;
555 }
556 else /* all other cases */
557 #endif
558
559 { esmtp_retry:
560
561 if (!(done= smtp_write_command(&outblock, FALSE, "%s %s\r\n",
562 !esmtp? "HELO" : lmtp? "LHLO" : "EHLO", active_hostname) >= 0))
563 goto SEND_FAILED;
564 if (!smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), '2', callout))
565 {
566 if (errno != 0 || responsebuffer[0] == 0 || lmtp || !esmtp || tls_out.active >= 0)
567 {
568 done= FALSE;
569 goto RESPONSE_FAILED;
570 }
571 #ifdef SUPPORT_TLS
572 tls_offered = FALSE;
573 #endif
574 esmtp = FALSE;
575 goto esmtp_retry; /* fallback to HELO */
576 }
577
578 /* Set tls_offered if the response to EHLO specifies support for STARTTLS. */
579 #ifdef SUPPORT_TLS
580 if (esmtp && !suppress_tls && tls_out.active < 0)
581 {
582 if (regex_STARTTLS == NULL) regex_STARTTLS =
583 regex_must_compile(US"\\n250[\\s\\-]STARTTLS(\\s|\\n|$)", FALSE, TRUE);
584
585 tls_offered = pcre_exec(regex_STARTTLS, NULL, CS responsebuffer,
586 Ustrlen(responsebuffer), 0, PCRE_EOPT, NULL, 0) >= 0;
587 }
588 else
589 tls_offered = FALSE;
590 #endif
591 }
592
593 /* If TLS is available on this connection attempt to
594 start up a TLS session, unless the host is in hosts_avoid_tls. If successful,
595 send another EHLO - the server may give a different answer in secure mode. We
596 use a separate buffer for reading the response to STARTTLS so that if it is
597 negative, the original EHLO data is available for subsequent analysis, should
598 the client not be required to use TLS. If the response is bad, copy the buffer
599 for error analysis. */
600
601 #ifdef SUPPORT_TLS
602 if (tls_offered &&
603 verify_check_this_host(&(ob->hosts_avoid_tls), NULL, host->name,
604 host->address, NULL) != OK &&
605 verify_check_this_host(&(ob->hosts_verify_avoid_tls), NULL, host->name,
606 host->address, NULL) != OK
607 )
608 {
609 uschar buffer2[4096];
610 if ( !smtps
611 && !(done= smtp_write_command(&outblock, FALSE, "STARTTLS\r\n") >= 0))
612 goto SEND_FAILED;
613
614 /* If there is an I/O error, transmission of this message is deferred. If
615 there is a temporary rejection of STARRTLS and tls_tempfail_tryclear is
616 false, we also defer. However, if there is a temporary rejection of STARTTLS
617 and tls_tempfail_tryclear is true, or if there is an outright rejection of
618 STARTTLS, we carry on. This means we will try to send the message in clear,
619 unless the host is in hosts_require_tls (tested below). */
620
621 if (!smtps && !smtp_read_response(&inblock, buffer2, sizeof(buffer2), '2',
622 ob->command_timeout))
623 {
624 if (errno != 0 || buffer2[0] == 0 ||
625 (buffer2[0] == '4' && !ob->tls_tempfail_tryclear))
626 {
627 Ustrncpy(responsebuffer, buffer2, sizeof(responsebuffer));
628 done= FALSE;
629 goto RESPONSE_FAILED;
630 }
631 }
632
633 /* STARTTLS accepted or ssl-on-connect: try to negotiate a TLS session. */
634 else
635 {
636 int oldtimeout = ob->command_timeout;
637 int rc;
638
639 ob->command_timeout = callout;
640 rc = tls_client_start(inblock.sock, host, addr, ob);
641 ob->command_timeout = oldtimeout;
642
643 /* TLS negotiation failed; give an error. Try in clear on a new connection,
644 if the options permit it for this host. */
645 if (rc != OK)
646 {
647 if ( rc == DEFER
648 && ob->tls_tempfail_tryclear
649 && !smtps
650 && verify_check_this_host(&(ob->hosts_require_tls), NULL,
651 host->name, host->address, NULL) != OK
652 #ifdef EXPERIMENTAL_DANE
653 && verify_check_this_host(&(ob->hosts_require_dane), NULL,
654 host->name, host->address, NULL) != OK
655 #endif
656 )
657 {
658 (void)close(inblock.sock);
659 log_write(0, LOG_MAIN, "TLS session failure: delivering unencrypted "
660 "to %s [%s] (not in hosts_require_tls)", host->name, host->address);
661 suppress_tls = TRUE;
662 goto tls_retry_connection;
663 }
664 /*save_errno = ERRNO_TLSFAILURE;*/
665 /*message = US"failure while setting up TLS session";*/
666 send_quit = FALSE;
667 done= FALSE;
668 goto TLS_FAILED;
669 }
670
671 /* TLS session is set up. Copy info for logging. */
672 addr->cipher = tls_out.cipher;
673 addr->peerdn = tls_out.peerdn;
674
675 /* For SMTPS we need to wait for the initial OK response, then do HELO. */
676 if (smtps)
677 goto smtps_redo_greeting;
678
679 /* For STARTTLS we need to redo EHLO */
680 goto tls_redo_helo;
681 }
682 }
683
684 /* If the host is required to use a secure channel, ensure that we have one. */
685 if (tls_out.active < 0)
686 if ( verify_check_this_host(&(ob->hosts_require_tls), NULL, host->name,
687 host->address, NULL) == OK
688 #ifdef EXPERIMENTAL_DANE
689 || verify_check_this_host(&(ob->hosts_require_dane), NULL, host->name,
690 host->address, NULL) == OK
691 #endif
692 )
693 {
694 /*save_errno = ERRNO_TLSREQUIRED;*/
695 log_write(0, LOG_MAIN, "a TLS session is required for %s [%s], but %s",
696 host->name, host->address,
697 tls_offered? "an attempt to start TLS failed" : "the server did not offer TLS support");
698 done= FALSE;
699 goto TLS_FAILED;
700 }
701
702 #endif /*SUPPORT_TLS*/
703
704 done = TRUE; /* so far so good; have response to HELO */
705
706 /*XXX the EHLO response would be analyzed here for IGNOREQUOTA, SIZE, PIPELINING */
707
708 /* For now, transport_filter by cutthrough-delivery is not supported */
709 /* Need proper integration with the proper transport mechanism. */
710 if (cutthrough_delivery)
711 {
712 if (addr->transport->filter_command)
713 {
714 cutthrough_delivery= FALSE;
715 HDEBUG(D_acl|D_v) debug_printf("Cutthrough cancelled by presence of transport filter\n");
716 }
717 #ifndef DISABLE_DKIM
718 if (ob->dkim_domain)
719 {
720 cutthrough_delivery= FALSE;
721 HDEBUG(D_acl|D_v) debug_printf("Cutthrough cancelled by presence of DKIM signing\n");
722 }
723 #endif
724 }
725
726 SEND_FAILED:
727 RESPONSE_FAILED:
728 TLS_FAILED:
729 ;
730 /* Clear down of the TLS, SMTP and TCP layers on error is handled below. */
731
732 /* Failure to accept HELO is cached; this blocks the whole domain for all
733 senders. I/O errors and defer responses are not cached. */
734
735 if (!done)
736 {
737 *failure_ptr = US"mail"; /* At or before MAIL */
738 if (errno == 0 && responsebuffer[0] == '5')
739 {
740 setflag(addr, af_verify_nsfail);
741 new_domain_record.result = ccache_reject;
742 }
743 }
744
745 /* If we haven't authenticated, but are required to, give up. */
746 /* Try to AUTH */
747
748 else done = smtp_auth(responsebuffer, sizeof(responsebuffer),
749 addr, host, ob, esmtp, &inblock, &outblock) == OK &&
750
751 /* Copy AUTH info for logging */
752 ( (addr->authenticator = client_authenticator),
753 (addr->auth_id = client_authenticated_id),
754
755 /* Build a mail-AUTH string (re-using responsebuffer for convenience */
756 !smtp_mail_auth_str(responsebuffer, sizeof(responsebuffer), addr, ob)
757 ) &&
758
759 ( (addr->auth_sndr = client_authenticated_sender),
760
761 /* Send the MAIL command */
762 (smtp_write_command(&outblock, FALSE, "MAIL FROM:<%s>%s\r\n",
763 from_address, responsebuffer) >= 0)
764 ) &&
765
766 smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
767 '2', callout);
768
769 deliver_host = deliver_host_address = NULL;
770 deliver_domain = save_deliver_domain;
771
772 /* If the host does not accept MAIL FROM:<>, arrange to cache this
773 information, but again, don't record anything for an I/O error or a defer. Do
774 not cache rejections of MAIL when a non-empty sender has been used, because
775 that blocks the whole domain for all senders. */
776
777 if (!done)
778 {
779 *failure_ptr = US"mail"; /* At or before MAIL */
780 if (errno == 0 && responsebuffer[0] == '5')
781 {
782 setflag(addr, af_verify_nsfail);
783 if (from_address[0] == 0)
784 new_domain_record.result = ccache_reject_mfnull;
785 }
786 }
787
788 /* Otherwise, proceed to check a "random" address (if required), then the
789 given address, and the postmaster address (if required). Between each check,
790 issue RSET, because some servers accept only one recipient after MAIL
791 FROM:<>.
792
793 Before doing this, set the result in the domain cache record to "accept",
794 unless its previous value was ccache_reject_mfnull. In that case, the domain
795 rejects MAIL FROM:<> and we want to continue to remember that. When that is
796 the case, we have got here only in the case of a recipient verification with
797 a non-null sender. */
798
799 else
800 {
801 new_domain_record.result =
802 (old_domain_cache_result == ccache_reject_mfnull)?
803 ccache_reject_mfnull: ccache_accept;
804
805 /* Do the random local part check first */
806
807 if (random_local_part != NULL)
808 {
809 uschar randombuffer[1024];
810 BOOL random_ok =
811 smtp_write_command(&outblock, FALSE,
812 "RCPT TO:<%.1000s@%.1000s>\r\n", random_local_part,
813 addr->domain) >= 0 &&
814 smtp_read_response(&inblock, randombuffer,
815 sizeof(randombuffer), '2', callout);
816
817 /* Remember when we last did a random test */
818
819 new_domain_record.random_stamp = time(NULL);
820
821 /* If accepted, we aren't going to do any further tests below. */
822
823 if (random_ok)
824 {
825 new_domain_record.random_result = ccache_accept;
826 }
827
828 /* Otherwise, cache a real negative response, and get back to the right
829 state to send RCPT. Unless there's some problem such as a dropped
830 connection, we expect to succeed, because the commands succeeded above. */
831
832 else if (errno == 0)
833 {
834 if (randombuffer[0] == '5')
835 new_domain_record.random_result = ccache_reject;
836
837 done =
838 smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0 &&
839 smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
840 '2', callout) &&
841
842 smtp_write_command(&outblock, FALSE, "MAIL FROM:<%s>\r\n",
843 from_address) >= 0 &&
844 smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
845 '2', callout);
846 }
847 else done = FALSE; /* Some timeout/connection problem */
848 } /* Random check */
849
850 /* If the host is accepting all local parts, as determined by the "random"
851 check, we don't need to waste time doing any further checking. */
852
853 if (new_domain_record.random_result != ccache_accept && done)
854 {
855 /* Get the rcpt_include_affixes flag from the transport if there is one,
856 but assume FALSE if there is not. */
857
858 done =
859 smtp_write_command(&outblock, FALSE, "RCPT TO:<%.1000s>\r\n",
860 transport_rcpt_address(addr,
861 (addr->transport == NULL)? FALSE :
862 addr->transport->rcpt_include_affixes)) >= 0 &&
863 smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
864 '2', callout);
865
866 if (done)
867 new_address_record.result = ccache_accept;
868 else if (errno == 0 && responsebuffer[0] == '5')
869 {
870 *failure_ptr = US"recipient";
871 new_address_record.result = ccache_reject;
872 }
873
874 /* Do postmaster check if requested; if a full check is required, we
875 check for RCPT TO:<postmaster> (no domain) in accordance with RFC 821. */
876
877 if (done && pm_mailfrom != NULL)
878 {
879 /*XXX not suitable for cutthrough - sequencing problems */
880 cutthrough_delivery= FALSE;
881 HDEBUG(D_acl|D_v) debug_printf("Cutthrough cancelled by presence of postmaster verify\n");
882
883 done =
884 smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0 &&
885 smtp_read_response(&inblock, responsebuffer,
886 sizeof(responsebuffer), '2', callout) &&
887
888 smtp_write_command(&outblock, FALSE,
889 "MAIL FROM:<%s>\r\n", pm_mailfrom) >= 0 &&
890 smtp_read_response(&inblock, responsebuffer,
891 sizeof(responsebuffer), '2', callout) &&
892
893 /* First try using the current domain */
894
895 ((
896 smtp_write_command(&outblock, FALSE,
897 "RCPT TO:<postmaster@%.1000s>\r\n", addr->domain) >= 0 &&
898 smtp_read_response(&inblock, responsebuffer,
899 sizeof(responsebuffer), '2', callout)
900 )
901
902 ||
903
904 /* If that doesn't work, and a full check is requested,
905 try without the domain. */
906
907 (
908 (options & vopt_callout_fullpm) != 0 &&
909 smtp_write_command(&outblock, FALSE,
910 "RCPT TO:<postmaster>\r\n") >= 0 &&
911 smtp_read_response(&inblock, responsebuffer,
912 sizeof(responsebuffer), '2', callout)
913 ));
914
915 /* Sort out the cache record */
916
917 new_domain_record.postmaster_stamp = time(NULL);
918
919 if (done)
920 new_domain_record.postmaster_result = ccache_accept;
921 else if (errno == 0 && responsebuffer[0] == '5')
922 {
923 *failure_ptr = US"postmaster";
924 setflag(addr, af_verify_pmfail);
925 new_domain_record.postmaster_result = ccache_reject;
926 }
927 }
928 } /* Random not accepted */
929 } /* MAIL FROM: accepted */
930
931 /* For any failure of the main check, other than a negative response, we just
932 close the connection and carry on. We can identify a negative response by the
933 fact that errno is zero. For I/O errors it will be non-zero
934
935 Set up different error texts for logging and for sending back to the caller
936 as an SMTP response. Log in all cases, using a one-line format. For sender
937 callouts, give a full response to the caller, but for recipient callouts,
938 don't give the IP address because this may be an internal host whose identity
939 is not to be widely broadcast. */
940
941 if (!done)
942 {
943 if (errno == ETIMEDOUT)
944 {
945 HDEBUG(D_verify) debug_printf("SMTP timeout\n");
946 send_quit = FALSE;
947 }
948 else if (errno == 0)
949 {
950 if (*responsebuffer == 0) Ustrcpy(responsebuffer, US"connection dropped");
951
952 addr->message =
953 string_sprintf("response to \"%s\" from %s [%s] was: %s",
954 big_buffer, host->name, host->address,
955 string_printing(responsebuffer));
956
957 addr->user_message = is_recipient?
958 string_sprintf("Callout verification failed:\n%s", responsebuffer)
959 :
960 string_sprintf("Called: %s\nSent: %s\nResponse: %s",
961 host->address, big_buffer, responsebuffer);
962
963 /* Hard rejection ends the process */
964
965 if (responsebuffer[0] == '5') /* Address rejected */
966 {
967 yield = FAIL;
968 done = TRUE;
969 }
970 }
971 }
972
973 /* End the SMTP conversation and close the connection. */
974
975 /* Cutthrough - on a successfull connect and recipient-verify with use-sender
976 and we have no cutthrough conn so far
977 here is where we want to leave the conn open */
978 if ( cutthrough_delivery
979 && done
980 && yield == OK
981 && (options & (vopt_callout_recipsender|vopt_callout_recippmaster)) == vopt_callout_recipsender
982 && !random_local_part
983 && !pm_mailfrom
984 && cutthrough_fd < 0
985 )
986 {
987 cutthrough_fd= outblock.sock; /* We assume no buffer in use in the outblock */
988 cutthrough_addr = *addr; /* Save the address_item for later logging */
989 cutthrough_addr.next = NULL;
990 cutthrough_addr.host_used = store_get(sizeof(host_item));
991 cutthrough_addr.host_used->name = host->name;
992 cutthrough_addr.host_used->address = host->address;
993 cutthrough_addr.host_used->port = port;
994 if (addr->parent)
995 *(cutthrough_addr.parent = store_get(sizeof(address_item)))= *addr->parent;
996 ctblock.buffer = ctbuffer;
997 ctblock.buffersize = sizeof(ctbuffer);
998 ctblock.ptr = ctbuffer;
999 /* ctblock.cmd_count = 0; ctblock.authenticating = FALSE; */
1000 ctblock.sock = cutthrough_fd;
1001 }
1002 else
1003 {
1004 /* Ensure no cutthrough on multiple address verifies */
1005 if (options & vopt_callout_recipsender)
1006 cancel_cutthrough_connection("multiple verify calls");
1007 if (send_quit) (void)smtp_write_command(&outblock, FALSE, "QUIT\r\n");
1008
1009 #ifdef SUPPORT_TLS
1010 tls_close(FALSE, TRUE);
1011 #endif
1012 (void)close(inblock.sock);
1013 }
1014
1015 } /* Loop through all hosts, while !done */
1016 }
1017
1018 /* If we get here with done == TRUE, a successful callout happened, and yield
1019 will be set OK or FAIL according to the response to the RCPT command.
1020 Otherwise, we looped through the hosts but couldn't complete the business.
1021 However, there may be domain-specific information to cache in both cases.
1022
1023 The value of the result field in the new_domain record is ccache_unknown if
1024 there was an error before or with MAIL FROM:, and errno was not zero,
1025 implying some kind of I/O error. We don't want to write the cache in that case.
1026 Otherwise the value is ccache_accept, ccache_reject, or ccache_reject_mfnull. */
1027
1028 if (!callout_no_cache && new_domain_record.result != ccache_unknown)
1029 {
1030 if ((dbm_file = dbfn_open(US"callout", O_RDWR|O_CREAT, &dbblock, FALSE))
1031 == NULL)
1032 {
1033 HDEBUG(D_verify) debug_printf("callout cache: not available\n");
1034 }
1035 else
1036 {
1037 (void)dbfn_write(dbm_file, addr->domain, &new_domain_record,
1038 (int)sizeof(dbdata_callout_cache));
1039 HDEBUG(D_verify) debug_printf("wrote callout cache domain record:\n"
1040 " result=%d postmaster=%d random=%d\n",
1041 new_domain_record.result,
1042 new_domain_record.postmaster_result,
1043 new_domain_record.random_result);
1044 }
1045 }
1046
1047 /* If a definite result was obtained for the callout, cache it unless caching
1048 is disabled. */
1049
1050 if (done)
1051 {
1052 if (!callout_no_cache && new_address_record.result != ccache_unknown)
1053 {
1054 if (dbm_file == NULL)
1055 dbm_file = dbfn_open(US"callout", O_RDWR|O_CREAT, &dbblock, FALSE);
1056 if (dbm_file == NULL)
1057 {
1058 HDEBUG(D_verify) debug_printf("no callout cache available\n");
1059 }
1060 else
1061 {
1062 (void)dbfn_write(dbm_file, address_key, &new_address_record,
1063 (int)sizeof(dbdata_callout_cache_address));
1064 HDEBUG(D_verify) debug_printf("wrote %s callout cache address record\n",
1065 (new_address_record.result == ccache_accept)? "positive" : "negative");
1066 }
1067 }
1068 } /* done */
1069
1070 /* Failure to connect to any host, or any response other than 2xx or 5xx is a
1071 temporary error. If there was only one host, and a response was received, leave
1072 it alone if supplying details. Otherwise, give a generic response. */
1073
1074 else /* !done */
1075 {
1076 uschar *dullmsg = string_sprintf("Could not complete %s verify callout",
1077 is_recipient? "recipient" : "sender");
1078 yield = DEFER;
1079
1080 if (host_list->next != NULL || addr->message == NULL) addr->message = dullmsg;
1081
1082 addr->user_message = (!smtp_return_error_details)? dullmsg :
1083 string_sprintf("%s for <%s>.\n"
1084 "The mail server(s) for the domain may be temporarily unreachable, or\n"
1085 "they may be permanently unreachable from this server. In the latter case,\n%s",
1086 dullmsg, addr->address,
1087 is_recipient?
1088 "the address will never be accepted."
1089 :
1090 "you need to change the address or create an MX record for its domain\n"
1091 "if it is supposed to be generally accessible from the Internet.\n"
1092 "Talk to your mail administrator for details.");
1093
1094 /* Force a specific error code */
1095
1096 addr->basic_errno = ERRNO_CALLOUTDEFER;
1097 }
1098
1099 /* Come here from within the cache-reading code on fast-track exit. */
1100
1101 END_CALLOUT:
1102 if (dbm_file != NULL) dbfn_close(dbm_file);
1103 return yield;
1104 }
1105
1106
1107
1108 /* Called after recipient-acl to get a cutthrough connection open when
1109 one was requested and a recipient-verify wasn't subsequently done.
1110 */
1111 void
1112 open_cutthrough_connection( address_item * addr )
1113 {
1114 address_item addr2;
1115
1116 /* Use a recipient-verify-callout to set up the cutthrough connection. */
1117 /* We must use a copy of the address for verification, because it might
1118 get rewritten. */
1119
1120 addr2 = *addr;
1121 HDEBUG(D_acl) debug_printf("----------- start cutthrough setup ------------\n");
1122 (void) verify_address(&addr2, NULL,
1123 vopt_is_recipient | vopt_callout_recipsender | vopt_callout_no_cache,
1124 CUTTHROUGH_CMD_TIMEOUT, -1, -1,
1125 NULL, NULL, NULL);
1126 HDEBUG(D_acl) debug_printf("----------- end cutthrough setup ------------\n");
1127 return;
1128 }
1129
1130
1131
1132 /* Send given number of bytes from the buffer */
1133 static BOOL
1134 cutthrough_send(int n)
1135 {
1136 if(cutthrough_fd < 0)
1137 return TRUE;
1138
1139 if(
1140 #ifdef SUPPORT_TLS
1141 (tls_out.active == cutthrough_fd) ? tls_write(FALSE, ctblock.buffer, n) :
1142 #endif
1143 send(cutthrough_fd, ctblock.buffer, n, 0) > 0
1144 )
1145 {
1146 transport_count += n;
1147 ctblock.ptr= ctblock.buffer;
1148 return TRUE;
1149 }
1150
1151 HDEBUG(D_transport|D_acl) debug_printf("cutthrough_send failed: %s\n", strerror(errno));
1152 return FALSE;
1153 }
1154
1155
1156
1157 static BOOL
1158 _cutthrough_puts(uschar * cp, int n)
1159 {
1160 while(n--)
1161 {
1162 if(ctblock.ptr >= ctblock.buffer+ctblock.buffersize)
1163 if(!cutthrough_send(ctblock.buffersize))
1164 return FALSE;
1165
1166 *ctblock.ptr++ = *cp++;
1167 }
1168 return TRUE;
1169 }
1170
1171 /* Buffered output of counted data block. Return boolean success */
1172 BOOL
1173 cutthrough_puts(uschar * cp, int n)
1174 {
1175 if (cutthrough_fd < 0) return TRUE;
1176 if (_cutthrough_puts(cp, n)) return TRUE;
1177 cancel_cutthrough_connection("transmit failed");
1178 return FALSE;
1179 }
1180
1181
1182 static BOOL
1183 _cutthrough_flush_send( void )
1184 {
1185 int n= ctblock.ptr-ctblock.buffer;
1186
1187 if(n>0)
1188 if(!cutthrough_send(n))
1189 return FALSE;
1190 return TRUE;
1191 }
1192
1193
1194 /* Send out any bufferred output. Return boolean success. */
1195 BOOL
1196 cutthrough_flush_send( void )
1197 {
1198 if (_cutthrough_flush_send()) return TRUE;
1199 cancel_cutthrough_connection("transmit failed");
1200 return FALSE;
1201 }
1202
1203
1204 BOOL
1205 cutthrough_put_nl( void )
1206 {
1207 return cutthrough_puts(US"\r\n", 2);
1208 }
1209
1210
1211 /* Get and check response from cutthrough target */
1212 static uschar
1213 cutthrough_response(char expect, uschar ** copy)
1214 {
1215 smtp_inblock inblock;
1216 uschar inbuffer[4096];
1217 uschar responsebuffer[4096];
1218
1219 inblock.buffer = inbuffer;
1220 inblock.buffersize = sizeof(inbuffer);
1221 inblock.ptr = inbuffer;
1222 inblock.ptrend = inbuffer;
1223 inblock.sock = cutthrough_fd;
1224 /* this relies on (inblock.sock == tls_out.active) */
1225 if(!smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), expect, CUTTHROUGH_DATA_TIMEOUT))
1226 cancel_cutthrough_connection("target timeout on read");
1227
1228 if(copy != NULL)
1229 {
1230 uschar * cp;
1231 *copy= cp= string_copy(responsebuffer);
1232 /* Trim the trailing end of line */
1233 cp += Ustrlen(responsebuffer);
1234 if(cp > *copy && cp[-1] == '\n') *--cp = '\0';
1235 if(cp > *copy && cp[-1] == '\r') *--cp = '\0';
1236 }
1237
1238 return responsebuffer[0];
1239 }
1240
1241
1242 /* Negotiate dataphase with the cutthrough target, returning success boolean */
1243 BOOL
1244 cutthrough_predata( void )
1245 {
1246 if(cutthrough_fd < 0)
1247 return FALSE;
1248
1249 HDEBUG(D_transport|D_acl|D_v) debug_printf(" SMTP>> DATA\n");
1250 cutthrough_puts(US"DATA\r\n", 6);
1251 cutthrough_flush_send();
1252
1253 /* Assume nothing buffered. If it was it gets ignored. */
1254 return cutthrough_response('3', NULL) == '3';
1255 }
1256
1257
1258 /* fd and use_crlf args only to match write_chunk() */
1259 static BOOL
1260 cutthrough_write_chunk(int fd, uschar * s, int len, BOOL use_crlf)
1261 {
1262 uschar * s2;
1263 while(s && (s2 = Ustrchr(s, '\n')))
1264 {
1265 if(!cutthrough_puts(s, s2-s) || !cutthrough_put_nl())
1266 return FALSE;
1267 s = s2+1;
1268 }
1269 return TRUE;
1270 }
1271
1272
1273 /* Buffered send of headers. Return success boolean. */
1274 /* Expands newlines to wire format (CR,NL). */
1275 /* Also sends header-terminating blank line. */
1276 BOOL
1277 cutthrough_headers_send( void )
1278 {
1279 if(cutthrough_fd < 0)
1280 return FALSE;
1281
1282 /* We share a routine with the mainline transport to handle header add/remove/rewrites,
1283 but having a separate buffered-output function (for now)
1284 */
1285 HDEBUG(D_acl) debug_printf("----------- start cutthrough headers send -----------\n");
1286
1287 if (!transport_headers_send(&cutthrough_addr, cutthrough_fd,
1288 cutthrough_addr.transport->add_headers, cutthrough_addr.transport->remove_headers,
1289 &cutthrough_write_chunk, TRUE,
1290 cutthrough_addr.transport->rewrite_rules, cutthrough_addr.transport->rewrite_existflags))
1291 return FALSE;
1292
1293 HDEBUG(D_acl) debug_printf("----------- done cutthrough headers send ------------\n");
1294 return TRUE;
1295 }
1296
1297
1298 static void
1299 close_cutthrough_connection( const char * why )
1300 {
1301 if(cutthrough_fd >= 0)
1302 {
1303 /* We could be sending this after a bunch of data, but that is ok as
1304 the only way to cancel the transfer in dataphase is to drop the tcp
1305 conn before the final dot.
1306 */
1307 ctblock.ptr = ctbuffer;
1308 HDEBUG(D_transport|D_acl|D_v) debug_printf(" SMTP>> QUIT\n");
1309 _cutthrough_puts(US"QUIT\r\n", 6); /* avoid recursion */
1310 _cutthrough_flush_send();
1311 /* No wait for response */
1312
1313 #ifdef SUPPORT_TLS
1314 tls_close(FALSE, TRUE);
1315 #endif
1316 (void)close(cutthrough_fd);
1317 cutthrough_fd= -1;
1318 HDEBUG(D_acl) debug_printf("----------- cutthrough shutdown (%s) ------------\n", why);
1319 }
1320 ctblock.ptr = ctbuffer;
1321 }
1322
1323 void
1324 cancel_cutthrough_connection( const char * why )
1325 {
1326 close_cutthrough_connection(why);
1327 cutthrough_delivery= FALSE;
1328 }
1329
1330
1331
1332
1333 /* Have senders final-dot. Send one to cutthrough target, and grab the response.
1334 Log an OK response as a transmission.
1335 Close the connection.
1336 Return smtp response-class digit.
1337 */
1338 uschar *
1339 cutthrough_finaldot( void )
1340 {
1341 HDEBUG(D_transport|D_acl|D_v) debug_printf(" SMTP>> .\n");
1342
1343 /* Assume data finshed with new-line */
1344 if(!cutthrough_puts(US".", 1) || !cutthrough_put_nl() || !cutthrough_flush_send())
1345 return cutthrough_addr.message;
1346
1347 switch(cutthrough_response('2', &cutthrough_addr.message))
1348 {
1349 case '2':
1350 delivery_log(LOG_MAIN, &cutthrough_addr, (int)'>', NULL);
1351 close_cutthrough_connection("delivered");
1352 break;
1353
1354 case '4':
1355 delivery_log(LOG_MAIN, &cutthrough_addr, 0, US"tmp-reject from cutthrough after DATA:");
1356 break;
1357
1358 case '5':
1359 delivery_log(LOG_MAIN|LOG_REJECT, &cutthrough_addr, 0, US"rejected after DATA:");
1360 break;
1361
1362 default:
1363 break;
1364 }
1365 return cutthrough_addr.message;
1366 }
1367
1368
1369
1370 /*************************************************
1371 * Copy error to toplevel address *
1372 *************************************************/
1373
1374 /* This function is used when a verify fails or defers, to ensure that the
1375 failure or defer information is in the original toplevel address. This applies
1376 when an address is redirected to a single new address, and the failure or
1377 deferral happens to the child address.
1378
1379 Arguments:
1380 vaddr the verify address item
1381 addr the final address item
1382 yield FAIL or DEFER
1383
1384 Returns: the value of YIELD
1385 */
1386
1387 static int
1388 copy_error(address_item *vaddr, address_item *addr, int yield)
1389 {
1390 if (addr != vaddr)
1391 {
1392 vaddr->message = addr->message;
1393 vaddr->user_message = addr->user_message;
1394 vaddr->basic_errno = addr->basic_errno;
1395 vaddr->more_errno = addr->more_errno;
1396 vaddr->p.address_data = addr->p.address_data;
1397 copyflag(vaddr, addr, af_pass_message);
1398 }
1399 return yield;
1400 }
1401
1402
1403
1404
1405 /**************************************************
1406 * printf that automatically handles TLS if needed *
1407 ***************************************************/
1408
1409 /* This function is used by verify_address() as a substitute for all fprintf()
1410 calls; a direct fprintf() will not produce output in a TLS SMTP session, such
1411 as a response to an EXPN command. smtp_in.c makes smtp_printf available but
1412 that assumes that we always use the smtp_out FILE* when not using TLS or the
1413 ssl buffer when we are. Instead we take a FILE* parameter and check to see if
1414 that is smtp_out; if so, smtp_printf() with TLS support, otherwise regular
1415 fprintf().
1416
1417 Arguments:
1418 f the candidate FILE* to write to
1419 format format string
1420 ... optional arguments
1421
1422 Returns:
1423 nothing
1424 */
1425
1426 static void PRINTF_FUNCTION(2,3)
1427 respond_printf(FILE *f, const char *format, ...)
1428 {
1429 va_list ap;
1430
1431 va_start(ap, format);
1432 if (smtp_out && (f == smtp_out))
1433 smtp_vprintf(format, ap);
1434 else
1435 vfprintf(f, format, ap);
1436 va_end(ap);
1437 }
1438
1439
1440
1441 /*************************************************
1442 * Verify an email address *
1443 *************************************************/
1444
1445 /* This function is used both for verification (-bv and at other times) and
1446 address testing (-bt), which is indicated by address_test_mode being set.
1447
1448 Arguments:
1449 vaddr contains the address to verify; the next field in this block
1450 must be NULL
1451 f if not NULL, write the result to this file
1452 options various option bits:
1453 vopt_fake_sender => this sender verify is not for the real
1454 sender (it was verify=sender=xxxx or an address from a
1455 header line) - rewriting must not change sender_address
1456 vopt_is_recipient => this is a recipient address, otherwise
1457 it's a sender address - this affects qualification and
1458 rewriting and messages from callouts
1459 vopt_qualify => qualify an unqualified address; else error
1460 vopt_expn => called from SMTP EXPN command
1461 vopt_success_on_redirect => when a new address is generated
1462 the verification instantly succeeds
1463
1464 These ones are used by do_callout() -- the options variable
1465 is passed to it.
1466
1467 vopt_callout_fullpm => if postmaster check, do full one
1468 vopt_callout_no_cache => don't use callout cache
1469 vopt_callout_random => do the "random" thing
1470 vopt_callout_recipsender => use real sender for recipient
1471 vopt_callout_recippmaster => use postmaster for recipient
1472
1473 callout if > 0, specifies that callout is required, and gives timeout
1474 for individual commands
1475 callout_overall if > 0, gives overall timeout for the callout function;
1476 if < 0, a default is used (see do_callout())
1477 callout_connect the connection timeout for callouts
1478 se_mailfrom when callout is requested to verify a sender, use this
1479 in MAIL FROM; NULL => ""
1480 pm_mailfrom when callout is requested, if non-NULL, do the postmaster
1481 thing and use this as the sender address (may be "")
1482
1483 routed if not NULL, set TRUE if routing succeeded, so we can
1484 distinguish between routing failed and callout failed
1485
1486 Returns: OK address verified
1487 FAIL address failed to verify
1488 DEFER can't tell at present
1489 */
1490
1491 int
1492 verify_address(address_item *vaddr, FILE *f, int options, int callout,
1493 int callout_overall, int callout_connect, uschar *se_mailfrom,
1494 uschar *pm_mailfrom, BOOL *routed)
1495 {
1496 BOOL allok = TRUE;
1497 BOOL full_info = (f == NULL)? FALSE : (debug_selector != 0);
1498 BOOL is_recipient = (options & vopt_is_recipient) != 0;
1499 BOOL expn = (options & vopt_expn) != 0;
1500 BOOL success_on_redirect = (options & vopt_success_on_redirect) != 0;
1501 int i;
1502 int yield = OK;
1503 int verify_type = expn? v_expn :
1504 address_test_mode? v_none :
1505 is_recipient? v_recipient : v_sender;
1506 address_item *addr_list;
1507 address_item *addr_new = NULL;
1508 address_item *addr_remote = NULL;
1509 address_item *addr_local = NULL;
1510 address_item *addr_succeed = NULL;
1511 uschar **failure_ptr = is_recipient?
1512 &recipient_verify_failure : &sender_verify_failure;
1513 uschar *ko_prefix, *cr;
1514 uschar *address = vaddr->address;
1515 uschar *save_sender;
1516 uschar null_sender[] = { 0 }; /* Ensure writeable memory */
1517
1518 /* Clear, just in case */
1519
1520 *failure_ptr = NULL;
1521
1522 /* Set up a prefix and suffix for error message which allow us to use the same
1523 output statements both in EXPN mode (where an SMTP response is needed) and when
1524 debugging with an output file. */
1525
1526 if (expn)
1527 {
1528 ko_prefix = US"553 ";
1529 cr = US"\r";
1530 }
1531 else ko_prefix = cr = US"";
1532
1533 /* Add qualify domain if permitted; otherwise an unqualified address fails. */
1534
1535 if (parse_find_at(address) == NULL)
1536 {
1537 if ((options & vopt_qualify) == 0)
1538 {
1539 if (f != NULL)
1540 respond_printf(f, "%sA domain is required for \"%s\"%s\n",
1541 ko_prefix, address, cr);
1542 *failure_ptr = US"qualify";
1543 return FAIL;
1544 }
1545 address = rewrite_address_qualify(address, is_recipient);
1546 }
1547
1548 DEBUG(D_verify)
1549 {
1550 debug_printf(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n");
1551 debug_printf("%s %s\n", address_test_mode? "Testing" : "Verifying", address);
1552 }
1553
1554 /* Rewrite and report on it. Clear the domain and local part caches - these
1555 may have been set by domains and local part tests during an ACL. */
1556
1557 if (global_rewrite_rules != NULL)
1558 {
1559 uschar *old = address;
1560 address = rewrite_address(address, is_recipient, FALSE,
1561 global_rewrite_rules, rewrite_existflags);
1562 if (address != old)
1563 {
1564 for (i = 0; i < (MAX_NAMED_LIST * 2)/32; i++) vaddr->localpart_cache[i] = 0;
1565 for (i = 0; i < (MAX_NAMED_LIST * 2)/32; i++) vaddr->domain_cache[i] = 0;
1566 if (f != NULL && !expn) fprintf(f, "Address rewritten as: %s\n", address);
1567 }
1568 }
1569
1570 /* If this is the real sender address, we must update sender_address at
1571 this point, because it may be referred to in the routers. */
1572
1573 if ((options & (vopt_fake_sender|vopt_is_recipient)) == 0)
1574 sender_address = address;
1575
1576 /* If the address was rewritten to <> no verification can be done, and we have
1577 to return OK. This rewriting is permitted only for sender addresses; for other
1578 addresses, such rewriting fails. */
1579
1580 if (address[0] == 0) return OK;
1581
1582 /* Flip the legacy TLS-related variables over to the outbound set in case
1583 they're used in the context of a transport used by verification. Reset them
1584 at exit from this routine. */
1585
1586 tls_modify_variables(&tls_out);
1587
1588 /* Save a copy of the sender address for re-instating if we change it to <>
1589 while verifying a sender address (a nice bit of self-reference there). */
1590
1591 save_sender = sender_address;
1592
1593 /* Update the address structure with the possibly qualified and rewritten
1594 address. Set it up as the starting address on the chain of new addresses. */
1595
1596 vaddr->address = address;
1597 addr_new = vaddr;
1598
1599 /* We need a loop, because an address can generate new addresses. We must also
1600 cope with generated pipes and files at the top level. (See also the code and
1601 comment in deliver.c.) However, it is usually the case that the router for
1602 user's .forward files has its verify flag turned off.
1603
1604 If an address generates more than one child, the loop is used only when
1605 full_info is set, and this can only be set locally. Remote enquiries just get
1606 information about the top level address, not anything that it generated. */
1607
1608 while (addr_new != NULL)
1609 {
1610 int rc;
1611 address_item *addr = addr_new;
1612
1613 addr_new = addr->next;
1614 addr->next = NULL;
1615
1616 DEBUG(D_verify)
1617 {
1618 debug_printf(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n");
1619 debug_printf("Considering %s\n", addr->address);
1620 }
1621
1622 /* Handle generated pipe, file or reply addresses. We don't get these
1623 when handling EXPN, as it does only one level of expansion. */
1624
1625 if (testflag(addr, af_pfr))
1626 {
1627 allok = FALSE;
1628 if (f != NULL)
1629 {
1630 BOOL allow;
1631
1632 if (addr->address[0] == '>')
1633 {
1634 allow = testflag(addr, af_allow_reply);
1635 fprintf(f, "%s -> mail %s", addr->parent->address, addr->address + 1);
1636 }
1637 else
1638 {
1639 allow = (addr->address[0] == '|')?
1640 testflag(addr, af_allow_pipe) : testflag(addr, af_allow_file);
1641 fprintf(f, "%s -> %s", addr->parent->address, addr->address);
1642 }
1643
1644 if (addr->basic_errno == ERRNO_BADTRANSPORT)
1645 fprintf(f, "\n*** Error in setting up pipe, file, or autoreply:\n"
1646 "%s\n", addr->message);
1647 else if (allow)
1648 fprintf(f, "\n transport = %s\n", addr->transport->name);
1649 else
1650 fprintf(f, " *** forbidden ***\n");
1651 }
1652 continue;
1653 }
1654
1655 /* Just in case some router parameter refers to it. */
1656
1657 return_path = (addr->p.errors_address != NULL)?
1658 addr->p.errors_address : sender_address;
1659
1660 /* Split the address into domain and local part, handling the %-hack if
1661 necessary, and then route it. While routing a sender address, set
1662 $sender_address to <> because that is what it will be if we were trying to
1663 send a bounce to the sender. */
1664
1665 if (routed != NULL) *routed = FALSE;
1666 if ((rc = deliver_split_address(addr)) == OK)
1667 {
1668 if (!is_recipient) sender_address = null_sender;
1669 rc = route_address(addr, &addr_local, &addr_remote, &addr_new,
1670 &addr_succeed, verify_type);
1671 sender_address = save_sender; /* Put back the real sender */
1672 }
1673
1674 /* If routing an address succeeded, set the flag that remembers, for use when
1675 an ACL cached a sender verify (in case a callout fails). Then if routing set
1676 up a list of hosts or the transport has a host list, and the callout option
1677 is set, and we aren't in a host checking run, do the callout verification,
1678 and set another flag that notes that a callout happened. */
1679
1680 if (rc == OK)
1681 {
1682 if (routed != NULL) *routed = TRUE;
1683 if (callout > 0)
1684 {
1685 host_item *host_list = addr->host_list;
1686
1687 /* Make up some data for use in the case where there is no remote
1688 transport. */
1689
1690 transport_feedback tf = {
1691 NULL, /* interface (=> any) */
1692 US"smtp", /* port */
1693 US"smtp", /* protocol */
1694 NULL, /* hosts */
1695 US"$smtp_active_hostname", /* helo_data */
1696 FALSE, /* hosts_override */
1697 FALSE, /* hosts_randomize */
1698 FALSE, /* gethostbyname */
1699 TRUE, /* qualify_single */
1700 FALSE /* search_parents */
1701 };
1702
1703 /* If verification yielded a remote transport, we want to use that
1704 transport's options, so as to mimic what would happen if we were really
1705 sending a message to this address. */
1706
1707 if (addr->transport != NULL && !addr->transport->info->local)
1708 {
1709 (void)(addr->transport->setup)(addr->transport, addr, &tf, 0, 0, NULL);
1710
1711 /* If the transport has hosts and the router does not, or if the
1712 transport is configured to override the router's hosts, we must build a
1713 host list of the transport's hosts, and find the IP addresses */
1714
1715 if (tf.hosts != NULL && (host_list == NULL || tf.hosts_override))
1716 {
1717 uschar *s;
1718 uschar *save_deliver_domain = deliver_domain;
1719 uschar *save_deliver_localpart = deliver_localpart;
1720
1721 host_list = NULL; /* Ignore the router's hosts */
1722
1723 deliver_domain = addr->domain;
1724 deliver_localpart = addr->local_part;
1725 s = expand_string(tf.hosts);
1726 deliver_domain = save_deliver_domain;
1727 deliver_localpart = save_deliver_localpart;
1728
1729 if (s == NULL)
1730 {
1731 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand list of hosts "
1732 "\"%s\" in %s transport for callout: %s", tf.hosts,
1733 addr->transport->name, expand_string_message);
1734 }
1735 else
1736 {
1737 int flags;
1738 uschar *canonical_name;
1739 host_item *host, *nexthost;
1740 host_build_hostlist(&host_list, s, tf.hosts_randomize);
1741
1742 /* Just ignore failures to find a host address. If we don't manage
1743 to find any addresses, the callout will defer. Note that more than
1744 one address may be found for a single host, which will result in
1745 additional host items being inserted into the chain. Hence we must
1746 save the next host first. */
1747
1748 flags = HOST_FIND_BY_A;
1749 if (tf.qualify_single) flags |= HOST_FIND_QUALIFY_SINGLE;
1750 if (tf.search_parents) flags |= HOST_FIND_SEARCH_PARENTS;
1751
1752 for (host = host_list; host != NULL; host = nexthost)
1753 {
1754 nexthost = host->next;
1755 if (tf.gethostbyname ||
1756 string_is_ip_address(host->name, NULL) != 0)
1757 (void)host_find_byname(host, NULL, flags, &canonical_name, TRUE);
1758 else
1759 {
1760 uschar * d_request = NULL, * d_require = NULL;
1761 if (Ustrcmp(addr->transport->driver_name, "smtp") == 0)
1762 {
1763 smtp_transport_options_block * ob =
1764 (smtp_transport_options_block *)
1765 addr->transport->options_block;
1766 d_request = ob->dnssec_request_domains;
1767 d_require = ob->dnssec_require_domains;
1768 }
1769
1770 (void)host_find_bydns(host, NULL, flags, NULL, NULL, NULL,
1771 d_request, d_require, &canonical_name, NULL);
1772 }
1773 }
1774 }
1775 }
1776 }
1777
1778 /* Can only do a callout if we have at least one host! If the callout
1779 fails, it will have set ${sender,recipient}_verify_failure. */
1780
1781 if (host_list != NULL)
1782 {
1783 HDEBUG(D_verify) debug_printf("Attempting full verification using callout\n");
1784 if (host_checking && !host_checking_callout)
1785 {
1786 HDEBUG(D_verify)
1787 debug_printf("... callout omitted by default when host testing\n"
1788 "(Use -bhc if you want the callouts to happen.)\n");
1789 }
1790 else
1791 {
1792 #ifdef SUPPORT_TLS
1793 deliver_set_expansions(addr);
1794 #endif
1795 rc = do_callout(addr, host_list, &tf, callout, callout_overall,
1796 callout_connect, options, se_mailfrom, pm_mailfrom);
1797 }
1798 }
1799 else
1800 {
1801 HDEBUG(D_verify) debug_printf("Cannot do callout: neither router nor "
1802 "transport provided a host list\n");
1803 }
1804 }
1805 }
1806
1807 /* Otherwise, any failure is a routing failure */
1808
1809 else *failure_ptr = US"route";
1810
1811 /* A router may return REROUTED if it has set up a child address as a result
1812 of a change of domain name (typically from widening). In this case we always
1813 want to continue to verify the new child. */
1814
1815 if (rc == REROUTED) continue;
1816
1817 /* Handle hard failures */
1818
1819 if (rc == FAIL)
1820 {
1821 allok = FALSE;
1822 if (f != NULL)
1823 {
1824 address_item *p = addr->parent;
1825
1826 respond_printf(f, "%s%s %s", ko_prefix,
1827 full_info? addr->address : address,
1828 address_test_mode? "is undeliverable" : "failed to verify");
1829 if (!expn && admin_user)
1830 {
1831 if (addr->basic_errno > 0)
1832 respond_printf(f, ": %s", strerror(addr->basic_errno));
1833 if (addr->message != NULL)
1834 respond_printf(f, ": %s", addr->message);
1835 }
1836
1837 /* Show parents iff doing full info */
1838
1839 if (full_info) while (p != NULL)
1840 {
1841 respond_printf(f, "%s\n <-- %s", cr, p->address);
1842 p = p->parent;
1843 }
1844 respond_printf(f, "%s\n", cr);
1845 }
1846 cancel_cutthrough_connection("routing hard fail");
1847
1848 if (!full_info)
1849 {
1850 yield = copy_error(vaddr, addr, FAIL);
1851 goto out;
1852 }
1853 else yield = FAIL;
1854 }
1855
1856 /* Soft failure */
1857
1858 else if (rc == DEFER)
1859 {
1860 allok = FALSE;
1861 if (f != NULL)
1862 {
1863 address_item *p = addr->parent;
1864 respond_printf(f, "%s%s cannot be resolved at this time", ko_prefix,
1865 full_info? addr->address : address);
1866 if (!expn && admin_user)
1867 {
1868 if (addr->basic_errno > 0)
1869 respond_printf(f, ": %s", strerror(addr->basic_errno));
1870 if (addr->message != NULL)
1871 respond_printf(f, ": %s", addr->message);
1872 else if (addr->basic_errno <= 0)
1873 respond_printf(f, ": unknown error");
1874 }
1875
1876 /* Show parents iff doing full info */
1877
1878 if (full_info) while (p != NULL)
1879 {
1880 respond_printf(f, "%s\n <-- %s", cr, p->address);
1881 p = p->parent;
1882 }
1883 respond_printf(f, "%s\n", cr);
1884 }
1885 cancel_cutthrough_connection("routing soft fail");
1886
1887 if (!full_info)
1888 {
1889 yield = copy_error(vaddr, addr, DEFER);
1890 goto out;
1891 }
1892 else if (yield == OK) yield = DEFER;
1893 }
1894
1895 /* If we are handling EXPN, we do not want to continue to route beyond
1896 the top level (whose address is in "address"). */
1897
1898 else if (expn)
1899 {
1900 uschar *ok_prefix = US"250-";
1901 if (addr_new == NULL)
1902 {
1903 if (addr_local == NULL && addr_remote == NULL)
1904 respond_printf(f, "250 mail to <%s> is discarded\r\n", address);
1905 else
1906 respond_printf(f, "250 <%s>\r\n", address);
1907 }
1908 else while (addr_new != NULL)
1909 {
1910 address_item *addr2 = addr_new;
1911 addr_new = addr2->next;
1912 if (addr_new == NULL) ok_prefix = US"250 ";
1913 respond_printf(f, "%s<%s>\r\n", ok_prefix, addr2->address);
1914 }
1915 yield = OK;
1916 goto out;
1917 }
1918
1919 /* Successful routing other than EXPN. */
1920
1921 else
1922 {
1923 /* Handle successful routing when short info wanted. Otherwise continue for
1924 other (generated) addresses. Short info is the operational case. Full info
1925 can be requested only when debug_selector != 0 and a file is supplied.
1926
1927 There is a conflict between the use of aliasing as an alternate email
1928 address, and as a sort of mailing list. If an alias turns the incoming
1929 address into just one address (e.g. J.Caesar->jc44) you may well want to
1930 carry on verifying the generated address to ensure it is valid when
1931 checking incoming mail. If aliasing generates multiple addresses, you
1932 probably don't want to do this. Exim therefore treats the generation of
1933 just a single new address as a special case, and continues on to verify the
1934 generated address. */
1935
1936 if (!full_info && /* Stop if short info wanted AND */
1937 (((addr_new == NULL || /* No new address OR */
1938 addr_new->next != NULL || /* More than one new address OR */
1939 testflag(addr_new, af_pfr))) /* New address is pfr */
1940 || /* OR */
1941 (addr_new != NULL && /* At least one new address AND */
1942 success_on_redirect))) /* success_on_redirect is set */
1943 {
1944 if (f != NULL) fprintf(f, "%s %s\n", address,
1945 address_test_mode? "is deliverable" : "verified");
1946
1947 /* If we have carried on to verify a child address, we want the value
1948 of $address_data to be that of the child */
1949
1950 vaddr->p.address_data = addr->p.address_data;
1951 yield = OK;
1952 goto out;
1953 }
1954 }
1955 } /* Loop for generated addresses */
1956
1957 /* Display the full results of the successful routing, including any generated
1958 addresses. Control gets here only when full_info is set, which requires f not
1959 to be NULL, and this occurs only when a top-level verify is called with the
1960 debugging switch on.
1961
1962 If there are no local and no remote addresses, and there were no pipes, files,
1963 or autoreplies, and there were no errors or deferments, the message is to be
1964 discarded, usually because of the use of :blackhole: in an alias file. */
1965
1966 if (allok && addr_local == NULL && addr_remote == NULL)
1967 {
1968 fprintf(f, "mail to %s is discarded\n", address);
1969 goto out;
1970 }
1971
1972 for (addr_list = addr_local, i = 0; i < 2; addr_list = addr_remote, i++)
1973 {
1974 while (addr_list != NULL)
1975 {
1976 address_item *addr = addr_list;
1977 address_item *p = addr->parent;
1978 addr_list = addr->next;
1979
1980 fprintf(f, "%s", CS addr->address);
1981 #ifdef EXPERIMENTAL_SRS
1982 if(addr->p.srs_sender)
1983 fprintf(f, " [srs = %s]", addr->p.srs_sender);
1984 #endif
1985
1986 /* If the address is a duplicate, show something about it. */
1987
1988 if (!testflag(addr, af_pfr))
1989 {
1990 tree_node *tnode;
1991 if ((tnode = tree_search(tree_duplicates, addr->unique)) != NULL)
1992 fprintf(f, " [duplicate, would not be delivered]");
1993 else tree_add_duplicate(addr->unique, addr);
1994 }
1995
1996 /* Now show its parents */
1997
1998 while (p != NULL)
1999 {
2000 fprintf(f, "\n <-- %s", p->address);
2001 p = p->parent;
2002 }
2003 fprintf(f, "\n ");
2004
2005 /* Show router, and transport */
2006
2007 fprintf(f, "router = %s, ", addr->router->name);
2008 fprintf(f, "transport = %s\n", (addr->transport == NULL)? US"unset" :
2009 addr->transport->name);
2010
2011 /* Show any hosts that are set up by a router unless the transport
2012 is going to override them; fiddle a bit to get a nice format. */
2013
2014 if (addr->host_list != NULL && addr->transport != NULL &&
2015 !addr->transport->overrides_hosts)
2016 {
2017 host_item *h;
2018 int maxlen = 0;
2019 int maxaddlen = 0;
2020 for (h = addr->host_list; h != NULL; h = h->next)
2021 {
2022 int len = Ustrlen(h->name);
2023 if (len > maxlen) maxlen = len;
2024 len = (h->address != NULL)? Ustrlen(h->address) : 7;
2025 if (len > maxaddlen) maxaddlen = len;
2026 }
2027 for (h = addr->host_list; h != NULL; h = h->next)
2028 {
2029 int len = Ustrlen(h->name);
2030 fprintf(f, " host %s ", h->name);
2031 while (len++ < maxlen) fprintf(f, " ");
2032 if (h->address != NULL)
2033 {
2034 fprintf(f, "[%s] ", h->address);
2035 len = Ustrlen(h->address);
2036 }
2037 else if (!addr->transport->info->local) /* Omit [unknown] for local */
2038 {
2039 fprintf(f, "[unknown] ");
2040 len = 7;
2041 }
2042 else len = -3;
2043 while (len++ < maxaddlen) fprintf(f," ");
2044 if (h->mx >= 0) fprintf(f, "MX=%d", h->mx);
2045 if (h->port != PORT_NONE) fprintf(f, " port=%d", h->port);
2046 if (h->status == hstatus_unusable) fprintf(f, " ** unusable **");
2047 fprintf(f, "\n");
2048 }
2049 }
2050 }
2051 }
2052
2053 /* Yield will be DEFER or FAIL if any one address has, only for full_info (which is
2054 the -bv or -bt case). */
2055
2056 out:
2057 tls_modify_variables(&tls_in);
2058
2059 return yield;
2060 }
2061
2062
2063
2064
2065 /*************************************************
2066 * Check headers for syntax errors *
2067 *************************************************/
2068
2069 /* This function checks those header lines that contain addresses, and verifies
2070 that all the addresses therein are syntactially correct.
2071
2072 Arguments:
2073 msgptr where to put an error message
2074
2075 Returns: OK
2076 FAIL
2077 */
2078
2079 int
2080 verify_check_headers(uschar **msgptr)
2081 {
2082 header_line *h;
2083 uschar *colon, *s;
2084 int yield = OK;
2085
2086 for (h = header_list; h != NULL && yield == OK; h = h->next)
2087 {
2088 if (h->type != htype_from &&
2089 h->type != htype_reply_to &&
2090 h->type != htype_sender &&
2091 h->type != htype_to &&
2092 h->type != htype_cc &&
2093 h->type != htype_bcc)
2094 continue;
2095
2096 colon = Ustrchr(h->text, ':');
2097 s = colon + 1;
2098 while (isspace(*s)) s++;
2099
2100 /* Loop for multiple addresses in the header, enabling group syntax. Note
2101 that we have to reset this after the header has been scanned. */
2102
2103 parse_allow_group = TRUE;
2104
2105 while (*s != 0)
2106 {
2107 uschar *ss = parse_find_address_end(s, FALSE);
2108 uschar *recipient, *errmess;
2109 int terminator = *ss;
2110 int start, end, domain;
2111
2112 /* Temporarily terminate the string at this point, and extract the
2113 operative address within, allowing group syntax. */
2114
2115 *ss = 0;
2116 recipient = parse_extract_address(s,&errmess,&start,&end,&domain,FALSE);
2117 *ss = terminator;
2118
2119 /* Permit an unqualified address only if the message is local, or if the
2120 sending host is configured to be permitted to send them. */
2121
2122 if (recipient != NULL && domain == 0)
2123 {
2124 if (h->type == htype_from || h->type == htype_sender)
2125 {
2126 if (!allow_unqualified_sender) recipient = NULL;
2127 }
2128 else
2129 {
2130 if (!allow_unqualified_recipient) recipient = NULL;
2131 }
2132 if (recipient == NULL) errmess = US"unqualified address not permitted";
2133 }
2134
2135 /* It's an error if no address could be extracted, except for the special
2136 case of an empty address. */
2137
2138 if (recipient == NULL && Ustrcmp(errmess, "empty address") != 0)
2139 {
2140 uschar *verb = US"is";
2141 uschar *t = ss;
2142 uschar *tt = colon;
2143 int len;
2144
2145 /* Arrange not to include any white space at the end in the
2146 error message or the header name. */
2147
2148 while (t > s && isspace(t[-1])) t--;
2149 while (tt > h->text && isspace(tt[-1])) tt--;
2150
2151 /* Add the address that failed to the error message, since in a
2152 header with very many addresses it is sometimes hard to spot
2153 which one is at fault. However, limit the amount of address to
2154 quote - cases have been seen where, for example, a missing double
2155 quote in a humungous To: header creates an "address" that is longer
2156 than string_sprintf can handle. */
2157
2158 len = t - s;
2159 if (len > 1024)
2160 {
2161 len = 1024;
2162 verb = US"begins";
2163 }
2164
2165 *msgptr = string_printing(
2166 string_sprintf("%s: failing address in \"%.*s:\" header %s: %.*s",
2167 errmess, tt - h->text, h->text, verb, len, s));
2168
2169 yield = FAIL;
2170 break; /* Out of address loop */
2171 }
2172
2173 /* Advance to the next address */
2174
2175 s = ss + (terminator? 1:0);
2176 while (isspace(*s)) s++;
2177 } /* Next address */
2178
2179 parse_allow_group = FALSE;
2180 parse_found_group = FALSE;
2181 } /* Next header unless yield has been set FALSE */
2182
2183 return yield;
2184 }
2185
2186
2187 /*************************************************
2188 * Check header names for 8-bit characters *
2189 *************************************************/
2190
2191 /* This function checks for invalid charcters in header names. See
2192 RFC 5322, 2.2. and RFC 6532, 3.
2193
2194 Arguments:
2195 msgptr where to put an error message
2196
2197 Returns: OK
2198 FAIL
2199 */
2200
2201 int
2202 verify_check_header_names_ascii(uschar **msgptr)
2203 {
2204 header_line *h;
2205 uschar *colon, *s;
2206
2207 for (h = header_list; h != NULL; h = h->next)
2208 {
2209 colon = Ustrchr(h->text, ':');
2210 for(s = h->text; s < colon; s++)
2211 {
2212 if ((*s < 33) || (*s > 126))
2213 {
2214 *msgptr = string_sprintf("Invalid character in header \"%.*s\" found",
2215 colon - h->text, h->text);
2216 return FAIL;
2217 }
2218 }
2219 }
2220 return OK;
2221 }
2222
2223 /*************************************************
2224 * Check for blind recipients *
2225 *************************************************/
2226
2227 /* This function checks that every (envelope) recipient is mentioned in either
2228 the To: or Cc: header lines, thus detecting blind carbon copies.
2229
2230 There are two ways of scanning that could be used: either scan the header lines
2231 and tick off the recipients, or scan the recipients and check the header lines.
2232 The original proposed patch did the former, but I have chosen to do the latter,
2233 because (a) it requires no memory and (b) will use fewer resources when there
2234 are many addresses in To: and/or Cc: and only one or two envelope recipients.
2235
2236 Arguments: none
2237 Returns: OK if there are no blind recipients
2238 FAIL if there is at least one blind recipient
2239 */
2240
2241 int
2242 verify_check_notblind(void)
2243 {
2244 int i;
2245 for (i = 0; i < recipients_count; i++)
2246 {
2247 header_line *h;
2248 BOOL found = FALSE;
2249 uschar *address = recipients_list[i].address;
2250
2251 for (h = header_list; !found && h != NULL; h = h->next)
2252 {
2253 uschar *colon, *s;
2254
2255 if (h->type != htype_to && h->type != htype_cc) continue;
2256
2257 colon = Ustrchr(h->text, ':');
2258 s = colon + 1;
2259 while (isspace(*s)) s++;
2260
2261 /* Loop for multiple addresses in the header, enabling group syntax. Note
2262 that we have to reset this after the header has been scanned. */
2263
2264 parse_allow_group = TRUE;
2265
2266 while (*s != 0)
2267 {
2268 uschar *ss = parse_find_address_end(s, FALSE);
2269 uschar *recipient,*errmess;
2270 int terminator = *ss;
2271 int start, end, domain;
2272
2273 /* Temporarily terminate the string at this point, and extract the
2274 operative address within, allowing group syntax. */
2275
2276 *ss = 0;
2277 recipient = parse_extract_address(s,&errmess,&start,&end,&domain,FALSE);
2278 *ss = terminator;
2279
2280 /* If we found a valid recipient that has a domain, compare it with the
2281 envelope recipient. Local parts are compared case-sensitively, domains
2282 case-insensitively. By comparing from the start with length "domain", we
2283 include the "@" at the end, which ensures that we are comparing the whole
2284 local part of each address. */
2285
2286 if (recipient != NULL && domain != 0)
2287 {
2288 found = Ustrncmp(recipient, address, domain) == 0 &&
2289 strcmpic(recipient + domain, address + domain) == 0;
2290 if (found) break;
2291 }
2292
2293 /* Advance to the next address */
2294
2295 s = ss + (terminator? 1:0);
2296 while (isspace(*s)) s++;
2297 } /* Next address */
2298
2299 parse_allow_group = FALSE;
2300 parse_found_group = FALSE;
2301 } /* Next header (if found is false) */
2302
2303 if (!found) return FAIL;
2304 } /* Next recipient */
2305
2306 return OK;
2307 }
2308
2309
2310
2311 /*************************************************
2312 * Find if verified sender *
2313 *************************************************/
2314
2315 /* Usually, just a single address is verified as the sender of the message.
2316 However, Exim can be made to verify other addresses as well (often related in
2317 some way), and this is useful in some environments. There may therefore be a
2318 chain of such addresses that have previously been tested. This function finds
2319 whether a given address is on the chain.
2320
2321 Arguments: the address to be verified
2322 Returns: pointer to an address item, or NULL
2323 */
2324
2325 address_item *
2326 verify_checked_sender(uschar *sender)
2327 {
2328 address_item *addr;
2329 for (addr = sender_verified_list; addr != NULL; addr = addr->next)
2330 if (Ustrcmp(sender, addr->address) == 0) break;
2331 return addr;
2332 }
2333
2334
2335
2336
2337
2338 /*************************************************
2339 * Get valid header address *
2340 *************************************************/
2341
2342 /* Scan the originator headers of the message, looking for an address that
2343 verifies successfully. RFC 822 says:
2344
2345 o The "Sender" field mailbox should be sent notices of
2346 any problems in transport or delivery of the original
2347 messages. If there is no "Sender" field, then the
2348 "From" field mailbox should be used.
2349
2350 o If the "Reply-To" field exists, then the reply should
2351 go to the addresses indicated in that field and not to
2352 the address(es) indicated in the "From" field.
2353
2354 So we check a Sender field if there is one, else a Reply_to field, else a From
2355 field. As some strange messages may have more than one of these fields,
2356 especially if they are resent- fields, check all of them if there is more than
2357 one.
2358
2359 Arguments:
2360 user_msgptr points to where to put a user error message
2361 log_msgptr points to where to put a log error message
2362 callout timeout for callout check (passed to verify_address())
2363 callout_overall overall callout timeout (ditto)
2364 callout_connect connect callout timeout (ditto)
2365 se_mailfrom mailfrom for verify; NULL => ""
2366 pm_mailfrom sender for pm callout check (passed to verify_address())
2367 options callout options (passed to verify_address())
2368 verrno where to put the address basic_errno
2369
2370 If log_msgptr is set to something without setting user_msgptr, the caller
2371 normally uses log_msgptr for both things.
2372
2373 Returns: result of the verification attempt: OK, FAIL, or DEFER;
2374 FAIL is given if no appropriate headers are found
2375 */
2376
2377 int
2378 verify_check_header_address(uschar **user_msgptr, uschar **log_msgptr,
2379 int callout, int callout_overall, int callout_connect, uschar *se_mailfrom,
2380 uschar *pm_mailfrom, int options, int *verrno)
2381 {
2382 static int header_types[] = { htype_sender, htype_reply_to, htype_from };
2383 BOOL done = FALSE;
2384 int yield = FAIL;
2385 int i;
2386
2387 for (i = 0; i < 3 && !done; i++)
2388 {
2389 header_line *h;
2390 for (h = header_list; h != NULL && !done; h = h->next)
2391 {
2392 int terminator, new_ok;
2393 uschar *s, *ss, *endname;
2394
2395 if (h->type != header_types[i]) continue;
2396 s = endname = Ustrchr(h->text, ':') + 1;
2397
2398 /* Scan the addresses in the header, enabling group syntax. Note that we
2399 have to reset this after the header has been scanned. */
2400
2401 parse_allow_group = TRUE;
2402
2403 while (*s != 0)
2404 {
2405 address_item *vaddr;
2406
2407 while (isspace(*s) || *s == ',') s++;
2408 if (*s == 0) break; /* End of header */
2409
2410 ss = parse_find_address_end(s, FALSE);
2411
2412 /* The terminator is a comma or end of header, but there may be white
2413 space preceding it (including newline for the last address). Move back
2414 past any white space so we can check against any cached envelope sender
2415 address verifications. */
2416
2417 while (isspace(ss[-1])) ss--;
2418 terminator = *ss;
2419 *ss = 0;
2420
2421 HDEBUG(D_verify) debug_printf("verifying %.*s header address %s\n",
2422 (int)(endname - h->text), h->text, s);
2423
2424 /* See if we have already verified this address as an envelope sender,
2425 and if so, use the previous answer. */
2426
2427 vaddr = verify_checked_sender(s);
2428
2429 if (vaddr != NULL && /* Previously checked */
2430 (callout <= 0 || /* No callout needed; OR */
2431 vaddr->special_action > 256)) /* Callout was done */
2432 {
2433 new_ok = vaddr->special_action & 255;
2434 HDEBUG(D_verify) debug_printf("previously checked as envelope sender\n");
2435 *ss = terminator; /* Restore shortened string */
2436 }
2437
2438 /* Otherwise we run the verification now. We must restore the shortened
2439 string before running the verification, so the headers are correct, in
2440 case there is any rewriting. */
2441
2442 else
2443 {
2444 int start, end, domain;
2445 uschar *address = parse_extract_address(s, log_msgptr, &start, &end,
2446 &domain, FALSE);
2447
2448 *ss = terminator;
2449
2450 /* If we found an empty address, just carry on with the next one, but
2451 kill the message. */
2452
2453 if (address == NULL && Ustrcmp(*log_msgptr, "empty address") == 0)
2454 {
2455 *log_msgptr = NULL;
2456 s = ss;
2457 continue;
2458 }
2459
2460 /* If verification failed because of a syntax error, fail this
2461 function, and ensure that the failing address gets added to the error
2462 message. */
2463
2464 if (address == NULL)
2465 {
2466 new_ok = FAIL;
2467 while (ss > s && isspace(ss[-1])) ss--;
2468 *log_msgptr = string_sprintf("syntax error in '%.*s' header when "
2469 "scanning for sender: %s in \"%.*s\"",
2470 endname - h->text, h->text, *log_msgptr, ss - s, s);
2471 yield = FAIL;
2472 done = TRUE;
2473 break;
2474 }
2475
2476 /* Else go ahead with the sender verification. But it isn't *the*
2477 sender of the message, so set vopt_fake_sender to stop sender_address
2478 being replaced after rewriting or qualification. */
2479
2480 else
2481 {
2482 vaddr = deliver_make_addr(address, FALSE);
2483 new_ok = verify_address(vaddr, NULL, options | vopt_fake_sender,
2484 callout, callout_overall, callout_connect, se_mailfrom,
2485 pm_mailfrom, NULL);
2486 }
2487 }
2488
2489 /* We now have the result, either newly found, or cached. If we are
2490 giving out error details, set a specific user error. This means that the
2491 last of these will be returned to the user if all three fail. We do not
2492 set a log message - the generic one below will be used. */
2493
2494 if (new_ok != OK)
2495 {
2496 *verrno = vaddr->basic_errno;
2497 if (smtp_return_error_details)
2498 {
2499 *user_msgptr = string_sprintf("Rejected after DATA: "
2500 "could not verify \"%.*s\" header address\n%s: %s",
2501 endname - h->text, h->text, vaddr->address, vaddr->message);
2502 }
2503 }
2504
2505 /* Success or defer */
2506
2507 if (new_ok == OK)
2508 {
2509 yield = OK;
2510 done = TRUE;
2511 break;
2512 }
2513
2514 if (new_ok == DEFER) yield = DEFER;
2515
2516 /* Move on to any more addresses in the header */
2517
2518 s = ss;
2519 } /* Next address */
2520
2521 parse_allow_group = FALSE;
2522 parse_found_group = FALSE;
2523 } /* Next header, unless done */
2524 } /* Next header type unless done */
2525
2526 if (yield == FAIL && *log_msgptr == NULL)
2527 *log_msgptr = US"there is no valid sender in any header line";
2528
2529 if (yield == DEFER && *log_msgptr == NULL)
2530 *log_msgptr = US"all attempts to verify a sender in a header line deferred";
2531
2532 return yield;
2533 }
2534
2535
2536
2537
2538 /*************************************************
2539 * Get RFC 1413 identification *
2540 *************************************************/
2541
2542 /* Attempt to get an id from the sending machine via the RFC 1413 protocol. If
2543 the timeout is set to zero, then the query is not done. There may also be lists
2544 of hosts and nets which are exempt. To guard against malefactors sending
2545 non-printing characters which could, for example, disrupt a message's headers,
2546 make sure the string consists of printing characters only.
2547
2548 Argument:
2549 port the port to connect to; usually this is IDENT_PORT (113), but when
2550 running in the test harness with -bh a different value is used.
2551
2552 Returns: nothing
2553
2554 Side effect: any received ident value is put in sender_ident (NULL otherwise)
2555 */
2556
2557 void
2558 verify_get_ident(int port)
2559 {
2560 int sock, host_af, qlen;
2561 int received_sender_port, received_interface_port, n;
2562 uschar *p;
2563 uschar buffer[2048];
2564
2565 /* Default is no ident. Check whether we want to do an ident check for this
2566 host. */
2567
2568 sender_ident = NULL;
2569 if (rfc1413_query_timeout <= 0 || verify_check_host(&rfc1413_hosts) != OK)
2570 return;
2571
2572 DEBUG(D_ident) debug_printf("doing ident callback\n");
2573
2574 /* Set up a connection to the ident port of the remote host. Bind the local end
2575 to the incoming interface address. If the sender host address is an IPv6
2576 address, the incoming interface address will also be IPv6. */
2577
2578 host_af = (Ustrchr(sender_host_address, ':') == NULL)? AF_INET : AF_INET6;
2579 sock = ip_socket(SOCK_STREAM, host_af);
2580 if (sock < 0) return;
2581
2582 if (ip_bind(sock, host_af, interface_address, 0) < 0)
2583 {
2584 DEBUG(D_ident) debug_printf("bind socket for ident failed: %s\n",
2585 strerror(errno));
2586 goto END_OFF;
2587 }
2588
2589 if (ip_connect(sock, host_af, sender_host_address, port, rfc1413_query_timeout)
2590 < 0)
2591 {
2592 if (errno == ETIMEDOUT && (log_extra_selector & LX_ident_timeout) != 0)
2593 {
2594 log_write(0, LOG_MAIN, "ident connection to %s timed out",
2595 sender_host_address);
2596 }
2597 else
2598 {
2599 DEBUG(D_ident) debug_printf("ident connection to %s failed: %s\n",
2600 sender_host_address, strerror(errno));
2601 }
2602 goto END_OFF;
2603 }
2604
2605 /* Construct and send the query. */
2606
2607 sprintf(CS buffer, "%d , %d\r\n", sender_host_port, interface_port);
2608 qlen = Ustrlen(buffer);
2609 if (send(sock, buffer, qlen, 0) < 0)
2610 {
2611 DEBUG(D_ident) debug_printf("ident send failed: %s\n", strerror(errno));
2612 goto END_OFF;
2613 }
2614
2615 /* Read a response line. We put it into the rest of the buffer, using several
2616 recv() calls if necessary. */
2617
2618 p = buffer + qlen;
2619
2620 for (;;)
2621 {
2622 uschar *pp;
2623 int count;
2624 int size = sizeof(buffer) - (p - buffer);
2625
2626 if (size <= 0) goto END_OFF; /* Buffer filled without seeing \n. */
2627 count = ip_recv(sock, p, size, rfc1413_query_timeout);
2628 if (count <= 0) goto END_OFF; /* Read error or EOF */
2629
2630 /* Scan what we just read, to see if we have reached the terminating \r\n. Be
2631 generous, and accept a plain \n terminator as well. The only illegal
2632 character is 0. */
2633
2634 for (pp = p; pp < p + count; pp++)
2635 {
2636 if (*pp == 0) goto END_OFF; /* Zero octet not allowed */
2637 if (*pp == '\n')
2638 {
2639 if (pp[-1] == '\r') pp--;
2640 *pp = 0;
2641 goto GOT_DATA; /* Break out of both loops */
2642 }
2643 }
2644
2645 /* Reached the end of the data without finding \n. Let the loop continue to
2646 read some more, if there is room. */
2647
2648 p = pp;
2649 }
2650
2651 GOT_DATA:
2652
2653 /* We have received a line of data. Check it carefully. It must start with the
2654 same two port numbers that we sent, followed by data as defined by the RFC. For
2655 example,
2656
2657 12345 , 25 : USERID : UNIX :root
2658
2659 However, the amount of white space may be different to what we sent. In the
2660 "osname" field there may be several sub-fields, comma separated. The data we
2661 actually want to save follows the third colon. Some systems put leading spaces
2662 in it - we discard those. */
2663
2664 if (sscanf(CS buffer + qlen, "%d , %d%n", &received_sender_port,
2665 &received_interface_port, &n) != 2 ||
2666 received_sender_port != sender_host_port ||
2667 received_interface_port != interface_port)
2668 goto END_OFF;
2669
2670 p = buffer + qlen + n;
2671 while(isspace(*p)) p++;
2672 if (*p++ != ':') goto END_OFF;
2673 while(isspace(*p)) p++;
2674 if (Ustrncmp(p, "USERID", 6) != 0) goto END_OFF;
2675 p += 6;
2676 while(isspace(*p)) p++;
2677 if (*p++ != ':') goto END_OFF;
2678 while (*p != 0 && *p != ':') p++;
2679 if (*p++ == 0) goto END_OFF;
2680 while(isspace(*p)) p++;
2681 if (*p == 0) goto END_OFF;
2682
2683 /* The rest of the line is the data we want. We turn it into printing
2684 characters when we save it, so that it cannot mess up the format of any logging
2685 or Received: lines into which it gets inserted. We keep a maximum of 127
2686 characters. */
2687
2688 sender_ident = string_printing(string_copyn(p, 127));
2689 DEBUG(D_ident) debug_printf("sender_ident = %s\n", sender_ident);
2690
2691 END_OFF:
2692 (void)close(sock);
2693 return;
2694 }
2695
2696
2697
2698
2699 /*************************************************
2700 * Match host to a single host-list item *
2701 *************************************************/
2702
2703 /* This function compares a host (name or address) against a single item
2704 from a host list. The host name gets looked up if it is needed and is not
2705 already known. The function is called from verify_check_this_host() via
2706 match_check_list(), which is why most of its arguments are in a single block.
2707
2708 Arguments:
2709 arg the argument block (see below)
2710 ss the host-list item
2711 valueptr where to pass back looked up data, or NULL
2712 error for error message when returning ERROR
2713
2714 The block contains:
2715 host_name (a) the host name, or
2716 (b) NULL, implying use sender_host_name and
2717 sender_host_aliases, looking them up if required, or
2718 (c) the empty string, meaning that only IP address matches
2719 are permitted
2720 host_address the host address
2721 host_ipv4 the IPv4 address taken from an IPv6 one
2722
2723 Returns: OK matched
2724 FAIL did not match
2725 DEFER lookup deferred
2726 ERROR (a) failed to find the host name or IP address, or
2727 (b) unknown lookup type specified, or
2728 (c) host name encountered when only IP addresses are
2729 being matched
2730 */
2731
2732 int
2733 check_host(void *arg, uschar *ss, uschar **valueptr, uschar **error)
2734 {
2735 check_host_block *cb = (check_host_block *)arg;
2736 int mlen = -1;
2737 int maskoffset;
2738 BOOL iplookup = FALSE;
2739 BOOL isquery = FALSE;
2740 BOOL isiponly = cb->host_name != NULL && cb->host_name[0] == 0;
2741 uschar *t;
2742 uschar *semicolon;
2743 uschar **aliases;
2744
2745 /* Optimize for the special case when the pattern is "*". */
2746
2747 if (*ss == '*' && ss[1] == 0) return OK;
2748
2749 /* If the pattern is empty, it matches only in the case when there is no host -
2750 this can occur in ACL checking for SMTP input using the -bs option. In this
2751 situation, the host address is the empty string. */
2752
2753 if (cb->host_address[0] == 0) return (*ss == 0)? OK : FAIL;
2754 if (*ss == 0) return FAIL;
2755
2756 /* If the pattern is precisely "@" then match against the primary host name,
2757 provided that host name matching is permitted; if it's "@[]" match against the
2758 local host's IP addresses. */
2759
2760 if (*ss == '@')
2761 {
2762 if (ss[1] == 0)
2763 {
2764 if (isiponly) return ERROR;
2765 ss = primary_hostname;
2766 }
2767 else if (Ustrcmp(ss, "@[]") == 0)
2768 {
2769 ip_address_item *ip;
2770 for (ip = host_find_interfaces(); ip != NULL; ip = ip->next)
2771 if (Ustrcmp(ip->address, cb->host_address) == 0) return OK;
2772 return FAIL;
2773 }
2774 }
2775
2776 /* If the pattern is an IP address, optionally followed by a bitmask count, do
2777 a (possibly masked) comparision with the current IP address. */
2778
2779 if (string_is_ip_address(ss, &maskoffset) != 0)
2780 return (host_is_in_net(cb->host_address, ss, maskoffset)? OK : FAIL);
2781
2782 /* The pattern is not an IP address. A common error that people make is to omit
2783 one component of an IPv4 address, either by accident, or believing that, for
2784 example, 1.2.3/24 is the same as 1.2.3.0/24, or 1.2.3 is the same as 1.2.3.0,
2785 which it isn't. (Those applications that do accept 1.2.3 as an IP address
2786 interpret it as 1.2.0.3 because the final component becomes 16-bit - this is an
2787 ancient specification.) To aid in debugging these cases, we give a specific
2788 error if the pattern contains only digits and dots or contains a slash preceded
2789 only by digits and dots (a slash at the start indicates a file name and of
2790 course slashes may be present in lookups, but not preceded only by digits and
2791 dots). */
2792
2793 for (t = ss; isdigit(*t) || *t == '.'; t++);
2794 if (*t == 0 || (*t == '/' && t != ss))
2795 {
2796 *error = US"malformed IPv4 address or address mask";
2797 return ERROR;
2798 }
2799
2800 /* See if there is a semicolon in the pattern */
2801
2802 semicolon = Ustrchr(ss, ';');
2803
2804 /* If we are doing an IP address only match, then all lookups must be IP
2805 address lookups, even if there is no "net-". */
2806
2807 if (isiponly)
2808 {
2809 iplookup = semicolon != NULL;
2810 }
2811
2812 /* Otherwise, if the item is of the form net[n]-lookup;<file|query> then it is
2813 a lookup on a masked IP network, in textual form. We obey this code even if we
2814 have already set iplookup, so as to skip over the "net-" prefix and to set the
2815 mask length. The net- stuff really only applies to single-key lookups where the
2816 key is implicit. For query-style lookups the key is specified in the query.
2817 From release 4.30, the use of net- for query style is no longer needed, but we
2818 retain it for backward compatibility. */
2819
2820 if (Ustrncmp(ss, "net", 3) == 0 && semicolon != NULL)
2821 {
2822 mlen = 0;
2823 for (t = ss + 3; isdigit(*t); t++) mlen = mlen * 10 + *t - '0';
2824 if (mlen == 0 && t == ss+3) mlen = -1; /* No mask supplied */
2825 iplookup = (*t++ == '-');
2826 }
2827 else t = ss;
2828
2829 /* Do the IP address lookup if that is indeed what we have */
2830
2831 if (iplookup)
2832 {
2833 int insize;
2834 int search_type;
2835 int incoming[4];
2836 void *handle;
2837 uschar *filename, *key, *result;
2838 uschar buffer[64];
2839
2840 /* Find the search type */
2841
2842 search_type = search_findtype(t, semicolon - t);
2843
2844 if (search_type < 0) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s",
2845 search_error_message);
2846
2847 /* Adjust parameters for the type of lookup. For a query-style lookup, there
2848 is no file name, and the "key" is just the query. For query-style with a file
2849 name, we have to fish the file off the start of the query. For a single-key
2850 lookup, the key is the current IP address, masked appropriately, and
2851 reconverted to text form, with the mask appended. For IPv6 addresses, specify
2852 dot separators instead of colons, except when the lookup type is "iplsearch".
2853 */
2854
2855 if (mac_islookup(search_type, lookup_absfilequery))
2856 {
2857 filename = semicolon + 1;
2858 key = filename;
2859 while (*key != 0 && !isspace(*key)) key++;
2860 filename = string_copyn(filename, key - filename);
2861 while (isspace(*key)) key++;
2862 }
2863 else if (mac_islookup(search_type, lookup_querystyle))
2864 {
2865 filename = NULL;
2866 key = semicolon + 1;
2867 }
2868 else /* Single-key style */
2869 {
2870 int sep = (Ustrcmp(lookup_list[search_type]->name, "iplsearch") == 0)?
2871 ':' : '.';
2872 insize = host_aton(cb->host_address, incoming);
2873 host_mask(insize, incoming, mlen);
2874 (void)host_nmtoa(insize, incoming, mlen, buffer, sep);
2875 key = buffer;
2876 filename = semicolon + 1;
2877 }
2878
2879 /* Now do the actual lookup; note that there is no search_close() because
2880 of the caching arrangements. */
2881
2882 handle = search_open(filename, search_type, 0, NULL, NULL);
2883 if (handle == NULL) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s",
2884 search_error_message);
2885 result = search_find(handle, filename, key, -1, NULL, 0, 0, NULL);
2886 if (valueptr != NULL) *valueptr = result;
2887 return (result != NULL)? OK : search_find_defer? DEFER: FAIL;
2888 }
2889
2890 /* The pattern is not an IP address or network reference of any kind. That is,
2891 it is a host name pattern. If this is an IP only match, there's an error in the
2892 host list. */
2893
2894 if (isiponly)
2895 {
2896 *error = US"cannot match host name in match_ip list";
2897 return ERROR;
2898 }
2899
2900 /* Check the characters of the pattern to see if they comprise only letters,
2901 digits, full stops, and hyphens (the constituents of domain names). Allow
2902 underscores, as they are all too commonly found. Sigh. Also, if
2903 allow_utf8_domains is set, allow top-bit characters. */
2904
2905 for (t = ss; *t != 0; t++)
2906 if (!isalnum(*t) && *t != '.' && *t != '-' && *t != '_' &&
2907 (!allow_utf8_domains || *t < 128)) break;
2908
2909 /* If the pattern is a complete domain name, with no fancy characters, look up
2910 its IP address and match against that. Note that a multi-homed host will add
2911 items to the chain. */
2912
2913 if (*t == 0)
2914 {
2915 int rc;
2916 host_item h;
2917 h.next = NULL;
2918 h.name = ss;
2919 h.address = NULL;
2920 h.mx = MX_NONE;
2921
2922 rc = host_find_byname(&h, NULL, HOST_FIND_QUALIFY_SINGLE, NULL, FALSE);
2923 if (rc == HOST_FOUND || rc == HOST_FOUND_LOCAL)
2924 {
2925 host_item *hh;
2926 for (hh = &h; hh != NULL; hh = hh->next)
2927 {
2928 if (host_is_in_net(hh->address, cb->host_address, 0)) return OK;
2929 }
2930 return FAIL;
2931 }
2932 if (rc == HOST_FIND_AGAIN) return DEFER;
2933 *error = string_sprintf("failed to find IP address for %s", ss);
2934 return ERROR;
2935 }
2936
2937 /* Almost all subsequent comparisons require the host name, and can be done
2938 using the general string matching function. When this function is called for
2939 outgoing hosts, the name is always given explicitly. If it is NULL, it means we
2940 must use sender_host_name and its aliases, looking them up if necessary. */
2941
2942 if (cb->host_name != NULL) /* Explicit host name given */
2943 return match_check_string(cb->host_name, ss, -1, TRUE, TRUE, TRUE,
2944 valueptr);
2945
2946 /* Host name not given; in principle we need the sender host name and its
2947 aliases. However, for query-style lookups, we do not need the name if the
2948 query does not contain $sender_host_name. From release 4.23, a reference to
2949 $sender_host_name causes it to be looked up, so we don't need to do the lookup
2950 on spec. */
2951
2952 if ((semicolon = Ustrchr(ss, ';')) != NULL)
2953 {
2954 uschar *affix;
2955 int partial, affixlen, starflags, id;
2956
2957 *semicolon = 0;
2958 id = search_findtype_partial(ss, &partial, &affix, &affixlen, &starflags);
2959 *semicolon=';';
2960
2961 if (id < 0) /* Unknown lookup type */
2962 {
2963 log_write(0, LOG_MAIN|LOG_PANIC, "%s in host list item \"%s\"",
2964 search_error_message, ss);
2965 return DEFER;
2966 }
2967 isquery = mac_islookup(id, lookup_querystyle|lookup_absfilequery);
2968 }
2969
2970 if (isquery)
2971 {
2972 switch(match_check_string(US"", ss, -1, TRUE, TRUE, TRUE, valueptr))
2973 {
2974 case OK: return OK;
2975 case DEFER: return DEFER;
2976 default: return FAIL;
2977 }
2978 }
2979
2980 /* Not a query-style lookup; must ensure the host name is present, and then we
2981 do a check on the name and all its aliases. */
2982
2983 if (sender_host_name == NULL)
2984 {
2985 HDEBUG(D_host_lookup)
2986 debug_printf("sender host name required, to match against %s\n", ss);
2987 if (host_lookup_failed || host_name_lookup() != OK)
2988 {
2989 *error = string_sprintf("failed to find host name for %s",
2990 sender_host_address);;
2991 return ERROR;
2992 }
2993 host_build_sender_fullhost();
2994 }
2995
2996 /* Match on the sender host name, using the general matching function */
2997
2998 switch(match_check_string(sender_host_name, ss, -1, TRUE, TRUE, TRUE,
2999 valueptr))
3000 {
3001 case OK: return OK;
3002 case DEFER: return DEFER;
3003 }
3004
3005 /* If there are aliases, try matching on them. */
3006
3007 aliases = sender_host_aliases;
3008 while (*aliases != NULL)
3009 {
3010 switch(match_check_string(*aliases++, ss, -1, TRUE, TRUE, TRUE, valueptr))
3011 {
3012 case OK: return OK;
3013 case DEFER: return DEFER;
3014 }
3015 }
3016 return FAIL;
3017 }
3018
3019
3020
3021
3022 /*************************************************
3023 * Check a specific host matches a host list *
3024 *************************************************/
3025
3026 /* This function is passed a host list containing items in a number of
3027 different formats and the identity of a host. Its job is to determine whether
3028 the given host is in the set of hosts defined by the list. The host name is
3029 passed as a pointer so that it can be looked up if needed and not already
3030 known. This is commonly the case when called from verify_check_host() to check
3031 an incoming connection. When called from elsewhere the host name should usually
3032 be set.
3033
3034 This function is now just a front end to match_check_list(), which runs common
3035 code for scanning a list. We pass it the check_host() function to perform a
3036 single test.
3037
3038 Arguments:
3039 listptr pointer to the host list
3040 cache_bits pointer to cache for named lists, or NULL
3041 host_name the host name or NULL, implying use sender_host_name and
3042 sender_host_aliases, looking them up if required
3043 host_address the IP address
3044 valueptr if not NULL, data from a lookup is passed back here
3045
3046 Returns: OK if the host is in the defined set
3047 FAIL if the host is not in the defined set,
3048 DEFER if a data lookup deferred (not a host lookup)
3049
3050 If the host name was needed in order to make a comparison, and could not be
3051 determined from the IP address, the result is FAIL unless the item
3052 "+allow_unknown" was met earlier in the list, in which case OK is returned. */
3053
3054 int
3055 verify_check_this_host(uschar **listptr, unsigned int *cache_bits,
3056 uschar *host_name, uschar *host_address, uschar **valueptr)
3057 {
3058 int rc;
3059 unsigned int *local_cache_bits = cache_bits;
3060 uschar *save_host_address = deliver_host_address;
3061 check_host_block cb;
3062 cb.host_name = host_name;
3063 cb.host_address = host_address;
3064
3065 if (valueptr != NULL) *valueptr = NULL;
3066
3067 /* If the host address starts off ::ffff: it is an IPv6 address in
3068 IPv4-compatible mode. Find the IPv4 part for checking against IPv4
3069 addresses. */
3070
3071 cb.host_ipv4 = (Ustrncmp(host_address, "::ffff:", 7) == 0)?
3072 host_address + 7 : host_address;
3073
3074 /* During the running of the check, put the IP address into $host_address. In
3075 the case of calls from the smtp transport, it will already be there. However,
3076 in other calls (e.g. when testing ignore_target_hosts), it won't. Just to be on
3077 the safe side, any existing setting is preserved, though as I write this
3078 (November 2004) I can't see any cases where it is actually needed. */
3079
3080 deliver_host_address = host_address;
3081 rc = match_check_list(
3082 listptr, /* the list */
3083 0, /* separator character */
3084 &hostlist_anchor, /* anchor pointer */
3085 &local_cache_bits, /* cache pointer */
3086 check_host, /* function for testing */
3087 &cb, /* argument for function */
3088 MCL_HOST, /* type of check */
3089 (host_address == sender_host_address)?
3090 US"host" : host_address, /* text for debugging */
3091 valueptr); /* where to pass back data */
3092 deliver_host_address = save_host_address;
3093 return rc;
3094 }
3095
3096
3097
3098
3099 /*************************************************
3100 * Check the remote host matches a list *
3101 *************************************************/
3102
3103 /* This is a front end to verify_check_this_host(), created because checking
3104 the remote host is a common occurrence. With luck, a good compiler will spot
3105 the tail recursion and optimize it. If there's no host address, this is
3106 command-line SMTP input - check against an empty string for the address.
3107
3108 Arguments:
3109 listptr pointer to the host list
3110
3111 Returns: the yield of verify_check_this_host(),
3112 i.e. OK, FAIL, or DEFER
3113 */
3114
3115 int
3116 verify_check_host(uschar **listptr)
3117 {
3118 return verify_check_this_host(listptr, sender_host_cache, NULL,
3119 (sender_host_address == NULL)? US"" : sender_host_address, NULL);
3120 }
3121
3122
3123
3124
3125
3126 /*************************************************
3127 * Invert an IP address *
3128 *************************************************/
3129
3130 /* Originally just used for DNS xBL lists, now also used for the
3131 reverse_ip expansion operator.
3132
3133 Arguments:
3134 buffer where to put the answer
3135 address the address to invert
3136 */
3137
3138 void
3139 invert_address(uschar *buffer, uschar *address)
3140 {
3141 int bin[4];
3142 uschar *bptr = buffer;
3143
3144 /* If this is an IPv4 address mapped into IPv6 format, adjust the pointer
3145 to the IPv4 part only. */
3146
3147 if (Ustrncmp(address, "::ffff:", 7) == 0) address += 7;
3148
3149 /* Handle IPv4 address: when HAVE_IPV6 is false, the result of host_aton() is
3150 always 1. */
3151
3152 if (host_aton(address, bin) == 1)
3153 {
3154 int i;
3155 int x = bin[0];
3156 for (i = 0; i < 4; i++)
3157 {
3158 sprintf(CS bptr, "%d.", x & 255);
3159 while (*bptr) bptr++;
3160 x >>= 8;
3161 }
3162 }
3163
3164 /* Handle IPv6 address. Actually, as far as I know, there are no IPv6 addresses
3165 in any DNS black lists, and the format in which they will be looked up is
3166 unknown. This is just a guess. */
3167
3168 #if HAVE_IPV6
3169 else
3170 {
3171 int i, j;
3172 for (j = 3; j >= 0; j--)
3173 {
3174 int x = bin[j];
3175 for (i = 0; i < 8; i++)
3176 {
3177 sprintf(CS bptr, "%x.", x & 15);
3178 while (*bptr) bptr++;
3179 x >>= 4;
3180 }
3181 }
3182 }
3183 #endif
3184
3185 /* Remove trailing period -- this is needed so that both arbitrary
3186 dnsbl keydomains and inverted addresses may be combined with the
3187 same format string, "%s.%s" */
3188
3189 *(--bptr) = 0;
3190 }
3191
3192
3193
3194 /*************************************************
3195 * Perform a single dnsbl lookup *
3196 *************************************************/
3197
3198 /* This function is called from verify_check_dnsbl() below. It is also called
3199 recursively from within itself when domain and domain_txt are different
3200 pointers, in order to get the TXT record from the alternate domain.
3201
3202 Arguments:
3203 domain the outer dnsbl domain
3204 domain_txt alternate domain to lookup TXT record on success; when the
3205 same domain is to be used, domain_txt == domain (that is,
3206 the pointers must be identical, not just the text)
3207 keydomain the current keydomain (for debug message)
3208 prepend subdomain to lookup (like keydomain, but
3209 reversed if IP address)
3210 iplist the list of matching IP addresses, or NULL for "any"
3211 bitmask true if bitmask matching is wanted
3212 match_type condition for 'succeed' result
3213 0 => Any RR in iplist (=)
3214 1 => No RR in iplist (!=)
3215 2 => All RRs in iplist (==)
3216 3 => Some RRs not in iplist (!==)
3217 the two bits are defined as MT_NOT and MT_ALL
3218 defer_return what to return for a defer
3219
3220 Returns: OK if lookup succeeded
3221 FAIL if not
3222 */
3223
3224 static int
3225 one_check_dnsbl(uschar *domain, uschar *domain_txt, uschar *keydomain,
3226 uschar *prepend, uschar *iplist, BOOL bitmask, int match_type,
3227 int defer_return)
3228 {
3229 dns_answer dnsa;
3230 dns_scan dnss;
3231 tree_node *t;
3232 dnsbl_cache_block *cb;
3233 int old_pool = store_pool;
3234 uschar query[256]; /* DNS domain max length */
3235
3236 /* Construct the specific query domainname */
3237
3238 if (!string_format(query, sizeof(query), "%s.%s", prepend, domain))
3239 {
3240 log_write(0, LOG_MAIN|LOG_PANIC, "dnslist query is too long "
3241 "(ignored): %s...", query);
3242 return FAIL;
3243 }
3244
3245 /* Look for this query in the cache. */
3246
3247 t = tree_search(dnsbl_cache, query);
3248
3249 /* If not cached from a previous lookup, we must do a DNS lookup, and
3250 cache the result in permanent memory. */
3251
3252 if (t == NULL)
3253 {
3254 store_pool = POOL_PERM;
3255
3256 /* Set up a tree entry to cache the lookup */
3257
3258 t = store_get(sizeof(tree_node) + Ustrlen(query));
3259 Ustrcpy(t->name, query);
3260 t->data.ptr = cb = store_get(sizeof(dnsbl_cache_block));
3261 (void)tree_insertnode(&dnsbl_cache, t);
3262
3263 /* Do the DNS loopup . */
3264
3265 HDEBUG(D_dnsbl) debug_printf("new DNS lookup for %s\n", query);
3266 cb->rc = dns_basic_lookup(&dnsa, query, T_A);
3267 cb->text_set = FALSE;
3268 cb->text = NULL;
3269 cb->rhs = NULL;
3270
3271 /* If the lookup succeeded, cache the RHS address. The code allows for
3272 more than one address - this was for complete generality and the possible
3273 use of A6 records. However, A6 records have been reduced to experimental
3274 status (August 2001) and may die out. So they may never get used at all,
3275 let alone in dnsbl records. However, leave the code here, just in case.
3276
3277 Quite apart from one A6 RR generating multiple addresses, there are DNS
3278 lists that return more than one A record, so we must handle multiple
3279 addresses generated in that way as well. */
3280
3281 if (cb->rc == DNS_SUCCEED)
3282 {
3283 dns_record *rr;
3284 dns_address **addrp = &(cb->rhs);
3285 for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);
3286 rr != NULL;
3287 rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT))
3288 {
3289 if (rr->type == T_A)
3290 {
3291 dns_address *da = dns_address_from_rr(&dnsa, rr);
3292 if (da != NULL)
3293 {
3294 *addrp = da;
3295 while (da->next != NULL) da = da->next;
3296 addrp = &(da->next);
3297 }
3298 }
3299 }
3300
3301 /* If we didn't find any A records, change the return code. This can
3302 happen when there is a CNAME record but there are no A records for what
3303 it points to. */
3304
3305 if (cb->rhs == NULL) cb->rc = DNS_NODATA;
3306 }
3307
3308 store_pool = old_pool;
3309 }
3310
3311 /* Previous lookup was cached */
3312
3313 else
3314 {
3315 HDEBUG(D_dnsbl) debug_printf("using result of previous DNS lookup\n");
3316 cb = t->data.ptr;
3317 }
3318
3319 /* We now have the result of the DNS lookup, either newly done, or cached
3320 from a previous call. If the lookup succeeded, check against the address
3321 list if there is one. This may be a positive equality list (introduced by
3322 "="), a negative equality list (introduced by "!="), a positive bitmask
3323 list (introduced by "&"), or a negative bitmask list (introduced by "!&").*/
3324
3325 if (cb->rc == DNS_SUCCEED)
3326 {
3327 dns_address *da = NULL;
3328 uschar *addlist = cb->rhs->address;
3329
3330 /* For A and AAAA records, there may be multiple addresses from multiple
3331 records. For A6 records (currently not expected to be used) there may be
3332 multiple addresses from a single record. */
3333
3334 for (da = cb->rhs->next; da != NULL; da = da->next)
3335 addlist = string_sprintf("%s, %s", addlist, da->address);
3336
3337 HDEBUG(D_dnsbl) debug_printf("DNS lookup for %s succeeded (yielding %s)\n",
3338 query, addlist);
3339
3340 /* Address list check; this can be either for equality, or via a bitmask.
3341 In the latter case, all the bits must match. */
3342
3343 if (iplist != NULL)
3344 {
3345 for (da = cb->rhs; da != NULL; da = da->next)
3346 {
3347 int ipsep = ',';
3348 uschar ip[46];
3349 uschar *ptr = iplist;
3350 uschar *res;
3351
3352 /* Handle exact matching */
3353
3354 if (!bitmask)
3355 {
3356 while ((res = string_nextinlist(&ptr, &ipsep, ip, sizeof(ip))) != NULL)
3357 {
3358 if (Ustrcmp(CS da->address, ip) == 0) break;
3359 }
3360 }
3361
3362 /* Handle bitmask matching */
3363
3364 else
3365 {
3366 int address[4];
3367 int mask = 0;
3368
3369 /* At present, all known DNS blocking lists use A records, with
3370 IPv4 addresses on the RHS encoding the information they return. I
3371 wonder if this will linger on as the last vestige of IPv4 when IPv6
3372 is ubiquitous? Anyway, for now we use paranoia code to completely
3373 ignore IPv6 addresses. The default mask is 0, which always matches.
3374 We change this only for IPv4 addresses in the list. */
3375
3376 if (host_aton(da->address, address) == 1) mask = address[0];
3377
3378 /* Scan the returned addresses, skipping any that are IPv6 */
3379
3380 while ((res = string_nextinlist(&ptr, &ipsep, ip, sizeof(ip))) != NULL)
3381 {
3382 if (host_aton(ip, address) != 1) continue;
3383 if ((address[0] & mask) == address[0]) break;
3384 }
3385 }
3386
3387 /* If either
3388
3389 (a) An IP address in an any ('=') list matched, or
3390 (b) No IP address in an all ('==') list matched
3391
3392 then we're done searching. */
3393
3394 if (((match_type & MT_ALL) != 0) == (res == NULL)) break;
3395 }
3396
3397 /* If da == NULL, either
3398
3399 (a) No IP address in an any ('=') list matched, or
3400 (b) An IP address in an all ('==') list didn't match
3401
3402 so behave as if the DNSBL lookup had not succeeded, i.e. the host is not on
3403 the list. */
3404
3405 if ((match_type == MT_NOT || match_type == MT_ALL) != (da == NULL))
3406 {
3407 HDEBUG(D_dnsbl)
3408 {
3409 uschar *res = NULL;
3410 switch(match_type)
3411 {
3412 case 0:
3413 res = US"was no match";
3414 break;
3415 case MT_NOT:
3416 res = US"was an exclude match";
3417 break;
3418 case MT_ALL:
3419 res = US"was an IP address that did not match";
3420 break;
3421 case MT_NOT|MT_ALL:
3422 res = US"were no IP addresses that did not match";
3423 break;
3424 }
3425 debug_printf("=> but we are not accepting this block class because\n");
3426 debug_printf("=> there %s for %s%c%s\n",
3427 res,
3428 ((match_type & MT_ALL) == 0)? "" : "=",
3429 bitmask? '&' : '=', iplist);
3430 }
3431 return FAIL;
3432 }
3433 }
3434
3435 /* Either there was no IP list, or the record matched, implying that the
3436 domain is on the list. We now want to find a corresponding TXT record. If an
3437 alternate domain is specified for the TXT record, call this function
3438 recursively to look that up; this has the side effect of re-checking that
3439 there is indeed an A record at the alternate domain. */
3440
3441 if (domain_txt != domain)
3442 return one_check_dnsbl(domain_txt, domain_txt, keydomain, prepend, NULL,
3443 FALSE, match_type, defer_return);
3444
3445 /* If there is no alternate domain, look up a TXT record in the main domain
3446 if it has not previously been cached. */
3447
3448 if (!cb->text_set)
3449 {
3450 cb->text_set = TRUE;
3451 if (dns_basic_lookup(&dnsa, query, T_TXT) == DNS_SUCCEED)
3452 {
3453 dns_record *rr;
3454 for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);
3455 rr != NULL;
3456 rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT))