Cutthrough: enforce non-use in combination with DKIM signing or transport filter
authorJeremy Harris <jgh146exb@wizmail.org>
Mon, 26 Mar 2018 14:53:49 +0000 (15:53 +0100)
committerJeremy Harris <jgh146exb@wizmail.org>
Tue, 3 Apr 2018 23:21:14 +0000 (00:21 +0100)
Broken-by: 02b41d7106
doc/doc-txt/ChangeLog
src/src/verify.c

index af186d2..9a05c34 100644 (file)
@@ -160,6 +160,10 @@ JH/28 Ensure that variables possibly set during message acceptance are marked
 PP/02 DANE: add dane_require_tls_ciphers SMTP Transport option; if unset,
       tls_require_ciphers is used as before.
 
+JH/34 Re-introduce enforcement of no cutthrough delivery on transports having
+      transport-filters or DKIM-signing.  The restriction was lost in the
+      consolidation of verify-callout and delivery SMTP handling.
+
 
 Exim version 4.90
 -----------------
index 9582fe5..1df8566 100644 (file)
@@ -1026,6 +1026,20 @@ no_conn:
     here is where we want to leave the conn open.  Ditto for a lazy-close
     verify. */
 
+    if (cutthrough.delivery)
+      {
+      if (addr->transport->filter_command)
+        {
+        cutthrough.delivery= FALSE;
+        HDEBUG(D_acl|D_v) debug_printf("Cutthrough cancelled by presence of transport filter\n");
+        }
+      if (ob->dkim.dkim_domain)
+        {
+        cutthrough.delivery= FALSE;
+        HDEBUG(D_acl|D_v) debug_printf("Cutthrough cancelled by presence of DKIM signing\n");
+        }
+      }
+
     if (  (cutthrough.delivery || options & vopt_callout_hold)
        && rcpt_count == 1
        && done