diff options
author | Jeremy Harris <jgh146exb@wizmail.org> | 2012-05-06 17:12:31 +0100 |
---|---|---|
committer | Jeremy Harris <jgh146exb@wizmail.org> | 2012-06-04 14:57:02 +0100 |
commit | 193e3acd2723abeaaad8575fec3c058df674fc5d (patch) | |
tree | afa6bb6dcdf9fc6f9d257063d523c61b03c6937b /src | |
parent | cb9d95aeae369ae85cd13473cda0bb3ae415fcb9 (diff) |
Deal explicitly with attempt to callout via null transport; fixes crash.
Diffstat (limited to 'src')
-rw-r--r-- | src/src/verify.c | 971 |
1 files changed, 490 insertions, 481 deletions
diff --git a/src/src/verify.c b/src/src/verify.c index 964bdf714..39ef33787 100644 --- a/src/src/verify.c +++ b/src/src/verify.c @@ -154,7 +154,6 @@ do_callout(address_item *addr, host_item *host_list, transport_feedback *tf, int callout, int callout_overall, int callout_connect, int options, uschar *se_mailfrom, uschar *pm_mailfrom) { -smtp_transport_options_block *ob = (smtp_transport_options_block *)(addr->transport->options_block); BOOL is_recipient = (options & vopt_is_recipient) != 0; BOOL callout_no_cache = (options & vopt_callout_no_cache) != 0; BOOL callout_random = (options & vopt_callout_random) != 0; @@ -370,596 +369,606 @@ if (dbm_file != NULL) dbm_file = NULL; } -/* The information wasn't available in the cache, so we have to do a real -callout and save the result in the cache for next time, unless no_cache is set, -or unless we have a previously cached negative random result. If we are to test -with a random local part, ensure that such a local part is available. If not, -log the fact, but carry on without randomming. */ - -if (callout_random && callout_random_local_part != NULL) +if (!addr->transport) { - random_local_part = expand_string(callout_random_local_part); - if (random_local_part == NULL) - log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand " - "callout_random_local_part: %s", expand_string_message); + HDEBUG(D_verify) debug_printf("cannot callout via null transport\n"); } +else + { + smtp_transport_options_block *ob = + (smtp_transport_options_block *)(addr->transport->options_block); -/* Default the connect and overall callout timeouts if not set, and record the -time we are starting so that we can enforce it. */ + /* The information wasn't available in the cache, so we have to do a real + callout and save the result in the cache for next time, unless no_cache is set, + or unless we have a previously cached negative random result. If we are to test + with a random local part, ensure that such a local part is available. If not, + log the fact, but carry on without randomming. */ -if (callout_overall < 0) callout_overall = 4 * callout; -if (callout_connect < 0) callout_connect = callout; -callout_start_time = time(NULL); + if (callout_random && callout_random_local_part != NULL) + { + random_local_part = expand_string(callout_random_local_part); + if (random_local_part == NULL) + log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand " + "callout_random_local_part: %s", expand_string_message); + } -/* Before doing a real callout, if this is an SMTP connection, flush the SMTP -output because a callout might take some time. When PIPELINING is active and -there are many recipients, the total time for doing lots of callouts can add up -and cause the client to time out. So in this case we forgo the PIPELINING -optimization. */ + /* Default the connect and overall callout timeouts if not set, and record the + time we are starting so that we can enforce it. */ -if (smtp_out != NULL && !disable_callout_flush) mac_smtp_fflush(); + if (callout_overall < 0) callout_overall = 4 * callout; + if (callout_connect < 0) callout_connect = callout; + callout_start_time = time(NULL); -/* Precompile some regex that are used to recognize parameters in response -to an EHLO command, if they aren't already compiled. */ -#ifdef SUPPORT_TLS -if (regex_STARTTLS == NULL) regex_STARTTLS = - regex_must_compile(US"\\n250[\\s\\-]STARTTLS(\\s|\\n|$)", FALSE, TRUE); -#endif + /* Before doing a real callout, if this is an SMTP connection, flush the SMTP + output because a callout might take some time. When PIPELINING is active and + there are many recipients, the total time for doing lots of callouts can add up + and cause the client to time out. So in this case we forgo the PIPELINING + optimization. */ -/* Now make connections to the hosts and do real callouts. The list of hosts -is passed in as an argument. */ + if (smtp_out != NULL && !disable_callout_flush) mac_smtp_fflush(); -for (host = host_list; host != NULL && !done; host = host->next) - { - smtp_inblock inblock; - smtp_outblock outblock; - int host_af; - int port = 25; - BOOL send_quit = TRUE; - uschar *active_hostname = smtp_active_hostname; - BOOL lmtp; - BOOL smtps; - BOOL esmtp; - BOOL suppress_tls = FALSE; - uschar *interface = NULL; /* Outgoing interface to use; NULL => any */ - uschar inbuffer[4096]; - uschar outbuffer[1024]; - uschar responsebuffer[4096]; - - clearflag(addr, af_verify_pmfail); /* postmaster callout flag */ - clearflag(addr, af_verify_nsfail); /* null sender callout flag */ - - /* Skip this host if we don't have an IP address for it. */ - - if (host->address == NULL) - { - DEBUG(D_verify) debug_printf("no IP address for host name %s: skipping\n", - host->name); - continue; - } + /* Precompile some regex that are used to recognize parameters in response + to an EHLO command, if they aren't already compiled. */ + #ifdef SUPPORT_TLS + if (regex_STARTTLS == NULL) regex_STARTTLS = + regex_must_compile(US"\\n250[\\s\\-]STARTTLS(\\s|\\n|$)", FALSE, TRUE); + #endif - /* Check the overall callout timeout */ + /* Now make connections to the hosts and do real callouts. The list of hosts + is passed in as an argument. */ - if (time(NULL) - callout_start_time >= callout_overall) + for (host = host_list; host != NULL && !done; host = host->next) { - HDEBUG(D_verify) debug_printf("overall timeout for callout exceeded\n"); - break; - } + smtp_inblock inblock; + smtp_outblock outblock; + int host_af; + int port = 25; + BOOL send_quit = TRUE; + uschar *active_hostname = smtp_active_hostname; + BOOL lmtp; + BOOL smtps; + BOOL esmtp; + BOOL suppress_tls = FALSE; + uschar *interface = NULL; /* Outgoing interface to use; NULL => any */ + uschar inbuffer[4096]; + uschar outbuffer[1024]; + uschar responsebuffer[4096]; + + clearflag(addr, af_verify_pmfail); /* postmaster callout flag */ + clearflag(addr, af_verify_nsfail); /* null sender callout flag */ + + /* Skip this host if we don't have an IP address for it. */ + + if (host->address == NULL) + { + DEBUG(D_verify) debug_printf("no IP address for host name %s: skipping\n", + host->name); + continue; + } - /* Set IPv4 or IPv6 */ + /* Check the overall callout timeout */ - host_af = (Ustrchr(host->address, ':') == NULL)? AF_INET:AF_INET6; + if (time(NULL) - callout_start_time >= callout_overall) + { + HDEBUG(D_verify) debug_printf("overall timeout for callout exceeded\n"); + break; + } - /* Expand and interpret the interface and port strings. The latter will not - be used if there is a host-specific port (e.g. from a manualroute router). - This has to be delayed till now, because they may expand differently for - different hosts. If there's a failure, log it, but carry on with the - defaults. */ + /* Set IPv4 or IPv6 */ - deliver_host = host->name; - deliver_host_address = host->address; - deliver_domain = addr->domain; + host_af = (Ustrchr(host->address, ':') == NULL)? AF_INET:AF_INET6; - if (!smtp_get_interface(tf->interface, host_af, addr, NULL, &interface, - US"callout") || - !smtp_get_port(tf->port, addr, &port, US"callout")) - log_write(0, LOG_MAIN|LOG_PANIC, "<%s>: %s", addr->address, - addr->message); + /* Expand and interpret the interface and port strings. The latter will not + be used if there is a host-specific port (e.g. from a manualroute router). + This has to be delayed till now, because they may expand differently for + different hosts. If there's a failure, log it, but carry on with the + defaults. */ - /* Set HELO string according to the protocol */ - lmtp= Ustrcmp(tf->protocol, "lmtp") == 0; - smtps= Ustrcmp(tf->protocol, "smtps") == 0; + deliver_host = host->name; + deliver_host_address = host->address; + deliver_domain = addr->domain; + if (!smtp_get_interface(tf->interface, host_af, addr, NULL, &interface, + US"callout") || + !smtp_get_port(tf->port, addr, &port, US"callout")) + log_write(0, LOG_MAIN|LOG_PANIC, "<%s>: %s", addr->address, + addr->message); - HDEBUG(D_verify) debug_printf("interface=%s port=%d\n", interface, port); + /* Set HELO string according to the protocol */ + lmtp= Ustrcmp(tf->protocol, "lmtp") == 0; + smtps= Ustrcmp(tf->protocol, "smtps") == 0; - /* Set up the buffer for reading SMTP response packets. */ - inblock.buffer = inbuffer; - inblock.buffersize = sizeof(inbuffer); - inblock.ptr = inbuffer; - inblock.ptrend = inbuffer; + HDEBUG(D_verify) debug_printf("interface=%s port=%d\n", interface, port); - /* Set up the buffer for holding SMTP commands while pipelining */ + /* Set up the buffer for reading SMTP response packets. */ - outblock.buffer = outbuffer; - outblock.buffersize = sizeof(outbuffer); - outblock.ptr = outbuffer; - outblock.cmd_count = 0; - outblock.authenticating = FALSE; + inblock.buffer = inbuffer; + inblock.buffersize = sizeof(inbuffer); + inblock.ptr = inbuffer; + inblock.ptrend = inbuffer; - /* Reset the parameters of a TLS session */ - tls_out.cipher = tls_out.peerdn = NULL; + /* Set up the buffer for holding SMTP commands while pipelining */ - /* Connect to the host; on failure, just loop for the next one, but we - set the error for the last one. Use the callout_connect timeout. */ + outblock.buffer = outbuffer; + outblock.buffersize = sizeof(outbuffer); + outblock.ptr = outbuffer; + outblock.cmd_count = 0; + outblock.authenticating = FALSE; - tls_retry_connection: + /* Reset the parameters of a TLS session */ + tls_out.cipher = tls_out.peerdn = NULL; - inblock.sock = outblock.sock = - smtp_connect(host, host_af, port, interface, callout_connect, TRUE, NULL); - /* reconsider DSCP here */ - if (inblock.sock < 0) - { - addr->message = string_sprintf("could not connect to %s [%s]: %s", - host->name, host->address, strerror(errno)); - deliver_host = deliver_host_address = NULL; - deliver_domain = save_deliver_domain; - continue; - } + /* Connect to the host; on failure, just loop for the next one, but we + set the error for the last one. Use the callout_connect timeout. */ - /* Expand the helo_data string to find the host name to use. */ + tls_retry_connection: - if (tf->helo_data != NULL) - { - uschar *s = expand_string(tf->helo_data); - if (s == NULL) - log_write(0, LOG_MAIN|LOG_PANIC, "<%s>: failed to expand transport's " - "helo_data value for callout: %s", addr->address, - expand_string_message); - else active_hostname = s; - } + inblock.sock = outblock.sock = + smtp_connect(host, host_af, port, interface, callout_connect, TRUE); + /* reconsider DSCP here */ + if (inblock.sock < 0) + { + addr->message = string_sprintf("could not connect to %s [%s]: %s", + host->name, host->address, strerror(errno)); + deliver_host = deliver_host_address = NULL; + deliver_domain = save_deliver_domain; + continue; + } - deliver_host = deliver_host_address = NULL; - deliver_domain = save_deliver_domain; + /* Expand the helo_data string to find the host name to use. */ - /* Wait for initial response, and send HELO. The smtp_write_command() - function leaves its command in big_buffer. This is used in error responses. - Initialize it in case the connection is rejected. */ + if (tf->helo_data != NULL) + { + uschar *s = expand_string(tf->helo_data); + if (s == NULL) + log_write(0, LOG_MAIN|LOG_PANIC, "<%s>: failed to expand transport's " + "helo_data value for callout: %s", addr->address, + expand_string_message); + else active_hostname = s; + } - Ustrcpy(big_buffer, "initial connection"); + deliver_host = deliver_host_address = NULL; + deliver_domain = save_deliver_domain; - /* Unless ssl-on-connect, wait for the initial greeting */ - smtps_redo_greeting: + /* Wait for initial response, and send HELO. The smtp_write_command() + function leaves its command in big_buffer. This is used in error responses. + Initialize it in case the connection is rejected. */ - #ifdef SUPPORT_TLS - if (!smtps || (smtps && tls_out.active >= 0)) - #endif - if (!(done= smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), '2', callout))) - goto RESPONSE_FAILED; - - /* Not worth checking greeting line for ESMTP support */ - if (!(esmtp = verify_check_this_host(&(ob->hosts_avoid_esmtp), NULL, - host->name, host->address, NULL) != OK)) - DEBUG(D_transport) - debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n"); + Ustrcpy(big_buffer, "initial connection"); - tls_redo_helo: + /* Unless ssl-on-connect, wait for the initial greeting */ + smtps_redo_greeting: - #ifdef SUPPORT_TLS - if (smtps && tls_out.active < 0) /* ssl-on-connect, first pass */ - { - tls_offered = TRUE; - ob->tls_tempfail_tryclear = FALSE; - } - else /* all other cases */ - #endif + #ifdef SUPPORT_TLS + if (!smtps || (smtps && tls_out.active >= 0)) + #endif + if (!(done= smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), '2', callout))) + goto RESPONSE_FAILED; + + /* Not worth checking greeting line for ESMTP support */ + if (!(esmtp = verify_check_this_host(&(ob->hosts_avoid_esmtp), NULL, + host->name, host->address, NULL) != OK)) + DEBUG(D_transport) + debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n"); - { esmtp_retry: + tls_redo_helo: - if (!(done= smtp_write_command(&outblock, FALSE, "%s %s\r\n", - !esmtp? "HELO" : lmtp? "LHLO" : "EHLO", active_hostname) >= 0)) - goto SEND_FAILED; - if (!smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), '2', callout)) + #ifdef SUPPORT_TLS + if (smtps && tls_out.active < 0) /* ssl-on-connect, first pass */ { - if (errno != 0 || responsebuffer[0] == 0 || lmtp || !esmtp || tls_out.active >= 0) - { - done= FALSE; - goto RESPONSE_FAILED; - } - #ifdef SUPPORT_TLS - tls_offered = FALSE; - #endif - esmtp = FALSE; - goto esmtp_retry; /* fallback to HELO */ + tls_offered = TRUE; + ob->tls_tempfail_tryclear = FALSE; } - - /* Set tls_offered if the response to EHLO specifies support for STARTTLS. */ - #ifdef SUPPORT_TLS - tls_offered = esmtp && !suppress_tls && tls_out.active < 0 && - pcre_exec(regex_STARTTLS, NULL, CS responsebuffer, Ustrlen(responsebuffer), 0, - PCRE_EOPT, NULL, 0) >= 0; + else /* all other cases */ #endif - } - /* If TLS is available on this connection attempt to - start up a TLS session, unless the host is in hosts_avoid_tls. If successful, - send another EHLO - the server may give a different answer in secure mode. We - use a separate buffer for reading the response to STARTTLS so that if it is - negative, the original EHLO data is available for subsequent analysis, should - the client not be required to use TLS. If the response is bad, copy the buffer - for error analysis. */ + { esmtp_retry: - #ifdef SUPPORT_TLS - if (tls_offered && - verify_check_this_host(&(ob->hosts_avoid_tls), NULL, host->name, - host->address, NULL) != OK) - { - uschar buffer2[4096]; - if ( !smtps - && !(done= smtp_write_command(&outblock, FALSE, "STARTTLS\r\n") >= 0)) - goto SEND_FAILED; - - /* If there is an I/O error, transmission of this message is deferred. If - there is a temporary rejection of STARRTLS and tls_tempfail_tryclear is - false, we also defer. However, if there is a temporary rejection of STARTTLS - and tls_tempfail_tryclear is true, or if there is an outright rejection of - STARTTLS, we carry on. This means we will try to send the message in clear, - unless the host is in hosts_require_tls (tested below). */ - - if (!smtps && !smtp_read_response(&inblock, buffer2, sizeof(buffer2), '2', - ob->command_timeout)) - { - if (errno != 0 || buffer2[0] == 0 || - (buffer2[0] == '4' && !ob->tls_tempfail_tryclear)) - { - Ustrncpy(responsebuffer, buffer2, sizeof(responsebuffer)); - done= FALSE; - goto RESPONSE_FAILED; - } + if (!(done= smtp_write_command(&outblock, FALSE, "%s %s\r\n", + !esmtp? "HELO" : lmtp? "LHLO" : "EHLO", active_hostname) >= 0)) + goto SEND_FAILED; + if (!smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), '2', callout)) + { + if (errno != 0 || responsebuffer[0] == 0 || lmtp || !esmtp || tls_out.active >= 0) + { + done= FALSE; + goto RESPONSE_FAILED; + } + #ifdef SUPPORT_TLS + tls_offered = FALSE; + #endif + esmtp = FALSE; + goto esmtp_retry; /* fallback to HELO */ + } + + /* Set tls_offered if the response to EHLO specifies support for STARTTLS. */ + #ifdef SUPPORT_TLS + tls_offered = esmtp && !suppress_tls && tls_out.active < 0 && + pcre_exec(regex_STARTTLS, NULL, CS responsebuffer, Ustrlen(responsebuffer), 0, + PCRE_EOPT, NULL, 0) >= 0; + #endif } - /* STARTTLS accepted or ssl-on-connect: try to negotiate a TLS session. */ - else + /* If TLS is available on this connection attempt to + start up a TLS session, unless the host is in hosts_avoid_tls. If successful, + send another EHLO - the server may give a different answer in secure mode. We + use a separate buffer for reading the response to STARTTLS so that if it is + negative, the original EHLO data is available for subsequent analysis, should + the client not be required to use TLS. If the response is bad, copy the buffer + for error analysis. */ + + #ifdef SUPPORT_TLS + if (tls_offered && + verify_check_this_host(&(ob->hosts_avoid_tls), NULL, host->name, + host->address, NULL) != OK) { - int rc = tls_client_start(inblock.sock, host, addr, - NULL, /* No DH param */ - ob->tls_certificate, ob->tls_privatekey, - ob->tls_sni, - ob->tls_verify_certificates, ob->tls_crl, - ob->tls_require_ciphers, - ob->gnutls_require_mac, ob->gnutls_require_kx, ob->gnutls_require_proto, - callout); - - /* TLS negotiation failed; give an error. Try in clear on a new connection, - if the options permit it for this host. */ - if (rc != OK) + uschar buffer2[4096]; + if ( !smtps + && !(done= smtp_write_command(&outblock, FALSE, "STARTTLS\r\n") >= 0)) + goto SEND_FAILED; + + /* If there is an I/O error, transmission of this message is deferred. If + there is a temporary rejection of STARRTLS and tls_tempfail_tryclear is + false, we also defer. However, if there is a temporary rejection of STARTTLS + and tls_tempfail_tryclear is true, or if there is an outright rejection of + STARTTLS, we carry on. This means we will try to send the message in clear, + unless the host is in hosts_require_tls (tested below). */ + + if (!smtps && !smtp_read_response(&inblock, buffer2, sizeof(buffer2), '2', + ob->command_timeout)) { - if (rc == DEFER && ob->tls_tempfail_tryclear && !smtps && - verify_check_this_host(&(ob->hosts_require_tls), NULL, host->name, - host->address, NULL) != OK) - { - (void)close(inblock.sock); - log_write(0, LOG_MAIN, "TLS session failure: delivering unencrypted " - "to %s [%s] (not in hosts_require_tls)", host->name, host->address); - suppress_tls = TRUE; - goto tls_retry_connection; - } - /*save_errno = ERRNO_TLSFAILURE;*/ - /*message = US"failure while setting up TLS session";*/ - send_quit = FALSE; - done= FALSE; - goto TLS_FAILED; - } - - /* TLS session is set up. Copy info for logging. */ - addr->cipher = tls_out.cipher; - addr->peerdn = tls_out.peerdn; - - /* For SMTPS we need to wait for the initial OK response, then do HELO. */ - if (smtps) - goto smtps_redo_greeting; - - /* For STARTTLS we need to redo EHLO */ - goto tls_redo_helo; - } - } + if (errno != 0 || buffer2[0] == 0 || + (buffer2[0] == '4' && !ob->tls_tempfail_tryclear)) + { + Ustrncpy(responsebuffer, buffer2, sizeof(responsebuffer)); + done= FALSE; + goto RESPONSE_FAILED; + } + } - /* If the host is required to use a secure channel, ensure that we have one. */ - if (tls_out.active < 0) - if (verify_check_this_host(&(ob->hosts_require_tls), NULL, host->name, - host->address, NULL) == OK) - { - /*save_errno = ERRNO_TLSREQUIRED;*/ - log_write(0, LOG_MAIN, "a TLS session is required for %s [%s], but %s", - host->name, host->address, - tls_offered? "an attempt to start TLS failed" : "the server did not offer TLS support"); - done= FALSE; - goto TLS_FAILED; + /* STARTTLS accepted or ssl-on-connect: try to negotiate a TLS session. */ + else + { + int rc = tls_client_start(inblock.sock, host, addr, + NULL, /* No DH param */ + ob->tls_certificate, ob->tls_privatekey, + ob->tls_sni, + ob->tls_verify_certificates, ob->tls_crl, + ob->tls_require_ciphers, + ob->gnutls_require_mac, ob->gnutls_require_kx, ob->gnutls_require_proto, + callout); + + /* TLS negotiation failed; give an error. Try in clear on a new connection, + if the options permit it for this host. */ + if (rc != OK) + { + if (rc == DEFER && ob->tls_tempfail_tryclear && !smtps && + verify_check_this_host(&(ob->hosts_require_tls), NULL, host->name, + host->address, NULL) != OK) + { + (void)close(inblock.sock); + log_write(0, LOG_MAIN, "TLS session failure: delivering unencrypted " + "to %s [%s] (not in hosts_require_tls)", host->name, host->address); + suppress_tls = TRUE; + goto tls_retry_connection; + } + /*save_errno = ERRNO_TLSFAILURE;*/ + /*message = US"failure while setting up TLS session";*/ + send_quit = FALSE; + done= FALSE; + goto TLS_FAILED; + } + + /* TLS session is set up. Copy info for logging. */ + addr->cipher = tls_out.cipher; + addr->peerdn = tls_out.peerdn; + + /* For SMTPS we need to wait for the initial OK response, then do HELO. */ + if (smtps) + goto smtps_redo_greeting; + + /* For STARTTLS we need to redo EHLO */ + goto tls_redo_helo; + } } - #endif /*SUPPORT_TLS*/ + /* If the host is required to use a secure channel, ensure that we have one. */ + if (tls_out.active < 0) + if (verify_check_this_host(&(ob->hosts_require_tls), NULL, host->name, + host->address, NULL) == OK) + { + /*save_errno = ERRNO_TLSREQUIRED;*/ + log_write(0, LOG_MAIN, "a TLS session is required for %s [%s], but %s", + host->name, host->address, + tls_offered? "an attempt to start TLS failed" : "the server did not offer TLS support"); + done= FALSE; + goto TLS_FAILED; + } - done = TRUE; /* so far so good; have response to HELO */ + #endif /*SUPPORT_TLS*/ - /*XXX the EHLO response would be analyzed here for IGNOREQUOTA, SIZE, PIPELINING, AUTH */ - /* If we haven't authenticated, but are required to, give up. */ + done = TRUE; /* so far so good; have response to HELO */ - /*XXX "filter command specified for this transport" ??? */ - /* for now, transport_filter by cutthrough-delivery is not supported */ - /* Need proper integration with the proper transport mechanism. */ + /*XXX the EHLO response would be analyzed here for IGNOREQUOTA, SIZE, PIPELINING, AUTH */ + /* If we haven't authenticated, but are required to, give up. */ + /*XXX "filter command specified for this transport" ??? */ + /* for now, transport_filter by cutthrough-delivery is not supported */ + /* Need proper integration with the proper transport mechanism. */ - SEND_FAILED: - RESPONSE_FAILED: - TLS_FAILED: - ; - /* Clear down of the TLS, SMTP and TCP layers on error is handled below. */ + SEND_FAILED: + RESPONSE_FAILED: + TLS_FAILED: + ; + /* Clear down of the TLS, SMTP and TCP layers on error is handled below. */ - /* Failure to accept HELO is cached; this blocks the whole domain for all - senders. I/O errors and defer responses are not cached. */ - if (!done) - { - *failure_ptr = US"mail"; /* At or before MAIL */ - if (errno == 0 && responsebuffer[0] == '5') + /* Failure to accept HELO is cached; this blocks the whole domain for all + senders. I/O errors and defer responses are not cached. */ + + if (!done) { - setflag(addr, af_verify_nsfail); - new_domain_record.result = ccache_reject; + *failure_ptr = US"mail"; /* At or before MAIL */ + if (errno == 0 && responsebuffer[0] == '5') + { + setflag(addr, af_verify_nsfail); + new_domain_record.result = ccache_reject; + } } - } - /* Send the MAIL command */ + /* Send the MAIL command */ - else done = - smtp_write_command(&outblock, FALSE, "MAIL FROM:<%s>\r\n", - from_address) >= 0 && - smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), - '2', callout); + else done = + smtp_write_command(&outblock, FALSE, "MAIL FROM:<%s>\r\n", + from_address) >= 0 && + smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), + '2', callout); - /* If the host does not accept MAIL FROM:<>, arrange to cache this - information, but again, don't record anything for an I/O error or a defer. Do - not cache rejections of MAIL when a non-empty sender has been used, because - that blocks the whole domain for all senders. */ + /* If the host does not accept MAIL FROM:<>, arrange to cache this + information, but again, don't record anything for an I/O error or a defer. Do + not cache rejections of MAIL when a non-empty sender has been used, because + that blocks the whole domain for all senders. */ - if (!done) - { - *failure_ptr = US"mail"; /* At or before MAIL */ - if (errno == 0 && responsebuffer[0] == '5') + if (!done) { - setflag(addr, af_verify_nsfail); - if (from_address[0] == 0) - new_domain_record.result = ccache_reject_mfnull; + *failure_ptr = US"mail"; /* At or before MAIL */ + if (errno == 0 && responsebuffer[0] == '5') + { + setflag(addr, af_verify_nsfail); + if (from_address[0] == 0) + new_domain_record.result = ccache_reject_mfnull; + } } - } - /* Otherwise, proceed to check a "random" address (if required), then the - given address, and the postmaster address (if required). Between each check, - issue RSET, because some servers accept only one recipient after MAIL - FROM:<>. + /* Otherwise, proceed to check a "random" address (if required), then the + given address, and the postmaster address (if required). Between each check, + issue RSET, because some servers accept only one recipient after MAIL + FROM:<>. - Before doing this, set the result in the domain cache record to "accept", - unless its previous value was ccache_reject_mfnull. In that case, the domain - rejects MAIL FROM:<> and we want to continue to remember that. When that is - the case, we have got here only in the case of a recipient verification with - a non-null sender. */ + Before doing this, set the result in the domain cache record to "accept", + unless its previous value was ccache_reject_mfnull. In that case, the domain + rejects MAIL FROM:<> and we want to continue to remember that. When that is + the case, we have got here only in the case of a recipient verification with + a non-null sender. */ - else - { - new_domain_record.result = - (old_domain_cache_result == ccache_reject_mfnull)? - ccache_reject_mfnull: ccache_accept; + else + { + new_domain_record.result = + (old_domain_cache_result == ccache_reject_mfnull)? + ccache_reject_mfnull: ccache_accept; - /* Do the random local part check first */ + /* Do the random local part check first */ - if (random_local_part != NULL) - { - uschar randombuffer[1024]; - BOOL random_ok = - smtp_write_command(&outblock, FALSE, - "RCPT TO:<%.1000s@%.1000s>\r\n", random_local_part, - addr->domain) >= 0 && - smtp_read_response(&inblock, randombuffer, - sizeof(randombuffer), '2', callout); + if (random_local_part != NULL) + { + uschar randombuffer[1024]; + BOOL random_ok = + smtp_write_command(&outblock, FALSE, + "RCPT TO:<%.1000s@%.1000s>\r\n", random_local_part, + addr->domain) >= 0 && + smtp_read_response(&inblock, randombuffer, + sizeof(randombuffer), '2', callout); - /* Remember when we last did a random test */ + /* Remember when we last did a random test */ - new_domain_record.random_stamp = time(NULL); + new_domain_record.random_stamp = time(NULL); - /* If accepted, we aren't going to do any further tests below. */ + /* If accepted, we aren't going to do any further tests below. */ - if (random_ok) - { - new_domain_record.random_result = ccache_accept; - } + if (random_ok) + { + new_domain_record.random_result = ccache_accept; + } - /* Otherwise, cache a real negative response, and get back to the right - state to send RCPT. Unless there's some problem such as a dropped - connection, we expect to succeed, because the commands succeeded above. */ + /* Otherwise, cache a real negative response, and get back to the right + state to send RCPT. Unless there's some problem such as a dropped + connection, we expect to succeed, because the commands succeeded above. */ - else if (errno == 0) + else if (errno == 0) + { + if (randombuffer[0] == '5') + new_domain_record.random_result = ccache_reject; + + done = + smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0 && + smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), + '2', callout) && + + smtp_write_command(&outblock, FALSE, "MAIL FROM:<%s>\r\n", + from_address) >= 0 && + smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), + '2', callout); + } + else done = FALSE; /* Some timeout/connection problem */ + } /* Random check */ + + /* If the host is accepting all local parts, as determined by the "random" + check, we don't need to waste time doing any further checking. */ + + if (new_domain_record.random_result != ccache_accept && done) { - if (randombuffer[0] == '5') - new_domain_record.random_result = ccache_reject; + /* Get the rcpt_include_affixes flag from the transport if there is one, + but assume FALSE if there is not. */ done = - smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0 && - smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), - '2', callout) && - - smtp_write_command(&outblock, FALSE, "MAIL FROM:<%s>\r\n", - from_address) >= 0 && + smtp_write_command(&outblock, FALSE, "RCPT TO:<%.1000s>\r\n", + transport_rcpt_address(addr, + (addr->transport == NULL)? FALSE : + addr->transport->rcpt_include_affixes)) >= 0 && smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), '2', callout); - } - else done = FALSE; /* Some timeout/connection problem */ - } /* Random check */ - /* If the host is accepting all local parts, as determined by the "random" - check, we don't need to waste time doing any further checking. */ - - if (new_domain_record.random_result != ccache_accept && done) - { - /* Get the rcpt_include_affixes flag from the transport if there is one, - but assume FALSE if there is not. */ - - done = - smtp_write_command(&outblock, FALSE, "RCPT TO:<%.1000s>\r\n", - transport_rcpt_address(addr, - (addr->transport == NULL)? FALSE : - addr->transport->rcpt_include_affixes)) >= 0 && - smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), - '2', callout); - - if (done) - new_address_record.result = ccache_accept; - else if (errno == 0 && responsebuffer[0] == '5') - { - *failure_ptr = US"recipient"; - new_address_record.result = ccache_reject; - } + if (done) + new_address_record.result = ccache_accept; + else if (errno == 0 && responsebuffer[0] == '5') + { + *failure_ptr = US"recipient"; + new_address_record.result = ccache_reject; + } - /* Do postmaster check if requested; if a full check is required, we - check for RCPT TO:<postmaster> (no domain) in accordance with RFC 821. */ + /* Do postmaster check if requested; if a full check is required, we + check for RCPT TO:<postmaster> (no domain) in accordance with RFC 821. */ - if (done && pm_mailfrom != NULL) - { - /*XXX not suitable for cutthrough - sequencing problems */ - cutthrough_delivery= FALSE; - HDEBUG(D_acl|D_v) debug_printf("Cutthrough cancelled by presence of postmaster verify\n"); + if (done && pm_mailfrom != NULL) + { + /*XXX not suitable for cutthrough - sequencing problems */ + cutthrough_delivery= FALSE; + HDEBUG(D_acl|D_v) debug_printf("Cutthrough cancelled by presence of postmaster verify\n"); - done = - smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0 && - smtp_read_response(&inblock, responsebuffer, - sizeof(responsebuffer), '2', callout) && + done = + smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0 && + smtp_read_response(&inblock, responsebuffer, + sizeof(responsebuffer), '2', callout) && - smtp_write_command(&outblock, FALSE, - "MAIL FROM:<%s>\r\n", pm_mailfrom) >= 0 && - smtp_read_response(&inblock, responsebuffer, - sizeof(responsebuffer), '2', callout) && + smtp_write_command(&outblock, FALSE, + "MAIL FROM:<%s>\r\n", pm_mailfrom) >= 0 && + smtp_read_response(&inblock, responsebuffer, + sizeof(responsebuffer), '2', callout) && - /* First try using the current domain */ + /* First try using the current domain */ - (( - smtp_write_command(&outblock, FALSE, - "RCPT TO:<postmaster@%.1000s>\r\n", addr->domain) >= 0 && - smtp_read_response(&inblock, responsebuffer, - sizeof(responsebuffer), '2', callout) - ) + (( + smtp_write_command(&outblock, FALSE, + "RCPT TO:<postmaster@%.1000s>\r\n", addr->domain) >= 0 && + smtp_read_response(&inblock, responsebuffer, + sizeof(responsebuffer), '2', callout) + ) - || + || - /* If that doesn't work, and a full check is requested, - try without the domain. */ + /* If that doesn't work, and a full check is requested, + try without the domain. */ - ( - (options & vopt_callout_fullpm) != 0 && - smtp_write_command(&outblock, FALSE, - "RCPT TO:<postmaster>\r\n") >= 0 && - smtp_read_response(&inblock, responsebuffer, - sizeof(responsebuffer), '2', callout) - )); + ( + (options & vopt_callout_fullpm) != 0 && + smtp_write_command(&outblock, FALSE, + "RCPT TO:<postmaster>\r\n") >= 0 && + smtp_read_response(&inblock, responsebuffer, + sizeof(responsebuffer), '2', callout) + )); - /* Sort out the cache record */ + /* Sort out the cache record */ - new_domain_record.postmaster_stamp = time(NULL); + new_domain_record.postmaster_stamp = time(NULL); - if (done) - new_domain_record.postmaster_result = ccache_accept; - else if (errno == 0 && responsebuffer[0] == '5') - { - *failure_ptr = US"postmaster"; - setflag(addr, af_verify_pmfail); - new_domain_record.postmaster_result = ccache_reject; + if (done) + new_domain_record.postmaster_result = ccache_accept; + else if (errno == 0 && responsebuffer[0] == '5') + { + *failure_ptr = US"postmaster"; + setflag(addr, af_verify_pmfail); + new_domain_record.postmaster_result = ccache_reject; + } } - } - } /* Random not accepted */ - } /* MAIL FROM: accepted */ + } /* Random not accepted */ + } /* MAIL FROM: accepted */ - /* For any failure of the main check, other than a negative response, we just - close the connection and carry on. We can identify a negative response by the - fact that errno is zero. For I/O errors it will be non-zero + /* For any failure of the main check, other than a negative response, we just + close the connection and carry on. We can identify a negative response by the + fact that errno is zero. For I/O errors it will be non-zero - Set up different error texts for logging and for sending back to the caller - as an SMTP response. Log in all cases, using a one-line format. For sender - callouts, give a full response to the caller, but for recipient callouts, - don't give the IP address because this may be an internal host whose identity - is not to be widely broadcast. */ + Set up different error texts for logging and for sending back to the caller + as an SMTP response. Log in all cases, using a one-line format. For sender + callouts, give a full response to the caller, but for recipient callouts, + don't give the IP address because this may be an internal host whose identity + is not to be widely broadcast. */ - if (!done) - { - if (errno == ETIMEDOUT) + if (!done) { - HDEBUG(D_verify) debug_printf("SMTP timeout\n"); - send_quit = FALSE; - } - else if (errno == 0) - { - if (*responsebuffer == 0) Ustrcpy(responsebuffer, US"connection dropped"); + if (errno == ETIMEDOUT) + { + HDEBUG(D_verify) debug_printf("SMTP timeout\n"); + send_quit = FALSE; + } + else if (errno == 0) + { + if (*responsebuffer == 0) Ustrcpy(responsebuffer, US"connection dropped"); - addr->message = - string_sprintf("response to \"%s\" from %s [%s] was: %s", - big_buffer, host->name, host->address, - string_printing(responsebuffer)); + addr->message = + string_sprintf("response to \"%s\" from %s [%s] was: %s", + big_buffer, host->name, host->address, + string_printing(responsebuffer)); - addr->user_message = is_recipient? - string_sprintf("Callout verification failed:\n%s", responsebuffer) - : - string_sprintf("Called: %s\nSent: %s\nResponse: %s", - host->address, big_buffer, responsebuffer); + addr->user_message = is_recipient? + string_sprintf("Callout verification failed:\n%s", responsebuffer) + : + string_sprintf("Called: %s\nSent: %s\nResponse: %s", + host->address, big_buffer, responsebuffer); - /* Hard rejection ends the process */ + /* Hard rejection ends the process */ - if (responsebuffer[0] == '5') /* Address rejected */ - { - yield = FAIL; - done = TRUE; + if (responsebuffer[0] == '5') /* Address rejected */ + { + yield = FAIL; + done = TRUE; + } } } - } - /* End the SMTP conversation and close the connection. */ - - /* Cutthrough - on a successfull connect and recipient-verify with use-sender - and we have no cutthrough conn so far - here is where we want to leave the conn open */ - if ( cutthrough_delivery - && done - && yield == OK - && (options & (vopt_callout_recipsender|vopt_callout_recippmaster)) == vopt_callout_recipsender - && !random_local_part - && !pm_mailfrom - && cutthrough_fd < 0 - ) - { - cutthrough_fd= outblock.sock; /* We assume no buffer in use in the outblock */ - cutthrough_addr = *addr; /* Save the address_item for later logging */ - cutthrough_addr.host_used = store_get(sizeof(host_item)); - cutthrough_addr.host_used->name = host->name; - cutthrough_addr.host_used->address = host->address; - cutthrough_addr.host_used->port = port; - if (addr->parent) - *(cutthrough_addr.parent = store_get(sizeof(address_item)))= *addr->parent; - ctblock.buffer = ctbuffer; - ctblock.buffersize = sizeof(ctbuffer); - ctblock.ptr = ctbuffer; - /* ctblock.cmd_count = 0; ctblock.authenticating = FALSE; */ - ctblock.sock = cutthrough_fd; - } - else - { - if (options & vopt_callout_recipsender) - cancel_cutthrough_connection(); /* Ensure no cutthrough on multiple address verifies */ - if (send_quit) (void)smtp_write_command(&outblock, FALSE, "QUIT\r\n"); + /* End the SMTP conversation and close the connection. */ + + /* Cutthrough - on a successfull connect and recipient-verify with use-sender + and we have no cutthrough conn so far + here is where we want to leave the conn open */ + if ( cutthrough_delivery + && done + && yield == OK + && (options & (vopt_callout_recipsender|vopt_callout_recippmaster)) == vopt_callout_recipsender + && !random_local_part + && !pm_mailfrom + && cutthrough_fd < 0 + ) + { + cutthrough_fd= outblock.sock; /* We assume no buffer in use in the outblock */ + cutthrough_addr = *addr; /* Save the address_item for later logging */ + cutthrough_addr.host_used = store_get(sizeof(host_item)); + cutthrough_addr.host_used->name = host->name; + cutthrough_addr.host_used->address = host->address; + cutthrough_addr.host_used->port = port; + if (addr->parent) + *(cutthrough_addr.parent = store_get(sizeof(address_item)))= *addr->parent; + ctblock.buffer = ctbuffer; + ctblock.buffersize = sizeof(ctbuffer); + ctblock.ptr = ctbuffer; + /* ctblock.cmd_count = 0; ctblock.authenticating = FALSE; */ + ctblock.sock = cutthrough_fd; + } + else + { + if (options & vopt_callout_recipsender) + cancel_cutthrough_connection(); /* Ensure no cutthrough on multiple address verifies */ + if (send_quit) (void)smtp_write_command(&outblock, FALSE, "QUIT\r\n"); - #ifdef SUPPORT_TLS - tls_close(FALSE, TRUE); - #endif - (void)close(inblock.sock); - } + #ifdef SUPPORT_TLS + tls_close(FALSE, TRUE); + #endif + (void)close(inblock.sock); + } - } /* Loop through all hosts, while !done */ + } /* Loop through all hosts, while !done */ + } /* If we get here with done == TRUE, a successful callout happened, and yield will be set OK or FAIL according to the response to the RCPT command. |