summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2016-02-02 21:49:02 +0000
committerJeremy Harris <jgh146exb@wizmail.org>2016-04-06 21:22:58 +0100
commit9094b84b4cce2eb862394b752eda93124d96d655 (patch)
tree038d3a2cc415482173153a3fb2626157743fd82f /src
parent8d042305ef14df8cabcf7ae33767d019741dd59f (diff)
Pass on SIZE to cutthrough connection
Diffstat (limited to 'src')
-rw-r--r--src/src/daemon.c1
-rw-r--r--src/src/exim.c1
-rw-r--r--src/src/functions.h1
-rw-r--r--src/src/macros.h11
-rw-r--r--src/src/transports/smtp.c166
-rw-r--r--src/src/verify.c72
6 files changed, 148 insertions, 104 deletions
diff --git a/src/src/daemon.c b/src/src/daemon.c
index 89a7a0183..b73f76fcf 100644
--- a/src/src/daemon.c
+++ b/src/src/daemon.c
@@ -1705,7 +1705,6 @@ else
/* Do any work it might be useful to amortize over our children
(eg: compile regex) */
-deliver_init();
dns_pattern_init();
#ifdef WITH_CONTENT_SCAN
diff --git a/src/src/exim.c b/src/src/exim.c
index ede4e0b8d..81db2c2c8 100644
--- a/src/src/exim.c
+++ b/src/src/exim.c
@@ -4600,6 +4600,7 @@ if (list_config)
#ifndef DISABLE_DKIM
dkim_exim_init();
#endif
+deliver_init();
/* Handle a request to deliver one or more messages that are already on the
diff --git a/src/src/functions.h b/src/src/functions.h
index 524f2cc00..63ea3f80a 100644
--- a/src/src/functions.h
+++ b/src/src/functions.h
@@ -170,6 +170,7 @@ extern BOOL enq_start(uschar *, unsigned);
extern uschar *event_raise(uschar *, const uschar *, uschar *);
extern void msg_event_raise(const uschar *, const address_item *);
#endif
+extern uschar ehlo_response(uschar *, size_t, uschar);
extern const uschar * exim_errstr(int);
extern void exim_exit(int);
extern void exim_nullstd(void);
diff --git a/src/src/macros.h b/src/src/macros.h
index 89dee87c9..275458b8f 100644
--- a/src/src/macros.h
+++ b/src/src/macros.h
@@ -942,4 +942,15 @@ explicit port number. */
enum { FILTER_UNSET, FILTER_FORWARD, FILTER_EXIM, FILTER_SIEVE };
+/* Codes for ESMTP facilities offered by peer */
+
+#define PEER_OFFERED_TLS BIT(0)
+#define PEER_OFFERED_IGNQ BIT(1)
+#define PEER_OFFERED_PRDR BIT(2)
+#define PEER_OFFERED_UTF8 BIT(3)
+#define PEER_OFFERED_DSN BIT(4)
+#define PEER_OFFERED_PIPE BIT(5)
+#define PEER_OFFERED_SIZE BIT(6)
+
+
/* End of macros.h */
diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c
index 7bf11b830..dec52d047 100644
--- a/src/src/transports/smtp.c
+++ b/src/src/transports/smtp.c
@@ -1330,6 +1330,49 @@ return Ustrcmp(current_local_identity, message_local_identity) == 0;
+uschar
+ehlo_response(uschar * buf, size_t bsize, uschar checks)
+{
+#ifdef SUPPORT_TLS
+if (checks & PEER_OFFERED_TLS)
+ if (pcre_exec(regex_STARTTLS, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
+ checks &= ~PEER_OFFERED_TLS;
+#endif
+
+ if ( checks & PEER_OFFERED_IGNQ
+ && pcre_exec(regex_IGNOREQUOTA, NULL, CS buf, bsize, 0,
+ PCRE_EOPT, NULL, 0) < 0)
+ checks &= ~PEER_OFFERED_IGNQ;
+
+#ifndef DISABLE_PRDR
+ if ( checks & PEER_OFFERED_PRDR
+ && pcre_exec(regex_PRDR, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
+ checks &= ~PEER_OFFERED_PRDR;
+#endif
+
+#ifdef SUPPORT_I18N
+ if ( checks & PEER_OFFERED_UTF8
+ && pcre_exec(regex_UTF8, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
+ checks &= ~PEER_OFFERED_UTF8;
+#endif
+
+ if ( checks & PEER_OFFERED_DSN
+ && pcre_exec(regex_DSN, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
+ checks &= ~PEER_OFFERED_DSN;
+
+ if ( checks & PEER_OFFERED_PIPE
+ && pcre_exec(regex_PIPELINING, NULL, CS buf, bsize, 0,
+ PCRE_EOPT, NULL, 0) < 0)
+ checks &= ~PEER_OFFERED_PIPE;
+
+ if ( checks & PEER_OFFERED_SIZE
+ && pcre_exec(regex_SIZE, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
+ checks &= ~PEER_OFFERED_SIZE;
+
+return checks;
+}
+
+
/*************************************************
* Deliver address list to given host *
*************************************************/
@@ -1399,13 +1442,12 @@ BOOL completed_address = FALSE;
BOOL esmtp = TRUE;
BOOL pending_MAIL;
BOOL pass_message = FALSE;
+uschar peer_offered = 0; /*XXX should this be handed on cf. tls_offered, smtp_use_dsn ? */
#ifndef DISABLE_PRDR
-BOOL prdr_offered = FALSE;
BOOL prdr_active;
#endif
#ifdef SUPPORT_I18N
BOOL utf8_needed = FALSE;
-BOOL utf8_offered = FALSE;
#endif
BOOL dsn_all_lasthop = TRUE;
#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_DANE)
@@ -1684,43 +1726,21 @@ goto SEND_QUIT;
if (!good_response) goto RESPONSE_FAILED;
}
- /* Set IGNOREQUOTA if the response to LHLO specifies support and the
- lmtp_ignore_quota option was set. */
-
- igquotstr = (lmtp && ob->lmtp_ignore_quota &&
- pcre_exec(regex_IGNOREQUOTA, NULL, CS buffer, Ustrlen(CS buffer), 0,
- PCRE_EOPT, NULL, 0) >= 0)? US" IGNOREQUOTA" : US"";
+ if (esmtp || lmtp)
+ peer_offered = ehlo_response(buffer, Ustrlen(buffer),
+ PEER_OFFERED_TLS
+ | 0 /* IGNQ checked later */
+ | 0 /* PRDR checked later */
+ | 0 /* UTF8 checked later */
+ | 0 /* DSN checked later */
+ | 0 /* PIPE checked later */
+ | 0 /* SIZE checked later */
+ );
/* Set tls_offered if the response to EHLO specifies support for STARTTLS. */
#ifdef SUPPORT_TLS
- tls_offered = esmtp &&
- pcre_exec(regex_STARTTLS, NULL, CS buffer, Ustrlen(buffer), 0,
- PCRE_EOPT, NULL, 0) >= 0;
-#endif
-
-#ifndef DISABLE_PRDR
- prdr_offered = esmtp
- && pcre_exec(regex_PRDR, NULL, CS buffer, Ustrlen(buffer), 0,
- PCRE_EOPT, NULL, 0) >= 0
- && verify_check_given_host(&ob->hosts_try_prdr, host) == OK;
-
- if (prdr_offered)
- {DEBUG(D_transport) debug_printf("PRDR usable\n");}
-#endif
-
-#ifdef SUPPORT_I18N
- if (addrlist->prop.utf8_msg)
- {
- utf8_needed = !addrlist->prop.utf8_downcvt
- && !addrlist->prop.utf8_downcvt_maybe;
- DEBUG(D_transport) if (!utf8_needed) debug_printf("utf8: %s downconvert\n",
- addrlist->prop.utf8_downcvt ? "mandatory" : "optional");
-
- utf8_offered = esmtp
- && pcre_exec(regex_UTF8, NULL, CS buffer, Ustrlen(buffer), 0,
- PCRE_EOPT, NULL, 0) >= 0;
- }
+ tls_offered = !!(peer_offered & PEER_OFFERED_TLS);
#endif
}
@@ -1914,54 +1934,53 @@ if (continue_hostname == NULL
#endif
)
{
+ if (esmtp || lmtp)
+ peer_offered = ehlo_response(buffer, Ustrlen(buffer),
+ 0 /* no TLS */
+ | (lmtp && ob->lmtp_ignore_quota ? PEER_OFFERED_IGNQ : 0)
+ | PEER_OFFERED_PRDR
+#ifdef SUPPORT_I18N
+ | (addrlist->prop.utf8_msg ? PEER_OFFERED_UTF8 : 0)
+ /*XXX if we hand peercaps on to continued-conn processes,
+ must not depend on this addr */
+#endif
+ | PEER_OFFERED_DSN
+ | PEER_OFFERED_PIPE
+ | (ob->size_addition >= 0 ? PEER_OFFERED_SIZE : 0)
+ );
+
/* Set for IGNOREQUOTA if the response to LHLO specifies support and the
lmtp_ignore_quota option was set. */
- igquotstr = (lmtp && ob->lmtp_ignore_quota &&
- pcre_exec(regex_IGNOREQUOTA, NULL, CS buffer, Ustrlen(CS buffer), 0,
- PCRE_EOPT, NULL, 0) >= 0)? US" IGNOREQUOTA" : US"";
+ igquotstr = peer_offered & PEER_OFFERED_IGNQ ? US" IGNOREQUOTA" : US"";
/* If the response to EHLO specified support for the SIZE parameter, note
this, provided size_addition is non-negative. */
- smtp_use_size = esmtp && ob->size_addition >= 0 &&
- pcre_exec(regex_SIZE, NULL, CS buffer, Ustrlen(CS buffer), 0,
- PCRE_EOPT, NULL, 0) >= 0;
+ smtp_use_size = !!(peer_offered & PEER_OFFERED_SIZE);
/* Note whether the server supports PIPELINING. If hosts_avoid_esmtp matched
the current host, esmtp will be false, so PIPELINING can never be used. If
the current host matches hosts_avoid_pipelining, don't do it. */
- smtp_use_pipelining = esmtp
- && verify_check_given_host(&ob->hosts_avoid_pipelining, host) != OK
- && pcre_exec(regex_PIPELINING, NULL, CS buffer, Ustrlen(CS buffer), 0,
- PCRE_EOPT, NULL, 0) >= 0;
+ smtp_use_pipelining = peer_offered & PEER_OFFERED_PIPE
+ && verify_check_given_host(&ob->hosts_avoid_pipelining, host) != OK;
DEBUG(D_transport) debug_printf("%susing PIPELINING\n",
- smtp_use_pipelining? "" : "not ");
+ smtp_use_pipelining ? "" : "not ");
#ifndef DISABLE_PRDR
- prdr_offered = esmtp
- && pcre_exec(regex_PRDR, NULL, CS buffer, Ustrlen(CS buffer), 0,
- PCRE_EOPT, NULL, 0) >= 0
- && verify_check_given_host(&ob->hosts_try_prdr, host) == OK;
+ if ( peer_offered & PEER_OFFERED_PRDR
+ && verify_check_given_host(&ob->hosts_try_prdr, host) != OK)
+ peer_offered &= ~PEER_OFFERED_PRDR;
- if (prdr_offered)
+ if (peer_offered & PEER_OFFERED_PRDR)
{DEBUG(D_transport) debug_printf("PRDR usable\n");}
#endif
-#ifdef SUPPORT_I18N
- if (addrlist->prop.utf8_msg)
- utf8_offered = esmtp
- && pcre_exec(regex_UTF8, NULL, CS buffer, Ustrlen(buffer), 0,
- PCRE_EOPT, NULL, 0) >= 0;
-#endif
-
/* Note if the server supports DSN */
- smtp_use_dsn = esmtp
- && pcre_exec(regex_DSN, NULL, CS buffer, Ustrlen(CS buffer), 0,
- PCRE_EOPT, NULL, 0) >= 0;
- DEBUG(D_transport) debug_printf("use_dsn=%d\n", smtp_use_dsn);
+ smtp_use_dsn = !!(peer_offered & PEER_OFFERED_DSN);
+ DEBUG(D_transport) debug_printf("%susing DSN\n", smtp_use_dsn ? "" : "not ");
/* Note if the response to EHLO specifies support for the AUTH extension.
If it has, check that this host is one we want to authenticate to, and do
@@ -1984,8 +2003,16 @@ message-specific. */
setting_up = FALSE;
#ifdef SUPPORT_I18N
+if (addrlist->prop.utf8_msg)
+ {
+ utf8_needed = !addrlist->prop.utf8_downcvt
+ && !addrlist->prop.utf8_downcvt_maybe;
+ DEBUG(D_transport) if (!utf8_needed) debug_printf("utf8: %s downconvert\n",
+ addrlist->prop.utf8_downcvt ? "mandatory" : "optional");
+ }
+
/* If this is an international message we need the host to speak SMTPUTF8 */
-if (utf8_needed && !utf8_offered)
+if (utf8_needed && !(peer_offered & PEER_OFFERED_UTF8))
{
errno = ERRNO_UTF8_FWD;
goto RESPONSE_FAILED;
@@ -2051,8 +2078,7 @@ if (smtp_use_size)
#ifndef DISABLE_PRDR
prdr_active = FALSE;
-if (prdr_offered)
- {
+if (peer_offered & PEER_OFFERED_PRDR)
for (addr = first_addr; addr; addr = addr->next)
if (addr->transport_return == PENDING_DEFER)
{
@@ -2065,11 +2091,13 @@ if (prdr_offered)
}
break;
}
- }
#endif
#ifdef SUPPORT_I18N
-if (addrlist->prop.utf8_msg && !addrlist->prop.utf8_downcvt && utf8_offered)
+if ( addrlist->prop.utf8_msg
+ && !addrlist->prop.utf8_downcvt
+ && peer_offered & PEER_OFFERED_UTF8
+ )
sprintf(CS p, " SMTPUTF8"), p += 9;
#endif
@@ -2135,7 +2163,9 @@ pending_MAIL = TRUE; /* The block starts with MAIL */
for the to-addresses (done below), and also (ugly) for re-doing when building
the delivery log line. */
- if (addrlist->prop.utf8_msg && (addrlist->prop.utf8_downcvt || !utf8_offered))
+ if ( addrlist->prop.utf8_msg
+ && (addrlist->prop.utf8_downcvt || !(peer_offered & PEER_OFFERED_UTF8))
+ )
{
if (s = string_address_utf8_to_alabel(return_path, &errstr), errstr)
{
diff --git a/src/src/verify.c b/src/src/verify.c
index 2634e7552..f64057fd1 100644
--- a/src/src/verify.c
+++ b/src/src/verify.c
@@ -174,9 +174,7 @@ dbdata_callout_cache new_domain_record;
dbdata_callout_cache_address new_address_record;
host_item *host;
time_t callout_start_time;
-#ifdef SUPPORT_I18N
-BOOL utf8_offered = FALSE;
-#endif
+uschar peer_offered = 0;
new_domain_record.result = ccache_unknown;
new_domain_record.postmaster_result = ccache_unknown;
@@ -542,6 +540,7 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount.
uschar inbuffer[4096];
uschar outbuffer[1024];
uschar responsebuffer[4096];
+ uschar * size_str;
clearflag(addr, af_verify_pmfail); /* postmaster callout flag */
clearflag(addr, af_verify_nsfail); /* null sender callout flag */
@@ -711,7 +710,7 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount.
#ifdef SUPPORT_TLS
if (smtps && tls_out.active < 0) /* ssl-on-connect, first pass */
{
- tls_offered = TRUE;
+ peer_offered &= ~PEER_OFFERED_TLS;
ob->tls_tempfail_tryclear = FALSE;
}
else /* all other cases */
@@ -730,27 +729,40 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount.
goto RESPONSE_FAILED;
}
#ifdef SUPPORT_TLS
- tls_offered = FALSE;
+ peer_offered &= ~PEER_OFFERED_TLS;
#endif
esmtp = FALSE;
goto esmtp_retry; /* fallback to HELO */
}
/* Set tls_offered if the response to EHLO specifies support for STARTTLS. */
-#ifdef SUPPORT_TLS
- if (esmtp && !suppress_tls && tls_out.active < 0)
- {
- if (regex_STARTTLS == NULL) regex_STARTTLS =
- regex_must_compile(US"\\n250[\\s\\-]STARTTLS(\\s|\\n|$)", FALSE, TRUE);
- tls_offered = pcre_exec(regex_STARTTLS, NULL, CS responsebuffer,
- Ustrlen(responsebuffer), 0, PCRE_EOPT, NULL, 0) >= 0;
- }
- else
- tls_offered = FALSE;
+ peer_offered = esmtp
+ ? ehlo_response(responsebuffer, sizeof(responsebuffer),
+ (!suppress_tls && tls_out.active < 0 ? PEER_OFFERED_TLS : 0)
+ | 0 /* no IGNQ */
+ | 0 /* no PRDR */
+#ifdef SUPPORT_I18N
+ | (addr->prop.utf8_msg && !addr->prop.utf8_downcvt
+ ? PEER_OFFERED_UTF8 : 0)
#endif
+ | 0 /* no DSN */
+ | 0 /* no PIPE */
+
+ /* only care about SIZE if we have size from inbound */
+ | (message_size > 0 && ob->size_addition >= 0
+ ? PEER_OFFERED_SIZE : 0)
+ )
+ : 0;
}
+ size_str = peer_offered & PEER_OFFERED_SIZE
+ ? string_sprintf(" SIZE=%d", message_size + ob->size_addition) : US"";
+
+#ifdef SUPPORT_TLS
+ tls_offered = !!(peer_offered & PEER_OFFERED_TLS);
+#endif
+
/* If TLS is available on this connection attempt to
start up a TLS session, unless the host is in hosts_avoid_tls. If successful,
send another EHLO - the server may give a different answer in secure mode. We
@@ -760,7 +772,7 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount.
for error analysis. */
#ifdef SUPPORT_TLS
- if ( tls_offered
+ if ( peer_offered & PEER_OFFERED_TLS
&& verify_check_given_host(&ob->hosts_avoid_tls, host) != OK
&& verify_check_given_host(&ob->hosts_verify_avoid_tls, host) != OK
)
@@ -875,8 +887,9 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount.
log_write(0, LOG_MAIN,
"H=%s [%s]: a TLS session is required for this host, but %s",
host->name, host->address,
- tls_offered ? "an attempt to start TLS failed"
- : "the server did not offer TLS support");
+ peer_offered & PEER_OFFERED_TLS
+ ? "an attempt to start TLS failed"
+ : "the server did not offer TLS support");
done= FALSE;
goto TLS_FAILED;
}
@@ -885,8 +898,6 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount.
done = TRUE; /* so far so good; have response to HELO */
- /*XXX the EHLO response would be analyzed here for IGNOREQUOTA, SIZE, PIPELINING */
-
/* For now, transport_filter by cutthrough-delivery is not supported */
/* Need proper integration with the proper transport mechanism. */
if (cutthrough.delivery)
@@ -927,17 +938,8 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount.
#ifdef SUPPORT_I18N
else if ( addr->prop.utf8_msg
&& !addr->prop.utf8_downcvt
- && !( esmtp
- && ( regex_UTF8
- || ( (regex_UTF8 = regex_must_compile(
- US"\\n250[\\s\\-]SMTPUTF8(\\s|\\n|$)", FALSE, TRUE)),
- TRUE
- ) )
- && ( (utf8_offered = pcre_exec(regex_UTF8, NULL,
- CS responsebuffer, Ustrlen(responsebuffer),
- 0, PCRE_EOPT, NULL, 0) >= 0)
- || addr->prop.utf8_downcvt_maybe
- ) ) )
+ && !(peer_offered & PEER_OFFERED_UTF8)
+ )
{
HDEBUG(D_acl|D_v) debug_printf("utf8 required but not offered\n");
errno = ERRNO_UTF8_FWD;
@@ -945,7 +947,7 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount.
done = FALSE;
}
else if ( addr->prop.utf8_msg
- && (addr->prop.utf8_downcvt || !utf8_offered)
+ && (addr->prop.utf8_downcvt || !(peer_offered & PEER_OFFERED_UTF8))
&& (setflag(addr, af_utf8_downcvt),
from_address = string_address_utf8_to_alabel(from_address,
&addr->message),
@@ -978,11 +980,11 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount.
(smtp_write_command(&outblock, FALSE,
#ifdef SUPPORT_I18N
addr->prop.utf8_msg && !addr->prop.utf8_downcvt
- ? "MAIL FROM:<%s>%s SMTPUTF8\r\n"
+ ? "MAIL FROM:<%s>%s%s SMTPUTF8\r\n"
:
#endif
- "MAIL FROM:<%s>%s\r\n",
- from_address, responsebuffer) >= 0)
+ "MAIL FROM:<%s>%s%s\r\n",
+ from_address, responsebuffer, size_str) >= 0)
) &&
smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),