From 9094b84b4cce2eb862394b752eda93124d96d655 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Tue, 2 Feb 2016 21:49:02 +0000 Subject: Pass on SIZE to cutthrough connection --- src/src/daemon.c | 1 - src/src/exim.c | 1 + src/src/functions.h | 1 + src/src/macros.h | 11 +++ src/src/transports/smtp.c | 166 +++++++++++++++++++++++++++------------------- src/src/verify.c | 72 ++++++++++---------- 6 files changed, 148 insertions(+), 104 deletions(-) (limited to 'src') diff --git a/src/src/daemon.c b/src/src/daemon.c index 89a7a0183..b73f76fcf 100644 --- a/src/src/daemon.c +++ b/src/src/daemon.c @@ -1705,7 +1705,6 @@ else /* Do any work it might be useful to amortize over our children (eg: compile regex) */ -deliver_init(); dns_pattern_init(); #ifdef WITH_CONTENT_SCAN diff --git a/src/src/exim.c b/src/src/exim.c index ede4e0b8d..81db2c2c8 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -4600,6 +4600,7 @@ if (list_config) #ifndef DISABLE_DKIM dkim_exim_init(); #endif +deliver_init(); /* Handle a request to deliver one or more messages that are already on the diff --git a/src/src/functions.h b/src/src/functions.h index 524f2cc00..63ea3f80a 100644 --- a/src/src/functions.h +++ b/src/src/functions.h @@ -170,6 +170,7 @@ extern BOOL enq_start(uschar *, unsigned); extern uschar *event_raise(uschar *, const uschar *, uschar *); extern void msg_event_raise(const uschar *, const address_item *); #endif +extern uschar ehlo_response(uschar *, size_t, uschar); extern const uschar * exim_errstr(int); extern void exim_exit(int); extern void exim_nullstd(void); diff --git a/src/src/macros.h b/src/src/macros.h index 89dee87c9..275458b8f 100644 --- a/src/src/macros.h +++ b/src/src/macros.h @@ -942,4 +942,15 @@ explicit port number. */ enum { FILTER_UNSET, FILTER_FORWARD, FILTER_EXIM, FILTER_SIEVE }; +/* Codes for ESMTP facilities offered by peer */ + +#define PEER_OFFERED_TLS BIT(0) +#define PEER_OFFERED_IGNQ BIT(1) +#define PEER_OFFERED_PRDR BIT(2) +#define PEER_OFFERED_UTF8 BIT(3) +#define PEER_OFFERED_DSN BIT(4) +#define PEER_OFFERED_PIPE BIT(5) +#define PEER_OFFERED_SIZE BIT(6) + + /* End of macros.h */ diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c index 7bf11b830..dec52d047 100644 --- a/src/src/transports/smtp.c +++ b/src/src/transports/smtp.c @@ -1330,6 +1330,49 @@ return Ustrcmp(current_local_identity, message_local_identity) == 0; +uschar +ehlo_response(uschar * buf, size_t bsize, uschar checks) +{ +#ifdef SUPPORT_TLS +if (checks & PEER_OFFERED_TLS) + if (pcre_exec(regex_STARTTLS, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0) + checks &= ~PEER_OFFERED_TLS; +#endif + + if ( checks & PEER_OFFERED_IGNQ + && pcre_exec(regex_IGNOREQUOTA, NULL, CS buf, bsize, 0, + PCRE_EOPT, NULL, 0) < 0) + checks &= ~PEER_OFFERED_IGNQ; + +#ifndef DISABLE_PRDR + if ( checks & PEER_OFFERED_PRDR + && pcre_exec(regex_PRDR, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0) + checks &= ~PEER_OFFERED_PRDR; +#endif + +#ifdef SUPPORT_I18N + if ( checks & PEER_OFFERED_UTF8 + && pcre_exec(regex_UTF8, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0) + checks &= ~PEER_OFFERED_UTF8; +#endif + + if ( checks & PEER_OFFERED_DSN + && pcre_exec(regex_DSN, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0) + checks &= ~PEER_OFFERED_DSN; + + if ( checks & PEER_OFFERED_PIPE + && pcre_exec(regex_PIPELINING, NULL, CS buf, bsize, 0, + PCRE_EOPT, NULL, 0) < 0) + checks &= ~PEER_OFFERED_PIPE; + + if ( checks & PEER_OFFERED_SIZE + && pcre_exec(regex_SIZE, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0) + checks &= ~PEER_OFFERED_SIZE; + +return checks; +} + + /************************************************* * Deliver address list to given host * *************************************************/ @@ -1399,13 +1442,12 @@ BOOL completed_address = FALSE; BOOL esmtp = TRUE; BOOL pending_MAIL; BOOL pass_message = FALSE; +uschar peer_offered = 0; /*XXX should this be handed on cf. tls_offered, smtp_use_dsn ? */ #ifndef DISABLE_PRDR -BOOL prdr_offered = FALSE; BOOL prdr_active; #endif #ifdef SUPPORT_I18N BOOL utf8_needed = FALSE; -BOOL utf8_offered = FALSE; #endif BOOL dsn_all_lasthop = TRUE; #if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_DANE) @@ -1684,43 +1726,21 @@ goto SEND_QUIT; if (!good_response) goto RESPONSE_FAILED; } - /* Set IGNOREQUOTA if the response to LHLO specifies support and the - lmtp_ignore_quota option was set. */ - - igquotstr = (lmtp && ob->lmtp_ignore_quota && - pcre_exec(regex_IGNOREQUOTA, NULL, CS buffer, Ustrlen(CS buffer), 0, - PCRE_EOPT, NULL, 0) >= 0)? US" IGNOREQUOTA" : US""; + if (esmtp || lmtp) + peer_offered = ehlo_response(buffer, Ustrlen(buffer), + PEER_OFFERED_TLS + | 0 /* IGNQ checked later */ + | 0 /* PRDR checked later */ + | 0 /* UTF8 checked later */ + | 0 /* DSN checked later */ + | 0 /* PIPE checked later */ + | 0 /* SIZE checked later */ + ); /* Set tls_offered if the response to EHLO specifies support for STARTTLS. */ #ifdef SUPPORT_TLS - tls_offered = esmtp && - pcre_exec(regex_STARTTLS, NULL, CS buffer, Ustrlen(buffer), 0, - PCRE_EOPT, NULL, 0) >= 0; -#endif - -#ifndef DISABLE_PRDR - prdr_offered = esmtp - && pcre_exec(regex_PRDR, NULL, CS buffer, Ustrlen(buffer), 0, - PCRE_EOPT, NULL, 0) >= 0 - && verify_check_given_host(&ob->hosts_try_prdr, host) == OK; - - if (prdr_offered) - {DEBUG(D_transport) debug_printf("PRDR usable\n");} -#endif - -#ifdef SUPPORT_I18N - if (addrlist->prop.utf8_msg) - { - utf8_needed = !addrlist->prop.utf8_downcvt - && !addrlist->prop.utf8_downcvt_maybe; - DEBUG(D_transport) if (!utf8_needed) debug_printf("utf8: %s downconvert\n", - addrlist->prop.utf8_downcvt ? "mandatory" : "optional"); - - utf8_offered = esmtp - && pcre_exec(regex_UTF8, NULL, CS buffer, Ustrlen(buffer), 0, - PCRE_EOPT, NULL, 0) >= 0; - } + tls_offered = !!(peer_offered & PEER_OFFERED_TLS); #endif } @@ -1914,54 +1934,53 @@ if (continue_hostname == NULL #endif ) { + if (esmtp || lmtp) + peer_offered = ehlo_response(buffer, Ustrlen(buffer), + 0 /* no TLS */ + | (lmtp && ob->lmtp_ignore_quota ? PEER_OFFERED_IGNQ : 0) + | PEER_OFFERED_PRDR +#ifdef SUPPORT_I18N + | (addrlist->prop.utf8_msg ? PEER_OFFERED_UTF8 : 0) + /*XXX if we hand peercaps on to continued-conn processes, + must not depend on this addr */ +#endif + | PEER_OFFERED_DSN + | PEER_OFFERED_PIPE + | (ob->size_addition >= 0 ? PEER_OFFERED_SIZE : 0) + ); + /* Set for IGNOREQUOTA if the response to LHLO specifies support and the lmtp_ignore_quota option was set. */ - igquotstr = (lmtp && ob->lmtp_ignore_quota && - pcre_exec(regex_IGNOREQUOTA, NULL, CS buffer, Ustrlen(CS buffer), 0, - PCRE_EOPT, NULL, 0) >= 0)? US" IGNOREQUOTA" : US""; + igquotstr = peer_offered & PEER_OFFERED_IGNQ ? US" IGNOREQUOTA" : US""; /* If the response to EHLO specified support for the SIZE parameter, note this, provided size_addition is non-negative. */ - smtp_use_size = esmtp && ob->size_addition >= 0 && - pcre_exec(regex_SIZE, NULL, CS buffer, Ustrlen(CS buffer), 0, - PCRE_EOPT, NULL, 0) >= 0; + smtp_use_size = !!(peer_offered & PEER_OFFERED_SIZE); /* Note whether the server supports PIPELINING. If hosts_avoid_esmtp matched the current host, esmtp will be false, so PIPELINING can never be used. If the current host matches hosts_avoid_pipelining, don't do it. */ - smtp_use_pipelining = esmtp - && verify_check_given_host(&ob->hosts_avoid_pipelining, host) != OK - && pcre_exec(regex_PIPELINING, NULL, CS buffer, Ustrlen(CS buffer), 0, - PCRE_EOPT, NULL, 0) >= 0; + smtp_use_pipelining = peer_offered & PEER_OFFERED_PIPE + && verify_check_given_host(&ob->hosts_avoid_pipelining, host) != OK; DEBUG(D_transport) debug_printf("%susing PIPELINING\n", - smtp_use_pipelining? "" : "not "); + smtp_use_pipelining ? "" : "not "); #ifndef DISABLE_PRDR - prdr_offered = esmtp - && pcre_exec(regex_PRDR, NULL, CS buffer, Ustrlen(CS buffer), 0, - PCRE_EOPT, NULL, 0) >= 0 - && verify_check_given_host(&ob->hosts_try_prdr, host) == OK; + if ( peer_offered & PEER_OFFERED_PRDR + && verify_check_given_host(&ob->hosts_try_prdr, host) != OK) + peer_offered &= ~PEER_OFFERED_PRDR; - if (prdr_offered) + if (peer_offered & PEER_OFFERED_PRDR) {DEBUG(D_transport) debug_printf("PRDR usable\n");} #endif -#ifdef SUPPORT_I18N - if (addrlist->prop.utf8_msg) - utf8_offered = esmtp - && pcre_exec(regex_UTF8, NULL, CS buffer, Ustrlen(buffer), 0, - PCRE_EOPT, NULL, 0) >= 0; -#endif - /* Note if the server supports DSN */ - smtp_use_dsn = esmtp - && pcre_exec(regex_DSN, NULL, CS buffer, Ustrlen(CS buffer), 0, - PCRE_EOPT, NULL, 0) >= 0; - DEBUG(D_transport) debug_printf("use_dsn=%d\n", smtp_use_dsn); + smtp_use_dsn = !!(peer_offered & PEER_OFFERED_DSN); + DEBUG(D_transport) debug_printf("%susing DSN\n", smtp_use_dsn ? "" : "not "); /* Note if the response to EHLO specifies support for the AUTH extension. If it has, check that this host is one we want to authenticate to, and do @@ -1984,8 +2003,16 @@ message-specific. */ setting_up = FALSE; #ifdef SUPPORT_I18N +if (addrlist->prop.utf8_msg) + { + utf8_needed = !addrlist->prop.utf8_downcvt + && !addrlist->prop.utf8_downcvt_maybe; + DEBUG(D_transport) if (!utf8_needed) debug_printf("utf8: %s downconvert\n", + addrlist->prop.utf8_downcvt ? "mandatory" : "optional"); + } + /* If this is an international message we need the host to speak SMTPUTF8 */ -if (utf8_needed && !utf8_offered) +if (utf8_needed && !(peer_offered & PEER_OFFERED_UTF8)) { errno = ERRNO_UTF8_FWD; goto RESPONSE_FAILED; @@ -2051,8 +2078,7 @@ if (smtp_use_size) #ifndef DISABLE_PRDR prdr_active = FALSE; -if (prdr_offered) - { +if (peer_offered & PEER_OFFERED_PRDR) for (addr = first_addr; addr; addr = addr->next) if (addr->transport_return == PENDING_DEFER) { @@ -2065,11 +2091,13 @@ if (prdr_offered) } break; } - } #endif #ifdef SUPPORT_I18N -if (addrlist->prop.utf8_msg && !addrlist->prop.utf8_downcvt && utf8_offered) +if ( addrlist->prop.utf8_msg + && !addrlist->prop.utf8_downcvt + && peer_offered & PEER_OFFERED_UTF8 + ) sprintf(CS p, " SMTPUTF8"), p += 9; #endif @@ -2135,7 +2163,9 @@ pending_MAIL = TRUE; /* The block starts with MAIL */ for the to-addresses (done below), and also (ugly) for re-doing when building the delivery log line. */ - if (addrlist->prop.utf8_msg && (addrlist->prop.utf8_downcvt || !utf8_offered)) + if ( addrlist->prop.utf8_msg + && (addrlist->prop.utf8_downcvt || !(peer_offered & PEER_OFFERED_UTF8)) + ) { if (s = string_address_utf8_to_alabel(return_path, &errstr), errstr) { diff --git a/src/src/verify.c b/src/src/verify.c index 2634e7552..f64057fd1 100644 --- a/src/src/verify.c +++ b/src/src/verify.c @@ -174,9 +174,7 @@ dbdata_callout_cache new_domain_record; dbdata_callout_cache_address new_address_record; host_item *host; time_t callout_start_time; -#ifdef SUPPORT_I18N -BOOL utf8_offered = FALSE; -#endif +uschar peer_offered = 0; new_domain_record.result = ccache_unknown; new_domain_record.postmaster_result = ccache_unknown; @@ -542,6 +540,7 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. uschar inbuffer[4096]; uschar outbuffer[1024]; uschar responsebuffer[4096]; + uschar * size_str; clearflag(addr, af_verify_pmfail); /* postmaster callout flag */ clearflag(addr, af_verify_nsfail); /* null sender callout flag */ @@ -711,7 +710,7 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. #ifdef SUPPORT_TLS if (smtps && tls_out.active < 0) /* ssl-on-connect, first pass */ { - tls_offered = TRUE; + peer_offered &= ~PEER_OFFERED_TLS; ob->tls_tempfail_tryclear = FALSE; } else /* all other cases */ @@ -730,27 +729,40 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. goto RESPONSE_FAILED; } #ifdef SUPPORT_TLS - tls_offered = FALSE; + peer_offered &= ~PEER_OFFERED_TLS; #endif esmtp = FALSE; goto esmtp_retry; /* fallback to HELO */ } /* Set tls_offered if the response to EHLO specifies support for STARTTLS. */ -#ifdef SUPPORT_TLS - if (esmtp && !suppress_tls && tls_out.active < 0) - { - if (regex_STARTTLS == NULL) regex_STARTTLS = - regex_must_compile(US"\\n250[\\s\\-]STARTTLS(\\s|\\n|$)", FALSE, TRUE); - tls_offered = pcre_exec(regex_STARTTLS, NULL, CS responsebuffer, - Ustrlen(responsebuffer), 0, PCRE_EOPT, NULL, 0) >= 0; - } - else - tls_offered = FALSE; + peer_offered = esmtp + ? ehlo_response(responsebuffer, sizeof(responsebuffer), + (!suppress_tls && tls_out.active < 0 ? PEER_OFFERED_TLS : 0) + | 0 /* no IGNQ */ + | 0 /* no PRDR */ +#ifdef SUPPORT_I18N + | (addr->prop.utf8_msg && !addr->prop.utf8_downcvt + ? PEER_OFFERED_UTF8 : 0) #endif + | 0 /* no DSN */ + | 0 /* no PIPE */ + + /* only care about SIZE if we have size from inbound */ + | (message_size > 0 && ob->size_addition >= 0 + ? PEER_OFFERED_SIZE : 0) + ) + : 0; } + size_str = peer_offered & PEER_OFFERED_SIZE + ? string_sprintf(" SIZE=%d", message_size + ob->size_addition) : US""; + +#ifdef SUPPORT_TLS + tls_offered = !!(peer_offered & PEER_OFFERED_TLS); +#endif + /* If TLS is available on this connection attempt to start up a TLS session, unless the host is in hosts_avoid_tls. If successful, send another EHLO - the server may give a different answer in secure mode. We @@ -760,7 +772,7 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. for error analysis. */ #ifdef SUPPORT_TLS - if ( tls_offered + if ( peer_offered & PEER_OFFERED_TLS && verify_check_given_host(&ob->hosts_avoid_tls, host) != OK && verify_check_given_host(&ob->hosts_verify_avoid_tls, host) != OK ) @@ -875,8 +887,9 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. log_write(0, LOG_MAIN, "H=%s [%s]: a TLS session is required for this host, but %s", host->name, host->address, - tls_offered ? "an attempt to start TLS failed" - : "the server did not offer TLS support"); + peer_offered & PEER_OFFERED_TLS + ? "an attempt to start TLS failed" + : "the server did not offer TLS support"); done= FALSE; goto TLS_FAILED; } @@ -885,8 +898,6 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. done = TRUE; /* so far so good; have response to HELO */ - /*XXX the EHLO response would be analyzed here for IGNOREQUOTA, SIZE, PIPELINING */ - /* For now, transport_filter by cutthrough-delivery is not supported */ /* Need proper integration with the proper transport mechanism. */ if (cutthrough.delivery) @@ -927,17 +938,8 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. #ifdef SUPPORT_I18N else if ( addr->prop.utf8_msg && !addr->prop.utf8_downcvt - && !( esmtp - && ( regex_UTF8 - || ( (regex_UTF8 = regex_must_compile( - US"\\n250[\\s\\-]SMTPUTF8(\\s|\\n|$)", FALSE, TRUE)), - TRUE - ) ) - && ( (utf8_offered = pcre_exec(regex_UTF8, NULL, - CS responsebuffer, Ustrlen(responsebuffer), - 0, PCRE_EOPT, NULL, 0) >= 0) - || addr->prop.utf8_downcvt_maybe - ) ) ) + && !(peer_offered & PEER_OFFERED_UTF8) + ) { HDEBUG(D_acl|D_v) debug_printf("utf8 required but not offered\n"); errno = ERRNO_UTF8_FWD; @@ -945,7 +947,7 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. done = FALSE; } else if ( addr->prop.utf8_msg - && (addr->prop.utf8_downcvt || !utf8_offered) + && (addr->prop.utf8_downcvt || !(peer_offered & PEER_OFFERED_UTF8)) && (setflag(addr, af_utf8_downcvt), from_address = string_address_utf8_to_alabel(from_address, &addr->message), @@ -978,11 +980,11 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. (smtp_write_command(&outblock, FALSE, #ifdef SUPPORT_I18N addr->prop.utf8_msg && !addr->prop.utf8_downcvt - ? "MAIL FROM:<%s>%s SMTPUTF8\r\n" + ? "MAIL FROM:<%s>%s%s SMTPUTF8\r\n" : #endif - "MAIL FROM:<%s>%s\r\n", - from_address, responsebuffer) >= 0) + "MAIL FROM:<%s>%s%s\r\n", + from_address, responsebuffer, size_str) >= 0) ) && smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), -- cgit v1.2.3