1 /* $NetBSD: smtp_connect.c,v 1.6 2025/02/25 19:15:49 christos Exp $ */
2
3 /*++
4 /* NAME
5 /* smtp_connect 3
6 /* SUMMARY
7 /* connect to SMTP/LMTP server and deliver
8 /* SYNOPSIS
9 /* #include "smtp.h"
10 /*
11 /* int smtp_connect(state)
12 /* SMTP_STATE *state;
13 /* DESCRIPTION
14 /* This module implements SMTP/LMTP connection management and controls
15 /* mail delivery.
16 /*
17 /* smtp_connect() attempts to establish an SMTP/LMTP session with a host
18 /* that represents the destination domain, or with an optional fallback
19 /* relay when {the destination cannot be found, or when all the
20 /* destination servers are unavailable}. It skips over IP addresses
21 /* that fail to complete the SMTP/LMTP handshake and tries to find
22 /* an alternate server when an SMTP/LMTP session fails to deliver.
23 /*
24 /* This layer also controls what connections are retrieved from
25 /* the connection cache, and what connections are saved to the cache.
26 /*
27 /* The destination is either a host (or domain) name or a numeric
28 /* address. Symbolic or numeric service port information may be
29 /* appended, separated by a colon (":"). In the case of LMTP,
30 /* destinations may be specified as "unix:pathname", "inet:host"
31 /* or "inet:host:port".
32 /*
33 /* With SMTP, or with SRV record lookup enabled, the Internet
34 /* domain name service is queried for mail
35 /* exchanger hosts. Quote the domain name with `[' and `]' to
36 /* suppress mail exchanger lookups.
37 /*
38 /* Numerical address information should always be quoted with `[]'.
39 /* DIAGNOSTICS
40 /* The delivery status is the result value.
41 /* SEE ALSO
42 /* smtp_proto(3) SMTP client protocol
43 /* LICENSE
44 /* .ad
45 /* .fi
46 /* The Secure Mailer license must be distributed with this software.
47 /* AUTHOR(S)
48 /* Wietse Venema
49 /* IBM T.J. Watson Research
50 /* P.O. Box 704
51 /* Yorktown Heights, NY 10598, USA
52 /*
53 /* Wietse Venema
54 /* Google, Inc.
55 /* 111 8th Avenue
56 /* New York, NY 10011, USA
57 /*
58 /* Connection caching in cooperation with:
59 /* Victor Duchovni
60 /* Morgan Stanley
61 /*--*/
62
63 /* System library. */
64
65 #include <sys_defs.h>
66 #include <stdlib.h>
67 #include <sys/socket.h>
68 #include <sys/un.h>
69 #include <netinet/in.h>
70 #include <arpa/inet.h>
71 #include <errno.h>
72 #include <netdb.h>
73 #include <stdlib.h>
74 #include <string.h>
75 #include <unistd.h>
76 #include <fcntl.h>
77 #include <ctype.h>
78
79 #ifndef IPPORT_SMTP
80 #define IPPORT_SMTP 25
81 #endif
82
83 /* Utility library. */
84
85 #include <msg.h>
86 #include <vstream.h>
87 #include <vstring.h>
88 #include <split_at.h>
89 #include <mymalloc.h>
90 #include <inet_addr_list.h>
91 #include <iostuff.h>
92 #include <timed_connect.h>
93 #include <stringops.h>
94 #include <host_port.h>
95 #include <sane_connect.h>
96 #include <myaddrinfo.h>
97 #include <sock_addr.h>
98 #include <inet_proto.h>
99 #include <known_tcp_ports.h>
100
101 /* Global library. */
102
103 #include <mail_params.h>
104 #include <own_inet_addr.h>
105 #include <deliver_pass.h>
106 #include <mail_error.h>
107 #include <dsn_buf.h>
108 #include <mail_addr.h>
109 #include <valid_hostname.h>
110 #include <sendopts.h>
111
112 /* DNS library. */
113
114 #include <dns.h>
115
116 /* Application-specific. */
117
118 #include <smtp.h>
119 #include <smtp_addr.h>
120 #include <smtp_reuse.h>
121
122 /*
123 * Forward declaration.
124 */
125 static SMTP_SESSION *smtp_connect_sock(int, struct sockaddr *, int,
126 SMTP_ITERATOR *, DSN_BUF *,
127 int);
128
129 /* smtp_connect_unix - connect to UNIX-domain address */
130
smtp_connect_unix(SMTP_ITERATOR * iter,DSN_BUF * why,int sess_flags)131 static SMTP_SESSION *smtp_connect_unix(SMTP_ITERATOR *iter, DSN_BUF *why,
132 int sess_flags)
133 {
134 const char *myname = "smtp_connect_unix";
135 struct sockaddr_un sock_un;
136 const char *addr = STR(iter->addr);
137 int len = strlen(addr);
138 int sock;
139
140 dsb_reset(why); /* Paranoia */
141
142 /*
143 * Sanity checks.
144 */
145 if (len >= (int) sizeof(sock_un.sun_path)) {
146 msg_warn("unix-domain name too long: %s", addr);
147 dsb_simple(why, "4.3.5", "Server configuration error");
148 return (0);
149 }
150
151 /*
152 * Initialize.
153 */
154 memset((void *) &sock_un, 0, sizeof(sock_un));
155 sock_un.sun_family = AF_UNIX;
156 #ifdef HAS_SUN_LEN
157 sock_un.sun_len = len + 1;
158 #endif
159 memcpy(sock_un.sun_path, addr, len + 1);
160
161 /*
162 * Create a client socket.
163 */
164 if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) < 0)
165 msg_fatal("%s: socket: %m", myname);
166
167 /*
168 * Connect to the server.
169 */
170 if (msg_verbose)
171 msg_info("%s: trying: %s...", myname, addr);
172
173 return (smtp_connect_sock(sock, (struct sockaddr *) &sock_un,
174 sizeof(sock_un), iter, why, sess_flags));
175 }
176
177 /* smtp_connect_addr - connect to explicit address */
178
smtp_connect_addr(SMTP_ITERATOR * iter,DSN_BUF * why,int sess_flags)179 static SMTP_SESSION *smtp_connect_addr(SMTP_ITERATOR *iter, DSN_BUF *why,
180 int sess_flags)
181 {
182 const char *myname = "smtp_connect_addr";
183 struct sockaddr_storage ss; /* remote */
184 struct sockaddr *sa = (struct sockaddr *) &ss;
185 SOCKADDR_SIZE salen = sizeof(ss);
186 MAI_HOSTADDR_STR hostaddr;
187 DNS_RR *addr = iter->rr;
188 unsigned port = iter->port;
189 int sock;
190 char *bind_addr;
191 char *bind_var;
192 char *saved_bind_addr = 0;
193 char *tail;
194
195 dsb_reset(why); /* Paranoia */
196
197 /*
198 * Sanity checks.
199 */
200 if (dns_rr_to_sa(addr, port, sa, &salen) != 0) {
201 msg_warn("%s: skip address type %s: %m",
202 myname, dns_strtype(addr->type));
203 dsb_simple(why, "4.4.0", "network address conversion failed: %m");
204 return (0);
205 }
206
207 /*
208 * Initialize.
209 */
210 if ((sock = socket(sa->sa_family, SOCK_STREAM, 0)) < 0)
211 msg_fatal("%s: socket: %m", myname);
212
213 #define RETURN_EARLY() do { \
214 if (saved_bind_addr) \
215 myfree(saved_bind_addr); \
216 (void) close(sock); \
217 return (0); \
218 } while (0)
219
220 if (inet_windowsize > 0)
221 set_inet_windowsize(sock, inet_windowsize);
222
223 /*
224 * Allow the sysadmin to specify the source address, for example, as "-o
225 * smtp_bind_address=x.x.x.x" in the master.cf file.
226 */
227 #ifdef HAS_IPV6
228 if (sa->sa_family == AF_INET6) {
229 bind_addr = var_smtp_bind_addr6;
230 bind_var = VAR_LMTP_SMTP(BIND_ADDR6);
231 } else
232 #endif
233 if (sa->sa_family == AF_INET) {
234 bind_addr = var_smtp_bind_addr;
235 bind_var = VAR_LMTP_SMTP(BIND_ADDR);
236 } else
237 bind_var = bind_addr = "";
238 if (*bind_addr) {
239 int aierr;
240 struct addrinfo *res0;
241
242 if (*bind_addr == '[') {
243 saved_bind_addr = mystrdup(bind_addr + 1);
244 if ((tail = split_at(saved_bind_addr, ']')) == 0 || *tail)
245 msg_fatal("%s: malformed %s parameter: %s",
246 myname, bind_var, bind_addr);
247 bind_addr = saved_bind_addr;
248 }
249 if ((aierr = hostaddr_to_sockaddr(bind_addr, (char *) 0, 0, &res0)) != 0)
250 msg_fatal("%s: bad %s parameter: %s: %s",
251 myname, bind_var, bind_addr, MAI_STRERROR(aierr));
252 if (bind(sock, res0->ai_addr, res0->ai_addrlen) < 0) {
253 msg_warn("%s: bind %s: %m", myname, bind_addr);
254 if (var_smtp_bind_addr_enforce) {
255 freeaddrinfo(res0);
256 dsb_simple(why, "4.4.0", "server configuration error");
257 RETURN_EARLY();
258 }
259 } else if (msg_verbose)
260 msg_info("%s: bind %s", myname, bind_addr);
261 if (saved_bind_addr)
262 myfree(saved_bind_addr);
263 freeaddrinfo(res0);
264 }
265
266 /*
267 * When running as a virtual host, bind to the virtual interface so that
268 * the mail appears to come from the "right" machine address.
269 *
270 * XXX The IPv6 patch expands the null host (as client endpoint) and uses
271 * the result as the loopback address list.
272 */
273 else {
274 int count = 0;
275 struct sockaddr *own_addr = 0;
276 INET_ADDR_LIST *addr_list = own_inet_addr_list();
277 struct sockaddr_storage *s;
278
279 for (s = addr_list->addrs; s < addr_list->addrs + addr_list->used; s++) {
280 if (SOCK_ADDR_FAMILY(s) == sa->sa_family) {
281 if (count++ > 0)
282 break;
283 own_addr = SOCK_ADDR_PTR(s);
284 }
285 }
286 if (count == 1 && !sock_addr_in_loopback(own_addr)) {
287 if (bind(sock, own_addr, SOCK_ADDR_LEN(own_addr)) < 0) {
288 SOCKADDR_TO_HOSTADDR(own_addr, SOCK_ADDR_LEN(own_addr),
289 &hostaddr, (MAI_SERVPORT_STR *) 0, 0);
290 msg_warn("%s: bind %s: %m", myname, hostaddr.buf);
291 } else if (msg_verbose) {
292 SOCKADDR_TO_HOSTADDR(own_addr, SOCK_ADDR_LEN(own_addr),
293 &hostaddr, (MAI_SERVPORT_STR *) 0, 0);
294 msg_info("%s: bind %s", myname, hostaddr.buf);
295 }
296 }
297 }
298
299 /*
300 * Connect to the server.
301 */
302 if (msg_verbose)
303 msg_info("%s: trying: %s[%s] port %d...",
304 myname, STR(iter->host), STR(iter->addr), ntohs(port));
305
306 return (smtp_connect_sock(sock, sa, salen, iter, why, sess_flags));
307 }
308
309 /* smtp_connect_sock - connect a socket over some transport */
310
smtp_connect_sock(int sock,struct sockaddr * sa,int salen,SMTP_ITERATOR * iter,DSN_BUF * why,int sess_flags)311 static SMTP_SESSION *smtp_connect_sock(int sock, struct sockaddr *sa,
312 int salen,
313 SMTP_ITERATOR *iter,
314 DSN_BUF *why,
315 int sess_flags)
316 {
317 int conn_stat;
318 int saved_errno;
319 VSTREAM *stream;
320 time_t start_time;
321 const char *name = STR(iter->host);
322 const char *addr = STR(iter->addr);
323 unsigned port = iter->port;
324
325 start_time = time((time_t *) 0);
326 if (var_smtp_conn_tmout > 0) {
327 non_blocking(sock, NON_BLOCKING);
328 conn_stat = timed_connect(sock, sa, salen, var_smtp_conn_tmout);
329 saved_errno = errno;
330 non_blocking(sock, BLOCKING);
331 errno = saved_errno;
332 } else {
333 conn_stat = sane_connect(sock, sa, salen);
334 }
335 if (conn_stat < 0) {
336 if (port)
337 dsb_simple(why, "4.4.1", "connect to %s[%s]:%d: %m",
338 name, addr, ntohs(port));
339 else
340 dsb_simple(why, "4.4.1", "connect to %s[%s]: %m", name, addr);
341 close(sock);
342 return (0);
343 }
344 stream = vstream_fdopen(sock, O_RDWR);
345
346 /*
347 * Avoid poor performance when TCP MSS > VSTREAM_BUFSIZE.
348 */
349 if (sa->sa_family == AF_INET
350 #ifdef AF_INET6
351 || sa->sa_family == AF_INET6
352 #endif
353 )
354 vstream_tweak_tcp(stream);
355
356 /*
357 * Bundle up what we have into a nice SMTP_SESSION object.
358 */
359 return (smtp_session_alloc(stream, iter, start_time, sess_flags));
360 }
361
362 /* smtp_parse_destination - parse host/port destination */
363
smtp_parse_destination(char * destination,char * def_service,char ** hostp,char ** servicep,unsigned * portp)364 static char *smtp_parse_destination(char *destination, char *def_service,
365 char **hostp, char **servicep,
366 unsigned *portp)
367 {
368 char *buf = mystrdup(destination);
369 char *service;
370 struct servent *sp;
371 char *protocol = "tcp"; /* XXX configurable? */
372 unsigned port;
373 const char *err;
374
375 if (msg_verbose)
376 msg_info("smtp_parse_destination: %s %s", destination, def_service);
377
378 /*
379 * Parse the host/port information. We're working with a copy of the
380 * destination argument so the parsing can be destructive.
381 */
382 if ((err = host_port(buf, hostp, (char *) 0, servicep, def_service)) != 0)
383 msg_fatal("%s in server description: %s", err, destination);
384
385 /*
386 * Convert service to port number, network byte order.
387 */
388 service = (char *) filter_known_tcp_port(*servicep);
389 if (alldig(service)) {
390 if ((port = atoi(service)) >= 65536 || port == 0)
391 msg_fatal("bad network port: %s for destination: %s",
392 service, destination);
393 *portp = htons(port);
394 } else {
395 if ((sp = getservbyname(service, protocol)) == 0)
396 msg_fatal("unknown service: %s/%s", service, protocol);
397 *portp = sp->s_port;
398 }
399 return (buf);
400 }
401
402 /* smtp_cleanup_session - clean up after using a session */
403
smtp_cleanup_session(SMTP_STATE * state)404 static void smtp_cleanup_session(SMTP_STATE *state)
405 {
406 DELIVER_REQUEST *request = state->request;
407 SMTP_SESSION *session = state->session;
408 int throttled;
409
410 /*
411 * Inform the postmaster of trouble.
412 *
413 * XXX Don't send notifications about errors while sending notifications.
414 */
415 #define POSSIBLE_NOTIFICATION(sender) \
416 (*sender == 0 || strcmp(sender, mail_addr_double_bounce()) == 0)
417
418 if (session->history != 0
419 && (session->error_mask & name_mask(VAR_NOTIFY_CLASSES,
420 mail_error_masks,
421 var_notify_classes)) != 0
422 && POSSIBLE_NOTIFICATION(request->sender) == 0)
423 smtp_chat_notify(session);
424
425 /*
426 * When session caching is enabled, cache the first good session for this
427 * delivery request under the next-hop destination, and cache all good
428 * sessions under their server network address (destroying the session in
429 * the process).
430 *
431 * Caching under the next-hop destination name (rather than the fall-back
432 * destination) allows us to skip over non-responding primary or backup
433 * hosts. In fact, this is the only benefit of caching logical to
434 * physical bindings; caching a session under its own hostname provides
435 * no performance benefit, given the way smtp_connect() works.
436 */
437 throttled = THIS_SESSION_IS_THROTTLED; /* smtp_quit() may fail */
438 if (THIS_SESSION_IS_EXPIRED)
439 smtp_quit(state); /* also disables caching */
440 if (THIS_SESSION_IS_CACHED
441 /* Redundant tests for safety... */
442 && vstream_ferror(session->stream) == 0
443 && vstream_feof(session->stream) == 0) {
444 smtp_save_session(state, SMTP_KEY_MASK_SCACHE_DEST_LABEL,
445 SMTP_KEY_MASK_SCACHE_ENDP_LABEL);
446 } else {
447 smtp_session_free(session);
448 }
449 state->session = 0;
450
451 /*
452 * If this session was good, reset the scache next-hop destination, so
453 * that we won't cache connections to less-preferred servers under the
454 * same next-hop destination. Otherwise we could end up skipping over the
455 * available and more-preferred servers.
456 */
457 if (HAVE_SCACHE_REQUEST_NEXTHOP(state) && !throttled)
458 CLEAR_SCACHE_REQUEST_NEXTHOP(state);
459
460 /*
461 * Clean up the lists with todo and dropped recipients.
462 */
463 smtp_rcpt_cleanup(state);
464
465 /*
466 * Reset profiling info.
467 *
468 * XXX When one delivery request results in multiple sessions, the set-up
469 * and transmission latencies of the earlier sessions will count as
470 * connection set-up time for the later sessions.
471 *
472 * XXX On the other hand, when we first try to connect to one or more dead
473 * hosts before we reach a good host, then all that time must be counted
474 * as connection set-up time for the session with the good host.
475 *
476 * XXX So this set-up attribution problem exists only when we actually
477 * engage in a session, spend a lot of time delivering a message, find
478 * that it fails, and then connect to an alternate host.
479 */
480 memset((void *) &request->msg_stats.conn_setup_done, 0,
481 sizeof(request->msg_stats.conn_setup_done));
482 memset((void *) &request->msg_stats.deliver_done, 0,
483 sizeof(request->msg_stats.deliver_done));
484 request->msg_stats.reuse_count = 0;
485 }
486
smtp_cache_policy(SMTP_STATE * state,const char * dest)487 static void smtp_cache_policy(SMTP_STATE *state, const char *dest)
488 {
489 DELIVER_REQUEST *request = state->request;
490
491 state->misc_flags &= ~SMTP_MISC_FLAG_CONN_CACHE_MASK;
492
493 if (smtp_cache_dest && string_list_match(smtp_cache_dest, dest)) {
494 state->misc_flags |= SMTP_MISC_FLAG_CONN_CACHE_MASK;
495 } else if (var_smtp_cache_demand) {
496 if (request->flags & DEL_REQ_FLAG_CONN_LOAD)
497 state->misc_flags |= SMTP_MISC_FLAG_CONN_LOAD;
498 if (request->flags & DEL_REQ_FLAG_CONN_STORE)
499 state->misc_flags |= SMTP_MISC_FLAG_CONN_STORE;
500 }
501 }
502
503 #ifdef USE_TLS
504
505 /* smtp_get_effective_tls_level - get the effective TLS security level */
506
smtp_get_effective_tls_level(DSN_BUF * why,SMTP_STATE * state)507 static int smtp_get_effective_tls_level(DSN_BUF *why, SMTP_STATE *state)
508 {
509 SMTP_ITERATOR *iter = state->iterator;
510 SMTP_TLS_POLICY *tls = state->tls;
511
512 /*
513 * Determine the TLS level for this destination.
514 */
515 if (!smtp_tls_policy_cache_query(why, tls, iter)) {
516 return (0);
517 }
518
519 /*
520 * If the sender requires verified TLS, the TLS level must enforce a
521 * server certificate match.
522 */
523 #if 0
524 else if ((state->request->sendopts & SOPT_REQUIRETLS_ESMTP)) {
525 if (TLS_MUST_MATCH(tls->level) == 0) {
526 dsb_simple(why, "5.7.10", "Sender requires verified TLS, "
527 " but my configured TLS security level is '%s %s'",
528 var_mail_name, str_tls_level(tls->level));
529 return (0);
530 }
531 }
532 #endif
533
534 /*
535 * Otherwise, if the TLS level is not TLS_LEV_NONE or some non-level, and
536 * the message contains a "TLS-Required: no" header, limit the level to
537 * TLS_LEV_MAY.
538 */
539 else if (var_tls_required_enable && tls->level > TLS_LEV_NONE
540 && (state->request->sendopts & SOPT_REQUIRETLS_HEADER)) {
541 tls->level = TLS_LEV_MAY;
542 }
543
544 /*
545 * Success.
546 */
547 return (1);
548 }
549
550 #endif
551
552 /* smtp_connect_local - connect to local server */
553
smtp_connect_local(SMTP_STATE * state,const char * path)554 static void smtp_connect_local(SMTP_STATE *state, const char *path)
555 {
556 const char *myname = "smtp_connect_local";
557 SMTP_ITERATOR *iter = state->iterator;
558 SMTP_SESSION *session;
559 DSN_BUF *why = state->why;
560
561 /*
562 * Do not silently ignore an unused setting.
563 */
564 if (*var_fallback_relay)
565 msg_warn("ignoring \"%s = %s\" setting for non-TCP connections",
566 VAR_LMTP_FALLBACK, var_fallback_relay);
567
568 /*
569 * It's too painful to weave this code into the SMTP connection
570 * management routine.
571 *
572 * Connection cache management is based on the UNIX-domain pathname, without
573 * the "unix:" prefix.
574 */
575 smtp_cache_policy(state, path);
576 if (state->misc_flags & SMTP_MISC_FLAG_CONN_CACHE_MASK)
577 SET_SCACHE_REQUEST_NEXTHOP(state, path);
578
579 /*
580 * Here we ensure that the iter->addr member refers to a copy of the
581 * UNIX-domain pathname, so that smtp_save_session() will cache the
582 * connection using the pathname as the physical endpoint name.
583 *
584 * We set dest=path for backwards compatibility.
585 */
586 #define NO_PORT 0
587
588 SMTP_ITER_INIT(iter, path, var_myhostname, path, NO_PORT, state);
589
590 /*
591 * Opportunistic TLS for unix domain sockets does not make much sense,
592 * since the channel is private, mere encryption without authentication
593 * is just wasted cycles and opportunity for breakage. Since we are not
594 * willing to retry after TLS handshake failures here, we downgrade "may"
595 * no "none". Nothing is lost, and much waste is avoided.
596 *
597 * We don't know who is authenticating whom, so if a client cert is
598 * available, "encrypt" may be a sensible policy. Otherwise, we also
599 * downgrade "encrypt" to "none", this time just to avoid waste.
600 *
601 * We use smtp_reuse_nexthop() instead of smtp_reuse_addr(), so that we can
602 * reuse a SASL-authenticated connection (however unlikely this scenario
603 * may be). The smtp_reuse_addr() interface currently supports only reuse
604 * of SASL-unauthenticated connections.
605 */
606 #ifdef USE_TLS
607 if (!smtp_get_effective_tls_level(why, state)) {
608 msg_warn("TLS policy lookup error for %s/%s: %s",
609 STR(iter->host), STR(iter->addr), STR(why->reason));
610 return;
611 }
612 #endif
613 if ((state->misc_flags & SMTP_MISC_FLAG_CONN_LOAD) == 0
614 || (session = smtp_reuse_nexthop(state,
615 SMTP_KEY_MASK_SCACHE_DEST_LABEL)) == 0)
616 session = smtp_connect_unix(iter, why, state->misc_flags);
617 if ((state->session = session) != 0) {
618 session->state = state;
619 #ifdef USE_TLS
620 session->tls_nexthop = var_myhostname; /* for TLS_LEV_SECURE */
621 if (state->tls->level == TLS_LEV_MAY) {
622 msg_warn("%s: opportunistic TLS encryption is not appropriate "
623 "for unix-domain destinations.", myname);
624 state->tls->level = TLS_LEV_NONE;
625 }
626 #endif
627 /* All delivery errors bounce or defer. */
628 state->misc_flags |= SMTP_MISC_FLAG_FINAL_SERVER;
629
630 /*
631 * When a TLS handshake fails, the stream is marked "dead" to avoid
632 * further I/O over a broken channel.
633 */
634 if ((session->features & SMTP_FEATURE_FROM_CACHE) == 0
635 && smtp_helo(state) != 0) {
636 if (!THIS_SESSION_IS_FORBIDDEN
637 && vstream_ferror(session->stream) == 0
638 && vstream_feof(session->stream) == 0)
639 smtp_quit(state);
640 } else {
641 smtp_xfer(state);
642 }
643
644 /*
645 * With opportunistic TLS disabled we don't expect to be asked to
646 * retry connections without TLS, and so we expect the final server
647 * flag to stay on.
648 */
649 if ((state->misc_flags & SMTP_MISC_FLAG_FINAL_SERVER) == 0)
650 msg_panic("%s: unix-domain destination not final!", myname);
651 smtp_cleanup_session(state);
652 }
653
654 /*
655 * Cleanup.
656 */
657 if (HAVE_SCACHE_REQUEST_NEXTHOP(state))
658 CLEAR_SCACHE_REQUEST_NEXTHOP(state);
659 }
660
661 /* smtp_scrub_address_list - delete all cached addresses from list */
662
smtp_scrub_addr_list(HTABLE * cached_addr,DNS_RR ** addr_list)663 static void smtp_scrub_addr_list(HTABLE *cached_addr, DNS_RR **addr_list)
664 {
665 MAI_HOSTADDR_STR hostaddr;
666 DNS_RR *addr;
667 DNS_RR *next;
668
669 /*
670 * XXX Extend the DNS_RR structure with fields for the printable address
671 * and/or binary sockaddr representations, so that we can avoid repeated
672 * binary->string transformations for the same address.
673 */
674 for (addr = *addr_list; addr; addr = next) {
675 next = addr->next;
676 if (dns_rr_to_pa(addr, &hostaddr) == 0) {
677 msg_warn("cannot convert type %s record to printable address",
678 dns_strtype(addr->type));
679 continue;
680 }
681 if (htable_locate(cached_addr, hostaddr.buf))
682 *addr_list = dns_rr_remove(*addr_list, addr);
683 }
684 }
685
686 /* smtp_update_addr_list - common address list update */
687
smtp_update_addr_list(DNS_RR ** addr_list,const char * server_addr,int session_count)688 static void smtp_update_addr_list(DNS_RR **addr_list, const char *server_addr,
689 int session_count)
690 {
691 DNS_RR *addr;
692 DNS_RR *next;
693 int aierr;
694 struct addrinfo *res0;
695
696 if (*addr_list == 0)
697 return;
698
699 /*
700 * Truncate the address list if we are not going to use it anyway.
701 */
702 if (session_count == var_smtp_mxsess_limit
703 || session_count == var_smtp_mxaddr_limit) {
704 dns_rr_free(*addr_list);
705 *addr_list = 0;
706 return;
707 }
708
709 /*
710 * Convert server address to internal form, and look it up in the address
711 * list.
712 *
713 * XXX smtp_reuse_session() breaks if we remove two or more adjacent list
714 * elements but do not truncate the list to zero length.
715 *
716 * XXX Extend the SMTP_SESSION structure with sockaddr information so that
717 * we can avoid repeated string->binary transformations for the same
718 * address.
719 *
720 * XXX SRV support: this should match the port, too, otherwise we may
721 * eliminate too many list entries.
722 */
723 if ((aierr = hostaddr_to_sockaddr(server_addr, (char *) 0, 0, &res0)) != 0) {
724 msg_warn("hostaddr_to_sockaddr %s: %s",
725 server_addr, MAI_STRERROR(aierr));
726 } else {
727 for (addr = *addr_list; addr; addr = next) {
728 next = addr->next;
729 if (DNS_RR_EQ_SA(addr, (struct sockaddr *) res0->ai_addr)) {
730 *addr_list = dns_rr_remove(*addr_list, addr);
731 break;
732 }
733 }
734 freeaddrinfo(res0);
735 }
736 }
737
738 /* smtp_reuse_session - try to use existing connection, return session count */
739
smtp_reuse_session(SMTP_STATE * state,DNS_RR ** addr_list,int domain_best_pref)740 static int smtp_reuse_session(SMTP_STATE *state, DNS_RR **addr_list,
741 int domain_best_pref)
742 {
743 int session_count = 0;
744 DNS_RR *addr;
745 DNS_RR *next;
746 MAI_HOSTADDR_STR hostaddr;
747 SMTP_SESSION *session;
748 SMTP_ITERATOR *iter = state->iterator;
749 DSN_BUF *why = state->why;
750
751 /*
752 * This code is called after server address/port lookup, before
753 * iter->host, iter->addr, iter->rr and iter->mx are assigned concrete
754 * values, and while iter->port still corresponds to the nexthop service,
755 * or the default service configured with smtp_tcp_port or lmtp_tcp_port.
756 *
757 * When a connection is reused by nexthop/service or by server address/port,
758 * iter->host, iter->addr and iter->port are updated with actual values
759 * from the cached session. Additionally, when a connection is searched
760 * by nexthop/service, iter->rr remains null, and when a connection is
761 * searched by server address/port, iter->rr is updated with an actual
762 * server address/port before the search is made.
763 *
764 * First, search the cache by delivery request nexthop. We truncate the
765 * server address list when all the sessions for this destination are
766 * used up, to reduce the number of variables that need to be checked
767 * later.
768 *
769 * Note: connection reuse by delivery request nexthop restores the "best MX"
770 * bit.
771 *
772 * smtp_reuse_nexthop() clobbers the iterators's "dest" attribute. We save
773 * and restore it here, so that subsequent connections will use the
774 * proper nexthop information.
775 *
776 * We don't use TLS level info for nexthop-based connection cache storage
777 * keys. The combination of (service, nexthop, etc.) should be stable
778 * over the time range of interest, and the policy is still enforced on
779 * an individual connection to an MX host, before that connection is
780 * stored under a nexthop- or host-based storage key.
781 */
782 #ifdef USE_TLS
783 smtp_tls_policy_dummy(state->tls);
784 #endif
785 SMTP_ITER_SAVE_DEST(state->iterator);
786 if (*addr_list && SMTP_RCPT_LEFT(state) > 0
787 && HAVE_SCACHE_REQUEST_NEXTHOP(state)
788 && (session = smtp_reuse_nexthop(state, SMTP_KEY_MASK_SCACHE_DEST_LABEL)) != 0) {
789 session_count = 1;
790 smtp_update_addr_list(addr_list, STR(iter->addr), session_count);
791 if ((state->misc_flags & SMTP_MISC_FLAG_FINAL_NEXTHOP)
792 && *addr_list == 0)
793 state->misc_flags |= SMTP_MISC_FLAG_FINAL_SERVER;
794 smtp_xfer(state);
795 smtp_cleanup_session(state);
796 }
797 SMTP_ITER_RESTORE_DEST(state->iterator);
798
799 /*
800 * Second, search the cache by primary MX address. Again, we use address
801 * list truncation so that we have to check fewer variables later.
802 *
803 * XXX This loop is safe because smtp_update_addr_list() either truncates
804 * the list to zero length, or removes at most one list element.
805 *
806 * Currently, we use smtp_reuse_addr() only for SASL-unauthenticated
807 * connections. Furthermore, we rely on smtp_reuse_addr() to look up an
808 * existing SASL-unauthenticated connection only when a new connection
809 * would be guaranteed not to require SASL authentication.
810 *
811 * In addition, we rely on smtp_reuse_addr() to look up an existing
812 * plaintext connection only when a new connection would be guaranteed
813 * not to use TLS.
814 *
815 * For more precise control over reuse, the iterator should look up SASL and
816 * TLS policy as it evaluates mail exchangers in order, instead of
817 * relying on duplicate lookup request code in smtp_reuse(3) and
818 * smtp_session(3).
819 */
820 for (addr = *addr_list; SMTP_RCPT_LEFT(state) > 0 && addr; addr = next) {
821 if (addr->pref != domain_best_pref)
822 break;
823 next = addr->next;
824 if (dns_rr_to_pa(addr, &hostaddr) == 0) {
825 msg_warn("cannot convert type %s record to printable address",
826 dns_strtype(addr->type));
827 /* XXX Assume there is no code at the end of this loop. */
828 continue;
829 }
830 SMTP_ITER_UPDATE_HOST(iter, SMTP_HNAME(addr), hostaddr.buf, addr);
831 #ifdef USE_TLS
832 if (!smtp_get_effective_tls_level(why, state)) {
833 msg_warn("TLS policy lookup error for %s/%s: %s",
834 STR(iter->dest), STR(iter->host), STR(why->reason));
835 continue;
836 /* XXX Assume there is no code at the end of this loop. */
837 }
838 #endif
839 if ((session = smtp_reuse_addr(state,
840 SMTP_KEY_MASK_SCACHE_ENDP_LABEL)) != 0) {
841 session->features |= SMTP_FEATURE_BEST_MX;
842 session_count += 1;
843 smtp_update_addr_list(addr_list, STR(iter->addr), session_count);
844 if (*addr_list == 0)
845 next = 0;
846 if ((state->misc_flags & SMTP_MISC_FLAG_FINAL_NEXTHOP)
847 && next == 0)
848 state->misc_flags |= SMTP_MISC_FLAG_FINAL_SERVER;
849 smtp_xfer(state);
850 smtp_cleanup_session(state);
851 }
852 }
853 return (session_count);
854 }
855
856 /* smtp_connect_inet - establish network connection */
857
smtp_connect_inet(SMTP_STATE * state,const char * nexthop,char * def_service)858 static void smtp_connect_inet(SMTP_STATE *state, const char *nexthop,
859 char *def_service)
860 {
861 DELIVER_REQUEST *request = state->request;
862 SMTP_ITERATOR *iter = state->iterator;
863 ARGV *sites;
864 char *dest;
865 char **cpp;
866 int non_fallback_sites;
867 int retry_plain = 0;
868 DSN_BUF *why = state->why;
869
870 /*
871 * For sanity, require that at least one of INET or INET6 is enabled.
872 * Otherwise, we can't look up interface information, and we can't
873 * convert names or addresses.
874 */
875 if (inet_proto_info()->ai_family_list[0] == 0) {
876 dsb_simple(why, "4.4.4", "all network protocols are disabled");
877 return;
878 }
879
880 /*
881 * Do a null destination sanity check in case the primary destination is
882 * a list that consists of only separators.
883 */
884 sites = argv_split(nexthop, CHARS_COMMA_SP);
885 if (sites->argc == 0)
886 msg_panic("null destination: \"%s\"", nexthop);
887 non_fallback_sites = sites->argc;
888 argv_split_append(sites, var_fallback_relay, CHARS_COMMA_SP);
889
890 /*
891 * Don't give up after a hard host lookup error until we have tried the
892 * fallback relay servers.
893 *
894 * Don't bounce mail after a host lookup problem with a relayhost or with a
895 * fallback relay.
896 *
897 * Don't give up after a qualifying soft error until we have tried all
898 * qualifying backup mail servers.
899 *
900 * All this means that error handling and error reporting depends on whether
901 * the error qualifies for trying to deliver to a backup mail server, or
902 * whether we're looking up a relayhost or fallback relay. The challenge
903 * then is to build this into the pre-existing SMTP client without
904 * getting lost in the complexity.
905 */
906 #define IS_FALLBACK_RELAY(cpp, sites, non_fallback_sites) \
907 (*(cpp) && (cpp) >= (sites)->argv + (non_fallback_sites))
908
909 for (cpp = sites->argv, (state->misc_flags |= SMTP_MISC_FLAG_FIRST_NEXTHOP);
910 SMTP_RCPT_LEFT(state) > 0 && (dest = *cpp) != 0;
911 cpp++, (state->misc_flags &= ~SMTP_MISC_FLAG_FIRST_NEXTHOP)) {
912 char *dest_buf;
913 char *domain;
914 unsigned port;
915 char *service;
916 DNS_RR *addr_list;
917 DNS_RR *addr;
918 DNS_RR *next;
919 int addr_count;
920 int sess_count;
921 SMTP_SESSION *session;
922 int lookup_mx;
923 int non_dns_or_literal;
924 int i_am_mx;
925 unsigned domain_best_pref;
926 MAI_HOSTADDR_STR hostaddr;
927
928 if (cpp[1] == 0)
929 state->misc_flags |= SMTP_MISC_FLAG_FINAL_NEXTHOP;
930
931 /*
932 * Parse the destination. If no TCP port is specified, use the port
933 * that is reserved for the protocol (SMTP or LMTP).
934 *
935 * The 'service' variable corresponds to the remote service specified
936 * with the nexthop, or the default service configured with
937 * smtp_tcp_port or lmtp_tcp_port. The 'port' variable and
938 * SMTP_ITERATOR.port initially correspond to that service. This
939 * determines what loop prevention will be in effect.
940 *
941 * The SMTP_ITERATOR.port will be overwritten after SRV record lookup.
942 * This guarantees that the connection cache key contains the correct
943 * port value when caching and retrieving a connection by its server
944 * address (and port).
945 *
946 * By design, the connection cache key contains NO port information when
947 * caching or retrieving a connection by its nexthop destination.
948 * Instead, the cache key contains the master.cf service name (a
949 * proxy for all the parameter settings including the default service
950 * from smtp_tcp_port or lmtp_tcp_port), together with the nexthop
951 * destination and sender-dependent info. This should be sufficient
952 * to avoid cross talk between mail streams that should be separated.
953 */
954 dest_buf = smtp_parse_destination(dest, def_service, &domain,
955 &service, &port);
956 if (var_helpful_warnings && var_smtp_tls_wrappermode == 0
957 && ntohs(port) == 465) {
958 msg_info("SMTPS wrappermode (TCP port 465) requires setting "
959 "\"%s = yes\", and \"%s = encrypt\" (or stronger)",
960 VAR_LMTP_SMTP(TLS_WRAPPER), VAR_LMTP_SMTP(TLS_LEVEL));
961 }
962 #define NO_HOST "" /* safety */
963 #define NO_ADDR "" /* safety */
964
965 SMTP_ITER_INIT(iter, dest, NO_HOST, NO_ADDR, port, state);
966
967 /*
968 * TODO(wietse) If the domain publishes a TLSRPT policy, they expect
969 * that clients use SMTP over TLS. Should we upgrade a TLS security
970 * level of "may" to "encrypt"? This would disable falling back to
971 * plaintext, and could break interoperability with receivers that
972 * crank up security up to 11.
973 */
974 #ifdef USE_TLSRPT
975 if (smtp_mode && var_smtp_tlsrpt_enable
976 && tls_level_lookup(var_smtp_tls_level) > TLS_LEV_NONE
977 && !valid_hostaddr(domain, DONT_GRIPE))
978 smtp_tlsrpt_create_wrapper(state, domain);
979 else
980 state->tlsrpt = 0;
981 #endif /* USE_TLSRPT */
982
983 /*
984 * Resolve an SMTP or LMTP server. Skip MX or SRV lookups when a
985 * quoted domain is specified or when DNS lookups are disabled.
986 */
987 if (msg_verbose)
988 msg_info("connecting to %s service %s", domain, service);
989 non_dns_or_literal = (smtp_dns_support == SMTP_DNS_DISABLED
990 || *dest == '[');
991 if (smtp_mode) {
992 if (ntohs(port) == IPPORT_SMTP)
993 state->misc_flags |= SMTP_MISC_FLAG_LOOP_DETECT;
994 else
995 state->misc_flags &= ~SMTP_MISC_FLAG_LOOP_DETECT;
996 lookup_mx = !non_dns_or_literal;
997 } else
998 lookup_mx = 0;
999
1000 /*
1001 * Look up SRV and address records and fall back to non-SRV lookups
1002 * if permitted by configuration settings, or look up MX and address
1003 * records, or look up address records only.
1004 */
1005 i_am_mx = 0;
1006 addr_list = 0;
1007 if (!non_dns_or_literal && smtp_use_srv_lookup
1008 && string_list_match(smtp_use_srv_lookup, service)) {
1009 if (lookup_mx)
1010 state->misc_flags |= SMTP_MISC_FLAG_FALLBACK_SRV_TO_MX;
1011 else
1012 state->misc_flags &= ~SMTP_MISC_FLAG_FALLBACK_SRV_TO_MX;
1013 addr_list = smtp_service_addr(domain, service, &iter->mx,
1014 state->misc_flags, why, &i_am_mx);
1015 } else if (!lookup_mx) {
1016 /* Non-DNS, literal, or non-SMTP service */
1017 addr_list = smtp_host_addr(domain, state->misc_flags, why);
1018 /* XXX We could be an MX host for this destination... */
1019 } else {
1020 addr_list = smtp_domain_addr(domain, &iter->mx, state->misc_flags,
1021 why, &i_am_mx);
1022 }
1023 /* If we're MX host, don't connect to non-MX backups. */
1024 if (i_am_mx)
1025 state->misc_flags |= SMTP_MISC_FLAG_FINAL_NEXTHOP;
1026
1027 /*
1028 * Don't try fall-back hosts if mail loops to myself. That would just
1029 * make the problem worse.
1030 */
1031 if (addr_list == 0 && SMTP_HAS_LOOP_DSN(why))
1032 state->misc_flags |= SMTP_MISC_FLAG_FINAL_NEXTHOP;
1033
1034 /*
1035 * No early loop exit or we have a memory leak with dest_buf.
1036 */
1037 if (addr_list)
1038 domain_best_pref = addr_list->pref;
1039
1040 /*
1041 * When connection caching is enabled, store the first good
1042 * connection for this delivery request under the delivery request
1043 * next-hop name. Good connections will also be stored under their
1044 * specific server IP address.
1045 *
1046 * XXX smtp_session_cache_destinations specifies domain names without
1047 * :port, because : is already used for maptype:mapname. Because of
1048 * this limitation we use the bare domain without the optional [] or
1049 * non-default TCP port.
1050 *
1051 * Opportunistic (a.k.a. on-demand) session caching on request by the
1052 * queue manager. This is turned temporarily when a destination has a
1053 * high volume of mail in the active queue. When the surge reaches
1054 * its end, the queue manager requests that connections be retrieved
1055 * but not stored.
1056 */
1057 if (addr_list && (state->misc_flags & SMTP_MISC_FLAG_FIRST_NEXTHOP)) {
1058 smtp_cache_policy(state, domain);
1059 if (state->misc_flags & SMTP_MISC_FLAG_CONN_CACHE_MASK)
1060 SET_SCACHE_REQUEST_NEXTHOP(state, dest);
1061 }
1062
1063 /*
1064 * Delete visited cached hosts from the address list.
1065 *
1066 * Optionally search the connection cache by domain name or by primary
1067 * MX address before we try to create new connections.
1068 *
1069 * Enforce the MX session and MX address counts per next-hop or
1070 * fall-back destination. smtp_reuse_session() will truncate the
1071 * address list when either limit is reached.
1072 */
1073 if (addr_list && (state->misc_flags & SMTP_MISC_FLAG_CONN_LOAD)) {
1074 if (state->cache_used->used > 0)
1075 smtp_scrub_addr_list(state->cache_used, &addr_list);
1076 sess_count = addr_count =
1077 smtp_reuse_session(state, &addr_list, domain_best_pref);
1078 } else
1079 sess_count = addr_count = 0;
1080
1081 /*
1082 * Connect to an SMTP server: create primary MX connections, and
1083 * reuse or create backup MX connections.
1084 *
1085 * At the start of an SMTP session, all recipients are unmarked. In the
1086 * course of an SMTP session, recipients are marked as KEEP (deliver
1087 * to alternate mail server) or DROP (remove from recipient list). At
1088 * the end of an SMTP session, weed out the recipient list. Unmark
1089 * any left-over recipients and try to deliver them to a backup mail
1090 * server.
1091 *
1092 * Cache the first good session under the next-hop destination name.
1093 * Cache all good sessions under their physical endpoint.
1094 *
1095 * Don't query the session cache for primary MX hosts. We already did
1096 * that in smtp_reuse_session(), and if any were found in the cache,
1097 * they were already deleted from the address list.
1098 *
1099 * Currently, we use smtp_reuse_addr() only for SASL-unauthenticated
1100 * connections. Furthermore, we rely on smtp_reuse_addr() to look up
1101 * an existing SASL-unauthenticated connection only when a new
1102 * connection would be guaranteed not to require SASL authentication.
1103 *
1104 * In addition, we rely on smtp_reuse_addr() to look up an existing
1105 * plaintext connection only when a new connection would be
1106 * guaranteed not to use TLS.
1107 */
1108 for (addr = addr_list; SMTP_RCPT_LEFT(state) > 0 && addr; addr = next) {
1109 next = addr->next;
1110 if (++addr_count == var_smtp_mxaddr_limit)
1111 next = 0;
1112 if (dns_rr_to_pa(addr, &hostaddr) == 0) {
1113 msg_warn("cannot convert type %s record to printable address",
1114 dns_strtype(addr->type));
1115 /* XXX Assume there is no code at the end of this loop. */
1116 continue;
1117 }
1118 SMTP_ITER_UPDATE_HOST(iter, SMTP_HNAME(addr), hostaddr.buf, addr);
1119 #ifdef USE_TLS
1120 if (!smtp_get_effective_tls_level(why, state)) {
1121 msg_warn("TLS policy lookup for %s/%s: %s",
1122 STR(iter->dest), STR(iter->host), STR(why->reason));
1123 continue;
1124 /* XXX Assume there is no code at the end of this loop. */
1125 }
1126 if (var_smtp_tls_wrappermode
1127 && state->tls->level < TLS_LEV_ENCRYPT) {
1128 msg_warn("%s requires \"%s = encrypt\" (or stronger)",
1129 VAR_LMTP_SMTP(TLS_WRAPPER), VAR_LMTP_SMTP(TLS_LEVEL));
1130 continue;
1131 /* XXX Assume there is no code at the end of this loop. */
1132 }
1133 /* Disable TLS when retrying after a handshake failure */
1134 if (retry_plain) {
1135 state->tls->level = TLS_LEV_NONE;
1136 retry_plain = 0;
1137 }
1138 #endif
1139 if ((state->misc_flags & SMTP_MISC_FLAG_CONN_LOAD) == 0
1140 || addr->pref == domain_best_pref
1141 || !(session = smtp_reuse_addr(state,
1142 SMTP_KEY_MASK_SCACHE_ENDP_LABEL)))
1143 session = smtp_connect_addr(iter, why, state->misc_flags);
1144 if ((state->session = session) != 0) {
1145 session->state = state;
1146 #ifdef USE_TLS
1147 session->tls_nexthop = domain;
1148
1149 /*
1150 * Update TLSRPT state even if this is a reused SMTP
1151 * connection. If for some unlikely reason we must report a
1152 * problem, then we must report correct information.
1153 */
1154 #ifdef USE_TLSRPT
1155 if (state->tlsrpt) {
1156 smtp_tlsrpt_set_tls_policy(state);
1157 smtp_tlsrpt_set_tcp_connection(state);
1158 }
1159 #endif /* USE_TLSRPT */
1160 #endif
1161 if (addr->pref == domain_best_pref)
1162 session->features |= SMTP_FEATURE_BEST_MX;
1163 /* Don't count handshake errors towards the session limit. */
1164 if ((state->misc_flags & SMTP_MISC_FLAG_FINAL_NEXTHOP)
1165 && next == 0)
1166 state->misc_flags |= SMTP_MISC_FLAG_FINAL_SERVER;
1167 if ((session->features & SMTP_FEATURE_FROM_CACHE) == 0
1168 && smtp_helo(state) != 0) {
1169 #ifdef USE_TLS
1170
1171 /*
1172 * When an opportunistic TLS handshake fails, try the
1173 * same address again, with TLS disabled. See also the
1174 * RETRY_AS_PLAINTEXT macro.
1175 */
1176 if ((retry_plain = session->tls_retry_plain) != 0) {
1177 --addr_count;
1178 next = addr;
1179 }
1180 #endif
1181
1182 /*
1183 * When a TLS handshake fails, the stream is marked
1184 * "dead" to avoid further I/O over a broken channel.
1185 */
1186 if (!THIS_SESSION_IS_FORBIDDEN
1187 && vstream_ferror(session->stream) == 0
1188 && vstream_feof(session->stream) == 0)
1189 smtp_quit(state);
1190 } else {
1191 /* Do count delivery errors towards the session limit. */
1192 if (++sess_count == var_smtp_mxsess_limit)
1193 next = 0;
1194 if ((state->misc_flags & SMTP_MISC_FLAG_FINAL_NEXTHOP)
1195 && next == 0)
1196 state->misc_flags |= SMTP_MISC_FLAG_FINAL_SERVER;
1197 smtp_xfer(state);
1198 #ifdef USE_TLS
1199
1200 /*
1201 * When opportunistic TLS fails after the STARTTLS
1202 * handshake, try the same address again, with TLS
1203 * disabled. See also the RETRY_AS_PLAINTEXT macro.
1204 */
1205 if ((retry_plain = session->tls_retry_plain) != 0) {
1206 --sess_count;
1207 --addr_count;
1208 next = addr;
1209 }
1210 #endif
1211 }
1212 smtp_cleanup_session(state);
1213 } else {
1214 /* The reason already includes the IP address and TCP port. */
1215 msg_info("%s", STR(why->reason));
1216 }
1217 /* XXX Code above assumes there is no code at this loop ending. */
1218 }
1219 dns_rr_free(addr_list);
1220 if (iter->mx) {
1221 dns_rr_free(iter->mx);
1222 iter->mx = 0; /* Just in case */
1223 }
1224 myfree(dest_buf);
1225 if (state->misc_flags & SMTP_MISC_FLAG_FINAL_NEXTHOP)
1226 break;
1227 }
1228
1229 /*
1230 * We still need to deliver, bounce or defer some left-over recipients:
1231 * either mail loops or some backup mail server was unavailable.
1232 */
1233 if (SMTP_RCPT_LEFT(state) > 0) {
1234
1235 /*
1236 * In case of a "no error" indication we make up an excuse: we did
1237 * find the host address, but we did not attempt to connect to it.
1238 * This can happen when the fall-back relay was already tried via a
1239 * cached connection, so that the address list scrubber left behind
1240 * an empty list.
1241 */
1242 if (!SMTP_HAS_DSN(why)) {
1243 dsb_simple(why, "4.3.0",
1244 "server unavailable or unable to receive mail");
1245 }
1246
1247 /*
1248 * Pay attention to what could be configuration problems, and pretend
1249 * that these are recoverable rather than bouncing the mail.
1250 */
1251 else if (!SMTP_HAS_SOFT_DSN(why)) {
1252
1253 /*
1254 * The fall-back destination did not resolve as expected, or it
1255 * is refusing to talk to us, or mail for it loops back to us.
1256 */
1257 if (IS_FALLBACK_RELAY(cpp, sites, non_fallback_sites)) {
1258 msg_warn("%s configuration problem", VAR_SMTP_FALLBACK);
1259 vstring_strcpy(why->status, "4.3.5");
1260 /* XXX Keep the diagnostic code and MTA. */
1261 }
1262
1263 /*
1264 * The next-hop relayhost did not resolve as expected, or it is
1265 * refusing to talk to us, or mail for it loops back to us.
1266 *
1267 * XXX There is no equivalent safety net for mis-configured
1268 * sender-dependent relay hosts. The trivial-rewrite resolver
1269 * would have to flag the result, and the queue manager would
1270 * have to provide that information to delivery agents.
1271 */
1272 else if (smtp_mode && strcmp(sites->argv[0], var_relayhost) == 0) {
1273 msg_warn("%s configuration problem", VAR_RELAYHOST);
1274 vstring_strcpy(why->status, "4.3.5");
1275 /* XXX Keep the diagnostic code and MTA. */
1276 }
1277
1278 /*
1279 * Mail for the next-hop destination loops back to myself. Pass
1280 * the mail to the best_mx_transport or bounce it.
1281 */
1282 else if (smtp_mode && SMTP_HAS_LOOP_DSN(why) && *var_bestmx_transp) {
1283 dsb_reset(why); /* XXX */
1284 state->status = deliver_pass_all(MAIL_CLASS_PRIVATE,
1285 var_bestmx_transp,
1286 request);
1287 SMTP_RCPT_LEFT(state) = 0; /* XXX */
1288 }
1289 }
1290 }
1291
1292 /*
1293 * Cleanup.
1294 */
1295 if (HAVE_SCACHE_REQUEST_NEXTHOP(state))
1296 CLEAR_SCACHE_REQUEST_NEXTHOP(state);
1297 argv_free(sites);
1298 }
1299
1300 /* smtp_connect - establish SMTP connection */
1301
smtp_connect(SMTP_STATE * state)1302 int smtp_connect(SMTP_STATE *state)
1303 {
1304 DELIVER_REQUEST *request = state->request;
1305 char *destination = request->nexthop;
1306
1307 /*
1308 * All deliveries proceed along the same lines, whether they are over TCP
1309 * or UNIX-domain sockets, and whether they use SMTP or LMTP: get a
1310 * connection from the cache or create a new connection; deliver mail;
1311 * update the connection cache or disconnect.
1312 *
1313 * The major differences appear at a higher level: the expansion from
1314 * destination to address list, and whether to stop before we reach the
1315 * end of that list.
1316 */
1317
1318 /*
1319 * With LMTP we have direct-to-host delivery only. The destination may
1320 * have multiple IP addresses.
1321 */
1322 if (!smtp_mode) {
1323 if (strncmp(destination, "unix:", 5) == 0) {
1324 smtp_connect_local(state, destination + 5);
1325 } else {
1326 if (strncmp(destination, "inet:", 5) == 0)
1327 destination += 5;
1328 smtp_connect_inet(state, destination, var_smtp_tcp_port);
1329 }
1330 }
1331
1332 /*
1333 * XXX We don't add support for "unix:" or "inet:" prefixes in SMTP
1334 * destinations, because that would break compatibility with existing
1335 * Postfix configurations that have a host with such a name.
1336 */
1337 else {
1338 smtp_connect_inet(state, destination, var_smtp_tcp_port);
1339 }
1340
1341 /*
1342 * We still need to bounce or defer some left-over recipients: either
1343 * (SMTP) mail loops or some server was unavailable.
1344 *
1345 * We could avoid this (and the "final server" complexity) by keeping one
1346 * DSN structure per recipient in memory, by updating those in-memory
1347 * structures with each delivery attempt, and by always flushing all
1348 * deferred recipients at the end. We'd probably still want to bounce
1349 * recipients immediately, so we'd end up with another chunk of code for
1350 * defer logging only.
1351 */
1352 if (SMTP_RCPT_LEFT(state) > 0) {
1353 state->misc_flags |= SMTP_MISC_FLAG_FINAL_SERVER; /* XXX */
1354 smtp_sess_fail(state);
1355
1356 /*
1357 * Sanity check. Don't silently lose recipients.
1358 */
1359 smtp_rcpt_cleanup(state);
1360 if (SMTP_RCPT_LEFT(state) > 0)
1361 msg_panic("smtp_connect: left-over recipients");
1362 }
1363 return (state->status);
1364 }
1365