1 /* $NetBSD: smtp_connect.c,v 1.7 2026/05/09 18:49:20 christos Exp $ */ 2 3 /*++ 4 /* NAME 5 /* smtp_connect 3 6 /* SUMMARY 7 /* connect to SMTP/LMTP server and deliver 8 /* SYNOPSIS 9 /* #include "smtp.h" 10 /* 11 /* int smtp_connect(state) 12 /* SMTP_STATE *state; 13 /* DESCRIPTION 14 /* This module implements SMTP/LMTP connection management and controls 15 /* mail delivery. 16 /* 17 /* smtp_connect() attempts to establish an SMTP/LMTP session with a host 18 /* that represents the destination domain, or with an optional fallback 19 /* relay when {the destination cannot be found, or when all the 20 /* destination servers are unavailable}. It skips over IP addresses 21 /* that fail to complete the SMTP/LMTP handshake and tries to find 22 /* an alternate server when an SMTP/LMTP session fails to deliver. 23 /* 24 /* This layer also controls what connections are retrieved from 25 /* the connection cache, and what connections are saved to the cache. 26 /* 27 /* The destination is either a host (or domain) name or a numeric 28 /* address. Symbolic or numeric service port information may be 29 /* appended, separated by a colon (":"). In the case of LMTP, 30 /* destinations may be specified as "unix:pathname", "inet:host" 31 /* or "inet:host:port". 32 /* 33 /* With SMTP, or with SRV record lookup enabled, the Internet 34 /* domain name service is queried for mail 35 /* exchanger hosts. Quote the domain name with `[' and `]' to 36 /* suppress mail exchanger lookups. 37 /* 38 /* Numerical address information should always be quoted with `[]'. 39 /* DIAGNOSTICS 40 /* The delivery status is the result value. 41 /* SEE ALSO 42 /* smtp_proto(3) SMTP client protocol 43 /* LICENSE 44 /* .ad 45 /* .fi 46 /* The Secure Mailer license must be distributed with this software. 47 /* AUTHOR(S) 48 /* Wietse Venema 49 /* IBM T.J. Watson Research 50 /* P.O. Box 704 51 /* Yorktown Heights, NY 10598, USA 52 /* 53 /* Wietse Venema 54 /* Google, Inc. 55 /* 111 8th Avenue 56 /* New York, NY 10011, USA 57 /* 58 /* Connection caching in cooperation with: 59 /* Victor Duchovni 60 /* Morgan Stanley 61 /*--*/ 62 63 /* System library. */ 64 65 #include <sys_defs.h> 66 #include <stdlib.h> 67 #include <sys/socket.h> 68 #include <sys/un.h> 69 #include <netinet/in.h> 70 #include <arpa/inet.h> 71 #include <errno.h> 72 #include <netdb.h> 73 #include <stdlib.h> 74 #include <string.h> 75 #include <unistd.h> 76 #include <fcntl.h> 77 #include <ctype.h> 78 79 #ifndef IPPORT_SMTP 80 #define IPPORT_SMTP 25 81 #endif 82 83 /* Utility library. */ 84 85 #include <msg.h> 86 #include <vstream.h> 87 #include <vstring.h> 88 #include <split_at.h> 89 #include <mymalloc.h> 90 #include <inet_addr_list.h> 91 #include <iostuff.h> 92 #include <timed_connect.h> 93 #include <stringops.h> 94 #include <host_port.h> 95 #include <sane_connect.h> 96 #include <myaddrinfo.h> 97 #include <sock_addr.h> 98 #include <inet_proto.h> 99 #include <known_tcp_ports.h> 100 101 /* Global library. */ 102 103 #include <mail_params.h> 104 #include <own_inet_addr.h> 105 #include <deliver_pass.h> 106 #include <mail_error.h> 107 #include <dsn_buf.h> 108 #include <mail_addr.h> 109 #include <valid_hostname.h> 110 #include <sendopts.h> 111 112 /* DNS library. */ 113 114 #include <dns.h> 115 116 /* Application-specific. */ 117 118 #include <smtp.h> 119 #include <smtp_addr.h> 120 #include <smtp_reuse.h> 121 122 /* 123 * Forward declaration. 124 */ 125 static SMTP_SESSION *smtp_connect_sock(int, struct sockaddr *, int, 126 SMTP_ITERATOR *, DSN_BUF *, 127 int); 128 129 /* smtp_connect_unix - connect to UNIX-domain address */ 130 131 static SMTP_SESSION *smtp_connect_unix(SMTP_ITERATOR *iter, DSN_BUF *why, 132 int sess_flags) 133 { 134 const char *myname = "smtp_connect_unix"; 135 struct sockaddr_un sock_un; 136 const char *addr = STR(iter->addr); 137 int len = strlen(addr); 138 int sock; 139 140 dsb_reset(why); /* Paranoia */ 141 142 /* 143 * Sanity checks. 144 */ 145 if (len >= (int) sizeof(sock_un.sun_path)) { 146 msg_warn("unix-domain name too long: %s", addr); 147 dsb_simple(why, "4.3.5", "Server configuration error"); 148 return (0); 149 } 150 151 /* 152 * Initialize. 153 */ 154 memset((void *) &sock_un, 0, sizeof(sock_un)); 155 sock_un.sun_family = AF_UNIX; 156 #ifdef HAS_SUN_LEN 157 sock_un.sun_len = len + 1; 158 #endif 159 memcpy(sock_un.sun_path, addr, len + 1); 160 161 /* 162 * Create a client socket. 163 */ 164 if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) 165 msg_fatal("%s: socket: %m", myname); 166 167 /* 168 * Connect to the server. 169 */ 170 if (msg_verbose) 171 msg_info("%s: trying: %s...", myname, addr); 172 173 return (smtp_connect_sock(sock, (struct sockaddr *) &sock_un, 174 sizeof(sock_un), iter, why, sess_flags)); 175 } 176 177 /* smtp_connect_addr - connect to explicit address */ 178 179 static SMTP_SESSION *smtp_connect_addr(SMTP_ITERATOR *iter, DSN_BUF *why, 180 int sess_flags) 181 { 182 const char *myname = "smtp_connect_addr"; 183 struct sockaddr_storage ss; /* remote */ 184 struct sockaddr *sa = (struct sockaddr *) &ss; 185 SOCKADDR_SIZE salen = sizeof(ss); 186 MAI_HOSTADDR_STR hostaddr; 187 DNS_RR *addr = iter->rr; 188 unsigned port = iter->port; 189 int sock; 190 char *bind_addr; 191 char *bind_var; 192 char *saved_bind_addr = 0; 193 char *tail; 194 195 dsb_reset(why); /* Paranoia */ 196 197 /* 198 * Sanity checks. 199 */ 200 if (dns_rr_to_sa(addr, port, sa, &salen) != 0) { 201 msg_warn("%s: skip address type %s: %m", 202 myname, dns_strtype(addr->type)); 203 dsb_simple(why, "4.4.0", "network address conversion failed: %m"); 204 return (0); 205 } 206 207 /* 208 * Initialize. 209 */ 210 if ((sock = socket(sa->sa_family, SOCK_STREAM, 0)) < 0) 211 msg_fatal("%s: socket: %m", myname); 212 213 #define RETURN_EARLY() do { \ 214 if (saved_bind_addr) \ 215 myfree(saved_bind_addr); \ 216 (void) close(sock); \ 217 return (0); \ 218 } while (0) 219 220 if (inet_windowsize > 0) 221 set_inet_windowsize(sock, inet_windowsize); 222 223 /* 224 * Allow the sysadmin to specify the source address, for example, as "-o 225 * smtp_bind_address=x.x.x.x" in the master.cf file. 226 */ 227 #ifdef HAS_IPV6 228 if (sa->sa_family == AF_INET6) { 229 bind_addr = var_smtp_bind_addr6; 230 bind_var = VAR_LMTP_SMTP(BIND_ADDR6); 231 } else 232 #endif 233 if (sa->sa_family == AF_INET) { 234 bind_addr = var_smtp_bind_addr; 235 bind_var = VAR_LMTP_SMTP(BIND_ADDR); 236 } else 237 bind_var = bind_addr = ""; 238 if (*bind_addr) { 239 int aierr; 240 struct addrinfo *res0; 241 242 if (*bind_addr == '[') { 243 saved_bind_addr = mystrdup(bind_addr + 1); 244 if ((tail = split_at(saved_bind_addr, ']')) == 0 || *tail) 245 msg_fatal("%s: malformed %s parameter: %s", 246 myname, bind_var, bind_addr); 247 bind_addr = saved_bind_addr; 248 } 249 if ((aierr = hostaddr_to_sockaddr(bind_addr, (char *) 0, 0, &res0)) != 0) 250 msg_fatal("%s: bad %s parameter: %s: %s", 251 myname, bind_var, bind_addr, MAI_STRERROR(aierr)); 252 if (bind(sock, res0->ai_addr, res0->ai_addrlen) < 0) { 253 msg_warn("%s: bind %s: %m", myname, bind_addr); 254 if (var_smtp_bind_addr_enforce) { 255 freeaddrinfo(res0); 256 dsb_simple(why, "4.4.0", "server configuration error"); 257 RETURN_EARLY(); 258 } 259 } else if (msg_verbose) 260 msg_info("%s: bind %s", myname, bind_addr); 261 if (saved_bind_addr) 262 myfree(saved_bind_addr); 263 freeaddrinfo(res0); 264 } 265 266 /* 267 * When running as a virtual host, bind to the virtual interface so that 268 * the mail appears to come from the "right" machine address. 269 * 270 * XXX The IPv6 patch expands the null host (as client endpoint) and uses 271 * the result as the loopback address list. 272 */ 273 else { 274 int count = 0; 275 struct sockaddr *own_addr = 0; 276 INET_ADDR_LIST *addr_list = own_inet_addr_list(); 277 struct sockaddr_storage *s; 278 279 for (s = addr_list->addrs; s < addr_list->addrs + addr_list->used; s++) { 280 if (SOCK_ADDR_FAMILY(s) == sa->sa_family) { 281 if (count++ > 0) 282 break; 283 own_addr = SOCK_ADDR_PTR(s); 284 } 285 } 286 if (count == 1 && !sock_addr_in_loopback(own_addr)) { 287 if (bind(sock, own_addr, SOCK_ADDR_LEN(own_addr)) < 0) { 288 SOCKADDR_TO_HOSTADDR(own_addr, SOCK_ADDR_LEN(own_addr), 289 &hostaddr, (MAI_SERVPORT_STR *) 0, 0); 290 msg_warn("%s: bind %s: %m", myname, hostaddr.buf); 291 } else if (msg_verbose) { 292 SOCKADDR_TO_HOSTADDR(own_addr, SOCK_ADDR_LEN(own_addr), 293 &hostaddr, (MAI_SERVPORT_STR *) 0, 0); 294 msg_info("%s: bind %s", myname, hostaddr.buf); 295 } 296 } 297 } 298 299 /* 300 * Connect to the server. 301 */ 302 if (msg_verbose) 303 msg_info("%s: trying: %s[%s] port %d...", 304 myname, STR(iter->host), STR(iter->addr), ntohs(port)); 305 306 return (smtp_connect_sock(sock, sa, salen, iter, why, sess_flags)); 307 } 308 309 /* smtp_connect_sock - connect a socket over some transport */ 310 311 static SMTP_SESSION *smtp_connect_sock(int sock, struct sockaddr *sa, 312 int salen, 313 SMTP_ITERATOR *iter, 314 DSN_BUF *why, 315 int sess_flags) 316 { 317 int conn_stat; 318 int saved_errno; 319 VSTREAM *stream; 320 time_t start_time; 321 const char *name = STR(iter->host); 322 const char *addr = STR(iter->addr); 323 unsigned port = iter->port; 324 325 start_time = time((time_t *) 0); 326 if (var_smtp_conn_tmout > 0) { 327 non_blocking(sock, NON_BLOCKING); 328 conn_stat = timed_connect(sock, sa, salen, var_smtp_conn_tmout); 329 saved_errno = errno; 330 non_blocking(sock, BLOCKING); 331 errno = saved_errno; 332 } else { 333 conn_stat = sane_connect(sock, sa, salen); 334 } 335 if (conn_stat < 0) { 336 if (port) 337 dsb_simple(why, "4.4.1", "connect to %s[%s]:%d: %m", 338 name, addr, ntohs(port)); 339 else 340 dsb_simple(why, "4.4.1", "connect to %s[%s]: %m", name, addr); 341 close(sock); 342 return (0); 343 } 344 stream = vstream_fdopen(sock, O_RDWR); 345 346 /* 347 * Avoid poor performance when TCP MSS > VSTREAM_BUFSIZE. 348 */ 349 if (sa->sa_family == AF_INET 350 #ifdef AF_INET6 351 || sa->sa_family == AF_INET6 352 #endif 353 ) 354 vstream_tweak_tcp(stream); 355 356 /* 357 * Bundle up what we have into a nice SMTP_SESSION object. 358 */ 359 return (smtp_session_alloc(stream, iter, start_time, sess_flags)); 360 } 361 362 /* smtp_parse_destination - parse host/port destination */ 363 364 static char *smtp_parse_destination(char *destination, char *def_service, 365 char **hostp, char **servicep, 366 unsigned *portp) 367 { 368 char *buf = mystrdup(destination); 369 char *service; 370 struct servent *sp; 371 char *protocol = "tcp"; /* XXX configurable? */ 372 unsigned port; 373 const char *err; 374 375 if (msg_verbose) 376 msg_info("smtp_parse_destination: %s %s", destination, def_service); 377 378 /* 379 * Parse the host/port information. We're working with a copy of the 380 * destination argument so the parsing can be destructive. 381 */ 382 if ((err = host_port(buf, hostp, (char *) 0, servicep, def_service)) != 0) 383 msg_fatal("%s in server description: %s", err, destination); 384 385 /* 386 * Convert service to port number, network byte order. 387 */ 388 service = (char *) filter_known_tcp_port(*servicep); 389 if (alldig(service)) { 390 if ((port = atoi(service)) >= 65536 || port == 0) 391 msg_fatal("bad network port: %s for destination: %s", 392 service, destination); 393 *portp = htons(port); 394 } else { 395 if ((sp = getservbyname(service, protocol)) == 0) 396 msg_fatal("unknown service: %s/%s", service, protocol); 397 *portp = sp->s_port; 398 } 399 return (buf); 400 } 401 402 /* smtp_cleanup_session - clean up after using a session */ 403 404 static void smtp_cleanup_session(SMTP_STATE *state) 405 { 406 DELIVER_REQUEST *request = state->request; 407 SMTP_SESSION *session = state->session; 408 int throttled; 409 410 /* 411 * Inform the postmaster of trouble. 412 * 413 * XXX Don't send notifications about errors while sending notifications. 414 */ 415 #define POSSIBLE_NOTIFICATION(sender) \ 416 (*sender == 0 || strcmp(sender, mail_addr_double_bounce()) == 0) 417 418 if (session->history != 0 419 && (session->error_mask & name_mask(VAR_NOTIFY_CLASSES, 420 mail_error_masks, 421 var_notify_classes)) != 0 422 && POSSIBLE_NOTIFICATION(request->sender) == 0) 423 smtp_chat_notify(session); 424 425 /* 426 * When session caching is enabled, cache the first good session for this 427 * delivery request under the next-hop destination, and cache all good 428 * sessions under their server network address (destroying the session in 429 * the process). 430 * 431 * Caching under the next-hop destination name (rather than the fall-back 432 * destination) allows us to skip over non-responding primary or backup 433 * hosts. In fact, this is the only benefit of caching logical to 434 * physical bindings; caching a session under its own hostname provides 435 * no performance benefit, given the way smtp_connect() works. 436 */ 437 throttled = THIS_SESSION_IS_THROTTLED; /* smtp_quit() may fail */ 438 if (THIS_SESSION_IS_EXPIRED) 439 smtp_quit(state); /* also disables caching */ 440 if (THIS_SESSION_IS_CACHED 441 /* Redundant tests for safety... */ 442 && vstream_ferror(session->stream) == 0 443 && vstream_feof(session->stream) == 0) { 444 smtp_save_session(state, SMTP_KEY_MASK_SCACHE_DEST_LABEL, 445 SMTP_KEY_MASK_SCACHE_ENDP_LABEL); 446 } else { 447 smtp_session_free(session); 448 } 449 state->session = 0; 450 451 /* 452 * If this session was good, reset the scache next-hop destination, so 453 * that we won't cache connections to less-preferred servers under the 454 * same next-hop destination. Otherwise we could end up skipping over the 455 * available and more-preferred servers. 456 */ 457 if (HAVE_SCACHE_REQUEST_NEXTHOP(state) && !throttled) 458 CLEAR_SCACHE_REQUEST_NEXTHOP(state); 459 460 /* 461 * Clean up the lists with todo and dropped recipients. 462 */ 463 smtp_rcpt_cleanup(state); 464 465 /* 466 * Reset profiling info. 467 * 468 * XXX When one delivery request results in multiple sessions, the set-up 469 * and transmission latencies of the earlier sessions will count as 470 * connection set-up time for the later sessions. 471 * 472 * XXX On the other hand, when we first try to connect to one or more dead 473 * hosts before we reach a good host, then all that time must be counted 474 * as connection set-up time for the session with the good host. 475 * 476 * XXX So this set-up attribution problem exists only when we actually 477 * engage in a session, spend a lot of time delivering a message, find 478 * that it fails, and then connect to an alternate host. 479 */ 480 memset((void *) &request->msg_stats.conn_setup_done, 0, 481 sizeof(request->msg_stats.conn_setup_done)); 482 memset((void *) &request->msg_stats.deliver_done, 0, 483 sizeof(request->msg_stats.deliver_done)); 484 request->msg_stats.reuse_count = 0; 485 } 486 487 static void smtp_cache_policy(SMTP_STATE *state, const char *dest) 488 { 489 DELIVER_REQUEST *request = state->request; 490 491 state->misc_flags &= ~SMTP_MISC_FLAG_CONN_CACHE_MASK; 492 493 if (smtp_cache_dest && string_list_match(smtp_cache_dest, dest)) { 494 state->misc_flags |= SMTP_MISC_FLAG_CONN_CACHE_MASK; 495 } else if (var_smtp_cache_demand) { 496 if (request->flags & DEL_REQ_FLAG_CONN_LOAD) 497 state->misc_flags |= SMTP_MISC_FLAG_CONN_LOAD; 498 if (request->flags & DEL_REQ_FLAG_CONN_STORE) 499 state->misc_flags |= SMTP_MISC_FLAG_CONN_STORE; 500 } 501 } 502 503 #ifdef USE_TLS 504 505 /* smtp_get_effective_tls_level - get the effective TLS security level */ 506 507 static int smtp_get_effective_tls_level(DSN_BUF *why, SMTP_STATE *state) 508 { 509 SMTP_ITERATOR *iter = state->iterator; 510 SMTP_TLS_POLICY *tls = state->tls; 511 512 /* 513 * Prepare TLS feature status logging. 514 */ 515 if (state->tls_stats) { 516 pol_stats_revert(state->tls_stats); 517 if (state->reqtls_level > SMTP_REQTLS_POLICY_ACT_DISABLE) 518 smtp_tls_stat_activate_reqtls(state->tls_stats, 519 SMTP_TLS_STAT_NAME_REQTLS); 520 } 521 522 /* 523 * Determine the TLS level for this destination. 524 */ 525 if (!smtp_tls_policy_cache_query(why, tls, iter)) { 526 if (state->tls_stats) 527 smtp_tls_stat_activate_sec_unknown(state->tls_stats); 528 return (0); 529 } 530 if (state->tls_stats) 531 smtp_tls_stat_activate_sec_level(state->tls_stats, 532 state->tls->level); 533 534 /* 535 * Skip this destination if its TLS policy cannot satisfy the REQUIRETLS 536 * policy for this destination (REQUIRETLS Failure). 537 * 538 * Otherwise, log what would fail if REQUIRETLS was fully enforced 539 * (REQUIRETLS Debug). 540 * 541 * Finally, skip this destination if its REQUIRETLS policy is bad. 542 */ 543 switch (state->reqtls_level) { 544 case SMTP_REQTLS_POLICY_ACT_ENFORCE: 545 if (TLS_MUST_MATCH(tls->level) == 0) { 546 if (state->tls_stats) 547 smtp_tls_stat_decide_reqtls(state->tls_stats, 548 SMTP_TLS_STAT_NAME_NOCMATCH, 549 POL_STAT_VIOLATION); 550 dsb_simple(why, "5.7.10", "Sender requested REQUIRETLS, " 551 "but my configured TLS security level '%s' " 552 "disables certificate matching. The last " 553 "attempted server was %s", str_tls_level(tls->level), 554 STR(iter->host)); 555 return (0); 556 } 557 break; 558 case SMTP_REQTLS_POLICY_ACT_OPP_TLS: 559 if (tls->level == TLS_LEV_NONE) { 560 if (state->tls_stats) 561 smtp_tls_stat_decide_reqtls(state->tls_stats, 562 SMTP_TLS_STAT_NAME_NOTLS, 563 POL_STAT_VIOLATION); 564 dsb_simple(why, "5.7.10", "Sender requested REQUIRETLS, " 565 "but my configured TLS security level '%s' " 566 "disables encryption. The last attempted " 567 "server was %s", str_tls_level(tls->level), 568 STR(iter->host)); 569 return (0); 570 } else if (TLS_MUST_MATCH(tls->level) == 0) { 571 msg_info("%s: Sender requested REQUIRETLS, but my " 572 "configured TLS security level '%s' disables " 573 "certificate matching. The last attempted server " 574 "was %s", state->request->queue_id, 575 str_tls_level(tls->level), STR(iter->host)); 576 } 577 break; 578 case SMTP_REQTLS_POLICY_ACT_OPPORTUNISTIC: 579 case SMTP_REQTLS_POLICY_ACT_DISABLE: 580 break; 581 default: 582 dsb_simple(why, "4.7.10", "REQUIRETLS policy configuration " 583 "error. The last attempted server was %s", 584 STR(iter->host)); 585 return (0); 586 } 587 588 /* 589 * Success. 590 */ 591 return (1); 592 } 593 594 #endif 595 596 /* smtp_connect_local - connect to local server */ 597 598 static void smtp_connect_local(SMTP_STATE *state, const char *path) 599 { 600 const char *myname = "smtp_connect_local"; 601 SMTP_ITERATOR *iter = state->iterator; 602 SMTP_SESSION *session; 603 DSN_BUF *why = state->why; 604 605 /* 606 * Do not silently ignore an unused setting. 607 */ 608 if (*var_fallback_relay) 609 msg_warn("ignoring \"%s = %s\" setting for non-TCP connections", 610 VAR_LMTP_FALLBACK, var_fallback_relay); 611 612 /* 613 * It's too painful to weave this code into the SMTP connection 614 * management routine. 615 * 616 * Connection cache management is based on the UNIX-domain pathname, without 617 * the "unix:" prefix. 618 */ 619 smtp_cache_policy(state, path); 620 if (state->misc_flags & SMTP_MISC_FLAG_CONN_CACHE_MASK) 621 SET_SCACHE_REQUEST_NEXTHOP(state, path); 622 623 /* 624 * REQUIRETLS policy selection is based on the same TLS net-hop name as 625 * with certificate matching. When var_reqtls_enable != 0, 626 * smtp_reqtls_policy must also be != 0. 627 */ 628 #ifdef USE_TLS 629 if (STATE_REQTLS_IS_REQUESTED(var_reqtls_enable, state)) 630 state->reqtls_level = 631 smtp_reqtls_policy_eval(smtp_reqtls_policy, var_myhostname); 632 else 633 state->reqtls_level = SMTP_REQTLS_POLICY_ACT_DISABLE; 634 #endif 635 636 /* 637 * Here we ensure that the iter->addr member refers to a copy of the 638 * UNIX-domain pathname, so that smtp_save_session() will cache the 639 * connection using the pathname as the physical endpoint name. 640 * 641 * We set dest=path for backwards compatibility. 642 */ 643 #define NO_PORT 0 644 645 SMTP_ITER_INIT(iter, path, var_myhostname, path, NO_PORT, state); 646 647 /* 648 * Opportunistic TLS for unix domain sockets does not make much sense, 649 * since the channel is private, mere encryption without authentication 650 * is just wasted cycles and opportunity for breakage. Since we are not 651 * willing to retry after TLS handshake failures here, we downgrade "may" 652 * no "none". Nothing is lost, and much waste is avoided. 653 * 654 * If a client cert is available, "encrypt" may be a sensible policy. 655 * Without client cert, "encrypt" and "may" over UNIX-domain sockets are 656 * not useful. 657 * 658 * We use smtp_reuse_nexthop() instead of smtp_reuse_addr(), so that we can 659 * reuse a SASL-authenticated connection (however unlikely this scenario 660 * may be). The smtp_reuse_addr() interface currently supports only reuse 661 * of SASL-unauthenticated connections. 662 */ 663 #ifdef USE_TLS 664 if (!smtp_get_effective_tls_level(why, state)) { 665 msg_warn("TLS policy lookup error for %s/%s: %s", 666 STR(iter->host), STR(iter->addr), STR(why->reason)); 667 return; 668 } 669 #endif 670 if ((state->misc_flags & SMTP_MISC_FLAG_CONN_LOAD) == 0 671 || (session = smtp_reuse_nexthop(state, 672 SMTP_KEY_MASK_SCACHE_DEST_LABEL)) == 0) 673 session = smtp_connect_unix(iter, why, state->misc_flags); 674 if ((state->session = session) != 0) { 675 session->state = state; 676 #ifdef USE_TLS 677 session->tls_nexthop = var_myhostname; /* for TLS_LEV_SECURE */ 678 if (state->tls->level == TLS_LEV_MAY) { 679 msg_warn("%s: opportunistic TLS encryption is not appropriate " 680 "for unix-domain destinations.", myname); 681 state->tls->level = TLS_LEV_NONE; 682 } 683 #endif 684 /* All delivery errors bounce or defer. */ 685 state->misc_flags |= SMTP_MISC_FLAG_FINAL_SERVER; 686 687 /* 688 * When a TLS handshake fails, the stream is marked "dead" to avoid 689 * further I/O over a broken channel. 690 */ 691 if ((session->features & SMTP_FEATURE_FROM_CACHE) == 0 692 && smtp_helo(state) != 0) { 693 if (!THIS_SESSION_IS_FORBIDDEN 694 && vstream_ferror(session->stream) == 0 695 && vstream_feof(session->stream) == 0) 696 smtp_quit(state); 697 } else { 698 smtp_xfer(state); 699 } 700 701 /* 702 * With opportunistic TLS disabled we don't expect to be asked to 703 * retry connections without TLS, and so we expect the final server 704 * flag to stay on. 705 */ 706 if ((state->misc_flags & SMTP_MISC_FLAG_FINAL_SERVER) == 0) 707 msg_panic("%s: unix-domain destination not final!", myname); 708 smtp_cleanup_session(state); 709 } 710 711 /* 712 * Cleanup. 713 */ 714 if (HAVE_SCACHE_REQUEST_NEXTHOP(state)) 715 CLEAR_SCACHE_REQUEST_NEXTHOP(state); 716 } 717 718 /* smtp_scrub_address_list - delete all cached addresses from list */ 719 720 static void smtp_scrub_addr_list(HTABLE *cached_addr, DNS_RR **addr_list) 721 { 722 MAI_HOSTADDR_STR hostaddr; 723 DNS_RR *addr; 724 DNS_RR *next; 725 726 /* 727 * XXX Extend the DNS_RR structure with fields for the printable address 728 * and/or binary sockaddr representations, so that we can avoid repeated 729 * binary->string transformations for the same address. 730 */ 731 for (addr = *addr_list; addr; addr = next) { 732 next = addr->next; 733 if (dns_rr_to_pa(addr, &hostaddr) == 0) { 734 msg_warn("cannot convert type %s record to printable address", 735 dns_strtype(addr->type)); 736 continue; 737 } 738 if (htable_locate(cached_addr, hostaddr.buf)) 739 *addr_list = dns_rr_remove(*addr_list, addr); 740 } 741 } 742 743 /* smtp_update_addr_list - common address list update */ 744 745 static void smtp_update_addr_list(DNS_RR **addr_list, const char *server_addr, 746 int session_count) 747 { 748 DNS_RR *addr; 749 DNS_RR *next; 750 int aierr; 751 struct addrinfo *res0; 752 753 if (*addr_list == 0) 754 return; 755 756 /* 757 * Truncate the address list if we are not going to use it anyway. 758 */ 759 if (session_count == var_smtp_mxsess_limit 760 || session_count == var_smtp_mxaddr_limit) { 761 dns_rr_free(*addr_list); 762 *addr_list = 0; 763 return; 764 } 765 766 /* 767 * Convert server address to internal form, and look it up in the address 768 * list. 769 * 770 * XXX smtp_reuse_session() breaks if we remove two or more adjacent list 771 * elements but do not truncate the list to zero length. 772 * 773 * XXX Extend the SMTP_SESSION structure with sockaddr information so that 774 * we can avoid repeated string->binary transformations for the same 775 * address. 776 * 777 * XXX SRV support: this should match the port, too, otherwise we may 778 * eliminate too many list entries. 779 */ 780 if ((aierr = hostaddr_to_sockaddr(server_addr, (char *) 0, 0, &res0)) != 0) { 781 msg_warn("hostaddr_to_sockaddr %s: %s", 782 server_addr, MAI_STRERROR(aierr)); 783 } else { 784 for (addr = *addr_list; addr; addr = next) { 785 next = addr->next; 786 if (DNS_RR_EQ_SA(addr, (struct sockaddr *) res0->ai_addr)) { 787 *addr_list = dns_rr_remove(*addr_list, addr); 788 break; 789 } 790 } 791 freeaddrinfo(res0); 792 } 793 } 794 795 /* smtp_reuse_session - try to use existing connection, return session count */ 796 797 static int smtp_reuse_session(SMTP_STATE *state, DNS_RR **addr_list, 798 int domain_best_pref) 799 { 800 int session_count = 0; 801 DNS_RR *addr; 802 DNS_RR *next; 803 MAI_HOSTADDR_STR hostaddr; 804 SMTP_SESSION *session; 805 SMTP_ITERATOR *iter = state->iterator; 806 DSN_BUF *why = state->why; 807 808 /* 809 * This code is called after server address/port lookup, before 810 * iter->host, iter->addr, iter->rr and iter->mx are assigned concrete 811 * values, and while iter->port still corresponds to the nexthop service, 812 * or the default service configured with smtp_tcp_port or lmtp_tcp_port. 813 * 814 * When a connection is reused by nexthop/service or by server address/port, 815 * iter->host, iter->addr and iter->port are updated with actual values 816 * from the cached session. Additionally, when a connection is searched 817 * by nexthop/service, iter->rr remains null, and when a connection is 818 * searched by server address/port, iter->rr is updated with an actual 819 * server address/port before the search is made. 820 * 821 * First, search the cache by delivery request nexthop. We truncate the 822 * server address list when all the sessions for this destination are 823 * used up, to reduce the number of variables that need to be checked 824 * later. 825 * 826 * Note: connection reuse by delivery request nexthop restores the "best MX" 827 * bit. 828 * 829 * smtp_reuse_nexthop() clobbers the iterators's "dest" attribute. We save 830 * and restore it here, so that subsequent connections will use the 831 * proper nexthop information. 832 * 833 * We don't use TLS level info for nexthop-based connection cache storage 834 * keys. The combination of (service, nexthop, etc.) should be stable 835 * over the time range of interest, and the policy is still enforced on 836 * an individual connection to an MX host, before that connection is 837 * stored under a nexthop- or host-based storage key. 838 */ 839 #ifdef USE_TLS 840 smtp_tls_policy_dummy(state->tls); 841 #endif 842 SMTP_ITER_SAVE_DEST(state->iterator); 843 if (*addr_list && SMTP_RCPT_LEFT(state) > 0 844 && HAVE_SCACHE_REQUEST_NEXTHOP(state) 845 && (session = smtp_reuse_nexthop(state, SMTP_KEY_MASK_SCACHE_DEST_LABEL)) != 0) { 846 session_count = 1; 847 smtp_update_addr_list(addr_list, STR(iter->addr), session_count); 848 if ((state->misc_flags & SMTP_MISC_FLAG_FINAL_NEXTHOP) 849 && *addr_list == 0) 850 state->misc_flags |= SMTP_MISC_FLAG_FINAL_SERVER; 851 smtp_xfer(state); 852 smtp_cleanup_session(state); 853 } 854 SMTP_ITER_RESTORE_DEST(state->iterator); 855 856 /* 857 * Second, search the cache by primary MX address. Again, we use address 858 * list truncation so that we have to check fewer variables later. 859 * 860 * XXX This loop is safe because smtp_update_addr_list() either truncates 861 * the list to zero length, or removes at most one list element. 862 * 863 * Currently, we use smtp_reuse_addr() only for SASL-unauthenticated 864 * connections. Furthermore, we rely on smtp_reuse_addr() to look up an 865 * existing SASL-unauthenticated connection only when a new connection 866 * would be guaranteed not to require SASL authentication. 867 * 868 * In addition, we rely on smtp_reuse_addr() to look up an existing 869 * plaintext connection only when a new connection would be guaranteed 870 * not to use TLS. 871 * 872 * For more precise control over reuse, the iterator should look up SASL and 873 * TLS policy as it evaluates mail exchangers in order, instead of 874 * relying on duplicate lookup request code in smtp_reuse(3) and 875 * smtp_session(3). 876 */ 877 for (addr = *addr_list; SMTP_RCPT_LEFT(state) > 0 && addr; addr = next) { 878 if (addr->pref != domain_best_pref) 879 break; 880 next = addr->next; 881 if (dns_rr_to_pa(addr, &hostaddr) == 0) { 882 msg_warn("cannot convert type %s record to printable address", 883 dns_strtype(addr->type)); 884 /* XXX Assume there is no code at the end of this loop. */ 885 continue; 886 } 887 SMTP_ITER_UPDATE_HOST(iter, SMTP_HNAME(addr), hostaddr.buf, addr); 888 #ifdef USE_TLS 889 if (!smtp_get_effective_tls_level(why, state)) { 890 msg_warn("TLS policy lookup error for %s/%s: %s", 891 STR(iter->dest), STR(iter->host), STR(why->reason)); 892 continue; 893 /* XXX Assume there is no code at the end of this loop. */ 894 } 895 #endif 896 if ((session = smtp_reuse_addr(state, 897 SMTP_KEY_MASK_SCACHE_ENDP_LABEL)) != 0) { 898 session->features |= SMTP_FEATURE_BEST_MX; 899 session_count += 1; 900 smtp_update_addr_list(addr_list, STR(iter->addr), session_count); 901 if (*addr_list == 0) 902 next = 0; 903 if ((state->misc_flags & SMTP_MISC_FLAG_FINAL_NEXTHOP) 904 && next == 0) 905 state->misc_flags |= SMTP_MISC_FLAG_FINAL_SERVER; 906 smtp_xfer(state); 907 smtp_cleanup_session(state); 908 } 909 } 910 return (session_count); 911 } 912 913 /* smtp_connect_inet - establish network connection */ 914 915 static void smtp_connect_inet(SMTP_STATE *state, const char *nexthop, 916 char *def_service) 917 { 918 DELIVER_REQUEST *request = state->request; 919 SMTP_ITERATOR *iter = state->iterator; 920 ARGV *sites; 921 char *dest; 922 char **cpp; 923 int non_fallback_sites; 924 int retry_plain = 0; 925 DSN_BUF *why = state->why; 926 927 /* 928 * For sanity, require that at least one of INET or INET6 is enabled. 929 * Otherwise, we can't look up interface information, and we can't 930 * convert names or addresses. 931 */ 932 if (inet_proto_info()->ai_family_list[0] == 0) { 933 dsb_simple(why, "4.4.4", "all network protocols are disabled"); 934 return; 935 } 936 937 /* 938 * Do a null destination sanity check in case the primary destination is 939 * a list that consists of only separators. 940 */ 941 sites = argv_split(nexthop, CHARS_COMMA_SP); 942 if (sites->argc == 0) 943 msg_panic("null destination: \"%s\"", nexthop); 944 non_fallback_sites = sites->argc; 945 argv_split_append(sites, var_fallback_relay, CHARS_COMMA_SP); 946 947 /* 948 * Don't give up after a hard host lookup error until we have tried the 949 * fallback relay servers. 950 * 951 * Don't bounce mail after a host lookup problem with a relayhost or with a 952 * fallback relay. 953 * 954 * Don't give up after a qualifying soft error until we have tried all 955 * qualifying backup mail servers. 956 * 957 * All this means that error handling and error reporting depends on whether 958 * the error qualifies for trying to deliver to a backup mail server, or 959 * whether we're looking up a relayhost or fallback relay. The challenge 960 * then is to build this into the pre-existing SMTP client without 961 * getting lost in the complexity. 962 */ 963 #define IS_FALLBACK_RELAY(cpp, sites, non_fallback_sites) \ 964 (*(cpp) && (cpp) >= (sites)->argv + (non_fallback_sites)) 965 966 for (cpp = sites->argv, (state->misc_flags |= SMTP_MISC_FLAG_FIRST_NEXTHOP); 967 SMTP_RCPT_LEFT(state) > 0 && (dest = *cpp) != 0; 968 cpp++, (state->misc_flags &= ~SMTP_MISC_FLAG_FIRST_NEXTHOP)) { 969 char *dest_buf; 970 char *domain; 971 unsigned port; 972 char *service; 973 DNS_RR *addr_list; 974 DNS_RR *addr; 975 DNS_RR *next; 976 int addr_count; 977 int sess_count; 978 SMTP_SESSION *session; 979 int lookup_mx; 980 int non_dns_or_literal; 981 int i_am_mx; 982 unsigned domain_best_pref; 983 MAI_HOSTADDR_STR hostaddr; 984 985 if (cpp[1] == 0) 986 state->misc_flags |= SMTP_MISC_FLAG_FINAL_NEXTHOP; 987 988 /* 989 * Parse the destination. If no TCP port is specified, use the port 990 * that is reserved for the protocol (SMTP or LMTP). 991 * 992 * The 'service' variable corresponds to the remote service specified 993 * with the nexthop, or the default service configured with 994 * smtp_tcp_port or lmtp_tcp_port. The 'port' variable and 995 * SMTP_ITERATOR.port initially correspond to that service. This 996 * determines what loop prevention will be in effect. 997 * 998 * The SMTP_ITERATOR.port will be overwritten after SRV record lookup. 999 * This guarantees that the connection cache key contains the correct 1000 * port value when caching and retrieving a connection by its server 1001 * address (and port). 1002 * 1003 * By design, the connection cache key contains NO port information when 1004 * caching or retrieving a connection by its nexthop destination. 1005 * Instead, the cache key contains the master.cf service name (a 1006 * proxy for all the parameter settings including the default service 1007 * from smtp_tcp_port or lmtp_tcp_port), together with the nexthop 1008 * destination and sender-dependent info. This should be sufficient 1009 * to avoid cross talk between mail streams that should be separated. 1010 */ 1011 dest_buf = smtp_parse_destination(dest, def_service, &domain, 1012 &service, &port); 1013 if (var_helpful_warnings && var_smtp_tls_wrappermode == 0 1014 && ntohs(port) == 465) { 1015 msg_info("SMTPS wrappermode (TCP port 465) requires setting " 1016 "\"%s = yes\", and \"%s = encrypt\" (or stronger)", 1017 VAR_LMTP_SMTP(TLS_WRAPPER), VAR_LMTP_SMTP(TLS_LEVEL)); 1018 } 1019 #define NO_HOST "" /* safety */ 1020 #define NO_ADDR "" /* safety */ 1021 1022 SMTP_ITER_INIT(iter, dest, NO_HOST, NO_ADDR, port, state); 1023 1024 /* 1025 * TODO(wietse) If the domain publishes a TLSRPT policy, they expect 1026 * that clients use SMTP over TLS. Should we upgrade a TLS security 1027 * level of "may" to "encrypt"? This would disable falling back to 1028 * plaintext, and could break interoperability with receivers that 1029 * crank up security up to 11. 1030 * 1031 * With "TLS-Required: no" in effect, the SMTP client ignores the 1032 * recipient-side policy mechanism TLSRPT, in addition to the already 1033 * ignored DANE and MTA-STS mechanisms. This prevents TLSRPT 1034 * notifications for all SMTP deliveries that do not require TLS. 1035 */ 1036 #ifdef USE_TLSRPT 1037 if (smtp_mode && var_smtp_tlsrpt_enable 1038 && STATE_TLS_NOT_REQUIRED(state) == 0 1039 && tls_level_lookup(var_smtp_tls_level) > TLS_LEV_NONE 1040 && !valid_hostaddr(domain, DONT_GRIPE)) 1041 smtp_tlsrpt_create_wrapper(state, domain); 1042 else 1043 state->tlsrpt = 0; 1044 #endif /* USE_TLSRPT */ 1045 1046 /* 1047 * REQUIRETLS policy selection is based on the same TLS net-hop name 1048 * as with certificate matching. When var_reqtls_enable != 0, 1049 * smtp_reqtls_policy must also be != 0. 1050 */ 1051 #ifdef USE_TLS 1052 if (STATE_REQTLS_IS_REQUESTED(var_reqtls_enable, state)) 1053 state->reqtls_level = 1054 smtp_reqtls_policy_eval(smtp_reqtls_policy, domain); 1055 else 1056 state->reqtls_level = SMTP_REQTLS_POLICY_ACT_DISABLE; 1057 #endif 1058 1059 /* 1060 * Resolve an SMTP or LMTP server. Skip MX or SRV lookups when a 1061 * quoted domain is specified or when DNS lookups are disabled. 1062 */ 1063 if (msg_verbose) 1064 msg_info("connecting to %s service %s", domain, service); 1065 non_dns_or_literal = (smtp_dns_support == SMTP_DNS_DISABLED 1066 || *dest == '['); 1067 if (smtp_mode) { 1068 if (ntohs(port) == IPPORT_SMTP) 1069 state->misc_flags |= SMTP_MISC_FLAG_LOOP_DETECT; 1070 else 1071 state->misc_flags &= ~SMTP_MISC_FLAG_LOOP_DETECT; 1072 lookup_mx = !non_dns_or_literal; 1073 } else 1074 lookup_mx = 0; 1075 1076 /* 1077 * Look up SRV and address records and fall back to non-SRV lookups 1078 * if permitted by configuration settings, or look up MX and address 1079 * records, or look up address records only. 1080 */ 1081 i_am_mx = 0; 1082 addr_list = 0; 1083 if (!non_dns_or_literal && smtp_use_srv_lookup 1084 && string_list_match(smtp_use_srv_lookup, service)) { 1085 if (lookup_mx) 1086 state->misc_flags |= SMTP_MISC_FLAG_FALLBACK_SRV_TO_MX; 1087 else 1088 state->misc_flags &= ~SMTP_MISC_FLAG_FALLBACK_SRV_TO_MX; 1089 addr_list = smtp_service_addr(domain, service, &iter->mx, 1090 state->misc_flags, why, &i_am_mx); 1091 } else if (!lookup_mx) { 1092 /* Non-DNS, literal, or non-SMTP service */ 1093 addr_list = smtp_host_addr(domain, state->misc_flags, why); 1094 /* XXX We could be an MX host for this destination... */ 1095 } else { 1096 addr_list = smtp_domain_addr(domain, &iter->mx, state->misc_flags, 1097 why, &i_am_mx); 1098 } 1099 /* If we're MX host, don't connect to non-MX backups. */ 1100 if (i_am_mx) 1101 state->misc_flags |= SMTP_MISC_FLAG_FINAL_NEXTHOP; 1102 1103 /* 1104 * Don't try fall-back hosts if mail loops to myself. That would just 1105 * make the problem worse. 1106 */ 1107 if (addr_list == 0 && SMTP_HAS_LOOP_DSN(why)) 1108 state->misc_flags |= SMTP_MISC_FLAG_FINAL_NEXTHOP; 1109 1110 /* 1111 * No early loop exit or we have a memory leak with dest_buf. 1112 */ 1113 if (addr_list) 1114 domain_best_pref = addr_list->pref; 1115 1116 /* 1117 * When connection caching is enabled, store the first good 1118 * connection for this delivery request under the delivery request 1119 * next-hop name. Good connections will also be stored under their 1120 * specific server IP address. 1121 * 1122 * XXX smtp_session_cache_destinations specifies domain names without 1123 * :port, because : is already used for maptype:mapname. Because of 1124 * this limitation we use the bare domain without the optional [] or 1125 * non-default TCP port. 1126 * 1127 * Opportunistic (a.k.a. on-demand) session caching on request by the 1128 * queue manager. This is turned temporarily when a destination has a 1129 * high volume of mail in the active queue. When the surge reaches 1130 * its end, the queue manager requests that connections be retrieved 1131 * but not stored. 1132 */ 1133 if (addr_list && (state->misc_flags & SMTP_MISC_FLAG_FIRST_NEXTHOP)) { 1134 smtp_cache_policy(state, domain); 1135 if (state->misc_flags & SMTP_MISC_FLAG_CONN_CACHE_MASK) 1136 SET_SCACHE_REQUEST_NEXTHOP(state, dest); 1137 } 1138 1139 /* 1140 * Delete visited cached hosts from the address list. 1141 * 1142 * Optionally search the connection cache by domain name or by primary 1143 * MX address before we try to create new connections. 1144 * 1145 * Enforce the MX session and MX address counts per next-hop or 1146 * fall-back destination. smtp_reuse_session() will truncate the 1147 * address list when either limit is reached. 1148 */ 1149 if (addr_list && (state->misc_flags & SMTP_MISC_FLAG_CONN_LOAD)) { 1150 if (state->cache_used->used > 0) 1151 smtp_scrub_addr_list(state->cache_used, &addr_list); 1152 sess_count = addr_count = 1153 smtp_reuse_session(state, &addr_list, domain_best_pref); 1154 } else 1155 sess_count = addr_count = 0; 1156 1157 /* 1158 * Connect to an SMTP server: create primary MX connections, and 1159 * reuse or create backup MX connections. 1160 * 1161 * At the start of an SMTP session, all recipients are unmarked. In the 1162 * course of an SMTP session, recipients are marked as KEEP (deliver 1163 * to alternate mail server) or DROP (remove from recipient list). At 1164 * the end of an SMTP session, weed out the recipient list. Unmark 1165 * any left-over recipients and try to deliver them to a backup mail 1166 * server. 1167 * 1168 * Cache the first good session under the next-hop destination name. 1169 * Cache all good sessions under their physical endpoint. 1170 * 1171 * Don't query the session cache for primary MX hosts. We already did 1172 * that in smtp_reuse_session(), and if any were found in the cache, 1173 * they were already deleted from the address list. 1174 * 1175 * Currently, we use smtp_reuse_addr() only for SASL-unauthenticated 1176 * connections. Furthermore, we rely on smtp_reuse_addr() to look up 1177 * an existing SASL-unauthenticated connection only when a new 1178 * connection would be guaranteed not to require SASL authentication. 1179 * 1180 * In addition, we rely on smtp_reuse_addr() to look up an existing 1181 * plaintext connection only when a new connection would be 1182 * guaranteed not to use TLS. 1183 */ 1184 for (addr = addr_list; SMTP_RCPT_LEFT(state) > 0 && addr; addr = next) { 1185 next = addr->next; 1186 if (++addr_count == var_smtp_mxaddr_limit) 1187 next = 0; 1188 if (dns_rr_to_pa(addr, &hostaddr) == 0) { 1189 msg_warn("cannot convert type %s record to printable address", 1190 dns_strtype(addr->type)); 1191 /* XXX Assume there is no code at the end of this loop. */ 1192 continue; 1193 } 1194 SMTP_ITER_UPDATE_HOST(iter, SMTP_HNAME(addr), hostaddr.buf, addr); 1195 #ifdef USE_TLS 1196 if (!smtp_get_effective_tls_level(why, state)) { 1197 msg_warn("TLS policy lookup for %s/%s: %s", 1198 STR(iter->dest), STR(iter->host), STR(why->reason)); 1199 continue; 1200 /* XXX Assume there is no code at the end of this loop. */ 1201 } 1202 if (var_smtp_tls_wrappermode 1203 && state->tls->level < TLS_LEV_ENCRYPT) { 1204 msg_warn("%s requires \"%s = encrypt\" (or stronger)", 1205 VAR_LMTP_SMTP(TLS_WRAPPER), VAR_LMTP_SMTP(TLS_LEVEL)); 1206 continue; 1207 /* XXX Assume there is no code at the end of this loop. */ 1208 } 1209 /* Skip MX hosts that lack authorization. */ 1210 if (!smtp_tls_authorize_mx_hostname(state->tls, SMTP_HNAME(addr))) { 1211 continue; 1212 /* XXX Assume there is no code at the end of this loop. */ 1213 } 1214 1215 /* 1216 * Disable TLS when retrying after a handshake failure. This must 1217 * never happen when TLS is required. See PLAINTEXT_FALLBACK_OK 1218 * macros. 1219 * 1220 * By dropping the TLS level after smtp_get_effective_tls_level() 1221 * and smtp_tls_stat_activate_*(), we will properly record the 1222 * fallback for the TLS level etc. in TLS status logging. 1223 */ 1224 if (retry_plain) { 1225 state->tls->level = TLS_LEV_NONE; 1226 retry_plain = 0; 1227 } 1228 #endif 1229 if ((state->misc_flags & SMTP_MISC_FLAG_CONN_LOAD) == 0 1230 || addr->pref == domain_best_pref 1231 || !(session = smtp_reuse_addr(state, 1232 SMTP_KEY_MASK_SCACHE_ENDP_LABEL))) 1233 session = smtp_connect_addr(iter, why, state->misc_flags); 1234 if ((state->session = session) != 0) { 1235 session->state = state; 1236 #ifdef USE_TLS 1237 session->tls_nexthop = domain; 1238 1239 /* 1240 * Update TLSRPT state even if this is a reused SMTP 1241 * connection. If for some unlikely reason we must report a 1242 * problem, then we must report correct information. 1243 */ 1244 #ifdef USE_TLSRPT 1245 if (state->tlsrpt) { 1246 smtp_tlsrpt_set_tls_policy(state); 1247 smtp_tlsrpt_set_tcp_connection(state); 1248 } 1249 #endif /* USE_TLSRPT */ 1250 #endif 1251 if (addr->pref == domain_best_pref) 1252 session->features |= SMTP_FEATURE_BEST_MX; 1253 /* Don't count handshake errors towards the session limit. */ 1254 if ((state->misc_flags & SMTP_MISC_FLAG_FINAL_NEXTHOP) 1255 && next == 0) 1256 state->misc_flags |= SMTP_MISC_FLAG_FINAL_SERVER; 1257 if ((session->features & SMTP_FEATURE_FROM_CACHE) == 0 1258 && smtp_helo(state) != 0) { 1259 #ifdef USE_TLS 1260 1261 /* 1262 * When an opportunistic TLS handshake fails, try the 1263 * same address again, with TLS disabled. See also the 1264 * RETRY_AS_PLAINTEXT macro. 1265 */ 1266 if ((retry_plain = session->tls_retry_plain) != 0) { 1267 --addr_count; 1268 next = addr; 1269 } 1270 #endif 1271 1272 /* 1273 * When a TLS handshake fails, the stream is marked 1274 * "dead" to avoid further I/O over a broken channel. 1275 */ 1276 if (!THIS_SESSION_IS_FORBIDDEN 1277 && vstream_ferror(session->stream) == 0 1278 && vstream_feof(session->stream) == 0) 1279 smtp_quit(state); 1280 } else { 1281 /* Do count delivery errors towards the session limit. */ 1282 if (++sess_count == var_smtp_mxsess_limit) 1283 next = 0; 1284 if ((state->misc_flags & SMTP_MISC_FLAG_FINAL_NEXTHOP) 1285 && next == 0) 1286 state->misc_flags |= SMTP_MISC_FLAG_FINAL_SERVER; 1287 smtp_xfer(state); 1288 #ifdef USE_TLS 1289 1290 /* 1291 * When opportunistic TLS fails after the STARTTLS 1292 * handshake, try the same address again, with TLS 1293 * disabled. See also the RETRY_AS_PLAINTEXT macro. 1294 */ 1295 if ((retry_plain = session->tls_retry_plain) != 0) { 1296 --sess_count; 1297 --addr_count; 1298 next = addr; 1299 } 1300 #endif 1301 } 1302 smtp_cleanup_session(state); 1303 } else { 1304 /* The reason already includes the IP address and TCP port. */ 1305 msg_info("%s", STR(why->reason)); 1306 } 1307 /* XXX Code above assumes there is no code at this loop ending. */ 1308 } 1309 dns_rr_free(addr_list); 1310 if (iter->mx) { 1311 dns_rr_free(iter->mx); 1312 iter->mx = 0; /* Just in case */ 1313 } 1314 myfree(dest_buf); 1315 if (state->misc_flags & SMTP_MISC_FLAG_FINAL_NEXTHOP) 1316 break; 1317 } 1318 1319 /* 1320 * We still need to deliver, bounce or defer some left-over recipients: 1321 * either mail loops or some backup mail server was unavailable. 1322 */ 1323 if (SMTP_RCPT_LEFT(state) > 0) { 1324 1325 /* 1326 * In case of a "no error" indication we make up an excuse: we did 1327 * find the host address, but we did not attempt to connect to it. 1328 * This can happen when the fall-back relay was already tried via a 1329 * cached connection, so that the address list scrubber left behind 1330 * an empty list. 1331 */ 1332 if (!SMTP_HAS_DSN(why)) { 1333 dsb_simple(why, "4.3.0", 1334 "server unavailable or unable to receive mail"); 1335 } 1336 1337 /* 1338 * Pay attention to what could be configuration problems, and pretend 1339 * that these are recoverable rather than bouncing the mail. 1340 */ 1341 else if (!SMTP_HAS_SOFT_DSN(why)) { 1342 1343 /* 1344 * The fall-back destination did not resolve as expected, or it 1345 * is refusing to talk to us, or mail for it loops back to us. 1346 */ 1347 if (IS_FALLBACK_RELAY(cpp, sites, non_fallback_sites)) { 1348 msg_warn("%s configuration problem", VAR_SMTP_FALLBACK); 1349 vstring_strcpy(why->status, "4.3.5"); 1350 /* XXX Keep the diagnostic code and MTA. */ 1351 } 1352 1353 /* 1354 * The next-hop relayhost did not resolve as expected, or it is 1355 * refusing to talk to us, or mail for it loops back to us. 1356 * 1357 * XXX There is no equivalent safety net for mis-configured 1358 * sender-dependent relay hosts. The trivial-rewrite resolver 1359 * would have to flag the result, and the queue manager would 1360 * have to provide that information to delivery agents. 1361 */ 1362 else if (smtp_mode && strcmp(sites->argv[0], var_relayhost) == 0) { 1363 msg_warn("%s configuration problem", VAR_RELAYHOST); 1364 vstring_strcpy(why->status, "4.3.5"); 1365 /* XXX Keep the diagnostic code and MTA. */ 1366 } 1367 1368 /* 1369 * Mail for the next-hop destination loops back to myself. Pass 1370 * the mail to the best_mx_transport or bounce it. 1371 */ 1372 else if (smtp_mode && SMTP_HAS_LOOP_DSN(why) && *var_bestmx_transp) { 1373 dsb_reset(why); /* XXX */ 1374 state->status = deliver_pass_all(MAIL_CLASS_PRIVATE, 1375 var_bestmx_transp, 1376 request); 1377 SMTP_RCPT_LEFT(state) = 0; /* XXX */ 1378 } 1379 } 1380 } 1381 1382 /* 1383 * Cleanup. 1384 */ 1385 if (HAVE_SCACHE_REQUEST_NEXTHOP(state)) 1386 CLEAR_SCACHE_REQUEST_NEXTHOP(state); 1387 argv_free(sites); 1388 } 1389 1390 /* smtp_connect - establish SMTP connection */ 1391 1392 int smtp_connect(SMTP_STATE *state) 1393 { 1394 DELIVER_REQUEST *request = state->request; 1395 char *destination = request->nexthop; 1396 1397 /* 1398 * All deliveries proceed along the same lines, whether they are over TCP 1399 * or UNIX-domain sockets, and whether they use SMTP or LMTP: get a 1400 * connection from the cache or create a new connection; deliver mail; 1401 * update the connection cache or disconnect. 1402 * 1403 * The major differences appear at a higher level: the expansion from 1404 * destination to address list, and whether to stop before we reach the 1405 * end of that list. 1406 */ 1407 1408 /* 1409 * With LMTP we have direct-to-host delivery only. The destination may 1410 * have multiple IP addresses. 1411 */ 1412 if (!smtp_mode) { 1413 if (strncmp(destination, "unix:", 5) == 0) { 1414 smtp_connect_local(state, destination + 5); 1415 } else { 1416 if (strncmp(destination, "inet:", 5) == 0) 1417 destination += 5; 1418 smtp_connect_inet(state, destination, var_smtp_tcp_port); 1419 } 1420 } 1421 1422 /* 1423 * XXX We don't add support for "unix:" or "inet:" prefixes in SMTP 1424 * destinations, because that would break compatibility with existing 1425 * Postfix configurations that have a host with such a name. 1426 */ 1427 else { 1428 smtp_connect_inet(state, destination, var_smtp_tcp_port); 1429 } 1430 1431 /* 1432 * We still need to bounce or defer some left-over recipients: either 1433 * (SMTP) mail loops or some server was unavailable. 1434 * 1435 * We could avoid this (and the "final server" complexity) by keeping one 1436 * DSN structure per recipient in memory, by updating those in-memory 1437 * structures with each delivery attempt, and by always flushing all 1438 * deferred recipients at the end. We'd probably still want to bounce 1439 * recipients immediately, so we'd end up with another chunk of code for 1440 * defer logging only. 1441 */ 1442 if (SMTP_RCPT_LEFT(state) > 0) { 1443 state->misc_flags |= SMTP_MISC_FLAG_FINAL_SERVER; /* XXX */ 1444 smtp_sess_fail(state); 1445 1446 /* 1447 * Sanity check. Don't silently lose recipients. 1448 */ 1449 smtp_rcpt_cleanup(state); 1450 if (SMTP_RCPT_LEFT(state) > 0) 1451 msg_panic("smtp_connect: left-over recipients"); 1452 } 1453 return (state->status); 1454 } 1455
Indexes created Sat Jun 20 00:25:23 UTC 2026