← Back to branch summary

~ubuntu-branches/debian/sid/postfix/sid

« back to all changes in this revision

Viewing changes to src/smtp/smtp_proto.c

  • Committer: Package Import Robot
  • Author(s): LaMont Jones, LaMont Jones, localization folks
  • Date: 2014-02-11 07:44:30 UTC
  • mfrom: (1.1.41)
  • Revision ID: package-import@ubuntu.com-20140211074430-91tdwgjriazawdz4
Tags: 2.11.0-1
http://bugs.debian.org/734893
[LaMont Jones]

* New upstream release: 2.11.0

[localization folks]

* l10n: Updated German translations.  Closes: #734893 (Helge Kreutzmann)

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/smtp/smtp_proto.c
236
236
     && (session->features & SMTP_FEATURE_8BITMIME) == 0 \
237
237
     && strcmp(request->encoding, MAIL_ATTR_ENC_7BIT) != 0)
238
238
 
 
239
#ifdef USE_TLS
 
240
 
239
241
static int smtp_start_tls(SMTP_STATE *);
240
242
 
 
243
#endif
 
244
 
241
245
 /*
242
246
  * Call-back information for header/body checks. We don't provide call-backs
243
247
  * for actions that change the message delivery time or destination.
257
261
    const char *myname = "smtp_helo";
258
262
    SMTP_SESSION *session = state->session;
259
263
    DELIVER_REQUEST *request = state->request;
 
264
    SMTP_ITERATOR *iter = state->iterator;
260
265
    SMTP_RESP *resp;
261
266
    SMTP_RESP fake;
262
267
    int     except;
318
323
                STR(resp->dsn_buf)[0] = '4';
319
324
            /* FALLTHROUGH */
320
325
        default:
321
 
            return (smtp_site_fail(state, session->host, resp,
 
326
            return (smtp_site_fail(state, STR(iter->host), resp,
322
327
                                   "host %s refused to talk to me: %s",
323
328
                                   session->namaddr,
324
329
                                   translit(resp->str, "\n", " ")));
329
334
         * now.
330
335
         */
331
336
#ifdef USE_TLS
332
 
        if (session->tls_level == TLS_LEV_INVALID)
 
337
        if (session->tls->level == TLS_LEV_INVALID)
333
338
            /* Warning is already logged. */
334
339
            return (smtp_site_fail(state, DSN_BY_LOCAL_MTA,
335
340
                                   SMTP_RESP_FAKE(&fake, "4.7.0"),
346
351
            if (smtp_pix_bug_maps != 0
347
352
                && (pix_bug_words =
348
353
                    maps_find(smtp_pix_bug_maps,
349
 
                              state->session->addr, 0)) != 0) {
350
 
                pix_bug_source = VAR_SMTP_PIX_BUG_MAPS;
 
354
                              STR(iter->addr), 0)) != 0) {
 
355
                pix_bug_source = SMTP_X(PIX_BUG_MAPS);
351
356
            } else {
352
357
                pix_bug_words = var_smtp_pix_bug_words;
353
 
                pix_bug_source = VAR_SMTP_PIX_BUG_WORDS;
 
358
                pix_bug_source = SMTP_X(PIX_BUG_WORDS);
354
359
            }
355
360
            if (*pix_bug_words) {
356
361
                pix_bug_mask = name_mask_opt(pix_bug_source, pix_bug_table,
381
386
            } else if (strcasecmp(word, "ESMTP") == 0)
382
387
                session->features |= SMTP_FEATURE_ESMTP;
383
388
        }
384
 
        if ((state->misc_flags & SMTP_MISC_FLAG_USE_LMTP) == 0) {
 
389
        if (smtp_mode) {
385
390
            if (var_smtp_always_ehlo
386
391
                && (session->features & SMTP_FEATURE_PIX_NO_ESMTP) == 0)
387
392
                session->features |= SMTP_FEATURE_ESMTP;
405
410
     * Return the compliment. Fall back to SMTP if our ESMTP recognition
406
411
     * heuristic failed.
407
412
     */
408
 
    if ((state->misc_flags & SMTP_MISC_FLAG_USE_LMTP) == 0) {
 
413
    if (smtp_mode) {
409
414
        where = "performing the EHLO handshake";
410
415
        if (session->features & SMTP_FEATURE_ESMTP) {
411
416
            smtp_chat_cmd(session, "EHLO %s", var_smtp_helo_name);
412
417
            if ((resp = smtp_chat_resp(session))->code / 100 != 2) {
413
418
                if (resp->code == 421)
414
 
                    return (smtp_site_fail(state, session->host, resp,
 
419
                    return (smtp_site_fail(state, STR(iter->host), resp,
415
420
                                        "host %s refused to talk to me: %s",
416
421
                                           session->namaddr,
417
422
                                           translit(resp->str, "\n", " ")));
423
428
            where = "performing the HELO handshake";
424
429
            smtp_chat_cmd(session, "HELO %s", var_smtp_helo_name);
425
430
            if ((resp = smtp_chat_resp(session))->code / 100 != 2)
426
 
                return (smtp_site_fail(state, session->host, resp,
 
431
                return (smtp_site_fail(state, STR(iter->host), resp,
427
432
                                       "host %s refused to talk to me: %s",
428
433
                                       session->namaddr,
429
434
                                       translit(resp->str, "\n", " ")));
432
437
        where = "performing the LHLO handshake";
433
438
        smtp_chat_cmd(session, "LHLO %s", var_smtp_helo_name);
434
439
        if ((resp = smtp_chat_resp(session))->code / 100 != 2)
435
 
            return (smtp_site_fail(state, session->host, resp,
 
440
            return (smtp_site_fail(state, STR(iter->host), resp,
436
441
                                   "host %s refused to talk to me: %s",
437
442
                                   session->namaddr,
438
443
                                   translit(resp->str, "\n", " ")));
450
455
         */
451
456
        if (smtp_ehlo_dis_maps == 0
452
457
            || (ehlo_words = maps_find(smtp_ehlo_dis_maps,
453
 
                                       state->session->addr, 0)) == 0)
 
458
                                       STR(iter->addr), 0)) == 0)
454
459
            ehlo_words = var_smtp_ehlo_dis_words;
455
460
        if (smtp_ehlo_dis_maps && smtp_ehlo_dis_maps->error) {
456
461
            msg_warn("%s: %s map lookup error for %s",
457
462
                     session->state->request->queue_id,
458
 
                     smtp_ehlo_dis_maps->title, state->session->addr);
 
463
                     smtp_ehlo_dis_maps->title, STR(iter->addr));
459
464
            vstream_longjmp(session->stream, SMTP_ERR_DATA);
460
465
        }
461
466
        discard_mask = ehlo_mask(ehlo_words);
622
627
        }
623
628
        if (msg_verbose)
624
629
            msg_info("Using %s PIPELINING, TCP send buffer size is %d, "
625
 
                     "PIPELINING buffer size is %d", (state->misc_flags &
626
 
                                SMTP_MISC_FLAG_USE_LMTP) ? "LMTP" : "ESMTP",
 
630
                     "PIPELINING buffer size is %d",
 
631
                     smtp_mode ? "ESMTP" : "LMTP",
627
632
                     tcp_bufsize, PIPELINING_BUFSIZE);
628
633
    }
629
634
#ifdef USE_TLS
638
643
         */
639
644
        if ((session->features & SMTP_FEATURE_STARTTLS) &&
640
645
            var_smtp_tls_note_starttls_offer &&
641
 
            session->tls_level <= TLS_LEV_NONE)
642
 
            msg_info("Host offered STARTTLS: [%s]", session->host);
 
646
            session->tls->level <= TLS_LEV_NONE)
 
647
            msg_info("Host offered STARTTLS: [%s]", STR(iter->host));
643
648
 
644
649
        /*
645
650
         * Decide whether or not to send STARTTLS.
646
651
         */
647
652
        if ((session->features & SMTP_FEATURE_STARTTLS) != 0
648
 
            && smtp_tls_ctx != 0 && session->tls_level >= TLS_LEV_MAY) {
 
653
            && smtp_tls_ctx != 0 && session->tls->level >= TLS_LEV_MAY) {
649
654
 
650
655
            /*
651
656
             * Prepare for disaster.
685
690
             * although support for it was announced in the EHLO response.
686
691
             */
687
692
            session->features &= ~SMTP_FEATURE_STARTTLS;
688
 
            if (session->tls_level >= TLS_LEV_ENCRYPT)
689
 
                return (smtp_site_fail(state, session->host, resp,
 
693
            if (TLS_REQUIRED(session->tls->level))
 
694
                return (smtp_site_fail(state, STR(iter->host), resp,
690
695
                    "TLS is required, but host %s refused to start TLS: %s",
691
696
                                       session->namaddr,
692
697
                                       translit(resp->str, "\n", " ")));
700
705
         * block. When TLS is required we must never, ever, end up in
701
706
         * plain-text mode.
702
707
         */
703
 
        if (session->tls_level >= TLS_LEV_ENCRYPT) {
 
708
        if (TLS_REQUIRED(session->tls->level)) {
704
709
            if (!(session->features & SMTP_FEATURE_STARTTLS)) {
705
710
                return (smtp_site_fail(state, DSN_BY_LOCAL_MTA,
706
711
                                       SMTP_RESP_FAKE(&fake, "4.7.4"),
735
740
static int smtp_start_tls(SMTP_STATE *state)
736
741
{
737
742
    SMTP_SESSION *session = state->session;
 
743
    SMTP_ITERATOR *iter = state->iterator;
738
744
    TLS_CLIENT_START_PROPS tls_props;
739
745
    VSTRING *serverid;
740
746
    SMTP_RESP fake;
751
757
    DONT_CACHE_THIS_SESSION;
752
758
 
753
759
    /*
754
 
     * As of Postfix 2.5, tls_client_start() tries hard to always complete
755
 
     * the TLS handshake. It records the verification and match status in the
756
 
     * resulting TLScontext. It is now up to the application to abort the TLS
757
 
     * connection if it chooses.
758
 
     * 
759
 
     * XXX When tls_client_start() fails then we don't know what state the SMTP
760
 
     * connection is in, so we give up on this connection even if we are not
761
 
     * required to use TLS.
762
 
     * 
763
760
     * The following assumes sites that use TLS in a perverse configuration:
764
761
     * multiple hosts per hostname, or even multiple hosts per IP address.
765
762
     * All this without a shared TLS session cache, and they still want to
779
776
     * ehlo response name to build a lookup key that works for split caches
780
777
     * (that announce distinct names) behind a load balancer.
781
778
     * 
782
 
     * XXX: The TLS library may salt the serverid with further details of the
783
 
     * protocol and cipher requirements.
 
779
     * XXX: The TLS library will salt the serverid with further details of the
 
780
     * protocol and cipher requirements including the server ehlo response.
 
781
     * Deferring the helo to the digested suffix results in more predictable
 
782
     * SSL session lookup key lengths.
 
783
     */
 
784
    serverid = vstring_alloc(10);
 
785
    smtp_key_prefix(serverid, "&", state->iterator, SMTP_KEY_FLAG_SERVICE
 
786
                    | SMTP_KEY_FLAG_NEXTHOP     /* With port */
 
787
                    | SMTP_KEY_FLAG_HOSTNAME
 
788
                    | SMTP_KEY_FLAG_ADDR);
 
789
 
 
790
    /*
 
791
     * As of Postfix 2.5, tls_client_start() tries hard to always complete
 
792
     * the TLS handshake. It records the verification and match status in the
 
793
     * resulting TLScontext. It is now up to the application to abort the TLS
 
794
     * connection if it chooses.
 
795
     * 
 
796
     * XXX When tls_client_start() fails then we don't know what state the SMTP
 
797
     * connection is in, so we give up on this connection even if we are not
 
798
     * required to use TLS.
784
799
     * 
785
800
     * Large parameter lists are error-prone, so we emulate a language feature
786
801
     * that C does not have natively: named parameter lists.
787
802
     */
788
 
    serverid = vstring_alloc(10);
789
 
    vstring_sprintf(serverid, "%s:%s:%u:%s", state->service, session->addr,
790
 
                  ntohs(session->port), session->helo ? session->helo : "");
791
803
    session->tls_context =
792
804
        TLS_CLIENT_START(&tls_props,
793
805
                         ctx = smtp_tls_ctx,
794
806
                         stream = session->stream,
795
807
                         timeout = var_smtp_starttls_tmout,
796
 
                         tls_level = session->tls_level,
 
808
                         tls_level = session->tls->level,
797
809
                         nexthop = session->tls_nexthop,
798
 
                         host = session->host,
 
810
                         host = STR(iter->host),
799
811
                         namaddr = session->namaddrport,
800
812
                         serverid = vstring_str(serverid),
801
 
                         protocols = session->tls_protocols,
802
 
                         cipher_grade = session->tls_grade,
 
813
                         helo = session->helo,
 
814
                         protocols = session->tls->protocols,
 
815
                         cipher_grade = session->tls->grade,
803
816
                         cipher_exclusions
804
 
                         = vstring_str(session->tls_exclusions),
805
 
                         matchargv = session->tls_matchargv,
806
 
                         fpt_dgst = var_smtp_tls_fpt_dgst);
 
817
                         = vstring_str(session->tls->exclusions),
 
818
                         matchargv = session->tls->matchargv,
 
819
                         mdalg = var_smtp_tls_fpt_dgst,
 
820
                         dane = session->tls->dane);
807
821
    vstring_free(serverid);
808
822
 
809
823
    if (session->tls_context == 0) {
824
838
         * plaintext connections, then we don't want delivery to fail with
825
839
         * "relay access denied".
826
840
         */
827
 
        if (session->tls_level == TLS_LEV_MAY
 
841
        if (session->tls->level == TLS_LEV_MAY
828
842
#ifdef USE_SASL_AUTH
829
843
            && !(var_smtp_sasl_enable
830
844
                 && *var_smtp_sasl_passwd
843
857
     * server, so no need to disable I/O, ... we can even be polite and send
844
858
     * "QUIT".
845
859
     * 
846
 
     * See src/tls/tls_level.c. Levels above encrypt require matching. Levels >=
847
 
     * verify require CA trust.
 
860
     * See src/tls/tls_level.c and src/tls/tls.h. Levels above "encrypt" require
 
861
     * matching.  Levels >= "dane" require CA or DNSSEC trust.
 
862
     * 
 
863
     * When DANE TLSA records specify an end-entity certificate, the trust and
 
864
     * match bits always coincide, but it is fine to report the wrong
 
865
     * end-entity certificate as untrusted rather than unmatched.
848
866
     */
849
 
    if (session->tls_level >= TLS_LEV_VERIFY)
 
867
    if (TLS_MUST_TRUST(session->tls->level))
850
868
        if (!TLS_CERT_IS_TRUSTED(session->tls_context))
851
869
            return (smtp_site_fail(state, DSN_BY_LOCAL_MTA,
852
870
                                   SMTP_RESP_FAKE(&fake, "4.7.5"),
853
871
                                   "Server certificate not trusted"));
854
 
    if (session->tls_level > TLS_LEV_ENCRYPT)
 
872
    if (TLS_MUST_MATCH(session->tls->level))
855
873
        if (!TLS_CERT_IS_MATCHED(session->tls_context))
856
874
            return (smtp_site_fail(state, DSN_BY_LOCAL_MTA,
857
875
                                   SMTP_RESP_FAKE(&fake, "4.7.5"),
858
876
                                   "Server certificate not verified"));
859
877
 
860
 
 
861
878
    /* At this point there must not be any pending plaintext. */
862
879
    vstream_fpurge(session->stream, VSTREAM_PURGE_BOTH);
863
880
 
1127
1144
    const char *myname = "smtp_loop";
1128
1145
    DELIVER_REQUEST *request = state->request;
1129
1146
    SMTP_SESSION *session = state->session;
 
1147
    SMTP_ITERATOR *iter = state->iterator;
1130
1148
    SMTP_RESP *resp;
1131
1149
    RECIPIENT *rcpt;
1132
1150
    VSTRING *next_command = vstring_alloc(100);
1637
1655
                     */
1638
1656
                case SMTP_STATE_MAIL:
1639
1657
                    if (resp->code / 100 != 2) {
1640
 
                        smtp_mesg_fail(state, session->host, resp,
 
1658
                        smtp_mesg_fail(state, STR(iter->host), resp,
1641
1659
                                       "host %s said: %s (in reply to %s)",
1642
1660
                                       session->namaddr,
1643
1661
                                       translit(resp->str, "\n", " "),
1662
1680
                                       "unexpected server message");
1663
1681
                        msg_warn("server %s violates %s policy",
1664
1682
                                 session->namaddr,
1665
 
                                 VAR_SMTP_TLS_BLK_EARLY_MAIL_REPLY);
 
1683
                                 SMTP_X(TLS_BLK_EARLY_MAIL_REPLY));
1666
1684
                        mail_from_rejected = 1;
1667
1685
                    }
1668
1686
#endif
1695
1713
#endif
1696
1714
                        rcpt = request->rcpt_list.info + recv_rcpt;
1697
1715
                        if (resp->code / 100 == 2) {
1698
 
                            if (state->misc_flags & SMTP_MISC_FLAG_USE_LMTP) {
 
1716
                            if (!smtp_mode) {
1699
1717
                                if (survivors == 0)
1700
1718
                                    survivors = (int *)
1701
1719
                                        mymalloc(request->rcpt_list.len
1709
1727
                                smtp_rcpt_done(state, resp, rcpt);
1710
1728
                            }
1711
1729
                        } else {
1712
 
                            smtp_rcpt_fail(state, rcpt, session->host, resp,
 
1730
                            smtp_rcpt_fail(state, rcpt, STR(iter->host), resp,
1713
1731
                                        "host %s said: %s (in reply to %s)",
1714
1732
                                           session->namaddr,
1715
1733
                                           translit(resp->str, "\n", " "),
1731
1749
                case SMTP_STATE_DATA:
1732
1750
                    if (resp->code / 100 != 3) {
1733
1751
                        if (nrcpt > 0)
1734
 
                            smtp_mesg_fail(state, session->host, resp,
 
1752
                            smtp_mesg_fail(state, STR(iter->host), resp,
1735
1753
                                        "host %s said: %s (in reply to %s)",
1736
1754
                                           session->namaddr,
1737
1755
                                           translit(resp->str, "\n", " "),
1752
1770
                     */
1753
1771
                case SMTP_STATE_DOT:
1754
1772
                    GETTIMEOFDAY(&request->msg_stats.deliver_done);
1755
 
                    if ((state->misc_flags & SMTP_MISC_FLAG_USE_LMTP) == 0) {
 
1773
                    if (smtp_mode) {
1756
1774
                        if (nrcpt > 0) {
1757
1775
                            if (resp->code / 100 != 2) {
1758
 
                                smtp_mesg_fail(state, session->host, resp,
 
1776
                                smtp_mesg_fail(state, STR(iter->host), resp,
1759
1777
                                        "host %s said: %s (in reply to %s)",
1760
1778
                                               session->namaddr,
1761
1779
                                             translit(resp->str, "\n", " "),
1782
1800
                            rcpt = request->rcpt_list.info
1783
1801
                                + survivors[recv_done++];
1784
1802
                            if (resp->code / 100 != 2) {
1785
 
                                smtp_rcpt_fail(state, rcpt, session->host, resp,
 
1803
                                smtp_rcpt_fail(state, rcpt, STR(iter->host), resp,
1786
1804
                                        "host %s said: %s (in reply to %s)",
1787
1805
                                               session->namaddr,
1788
1806
                                             translit(resp->str, "\n", " "),