318
323
STR(resp->dsn_buf)[0] = '4';
319
324
/* FALLTHROUGH */
321
return (smtp_site_fail(state, session->host, resp,
326
return (smtp_site_fail(state, STR(iter->host), resp,
322
327
"host %s refused to talk to me: %s",
323
328
session->namaddr,
324
329
translit(resp->str, "\n", " ")));
346
351
if (smtp_pix_bug_maps != 0
347
352
&& (pix_bug_words =
348
353
maps_find(smtp_pix_bug_maps,
349
state->session->addr, 0)) != 0) {
350
pix_bug_source = VAR_SMTP_PIX_BUG_MAPS;
354
STR(iter->addr), 0)) != 0) {
355
pix_bug_source = SMTP_X(PIX_BUG_MAPS);
352
357
pix_bug_words = var_smtp_pix_bug_words;
353
pix_bug_source = VAR_SMTP_PIX_BUG_WORDS;
358
pix_bug_source = SMTP_X(PIX_BUG_WORDS);
355
360
if (*pix_bug_words) {
356
361
pix_bug_mask = name_mask_opt(pix_bug_source, pix_bug_table,
405
410
* Return the compliment. Fall back to SMTP if our ESMTP recognition
406
411
* heuristic failed.
408
if ((state->misc_flags & SMTP_MISC_FLAG_USE_LMTP) == 0) {
409
414
where = "performing the EHLO handshake";
410
415
if (session->features & SMTP_FEATURE_ESMTP) {
411
416
smtp_chat_cmd(session, "EHLO %s", var_smtp_helo_name);
412
417
if ((resp = smtp_chat_resp(session))->code / 100 != 2) {
413
418
if (resp->code == 421)
414
return (smtp_site_fail(state, session->host, resp,
419
return (smtp_site_fail(state, STR(iter->host), resp,
415
420
"host %s refused to talk to me: %s",
416
421
session->namaddr,
417
422
translit(resp->str, "\n", " ")));
423
428
where = "performing the HELO handshake";
424
429
smtp_chat_cmd(session, "HELO %s", var_smtp_helo_name);
425
430
if ((resp = smtp_chat_resp(session))->code / 100 != 2)
426
return (smtp_site_fail(state, session->host, resp,
431
return (smtp_site_fail(state, STR(iter->host), resp,
427
432
"host %s refused to talk to me: %s",
428
433
session->namaddr,
429
434
translit(resp->str, "\n", " ")));
432
437
where = "performing the LHLO handshake";
433
438
smtp_chat_cmd(session, "LHLO %s", var_smtp_helo_name);
434
439
if ((resp = smtp_chat_resp(session))->code / 100 != 2)
435
return (smtp_site_fail(state, session->host, resp,
440
return (smtp_site_fail(state, STR(iter->host), resp,
436
441
"host %s refused to talk to me: %s",
437
442
session->namaddr,
438
443
translit(resp->str, "\n", " ")));
451
456
if (smtp_ehlo_dis_maps == 0
452
457
|| (ehlo_words = maps_find(smtp_ehlo_dis_maps,
453
state->session->addr, 0)) == 0)
458
STR(iter->addr), 0)) == 0)
454
459
ehlo_words = var_smtp_ehlo_dis_words;
455
460
if (smtp_ehlo_dis_maps && smtp_ehlo_dis_maps->error) {
456
461
msg_warn("%s: %s map lookup error for %s",
457
462
session->state->request->queue_id,
458
smtp_ehlo_dis_maps->title, state->session->addr);
463
smtp_ehlo_dis_maps->title, STR(iter->addr));
459
464
vstream_longjmp(session->stream, SMTP_ERR_DATA);
461
466
discard_mask = ehlo_mask(ehlo_words);
624
629
msg_info("Using %s PIPELINING, TCP send buffer size is %d, "
625
"PIPELINING buffer size is %d", (state->misc_flags &
626
SMTP_MISC_FLAG_USE_LMTP) ? "LMTP" : "ESMTP",
630
"PIPELINING buffer size is %d",
631
smtp_mode ? "ESMTP" : "LMTP",
627
632
tcp_bufsize, PIPELINING_BUFSIZE);
639
644
if ((session->features & SMTP_FEATURE_STARTTLS) &&
640
645
var_smtp_tls_note_starttls_offer &&
641
session->tls_level <= TLS_LEV_NONE)
642
msg_info("Host offered STARTTLS: [%s]", session->host);
646
session->tls->level <= TLS_LEV_NONE)
647
msg_info("Host offered STARTTLS: [%s]", STR(iter->host));
645
650
* Decide whether or not to send STARTTLS.
647
652
if ((session->features & SMTP_FEATURE_STARTTLS) != 0
648
&& smtp_tls_ctx != 0 && session->tls_level >= TLS_LEV_MAY) {
653
&& smtp_tls_ctx != 0 && session->tls->level >= TLS_LEV_MAY) {
651
656
* Prepare for disaster.
685
690
* although support for it was announced in the EHLO response.
687
692
session->features &= ~SMTP_FEATURE_STARTTLS;
688
if (session->tls_level >= TLS_LEV_ENCRYPT)
689
return (smtp_site_fail(state, session->host, resp,
693
if (TLS_REQUIRED(session->tls->level))
694
return (smtp_site_fail(state, STR(iter->host), resp,
690
695
"TLS is required, but host %s refused to start TLS: %s",
691
696
session->namaddr,
692
697
translit(resp->str, "\n", " ")));
700
705
* block. When TLS is required we must never, ever, end up in
701
706
* plain-text mode.
703
if (session->tls_level >= TLS_LEV_ENCRYPT) {
708
if (TLS_REQUIRED(session->tls->level)) {
704
709
if (!(session->features & SMTP_FEATURE_STARTTLS)) {
705
710
return (smtp_site_fail(state, DSN_BY_LOCAL_MTA,
706
711
SMTP_RESP_FAKE(&fake, "4.7.4"),
751
757
DONT_CACHE_THIS_SESSION;
754
* As of Postfix 2.5, tls_client_start() tries hard to always complete
755
* the TLS handshake. It records the verification and match status in the
756
* resulting TLScontext. It is now up to the application to abort the TLS
757
* connection if it chooses.
759
* XXX When tls_client_start() fails then we don't know what state the SMTP
760
* connection is in, so we give up on this connection even if we are not
761
* required to use TLS.
763
760
* The following assumes sites that use TLS in a perverse configuration:
764
761
* multiple hosts per hostname, or even multiple hosts per IP address.
765
762
* All this without a shared TLS session cache, and they still want to
779
776
* ehlo response name to build a lookup key that works for split caches
780
777
* (that announce distinct names) behind a load balancer.
782
* XXX: The TLS library may salt the serverid with further details of the
783
* protocol and cipher requirements.
779
* XXX: The TLS library will salt the serverid with further details of the
780
* protocol and cipher requirements including the server ehlo response.
781
* Deferring the helo to the digested suffix results in more predictable
782
* SSL session lookup key lengths.
784
serverid = vstring_alloc(10);
785
smtp_key_prefix(serverid, "&", state->iterator, SMTP_KEY_FLAG_SERVICE
786
| SMTP_KEY_FLAG_NEXTHOP /* With port */
787
| SMTP_KEY_FLAG_HOSTNAME
788
| SMTP_KEY_FLAG_ADDR);
791
* As of Postfix 2.5, tls_client_start() tries hard to always complete
792
* the TLS handshake. It records the verification and match status in the
793
* resulting TLScontext. It is now up to the application to abort the TLS
794
* connection if it chooses.
796
* XXX When tls_client_start() fails then we don't know what state the SMTP
797
* connection is in, so we give up on this connection even if we are not
798
* required to use TLS.
785
800
* Large parameter lists are error-prone, so we emulate a language feature
786
801
* that C does not have natively: named parameter lists.
788
serverid = vstring_alloc(10);
789
vstring_sprintf(serverid, "%s:%s:%u:%s", state->service, session->addr,
790
ntohs(session->port), session->helo ? session->helo : "");
791
803
session->tls_context =
792
804
TLS_CLIENT_START(&tls_props,
793
805
ctx = smtp_tls_ctx,
794
806
stream = session->stream,
795
807
timeout = var_smtp_starttls_tmout,
796
tls_level = session->tls_level,
808
tls_level = session->tls->level,
797
809
nexthop = session->tls_nexthop,
798
host = session->host,
810
host = STR(iter->host),
799
811
namaddr = session->namaddrport,
800
812
serverid = vstring_str(serverid),
801
protocols = session->tls_protocols,
802
cipher_grade = session->tls_grade,
813
helo = session->helo,
814
protocols = session->tls->protocols,
815
cipher_grade = session->tls->grade,
803
816
cipher_exclusions
804
= vstring_str(session->tls_exclusions),
805
matchargv = session->tls_matchargv,
806
fpt_dgst = var_smtp_tls_fpt_dgst);
817
= vstring_str(session->tls->exclusions),
818
matchargv = session->tls->matchargv,
819
mdalg = var_smtp_tls_fpt_dgst,
820
dane = session->tls->dane);
807
821
vstring_free(serverid);
809
823
if (session->tls_context == 0) {
843
857
* server, so no need to disable I/O, ... we can even be polite and send
846
* See src/tls/tls_level.c. Levels above encrypt require matching. Levels >=
847
* verify require CA trust.
860
* See src/tls/tls_level.c and src/tls/tls.h. Levels above "encrypt" require
861
* matching. Levels >= "dane" require CA or DNSSEC trust.
863
* When DANE TLSA records specify an end-entity certificate, the trust and
864
* match bits always coincide, but it is fine to report the wrong
865
* end-entity certificate as untrusted rather than unmatched.
849
if (session->tls_level >= TLS_LEV_VERIFY)
867
if (TLS_MUST_TRUST(session->tls->level))
850
868
if (!TLS_CERT_IS_TRUSTED(session->tls_context))
851
869
return (smtp_site_fail(state, DSN_BY_LOCAL_MTA,
852
870
SMTP_RESP_FAKE(&fake, "4.7.5"),
853
871
"Server certificate not trusted"));
854
if (session->tls_level > TLS_LEV_ENCRYPT)
872
if (TLS_MUST_MATCH(session->tls->level))
855
873
if (!TLS_CERT_IS_MATCHED(session->tls_context))
856
874
return (smtp_site_fail(state, DSN_BY_LOCAL_MTA,
857
875
SMTP_RESP_FAKE(&fake, "4.7.5"),
858
876
"Server certificate not verified"));
861
878
/* At this point there must not be any pending plaintext. */
862
879
vstream_fpurge(session->stream, VSTREAM_PURGE_BOTH);
1638
1656
case SMTP_STATE_MAIL:
1639
1657
if (resp->code / 100 != 2) {
1640
smtp_mesg_fail(state, session->host, resp,
1658
smtp_mesg_fail(state, STR(iter->host), resp,
1641
1659
"host %s said: %s (in reply to %s)",
1642
1660
session->namaddr,
1643
1661
translit(resp->str, "\n", " "),
1709
1727
smtp_rcpt_done(state, resp, rcpt);
1712
smtp_rcpt_fail(state, rcpt, session->host, resp,
1730
smtp_rcpt_fail(state, rcpt, STR(iter->host), resp,
1713
1731
"host %s said: %s (in reply to %s)",
1714
1732
session->namaddr,
1715
1733
translit(resp->str, "\n", " "),
1731
1749
case SMTP_STATE_DATA:
1732
1750
if (resp->code / 100 != 3) {
1734
smtp_mesg_fail(state, session->host, resp,
1752
smtp_mesg_fail(state, STR(iter->host), resp,
1735
1753
"host %s said: %s (in reply to %s)",
1736
1754
session->namaddr,
1737
1755
translit(resp->str, "\n", " "),
1753
1771
case SMTP_STATE_DOT:
1754
1772
GETTIMEOFDAY(&request->msg_stats.deliver_done);
1755
if ((state->misc_flags & SMTP_MISC_FLAG_USE_LMTP) == 0) {
1756
1774
if (nrcpt > 0) {
1757
1775
if (resp->code / 100 != 2) {
1758
smtp_mesg_fail(state, session->host, resp,
1776
smtp_mesg_fail(state, STR(iter->host), resp,
1759
1777
"host %s said: %s (in reply to %s)",
1760
1778
session->namaddr,
1761
1779
translit(resp->str, "\n", " "),
1782
1800
rcpt = request->rcpt_list.info
1783
1801
+ survivors[recv_done++];
1784
1802
if (resp->code / 100 != 2) {
1785
smtp_rcpt_fail(state, rcpt, session->host, resp,
1803
smtp_rcpt_fail(state, rcpt, STR(iter->host), resp,
1786
1804
"host %s said: %s (in reply to %s)",
1787
1805
session->namaddr,
1788
1806
translit(resp->str, "\n", " "),