2 * Copyright (c) 1998-2006 Sendmail, Inc. and its suppliers.
4 * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
5 * Copyright (c) 1988, 1993
6 * The Regents of the University of California. All rights reserved.
8 * By using this file, you agree to the terms and conditions set
9 * forth in the LICENSE file which can be found at the top level of
10 * the sendmail distribution.
16 # include <libmilter/mfapi.h>
17 # include <libmilter/mfdef.h>
20 SM_RCSID("@(#)$Id: srvrsmtp.c,v 8.960 2007/02/07 20:18:47 ca Exp $")
27 #endif /* SASL || STARTTLS */
29 # define ENC64LEN(l) (((l) + 2) * 4 / 3 + 1)
30 static int saslmechs __P((sasl_conn_t *, char **));
33 # include <sysexits.h>
35 static SSL_CTX *srv_ctx = NULL; /* TLS server context */
36 static SSL *srv_ssl = NULL; /* per connection context */
38 static bool tls_ok_srv = false;
40 # define TLS_VERIFY_CLIENT() tls_set_verify(srv_ctx, srv_ssl, \
41 bitset(SRV_VRFY_CLT, features))
45 static bool NotFirstDelivery = false;
46 #endif /* _FFR_DM_ONE */
49 #define SRV_NONE 0x0000 /* none... */
50 #define SRV_OFFER_TLS 0x0001 /* offer STARTTLS */
51 #define SRV_VRFY_CLT 0x0002 /* request a cert */
52 #define SRV_OFFER_AUTH 0x0004 /* offer AUTH */
53 #define SRV_OFFER_ETRN 0x0008 /* offer ETRN */
54 #define SRV_OFFER_VRFY 0x0010 /* offer VRFY (not yet used) */
55 #define SRV_OFFER_EXPN 0x0020 /* offer EXPN */
56 #define SRV_OFFER_VERB 0x0040 /* offer VERB */
57 #define SRV_OFFER_DSN 0x0080 /* offer DSN */
59 # define SRV_OFFER_PIPE 0x0100 /* offer PIPELINING */
61 # define SRV_NO_PIPE 0x0200 /* disable PIPELINING, sleep if used */
62 # endif /* _FFR_NO_PIPE */
63 #endif /* PIPELINING */
64 #define SRV_REQ_AUTH 0x0400 /* require AUTH */
65 #define SRV_REQ_SEC 0x0800 /* require security - equiv to AuthOptions=p */
66 #define SRV_TMP_FAIL 0x1000 /* ruleset caused a temporary failure */
68 static unsigned int srvfeatures __P((ENVELOPE *, char *, unsigned int));
70 #define STOP_ATTACK ((time_t) -1)
71 static time_t checksmtpattack __P((volatile unsigned int *, unsigned int,
72 bool, char *, ENVELOPE *));
73 static void printvrfyaddr __P((ADDRESS *, bool, bool));
74 static char *skipword __P((char *volatile, char *));
75 static void setup_smtpd_io __P((void));
79 static int reset_saslconn __P((sasl_conn_t **_conn, char *_hostname,
80 char *_remoteip, char *_localip,
81 char *_auth_id, sasl_ssf_t *_ext_ssf));
83 # define RESET_SASLCONN \
86 result = reset_saslconn(&conn, AuthRealm, remoteip, \
87 localip, auth_id, &ext_ssf); \
88 if (result != SASL_OK) \
92 # else /* SASL >= 20000 */
93 static int reset_saslconn __P((sasl_conn_t **_conn, char *_hostname,
94 struct sockaddr_in *_saddr_r,
95 struct sockaddr_in *_saddr_l,
96 sasl_external_properties_t *_ext_ssf));
97 # define RESET_SASLCONN \
100 result = reset_saslconn(&conn, AuthRealm, &saddr_r, \
101 &saddr_l, &ext_ssf); \
102 if (result != SASL_OK) \
106 # endif /* SASL >= 20000 */
109 extern ENVELOPE BlankEnvelope;
115 (void) sm_snprintf(buf, sizeof(buf), "%d", \
116 BadRcptThrottle > 0 && n_badrcpts > BadRcptThrottle \
117 ? n_badrcpts - 1 : n_badrcpts); \
118 macdefine(&e->e_macro, A_TEMP, macid("{nbadrcpts}"), buf); \
121 #define SKIP_SPACE(s) while (isascii(*s) && isspace(*s)) \
125 ** PARSE_ESMTP_ARGS -- parse EMSTP arguments (for MAIL, RCPT)
129 ** addr_st -- address (RCPT only)
131 ** delimptr -- current position in read buffer
132 ** which -- MAIL/RCPT
133 ** args -- arguments (output)
134 ** esmtp_args -- function to process a single ESMTP argument
141 parse_esmtp_args(e, addr_st, p, delimptr, which, args, esmtp_args)
148 esmtp_args_F esmtp_args;
156 while (p != NULL && *p != '\0')
162 /* locate the beginning of the keyword */
168 /* skip to the value portion */
169 while ((isascii(*p) && isalnum(*p)) || *p == '-')
177 /* skip to the end of the value */
178 while (*p != '\0' && *p != ' ' &&
179 !(isascii(*p) && iscntrl(*p)) &&
188 sm_dprintf("%s: got arg %s=\"%s\"\n", which, kp,
189 vp == NULL ? "<null>" : vp);
191 esmtp_args(addr_st, kp, vp, e);
197 if (argno >= MAXSMTPARGS - 1)
198 usrerr("501 5.5.4 Too many parameters");
207 ** SMTP -- run the SMTP protocol.
210 ** nullserver -- if non-NULL, rejection message for
211 ** (almost) all SMTP commands.
212 ** d_flags -- daemon flags
213 ** e -- the envelope.
219 ** Reads commands from the input channel and processes them.
223 ** Notice: The smtp server doesn't have a session context like the client
224 ** side has (mci). Therefore some data (session oriented) is allocated
225 ** or assigned to the "wrong" structure (esp. STARTTLS, AUTH).
226 ** This should be fixed in a successor version.
231 char *cmd_name; /* command name */
232 int cmd_code; /* internal code, see below */
235 /* values for cmd_code */
236 #define CMDERROR 0 /* bad command */
237 #define CMDMAIL 1 /* mail -- designate sender */
238 #define CMDRCPT 2 /* rcpt -- designate recipient */
239 #define CMDDATA 3 /* data -- send message text */
240 #define CMDRSET 4 /* rset -- reset state */
241 #define CMDVRFY 5 /* vrfy -- verify address */
242 #define CMDEXPN 6 /* expn -- expand address */
243 #define CMDNOOP 7 /* noop -- do nothing */
244 #define CMDQUIT 8 /* quit -- close connection and die */
245 #define CMDHELO 9 /* helo -- be polite */
246 #define CMDHELP 10 /* help -- give usage info */
247 #define CMDEHLO 11 /* ehlo -- extended helo (RFC 1425) */
248 #define CMDETRN 12 /* etrn -- flush queue */
250 # define CMDAUTH 13 /* auth -- SASL authenticate */
253 # define CMDSTLS 14 /* STARTTLS -- start TLS session */
254 #endif /* STARTTLS */
255 /* non-standard commands */
256 #define CMDVERB 17 /* verb -- go into verbose mode */
257 /* unimplemented commands from RFC 821 */
258 #define CMDUNIMPL 19 /* unimplemented rfc821 commands */
259 /* use this to catch and log "door handle" attempts on your system */
260 #define CMDLOGBOGUS 23 /* bogus command that should be logged */
261 /* debugging-only commands, only enabled if SMTPDEBUG is defined */
262 #define CMDDBGQSHOW 24 /* showq -- show send queue */
263 #define CMDDBGDEBUG 25 /* debug -- set debug mode */
266 ** Note: If you change this list, remember to update 'helpfile'
269 static struct cmd CmdTab[] =
284 { "send", CMDUNIMPL },
285 { "saml", CMDUNIMPL },
286 { "soml", CMDUNIMPL },
287 { "turn", CMDUNIMPL },
289 { "auth", CMDAUTH, },
292 { "starttls", CMDSTLS, },
293 #endif /* STARTTLS */
294 /* remaining commands are here only to trap and log attempts to use them */
295 { "showq", CMDDBGQSHOW },
296 { "debug", CMDDBGDEBUG },
297 { "wiz", CMDLOGBOGUS },
302 static char *CurSmtpClient; /* who's at the other end of channel */
304 #ifndef MAXBADCOMMANDS
305 # define MAXBADCOMMANDS 25 /* maximum number of bad commands */
306 #endif /* ! MAXBADCOMMANDS */
307 #ifndef MAXHELOCOMMANDS
308 # define MAXHELOCOMMANDS 3 /* max HELO/EHLO commands before slowdown */
309 #endif /* ! MAXHELOCOMMANDS */
310 #ifndef MAXVRFYCOMMANDS
311 # define MAXVRFYCOMMANDS 6 /* max VRFY/EXPN commands before slowdown */
312 #endif /* ! MAXVRFYCOMMANDS */
313 #ifndef MAXETRNCOMMANDS
314 # define MAXETRNCOMMANDS 8 /* max ETRN commands before slowdown */
315 #endif /* ! MAXETRNCOMMANDS */
317 # define MAXTIMEOUT (4 * 60) /* max timeout for bad commands */
318 #endif /* ! MAXTIMEOUT */
321 ** Maximum shift value to compute timeout for bad commands.
322 ** This introduces an upper limit of 2^MAXSHIFT for the timeout.
327 #endif /* ! MAXSHIFT */
329 ERROR _MAXSHIFT > 31 is invalid
330 #endif /* MAXSHIFT */
333 #if MAXBADCOMMANDS > 0
334 # define STOP_IF_ATTACK(r) do \
336 if ((r) == STOP_ATTACK) \
340 #else /* MAXBADCOMMANDS > 0 */
341 # define STOP_IF_ATTACK(r) r
342 #endif /* MAXBADCOMMANDS > 0 */
346 static SM_DEBUG_T DebugLeakSmtp = SM_DEBUG_INITIALIZER("leak_smtp",
347 "@(#)$Debug: leak_smtp - trace memory leaks during SMTP processing $");
348 #endif /* SM_HEAP_CHECK */
352 bool sm_gotmail; /* mail command received */
353 unsigned int sm_nrcpts; /* number of successful RCPT commands */
357 bool sm_milterlist; /* any filters in the list? */
359 char *sm_quarmsg; /* carry quarantining across messages */
362 static bool smtp_data __P((SMTP_T *, ENVELOPE *));
364 #define MSG_TEMPFAIL "451 4.3.2 Please try again later"
367 # define MILTER_ABORT(e) milter_abort((e))
369 # define MILTER_REPLY(str) \
371 int savelogusrerrs = LogUsrErrs; \
373 milter_cmd_fail = true; \
376 case SMFIR_SHUTDOWN: \
377 if (MilterLogLevel > 3) \
379 sm_syslog(LOG_INFO, e->e_id, \
380 "Milter: %s=%s, reject=421, errormode=4", \
382 LogUsrErrs = false; \
385 bool tsave = QuickAbort; \
387 QuickAbort = false; \
388 usrerr("421 4.3.0 closing connection"); \
389 QuickAbort = tsave; \
390 e->e_sendqueue = NULL; \
394 case SMFIR_REPLYCODE: \
395 if (MilterLogLevel > 3) \
397 sm_syslog(LOG_INFO, e->e_id, \
398 "Milter: %s=%s, reject=%s", \
399 str, addr, response); \
400 LogUsrErrs = false; \
402 if (strncmp(response, "421 ", 4) == 0 \
403 || strncmp(response, "421-", 4) == 0) \
405 bool tsave = QuickAbort; \
407 QuickAbort = false; \
409 QuickAbort = tsave; \
410 e->e_sendqueue = NULL; \
418 if (MilterLogLevel > 3) \
420 sm_syslog(LOG_INFO, e->e_id, \
421 "Milter: %s=%s, reject=550 5.7.1 Command rejected", \
423 LogUsrErrs = false; \
425 usrerr("550 5.7.1 Command rejected"); \
428 case SMFIR_DISCARD: \
429 if (MilterLogLevel > 3) \
430 sm_syslog(LOG_INFO, e->e_id, \
431 "Milter: %s=%s, discard", \
433 e->e_flags |= EF_DISCARD; \
434 milter_cmd_fail = false; \
437 case SMFIR_TEMPFAIL: \
438 if (MilterLogLevel > 3) \
440 sm_syslog(LOG_INFO, e->e_id, \
441 "Milter: %s=%s, reject=%s", \
442 str, addr, MSG_TEMPFAIL); \
443 LogUsrErrs = false; \
445 usrerr(MSG_TEMPFAIL); \
448 milter_cmd_fail = false; \
451 LogUsrErrs = savelogusrerrs; \
452 if (response != NULL) \
453 sm_free(response); /* XXX */ \
457 # define MILTER_ABORT(e)
460 /* clear all SMTP state (for HELO/EHLO/RSET) */
461 #define CLEAR_STATE(cmd) \
464 /* abort milter filters */ \
467 if (smtp.sm_nrcpts > 0) \
469 logundelrcpts(e, cmd, 10, false); \
470 smtp.sm_nrcpts = 0; \
471 macdefine(&e->e_macro, A_PERM, \
472 macid("{nrcpts}"), "0"); \
475 e->e_sendqueue = NULL; \
476 e->e_flags |= EF_CLRQUEUE; \
478 if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags)) \
479 logsender(e, NULL); \
480 e->e_flags &= ~EF_LOGSENDER; \
482 /* clean up a bit */ \
483 smtp.sm_gotmail = false; \
485 dropenvelope(e, true, false); \
486 sm_rpool_free(e->e_rpool); \
487 e = newenvelope(e, CurEnv, sm_rpool_new_x(NULL)); \
489 e->e_features = features; \
491 /* put back discard bit */ \
492 if (smtp.sm_discard) \
493 e->e_flags |= EF_DISCARD; \
495 /* restore connection quarantining */ \
496 if (smtp.sm_quarmsg == NULL) \
498 e->e_quarmsg = NULL; \
499 macdefine(&e->e_macro, A_PERM, \
500 macid("{quarantine}"), ""); \
504 e->e_quarmsg = sm_rpool_strdup_x(e->e_rpool, \
506 macdefine(&e->e_macro, A_PERM, macid("{quarantine}"), \
511 /* sleep to flatten out connection load */
512 #define MIN_DELAY_LOG 15 /* wait before logging this again */
514 /* is it worth setting the process title for 1s? */
515 #define DELAY_CONN(cmd) \
516 if (DelayLA > 0 && (CurrentLA = getla()) >= DelayLA) \
520 sm_setproctitle(true, e, \
521 "%s: %s: delaying %s: load average: %d", \
522 qid_printname(e), CurSmtpClient, \
524 if (LogLevel > 8 && (dnow = curtime()) > log_delay) \
526 sm_syslog(LOG_INFO, e->e_id, \
527 "delaying=%s, load average=%d >= %d", \
528 cmd, CurrentLA, DelayLA); \
529 log_delay = dnow + MIN_DELAY_LOG; \
532 sm_setproctitle(true, e, "%s %s: %.80s", \
533 qid_printname(e), CurSmtpClient, inp); \
536 static bool SevenBitInput_Saved; /* saved version of SevenBitInput */
539 smtp(nullserver, d_flags, e)
540 char *volatile nullserver;
542 register ENVELOPE *volatile e;
544 register char *volatile p;
545 register struct cmd *volatile c = NULL;
547 auto ADDRESS *vrfyqueue;
549 volatile bool gothello; /* helo command received */
550 bool vrfy; /* set if this is a vrfy command */
551 char *volatile protocol; /* sending protocol */
552 char *volatile sendinghost; /* sending hostname */
553 char *volatile peerhostname; /* name of SMTP peer or "localhost" */
556 volatile unsigned int n_badcmds = 0; /* count of bad commands */
557 volatile unsigned int n_badrcpts = 0; /* number of rejected RCPT */
558 volatile unsigned int n_verifies = 0; /* count of VRFY/EXPN */
559 volatile unsigned int n_etrn = 0; /* count of ETRN */
560 volatile unsigned int n_noop = 0; /* count of NOOP/VERB/etc */
561 volatile unsigned int n_helo = 0; /* count of HELO/EHLO */
564 volatile bool tempfail = false;
565 volatile time_t wt; /* timeout after too many commands */
566 volatile time_t previous; /* time after checksmtpattack() */
567 volatile bool lognullconnection = true;
571 char *greetcode = "220";
572 char *hostname; /* my hostname ($j) */
574 char *args[MAXSMTPARGS];
575 char inp[MAXINPLINE];
576 #if MAXINPLINE < MAXLINE
577 ERROR _MAXINPLINE must NOT be less than _MAXLINE: MAXINPLINE < MAXLINE
578 #endif /* MAXINPLINE < MAXLINE */
579 char cmdbuf[MAXLINE];
582 volatile bool sasl_ok;
583 volatile unsigned int n_auth = 0; /* count of AUTH commands */
586 volatile int authenticating;
590 char *auth_id = NULL;
593 char localip[60], remoteip[60];
594 # else /* SASL >= 20000 */
597 sasl_external_properties_t ext_ssf;
598 struct sockaddr_in saddr_l;
599 struct sockaddr_in saddr_r;
600 # endif /* SASL >= 20000 */
601 sasl_security_properties_t ssp;
603 unsigned int inlen, out2len;
605 char *volatile auth_type;
607 volatile unsigned int n_mechs;
614 volatile bool tls_active = false;
615 volatile bool smtps = bitnset(D_SMTPS, d_flags);
619 #endif /* STARTTLS */
620 volatile unsigned int features;
624 # endif /* _FFR_NO_PIPE */
625 #endif /* PIPELINING */
626 volatile time_t log_delay = (time_t) 0;
628 volatile bool milter_cmd_done, milter_cmd_safe;
629 volatile bool milter_rcpt_added, milter_cmd_fail;
631 # define p_addr_st &addr_st
633 # define p_addr_st NULL
637 SevenBitInput_Saved = SevenBitInput;
640 smtp.sm_milterize = (nullserver == NULL);
641 smtp.sm_milterlist = false;
645 /* setup I/O fd correctly for the SMTP server */
649 if (sm_debug_active(&DebugLeakSmtp, 1))
652 sm_dprintf("smtp() heap group #%d\n", sm_heap_group());
654 #endif /* SM_HEAP_CHECK */
656 /* XXX the rpool should be set when e is initialized in main() */
657 e->e_rpool = sm_rpool_new_x(NULL);
658 e->e_macro.mac_rpool = e->e_rpool;
662 peerhostname = RealHostName;
663 if (peerhostname == NULL)
664 peerhostname = "localhost";
665 CurHostName = peerhostname;
666 CurSmtpClient = macvalue('_', e);
667 if (CurSmtpClient == NULL)
668 CurSmtpClient = CurHostName;
670 /* check_relay may have set discard bit, save for later */
671 smtp.sm_discard = bitset(EF_DISCARD, e->e_flags);
674 /* auto-flush output when reading input */
675 (void) sm_io_autoflush(InChannel, OutChannel);
676 #endif /* PIPELINING */
678 sm_setproctitle(true, e, "server %s startup", CurSmtpClient);
680 /* Set default features for server. */
681 features = ((bitset(PRIV_NOETRN, PrivacyFlags) ||
682 bitnset(D_NOETRN, d_flags)) ? SRV_NONE : SRV_OFFER_ETRN)
683 | (bitnset(D_AUTHREQ, d_flags) ? SRV_REQ_AUTH : SRV_NONE)
684 | (bitset(PRIV_NOEXPN, PrivacyFlags) ? SRV_NONE
686 | (bitset(PRIV_NOVERB, PrivacyFlags)
687 ? SRV_NONE : SRV_OFFER_VERB)))
688 | ((bitset(PRIV_NORECEIPTS, PrivacyFlags) || !SendMIMEErrors)
689 ? SRV_NONE : SRV_OFFER_DSN)
691 | (bitnset(D_NOAUTH, d_flags) ? SRV_NONE : SRV_OFFER_AUTH)
692 | (bitset(SASL_SEC_NOPLAINTEXT, SASLOpts) ? SRV_REQ_SEC
697 #endif /* PIPELINING */
699 | (bitnset(D_NOTLS, d_flags) ? SRV_NONE : SRV_OFFER_TLS)
700 | (bitset(TLS_I_NO_VRFY, TLS_Srv_Opts) ? SRV_NONE
702 #endif /* STARTTLS */
704 if (nullserver == NULL)
706 features = srvfeatures(e, CurSmtpClient, features);
707 if (bitset(SRV_TMP_FAIL, features))
710 sm_syslog(LOG_ERR, NOQID,
711 "ERROR: srv_features=tempfail, relay=%.100s, access temporarily disabled",
713 nullserver = "450 4.3.0 Please try again later.";
719 if (bitset(SRV_NO_PIPE, features))
721 /* for consistency */
722 features &= ~SRV_OFFER_PIPE;
724 # endif /* _FFR_NO_PIPE */
725 #endif /* PIPELINING */
727 if (bitset(SRV_REQ_SEC, features))
728 SASLOpts |= SASL_SEC_NOPLAINTEXT;
730 SASLOpts &= ~SASL_SEC_NOPLAINTEXT;
734 else if (strncmp(nullserver, "421 ", 4) == 0)
740 e->e_features = features;
741 hostname = macvalue('j', e);
743 if (AuthRealm == NULL)
744 AuthRealm = hostname;
745 sasl_ok = bitset(SRV_OFFER_AUTH, features);
747 authenticating = SASL_NOT_AUTH;
749 /* SASL server new connection */
753 result = sasl_server_new("smtp", AuthRealm, NULL, NULL, NULL,
756 /* use empty realm: only works in SASL > 1.5.5 */
757 result = sasl_server_new("smtp", AuthRealm, "", NULL, 0, &conn);
758 # else /* SASL >= 20000 */
759 /* use no realm -> realm is set to hostname by SASL lib */
760 result = sasl_server_new("smtp", AuthRealm, NULL, NULL, 0,
762 # endif /* SASL >= 20000 */
763 sasl_ok = result == SASL_OK;
767 sm_syslog(LOG_WARNING, NOQID,
768 "AUTH error: sasl_server_new failed=%d",
775 ** SASL set properties for sasl
776 ** set local/remote IP
777 ** XXX Cyrus SASL v1 only supports IPv4
779 ** XXX where exactly are these used/required?
784 localip[0] = remoteip[0] = '\0';
785 # if NETINET || NETINET6
786 in = macvalue(macid("{daemon_family}"), e);
789 strcmp(in, "inet6") == 0 ||
790 # endif /* NETINET6 */
791 strcmp(in, "inet") == 0))
793 SOCKADDR_LEN_T addrsize;
797 addrsize = sizeof(saddr_r);
798 if (getpeername(sm_io_getinfo(InChannel, SM_IO_WHAT_FD,
800 (struct sockaddr *) &saddr_r,
803 if (iptostring(&saddr_r, addrsize,
804 remoteip, sizeof(remoteip)))
806 sasl_setprop(conn, SASL_IPREMOTEPORT,
809 addrsize = sizeof(saddr_l);
810 if (getsockname(sm_io_getinfo(InChannel,
813 (struct sockaddr *) &saddr_l,
816 if (iptostring(&saddr_l, addrsize,
827 # endif /* NETINET || NETINET6 */
828 # else /* SASL >= 20000 */
830 in = macvalue(macid("{daemon_family}"), e);
831 if (in != NULL && strcmp(in, "inet") == 0)
833 SOCKADDR_LEN_T addrsize;
835 addrsize = sizeof(struct sockaddr_in);
836 if (getpeername(sm_io_getinfo(InChannel, SM_IO_WHAT_FD,
838 (struct sockaddr *)&saddr_r,
841 sasl_setprop(conn, SASL_IP_REMOTE, &saddr_r);
842 addrsize = sizeof(struct sockaddr_in);
843 if (getsockname(sm_io_getinfo(InChannel,
846 (struct sockaddr *)&saddr_l,
848 sasl_setprop(conn, SASL_IP_LOCAL,
852 # endif /* NETINET */
853 # endif /* SASL >= 20000 */
859 macdefine(&BlankEnvelope.e_macro, A_PERM,
860 macid("{auth_author}"), NULL);
864 (void) memset(&ssp, '\0', sizeof(ssp));
866 /* XXX should these be options settable via .cf ? */
867 /* ssp.min_ssf = 0; is default due to memset() */
869 ssp.max_ssf = MaxSLBits;
870 ssp.maxbufsize = MAXOUTLEN;
872 ssp.security_flags = SASLOpts & SASL_SEC_MASK;
873 sasl_ok = sasl_setprop(conn, SASL_SEC_PROPS, &ssp) == SASL_OK;
878 ** external security strength factor;
879 ** currently we have none so zero
885 sasl_ok = ((sasl_setprop(conn, SASL_SSF_EXTERNAL,
886 &ext_ssf) == SASL_OK) &&
887 (sasl_setprop(conn, SASL_AUTH_EXTERNAL,
888 auth_id) == SASL_OK));
889 # else /* SASL >= 20000 */
891 ext_ssf.auth_id = NULL;
892 sasl_ok = sasl_setprop(conn, SASL_SSF_EXTERNAL,
893 &ext_ssf) == SASL_OK;
894 # endif /* SASL >= 20000 */
897 n_mechs = saslmechs(conn, &mechlist);
902 #endif /* STARTTLS */
905 if (smtp.sm_milterize)
909 /* initialize mail filter connection */
910 smtp.sm_milterlist = milter_init(e, &state);
914 if (MilterLogLevel > 3)
915 sm_syslog(LOG_INFO, e->e_id,
916 "Milter: initialization failed, rejecting commands");
918 nullserver = "Command rejected";
919 smtp.sm_milterize = false;
923 if (MilterLogLevel > 3)
924 sm_syslog(LOG_INFO, e->e_id,
925 "Milter: initialization failed, temp failing commands");
927 smtp.sm_milterize = false;
931 if (MilterLogLevel > 3)
932 sm_syslog(LOG_INFO, e->e_id,
933 "Milter: initialization failed, closing connection");
935 smtp.sm_milterize = false;
936 message("421 4.7.0 %s closing connection",
939 /* arrange to ignore send list */
940 e->e_sendqueue = NULL;
945 if (smtp.sm_milterlist && smtp.sm_milterize &&
946 !bitset(EF_DISCARD, e->e_flags))
951 q = macvalue(macid("{client_name}"), e);
952 SM_ASSERT(q != NULL || OpMode == MD_SMTP);
955 response = milter_connect(q, RealHostAddr, e, &state);
958 case SMFIR_REPLYCODE: /* REPLYCODE shouldn't happen */
960 if (MilterLogLevel > 3)
961 sm_syslog(LOG_INFO, e->e_id,
962 "Milter: connect: host=%s, addr=%s, rejecting commands",
964 anynet_ntoa(&RealHostAddr));
966 nullserver = "Command rejected";
967 smtp.sm_milterize = false;
971 if (MilterLogLevel > 3)
972 sm_syslog(LOG_INFO, e->e_id,
973 "Milter: connect: host=%s, addr=%s, temp failing commands",
975 anynet_ntoa(&RealHostAddr));
977 smtp.sm_milterize = false;
981 if (MilterLogLevel > 3)
982 sm_syslog(LOG_INFO, e->e_id,
983 "Milter: connect: host=%s, addr=%s, shutdown",
985 anynet_ntoa(&RealHostAddr));
987 smtp.sm_milterize = false;
988 message("421 4.7.0 %s closing connection",
991 /* arrange to ignore send list */
992 e->e_sendqueue = NULL;
995 if (response != NULL)
996 sm_free(response); /* XXX */
1001 ** Broken proxies and SMTP slammers
1002 ** push data without waiting, catch them
1008 #endif /* STARTTLS */
1009 *greetcode == '2' && nullserver == NULL)
1013 char pvpbuf[PSBUFSIZE];
1015 /* Ask the rulesets how long to pause */
1017 r = rscap("greet_pause", peerhostname,
1018 anynet_ntoa(&RealHostAddr), e,
1019 &pvp, pvpbuf, sizeof(pvpbuf));
1020 if (r == EX_OK && pvp != NULL && pvp[0] != NULL &&
1021 (pvp[0][0] & 0377) == CANONNET && pvp[1] != NULL)
1023 msecs = strtol(pvp[1], NULL, 10);
1030 struct timeval timeout;
1031 struct timeval bp, ep, tp; /* {begin,end,total}pause */
1034 /* pause for a moment */
1035 timeout.tv_sec = msecs / 1000;
1036 timeout.tv_usec = (msecs % 1000) * 1000;
1038 /* Obey RFC 2821: 4.3.5.2: 220 timeout of 5 minutes */
1039 if (timeout.tv_sec >= 300)
1041 timeout.tv_sec = 300;
1042 timeout.tv_usec = 0;
1045 /* check if data is on the socket during the pause */
1046 fd = sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL);
1048 SM_FD_SET(fd, &readfds);
1049 gettimeofday(&bp, NULL);
1050 if (select(fd + 1, FDSET_CAST &readfds,
1051 NULL, NULL, &timeout) > 0 &&
1052 FD_ISSET(fd, &readfds) &&
1053 (eoftest = sm_io_getc(InChannel, SM_TIME_DEFAULT))
1056 sm_io_ungetc(InChannel, SM_TIME_DEFAULT,
1058 gettimeofday(&ep, NULL);
1059 timersub(&ep, &bp, &tp);
1061 nullserver = "Command rejected";
1062 sm_syslog(LOG_INFO, e->e_id,
1063 "rejecting commands from %s [%s] due to pre-greeting traffic after %d seconds",
1065 anynet_ntoa(&RealHostAddr),
1067 (tp.tv_usec >= 500000 ? 1 : 0)
1074 /* If this an smtps connection, start TLS now */
1083 #endif /* STARTTLS */
1085 /* output the first line, inserting "ESMTP" as second word */
1086 if (*greetcode == '5')
1087 (void) sm_snprintf(inp, sizeof(inp),
1088 "%s not accepting messages", hostname);
1090 expand(SmtpGreeting, inp, sizeof(inp), e);
1092 p = strchr(inp, '\n');
1095 id = strchr(inp, ' ');
1097 id = &inp[strlen(inp)];
1099 (void) sm_snprintf(cmdbuf, sizeof(cmdbuf),
1100 "%s %%.*s ESMTP%%s", greetcode);
1102 (void) sm_snprintf(cmdbuf, sizeof(cmdbuf),
1103 "%s-%%.*s ESMTP%%s", greetcode);
1104 message(cmdbuf, (int) (id - inp), inp, id);
1106 /* output remaining lines */
1107 while ((id = p) != NULL && (p = strchr(id, '\n')) != NULL)
1110 if (isascii(*id) && isspace(*id))
1112 (void) sm_strlcpyn(cmdbuf, sizeof(cmdbuf), 2, greetcode, "-%s");
1113 message(cmdbuf, id);
1117 if (isascii(*id) && isspace(*id))
1119 (void) sm_strlcpyn(cmdbuf, sizeof(cmdbuf), 2, greetcode, " %s");
1120 message(cmdbuf, id);
1124 sendinghost = macvalue('s', e);
1126 /* If quarantining by a connect/ehlo action, save between messages */
1127 if (e->e_quarmsg == NULL)
1128 smtp.sm_quarmsg = NULL;
1130 smtp.sm_quarmsg = newstr(e->e_quarmsg);
1132 /* sendinghost's storage must outlive the current envelope */
1133 if (sendinghost != NULL)
1134 sendinghost = sm_strdup_x(sendinghost);
1137 smtp.sm_gotmail = false;
1146 OnlyOneError = true;
1147 e->e_flags &= ~(EF_VRFYONLY|EF_GLOBALERRS);
1149 milter_cmd_fail = false;
1152 /* setup for the read */
1156 (void) sm_io_flush(smioout, SM_TIME_DEFAULT);
1158 /* read the input line */
1159 SmtpPhase = "server cmd read";
1160 sm_setproctitle(true, e, "server %s cmd read", CurSmtpClient);
1163 if (sm_io_error(OutChannel) ||
1164 (p = sfgets(inp, sizeof(inp), InChannel,
1165 TimeOuts.to_nextcommand, SmtpPhase)) == NULL)
1169 d = macvalue(macid("{daemon_name}"), e);
1172 /* end of file, just die */
1176 /* close out milter filters */
1180 message("421 4.4.1 %s Lost input channel from %s",
1181 MyHostName, CurSmtpClient);
1182 if (LogLevel > (smtp.sm_gotmail ? 1 : 19))
1183 sm_syslog(LOG_NOTICE, e->e_id,
1184 "lost input channel from %s to %s after %s",
1186 (c == NULL || c->cmd_name == NULL) ? "startup" : c->cmd_name);
1188 ** If have not accepted mail (DATA), do not bounce
1189 ** bad addresses back to sender.
1192 if (bitset(EF_CLRQUEUE, e->e_flags))
1193 e->e_sendqueue = NULL;
1197 /* also used by "proxy" check below */
1198 inplen = strlen(inp);
1201 ** SMTP AUTH requires accepting any length,
1202 ** at least for challenge/response. However, not imposing
1203 ** a limit is a bad idea (denial of service).
1206 if (authenticating != SASL_PROC_AUTH
1207 && sm_strncasecmp(inp, "AUTH ", 5) != 0
1208 && inplen > MAXLINE)
1210 message("421 4.7.0 %s Command too long, possible attack %s",
1211 MyHostName, CurSmtpClient);
1212 sm_syslog(LOG_INFO, e->e_id,
1213 "%s: SMTP violation, input too long: %lu",
1214 CurSmtpClient, (unsigned long) inplen);
1224 static char *http_cmds[] = { "GET", "POST",
1225 "CONNECT", "USER", NULL };
1227 for (idx = 0; (http_cmd = http_cmds[idx]) != NULL;
1230 cmdlen = strlen(http_cmd);
1231 if (cmdlen < inplen &&
1232 sm_strncasecmp(inp, http_cmd, cmdlen) == 0 &&
1233 isascii(inp[cmdlen]) && isspace(inp[cmdlen]))
1235 /* Open proxy, drop it */
1236 message("421 4.7.0 %s Rejecting open proxy %s",
1237 MyHostName, CurSmtpClient);
1238 sm_syslog(LOG_INFO, e->e_id,
1239 "%s: probable open proxy: command=%.40s",
1240 CurSmtpClient, inp);
1247 /* clean up end of line */
1253 ** if there is more input and pipelining is disabled:
1254 ** delay ... (and maybe discard the input?)
1255 ** XXX this doesn't really work, at least in tests using
1256 ** telnet SM_IO_IS_READABLE only returns 1 if there were
1257 ** more than 2 input lines available.
1260 if (bitset(SRV_NO_PIPE, features) &&
1261 sm_io_getinfo(InChannel, SM_IO_IS_READABLE, NULL) > 0)
1264 sm_syslog(LOG_INFO, NOQID,
1265 "unauthorized PIPELINING, sleeping");
1269 # endif /* _FFR_NO_PIPE */
1270 #endif /* PIPELINING */
1273 if (authenticating == SASL_PROC_AUTH)
1278 authenticating = SASL_NOT_AUTH;
1279 message("501 5.5.2 missing input");
1284 if (*inp == '*' && *(inp + 1) == '\0')
1286 authenticating = SASL_NOT_AUTH;
1289 message("501 5.0.0 AUTH aborted");
1294 /* could this be shorter? XXX */
1296 in = xalloc(strlen(inp) + 1);
1297 result = sasl_decode64(inp, strlen(inp), in,
1298 strlen(inp), &inlen);
1299 # else /* SASL >= 20000 */
1300 out = xalloc(strlen(inp));
1301 result = sasl_decode64(inp, strlen(inp), out, &outlen);
1302 # endif /* SASL >= 20000 */
1303 if (result != SASL_OK)
1305 authenticating = SASL_NOT_AUTH;
1308 message("501 5.5.4 cannot decode AUTH parameter %s",
1312 # endif /* SASL >= 20000 */
1318 result = sasl_server_step(conn, in, inlen,
1321 # else /* SASL >= 20000 */
1322 result = sasl_server_step(conn, out, outlen,
1323 &out, &outlen, &errstr);
1324 # endif /* SASL >= 20000 */
1326 /* get an OK if we're done */
1327 if (result == SASL_OK)
1330 message("235 2.0.0 OK Authenticated");
1331 authenticating = SASL_IS_AUTH;
1332 macdefine(&BlankEnvelope.e_macro, A_TEMP,
1333 macid("{auth_type}"), auth_type);
1336 user = macvalue(macid("{auth_authen}"), e);
1338 /* get security strength (features) */
1339 result = sasl_getprop(conn, SASL_SSF,
1340 (const void **) &ssf);
1341 # else /* SASL >= 20000 */
1342 result = sasl_getprop(conn, SASL_USERNAME,
1344 if (result != SASL_OK)
1347 macdefine(&BlankEnvelope.e_macro,
1349 macid("{auth_authen}"), NULL);
1353 macdefine(&BlankEnvelope.e_macro,
1355 macid("{auth_authen}"),
1356 xtextify(user, "<>\")"));
1361 sasl_getprop(conn, SASL_REALM, (void **) &data);
1364 /* get security strength (features) */
1365 result = sasl_getprop(conn, SASL_SSF,
1367 # endif /* SASL >= 20000 */
1368 if (result != SASL_OK)
1370 macdefine(&BlankEnvelope.e_macro,
1372 macid("{auth_ssf}"), "0");
1379 (void) sm_snprintf(pbuf, sizeof(pbuf),
1381 macdefine(&BlankEnvelope.e_macro,
1383 macid("{auth_ssf}"), pbuf);
1385 sm_dprintf("AUTH auth_ssf: %u\n",
1390 ** Only switch to encrypted connection
1391 ** if a security layer has been negotiated
1394 if (ssf != NULL && *ssf > 0)
1399 ** Convert I/O layer to use SASL.
1400 ** If the call fails, the connection
1404 tmo = TimeOuts.to_datablock * 1000;
1405 if (sfdcsasl(&InChannel, &OutChannel,
1408 /* restart dialogue */
1411 (void) sm_io_autoflush(InChannel,
1413 # endif /* PIPELINING */
1416 syserr("503 5.3.3 SASL TLS failed");
1419 /* NULL pointer ok since it's our function */
1421 sm_syslog(LOG_INFO, NOQID,
1422 "AUTH=server, relay=%s, authid=%.128s, mech=%.16s, bits=%d",
1424 shortenstring(user, 128),
1427 else if (result == SASL_CONTINUE)
1429 len = ENC64LEN(outlen);
1431 result = sasl_encode64(out, outlen, out2, len,
1433 if (result != SASL_OK)
1435 /* correct code? XXX */
1436 /* 454 Temp. authentication failure */
1437 message("454 4.5.4 Internal error: unable to encode64");
1439 sm_syslog(LOG_WARNING, e->e_id,
1440 "AUTH encode64 error [%d for \"%s\"]",
1443 authenticating = SASL_NOT_AUTH;
1447 message("334 %s", out2);
1449 sm_dprintf("AUTH continue: msg='%s' len=%u\n",
1454 # endif /* SASL >= 20000 */
1458 /* not SASL_OK or SASL_CONT */
1459 message("535 5.7.0 authentication failed");
1461 sm_syslog(LOG_WARNING, e->e_id,
1462 "AUTH failure (%s): %s (%d) %s",
1464 sasl_errstring(result, NULL,
1468 sasl_errdetail(conn));
1469 # else /* SASL >= 20000 */
1470 errstr == NULL ? "" : errstr);
1471 # endif /* SASL >= 20000 */
1473 authenticating = SASL_NOT_AUTH;
1478 /* don't want to do any of this if authenticating */
1481 /* echo command to transcript */
1482 if (e->e_xfp != NULL)
1483 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
1487 sm_syslog(LOG_INFO, e->e_id, "<-- %s", inp);
1489 /* break off command */
1490 for (p = inp; isascii(*p) && isspace(*p); p++)
1493 while (*p != '\0' &&
1494 !(isascii(*p) && isspace(*p)) &&
1495 cmd < &cmdbuf[sizeof(cmdbuf) - 2])
1499 /* throw away leading whitespace */
1502 /* decode command */
1503 for (c = CmdTab; c->cmd_name != NULL; c++)
1505 if (sm_strcasecmp(c->cmd_name, cmdbuf) == 0)
1512 /* check whether a "non-null" command has been used */
1513 switch (c->cmd_code)
1517 /* avoid information leak; take first two words? */
1526 lognullconnection = false;
1533 if (e->e_id == NULL)
1534 sm_setproctitle(true, e, "%s: %.80s",
1537 sm_setproctitle(true, e, "%s %s: %.80s",
1544 ** If we are running as a null server, return 550
1545 ** to almost everything.
1548 if (nullserver != NULL || bitnset(D_ETRNONLY, d_flags))
1550 switch (c->cmd_code)
1558 /* process normally */
1562 if (bitnset(D_ETRNONLY, d_flags) &&
1569 #if MAXBADCOMMANDS > 0
1570 /* theoretically this could overflow */
1571 if (nullserver != NULL &&
1572 ++n_badcmds > MAXBADCOMMANDS)
1574 message("421 4.7.0 %s Too many bad commands; closing connection",
1577 /* arrange to ignore send list */
1578 e->e_sendqueue = NULL;
1581 #endif /* MAXBADCOMMANDS > 0 */
1582 if (nullserver != NULL)
1584 if (ISSMTPREPLY(nullserver))
1587 usrerr("550 5.0.0 %s",
1591 usrerr("452 4.4.5 Insufficient disk space; try again later");
1596 switch (c->cmd_code)
1599 case CMDAUTH: /* sasl */
1601 if (!sasl_ok || n_mechs <= 0)
1603 message("503 5.3.3 AUTH not available");
1606 if (authenticating == SASL_IS_AUTH)
1608 message("503 5.5.0 Already Authenticated");
1611 if (smtp.sm_gotmail)
1613 message("503 5.5.0 AUTH not permitted during a mail transaction");
1619 sm_syslog(LOG_INFO, e->e_id,
1620 "SMTP AUTH command (%.100s) from %s tempfailed (due to previous checks)",
1622 usrerr("454 4.3.0 Please try again later");
1628 /* crude way to avoid crack attempts */
1629 STOP_IF_ATTACK(checksmtpattack(&n_auth, n_mechs + 1,
1632 /* make sure mechanism (p) is a valid string */
1633 for (q = p; *q != '\0' && isascii(*q); q++)
1638 while (*++q != '\0' &&
1639 isascii(*q) && isspace(*q))
1642 ismore = (*q != '\0');
1649 message("501 5.5.2 AUTH mechanism must be specified");
1653 /* check whether mechanism is available */
1654 if (iteminlist(p, mechlist, " ") == NULL)
1656 message("504 5.3.3 AUTH mechanism %.32s not available",
1663 /* could this be shorter? XXX */
1665 in = xalloc(strlen(q) + 1);
1666 result = sasl_decode64(q, strlen(q), in,
1668 # else /* SASL >= 20000 */
1669 in = sm_rpool_malloc(e->e_rpool, strlen(q));
1670 result = sasl_decode64(q, strlen(q), in,
1672 # endif /* SASL >= 20000 */
1673 if (result != SASL_OK)
1675 message("501 5.5.4 cannot BASE64 decode '%s'",
1678 sm_syslog(LOG_WARNING, e->e_id,
1679 "AUTH decode64 error [%d for \"%s\"]",
1682 authenticating = SASL_NOT_AUTH;
1685 # endif /* SASL >= 20000 */
1697 /* see if that auth type exists */
1699 result = sasl_server_start(conn, p, in, inlen,
1703 # else /* SASL >= 20000 */
1704 result = sasl_server_start(conn, p, in, inlen,
1705 &out, &outlen, &errstr);
1706 # endif /* SASL >= 20000 */
1708 if (result != SASL_OK && result != SASL_CONTINUE)
1710 message("535 5.7.0 authentication failed");
1712 sm_syslog(LOG_ERR, e->e_id,
1713 "AUTH failure (%s): %s (%d) %s",
1715 sasl_errstring(result, NULL,
1719 sasl_errdetail(conn));
1720 # else /* SASL >= 20000 */
1722 # endif /* SASL >= 20000 */
1726 auth_type = newstr(p);
1728 if (result == SASL_OK)
1730 /* ugly, but same code */
1732 /* authenticated by the initial response */
1735 /* len is at least 2 */
1736 len = ENC64LEN(outlen);
1738 result = sasl_encode64(out, outlen, out2, len,
1741 if (result != SASL_OK)
1743 message("454 4.5.4 Temporary authentication failure");
1745 sm_syslog(LOG_WARNING, e->e_id,
1746 "AUTH encode64 error [%d for \"%s\"]",
1750 authenticating = SASL_NOT_AUTH;
1755 message("334 %s", out2);
1756 authenticating = SASL_PROC_AUTH;
1760 # endif /* SASL >= 20000 */
1765 case CMDSTLS: /* starttls */
1766 DELAY_CONN("STARTTLS");
1769 message("501 5.5.2 Syntax error (no parameters allowed)");
1772 if (!bitset(SRV_OFFER_TLS, features))
1774 message("503 5.5.0 TLS not available");
1779 message("454 4.3.3 TLS not available after start");
1782 if (smtp.sm_gotmail)
1784 message("503 5.5.0 TLS not permitted during a mail transaction");
1790 sm_syslog(LOG_INFO, e->e_id,
1791 "SMTP STARTTLS command (%.100s) from %s tempfailed (due to previous checks)",
1793 usrerr("454 4.7.0 Please try again later");
1799 ** XXX do we need a temp key ?
1801 # else /* TLS_NO_RSA */
1802 # endif /* TLS_NO_RSA */
1804 # if TLS_VRFY_PER_CTX
1806 ** Note: this sets the verification globally
1808 ** it's ok since it applies only to one transaction
1811 TLS_VERIFY_CLIENT();
1812 # endif /* TLS_VRFY_PER_CTX */
1814 if (srv_ssl != NULL)
1816 else if ((srv_ssl = SSL_new(srv_ctx)) == NULL)
1818 message("454 4.3.3 TLS not available: error generating SSL handle");
1820 tlslogerr("server");
1824 # if !TLS_VRFY_PER_CTX
1826 ** this could be used if it were possible to set
1827 ** verification per SSL (connection)
1828 ** not just per SSL_CTX (global)
1831 TLS_VERIFY_CLIENT();
1832 # endif /* !TLS_VRFY_PER_CTX */
1834 rfd = sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL);
1835 wfd = sm_io_getinfo(OutChannel, SM_IO_WHAT_FD, NULL);
1837 if (rfd < 0 || wfd < 0 ||
1838 SSL_set_rfd(srv_ssl, rfd) <= 0 ||
1839 SSL_set_wfd(srv_ssl, wfd) <= 0)
1841 message("454 4.3.3 TLS not available: error set fd");
1847 message("220 2.0.0 Ready to start TLS");
1849 (void) sm_io_flush(OutChannel, SM_TIME_DEFAULT);
1850 # endif /* PIPELINING */
1852 SSL_set_accept_state(srv_ssl);
1854 # define SSL_ACC(s) SSL_accept(s)
1856 tlsstart = curtime();
1858 if ((r = SSL_ACC(srv_ssl)) <= 0)
1862 ssl_err = SSL_get_error(srv_ssl, r);
1863 i = tls_retry(srv_ssl, rfd, wfd, tlsstart,
1864 TimeOuts.to_starttls, ssl_err,
1871 sm_syslog(LOG_WARNING, NOQID,
1872 "STARTTLS=server, error: accept failed=%d, SSL_error=%d, errno=%d, retry=%d",
1873 r, ssl_err, errno, i);
1875 tlslogerr("server");
1882 ** according to the next draft of
1883 ** RFC 2487 the connection should be dropped
1886 /* arrange to ignore any current send list */
1887 e->e_sendqueue = NULL;
1891 /* ignore return code for now, it's in {verify} */
1892 (void) tls_get_info(srv_ssl, true,
1894 &BlankEnvelope.e_macro,
1895 bitset(SRV_VRFY_CLT, features));
1898 ** call Stls_client to find out whether
1899 ** to accept the connection from the client
1902 saveQuickAbort = QuickAbort;
1903 saveSuprErrs = SuprErrs;
1906 if (rscheck("tls_client",
1907 macvalue(macid("{verify}"), e),
1909 RSF_RMCOMM|RSF_COUNT,
1910 5, NULL, NOQID, NULL) != EX_OK ||
1913 extern char MsgBuf[];
1915 if (MsgBuf[0] != '\0' && ISSMTPREPLY(MsgBuf))
1916 nullserver = newstr(MsgBuf);
1918 nullserver = "503 5.7.0 Authentication required.";
1920 QuickAbort = saveQuickAbort;
1921 SuprErrs = saveSuprErrs;
1923 tls_ok_srv = false; /* don't offer STARTTLS again */
1932 s = macvalue(macid("{cipher_bits}"), e);
1933 v = macvalue(macid("{verify}"), e);
1934 c = macvalue(macid("{cert_subject}"), e);
1935 verified = (v != NULL && strcmp(v, "OK") == 0);
1936 if (s != NULL && (cipher_bits = atoi(s)) > 0)
1939 ext_ssf = cipher_bits;
1940 auth_id = verified ? c : NULL;
1941 sasl_ok = ((sasl_setprop(conn,
1943 &ext_ssf) == SASL_OK) &&
1946 auth_id) == SASL_OK));
1947 # else /* SASL >= 20000 */
1948 ext_ssf.ssf = cipher_bits;
1949 ext_ssf.auth_id = verified ? c : NULL;
1950 sasl_ok = sasl_setprop(conn,
1952 &ext_ssf) == SASL_OK;
1953 # endif /* SASL >= 20000 */
1956 n_mechs = saslmechs(conn,
1962 /* switch to secure connection */
1963 if (sfdctls(&InChannel, &OutChannel, srv_ssl) == 0)
1967 (void) sm_io_autoflush(InChannel, OutChannel);
1968 # endif /* PIPELINING */
1973 ** XXX this is an internal error
1974 ** how to deal with it?
1975 ** we can't generate an error message
1976 ** since the other side switched to an
1977 ** encrypted layer, but we could not...
1981 nullserver = "454 4.3.3 TLS not available: can't switch to encrypted layer";
1982 syserr("STARTTLS: can't switch to encrypted layer");
1993 #endif /* STARTTLS */
1995 case CMDHELO: /* hello -- introduce yourself */
1996 case CMDEHLO: /* extended hello */
1998 if (c->cmd_code == CMDEHLO)
2001 SmtpPhase = "server EHLO";
2006 SmtpPhase = "server HELO";
2009 /* avoid denial-of-service */
2010 STOP_IF_ATTACK(checksmtpattack(&n_helo, MAXHELOCOMMANDS,
2011 true, "HELO/EHLO", e));
2014 /* RFC2821 4.1.4 allows duplicate HELO/EHLO */
2015 /* check for duplicate HELO/EHLO per RFC 1651 4.2 */
2018 usrerr("503 %s Duplicate HELO/EHLO",
2024 /* check for valid domain name (re 1123 5.2.5) */
2025 if (*p == '\0' && !AllowBogusHELO)
2027 usrerr("501 %s requires domain address",
2032 /* check for long domain name (hides Received: info) */
2033 if (strlen(p) > MAXNAME)
2035 usrerr("501 Invalid domain name");
2037 sm_syslog(LOG_INFO, CurEnv->e_id,
2038 "invalid domain name (too long) from %s",
2044 for (q = p; *q != '\0'; q++)
2054 /* only complain if strict check */
2055 ok = AllowBogusHELO;
2057 /* allow trailing whitespace */
2058 while (!ok && *++q != '\0' &&
2065 if (strchr("[].-_#:", *q) == NULL)
2069 if (*q == '\0' && ok)
2071 q = "pleased to meet you";
2072 sendinghost = sm_strdup_x(p);
2074 else if (!AllowBogusHELO)
2076 usrerr("501 Invalid domain name");
2078 sm_syslog(LOG_INFO, CurEnv->e_id,
2079 "invalid domain name (%s) from %.100s",
2085 q = "accepting invalid domain name";
2088 if (gothello || smtp.sm_gotmail)
2089 CLEAR_STATE(cmdbuf);
2092 if (smtp.sm_milterlist && smtp.sm_milterize &&
2093 !bitset(EF_DISCARD, e->e_flags))
2098 response = milter_helo(p, e, &state);
2102 if (MilterLogLevel > 3)
2103 sm_syslog(LOG_INFO, e->e_id,
2104 "Milter: helo=%s, reject=Command rejected",
2106 nullserver = "Command rejected";
2107 smtp.sm_milterize = false;
2110 case SMFIR_TEMPFAIL:
2111 if (MilterLogLevel > 3)
2112 sm_syslog(LOG_INFO, e->e_id,
2113 "Milter: helo=%s, reject=%s",
2116 smtp.sm_milterize = false;
2119 case SMFIR_REPLYCODE:
2120 if (MilterLogLevel > 3)
2121 sm_syslog(LOG_INFO, e->e_id,
2122 "Milter: helo=%s, reject=%s",
2124 if (strncmp(response, "421 ", 4) != 0
2125 && strncmp(response, "421-", 4) != 0)
2127 nullserver = newstr(response);
2128 smtp.sm_milterize = false;
2133 case SMFIR_SHUTDOWN:
2134 if (MilterLogLevel > 3 &&
2136 sm_syslog(LOG_INFO, e->e_id,
2137 "Milter: helo=%s, reject=421 4.7.0 %s closing connection",
2140 smtp.sm_milterize = false;
2141 if (response != NULL)
2144 message("421 4.7.0 %s closing connection",
2146 /* arrange to ignore send list */
2147 e->e_sendqueue = NULL;
2148 lognullconnection = false;
2151 if (response != NULL)
2155 ** If quarantining by a connect/ehlo action,
2156 ** save between messages
2159 if (smtp.sm_quarmsg == NULL &&
2160 e->e_quarmsg != NULL)
2161 smtp.sm_quarmsg = newstr(e->e_quarmsg);
2166 /* print HELO response message */
2167 if (c->cmd_code != CMDEHLO)
2169 message("250 %s Hello %s, %s",
2170 MyHostName, CurSmtpClient, q);
2174 message("250-%s Hello %s, %s",
2175 MyHostName, CurSmtpClient, q);
2177 /* offer ENHSC even for nullserver */
2178 if (nullserver != NULL)
2180 message("250 ENHANCEDSTATUSCODES");
2185 ** print EHLO features list
2187 ** Note: If you change this list,
2188 ** remember to update 'helpfile'
2191 message("250-ENHANCEDSTATUSCODES");
2193 if (bitset(SRV_OFFER_PIPE, features))
2194 message("250-PIPELINING");
2195 #endif /* PIPELINING */
2196 if (bitset(SRV_OFFER_EXPN, features))
2198 message("250-EXPN");
2199 if (bitset(SRV_OFFER_VERB, features))
2200 message("250-VERB");
2203 message("250-8BITMIME");
2204 #endif /* MIME8TO7 */
2205 if (MaxMessageSize > 0)
2206 message("250-SIZE %ld", MaxMessageSize);
2208 message("250-SIZE");
2210 if (SendMIMEErrors && bitset(SRV_OFFER_DSN, features))
2213 if (bitset(SRV_OFFER_ETRN, features))
2214 message("250-ETRN");
2216 if (sasl_ok && mechlist != NULL && *mechlist != '\0')
2217 message("250-AUTH %s", mechlist);
2221 bitset(SRV_OFFER_TLS, features))
2222 message("250-STARTTLS");
2223 #endif /* STARTTLS */
2224 if (DeliverByMin > 0)
2225 message("250-DELIVERBY %ld",
2226 (long) DeliverByMin);
2227 else if (DeliverByMin == 0)
2228 message("250-DELIVERBY");
2230 /* < 0: no deliver-by */
2232 message("250 HELP");
2235 case CMDMAIL: /* mail -- designate sender */
2236 SmtpPhase = "server MAIL";
2239 /* check for validity of this command */
2240 if (!gothello && bitset(PRIV_NEEDMAILHELO, PrivacyFlags))
2242 usrerr("503 5.0.0 Polite people say HELO first");
2245 if (smtp.sm_gotmail)
2247 usrerr("503 5.5.0 Sender already specified");
2251 if (bitset(SRV_REQ_AUTH, features) &&
2252 authenticating != SASL_IS_AUTH)
2254 usrerr("530 5.7.0 Authentication required");
2259 p = skipword(p, "from");
2265 sm_syslog(LOG_INFO, e->e_id,
2266 "SMTP MAIL command (%.100s) from %s tempfailed (due to previous checks)",
2268 usrerr(MSG_TEMPFAIL);
2272 /* make sure we know who the sending host is */
2273 if (sendinghost == NULL)
2274 sendinghost = peerhostname;
2278 if (sm_debug_active(&DebugLeakSmtp, 1))
2281 sm_dprintf("smtp() heap group #%d\n",
2284 #endif /* SM_HEAP_CHECK */
2290 auth_warning(e, "%s didn't use HELO protocol",
2293 #ifdef PICKY_HELO_CHECK
2294 if (sm_strcasecmp(sendinghost, peerhostname) != 0 &&
2295 (sm_strcasecmp(peerhostname, "localhost") != 0 ||
2296 sm_strcasecmp(sendinghost, MyHostName) != 0))
2298 auth_warning(e, "Host %s claimed to be %s",
2299 CurSmtpClient, sendinghost);
2301 #endif /* PICKY_HELO_CHECK */
2303 if (protocol == NULL)
2305 macdefine(&e->e_macro, A_PERM, 'r', protocol);
2306 macdefine(&e->e_macro, A_PERM, 's', sendinghost);
2312 macdefine(&e->e_macro, A_PERM, macid("{ntries}"), "0");
2313 macdefine(&e->e_macro, A_PERM, macid("{nrcpts}"), "0");
2314 macdefine(&e->e_macro, A_PERM, macid("{nbadrcpts}"),
2316 e->e_flags |= EF_CLRQUEUE;
2317 sm_setproctitle(true, e, "%s %s: %.80s",
2319 CurSmtpClient, inp);
2321 /* do the processing */
2324 extern char *FullName;
2327 SM_FREE_CLR(FullName);
2329 /* must parse sender first */
2331 setsender(p, e, &delimptr, ' ', false);
2332 if (delimptr != NULL && *delimptr != '\0')
2335 sm_exc_raisenew_x(&EtypeQuickAbort, 1);
2337 /* Successfully set e_from, allow logging */
2338 e->e_flags |= EF_LOGSENDER;
2340 /* put resulting triple from parseaddr() into macros */
2341 if (e->e_from.q_mailer != NULL)
2342 macdefine(&e->e_macro, A_PERM,
2343 macid("{mail_mailer}"),
2344 e->e_from.q_mailer->m_name);
2346 macdefine(&e->e_macro, A_PERM,
2347 macid("{mail_mailer}"), NULL);
2348 if (e->e_from.q_host != NULL)
2349 macdefine(&e->e_macro, A_PERM,
2350 macid("{mail_host}"),
2353 macdefine(&e->e_macro, A_PERM,
2354 macid("{mail_host}"), "localhost");
2355 if (e->e_from.q_user != NULL)
2356 macdefine(&e->e_macro, A_PERM,
2357 macid("{mail_addr}"),
2360 macdefine(&e->e_macro, A_PERM,
2361 macid("{mail_addr}"), NULL);
2363 sm_exc_raisenew_x(&EtypeQuickAbort, 1);
2365 /* check for possible spoofing */
2366 if (RealUid != 0 && OpMode == MD_SMTP &&
2367 !wordinclass(RealUserName, 't') &&
2368 (!bitnset(M_LOCALMAILER,
2369 e->e_from.q_mailer->m_flags) ||
2370 strcmp(e->e_from.q_user, RealUserName) != 0))
2372 auth_warning(e, "%s owned process doing -bs",
2376 /* reset to default value */
2377 SevenBitInput = SevenBitInput_Saved;
2379 /* now parse ESMTP arguments */
2382 parse_esmtp_args(e, NULL, p, delimptr, "MAIL", args,
2385 sm_exc_raisenew_x(&EtypeQuickAbort, 1);
2388 # if _FFR_AUTH_PASSING
2389 /* set the default AUTH= if the sender didn't */
2390 if (e->e_auth_param == NULL)
2392 /* XXX only do this for an MSA? */
2393 e->e_auth_param = macvalue(macid("{auth_authen}"),
2395 if (e->e_auth_param == NULL)
2396 e->e_auth_param = "<>";
2399 ** XXX should we invoke Strust_auth now?
2400 ** authorizing as the client that just
2401 ** authenticated, so we'll trust implicitly
2404 # endif /* _FFR_AUTH_PASSING */
2407 /* do config file checking of the sender */
2408 macdefine(&e->e_macro, A_PERM,
2409 macid("{addr_type}"), "e s");
2411 /* make the "real" sender address available */
2412 macdefine(&e->e_macro, A_TEMP, macid("{mail_from}"),
2414 #endif /* _FFR_MAIL_MACRO */
2415 if (rscheck("check_mail", addr,
2416 NULL, e, RSF_RMCOMM|RSF_COUNT, 3,
2417 NULL, e->e_id, NULL) != EX_OK ||
2419 sm_exc_raisenew_x(&EtypeQuickAbort, 1);
2420 macdefine(&e->e_macro, A_PERM,
2421 macid("{addr_type}"), NULL);
2423 if (MaxMessageSize > 0 &&
2424 (e->e_msgsize > MaxMessageSize ||
2427 usrerr("552 5.2.3 Message size exceeds fixed maximum message size (%ld)",
2429 sm_exc_raisenew_x(&EtypeQuickAbort, 1);
2433 ** XXX always check whether there is at least one fs
2434 ** with enough space?
2435 ** However, this may not help much: the queue group
2436 ** selection may later on select a FS that hasn't
2440 if ((NumFileSys == 1 || NumQueue == 1) &&
2441 !enoughdiskspace(e->e_msgsize, e)
2442 #if _FFR_ANY_FREE_FS
2443 && !filesys_free(e->e_msgsize)
2444 #endif /* _FFR_ANY_FREE_FS */
2448 ** We perform this test again when the
2449 ** queue directory is selected, in collect.
2452 usrerr("452 4.4.5 Insufficient disk space; try again later");
2453 sm_exc_raisenew_x(&EtypeQuickAbort, 1);
2456 sm_exc_raisenew_x(&EtypeQuickAbort, 1);
2460 if (smtp.sm_milterlist && smtp.sm_milterize &&
2461 !bitset(EF_DISCARD, e->e_flags))
2466 response = milter_envfrom(args, e, &state);
2467 MILTER_REPLY("from");
2471 sm_exc_raisenew_x(&EtypeQuickAbort, 1);
2473 message("250 2.1.0 Sender ok");
2474 smtp.sm_gotmail = true;
2476 SM_EXCEPT(exc, "[!F]*")
2479 ** An error occurred while processing a MAIL command.
2480 ** Jump to the common error handling code.
2490 e->e_flags &= ~EF_PM_NOTIFY;
2494 case CMDRCPT: /* rcpt -- designate recipient */
2496 macdefine(&e->e_macro, A_PERM,
2497 macid("{rcpt_mailer}"), NULL);
2498 macdefine(&e->e_macro, A_PERM,
2499 macid("{rcpt_host}"), NULL);
2500 macdefine(&e->e_macro, A_PERM,
2501 macid("{rcpt_addr}"), NULL);
2503 (void) memset(&addr_st, '\0', sizeof(addr_st));
2505 milter_rcpt_added = false;
2507 if (BadRcptThrottle > 0 &&
2508 n_badrcpts >= BadRcptThrottle)
2511 n_badrcpts == BadRcptThrottle)
2513 sm_syslog(LOG_INFO, e->e_id,
2514 "%s: Possible SMTP RCPT flood, throttling.",
2517 /* To avoid duplicated message */
2523 ** Don't use exponential backoff for now.
2524 ** Some servers will open more connections
2525 ** and actually overload the receiver even
2531 if (!smtp.sm_gotmail)
2533 usrerr("503 5.0.0 Need MAIL before RCPT");
2536 SmtpPhase = "server RCPT";
2542 /* limit flooding of our machine */
2543 if (MaxRcptPerMsg > 0 &&
2544 smtp.sm_nrcpts >= MaxRcptPerMsg)
2546 /* sleep(1); / * slow down? */
2547 usrerr("452 4.5.3 Too many recipients");
2551 if (e->e_sendmode != SM_DELIVER
2553 && (NotFirstDelivery || SM_DM_ONE != e->e_sendmode)
2554 #endif /* _FFR_DM_ONE */
2556 e->e_flags |= EF_VRFYONLY;
2560 ** Do not expand recipients at RCPT time (in the call
2561 ** to recipient()). If they are expanded, it
2562 ** is impossible for removefromlist() to figure
2563 ** out the expanded members of the original
2564 ** recipient and mark them as QS_DONTSEND.
2567 e->e_flags |= EF_VRFYONLY;
2568 milter_cmd_done = false;
2569 milter_cmd_safe = false;
2572 p = skipword(p, "to");
2575 macdefine(&e->e_macro, A_PERM,
2576 macid("{addr_type}"), "e r");
2577 a = parseaddr(p, NULLADDR, RF_COPYALL, ' ', &delimptr,
2579 macdefine(&e->e_macro, A_PERM,
2580 macid("{addr_type}"), NULL);
2585 usrerr("501 5.0.0 Missing recipient");
2589 if (delimptr != NULL && *delimptr != '\0')
2592 /* put resulting triple from parseaddr() into macros */
2593 if (a->q_mailer != NULL)
2594 macdefine(&e->e_macro, A_PERM,
2595 macid("{rcpt_mailer}"),
2596 a->q_mailer->m_name);
2598 macdefine(&e->e_macro, A_PERM,
2599 macid("{rcpt_mailer}"), NULL);
2600 if (a->q_host != NULL)
2601 macdefine(&e->e_macro, A_PERM,
2602 macid("{rcpt_host}"), a->q_host);
2604 macdefine(&e->e_macro, A_PERM,
2605 macid("{rcpt_host}"), "localhost");
2606 if (a->q_user != NULL)
2607 macdefine(&e->e_macro, A_PERM,
2608 macid("{rcpt_addr}"), a->q_user);
2610 macdefine(&e->e_macro, A_PERM,
2611 macid("{rcpt_addr}"), NULL);
2615 /* now parse ESMTP arguments */
2617 parse_esmtp_args(e, a, p, delimptr, "RCPT", args,
2624 ** rscheck() can trigger an "exception"
2625 ** in which case the execution continues at
2626 ** SM_EXCEPT(exc, "[!F]*")
2627 ** This means milter_cmd_safe is not set
2628 ** and hence milter is not invoked.
2629 ** Would it be "safe" to change that, i.e., use
2630 ** milter_cmd_safe = true;
2631 ** here so a milter is informed (if requested)
2632 ** about RCPTs that are rejected by check_rcpt?
2634 # if _FFR_MILTER_CHECK_REJECTIONS_TOO
2635 milter_cmd_safe = true;
2639 /* do config file checking of the recipient */
2640 macdefine(&e->e_macro, A_PERM,
2641 macid("{addr_type}"), "e r");
2642 if (rscheck("check_rcpt", addr,
2643 NULL, e, RSF_RMCOMM|RSF_COUNT, 3,
2644 NULL, e->e_id, p_addr_st) != EX_OK ||
2647 macdefine(&e->e_macro, A_PERM,
2648 macid("{addr_type}"), NULL);
2650 /* If discarding, don't bother to verify user */
2651 if (bitset(EF_DISCARD, e->e_flags))
2652 a->q_state = QS_VERIFIED;
2654 milter_cmd_safe = true;
2657 /* save in recipient list after ESMTP mods */
2658 a = recipient(a, &e->e_sendqueue, 0, e);
2659 /* may trigger exception... */
2662 milter_rcpt_added = true;
2665 if(!(Errors > 0) && QS_IS_BADADDR(a->q_state))
2667 /* punt -- should keep message in ADDRESS.... */
2668 usrerr("550 5.1.1 Addressee unknown");
2673 if (smtp.sm_milterlist && smtp.sm_milterize &&
2674 !bitset(EF_DISCARD, e->e_flags))
2679 /* how to get the error codes? */
2682 macdefine(&e->e_macro, A_PERM,
2683 macid("{rcpt_mailer}"),
2686 a->q_status != NULL &&
2687 a->q_rstatus != NULL)
2689 macdefine(&e->e_macro, A_PERM,
2690 macid("{rcpt_host}"),
2692 macdefine(&e->e_macro, A_PERM,
2693 macid("{rcpt_addr}"),
2698 if (addr_st.q_host != NULL)
2699 macdefine(&e->e_macro,
2701 macid("{rcpt_host}"),
2703 if (addr_st.q_user != NULL)
2704 macdefine(&e->e_macro,
2706 macid("{rcpt_addr}"),
2711 response = milter_envrcpt(args, e, &state,
2713 milter_cmd_done = true;
2718 /* no errors during parsing, but might be a duplicate */
2719 e->e_to = a->q_paddr;
2720 if (!(Errors > 0) && !QS_IS_BADADDR(a->q_state))
2722 if (smtp.sm_nrcpts == 0)
2724 message("250 2.1.5 Recipient ok%s",
2725 QS_IS_QUEUEUP(a->q_state) ?
2726 " (will queue)" : "");
2730 /* Is this needed? */
2733 #endif /* !MILTER */
2734 macdefine(&e->e_macro, A_PERM,
2735 macid("{rcpt_mailer}"), NULL);
2736 macdefine(&e->e_macro, A_PERM,
2737 macid("{rcpt_host}"), NULL);
2738 macdefine(&e->e_macro, A_PERM,
2739 macid("{rcpt_addr}"), NULL);
2740 macdefine(&e->e_macro, A_PERM,
2741 macid("{dsn_notify}"), NULL);
2749 SM_EXCEPT(exc, "[!F]*")
2751 /* An exception occurred while processing RCPT */
2752 e->e_flags &= ~(EF_FATALERRS|EF_PM_NOTIFY);
2756 if (smtp.sm_milterlist && smtp.sm_milterize &&
2757 !bitset(EF_DISCARD, e->e_flags) &&
2758 !milter_cmd_done && milter_cmd_safe)
2763 macdefine(&e->e_macro, A_PERM,
2764 macid("{rcpt_mailer}"), "error");
2766 /* how to get the error codes? */
2767 if (addr_st.q_host != NULL)
2768 macdefine(&e->e_macro, A_PERM,
2769 macid("{rcpt_host}"),
2771 else if (a != NULL && a->q_status != NULL)
2772 macdefine(&e->e_macro, A_PERM,
2773 macid("{rcpt_host}"),
2776 if (addr_st.q_user != NULL)
2777 macdefine(&e->e_macro, A_PERM,
2778 macid("{rcpt_addr}"),
2780 else if (a != NULL && a->q_rstatus != NULL)
2781 macdefine(&e->e_macro, A_PERM,
2782 macid("{rcpt_addr}"),
2785 response = milter_envrcpt(args, e, &state,
2787 milter_cmd_done = true;
2789 macdefine(&e->e_macro, A_PERM,
2790 macid("{rcpt_mailer}"), NULL);
2791 macdefine(&e->e_macro, A_PERM,
2792 macid("{rcpt_host}"), NULL);
2793 macdefine(&e->e_macro, A_PERM,
2794 macid("{rcpt_addr}"), NULL);
2796 if (smtp.sm_milterlist && smtp.sm_milterize &&
2797 milter_rcpt_added && milter_cmd_done &&
2800 (void) removefromlist(addr, &e->e_sendqueue, e);
2801 milter_cmd_fail = false;
2808 case CMDDATA: /* data -- text of mail */
2810 if (!smtp_data(&smtp, e))
2814 case CMDRSET: /* rset -- reset state */
2816 message("451 4.0.0 Test failure");
2818 message("250 2.0.0 Reset state");
2819 CLEAR_STATE(cmdbuf);
2822 case CMDVRFY: /* vrfy -- verify address */
2823 case CMDEXPN: /* expn -- expand address */
2824 vrfy = c->cmd_code == CMDVRFY;
2825 DELAY_CONN(vrfy ? "VRFY" : "EXPN");
2829 sm_syslog(LOG_INFO, e->e_id,
2830 "SMTP %s command (%.100s) from %s tempfailed (due to previous checks)",
2831 vrfy ? "VRFY" : "EXPN",
2834 /* RFC 821 doesn't allow 4xy reply code */
2835 usrerr("550 5.7.1 Please try again later");
2838 wt = checksmtpattack(&n_verifies, MAXVRFYCOMMANDS,
2839 false, vrfy ? "VRFY" : "EXPN", e);
2841 previous = curtime();
2842 if ((vrfy && bitset(PRIV_NOVRFY, PrivacyFlags)) ||
2843 (!vrfy && !bitset(SRV_OFFER_EXPN, features)))
2846 message("252 2.5.2 Cannot VRFY user; try RCPT to attempt delivery (or try finger)");
2848 message("502 5.7.0 Sorry, we do not allow this operation");
2850 sm_syslog(LOG_INFO, e->e_id,
2851 "%s: %s [rejected]",
2853 shortenstring(inp, MAXSHORTSTR));
2856 else if (!gothello &&
2857 bitset(vrfy ? PRIV_NEEDVRFYHELO : PRIV_NEEDEXPNHELO,
2860 usrerr("503 5.0.0 I demand that you introduce yourself first");
2866 sm_syslog(LOG_INFO, e->e_id, "%s: %s",
2868 shortenstring(inp, MAXSHORTSTR));
2874 e->e_flags |= EF_VRFYONLY;
2875 while (*p != '\0' && isascii(*p) && isspace(*p))
2879 usrerr("501 5.5.2 Argument required");
2883 /* do config file checking of the address */
2884 if (rscheck(vrfy ? "check_vrfy" : "check_expn",
2885 p, NULL, e, RSF_RMCOMM,
2886 3, NULL, NOQID, NULL) != EX_OK ||
2888 sm_exc_raisenew_x(&EtypeQuickAbort, 1);
2889 (void) sendtolist(p, NULLADDR, &vrfyqueue, 0, e);
2895 t = wt - (curtime() - previous);
2900 sm_exc_raisenew_x(&EtypeQuickAbort, 1);
2901 if (vrfyqueue == NULL)
2903 usrerr("554 5.5.2 Nothing to %s", vrfy ? "VRFY" : "EXPN");
2905 while (vrfyqueue != NULL)
2907 if (!QS_IS_UNDELIVERED(vrfyqueue->q_state))
2909 vrfyqueue = vrfyqueue->q_next;
2913 /* see if there is more in the vrfy list */
2915 while ((a = a->q_next) != NULL &&
2916 (!QS_IS_UNDELIVERED(a->q_state)))
2918 printvrfyaddr(vrfyqueue, a == NULL, vrfy);
2922 SM_EXCEPT(exc, "[!F]*")
2925 ** An exception occurred while processing VRFY/EXPN
2934 case CMDETRN: /* etrn -- force queue flush */
2937 /* Don't leak queue information via debug flags */
2938 if (!bitset(SRV_OFFER_ETRN, features) || UseMSP ||
2939 (RealUid != 0 && RealUid != TrustedUid &&
2942 /* different message for MSA ? */
2943 message("502 5.7.0 Sorry, we do not allow this operation");
2945 sm_syslog(LOG_INFO, e->e_id,
2946 "%s: %s [rejected]",
2948 shortenstring(inp, MAXSHORTSTR));
2954 sm_syslog(LOG_INFO, e->e_id,
2955 "SMTP ETRN command (%.100s) from %s tempfailed (due to previous checks)",
2957 usrerr(MSG_TEMPFAIL);
2963 usrerr("500 5.5.2 Parameter required");
2967 /* crude way to avoid denial-of-service attacks */
2968 STOP_IF_ATTACK(checksmtpattack(&n_etrn, MAXETRNCOMMANDS,
2972 ** Do config file checking of the parameter.
2973 ** Even though we have srv_features now, we still
2974 ** need this ruleset because the former is called
2975 ** when the connection has been established, while
2976 ** this ruleset is called when the command is
2977 ** actually issued and therefore has all information
2978 ** available to make a decision.
2981 if (rscheck("check_etrn", p, NULL, e,
2982 RSF_RMCOMM, 3, NULL, NOQID, NULL)
2988 sm_syslog(LOG_INFO, e->e_id,
2989 "%s: ETRN %s", CurSmtpClient,
2990 shortenstring(p, MAXSHORTSTR));
2998 qgrp = name2qid(id);
2999 if (!ISVALIDQGRP(qgrp))
3001 usrerr("459 4.5.4 Queue %s unknown",
3005 for (i = 0; i < NumQueue && Queue[i] != NULL;
3007 Queue[i]->qg_nextrun = (time_t) -1;
3008 Queue[qgrp]->qg_nextrun = 0;
3009 ok = run_work_group(Queue[qgrp]->qg_wgrp,
3010 RWG_FORK|RWG_FORCE);
3011 if (ok && Errors == 0)
3012 message("250 2.0.0 Queuing for queue group %s started", id);
3021 new = (QUEUE_CHAR *) sm_malloc(sizeof(QUEUE_CHAR));
3024 syserr("500 5.5.0 ETRN out of memory");
3027 new->queue_match = id;
3028 new->queue_negate = false;
3029 new->queue_next = NULL;
3030 QueueLimitRecipient = new;
3031 ok = runqueue(true, false, false, true);
3032 sm_free(QueueLimitRecipient); /* XXX */
3033 QueueLimitRecipient = NULL;
3034 if (ok && Errors == 0)
3035 message("250 2.0.0 Queuing for node %s started", p);
3038 case CMDHELP: /* help -- give user info */
3043 case CMDNOOP: /* noop -- do nothing */
3045 STOP_IF_ATTACK(checksmtpattack(&n_noop, MaxNOOPCommands,
3047 message("250 2.0.0 OK");
3050 case CMDQUIT: /* quit -- leave mail */
3051 message("221 2.0.0 %s closing connection", MyHostName);
3053 (void) sm_io_flush(OutChannel, SM_TIME_DEFAULT);
3054 #endif /* PIPELINING */
3056 if (smtp.sm_nrcpts > 0)
3057 logundelrcpts(e, "aborted by sender", 9, false);
3059 /* arrange to ignore any current send list */
3060 e->e_sendqueue = NULL;
3063 /* shutdown TLS connection */
3066 (void) endtls(srv_ssl, "server");
3069 #endif /* STARTTLS */
3071 if (authenticating == SASL_IS_AUTH)
3073 sasl_dispose(&conn);
3074 authenticating = SASL_NOT_AUTH;
3075 /* XXX sasl_done(); this is a child */
3080 /* avoid future 050 messages */
3084 /* close out milter filters */
3088 if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags))
3090 e->e_flags &= ~EF_LOGSENDER;
3092 if (lognullconnection && LogLevel > 5 &&
3097 d = macvalue(macid("{daemon_name}"), e);
3102 ** even though this id is "bogus", it makes
3103 ** it simpler to "grep" related events, e.g.,
3104 ** timeouts for the same connection.
3107 sm_syslog(LOG_INFO, e->e_id,
3108 "%s did not issue MAIL/EXPN/VRFY/ETRN during connection to %s",
3113 /* return to handle next connection */
3116 finis(true, true, ExitStat);
3119 /* just to avoid bogus warning from some compilers */
3122 case CMDVERB: /* set verbose mode */
3124 if (!bitset(SRV_OFFER_EXPN, features) ||
3125 !bitset(SRV_OFFER_VERB, features))
3127 /* this would give out the same info */
3128 message("502 5.7.0 Verbose unavailable");
3131 STOP_IF_ATTACK(checksmtpattack(&n_noop, MaxNOOPCommands,
3134 set_delivery_mode(SM_DELIVER, e);
3135 message("250 2.0.0 Verbose mode");
3139 case CMDDBGQSHOW: /* show queues */
3140 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
3142 printaddr(smioout, e->e_sendqueue, true);
3145 case CMDDBGDEBUG: /* set debug mode */
3146 tTsetup(tTdvect, sizeof(tTdvect), "0-99.1");
3148 message("200 2.0.0 Debug set");
3151 #else /* SMTPDEBUG */
3152 case CMDDBGQSHOW: /* show queues */
3153 case CMDDBGDEBUG: /* set debug mode */
3154 #endif /* SMTPDEBUG */
3155 case CMDLOGBOGUS: /* bogus command */
3156 DELAY_CONN("Bogus");
3158 sm_syslog(LOG_CRIT, e->e_id,
3159 "\"%s\" command from %s (%.100s)",
3160 c->cmd_name, CurSmtpClient,
3161 anynet_ntoa(&RealHostAddr));
3164 case CMDERROR: /* unknown command */
3165 #if MAXBADCOMMANDS > 0
3166 if (++n_badcmds > MAXBADCOMMANDS)
3169 message("421 4.7.0 %s Too many bad commands; closing connection",
3172 /* arrange to ignore any current send list */
3173 e->e_sendqueue = NULL;
3176 #endif /* MAXBADCOMMANDS > 0 */
3178 #if MILTER && SMFI_VERSION > 2
3179 if (smtp.sm_milterlist && smtp.sm_milterize &&
3180 !bitset(EF_DISCARD, e->e_flags))
3185 if (MilterLogLevel > 9)
3186 sm_syslog(LOG_INFO, e->e_id,
3187 "Sending \"%s\" to Milter", inp);
3188 response = milter_unknown(inp, e, &state);
3189 MILTER_REPLY("unknown");
3190 if (state == SMFIR_REPLYCODE ||
3191 state == SMFIR_REJECT ||
3192 state == SMFIR_TEMPFAIL ||
3193 state == SMFIR_SHUTDOWN)
3195 /* MILTER_REPLY already gave an error */
3199 #endif /* MILTER && SMFI_VERSION > 2 */
3201 usrerr("500 5.5.1 Command unrecognized: \"%s\"",
3202 shortenstring(inp, MAXSHORTSTR));
3206 DELAY_CONN("Unimpl");
3207 usrerr("502 5.5.1 Command not implemented: \"%s\"",
3208 shortenstring(inp, MAXSHORTSTR));
3212 DELAY_CONN("default");
3214 syserr("500 5.5.0 smtp: unknown code %d", c->cmd_code);
3221 SM_EXCEPT(exc, "[!F]*")
3224 ** The only possible exception is "E:mta.quickabort".
3225 ** There is nothing to do except fall through and loop.
3232 ** SMTP_DATA -- implement the SMTP DATA command.
3235 ** smtp -- status of SMTP connection.
3239 ** true iff SMTP session can continue.
3242 ** possibly sends message.
3260 unsigned int features;
3263 SmtpPhase = "server DATA";
3264 if (!smtp->sm_gotmail)
3266 usrerr("503 5.0.0 Need MAIL command");
3269 else if (smtp->sm_nrcpts <= 0)
3271 usrerr("503 5.0.0 Need RCPT (recipient)");
3274 (void) sm_snprintf(buf, sizeof(buf), "%u", smtp->sm_nrcpts);
3275 if (rscheck("check_data", buf, NULL, e,
3276 RSF_RMCOMM|RSF_UNSTRUCTURED|RSF_COUNT, 3, NULL,
3277 e->e_id, NULL) != EX_OK)
3280 #if MILTER && SMFI_VERSION > 3
3281 if (smtp->sm_milterlist && smtp->sm_milterize &&
3282 !bitset(EF_DISCARD, e->e_flags))
3286 int savelogusrerrs = LogUsrErrs;
3288 response = milter_data_cmd(e, &state);
3291 case SMFIR_REPLYCODE:
3292 if (MilterLogLevel > 3)
3294 sm_syslog(LOG_INFO, e->e_id,
3295 "Milter: cmd=data, reject=%s",
3300 if (strncmp(response, "421 ", 4) == 0
3301 || strncmp(response, "421-", 4) == 0)
3303 e->e_sendqueue = NULL;
3309 if (MilterLogLevel > 3)
3311 sm_syslog(LOG_INFO, e->e_id,
3312 "Milter: cmd=data, reject=550 5.7.1 Command rejected");
3315 usrerr("550 5.7.1 Command rejected");
3319 if (MilterLogLevel > 3)
3320 sm_syslog(LOG_INFO, e->e_id,
3321 "Milter: cmd=data, discard");
3322 e->e_flags |= EF_DISCARD;
3325 case SMFIR_TEMPFAIL:
3326 if (MilterLogLevel > 3)
3328 sm_syslog(LOG_INFO, e->e_id,
3329 "Milter: cmd=data, reject=%s",
3333 usrerr(MSG_TEMPFAIL);
3336 case SMFIR_SHUTDOWN:
3337 if (MilterLogLevel > 3)
3339 sm_syslog(LOG_INFO, e->e_id,
3340 "Milter: cmd=data, reject=421 4.7.0 %s closing connection",
3344 usrerr("421 4.7.0 %s closing connection", MyHostName);
3345 e->e_sendqueue = NULL;
3348 LogUsrErrs = savelogusrerrs;
3349 if (response != NULL)
3350 sm_free(response); /* XXX */
3352 #endif /* MILTER && SMFI_VERSION > 3 */
3354 /* put back discard bit */
3355 if (smtp->sm_discard)
3356 e->e_flags |= EF_DISCARD;
3358 /* check to see if we need to re-expand aliases */
3359 /* also reset QS_BADADDR on already-diagnosted addrs */
3360 doublequeue = false;
3361 for (a = e->e_sendqueue; a != NULL; a = a->q_next)
3363 if (QS_IS_VERIFIED(a->q_state) &&
3364 !bitset(EF_DISCARD, e->e_flags))
3366 /* need to re-expand aliases */
3369 if (QS_IS_BADADDR(a->q_state))
3371 /* make this "go away" */
3372 a->q_state = QS_DONTSEND;
3376 /* collect the text of the message */
3377 SmtpPhase = "collect";
3380 collect(InChannel, true, NULL, e, true);
3382 /* redefine message size */
3383 (void) sm_snprintf(buf, sizeof(buf), "%ld", e->e_msgsize);
3384 macdefine(&e->e_macro, A_TEMP, macid("{msg_size}"), buf);
3386 /* rscheck() will set Errors or EF_DISCARD if it trips */
3387 (void) rscheck("check_eom", buf, NULL, e, RSF_UNSTRUCTURED|RSF_COUNT,
3388 3, NULL, e->e_id, NULL);
3391 milteraccept = true;
3392 if (smtp->sm_milterlist && smtp->sm_milterize &&
3394 !bitset(EF_DISCARD, e->e_flags))
3399 response = milter_data(e, &state);
3402 case SMFIR_REPLYCODE:
3403 if (MilterLogLevel > 3)
3404 sm_syslog(LOG_INFO, e->e_id,
3405 "Milter: data, reject=%s",
3407 milteraccept = false;
3412 milteraccept = false;
3413 if (MilterLogLevel > 3)
3414 sm_syslog(LOG_INFO, e->e_id,
3415 "Milter: data, reject=554 5.7.1 Command rejected");
3416 usrerr("554 5.7.1 Command rejected");
3420 if (MilterLogLevel > 3)
3421 sm_syslog(LOG_INFO, e->e_id,
3422 "Milter: data, discard");
3423 milteraccept = false;
3424 e->e_flags |= EF_DISCARD;
3427 case SMFIR_TEMPFAIL:
3428 if (MilterLogLevel > 3)
3429 sm_syslog(LOG_INFO, e->e_id,
3430 "Milter: data, reject=%s",
3432 milteraccept = false;
3433 usrerr(MSG_TEMPFAIL);
3436 case SMFIR_SHUTDOWN:
3437 if (MilterLogLevel > 3)
3438 sm_syslog(LOG_INFO, e->e_id,
3439 "Milter: data, reject=421 4.7.0 %s closing connection",
3441 milteraccept = false;
3442 usrerr("421 4.7.0 %s closing connection", MyHostName);
3446 if (response != NULL)
3450 /* Milter may have changed message size */
3451 (void) sm_snprintf(buf, sizeof(buf), "%ld", e->e_msgsize);
3452 macdefine(&e->e_macro, A_TEMP, macid("{msg_size}"), buf);
3454 /* abort message filters that didn't get the body & log msg is OK */
3455 if (smtp->sm_milterlist && smtp->sm_milterize)
3458 if (milteraccept && MilterLogLevel > 9)
3459 sm_syslog(LOG_INFO, e->e_id, "Milter accept: message");
3463 ** If SuperSafe is SAFE_REALLY_POSTMILTER, and we don't have milter or
3464 ** milter accepted message, sync it now
3466 ** XXX This is almost a copy of the code in collect(): put it into
3467 ** a function that is called from both places?
3470 if (milteraccept && SuperSafe == SAFE_REALLY_POSTMILTER)
3473 SM_FILE_T *volatile df;
3477 dfname = queuename(e, DATAFL_LETTER);
3478 if (sm_io_setinfo(df, SM_BF_COMMIT, NULL) < 0
3484 if (save_errno == EEXIST)
3489 if (stat(dfname, &st) < 0)
3492 syserr("@collect: bfcommit(%s): already on disk, size=%ld",
3493 dfname, (long) st.st_size);
3494 dfd = sm_io_getinfo(df, SM_IO_WHAT_FD, NULL);
3496 dumpfd(dfd, true, true);
3499 dferror(df, "bfcommit", e);
3501 finis(save_errno != EEXIST, true, ExitStat);
3503 else if ((afd = sm_io_getinfo(df, SM_IO_WHAT_FD, NULL)) < 0)
3505 dferror(df, "sm_io_getinfo", e);
3507 finis(true, true, ExitStat);
3510 else if (fsync(afd) < 0)
3512 dferror(df, "fsync", e);
3514 finis(true, true, ExitStat);
3517 else if (sm_io_close(df, SM_TIME_DEFAULT) < 0)
3519 dferror(df, "sm_io_close", e);
3521 finis(true, true, ExitStat);
3525 /* Now reopen the df file */
3526 e->e_dfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, dfname,
3527 SM_IO_RDONLY, NULL);
3528 if (e->e_dfp == NULL)
3530 /* we haven't acked receipt yet, so just chuck this */
3531 syserr("@Cannot reopen %s", dfname);
3532 finis(true, true, ExitStat);
3538 /* Check if quarantining stats should be updated */
3539 if (e->e_quarmsg != NULL)
3540 markstats(e, NULL, STATS_QUARANTINE);
3543 ** If a header/body check (header checks or milter)
3544 ** set EF_DISCARD, don't queueup the message --
3545 ** that would lose the EF_DISCARD bit and deliver
3549 if (bitset(EF_DISCARD, e->e_flags))
3550 doublequeue = false;
3552 aborting = Errors > 0;
3553 if (!(aborting || bitset(EF_DISCARD, e->e_flags)) &&
3554 (QueueMode == QM_QUARANTINE || e->e_quarmsg == NULL) &&
3555 !split_by_recipient(e))
3556 aborting = bitset(EF_FATALERRS, e->e_flags);
3560 /* Log who the mail would have gone to */
3561 logundelrcpts(e, e->e_message, 8, false);
3567 /* from now on, we have to operate silently */
3572 ** Clear message, it may contain an error from the SMTP dialogue.
3573 ** This error must not show up in the queue.
3574 ** Some error message should show up, e.g., alias database
3575 ** not available, but others shouldn't, e.g., from check_rcpt.
3578 e->e_message = NULL;
3582 ** Arrange to send to everyone.
3583 ** If sending to multiple people, mail back
3584 ** errors rather than reporting directly.
3585 ** In any case, don't mail back errors for
3586 ** anything that has happened up to
3587 ** now (the other end will do this).
3588 ** Truncate our transcript -- the mail has gotten
3589 ** to us successfully, and if we have
3590 ** to mail this back, it will be easier
3592 ** Then send to everyone.
3593 ** Finally give a reply code. If an error has
3594 ** already been given, don't mail a
3596 ** We goose error returns by clearing error bit.
3599 SmtpPhase = "delivery";
3600 (void) sm_io_setinfo(e->e_xfp, SM_BF_TRUNCATE, NULL);
3604 _res.retry = TimeOuts.res_retry[RES_TO_FIRST];
3605 _res.retrans = TimeOuts.res_retrans[RES_TO_FIRST];
3606 #endif /* NAMED_BIND */
3608 for (ee = e; ee != NULL; ee = ee->e_sibling)
3610 /* make sure we actually do delivery */
3611 ee->e_flags &= ~EF_CLRQUEUE;
3613 /* from now on, operate silently */
3614 ee->e_errormode = EM_MAIL;
3618 /* make sure it is in the queue */
3619 queueup(ee, false, true);
3625 /* send to all recipients */
3628 if (SM_DM_ONE == e->e_sendmode)
3630 if (NotFirstDelivery)
3633 e->e_sendmode = SM_QUEUE;
3638 NotFirstDelivery = true;
3641 #endif /* _FFR_DM_ONE */
3647 /* put back id for SMTP logging in putoutmsg() */
3648 oldid = CurEnv->e_id;
3651 /* issue success message */
3653 if (MessageAccept != NULL && *MessageAccept != '\0')
3657 expand(MessageAccept, msg, sizeof(msg), e);
3658 message("250 2.0.0 %s", msg);
3661 #endif /* _FFR_MSG_ACCEPT */
3662 message("250 2.0.0 %s Message accepted for delivery", id);
3663 CurEnv->e_id = oldid;
3665 /* if we just queued, poke it */
3668 bool anything_to_send = false;
3671 for (ee = e; ee != NULL; ee = ee->e_sibling)
3673 if (WILL_BE_QUEUED(ee->e_sendmode))
3675 if (shouldqueue(ee->e_msgpriority, ee->e_ctime))
3677 ee->e_sendmode = SM_QUEUE;
3680 else if (QueueMode != QM_QUARANTINE &&
3681 ee->e_quarmsg != NULL)
3683 ee->e_sendmode = SM_QUEUE;
3686 anything_to_send = true;
3688 /* close all the queue files */
3690 if (ee->e_dfp != NULL)
3692 (void) sm_io_close(ee->e_dfp, SM_TIME_DEFAULT);
3697 if (anything_to_send)
3701 ** XXX if we don't do this, we get 250 twice
3702 ** because it is also flushed in the child.
3705 (void) sm_io_flush(OutChannel, SM_TIME_DEFAULT);
3706 #endif /* PIPELINING */
3707 (void) doworklist(e, true, true);
3712 if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags))
3714 e->e_flags &= ~EF_LOGSENDER;
3716 /* clean up a bit */
3717 smtp->sm_gotmail = false;
3720 ** Call dropenvelope if and only if the envelope is *not*
3721 ** being processed by the child process forked by doworklist().
3724 if (aborting || bitset(EF_DISCARD, e->e_flags))
3725 dropenvelope(e, true, false);
3728 for (ee = e; ee != NULL; ee = ee->e_sibling)
3731 QueueMode != QM_QUARANTINE &&
3732 ee->e_quarmsg != NULL)
3734 dropenvelope(ee, true, false);
3737 if (WILL_BE_QUEUED(ee->e_sendmode))
3738 dropenvelope(ee, true, false);
3741 sm_rpool_free(e->e_rpool);
3744 ** At this point, e == &MainEnvelope, but if we did splitting,
3745 ** then CurEnv may point to an envelope structure that was just
3746 ** freed with the rpool. So reset CurEnv *before* calling
3751 features = e->e_features;
3752 newenvelope(e, e, sm_rpool_new_x(NULL));
3753 e->e_flags = BlankEnvelope.e_flags;
3754 e->e_features = features;
3756 /* restore connection quarantining */
3757 if (smtp->sm_quarmsg == NULL)
3759 e->e_quarmsg = NULL;
3760 macdefine(&e->e_macro, A_PERM, macid("{quarantine}"), "");
3764 e->e_quarmsg = sm_rpool_strdup_x(e->e_rpool, smtp->sm_quarmsg);
3765 macdefine(&e->e_macro, A_PERM,
3766 macid("{quarantine}"), e->e_quarmsg);
3771 ** LOGUNDELRCPTS -- log undelivered (or all) recipients.
3775 ** msg -- message for Stat=
3776 ** level -- log level.
3777 ** all -- log all recipients.
3783 ** logs undelivered (or all) recipients
3787 logundelrcpts(e, msg, level, all)
3795 if (LogLevel <= level || msg == NULL || *msg == '\0')
3798 /* Clear $h so relay= doesn't get mislogged by logdelivery() */
3799 macdefine(&e->e_macro, A_PERM, 'h', NULL);
3801 /* Log who the mail would have gone to */
3802 for (a = e->e_sendqueue; a != NULL; a = a->q_next)
3804 if (!QS_IS_UNDELIVERED(a->q_state) && !all)
3806 e->e_to = a->q_paddr;
3807 logdelivery(NULL, NULL, a->q_status, msg, NULL,
3813 ** CHECKSMTPATTACK -- check for denial-of-service attack by repetition
3816 ** pcounter -- pointer to a counter for this command.
3817 ** maxcount -- maximum value for this counter before we
3819 ** waitnow -- sleep now (in this routine)?
3820 ** cname -- command name for logging.
3821 ** e -- the current envelope.
3825 ** STOP_ATTACK if twice as many commands as allowed and
3829 ** Slows down if we seem to be under attack.
3833 checksmtpattack(pcounter, maxcount, waitnow, cname, e)
3834 volatile unsigned int *pcounter;
3835 unsigned int maxcount;
3840 if (maxcount <= 0) /* no limit */
3843 if (++(*pcounter) >= maxcount)
3848 if (*pcounter == maxcount && LogLevel > 5)
3850 sm_syslog(LOG_INFO, e->e_id,
3851 "%s: possible SMTP attack: command=%.40s, count=%u",
3852 CurSmtpClient, cname, *pcounter);
3854 shift = *pcounter - maxcount;
3856 if (shift > MAXSHIFT || s >= MAXTIMEOUT || s <= 0)
3859 #define IS_ATTACK(s) ((MaxChildren > 0 && *pcounter >= maxcount * 2) \
3860 ? STOP_ATTACK : (time_t) s)
3862 /* sleep at least 1 second before returning */
3863 (void) sleep(*pcounter / maxcount);
3864 s -= *pcounter / maxcount;
3865 if (s >= MAXTIMEOUT || s < 0)
3867 if (waitnow && s > 0)
3870 return IS_ATTACK(0);
3872 return IS_ATTACK(s);
3877 ** SETUP_SMTPD_IO -- setup I/O fd correctly for the SMTP server
3886 ** may change I/O fd.
3892 int inchfd, outchfd, outfd;
3894 inchfd = sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL);
3895 outchfd = sm_io_getinfo(OutChannel, SM_IO_WHAT_FD, NULL);
3896 outfd = sm_io_getinfo(smioout, SM_IO_WHAT_FD, NULL);
3897 if (outchfd != outfd)
3899 /* arrange for debugging output to go to remote host */
3900 (void) dup2(outchfd, outfd);
3904 ** if InChannel and OutChannel are stdin/stdout
3905 ** and connected to ttys
3906 ** and fcntl(STDIN, F_SETFL, O_NONBLOCKING) also changes STDOUT,
3907 ** then "chain" them together.
3910 if (inchfd == STDIN_FILENO && outchfd == STDOUT_FILENO &&
3911 isatty(inchfd) && isatty(outchfd))
3913 int inmode, outmode;
3915 inmode = fcntl(inchfd, F_GETFL, 0);
3919 sm_syslog(LOG_INFO, NOQID,
3920 "fcntl(inchfd, F_GETFL) failed: %s",
3921 sm_errstring(errno));
3924 outmode = fcntl(outchfd, F_GETFL, 0);
3928 sm_syslog(LOG_INFO, NOQID,
3929 "fcntl(outchfd, F_GETFL) failed: %s",
3930 sm_errstring(errno));
3933 if (bitset(O_NONBLOCK, inmode) ||
3934 bitset(O_NONBLOCK, outmode) ||
3935 fcntl(inchfd, F_SETFL, inmode | O_NONBLOCK) == -1)
3937 outmode = fcntl(outchfd, F_GETFL, 0);
3938 if (outmode != -1 && bitset(O_NONBLOCK, outmode))
3940 /* changing InChannel also changes OutChannel */
3941 sm_io_automode(OutChannel, InChannel);
3942 if (tTd(97, 4) && LogLevel > 9)
3943 sm_syslog(LOG_INFO, NOQID,
3944 "set automode for I (%d)/O (%d) in SMTP server",
3948 /* undo change of inchfd */
3949 (void) fcntl(inchfd, F_SETFL, inmode);
3953 ** SKIPWORD -- skip a fixed word.
3956 ** p -- place to start looking.
3957 ** w -- word to skip.
3964 ** clobbers the p data area.
3969 register char *volatile p;
3975 /* find beginning of word */
3979 /* find end of word */
3980 while (*p != '\0' && *p != ':' && !(isascii(*p) && isspace(*p)))
3982 while (isascii(*p) && isspace(*p))
3987 usrerr("501 5.5.2 Syntax error in parameters scanning \"%s\"",
3988 shortenstring(firstp, MAXSHORTSTR));
3997 /* see if the input word matches desired word */
3998 if (sm_strcasecmp(q, w))
4005 ** RESET_MAIL_ESMTP_ARGS -- process ESMTP arguments from MAIL line
4008 ** e -- the envelope.
4015 reset_mail_esmtp_args(e)
4018 /* "size": no reset */
4021 SevenBitInput = SevenBitInput_Saved;
4022 e->e_bodytype = NULL;
4026 macdefine(&e->e_macro, A_PERM, macid("{dsn_envid}"), NULL);
4029 e->e_flags &= EF_RET_PARAM;
4030 e->e_flags &= EF_NO_BODY_RETN;
4031 macdefine(&e->e_macro, A_TEMP, macid("{dsn_ret}"), NULL);
4035 macdefine(&e->e_macro, A_TEMP, macid("{auth_author}"), NULL);
4036 e->e_auth_param = "";
4037 # if _FFR_AUTH_PASSING
4038 macdefine(&BlankEnvelope.e_macro, A_PERM,
4039 macid("{auth_author}"), NULL);
4040 # endif /* _FFR_AUTH_PASSING */
4044 e->e_deliver_by = 0;
4049 ** MAIL_ESMTP_ARGS -- process ESMTP arguments from MAIL line
4052 ** a -- address (unused, for compatibility with rcpt_esmtp_args)
4053 ** kp -- the parameter key.
4054 ** vp -- the value of that parameter.
4055 ** e -- the envelope.
4062 mail_esmtp_args(a, kp, vp, e)
4068 if (sm_strcasecmp(kp, "size") == 0)
4072 usrerr("501 5.5.2 SIZE requires a value");
4075 macdefine(&e->e_macro, A_TEMP, macid("{msg_size}"), vp);
4077 e->e_msgsize = strtol(vp, (char **) NULL, 10);
4078 if (e->e_msgsize == LONG_MAX && errno == ERANGE)
4080 usrerr("552 5.2.3 Message size exceeds maximum value");
4083 if (e->e_msgsize < 0)
4085 usrerr("552 5.2.3 Message size invalid");
4089 else if (sm_strcasecmp(kp, "body") == 0)
4093 usrerr("501 5.5.2 BODY requires a value");
4096 else if (sm_strcasecmp(vp, "8bitmime") == 0)
4098 SevenBitInput = false;
4100 else if (sm_strcasecmp(vp, "7bit") == 0)
4102 SevenBitInput = true;
4106 usrerr("501 5.5.4 Unknown BODY type %s", vp);
4109 e->e_bodytype = sm_rpool_strdup_x(e->e_rpool, vp);
4111 else if (sm_strcasecmp(kp, "envid") == 0)
4113 if (!bitset(SRV_OFFER_DSN, e->e_features))
4115 usrerr("504 5.7.0 Sorry, ENVID not supported, we do not allow DSN");
4120 usrerr("501 5.5.2 ENVID requires a value");
4125 usrerr("501 5.5.4 Syntax error in ENVID parameter value");
4128 if (e->e_envid != NULL)
4130 usrerr("501 5.5.0 Duplicate ENVID parameter");
4133 e->e_envid = sm_rpool_strdup_x(e->e_rpool, vp);
4134 macdefine(&e->e_macro, A_PERM,
4135 macid("{dsn_envid}"), e->e_envid);
4137 else if (sm_strcasecmp(kp, "ret") == 0)
4139 if (!bitset(SRV_OFFER_DSN, e->e_features))
4141 usrerr("504 5.7.0 Sorry, RET not supported, we do not allow DSN");
4146 usrerr("501 5.5.2 RET requires a value");
4149 if (bitset(EF_RET_PARAM, e->e_flags))
4151 usrerr("501 5.5.0 Duplicate RET parameter");
4154 e->e_flags |= EF_RET_PARAM;
4155 if (sm_strcasecmp(vp, "hdrs") == 0)
4156 e->e_flags |= EF_NO_BODY_RETN;
4157 else if (sm_strcasecmp(vp, "full") != 0)
4159 usrerr("501 5.5.2 Bad argument \"%s\" to RET", vp);
4162 macdefine(&e->e_macro, A_TEMP, macid("{dsn_ret}"), vp);
4165 else if (sm_strcasecmp(kp, "auth") == 0)
4169 char *auth_param; /* the value of the AUTH=x */
4170 bool saveQuickAbort = QuickAbort;
4171 bool saveSuprErrs = SuprErrs;
4172 bool saveExitStat = ExitStat;
4176 usrerr("501 5.5.2 AUTH= requires a value");
4179 if (e->e_auth_param != NULL)
4181 usrerr("501 5.5.0 Duplicate AUTH parameter");
4184 if ((q = strchr(vp, ' ')) != NULL)
4187 len = strlen(vp) + 1;
4188 auth_param = xalloc(len);
4189 (void) sm_strlcpy(auth_param, vp, len);
4190 if (!xtextok(auth_param))
4192 usrerr("501 5.5.4 Syntax error in AUTH parameter value");
4193 /* just a warning? */
4197 /* XXX define this always or only if trusted? */
4198 macdefine(&e->e_macro, A_TEMP, macid("{auth_author}"),
4202 ** call Strust_auth to find out whether
4203 ** auth_param is acceptable (trusted)
4204 ** we shouldn't trust it if not authenticated
4205 ** (required by RFC, leave it to ruleset?)
4210 if (strcmp(auth_param, "<>") != 0 &&
4211 (rscheck("trust_auth", auth_param, NULL, e, RSF_RMCOMM,
4212 9, NULL, NOQID, NULL) != EX_OK || Errors > 0))
4216 q = e->e_auth_param;
4217 sm_dprintf("auth=\"%.100s\" not trusted user=\"%.100s\"\n",
4218 auth_param, (q == NULL) ? "" : q);
4222 e->e_auth_param = "<>";
4223 # if _FFR_AUTH_PASSING
4224 macdefine(&BlankEnvelope.e_macro, A_PERM,
4225 macid("{auth_author}"), NULL);
4226 # endif /* _FFR_AUTH_PASSING */
4231 sm_dprintf("auth=\"%.100s\" trusted\n", auth_param);
4232 e->e_auth_param = sm_rpool_strdup_x(e->e_rpool,
4235 sm_free(auth_param); /* XXX */
4239 QuickAbort = saveQuickAbort;
4240 SuprErrs = saveSuprErrs;
4241 ExitStat = saveExitStat;
4244 #define PRTCHAR(c) ((isascii(c) && isprint(c)) ? (c) : '?')
4247 ** "by" is only accepted if DeliverByMin >= 0.
4248 ** We maybe could add this to the list of server_features.
4251 else if (sm_strcasecmp(kp, "by") == 0 && DeliverByMin >= 0)
4257 usrerr("501 5.5.2 BY= requires a value");
4261 e->e_deliver_by = strtol(vp, &s, 10);
4262 if (e->e_deliver_by == LONG_MIN ||
4263 e->e_deliver_by == LONG_MAX ||
4264 e->e_deliver_by > 999999999l ||
4265 e->e_deliver_by < -999999999l)
4267 usrerr("501 5.5.2 BY=%s out of range", vp);
4270 if (s == NULL || *s != ';')
4272 usrerr("501 5.5.2 BY= missing ';'");
4276 ++s; /* XXX: spaces allowed? */
4278 switch (tolower(*s))
4281 e->e_dlvr_flag = DLVR_NOTIFY;
4284 e->e_dlvr_flag = DLVR_RETURN;
4285 if (e->e_deliver_by <= 0)
4287 usrerr("501 5.5.4 mode R requires BY time > 0");
4290 if (DeliverByMin > 0 && e->e_deliver_by > 0 &&
4291 e->e_deliver_by < DeliverByMin)
4293 usrerr("555 5.5.2 time %ld less than %ld",
4294 e->e_deliver_by, (long) DeliverByMin);
4299 usrerr("501 5.5.2 illegal by-mode '%c'", PRTCHAR(*s));
4302 ++s; /* XXX: spaces allowed? */
4304 switch (tolower(*s))
4307 e->e_dlvr_flag |= DLVR_TRACE;
4312 usrerr("501 5.5.2 illegal by-trace '%c'", PRTCHAR(*s));
4316 /* XXX: check whether more characters follow? */
4320 usrerr("555 5.5.4 %s parameter unrecognized", kp);
4326 ** RCPT_ESMTP_ARGS -- process ESMTP arguments from RCPT line
4329 ** a -- the address corresponding to the To: parameter.
4330 ** kp -- the parameter key.
4331 ** vp -- the value of that parameter.
4332 ** e -- the envelope.
4339 rcpt_esmtp_args(a, kp, vp, e)
4345 if (sm_strcasecmp(kp, "notify") == 0)
4349 if (!bitset(SRV_OFFER_DSN, e->e_features))
4351 usrerr("504 5.7.0 Sorry, NOTIFY not supported, we do not allow DSN");
4356 usrerr("501 5.5.2 NOTIFY requires a value");
4359 a->q_flags &= ~(QPINGONSUCCESS|QPINGONFAILURE|QPINGONDELAY);
4360 a->q_flags |= QHASNOTIFY;
4361 macdefine(&e->e_macro, A_TEMP, macid("{dsn_notify}"), vp);
4363 if (sm_strcasecmp(vp, "never") == 0)
4365 for (p = vp; p != NULL; vp = p)
4369 s = p = strchr(p, ',');
4372 if (sm_strcasecmp(vp, "success") == 0)
4373 a->q_flags |= QPINGONSUCCESS;
4374 else if (sm_strcasecmp(vp, "failure") == 0)
4375 a->q_flags |= QPINGONFAILURE;
4376 else if (sm_strcasecmp(vp, "delay") == 0)
4377 a->q_flags |= QPINGONDELAY;
4380 usrerr("501 5.5.4 Bad argument \"%s\" to NOTIFY",
4388 else if (sm_strcasecmp(kp, "orcpt") == 0)
4390 if (!bitset(SRV_OFFER_DSN, e->e_features))
4392 usrerr("504 5.7.0 Sorry, ORCPT not supported, we do not allow DSN");
4397 usrerr("501 5.5.2 ORCPT requires a value");
4400 if (strchr(vp, ';') == NULL || !xtextok(vp))
4402 usrerr("501 5.5.4 Syntax error in ORCPT parameter value");
4405 if (a->q_orcpt != NULL)
4407 usrerr("501 5.5.0 Duplicate ORCPT parameter");
4410 a->q_orcpt = sm_rpool_strdup_x(e->e_rpool, vp);
4414 usrerr("555 5.5.4 %s parameter unrecognized", kp);
4419 ** PRINTVRFYADDR -- print an entry in the verify queue
4422 ** a -- the address to print.
4423 ** last -- set if this is the last one.
4424 ** vrfy -- set if this is a VRFY command.
4430 ** Prints the appropriate 250 codes.
4432 #define OFFF (3 + 1 + 5 + 1) /* offset in fmt: SMTP reply + enh. code */
4435 printvrfyaddr(a, last, vrfy)
4436 register ADDRESS *a;
4442 if (vrfy && a->q_mailer != NULL &&
4443 !bitnset(M_VRFY250, a->q_mailer->m_flags))
4444 (void) sm_strlcpy(fmtbuf, "252", sizeof(fmtbuf));
4446 (void) sm_strlcpy(fmtbuf, "250", sizeof(fmtbuf));
4447 fmtbuf[3] = last ? ' ' : '-';
4448 (void) sm_strlcpy(&fmtbuf[4], "2.1.5 ", sizeof(fmtbuf) - 4);
4449 if (a->q_fullname == NULL)
4451 if ((a->q_mailer == NULL ||
4452 a->q_mailer->m_addrtype == NULL ||
4453 sm_strcasecmp(a->q_mailer->m_addrtype, "rfc822") == 0) &&
4454 strchr(a->q_user, '@') == NULL)
4455 (void) sm_strlcpy(&fmtbuf[OFFF], "<%s@%s>",
4456 sizeof(fmtbuf) - OFFF);
4458 (void) sm_strlcpy(&fmtbuf[OFFF], "<%s>",
4459 sizeof(fmtbuf) - OFFF);
4460 message(fmtbuf, a->q_user, MyHostName);
4464 if ((a->q_mailer == NULL ||
4465 a->q_mailer->m_addrtype == NULL ||
4466 sm_strcasecmp(a->q_mailer->m_addrtype, "rfc822") == 0) &&
4467 strchr(a->q_user, '@') == NULL)
4468 (void) sm_strlcpy(&fmtbuf[OFFF], "%s <%s@%s>",
4469 sizeof(fmtbuf) - OFFF);
4471 (void) sm_strlcpy(&fmtbuf[OFFF], "%s <%s>",
4472 sizeof(fmtbuf) - OFFF);
4473 message(fmtbuf, a->q_fullname, a->q_user, MyHostName);
4479 ** SASLMECHS -- get list of possible AUTH mechanisms
4482 ** conn -- SASL connection info.
4483 ** mechlist -- output parameter for list of mechanisms.
4490 saslmechs(conn, mechlist)
4494 int len, num, result;
4496 /* "user" is currently unused */
4498 result = sasl_listmech(conn, NULL,
4499 "", " ", "", (const char **) mechlist,
4500 (unsigned int *)&len, &num);
4501 # else /* SASL >= 20000 */
4502 result = sasl_listmech(conn, "user", /* XXX */
4503 "", " ", "", mechlist,
4504 (unsigned int *)&len, (unsigned int *)&num);
4505 # endif /* SASL >= 20000 */
4506 if (result != SASL_OK)
4509 sm_syslog(LOG_WARNING, NOQID,
4510 "AUTH error: listmech=%d, num=%d",
4517 sm_syslog(LOG_INFO, NOQID,
4518 "AUTH: available mech=%s, allowed mech=%s",
4519 *mechlist, AuthMechanisms);
4520 *mechlist = intersect(AuthMechanisms, *mechlist, NULL);
4524 *mechlist = NULL; /* be paranoid... */
4525 if (result == SASL_OK && LogLevel > 9)
4526 sm_syslog(LOG_WARNING, NOQID,
4527 "AUTH warning: no mechanisms");
4534 ** PROXY_POLICY -- define proxy policy for AUTH
4538 ** context -- unused.
4539 ** requested_user -- authorization identity.
4540 ** rlen -- authorization identity length.
4541 ** auth_identity -- authentication identity.
4542 ** alen -- authentication identity length.
4543 ** def_realm -- default user realm.
4544 ** urlen -- user realm length.
4545 ** propctx -- unused.
4551 ** sets {auth_authen} macro.
4555 proxy_policy(conn, context, requested_user, rlen, auth_identity, alen,
4556 def_realm, urlen, propctx)
4559 const char *requested_user;
4561 const char *auth_identity;
4563 const char *def_realm;
4565 struct propctx *propctx;
4567 if (auth_identity == NULL)
4570 macdefine(&BlankEnvelope.e_macro, A_TEMP,
4571 macid("{auth_authen}"), (char *) auth_identity);
4575 # else /* SASL >= 20000 */
4578 ** PROXY_POLICY -- define proxy policy for AUTH
4581 ** context -- unused.
4582 ** auth_identity -- authentication identity.
4583 ** requested_user -- authorization identity.
4584 ** user -- allowed user (output).
4585 ** errstr -- possible error string (output).
4592 proxy_policy(context, auth_identity, requested_user, user, errstr)
4594 const char *auth_identity;
4595 const char *requested_user;
4597 const char **errstr;
4599 if (user == NULL || auth_identity == NULL)
4601 *user = newstr(auth_identity);
4604 # endif /* SASL >= 20000 */
4609 ** INITSRVTLS -- initialize server side TLS
4612 ** tls_ok -- should tls initialization be done?
4618 ** sets tls_ok_srv which is a static variable in this module.
4619 ** Do NOT remove assignments to it!
4629 /* do NOT remove assignment */
4630 tls_ok_srv = inittls(&srv_ctx, TLS_Srv_Opts, true, SrvCertFile,
4631 SrvKeyFile, CACertPath, CACertFile, DHParams);
4634 #endif /* STARTTLS */
4636 ** SRVFEATURES -- get features for SMTP server
4639 ** e -- envelope (should be session context).
4640 ** clientname -- name of client.
4641 ** features -- default features for this invocation.
4647 /* table with options: it uses just one character, how about strings? */
4651 unsigned int srvf_flag;
4652 } srv_feat_table[] =
4654 { 'A', SRV_OFFER_AUTH },
4655 { 'B', SRV_OFFER_VERB },
4656 { 'C', SRV_REQ_SEC },
4657 { 'D', SRV_OFFER_DSN },
4658 { 'E', SRV_OFFER_ETRN },
4659 { 'L', SRV_REQ_AUTH },
4662 { 'N', SRV_NO_PIPE },
4663 # endif /* _FFR_NO_PIPE */
4664 { 'P', SRV_OFFER_PIPE },
4665 #endif /* PIPELINING */
4666 { 'R', SRV_VRFY_CLT }, /* same as V; not documented */
4667 { 'S', SRV_OFFER_TLS },
4668 /* { 'T', SRV_TMP_FAIL }, */
4669 { 'V', SRV_VRFY_CLT },
4670 { 'X', SRV_OFFER_EXPN },
4671 /* { 'Y', SRV_OFFER_VRFY }, */
4676 srvfeatures(e, clientname, features)
4679 unsigned int features;
4683 char pvpbuf[PSBUFSIZE];
4686 r = rscap("srv_features", clientname, "", e, &pvp, pvpbuf,
4690 if (pvp == NULL || pvp[0] == NULL || (pvp[0][0] & 0377) != CANONNET)
4692 if (pvp[1] != NULL && sm_strncasecmp(pvp[1], "temp", 4) == 0)
4693 return SRV_TMP_FAIL;
4696 ** General rule (see sendmail.h, d_flags):
4697 ** lower case: required/offered, upper case: Not required/available
4699 ** Since we can change some features per daemon, we have both
4700 ** cases here: turn on/off a feature.
4703 for (i = 1; pvp[i] != NULL; i++)
4709 if ((opt = srv_feat_table[j].srvf_opt) == '\0')
4712 sm_syslog(LOG_WARNING, e->e_id,
4713 "srvfeatures: unknown feature %s",
4719 features &= ~(srv_feat_table[j].srvf_flag);
4722 if (c == tolower(opt))
4724 features |= srv_feat_table[j].srvf_flag;
4734 ** HELP -- implement the HELP command.
4737 ** topic -- the topic we want help for.
4744 ** outputs the help file to message output.
4746 #define HELPVSTR "#vers "
4747 #define HELPVERSION 2
4754 register SM_FILE_T *hf;
4759 long sff = SFF_OPENASROOT|SFF_REGONLY;
4762 static int foundvers = -1;
4763 extern char Version[];
4765 if (DontLockReadFiles)
4767 if (!bitnset(DBS_HELPFILEINUNSAFEDIRPATH, DontBlameSendmail))
4768 sff |= SFF_SAFEDIRPATH;
4770 if (HelpFile == NULL ||
4771 (hf = safefopen(HelpFile, O_RDONLY, 0444, sff)) == NULL)
4775 message("502 5.3.0 Sendmail %s -- HELP not implemented",
4780 if (topic == NULL || *topic == '\0')
4791 len = strlen(topic);
4793 while (sm_io_fgets(hf, SM_TIME_DEFAULT, buf, sizeof(buf)) != NULL)
4797 if (foundvers < 0 &&
4798 strncmp(buf, HELPVSTR, strlen(HELPVSTR)) == 0)
4802 if (sm_io_sscanf(buf + strlen(HELPVSTR), "%d",
4808 if (strncmp(buf, topic, len) == 0)
4814 /* print version if no/old vers# in file */
4815 if (foundvers < 2 && !noinfo)
4816 message("214-2.0.0 This is Sendmail version %s", Version);
4818 p = strpbrk(buf, " \t");
4820 p = buf + strlen(buf) - 1;
4827 int lbs = sizeof(buf) - (p - buf);
4829 lbp = translate_dollars(p, p, &lbs);
4830 expand(lbp, inp, sizeof(inp), e);
4835 message("214-2.0.0 %s", p);
4841 message("504 5.3.0 HELP topic \"%.10s\" unknown", topic);
4843 message("214 2.0.0 End of HELP info");
4845 if (foundvers != 0 && foundvers < HELPVERSION)
4848 sm_syslog(LOG_WARNING, e->e_id,
4849 "%s too old (require version %d)",
4850 HelpFile, HELPVERSION);
4852 /* avoid log next time */
4856 (void) sm_io_close(hf, SM_TIME_DEFAULT);
4861 ** RESET_SASLCONN -- reset SASL connection data
4864 ** conn -- SASL connection context
4865 ** hostname -- host name
4866 ** various connection data
4873 reset_saslconn(sasl_conn_t **conn, char *hostname,
4875 char *remoteip, char *localip,
4876 char *auth_id, sasl_ssf_t * ext_ssf)
4877 # else /* SASL >= 20000 */
4878 struct sockaddr_in *saddr_r, struct sockaddr_in *saddr_l,
4879 sasl_external_properties_t * ext_ssf)
4880 # endif /* SASL >= 20000 */
4886 result = sasl_server_new("smtp", hostname, NULL, NULL, NULL,
4889 /* use empty realm: only works in SASL > 1.5.5 */
4890 result = sasl_server_new("smtp", hostname, "", NULL, 0, conn);
4891 # else /* SASL >= 20000 */
4892 /* use no realm -> realm is set to hostname by SASL lib */
4893 result = sasl_server_new("smtp", hostname, NULL, NULL, 0,
4895 # endif /* SASL >= 20000 */
4896 if (result != SASL_OK)
4900 # if NETINET || NETINET6
4901 if (remoteip != NULL && *remoteip != '\0')
4902 result = sasl_setprop(*conn, SASL_IPREMOTEPORT, remoteip);
4903 if (result != SASL_OK)
4906 if (localip != NULL && *localip != '\0')
4907 result = sasl_setprop(*conn, SASL_IPLOCALPORT, localip);
4908 if (result != SASL_OK)
4910 # endif /* NETINET || NETINET6 */
4912 result = sasl_setprop(*conn, SASL_SSF_EXTERNAL, ext_ssf);
4913 if (result != SASL_OK)
4916 result = sasl_setprop(*conn, SASL_AUTH_EXTERNAL, auth_id);
4917 if (result != SASL_OK)
4919 # else /* SASL >= 20000 */
4921 if (saddr_r != NULL)
4922 result = sasl_setprop(*conn, SASL_IP_REMOTE, saddr_r);
4923 if (result != SASL_OK)
4926 if (saddr_l != NULL)
4927 result = sasl_setprop(*conn, SASL_IP_LOCAL, saddr_l);
4928 if (result != SASL_OK)
4930 # endif /* NETINET */
4932 result = sasl_setprop(*conn, SASL_SSF_EXTERNAL, ext_ssf);
4933 if (result != SASL_OK)
4935 # endif /* SASL >= 20000 */