1/* $NetBSD: smtp.c,v 1.5 2012/06/09 11:32:20 tron Exp $ */ 2 3/*++ 4/* NAME 5/* smtp 8 6/* SUMMARY 7/* Postfix SMTP+LMTP client 8/* SYNOPSIS 9/* \fBsmtp\fR [generic Postfix daemon options] 10/* DESCRIPTION 11/* The Postfix SMTP+LMTP client implements the SMTP and LMTP mail 12/* delivery protocols. It processes message delivery requests from 13/* the queue manager. Each request specifies a queue file, a sender 14/* address, a domain or host to deliver to, and recipient information. 15/* This program expects to be run from the \fBmaster\fR(8) process 16/* manager. 17/* 18/* The SMTP+LMTP client updates the queue file and marks recipients 19/* as finished, or it informs the queue manager that delivery should 20/* be tried again at a later time. Delivery status reports are sent 21/* to the \fBbounce\fR(8), \fBdefer\fR(8) or \fBtrace\fR(8) daemon as 22/* appropriate. 23/* 24/* The SMTP+LMTP client looks up a list of mail exchanger addresses for 25/* the destination host, sorts the list by preference, and connects 26/* to each listed address until it finds a server that responds. 27/* 28/* When a server is not reachable, or when mail delivery fails due 29/* to a recoverable error condition, the SMTP+LMTP client will try to 30/* deliver the mail to an alternate host. 31/* 32/* After a successful mail transaction, a connection may be saved 33/* to the \fBscache\fR(8) connection cache server, so that it 34/* may be used by any SMTP+LMTP client for a subsequent transaction. 35/* 36/* By default, connection caching is enabled temporarily for 37/* destinations that have a high volume of mail in the active 38/* queue. Connection caching can be enabled permanently for 39/* specific destinations. 40/* SMTP DESTINATION SYNTAX 41/* .ad 42/* .fi 43/* SMTP destinations have the following form: 44/* .IP \fIdomainname\fR 45/* .IP \fIdomainname\fR:\fIport\fR 46/* Look up the mail exchangers for the specified domain, and 47/* connect to the specified port (default: \fBsmtp\fR). 48/* .IP [\fIhostname\fR] 49/* .IP [\fIhostname\fR]:\fIport\fR 50/* Look up the address(es) of the specified host, and connect to 51/* the specified port (default: \fBsmtp\fR). 52/* .IP [\fIaddress\fR] 53/* .IP [\fIaddress\fR]:\fIport\fR 54/* Connect to the host at the specified address, and connect 55/* to the specified port (default: \fBsmtp\fR). An IPv6 address 56/* must be formatted as [\fBipv6\fR:\fIaddress\fR]. 57/* LMTP DESTINATION SYNTAX 58/* .ad 59/* .fi 60/* LMTP destinations have the following form: 61/* .IP \fBunix\fR:\fIpathname\fR 62/* Connect to the local UNIX-domain server that is bound to the specified 63/* \fIpathname\fR. If the process runs chrooted, an absolute pathname 64/* is interpreted relative to the Postfix queue directory. 65/* .IP \fBinet\fR:\fIhostname\fR 66/* .IP \fBinet\fB:\fIhostname\fR:\fIport\fR 67/* .IP \fBinet\fR:[\fIaddress\fR] 68/* .IP \fBinet\fR:[\fIaddress\fR]:\fIport\fR 69/* Connect to the specified TCP port on the specified local or 70/* remote host. If no port is specified, connect to the port defined as 71/* \fBlmtp\fR in \fBservices\fR(4). 72/* If no such service is found, the \fBlmtp_tcp_port\fR configuration 73/* parameter (default value of 24) will be used. 74/* An IPv6 address must be formatted as [\fBipv6\fR:\fIaddress\fR]. 75/* .PP 76/* SECURITY 77/* .ad 78/* .fi 79/* The SMTP+LMTP client is moderately security-sensitive. It 80/* talks to SMTP or LMTP servers and to DNS servers on the 81/* network. The SMTP+LMTP client can be run chrooted at fixed 82/* low privilege. 83/* STANDARDS 84/* RFC 821 (SMTP protocol) 85/* RFC 822 (ARPA Internet Text Messages) 86/* RFC 1651 (SMTP service extensions) 87/* RFC 1652 (8bit-MIME transport) 88/* RFC 1870 (Message Size Declaration) 89/* RFC 2033 (LMTP protocol) 90/* RFC 2034 (SMTP Enhanced Error Codes) 91/* RFC 2045 (MIME: Format of Internet Message Bodies) 92/* RFC 2046 (MIME: Media Types) 93/* RFC 2554 (AUTH command) 94/* RFC 2821 (SMTP protocol) 95/* RFC 2920 (SMTP Pipelining) 96/* RFC 3207 (STARTTLS command) 97/* RFC 3461 (SMTP DSN Extension) 98/* RFC 3463 (Enhanced Status Codes) 99/* RFC 4954 (AUTH command) 100/* DIAGNOSTICS 101/* Problems and transactions are logged to \fBsyslogd\fR(8). 102/* Corrupted message files are marked so that the queue manager can 103/* move them to the \fBcorrupt\fR queue for further inspection. 104/* 105/* Depending on the setting of the \fBnotify_classes\fR parameter, 106/* the postmaster is notified of bounces, protocol problems, and of 107/* other trouble. 108/* BUGS 109/* SMTP and LMTP connection caching does not work with TLS. The necessary 110/* support for TLS object passivation and re-activation does not 111/* exist without closing the session, which defeats the purpose. 112/* 113/* SMTP and LMTP connection caching assumes that SASL credentials 114/* are valid for all destinations that map onto the same IP 115/* address and TCP port. 116/* CONFIGURATION PARAMETERS 117/* .ad 118/* .fi 119/* Before Postfix version 2.3, the LMTP client is a separate 120/* program that implements only a subset of the functionality 121/* available with SMTP: there is no support for TLS, and 122/* connections are cached in-process, making it ineffective 123/* when the client is used for multiple domains. 124/* 125/* Most smtp_\fIxxx\fR configuration parameters have an 126/* lmtp_\fIxxx\fR "mirror" parameter for the equivalent LMTP 127/* feature. This document describes only those LMTP-related 128/* parameters that aren't simply "mirror" parameters. 129/* 130/* Changes to \fBmain.cf\fR are picked up automatically, as \fBsmtp\fR(8) 131/* processes run for only a limited amount of time. Use the command 132/* "\fBpostfix reload\fR" to speed up a change. 133/* 134/* The text below provides only a parameter summary. See 135/* \fBpostconf\fR(5) for more details including examples. 136/* COMPATIBILITY CONTROLS 137/* .ad 138/* .fi 139/* .IP "\fBignore_mx_lookup_error (no)\fR" 140/* Ignore DNS MX lookups that produce no response. 141/* .IP "\fBsmtp_always_send_ehlo (yes)\fR" 142/* Always send EHLO at the start of an SMTP session. 143/* .IP "\fBsmtp_never_send_ehlo (no)\fR" 144/* Never send EHLO at the start of an SMTP session. 145/* .IP "\fBsmtp_defer_if_no_mx_address_found (no)\fR" 146/* Defer mail delivery when no MX record resolves to an IP address. 147/* .IP "\fBsmtp_line_length_limit (990)\fR" 148/* The maximal length of message header and body lines that Postfix 149/* will send via SMTP. 150/* .IP "\fBsmtp_pix_workaround_delay_time (10s)\fR" 151/* How long the Postfix SMTP client pauses before sending 152/* ".<CR><LF>" in order to work around the PIX firewall 153/* "<CR><LF>.<CR><LF>" bug. 154/* .IP "\fBsmtp_pix_workaround_threshold_time (500s)\fR" 155/* How long a message must be queued before the Postfix SMTP client 156/* turns on the PIX firewall "<CR><LF>.<CR><LF>" 157/* bug workaround for delivery through firewalls with "smtp fixup" 158/* mode turned on. 159/* .IP "\fBsmtp_pix_workarounds (disable_esmtp, delay_dotcrlf)\fR" 160/* A list that specifies zero or more workarounds for CISCO PIX 161/* firewall bugs. 162/* .IP "\fBsmtp_pix_workaround_maps (empty)\fR" 163/* Lookup tables, indexed by the remote SMTP server address, with 164/* per-destination workarounds for CISCO PIX firewall bugs. 165/* .IP "\fBsmtp_quote_rfc821_envelope (yes)\fR" 166/* Quote addresses in SMTP MAIL FROM and RCPT TO commands as required 167/* by RFC 2821. 168/* .IP "\fBsmtp_reply_filter (empty)\fR" 169/* A mechanism to transform replies from remote SMTP servers one 170/* line at a time. 171/* .IP "\fBsmtp_skip_5xx_greeting (yes)\fR" 172/* Skip SMTP servers that greet with a 5XX status code (go away, do 173/* not try again later). 174/* .IP "\fBsmtp_skip_quit_response (yes)\fR" 175/* Do not wait for the response to the SMTP QUIT command. 176/* .PP 177/* Available in Postfix version 2.0 and earlier: 178/* .IP "\fBsmtp_skip_4xx_greeting (yes)\fR" 179/* Skip SMTP servers that greet with a 4XX status code (go away, try 180/* again later). 181/* .PP 182/* Available in Postfix version 2.2 and later: 183/* .IP "\fBsmtp_discard_ehlo_keyword_address_maps (empty)\fR" 184/* Lookup tables, indexed by the remote SMTP server address, with 185/* case insensitive lists of EHLO keywords (pipelining, starttls, auth, 186/* etc.) that the Postfix SMTP client will ignore in the EHLO response from a 187/* remote SMTP server. 188/* .IP "\fBsmtp_discard_ehlo_keywords (empty)\fR" 189/* A case insensitive list of EHLO keywords (pipelining, starttls, 190/* auth, etc.) that the Postfix SMTP client will ignore in the EHLO 191/* response from a remote SMTP server. 192/* .IP "\fBsmtp_generic_maps (empty)\fR" 193/* Optional lookup tables that perform address rewriting in the 194/* SMTP client, typically to transform a locally valid address into 195/* a globally valid address when sending mail across the Internet. 196/* .PP 197/* Available in Postfix version 2.2.9 and later: 198/* .IP "\fBsmtp_cname_overrides_servername (version dependent)\fR" 199/* Allow DNS CNAME records to override the servername that the 200/* Postfix SMTP client uses for logging, SASL password lookup, TLS 201/* policy decisions, or TLS certificate verification. 202/* .PP 203/* Available in Postfix version 2.3 and later: 204/* .IP "\fBlmtp_discard_lhlo_keyword_address_maps (empty)\fR" 205/* Lookup tables, indexed by the remote LMTP server address, with 206/* case insensitive lists of LHLO keywords (pipelining, starttls, 207/* auth, etc.) that the LMTP client will ignore in the LHLO response 208/* from a remote LMTP server. 209/* .IP "\fBlmtp_discard_lhlo_keywords (empty)\fR" 210/* A case insensitive list of LHLO keywords (pipelining, starttls, 211/* auth, etc.) that the LMTP client will ignore in the LHLO response 212/* from a remote LMTP server. 213/* .PP 214/* Available in Postfix version 2.4.4 and later: 215/* .IP "\fBsend_cyrus_sasl_authzid (no)\fR" 216/* When authenticating to a remote SMTP or LMTP server with the 217/* default setting "no", send no SASL authoriZation ID (authzid); send 218/* only the SASL authentiCation ID (authcid) plus the authcid's password. 219/* .PP 220/* Available in Postfix version 2.5 and later: 221/* .IP "\fBsmtp_header_checks (empty)\fR" 222/* Restricted \fBheader_checks\fR(5) tables for the Postfix SMTP client. 223/* .IP "\fBsmtp_mime_header_checks (empty)\fR" 224/* Restricted \fBmime_header_checks\fR(5) tables for the Postfix SMTP 225/* client. 226/* .IP "\fBsmtp_nested_header_checks (empty)\fR" 227/* Restricted \fBnested_header_checks\fR(5) tables for the Postfix SMTP 228/* client. 229/* .IP "\fBsmtp_body_checks (empty)\fR" 230/* Restricted \fBbody_checks\fR(5) tables for the Postfix SMTP client. 231/* .PP 232/* Available in Postfix version 2.6 and later: 233/* .IP "\fBtcp_windowsize (0)\fR" 234/* An optional workaround for routers that break TCP window scaling. 235/* .PP 236/* Available in Postfix version 2.8 and later: 237/* .IP "\fBsmtp_dns_resolver_options (empty)\fR" 238/* DNS Resolver options for the Postfix SMTP client. 239/* MIME PROCESSING CONTROLS 240/* .ad 241/* .fi 242/* Available in Postfix version 2.0 and later: 243/* .IP "\fBdisable_mime_output_conversion (no)\fR" 244/* Disable the conversion of 8BITMIME format to 7BIT format. 245/* .IP "\fBmime_boundary_length_limit (2048)\fR" 246/* The maximal length of MIME multipart boundary strings. 247/* .IP "\fBmime_nesting_limit (100)\fR" 248/* The maximal recursion level that the MIME processor will handle. 249/* EXTERNAL CONTENT INSPECTION CONTROLS 250/* .ad 251/* .fi 252/* Available in Postfix version 2.1 and later: 253/* .IP "\fBsmtp_send_xforward_command (no)\fR" 254/* Send the non-standard XFORWARD command when the Postfix SMTP server 255/* EHLO response announces XFORWARD support. 256/* SASL AUTHENTICATION CONTROLS 257/* .ad 258/* .fi 259/* .IP "\fBsmtp_sasl_auth_enable (no)\fR" 260/* Enable SASL authentication in the Postfix SMTP client. 261/* .IP "\fBsmtp_sasl_password_maps (empty)\fR" 262/* Optional SMTP client lookup tables with one username:password entry 263/* per remote hostname or domain, or sender address when sender-dependent 264/* authentication is enabled. 265/* .IP "\fBsmtp_sasl_security_options (noplaintext, noanonymous)\fR" 266/* Postfix SMTP client SASL security options; as of Postfix 2.3 267/* the list of available 268/* features depends on the SASL client implementation that is selected 269/* with \fBsmtp_sasl_type\fR. 270/* .PP 271/* Available in Postfix version 2.2 and later: 272/* .IP "\fBsmtp_sasl_mechanism_filter (empty)\fR" 273/* If non-empty, a Postfix SMTP client filter for the remote SMTP 274/* server's list of offered SASL mechanisms. 275/* .PP 276/* Available in Postfix version 2.3 and later: 277/* .IP "\fBsmtp_sender_dependent_authentication (no)\fR" 278/* Enable sender-dependent authentication in the Postfix SMTP client; this is 279/* available only with SASL authentication, and disables SMTP connection 280/* caching to ensure that mail from different senders will use the 281/* appropriate credentials. 282/* .IP "\fBsmtp_sasl_path (empty)\fR" 283/* Implementation-specific information that the Postfix SMTP client 284/* passes through to 285/* the SASL plug-in implementation that is selected with 286/* \fBsmtp_sasl_type\fR. 287/* .IP "\fBsmtp_sasl_type (cyrus)\fR" 288/* The SASL plug-in type that the Postfix SMTP client should use 289/* for authentication. 290/* .PP 291/* Available in Postfix version 2.5 and later: 292/* .IP "\fBsmtp_sasl_auth_cache_name (empty)\fR" 293/* An optional table to prevent repeated SASL authentication 294/* failures with the same remote SMTP server hostname, username and 295/* password. 296/* .IP "\fBsmtp_sasl_auth_cache_time (90d)\fR" 297/* The maximal age of an smtp_sasl_auth_cache_name entry before it 298/* is removed. 299/* .IP "\fBsmtp_sasl_auth_soft_bounce (yes)\fR" 300/* When a remote SMTP server rejects a SASL authentication request 301/* with a 535 reply code, defer mail delivery instead of returning 302/* mail as undeliverable. 303/* STARTTLS SUPPORT CONTROLS 304/* .ad 305/* .fi 306/* Detailed information about STARTTLS configuration may be found 307/* in the TLS_README document. 308/* .IP "\fBsmtp_tls_security_level (empty)\fR" 309/* The default SMTP TLS security level for the Postfix SMTP client; 310/* when a non-empty value is specified, this overrides the obsolete 311/* parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername. 312/* .IP "\fBsmtp_sasl_tls_security_options ($smtp_sasl_security_options)\fR" 313/* The SASL authentication security options that the Postfix SMTP 314/* client uses for TLS encrypted SMTP sessions. 315/* .IP "\fBsmtp_starttls_timeout (300s)\fR" 316/* Time limit for Postfix SMTP client write and read operations 317/* during TLS startup and shutdown handshake procedures. 318/* .IP "\fBsmtp_tls_CAfile (empty)\fR" 319/* A file containing CA certificates of root CAs trusted to sign 320/* either remote SMTP server certificates or intermediate CA certificates. 321/* .IP "\fBsmtp_tls_CApath (empty)\fR" 322/* Directory with PEM format certificate authority certificates 323/* that the Postfix SMTP client uses to verify a remote SMTP server 324/* certificate. 325/* .IP "\fBsmtp_tls_cert_file (empty)\fR" 326/* File with the Postfix SMTP client RSA certificate in PEM format. 327/* .IP "\fBsmtp_tls_mandatory_ciphers (medium)\fR" 328/* The minimum TLS cipher grade that the Postfix SMTP client will 329/* use with 330/* mandatory TLS encryption. 331/* .IP "\fBsmtp_tls_exclude_ciphers (empty)\fR" 332/* List of ciphers or cipher types to exclude from the Postfix 333/* SMTP client cipher 334/* list at all TLS security levels. 335/* .IP "\fBsmtp_tls_mandatory_exclude_ciphers (empty)\fR" 336/* Additional list of ciphers or cipher types to exclude from the 337/* SMTP client cipher list at mandatory TLS security levels. 338/* .IP "\fBsmtp_tls_dcert_file (empty)\fR" 339/* File with the Postfix SMTP client DSA certificate in PEM format. 340/* .IP "\fBsmtp_tls_dkey_file ($smtp_tls_dcert_file)\fR" 341/* File with the Postfix SMTP client DSA private key in PEM format. 342/* .IP "\fBsmtp_tls_key_file ($smtp_tls_cert_file)\fR" 343/* File with the Postfix SMTP client RSA private key in PEM format. 344/* .IP "\fBsmtp_tls_loglevel (0)\fR" 345/* Enable additional Postfix SMTP client logging of TLS activity. 346/* .IP "\fBsmtp_tls_note_starttls_offer (no)\fR" 347/* Log the hostname of a remote SMTP server that offers STARTTLS, 348/* when TLS is not already enabled for that server. 349/* .IP "\fBsmtp_tls_policy_maps (empty)\fR" 350/* Optional lookup tables with the Postfix SMTP client TLS security 351/* policy by next-hop destination; when a non-empty value is specified, 352/* this overrides the obsolete smtp_tls_per_site parameter. 353/* .IP "\fBsmtp_tls_mandatory_protocols (!SSLv2)\fR" 354/* List of SSL/TLS protocols that the Postfix SMTP client will use with 355/* mandatory TLS encryption. 356/* .IP "\fBsmtp_tls_scert_verifydepth (9)\fR" 357/* The verification depth for remote SMTP server certificates. 358/* .IP "\fBsmtp_tls_secure_cert_match (nexthop, dot-nexthop)\fR" 359/* The server certificate peername verification method for the 360/* "secure" TLS security level. 361/* .IP "\fBsmtp_tls_session_cache_database (empty)\fR" 362/* Name of the file containing the optional Postfix SMTP client 363/* TLS session cache. 364/* .IP "\fBsmtp_tls_session_cache_timeout (3600s)\fR" 365/* The expiration time of Postfix SMTP client TLS session cache 366/* information. 367/* .IP "\fBsmtp_tls_verify_cert_match (hostname)\fR" 368/* The server certificate peername verification method for the 369/* "verify" TLS security level. 370/* .IP "\fBtls_daemon_random_bytes (32)\fR" 371/* The number of pseudo-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8) 372/* process requests from the \fBtlsmgr\fR(8) server in order to seed its 373/* internal pseudo random number generator (PRNG). 374/* .IP "\fBtls_high_cipherlist (ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH)\fR" 375/* The OpenSSL cipherlist for "HIGH" grade ciphers. 376/* .IP "\fBtls_medium_cipherlist (ALL:!EXPORT:!LOW:+RC4:@STRENGTH)\fR" 377/* The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers. 378/* .IP "\fBtls_low_cipherlist (ALL:!EXPORT:+RC4:@STRENGTH)\fR" 379/* The OpenSSL cipherlist for "LOW" or higher grade ciphers. 380/* .IP "\fBtls_export_cipherlist (ALL:+RC4:@STRENGTH)\fR" 381/* The OpenSSL cipherlist for "EXPORT" or higher grade ciphers. 382/* .IP "\fBtls_null_cipherlist (eNULL:!aNULL)\fR" 383/* The OpenSSL cipherlist for "NULL" grade ciphers that provide 384/* authentication without encryption. 385/* .PP 386/* Available in Postfix version 2.4 and later: 387/* .IP "\fBsmtp_sasl_tls_verified_security_options ($smtp_sasl_tls_security_options)\fR" 388/* The SASL authentication security options that the Postfix SMTP 389/* client uses for TLS encrypted SMTP sessions with a verified server 390/* certificate. 391/* .PP 392/* Available in Postfix version 2.5 and later: 393/* .IP "\fBsmtp_tls_fingerprint_cert_match (empty)\fR" 394/* List of acceptable remote SMTP server certificate fingerprints 395/* for the "fingerprint" TLS security level (\fBsmtp_tls_security_level\fR = 396/* fingerprint). 397/* .IP "\fBsmtp_tls_fingerprint_digest (md5)\fR" 398/* The message digest algorithm used to construct remote SMTP server 399/* certificate fingerprints. 400/* .PP 401/* Available in Postfix version 2.6 and later: 402/* .IP "\fBsmtp_tls_protocols (!SSLv2)\fR" 403/* List of TLS protocols that the Postfix SMTP client will exclude or 404/* include with opportunistic TLS encryption. 405/* .IP "\fBsmtp_tls_ciphers (export)\fR" 406/* The minimum TLS cipher grade that the Postfix SMTP client 407/* will use with opportunistic TLS encryption. 408/* .IP "\fBsmtp_tls_eccert_file (empty)\fR" 409/* File with the Postfix SMTP client ECDSA certificate in PEM format. 410/* .IP "\fBsmtp_tls_eckey_file ($smtp_tls_eccert_file)\fR" 411/* File with the Postfix SMTP client ECDSA private key in PEM format. 412/* .PP 413/* Available in Postfix version 2.7 and later: 414/* .IP "\fBsmtp_tls_block_early_mail_reply (no)\fR" 415/* Try to detect a mail hijacking attack based on a TLS protocol 416/* vulnerability (CVE-2009-3555), where an attacker prepends malicious 417/* HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client TLS session. 418/* .PP 419/* Available in Postfix version 2.8 and later: 420/* .IP "\fBtls_disable_workarounds (see 'postconf -d' output)\fR" 421/* List or bit-mask of OpenSSL bug work-arounds to disable. 422/* OBSOLETE STARTTLS CONTROLS 423/* .ad 424/* .fi 425/* The following configuration parameters exist for compatibility 426/* with Postfix versions before 2.3. Support for these will 427/* be removed in a future release. 428/* .IP "\fBsmtp_use_tls (no)\fR" 429/* Opportunistic mode: use TLS when a remote SMTP server announces 430/* STARTTLS support, otherwise send the mail in the clear. 431/* .IP "\fBsmtp_enforce_tls (no)\fR" 432/* Enforcement mode: require that remote SMTP servers use TLS 433/* encryption, and never send mail in the clear. 434/* .IP "\fBsmtp_tls_enforce_peername (yes)\fR" 435/* With mandatory TLS encryption, require that the remote SMTP 436/* server hostname matches the information in the remote SMTP server 437/* certificate. 438/* .IP "\fBsmtp_tls_per_site (empty)\fR" 439/* Optional lookup tables with the Postfix SMTP client TLS usage 440/* policy by next-hop destination and by remote SMTP server hostname. 441/* .IP "\fBsmtp_tls_cipherlist (empty)\fR" 442/* Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS 443/* cipher list. 444/* RESOURCE AND RATE CONTROLS 445/* .ad 446/* .fi 447/* .IP "\fBsmtp_destination_concurrency_limit ($default_destination_concurrency_limit)\fR" 448/* The maximal number of parallel deliveries to the same destination 449/* via the smtp message delivery transport. 450/* .IP "\fBsmtp_destination_recipient_limit ($default_destination_recipient_limit)\fR" 451/* The maximal number of recipients per message for the smtp 452/* message delivery transport. 453/* .IP "\fBsmtp_connect_timeout (30s)\fR" 454/* The SMTP client time limit for completing a TCP connection, or 455/* zero (use the operating system built-in time limit). 456/* .IP "\fBsmtp_helo_timeout (300s)\fR" 457/* The SMTP client time limit for sending the HELO or EHLO command, 458/* and for receiving the initial server response. 459/* .IP "\fBlmtp_lhlo_timeout (300s)\fR" 460/* The LMTP client time limit for sending the LHLO command, and 461/* for receiving the initial server response. 462/* .IP "\fBsmtp_xforward_timeout (300s)\fR" 463/* The SMTP client time limit for sending the XFORWARD command, and 464/* for receiving the server response. 465/* .IP "\fBsmtp_mail_timeout (300s)\fR" 466/* The SMTP client time limit for sending the MAIL FROM command, and 467/* for receiving the server response. 468/* .IP "\fBsmtp_rcpt_timeout (300s)\fR" 469/* The SMTP client time limit for sending the SMTP RCPT TO command, and 470/* for receiving the server response. 471/* .IP "\fBsmtp_data_init_timeout (120s)\fR" 472/* The SMTP client time limit for sending the SMTP DATA command, and for 473/* receiving the server response. 474/* .IP "\fBsmtp_data_xfer_timeout (180s)\fR" 475/* The SMTP client time limit for sending the SMTP message content. 476/* .IP "\fBsmtp_data_done_timeout (600s)\fR" 477/* The SMTP client time limit for sending the SMTP ".", and for receiving 478/* the server response. 479/* .IP "\fBsmtp_quit_timeout (300s)\fR" 480/* The SMTP client time limit for sending the QUIT command, and for 481/* receiving the server response. 482/* .PP 483/* Available in Postfix version 2.1 and later: 484/* .IP "\fBsmtp_mx_address_limit (5)\fR" 485/* The maximal number of MX (mail exchanger) IP addresses that can 486/* result from mail exchanger lookups, or zero (no limit). 487/* .IP "\fBsmtp_mx_session_limit (2)\fR" 488/* The maximal number of SMTP sessions per delivery request before 489/* giving up or delivering to a fall-back relay host, or zero (no 490/* limit). 491/* .IP "\fBsmtp_rset_timeout (20s)\fR" 492/* The SMTP client time limit for sending the RSET command, and 493/* for receiving the server response. 494/* .PP 495/* Available in Postfix version 2.2 and earlier: 496/* .IP "\fBlmtp_cache_connection (yes)\fR" 497/* Keep Postfix LMTP client connections open for up to $max_idle 498/* seconds. 499/* .PP 500/* Available in Postfix version 2.2 and later: 501/* .IP "\fBsmtp_connection_cache_destinations (empty)\fR" 502/* Permanently enable SMTP connection caching for the specified 503/* destinations. 504/* .IP "\fBsmtp_connection_cache_on_demand (yes)\fR" 505/* Temporarily enable SMTP connection caching while a destination 506/* has a high volume of mail in the active queue. 507/* .IP "\fBsmtp_connection_reuse_time_limit (300s)\fR" 508/* The amount of time during which Postfix will use an SMTP 509/* connection repeatedly. 510/* .IP "\fBsmtp_connection_cache_time_limit (2s)\fR" 511/* When SMTP connection caching is enabled, the amount of time that 512/* an unused SMTP client socket is kept open before it is closed. 513/* .PP 514/* Available in Postfix version 2.3 and later: 515/* .IP "\fBconnection_cache_protocol_timeout (5s)\fR" 516/* Time limit for connection cache connect, send or receive 517/* operations. 518/* TROUBLE SHOOTING CONTROLS 519/* .ad 520/* .fi 521/* .IP "\fBdebug_peer_level (2)\fR" 522/* The increment in verbose logging level when a remote client or 523/* server matches a pattern in the debug_peer_list parameter. 524/* .IP "\fBdebug_peer_list (empty)\fR" 525/* Optional list of remote client or server hostname or network 526/* address patterns that cause the verbose logging level to increase 527/* by the amount specified in $debug_peer_level. 528/* .IP "\fBerror_notice_recipient (postmaster)\fR" 529/* The recipient of postmaster notifications about mail delivery 530/* problems that are caused by policy, resource, software or protocol 531/* errors. 532/* .IP "\fBinternal_mail_filter_classes (empty)\fR" 533/* What categories of Postfix-generated mail are subject to 534/* before-queue content inspection by non_smtpd_milters, header_checks 535/* and body_checks. 536/* .IP "\fBnotify_classes (resource, software)\fR" 537/* The list of error classes that are reported to the postmaster. 538/* MISCELLANEOUS CONTROLS 539/* .ad 540/* .fi 541/* .IP "\fBbest_mx_transport (empty)\fR" 542/* Where the Postfix SMTP client should deliver mail when it detects 543/* a "mail loops back to myself" error condition. 544/* .IP "\fBconfig_directory (see 'postconf -d' output)\fR" 545/* The default location of the Postfix main.cf and master.cf 546/* configuration files. 547/* .IP "\fBdaemon_timeout (18000s)\fR" 548/* How much time a Postfix daemon process may take to handle a 549/* request before it is terminated by a built-in watchdog timer. 550/* .IP "\fBdelay_logging_resolution_limit (2)\fR" 551/* The maximal number of digits after the decimal point when logging 552/* sub-second delay values. 553/* .IP "\fBdisable_dns_lookups (no)\fR" 554/* Disable DNS lookups in the Postfix SMTP and LMTP clients. 555/* .IP "\fBinet_interfaces (all)\fR" 556/* The network interface addresses that this mail system receives 557/* mail on. 558/* .IP "\fBinet_protocols (ipv4)\fR" 559/* The Internet protocols Postfix will attempt to use when making 560/* or accepting connections. 561/* .IP "\fBipc_timeout (3600s)\fR" 562/* The time limit for sending or receiving information over an internal 563/* communication channel. 564/* .IP "\fBlmtp_assume_final (no)\fR" 565/* When an LMTP server announces no DSN support, assume that the 566/* server performs final delivery, and send "delivered" delivery status 567/* notifications instead of "relayed". 568/* .IP "\fBlmtp_tcp_port (24)\fR" 569/* The default TCP port that the Postfix LMTP client connects to. 570/* .IP "\fBmax_idle (100s)\fR" 571/* The maximum amount of time that an idle Postfix daemon process waits 572/* for an incoming connection before terminating voluntarily. 573/* .IP "\fBmax_use (100)\fR" 574/* The maximal number of incoming connections that a Postfix daemon 575/* process will service before terminating voluntarily. 576/* .IP "\fBprocess_id (read-only)\fR" 577/* The process ID of a Postfix command or daemon process. 578/* .IP "\fBprocess_name (read-only)\fR" 579/* The process name of a Postfix command or daemon process. 580/* .IP "\fBproxy_interfaces (empty)\fR" 581/* The network interface addresses that this mail system receives mail 582/* on by way of a proxy or network address translation unit. 583/* .IP "\fBsmtp_address_preference (ipv6)\fR" 584/* The address type ("ipv6", "ipv4" or "any") that the Postfix 585/* SMTP client will try first, when a destination has IPv6 and IPv4 586/* addresses with equal MX preference. 587/* .IP "\fBsmtp_bind_address (empty)\fR" 588/* An optional numerical network address that the Postfix SMTP client 589/* should bind to when making an IPv4 connection. 590/* .IP "\fBsmtp_bind_address6 (empty)\fR" 591/* An optional numerical network address that the Postfix SMTP client 592/* should bind to when making an IPv6 connection. 593/* .IP "\fBsmtp_helo_name ($myhostname)\fR" 594/* The hostname to send in the SMTP EHLO or HELO command. 595/* .IP "\fBlmtp_lhlo_name ($myhostname)\fR" 596/* The hostname to send in the LMTP LHLO command. 597/* .IP "\fBsmtp_host_lookup (dns)\fR" 598/* What mechanisms the Postfix SMTP client uses to look up a host's IP 599/* address. 600/* .IP "\fBsmtp_randomize_addresses (yes)\fR" 601/* Randomize the order of equal-preference MX host addresses. 602/* .IP "\fBsyslog_facility (mail)\fR" 603/* The syslog facility of Postfix logging. 604/* .IP "\fBsyslog_name (see 'postconf -d' output)\fR" 605/* The mail system name that is prepended to the process name in syslog 606/* records, so that "smtpd" becomes, for example, "postfix/smtpd". 607/* .PP 608/* Available with Postfix 2.2 and earlier: 609/* .IP "\fBfallback_relay (empty)\fR" 610/* Optional list of relay hosts for SMTP destinations that can't be 611/* found or that are unreachable. 612/* .PP 613/* Available with Postfix 2.3 and later: 614/* .IP "\fBsmtp_fallback_relay ($fallback_relay)\fR" 615/* Optional list of relay hosts for SMTP destinations that can't be 616/* found or that are unreachable. 617/* SEE ALSO 618/* generic(5), output address rewriting 619/* header_checks(5), message header content inspection 620/* body_checks(5), body parts content inspection 621/* qmgr(8), queue manager 622/* bounce(8), delivery status reports 623/* scache(8), connection cache server 624/* postconf(5), configuration parameters 625/* master(5), generic daemon options 626/* master(8), process manager 627/* tlsmgr(8), TLS session and PRNG management 628/* syslogd(8), system logging 629/* README FILES 630/* .ad 631/* .fi 632/* Use "\fBpostconf readme_directory\fR" or 633/* "\fBpostconf html_directory\fR" to locate this information. 634/* .na 635/* .nf 636/* SASL_README, Postfix SASL howto 637/* TLS_README, Postfix STARTTLS howto 638/* LICENSE 639/* .ad 640/* .fi 641/* The Secure Mailer license must be distributed with this software. 642/* AUTHOR(S) 643/* Wietse Venema 644/* IBM T.J. Watson Research 645/* P.O. Box 704 646/* Yorktown Heights, NY 10598, USA 647/* 648/* Command pipelining in cooperation with: 649/* Jon Ribbens 650/* Oaktree Internet Solutions Ltd., 651/* Internet House, 652/* Canal Basin, 653/* Coventry, 654/* CV1 4LY, United Kingdom. 655/* 656/* SASL support originally by: 657/* Till Franke 658/* SuSE Rhein/Main AG 659/* 65760 Eschborn, Germany 660/* 661/* TLS support originally by: 662/* Lutz Jaenicke 663/* BTU Cottbus 664/* Allgemeine Elektrotechnik 665/* Universitaetsplatz 3-4 666/* D-03044 Cottbus, Germany 667/* 668/* Revised TLS and SMTP connection cache support by: 669/* Victor Duchovni 670/* Morgan Stanley 671/*--*/ 672 673/* System library. */ 674 675#include <sys_defs.h> 676#include <unistd.h> 677#include <stdlib.h> 678#include <string.h> 679#include <fcntl.h> 680#include <dict.h> 681#include <stringops.h> 682 683/* Utility library. */ 684 685#include <msg.h> 686#include <mymalloc.h> 687#include <name_mask.h> 688#include <name_code.h> 689 690/* Global library. */ 691 692#include <deliver_request.h> 693#include <mail_params.h> 694#include <mail_version.h> 695#include <mail_conf.h> 696#include <debug_peer.h> 697#include <flush_clnt.h> 698#include <scache.h> 699#include <string_list.h> 700#include <maps.h> 701#include <ext_prop.h> 702 703/* DNS library. */ 704 705#include <dns.h> 706 707/* Single server skeleton. */ 708 709#include <mail_server.h> 710 711/* Application-specific. */ 712 713#include "smtp.h" 714#include "smtp_sasl.h" 715 716 /* 717 * Tunable parameters. These have compiled-in defaults that can be overruled 718 * by settings in the global Postfix configuration file. 719 */ 720int var_smtp_conn_tmout; 721int var_smtp_helo_tmout; 722int var_smtp_xfwd_tmout; 723int var_smtp_mail_tmout; 724int var_smtp_rcpt_tmout; 725int var_smtp_data0_tmout; 726int var_smtp_data1_tmout; 727int var_smtp_data2_tmout; 728int var_smtp_rset_tmout; 729int var_smtp_quit_tmout; 730char *var_inet_interfaces; 731char *var_notify_classes; 732int var_smtp_skip_5xx_greeting; 733int var_ign_mx_lookup_err; 734int var_skip_quit_resp; 735char *var_fallback_relay; 736char *var_bestmx_transp; 737char *var_error_rcpt; 738int var_smtp_always_ehlo; 739int var_smtp_never_ehlo; 740char *var_smtp_sasl_opts; 741char *var_smtp_sasl_path; 742char *var_smtp_sasl_passwd; 743bool var_smtp_sasl_enable; 744char *var_smtp_sasl_mechs; 745char *var_smtp_sasl_type; 746char *var_smtp_bind_addr; 747char *var_smtp_bind_addr6; 748bool var_smtp_rand_addr; 749int var_smtp_pix_thresh; 750int var_smtp_pix_delay; 751int var_smtp_line_limit; 752char *var_smtp_helo_name; 753char *var_smtp_host_lookup; 754bool var_smtp_quote_821_env; 755bool var_smtp_defer_mxaddr; 756bool var_smtp_send_xforward; 757int var_smtp_mxaddr_limit; 758int var_smtp_mxsess_limit; 759int var_smtp_cache_conn; 760int var_smtp_reuse_time; 761char *var_smtp_cache_dest; 762char *var_scache_service; /* You can now leave this here. */ 763bool var_smtp_cache_demand; 764char *var_smtp_ehlo_dis_words; 765char *var_smtp_ehlo_dis_maps; 766char *var_smtp_addr_pref; 767 768char *var_smtp_tls_level; 769bool var_smtp_use_tls; 770bool var_smtp_enforce_tls; 771char *var_smtp_tls_per_site; 772char *var_smtp_tls_policy; 773 774#ifdef USE_TLS 775char *var_smtp_sasl_tls_opts; 776char *var_smtp_sasl_tlsv_opts; 777int var_smtp_starttls_tmout; 778char *var_smtp_tls_CAfile; 779char *var_smtp_tls_CApath; 780char *var_smtp_tls_cert_file; 781char *var_smtp_tls_mand_ciph; 782char *var_smtp_tls_excl_ciph; 783char *var_smtp_tls_mand_excl; 784char *var_smtp_tls_dcert_file; 785char *var_smtp_tls_dkey_file; 786bool var_smtp_tls_enforce_peername; 787char *var_smtp_tls_key_file; 788int var_smtp_tls_loglevel; 789bool var_smtp_tls_note_starttls_offer; 790char *var_smtp_tls_mand_proto; 791char *var_smtp_tls_sec_cmatch; 792int var_smtp_tls_scert_vd; 793char *var_smtp_tls_vfy_cmatch; 794char *var_smtp_tls_fpt_cmatch; 795char *var_smtp_tls_fpt_dgst; 796char *var_smtp_tls_proto; 797char *var_smtp_tls_ciph; 798char *var_smtp_tls_eccert_file; 799char *var_smtp_tls_eckey_file; 800bool var_smtp_tls_blk_early_mail_reply; 801 802#endif 803 804char *var_smtp_generic_maps; 805char *var_prop_extension; 806bool var_smtp_sender_auth; 807char *var_lmtp_tcp_port; 808int var_scache_proto_tmout; 809bool var_smtp_cname_overr; 810char *var_smtp_pix_bug_words; 811char *var_smtp_pix_bug_maps; 812char *var_cyrus_conf_path; 813char *var_smtp_head_chks; 814char *var_smtp_mime_chks; 815char *var_smtp_nest_chks; 816char *var_smtp_body_chks; 817char *var_smtp_resp_filter; 818bool var_lmtp_assume_final; 819char *var_smtp_dns_res_opt; 820 821 /* Special handling of 535 AUTH errors. */ 822char *var_smtp_sasl_auth_cache_name; 823int var_smtp_sasl_auth_cache_time; 824bool var_smtp_sasl_auth_soft_bounce; 825 826 /* 827 * Global variables. 828 */ 829int smtp_host_lookup_mask; 830STRING_LIST *smtp_cache_dest; 831SCACHE *smtp_scache; 832MAPS *smtp_ehlo_dis_maps; 833MAPS *smtp_generic_maps; 834int smtp_ext_prop_mask; 835unsigned smtp_dns_res_opt; 836MAPS *smtp_pix_bug_maps; 837HBC_CHECKS *smtp_header_checks; /* limited header checks */ 838HBC_CHECKS *smtp_body_checks; /* limited body checks */ 839 840#ifdef USE_TLS 841 842 /* 843 * OpenSSL client state (opaque handle) 844 */ 845TLS_APPL_STATE *smtp_tls_ctx; 846 847#endif 848 849 /* 850 * IPv6 preference. 851 */ 852static int smtp_addr_pref; 853 854/* deliver_message - deliver message with extreme prejudice */ 855 856static int deliver_message(const char *service, DELIVER_REQUEST *request) 857{ 858 SMTP_STATE *state; 859 int result; 860 861 if (msg_verbose) 862 msg_info("deliver_message: from %s", request->sender); 863 864 /* 865 * Sanity checks. The smtp server is unprivileged and chrooted, so we can 866 * afford to distribute the data censoring code, instead of having it all 867 * in one place. 868 */ 869 if (request->nexthop[0] == 0) 870 msg_fatal("empty nexthop hostname"); 871 if (request->rcpt_list.len <= 0) 872 msg_fatal("recipient count: %d", request->rcpt_list.len); 873 874 /* 875 * Initialize. Bundle all information about the delivery request, so that 876 * we can produce understandable diagnostics when something goes wrong 877 * many levels below. The alternative would be to make everything global. 878 */ 879 state = smtp_state_alloc(); 880 state->request = request; 881 state->src = request->fp; 882 state->service = service; 883 state->misc_flags |= smtp_addr_pref; 884 SMTP_RCPT_INIT(state); 885 886 /* 887 * Establish an SMTP session and deliver this message to all requested 888 * recipients. At the end, notify the postmaster of any protocol errors. 889 * Optionally deliver mail locally when this machine is the best mail 890 * exchanger. 891 */ 892 result = smtp_connect(state); 893 894 /* 895 * Clean up. 896 */ 897 smtp_state_free(state); 898 899 return (result); 900} 901 902/* smtp_service - perform service for client */ 903 904static void smtp_service(VSTREAM *client_stream, char *service, char **argv) 905{ 906 DELIVER_REQUEST *request; 907 int status; 908 909 /* 910 * Sanity check. This service takes no command-line arguments. 911 */ 912 if (argv[0]) 913 msg_fatal("unexpected command-line argument: %s", argv[0]); 914 915 /* 916 * This routine runs whenever a client connects to the UNIX-domain socket 917 * dedicated to remote SMTP delivery service. What we see below is a 918 * little protocol to (1) tell the queue manager that we are ready, (2) 919 * read a request from the queue manager, and (3) report the completion 920 * status of that request. All connection-management stuff is handled by 921 * the common code in single_server.c. 922 */ 923 if ((request = deliver_request_read(client_stream)) != 0) { 924 status = deliver_message(service, request); 925 deliver_request_done(client_stream, request, status); 926 } 927} 928 929/* post_init - post-jail initialization */ 930 931static void post_init(char *unused_name, char **unused_argv) 932{ 933 static const NAME_MASK lookup_masks[] = { 934 SMTP_HOST_LOOKUP_DNS, SMTP_HOST_FLAG_DNS, 935 SMTP_HOST_LOOKUP_NATIVE, SMTP_HOST_FLAG_NATIVE, 936 0, 937 }; 938 static const NAME_MASK dns_res_opt_masks[] = { 939 SMTP_DNS_RES_OPT_DEFNAMES, RES_DEFNAMES, 940 SMTP_DNS_RES_OPT_DNSRCH, RES_DNSRCH, 941 0, 942 }; 943 944 /* 945 * Select hostname lookup mechanisms. 946 */ 947 if (var_disable_dns) 948 smtp_host_lookup_mask = SMTP_HOST_FLAG_NATIVE; 949 else 950 smtp_host_lookup_mask = name_mask(VAR_SMTP_HOST_LOOKUP, lookup_masks, 951 var_smtp_host_lookup); 952 if (msg_verbose) 953 msg_info("host name lookup methods: %s", 954 str_name_mask(VAR_SMTP_HOST_LOOKUP, lookup_masks, 955 smtp_host_lookup_mask)); 956 957 /* 958 * Session cache instance. 959 */ 960 if (*var_smtp_cache_dest || var_smtp_cache_demand) 961#if 0 962 smtp_scache = scache_multi_create(); 963#else 964 smtp_scache = scache_clnt_create(var_scache_service, 965 var_scache_proto_tmout, 966 var_ipc_idle_limit, 967 var_ipc_ttl_limit); 968#endif 969 970 /* 971 * Select DNS query flags. 972 */ 973 smtp_dns_res_opt = name_mask(VAR_SMTP_DNS_RES_OPT, dns_res_opt_masks, 974 var_smtp_dns_res_opt); 975} 976 977/* pre_init - pre-jail initialization */ 978 979static void pre_init(char *unused_name, char **unused_argv) 980{ 981 int use_tls; 982 static const NAME_CODE addr_pref_map[] = { 983 INET_PROTO_NAME_IPV6, SMTP_MISC_FLAG_PREF_IPV6, 984 INET_PROTO_NAME_IPV4, SMTP_MISC_FLAG_PREF_IPV4, 985 INET_PROTO_NAME_ANY, 0, 986 0, -1, 987 }; 988 989 /* 990 * Turn on per-peer debugging. 991 */ 992 debug_peer_init(); 993 994 /* 995 * SASL initialization. 996 */ 997 if (var_smtp_sasl_enable) 998#ifdef USE_SASL_AUTH 999 smtp_sasl_initialize(); 1000#else 1001 msg_warn("%s is true, but SASL support is not compiled in", 1002 VAR_SMTP_SASL_ENABLE); 1003#endif 1004 1005 if (*var_smtp_tls_level != 0) 1006#ifdef USE_TLS 1007 switch (tls_level_lookup(var_smtp_tls_level)) { 1008 case TLS_LEV_SECURE: 1009 case TLS_LEV_VERIFY: 1010 case TLS_LEV_FPRINT: 1011 case TLS_LEV_ENCRYPT: 1012 var_smtp_use_tls = var_smtp_enforce_tls = 1; 1013 break; 1014 case TLS_LEV_MAY: 1015 var_smtp_use_tls = 1; 1016 var_smtp_enforce_tls = 0; 1017 break; 1018 case TLS_LEV_NONE: 1019 var_smtp_use_tls = var_smtp_enforce_tls = 0; 1020 break; 1021 default: 1022 /* tls_level_lookup() logs no warning. */ 1023 /* session_tls_init() assumes that var_smtp_tls_level is sane. */ 1024 msg_fatal("Invalid TLS level \"%s\"", var_smtp_tls_level); 1025 } 1026#endif 1027 use_tls = (var_smtp_use_tls || var_smtp_enforce_tls); 1028 1029 /* 1030 * Initialize the TLS data before entering the chroot jail 1031 */ 1032 if (use_tls || var_smtp_tls_per_site[0] || var_smtp_tls_policy[0]) { 1033#ifdef USE_TLS 1034 TLS_CLIENT_INIT_PROPS props; 1035 1036 /* 1037 * We get stronger type safety and a cleaner interface by combining 1038 * the various parameters into a single tls_client_props structure. 1039 * 1040 * Large parameter lists are error-prone, so we emulate a language 1041 * feature that C does not have natively: named parameter lists. 1042 */ 1043 smtp_tls_ctx = 1044 TLS_CLIENT_INIT(&props, 1045 log_level = var_smtp_tls_loglevel, 1046 verifydepth = var_smtp_tls_scert_vd, 1047 cache_type = strcmp(var_procname, "smtp") == 0 ? 1048 TLS_MGR_SCACHE_SMTP : TLS_MGR_SCACHE_LMTP, 1049 cert_file = var_smtp_tls_cert_file, 1050 key_file = var_smtp_tls_key_file, 1051 dcert_file = var_smtp_tls_dcert_file, 1052 dkey_file = var_smtp_tls_dkey_file, 1053 eccert_file = var_smtp_tls_eccert_file, 1054 eckey_file = var_smtp_tls_eckey_file, 1055 CAfile = var_smtp_tls_CAfile, 1056 CApath = var_smtp_tls_CApath, 1057 fpt_dgst = var_smtp_tls_fpt_dgst); 1058 smtp_tls_list_init(); 1059#else 1060 msg_warn("TLS has been selected, but TLS support is not compiled in"); 1061#endif 1062 } 1063 1064 /* 1065 * Flush client. 1066 */ 1067 flush_init(); 1068 1069 /* 1070 * Session cache domain list. 1071 */ 1072 if (*var_smtp_cache_dest) 1073 smtp_cache_dest = string_list_init(MATCH_FLAG_NONE, var_smtp_cache_dest); 1074 1075 /* 1076 * EHLO keyword filter. 1077 */ 1078 if (*var_smtp_ehlo_dis_maps) 1079 smtp_ehlo_dis_maps = maps_create(VAR_SMTP_EHLO_DIS_MAPS, 1080 var_smtp_ehlo_dis_maps, 1081 DICT_FLAG_LOCK); 1082 1083 /* 1084 * PIX bug workarounds. 1085 */ 1086 if (*var_smtp_pix_bug_maps) 1087 smtp_pix_bug_maps = maps_create(VAR_SMTP_PIX_BUG_MAPS, 1088 var_smtp_pix_bug_maps, 1089 DICT_FLAG_LOCK); 1090 1091 /* 1092 * Generic maps. 1093 */ 1094 if (*var_prop_extension) 1095 smtp_ext_prop_mask = 1096 ext_prop_mask(VAR_PROP_EXTENSION, var_prop_extension); 1097 if (*var_smtp_generic_maps) 1098 smtp_generic_maps = 1099 maps_create(VAR_SMTP_GENERIC_MAPS, var_smtp_generic_maps, 1100 DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX); 1101 1102 /* 1103 * Header/body checks. 1104 */ 1105 smtp_header_checks = hbc_header_checks_create( 1106 VAR_SMTP_HEAD_CHKS, var_smtp_head_chks, 1107 VAR_SMTP_MIME_CHKS, var_smtp_mime_chks, 1108 VAR_SMTP_NEST_CHKS, var_smtp_nest_chks, 1109 smtp_hbc_callbacks); 1110 smtp_body_checks = hbc_body_checks_create( 1111 VAR_SMTP_BODY_CHKS, var_smtp_body_chks, 1112 smtp_hbc_callbacks); 1113 1114 /* 1115 * Server reply filter. 1116 */ 1117 if (*var_smtp_resp_filter) 1118 smtp_chat_resp_filter = 1119 dict_open(var_smtp_resp_filter, O_RDONLY, 1120 DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX); 1121 1122 /* 1123 * Address family preference. 1124 */ 1125 if (*var_smtp_addr_pref) { 1126 smtp_addr_pref = name_code(addr_pref_map, NAME_CODE_FLAG_NONE, 1127 var_smtp_addr_pref); 1128 if (smtp_addr_pref < 0) 1129 msg_fatal("bad %s value: %s", VAR_SMTP_ADDR_PREF, var_smtp_addr_pref); 1130 } 1131} 1132 1133/* pre_accept - see if tables have changed */ 1134 1135static void pre_accept(char *unused_name, char **unused_argv) 1136{ 1137 const char *table; 1138 1139 if ((table = dict_changed_name()) != 0) { 1140 msg_info("table %s has changed -- restarting", table); 1141 exit(0); 1142 } 1143} 1144 1145MAIL_VERSION_STAMP_DECLARE; 1146 1147/* main - pass control to the single-threaded skeleton */ 1148 1149int main(int argc, char **argv) 1150{ 1151#include "smtp_params.c" 1152#include "lmtp_params.c" 1153 int smtp_mode; 1154 1155 /* 1156 * Fingerprint executables and core dumps. 1157 */ 1158 MAIL_VERSION_STAMP_ALLOCATE; 1159 1160 /* 1161 * XXX At this point, var_procname etc. are not initialized. 1162 */ 1163 smtp_mode = (strcmp(sane_basename((VSTRING *) 0, argv[0]), "smtp") == 0); 1164 1165 /* 1166 * Initialize with the LMTP or SMTP parameter name space. 1167 */ 1168 single_server_main(argc, argv, smtp_service, 1169 MAIL_SERVER_TIME_TABLE, smtp_mode ? 1170 smtp_time_table : lmtp_time_table, 1171 MAIL_SERVER_INT_TABLE, smtp_mode ? 1172 smtp_int_table : lmtp_int_table, 1173 MAIL_SERVER_STR_TABLE, smtp_mode ? 1174 smtp_str_table : lmtp_str_table, 1175 MAIL_SERVER_BOOL_TABLE, smtp_mode ? 1176 smtp_bool_table : lmtp_bool_table, 1177 MAIL_SERVER_PRE_INIT, pre_init, 1178 MAIL_SERVER_POST_INIT, post_init, 1179 MAIL_SERVER_PRE_ACCEPT, pre_accept, 1180 0); 1181} 1182