1/*	$NetBSD: smtp.h,v 1.5 2023/12/23 20:30:45 christos Exp $	*/
2
3/*++
4/* NAME
5/*	smtp 3h
6/* SUMMARY
7/*	smtp client program
8/* SYNOPSIS
9/*	#include "smtp.h"
10/* DESCRIPTION
11/* .nf
12
13 /*
14  * System library.
15  */
16#include <string.h>
17
18 /*
19  * Utility library.
20  */
21#include <vstream.h>
22#include <vstring.h>
23#include <argv.h>
24#include <htable.h>
25#include <dict.h>
26
27 /*
28  * Global library.
29  */
30#include <deliver_request.h>
31#include <scache.h>
32#include <string_list.h>
33#include <maps.h>
34#include <tok822.h>
35#include <dsn_buf.h>
36#include <header_body_checks.h>
37
38 /*
39  * Postfix TLS library.
40  */
41#include <tls.h>
42
43 /*
44  * tlsproxy client.
45  */
46#include <tls_proxy.h>
47
48 /*
49  * Global iterator support. This is updated by the connection-management
50  * loop, and contains dynamic context that appears in lookup keys for SASL
51  * passwords, TLS policy, cached SMTP connections, and cached TLS session
52  * keys.
53  *
54  * For consistency and maintainability, context that is used in more than one
55  * lookup key is formatted with smtp_key_format().
56  */
57typedef struct SMTP_ITERATOR {
58    /* Public members. */
59    VSTRING *request_nexthop;		/* delivery request nexhop or empty */
60    VSTRING *dest;			/* current nexthop */
61    VSTRING *host;			/* hostname or empty */
62    VSTRING *addr;			/* printable address or empty */
63    unsigned port;			/* network byte order or null */
64    struct DNS_RR *rr;			/* DNS resource record or null */
65    struct DNS_RR *mx;			/* DNS resource record or null */
66    /* Private members. */
67    VSTRING *saved_dest;		/* saved current nexthop */
68    struct SMTP_STATE *parent;		/* parent linkage */
69} SMTP_ITERATOR;
70
71#define SMTP_ITER_INIT(iter, _dest, _host, _addr, _port, state) do { \
72	vstring_strcpy((iter)->dest, (_dest)); \
73	vstring_strcpy((iter)->host, (_host)); \
74	vstring_strcpy((iter)->addr, (_addr)); \
75	(iter)->port = (_port); \
76	(iter)->mx = (iter)->rr = 0; \
77	vstring_strcpy((iter)->saved_dest, ""); \
78	(iter)->parent = (state); \
79    } while (0)
80
81#define SMTP_ITER_SAVE_DEST(iter) do { \
82	vstring_strcpy((iter)->saved_dest, STR((iter)->dest)); \
83    } while (0)
84
85#define SMTP_ITER_RESTORE_DEST(iter) do { \
86	vstring_strcpy((iter)->dest, STR((iter)->saved_dest)); \
87    } while (0)
88
89#define SMTP_ITER_UPDATE_HOST(iter, _host, _addr, _rr) do { \
90	vstring_strcpy((iter)->host, (_host)); \
91	vstring_strcpy((iter)->addr, (_addr)); \
92	(iter)->rr = (_rr); \
93	if ((_rr)->port) \
94	    (iter)->port = htons((_rr)->port); /* SRV port override */ \
95    } while (0)
96
97 /*
98  * TLS Policy support.
99  */
100#ifdef USE_TLS
101
102typedef struct SMTP_TLS_POLICY {
103    int     level;			/* TLS enforcement level */
104    char   *protocols;			/* Acceptable SSL protocols */
105    char   *grade;			/* Cipher grade: "export", ... */
106    VSTRING *exclusions;		/* Excluded SSL ciphers */
107    ARGV   *matchargv;			/* Cert match patterns */
108    DSN_BUF *why;			/* Lookup error status */
109    TLS_DANE *dane;			/* DANE TLSA digests */
110    char   *sni;			/* Optional SNI name when not DANE */
111    int     conn_reuse;			/* enable connection reuse */
112} SMTP_TLS_POLICY;
113
114 /*
115  * smtp_tls_policy.c
116  */
117extern void smtp_tls_list_init(void);
118extern int smtp_tls_policy_cache_query(DSN_BUF *, SMTP_TLS_POLICY *, SMTP_ITERATOR *);
119extern void smtp_tls_policy_cache_flush(void);
120
121 /*
122  * Macros must use distinct names for local temporary variables, otherwise
123  * there will be bugs due to shadowing. This happened when an earlier
124  * version of smtp_tls_policy_dummy() invoked smtp_tls_policy_init(), but it
125  * could also happen without macro nesting.
126  *
127  * General principle: use all or part of the macro name in each temporary
128  * variable name. Then, append suffixes to the names if needed.
129  */
130#define smtp_tls_policy_dummy(t) do { \
131	SMTP_TLS_POLICY *_tls_policy_dummy_tmp = (t); \
132	smtp_tls_policy_init(_tls_policy_dummy_tmp, (DSN_BUF *) 0); \
133	_tls_policy_dummy_tmp->level = TLS_LEV_NONE; \
134    } while (0)
135
136 /* This macro is not part of the module external interface. */
137#define smtp_tls_policy_init(t, w) do { \
138	SMTP_TLS_POLICY *_tls_policy_init_tmp = (t); \
139	_tls_policy_init_tmp->protocols = 0; \
140	_tls_policy_init_tmp->grade = 0; \
141	_tls_policy_init_tmp->exclusions = 0; \
142	_tls_policy_init_tmp->matchargv = 0; \
143	_tls_policy_init_tmp->why = (w); \
144	_tls_policy_init_tmp->dane = 0; \
145	_tls_policy_init_tmp->sni = 0; \
146	_tls_policy_init_tmp->conn_reuse = 0; \
147    } while (0)
148
149#endif
150
151 /*
152  * State information associated with each SMTP delivery request.
153  * Session-specific state is stored separately.
154  */
155typedef struct SMTP_STATE {
156    int     misc_flags;			/* processing flags, see below */
157    VSTREAM *src;			/* queue file stream */
158    const char *service;		/* transport name */
159    DELIVER_REQUEST *request;		/* envelope info, offsets */
160    struct SMTP_SESSION *session;	/* network connection */
161    int     status;			/* delivery status */
162    ssize_t space_left;			/* output length control */
163
164    /*
165     * Global iterator.
166     */
167    SMTP_ITERATOR iterator[1];		/* Usage: state->iterator->member */
168
169    /*
170     * Global iterator.
171     */
172#ifdef USE_TLS
173    SMTP_TLS_POLICY tls[1];		/* Usage: state->tls->member */
174#endif
175
176    /*
177     * Connection cache support.
178     */
179    HTABLE *cache_used;			/* cached addresses that were used */
180    VSTRING *dest_label;		/* cached logical/physical binding */
181    VSTRING *dest_prop;			/* binding properties, passivated */
182    VSTRING *endp_label;		/* cached session physical endpoint */
183    VSTRING *endp_prop;			/* endpoint properties, passivated */
184
185    /*
186     * Flags and counters to control the handling of mail delivery errors.
187     * There is some redundancy for sanity checking. At the end of an SMTP
188     * session all recipients should be marked one way or the other.
189     */
190    int     rcpt_left;			/* recipients left over */
191    int     rcpt_drop;			/* recipients marked as drop */
192    int     rcpt_keep;			/* recipients marked as keep */
193
194    /*
195     * DSN Support introduced major bloat in error processing.
196     */
197    DSN_BUF *why;			/* on-the-fly formatting buffer */
198
199    /*
200     * Whether per-nexthop debug_peer support was requested. Otherwise,
201     * assume per-server debug_peer support.
202     */
203    int     debug_peer_per_nexthop;
204
205    /*
206     * One-bit counters to avoid logging the same warning multiple times per
207     * delivery request.
208     */
209    unsigned logged_line_length_limit:1;
210} SMTP_STATE;
211
212 /*
213  * Primitives to enable/disable/test connection caching and reuse based on
214  * the delivery request next-hop destination (i.e. not smtp_fallback_relay).
215  *
216  * Connection cache lookup by the delivery request next-hop destination allows
217  * a reuse request to skip over bad hosts, and may result in a connection to
218  * a fall-back relay. Once we have found a 'good' host for a delivery
219  * request next-hop, clear the delivery request next-hop destination, to
220  * avoid caching less-preferred connections under that same delivery request
221  * next-hop.
222  */
223#define SET_SCACHE_REQUEST_NEXTHOP(state, nexthop) do { \
224	vstring_strcpy((state)->iterator->request_nexthop, nexthop); \
225    } while (0)
226
227#define CLEAR_SCACHE_REQUEST_NEXTHOP(state) do { \
228	STR((state)->iterator->request_nexthop)[0] = 0; \
229    } while (0)
230
231#define HAVE_SCACHE_REQUEST_NEXTHOP(state) \
232	(STR((state)->iterator->request_nexthop)[0] != 0)
233
234
235 /*
236  * Server features.
237  */
238#define SMTP_FEATURE_ESMTP		(1<<0)
239#define SMTP_FEATURE_8BITMIME		(1<<1)
240#define SMTP_FEATURE_PIPELINING		(1<<2)
241#define SMTP_FEATURE_SIZE		(1<<3)
242#define SMTP_FEATURE_STARTTLS		(1<<4)
243#define SMTP_FEATURE_AUTH		(1<<5)
244#define SMTP_FEATURE_XFORWARD_NAME	(1<<7)
245#define SMTP_FEATURE_XFORWARD_ADDR	(1<<8)
246#define SMTP_FEATURE_XFORWARD_PROTO	(1<<9)
247#define SMTP_FEATURE_XFORWARD_HELO	(1<<10)
248#define SMTP_FEATURE_XFORWARD_DOMAIN	(1<<11)
249#define SMTP_FEATURE_BEST_MX		(1<<12)	/* for next-hop or fall-back */
250#define SMTP_FEATURE_RSET_REJECTED	(1<<13)	/* RSET probe rejected */
251#define SMTP_FEATURE_FROM_CACHE		(1<<14)	/* cached connection */
252#define SMTP_FEATURE_DSN		(1<<15)	/* DSN supported */
253#define SMTP_FEATURE_PIX_NO_ESMTP	(1<<16)	/* PIX smtp fixup mode */
254#define SMTP_FEATURE_PIX_DELAY_DOTCRLF	(1<<17)	/* PIX smtp fixup mode */
255#define SMTP_FEATURE_XFORWARD_PORT	(1<<18)
256#define SMTP_FEATURE_EARLY_TLS_MAIL_REPLY (1<<19)	/* CVE-2009-3555 */
257#define SMTP_FEATURE_XFORWARD_IDENT	(1<<20)
258#define SMTP_FEATURE_SMTPUTF8		(1<<21)	/* RFC 6531 */
259#define SMTP_FEATURE_FROM_PROXY		(1<<22)	/* proxied connection */
260
261 /*
262  * Features that passivate under the endpoint.
263  */
264#define SMTP_FEATURE_ENDPOINT_MASK \
265	(~(SMTP_FEATURE_BEST_MX | SMTP_FEATURE_RSET_REJECTED \
266	| SMTP_FEATURE_FROM_CACHE))
267
268 /*
269  * Features that passivate under the logical destination.
270  */
271#define SMTP_FEATURE_DESTINATION_MASK (SMTP_FEATURE_BEST_MX)
272
273 /*
274  * Misc flags.
275  */
276#define SMTP_MISC_FLAG_LOOP_DETECT	(1<<0)
277#define	SMTP_MISC_FLAG_IN_STARTTLS	(1<<1)
278#define SMTP_MISC_FLAG_FIRST_NEXTHOP	(1<<2)
279#define SMTP_MISC_FLAG_FINAL_NEXTHOP	(1<<3)
280#define SMTP_MISC_FLAG_FINAL_SERVER	(1<<4)
281#define SMTP_MISC_FLAG_CONN_LOAD	(1<<5)
282#define SMTP_MISC_FLAG_CONN_STORE	(1<<6)
283#define SMTP_MISC_FLAG_COMPLETE_SESSION	(1<<7)
284#define SMTP_MISC_FLAG_PREF_IPV6	(1<<8)
285#define SMTP_MISC_FLAG_PREF_IPV4	(1<<9)
286#define SMTP_MISC_FLAG_FALLBACK_SRV_TO_MX (1<<10)
287
288#define SMTP_MISC_FLAG_CONN_CACHE_MASK \
289	(SMTP_MISC_FLAG_CONN_LOAD | SMTP_MISC_FLAG_CONN_STORE)
290
291 /*
292  * smtp.c
293  */
294#define SMTP_HAS_DSN(why)	(STR((why)->status)[0] != 0)
295#define SMTP_HAS_SOFT_DSN(why)	(STR((why)->status)[0] == '4')
296#define SMTP_HAS_HARD_DSN(why)	(STR((why)->status)[0] == '5')
297#define SMTP_HAS_LOOP_DSN(why) \
298    (SMTP_HAS_DSN(why) && strcmp(STR((why)->status) + 1, ".4.6") == 0)
299
300#define SMTP_SET_SOFT_DSN(why)	(STR((why)->status)[0] = '4')
301#define SMTP_SET_HARD_DSN(why)	(STR((why)->status)[0] = '5')
302
303extern int smtp_host_lookup_mask;	/* host lookup methods to use */
304
305#define SMTP_HOST_FLAG_DNS	(1<<0)
306#define SMTP_HOST_FLAG_NATIVE	(1<<1)
307
308extern int smtp_dns_support;		/* dns support level */
309
310#define SMTP_DNS_INVALID	(-1)	/* smtp_dns_support_level = <bogus> */
311#define SMTP_DNS_DISABLED	0	/* smtp_dns_support_level = disabled */
312#define SMTP_DNS_ENABLED	1	/* smtp_dns_support_level = enabled */
313#define SMTP_DNS_DNSSEC		2	/* smtp_dns_support_level = dnssec */
314
315extern SCACHE *smtp_scache;		/* connection cache instance */
316extern STRING_LIST *smtp_cache_dest;	/* cached destinations */
317
318extern MAPS *smtp_ehlo_dis_maps;	/* ehlo keyword filter */
319
320extern MAPS *smtp_pix_bug_maps;		/* PIX workarounds */
321
322extern MAPS *smtp_generic_maps;		/* make internal address valid */
323extern int smtp_ext_prop_mask;		/* address extension propagation */
324extern unsigned smtp_dns_res_opt;	/* DNS query flags */
325
326extern STRING_LIST *smtp_use_srv_lookup;/* services with SRV record lookup */
327
328#ifdef USE_TLS
329
330extern TLS_APPL_STATE *smtp_tls_ctx;	/* client-side TLS engine */
331extern int smtp_tls_insecure_mx_policy;	/* DANE post insecure MX? */
332
333#endif
334
335extern HBC_CHECKS *smtp_header_checks;	/* limited header checks */
336extern HBC_CHECKS *smtp_body_checks;	/* limited body checks */
337
338 /*
339  * smtp_session.c
340  */
341
342typedef struct SMTP_SESSION {
343    VSTREAM *stream;			/* network connection */
344    SMTP_ITERATOR *iterator;		/* dest, host, addr, port */
345    char   *namaddr;			/* mail exchanger */
346    char   *helo;			/* helo response */
347    unsigned port;			/* network byte order */
348    char   *namaddrport;		/* mail exchanger, incl. port */
349
350    VSTRING *buffer;			/* I/O buffer */
351    VSTRING *scratch;			/* scratch buffer */
352    VSTRING *scratch2;			/* scratch buffer */
353
354    int     features;			/* server features */
355    off_t   size_limit;			/* server limit or unknown */
356
357    ARGV   *history;			/* transaction log */
358    int     error_mask;			/* error classes */
359    struct MIME_STATE *mime_state;	/* mime state machine */
360
361    int     send_proto_helo;		/* XFORWARD support */
362
363    time_t  expire_time;		/* session reuse expiration time */
364    int     reuse_count;		/* # of times reused (for logging) */
365    int     forbidden;			/* No further I/O allowed */
366
367#ifdef USE_SASL_AUTH
368    char   *sasl_mechanism_list;	/* server mechanism list */
369    char   *sasl_username;		/* client username */
370    char   *sasl_passwd;		/* client password */
371    struct XSASL_CLIENT *sasl_client;	/* SASL internal state */
372    VSTRING *sasl_reply;		/* client response */
373#endif
374
375    /*
376     * TLS related state, don't forget to initialize in session_tls_init()!
377     */
378#ifdef USE_TLS
379    TLS_SESS_STATE *tls_context;	/* TLS library session state */
380    char   *tls_nexthop;		/* Nexthop domain for cert checks */
381    int     tls_retry_plain;		/* Try plain when TLS handshake fails */
382#endif
383
384    SMTP_STATE *state;			/* back link */
385} SMTP_SESSION;
386
387extern SMTP_SESSION *smtp_session_alloc(VSTREAM *, SMTP_ITERATOR *, time_t, int);
388extern void smtp_session_new_stream(SMTP_SESSION *, VSTREAM *, time_t, int);
389extern int smtp_sess_plaintext_ok(SMTP_ITERATOR *, int);
390extern void smtp_session_free(SMTP_SESSION *);
391extern int smtp_session_passivate(SMTP_SESSION *, VSTRING *, VSTRING *);
392extern SMTP_SESSION *smtp_session_activate(int, SMTP_ITERATOR *, VSTRING *, VSTRING *);
393
394 /*
395  * What's in a name?
396  */
397#define SMTP_HNAME(rr) (var_smtp_cname_overr ? (rr)->rname : (rr)->qname)
398
399 /*
400  * smtp_connect.c
401  */
402extern int smtp_connect(SMTP_STATE *);
403
404 /*
405  * smtp_proto.c
406  */
407extern void smtp_vrfy_init(void);
408extern int smtp_helo(SMTP_STATE *);
409extern int smtp_xfer(SMTP_STATE *);
410extern int smtp_rset(SMTP_STATE *);
411extern int smtp_quit(SMTP_STATE *);
412
413extern HBC_CALL_BACKS smtp_hbc_callbacks[];
414
415 /*
416  * A connection is re-usable if session->expire_time is > 0 and the
417  * expiration time has not been reached.  This is subtle because the timer
418  * can expire between sending a command and receiving the reply for that
419  * command.
420  *
421  * But wait, there is more! When SMTP command pipelining is enabled, there are
422  * two protocol loops that execute at very different times: one loop that
423  * generates commands, and one loop that receives replies to those commands.
424  * These will be called "sender loop" and "receiver loop", respectively. At
425  * well-defined protocol synchronization points, the sender loop pauses to
426  * let the receiver loop catch up.
427  *
428  * When we choose to reuse a connection, both the sender and receiver protocol
429  * loops end with "." (mail delivery) or "RSET" (address probe). When we
430  * choose not to reuse, both the sender and receiver protocol loops end with
431  * "QUIT". The problem is that we must make the same protocol choices in
432  * both the sender and receiver loops, even though those loops may execute
433  * at completely different times.
434  *
435  * We "freeze" the choice in the sender loop, just before we generate "." or
436  * "RSET". The reader loop leaves the connection cacheable even if the timer
437  * expires by the time the response arrives. The connection cleanup code
438  * will call smtp_quit() for connections with an expired cache expiration
439  * timer.
440  *
441  * We could have made the programmer's life a lot simpler by not making a
442  * choice at all, and always leaving it up to the connection cleanup code to
443  * call smtp_quit() for connections with an expired cache expiration timer.
444  *
445  * As a general principle, neither the sender loop nor the receiver loop must
446  * modify the connection caching state, if that can affect the receiver
447  * state machine for not-yet processed replies to already-generated
448  * commands. This restriction does not apply when we have to exit the
449  * protocol loops prematurely due to e.g., timeout or connection loss, so
450  * that those pending replies will never be received.
451  *
452  * But wait, there is even more! Only the first good connection for a specific
453  * destination may be cached under both the next-hop destination name and
454  * the server address; connections to alternate servers must be cached under
455  * the server address alone. This means we must distinguish between bad
456  * connections and other reasons why connections cannot be cached.
457  */
458#define THIS_SESSION_IS_CACHED \
459	(!THIS_SESSION_IS_FORBIDDEN && session->expire_time > 0)
460
461#define THIS_SESSION_IS_EXPIRED \
462	(THIS_SESSION_IS_CACHED \
463	    && (session->expire_time < vstream_ftime(session->stream) \
464		|| (var_smtp_reuse_count > 0 \
465		    && session->reuse_count >= var_smtp_reuse_count)))
466
467#define THIS_SESSION_IS_THROTTLED \
468	(!THIS_SESSION_IS_FORBIDDEN && session->expire_time < 0)
469
470#define THIS_SESSION_IS_FORBIDDEN \
471	(session->forbidden != 0)
472
473 /* Bring the bad news. */
474
475#define DONT_CACHE_THIS_SESSION \
476	(session->expire_time = 0)
477
478#define DONT_CACHE_THROTTLED_SESSION \
479	(session->expire_time = -1)
480
481#define DONT_USE_FORBIDDEN_SESSION \
482	(session->forbidden = 1)
483
484 /* Initialization. */
485
486#define USE_NEWBORN_SESSION \
487	(session->forbidden = 0)
488
489#define CACHE_THIS_SESSION_UNTIL(when) \
490	(session->expire_time = (when))
491
492 /*
493  * Encapsulate the following so that we don't expose details of
494  * connection management and error handling to the SMTP protocol engine.
495  */
496#ifdef USE_SASL_AUTH
497#define HAVE_SASL_CREDENTIALS \
498	(var_smtp_sasl_enable \
499	     && *var_smtp_sasl_passwd \
500	     && smtp_sasl_passwd_lookup(session))
501#else
502#define HAVE_SASL_CREDENTIALS	(0)
503#endif
504
505#define PREACTIVE_DELAY \
506	(session->state->request->msg_stats.active_arrival.tv_sec - \
507	 session->state->request->msg_stats.incoming_arrival.tv_sec)
508
509#define TRACE_REQ_ONLY	(DEL_REQ_TRACE_ONLY(state->request->flags))
510
511#define PLAINTEXT_FALLBACK_OK_AFTER_STARTTLS_FAILURE \
512	(session->tls_context == 0 \
513	    && state->tls->level == TLS_LEV_MAY \
514	    && (TRACE_REQ_ONLY || PREACTIVE_DELAY >= var_min_backoff_time) \
515	    && !HAVE_SASL_CREDENTIALS)
516
517#define PLAINTEXT_FALLBACK_OK_AFTER_TLS_SESSION_FAILURE \
518	(session->tls_context != 0 \
519	    && SMTP_RCPT_LEFT(state) > SMTP_RCPT_MARK_COUNT(state) \
520	    && state->tls->level == TLS_LEV_MAY \
521	    && (TRACE_REQ_ONLY || PREACTIVE_DELAY >= var_min_backoff_time) \
522	    && !HAVE_SASL_CREDENTIALS)
523
524 /*
525  * XXX The following will not retry recipients that were deferred while the
526  * SMTP_MISC_FLAG_FINAL_SERVER flag was already set. This includes the case
527  * when TLS fails in the middle of a delivery.
528  */
529#define RETRY_AS_PLAINTEXT do { \
530	session->tls_retry_plain = 1; \
531	state->misc_flags &= ~SMTP_MISC_FLAG_FINAL_SERVER; \
532    } while (0)
533
534 /*
535  * smtp_chat.c
536  */
537typedef struct SMTP_RESP {		/* server response */
538    int     code;			/* SMTP code */
539    const char *dsn;			/* enhanced status */
540    char   *str;			/* full reply */
541    VSTRING *dsn_buf;			/* status buffer */
542    VSTRING *str_buf;			/* reply buffer */
543} SMTP_RESP;
544
545extern void PRINTFLIKE(2, 3) smtp_chat_cmd(SMTP_SESSION *, const char *,...);
546extern DICT *smtp_chat_resp_filter;
547extern SMTP_RESP *smtp_chat_resp(SMTP_SESSION *);
548extern void smtp_chat_init(SMTP_SESSION *);
549extern void smtp_chat_reset(SMTP_SESSION *);
550extern void smtp_chat_notify(SMTP_SESSION *);
551
552#define SMTP_RESP_FAKE(resp, _dsn) \
553    ((resp)->code = 0, \
554     (resp)->dsn = (_dsn), \
555     (resp)->str = DSN_BY_LOCAL_MTA, \
556     (resp))
557
558#define DSN_BY_LOCAL_MTA	((char *) 0)	/* DSN issued by local MTA */
559
560#define SMTP_RESP_SET_DSN(resp, _dsn) do { \
561	vstring_strcpy((resp)->dsn_buf, (_dsn)); \
562	(resp)->dsn = STR((resp)->dsn_buf); \
563    } while (0)
564
565 /*
566  * These operations implement a redundant mark-and-sweep algorithm that
567  * explicitly accounts for the fate of every recipient. The interface is
568  * documented in smtp_rcpt.c, which also implements the sweeping. The
569  * smtp_trouble.c module does most of the marking after failure.
570  *
571  * When a delivery fails or succeeds, take one of the following actions:
572  *
573  * - Mark the recipient as KEEP (deliver to alternate MTA) and do not update
574  * the delivery request status.
575  *
576  * - Mark the recipient as DROP (remove from delivery request), log whether
577  * delivery succeeded or failed, delete the recipient from the queue file
578  * and/or update defer or bounce logfiles, and update the delivery request
579  * status.
580  *
581  * At the end of a delivery attempt, all recipients must be marked one way or
582  * the other. Failure to do so will trigger a panic.
583  */
584#define SMTP_RCPT_STATE_KEEP	1	/* send to backup host */
585#define SMTP_RCPT_STATE_DROP	2	/* remove from request */
586#define SMTP_RCPT_INIT(state) do { \
587	    (state)->rcpt_drop = (state)->rcpt_keep = 0; \
588	    (state)->rcpt_left = state->request->rcpt_list.len; \
589	} while (0)
590
591#define SMTP_RCPT_DROP(state, rcpt) do { \
592	    (rcpt)->u.status = SMTP_RCPT_STATE_DROP; (state)->rcpt_drop++; \
593	} while (0)
594
595#define SMTP_RCPT_KEEP(state, rcpt) do { \
596	    (rcpt)->u.status = SMTP_RCPT_STATE_KEEP; (state)->rcpt_keep++; \
597	} while (0)
598
599#define SMTP_RCPT_ISMARKED(rcpt) ((rcpt)->u.status != 0)
600
601#define SMTP_RCPT_LEFT(state) (state)->rcpt_left
602
603#define SMTP_RCPT_MARK_COUNT(state) ((state)->rcpt_drop + (state)->rcpt_keep)
604
605extern void smtp_rcpt_cleanup(SMTP_STATE *);
606extern void smtp_rcpt_done(SMTP_STATE *, SMTP_RESP *, RECIPIENT *);
607
608 /*
609  * smtp_trouble.c
610  */
611#define SMTP_THROTTLE	1
612#define SMTP_NOTHROTTLE	0
613extern int smtp_sess_fail(SMTP_STATE *);
614extern int PRINTFLIKE(5, 6) smtp_misc_fail(SMTP_STATE *, int, const char *,
615				             SMTP_RESP *, const char *,...);
616extern void PRINTFLIKE(5, 6) smtp_rcpt_fail(SMTP_STATE *, RECIPIENT *,
617					          const char *, SMTP_RESP *,
618					            const char *,...);
619extern int smtp_stream_except(SMTP_STATE *, int, const char *);
620
621#define smtp_site_fail(state, mta, resp, ...) \
622	smtp_misc_fail((state), SMTP_THROTTLE, (mta), (resp), __VA_ARGS__)
623#define smtp_mesg_fail(state, mta, resp, ...) \
624	smtp_misc_fail((state), SMTP_NOTHROTTLE, (mta), (resp), __VA_ARGS__)
625
626 /*
627  * smtp_unalias.c
628  */
629extern const char *smtp_unalias_name(const char *);
630extern VSTRING *smtp_unalias_addr(VSTRING *, const char *);
631
632 /*
633  * smtp_state.c
634  */
635extern SMTP_STATE *smtp_state_alloc(void);
636extern void smtp_state_free(SMTP_STATE *);
637
638 /*
639  * smtp_map11.c
640  */
641extern int smtp_map11_external(VSTRING *, MAPS *, int);
642extern int smtp_map11_tree(TOK822 *, MAPS *, int);
643extern int smtp_map11_internal(VSTRING *, MAPS *, int);
644
645 /*
646  * smtp_key.c
647  */
648char   *smtp_key_prefix(VSTRING *, const char *, SMTP_ITERATOR *, int);
649
650#define SMTP_KEY_FLAG_SERVICE		(1<<0)	/* service name */
651#define SMTP_KEY_FLAG_SENDER		(1<<1)	/* sender address */
652#define SMTP_KEY_FLAG_REQ_NEXTHOP	(1<<2)	/* delivery request nexthop */
653#define SMTP_KEY_FLAG_CUR_NEXTHOP	(1<<3)	/* current nexthop */
654#define SMTP_KEY_FLAG_HOSTNAME		(1<<4)	/* remote host name */
655#define SMTP_KEY_FLAG_ADDR		(1<<5)	/* remote address */
656#define SMTP_KEY_FLAG_PORT		(1<<6)	/* remote port */
657#define SMTP_KEY_FLAG_TLS_LEVEL		(1<<7)	/* requested TLS level */
658
659#define SMTP_KEY_MASK_ALL \
660	(SMTP_KEY_FLAG_SERVICE | SMTP_KEY_FLAG_SENDER | \
661	SMTP_KEY_FLAG_REQ_NEXTHOP | \
662	SMTP_KEY_FLAG_CUR_NEXTHOP | SMTP_KEY_FLAG_HOSTNAME | \
663	SMTP_KEY_FLAG_ADDR | SMTP_KEY_FLAG_PORT | SMTP_KEY_FLAG_TLS_LEVEL)
664
665 /*
666  * Conditional lookup-key flags for cached connections that may be
667  * SASL-authenticated with a per-{sender, nexthop, or hostname} credential.
668  * Each bit corresponds to one type of smtp_sasl_password_file lookup key,
669  * and is turned on only when the corresponding main.cf parameter is turned
670  * on.
671  */
672#define COND_SASL_SMTP_KEY_FLAG_SENDER \
673	((var_smtp_sender_auth && *var_smtp_sasl_passwd) ? \
674	    SMTP_KEY_FLAG_SENDER : 0)
675
676#define COND_SASL_SMTP_KEY_FLAG_CUR_NEXTHOP \
677	(*var_smtp_sasl_passwd ? SMTP_KEY_FLAG_CUR_NEXTHOP : 0)
678
679#ifdef USE_TLS
680#define COND_TLS_SMTP_KEY_FLAG_CUR_NEXTHOP \
681	(TLS_MUST_MATCH(state->tls->level) ? SMTP_KEY_FLAG_CUR_NEXTHOP : 0)
682#else
683#define COND_TLS_SMTP_KEY_FLAG_CUR_NEXTHOP \
684	(0)
685#endif
686
687#define COND_SASL_SMTP_KEY_FLAG_HOSTNAME \
688	(*var_smtp_sasl_passwd ? SMTP_KEY_FLAG_HOSTNAME : 0)
689
690 /*
691  * Connection-cache destination lookup key, based on the delivery request
692  * nexthop. The SENDER attribute is a proxy for sender-dependent SASL
693  * credentials (or absence thereof), and prevents false connection sharing
694  * when different SASL credentials may be required for different deliveries
695  * to the same domain and port. Likewise, the delivery request nexthop
696  * (REQ_NEXTHOP) prevents false sharing of TLS identities (the destination
697  * key links only to appropriate endpoint lookup keys). The SERVICE
698  * attribute is a proxy for all request-independent configuration details.
699  */
700#define SMTP_KEY_MASK_SCACHE_DEST_LABEL \
701	(SMTP_KEY_FLAG_SERVICE | COND_SASL_SMTP_KEY_FLAG_SENDER \
702	| SMTP_KEY_FLAG_REQ_NEXTHOP)
703
704 /*
705  * Connection-cache endpoint lookup key. The SENDER, CUR_NEXTHOP, HOSTNAME,
706  * PORT and TLS_LEVEL attributes are proxies for SASL credentials and TLS
707  * authentication (or absence thereof), and prevent false connection sharing
708  * when different SASL credentials or TLS identities may be required for
709  * different deliveries to the same IP address and port. The SERVICE
710  * attribute is a proxy for all request-independent configuration details.
711  */
712#define SMTP_KEY_MASK_SCACHE_ENDP_LABEL \
713	(SMTP_KEY_FLAG_SERVICE | COND_SASL_SMTP_KEY_FLAG_SENDER \
714	| COND_SASL_SMTP_KEY_FLAG_CUR_NEXTHOP \
715	| COND_SASL_SMTP_KEY_FLAG_HOSTNAME \
716	| COND_TLS_SMTP_KEY_FLAG_CUR_NEXTHOP | SMTP_KEY_FLAG_ADDR | \
717	SMTP_KEY_FLAG_PORT | SMTP_KEY_FLAG_TLS_LEVEL)
718
719 /*
720  * Silly little macros.
721  */
722#define STR(s) vstring_str(s)
723#define LEN(s) VSTRING_LEN(s)
724
725extern int smtp_mode;
726
727#define VAR_LMTP_SMTP(x) (smtp_mode ? VAR_SMTP_##x : VAR_LMTP_##x)
728#define LMTP_SMTP_SUFFIX(x) (smtp_mode ? x##_SMTP : x##_LMTP)
729
730 /*
731  * Parsed command-line attributes. These do not change during the process
732  * lifetime.
733  */
734typedef struct {
735    int     flags;			/* from flags=, see below */
736} SMTP_CLI_ATTR;
737
738#define SMTP_CLI_FLAG_DELIVERED_TO	(1<<0)	/* prepend Delivered-To: */
739#define SMTP_CLI_FLAG_ORIG_RCPT		(1<<1)	/* prepend X-Original-To: */
740#define SMTP_CLI_FLAG_RETURN_PATH	(1<<2)	/* prepend Return-Path: */
741#define SMTP_CLI_FLAG_FINAL_DELIVERY	(1<<3)	/* final, not relay */
742
743#define SMTP_CLI_MASK_ADD_HEADERS	(SMTP_CLI_FLAG_DELIVERED_TO | \
744	SMTP_CLI_FLAG_ORIG_RCPT | SMTP_CLI_FLAG_RETURN_PATH)
745
746extern SMTP_CLI_ATTR smtp_cli_attr;
747
748 /*
749  * smtp_misc.c.
750  */
751extern void smtp_rewrite_generic_internal(VSTRING *, const char *);
752extern void smtp_quote_822_address_flags(VSTRING *, const char *, int);
753extern void smtp_quote_821_address(VSTRING *, const char *);
754
755 /*
756  * header_from_format support, for postmaster notifications.
757  */
758extern int smtp_hfrom_format;
759
760/* LICENSE
761/* .ad
762/* .fi
763/*	The Secure Mailer license must be distributed with this software.
764/* AUTHOR(S)
765/*	Wietse Venema
766/*	IBM T.J. Watson Research
767/*	P.O. Box 704
768/*	Yorktown Heights, NY 10598, USA
769/*
770/*	Wietse Venema
771/*	Google, Inc.
772/*	111 8th Avenue
773/*	New York, NY 10011, USA
774/*
775/*	TLS support originally by:
776/*	Lutz Jaenicke
777/*	BTU Cottbus
778/*	Allgemeine Elektrotechnik
779/*	Universitaetsplatz 3-4
780/*	D-03044 Cottbus, Germany
781/*
782/*	Victor Duchovni
783/*	Morgan Stanley
784/*--*/
785