1f67bedddSMatthias Schmidt /* 2f67bedddSMatthias Schmidt * Copyright (c) 2008 The DragonFly Project. All rights reserved. 3f67bedddSMatthias Schmidt * 4f67bedddSMatthias Schmidt * This code is derived from software contributed to The DragonFly Project 5f67bedddSMatthias Schmidt * by Matthias Schmidt <matthias@dragonflybsd.org>, University of Marburg, 6f67bedddSMatthias Schmidt * Germany. 7f67bedddSMatthias Schmidt * 8f67bedddSMatthias Schmidt * Redistribution and use in source and binary forms, with or without 9f67bedddSMatthias Schmidt * modification, are permitted provided that the following conditions 10f67bedddSMatthias Schmidt * are met: 11f67bedddSMatthias Schmidt * 12f67bedddSMatthias Schmidt * 1. Redistributions of source code must retain the above copyright 13f67bedddSMatthias Schmidt * notice, this list of conditions and the following disclaimer. 14f67bedddSMatthias Schmidt * 2. Redistributions in binary form must reproduce the above copyright 15f67bedddSMatthias Schmidt * notice, this list of conditions and the following disclaimer in 16f67bedddSMatthias Schmidt * the documentation and/or other materials provided with the 17f67bedddSMatthias Schmidt * distribution. 18f67bedddSMatthias Schmidt * 3. Neither the name of The DragonFly Project nor the names of its 19f67bedddSMatthias Schmidt * contributors may be used to endorse or promote products derived 20f67bedddSMatthias Schmidt * from this software without specific, prior written permission. 21f67bedddSMatthias Schmidt * 22f67bedddSMatthias Schmidt * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23f67bedddSMatthias Schmidt * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 24f67bedddSMatthias Schmidt * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 25f67bedddSMatthias Schmidt * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 26f67bedddSMatthias Schmidt * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 27f67bedddSMatthias Schmidt * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 28f67bedddSMatthias Schmidt * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 29f67bedddSMatthias Schmidt * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 30f67bedddSMatthias Schmidt * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 31f67bedddSMatthias Schmidt * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 32f67bedddSMatthias Schmidt * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33f67bedddSMatthias Schmidt * SUCH DAMAGE. 34f67bedddSMatthias Schmidt * 35bc7baf1dSSascha Wildner * $DragonFly: src/libexec/dma/net.c,v 1.9 2008/09/30 17:47:21 swildner Exp $ 36f67bedddSMatthias Schmidt */ 37f67bedddSMatthias Schmidt 38f67bedddSMatthias Schmidt #include <sys/param.h> 39f67bedddSMatthias Schmidt #include <sys/queue.h> 40f67bedddSMatthias Schmidt #include <sys/stat.h> 41f67bedddSMatthias Schmidt #include <sys/types.h> 42f67bedddSMatthias Schmidt #include <sys/socket.h> 43f67bedddSMatthias Schmidt #include <netinet/in.h> 44f67bedddSMatthias Schmidt #include <arpa/inet.h> 45f67bedddSMatthias Schmidt 46f67bedddSMatthias Schmidt #ifdef HAVE_CRYPTO 47f67bedddSMatthias Schmidt #include <openssl/ssl.h> 48f67bedddSMatthias Schmidt #endif /* HAVE_CRYPTO */ 49f67bedddSMatthias Schmidt 50bc7baf1dSSascha Wildner #include <err.h> 51f67bedddSMatthias Schmidt #include <netdb.h> 52f67bedddSMatthias Schmidt #include <setjmp.h> 53f67bedddSMatthias Schmidt #include <signal.h> 54f67bedddSMatthias Schmidt #include <syslog.h> 55f67bedddSMatthias Schmidt #include <unistd.h> 56f67bedddSMatthias Schmidt 57f67bedddSMatthias Schmidt #include "dma.h" 58f67bedddSMatthias Schmidt 59f67bedddSMatthias Schmidt extern struct config *config; 60f67bedddSMatthias Schmidt extern struct authusers authusers; 61f67bedddSMatthias Schmidt static jmp_buf timeout_alarm; 62f67bedddSMatthias Schmidt 63f67bedddSMatthias Schmidt static void 64dba19026SMatthias Schmidt sig_alarm(int signo __unused) 65f67bedddSMatthias Schmidt { 66f67bedddSMatthias Schmidt longjmp(timeout_alarm, 1); 67f67bedddSMatthias Schmidt } 68f67bedddSMatthias Schmidt 69f67bedddSMatthias Schmidt ssize_t 70f67bedddSMatthias Schmidt send_remote_command(int fd, const char* fmt, ...) 71f67bedddSMatthias Schmidt { 72f67bedddSMatthias Schmidt va_list va; 73f67bedddSMatthias Schmidt char cmd[4096]; 74f67bedddSMatthias Schmidt ssize_t len = 0; 75f67bedddSMatthias Schmidt 76f67bedddSMatthias Schmidt va_start(va, fmt); 77f67bedddSMatthias Schmidt vsprintf(cmd, fmt, va); 78f67bedddSMatthias Schmidt 79f67bedddSMatthias Schmidt if (((config->features & SECURETRANS) != 0) && 806ef9fe01SMatthias Schmidt ((config->features & NOSSL) == 0)) { 81f67bedddSMatthias Schmidt len = SSL_write(config->ssl, (const char*)cmd, strlen(cmd)); 82f67bedddSMatthias Schmidt SSL_write(config->ssl, "\r\n", 2); 83f67bedddSMatthias Schmidt } 84f67bedddSMatthias Schmidt else { 85f67bedddSMatthias Schmidt len = write(fd, cmd, strlen(cmd)); 86f67bedddSMatthias Schmidt write(fd, "\r\n", 2); 87f67bedddSMatthias Schmidt } 88f67bedddSMatthias Schmidt va_end(va); 89f67bedddSMatthias Schmidt 90f67bedddSMatthias Schmidt return (len+2); 91f67bedddSMatthias Schmidt } 92f67bedddSMatthias Schmidt 936ef9fe01SMatthias Schmidt int 947b68d8aeSMatthias Schmidt read_remote(int fd, int extbufsize, char *extbuf) 95f67bedddSMatthias Schmidt { 966ef9fe01SMatthias Schmidt ssize_t rlen = 0; 976ef9fe01SMatthias Schmidt size_t pos, len; 986ef9fe01SMatthias Schmidt char buff[BUF_SIZE]; 997b68d8aeSMatthias Schmidt int done = 0, status = 0, extbufpos = 0; 100f67bedddSMatthias Schmidt 101f67bedddSMatthias Schmidt if (signal(SIGALRM, sig_alarm) == SIG_ERR) { 102f67bedddSMatthias Schmidt syslog(LOG_ERR, "SIGALRM error: %m"); 103f67bedddSMatthias Schmidt } 104f67bedddSMatthias Schmidt if (setjmp(timeout_alarm) != 0) { 105f67bedddSMatthias Schmidt syslog(LOG_ERR, "Timeout reached"); 106f67bedddSMatthias Schmidt return (1); 107f67bedddSMatthias Schmidt } 108f67bedddSMatthias Schmidt alarm(CON_TIMEOUT); 109f67bedddSMatthias Schmidt 110f67bedddSMatthias Schmidt /* 1116ef9fe01SMatthias Schmidt * Remote reading code from femail.c written by Henning Brauer of 1126ef9fe01SMatthias Schmidt * OpenBSD and released under a BSD style license. 113f67bedddSMatthias Schmidt */ 1146ef9fe01SMatthias Schmidt for (len = pos = 0; !done; ) { 1157b68d8aeSMatthias Schmidt rlen = 0; 1166ef9fe01SMatthias Schmidt if (pos == 0 || 1176ef9fe01SMatthias Schmidt (pos > 0 && memchr(buff + pos, '\n', len - pos) == NULL)) { 1186ef9fe01SMatthias Schmidt memmove(buff, buff + pos, len - pos); 1196ef9fe01SMatthias Schmidt len -= pos; 1206ef9fe01SMatthias Schmidt pos = 0; 121f67bedddSMatthias Schmidt if (((config->features & SECURETRANS) != 0) && 1226ef9fe01SMatthias Schmidt (config->features & NOSSL) == 0) { 1236ef9fe01SMatthias Schmidt if ((rlen = SSL_read(config->ssl, buff + len, 1246ef9fe01SMatthias Schmidt sizeof(buff) - len)) == -1) 1256ef9fe01SMatthias Schmidt err(1, "read"); 1266ef9fe01SMatthias Schmidt } else { 1276ef9fe01SMatthias Schmidt if ((rlen = read(fd, buff + len, 1286ef9fe01SMatthias Schmidt sizeof(buff) - len)) == -1) 1296ef9fe01SMatthias Schmidt err(1, "read"); 1306ef9fe01SMatthias Schmidt } 1316ef9fe01SMatthias Schmidt len += rlen; 1326ef9fe01SMatthias Schmidt } 1337b68d8aeSMatthias Schmidt /* 1347b68d8aeSMatthias Schmidt * If there is an external buffer with a size bigger than zero 1357b68d8aeSMatthias Schmidt * and as long as there is space in the external buffer and 1367b68d8aeSMatthias Schmidt * there are new characters read from the mailserver 1377b68d8aeSMatthias Schmidt * copy them to the external buffer 1387b68d8aeSMatthias Schmidt */ 1397b68d8aeSMatthias Schmidt if (extbufpos <= (extbufsize - 1) && rlen && extbufsize > 0 1407b68d8aeSMatthias Schmidt && extbuf != NULL) { 1417b68d8aeSMatthias Schmidt /* do not write over the bounds of the buffer */ 1427b68d8aeSMatthias Schmidt if(extbufpos + rlen > (extbufsize - 1)) { 1437b68d8aeSMatthias Schmidt rlen = extbufsize - extbufpos; 1447b68d8aeSMatthias Schmidt } 1457b68d8aeSMatthias Schmidt memcpy(extbuf + extbufpos, buff + len - rlen, rlen); 1467b68d8aeSMatthias Schmidt extbufpos += rlen; 1477b68d8aeSMatthias Schmidt } 1486ef9fe01SMatthias Schmidt for (; pos < len && buff[pos] >= '0' && buff[pos] <= '9'; pos++) 1496ef9fe01SMatthias Schmidt ; /* Do nothing */ 150f67bedddSMatthias Schmidt 1516ef9fe01SMatthias Schmidt if (pos == len) 1526ef9fe01SMatthias Schmidt return (0); 1536ef9fe01SMatthias Schmidt 1546ef9fe01SMatthias Schmidt if (buff[pos] == ' ') 1556ef9fe01SMatthias Schmidt done = 1; 1566ef9fe01SMatthias Schmidt else if (buff[pos] != '-') 1576ef9fe01SMatthias Schmidt syslog(LOG_ERR, "invalid syntax in reply from server"); 1586ef9fe01SMatthias Schmidt 1596ef9fe01SMatthias Schmidt /* skip up to \n */ 1606ef9fe01SMatthias Schmidt for (; pos < len && buff[pos - 1] != '\n'; pos++) 1616ef9fe01SMatthias Schmidt ; /* Do nothing */ 1626ef9fe01SMatthias Schmidt 1636ef9fe01SMatthias Schmidt } 164f67bedddSMatthias Schmidt alarm(0); 165f67bedddSMatthias Schmidt 1666ef9fe01SMatthias Schmidt status = atoi(buff); 1676ef9fe01SMatthias Schmidt return (status/100); 168f67bedddSMatthias Schmidt } 169f67bedddSMatthias Schmidt 170f67bedddSMatthias Schmidt /* 171f67bedddSMatthias Schmidt * Handle SMTP authentication 172f67bedddSMatthias Schmidt */ 173f67bedddSMatthias Schmidt static int 174f67bedddSMatthias Schmidt smtp_login(struct qitem *it, int fd, char *login, char* password) 175f67bedddSMatthias Schmidt { 176f67bedddSMatthias Schmidt char *temp; 1776ef9fe01SMatthias Schmidt int len, res = 0; 178f67bedddSMatthias Schmidt 1797b68d8aeSMatthias Schmidt #ifdef HAVE_CRYPTO 1807b68d8aeSMatthias Schmidt res = smtp_auth_md5(it, fd, login, password); 1817b68d8aeSMatthias Schmidt if (res == 0) { 1827b68d8aeSMatthias Schmidt return (0); 1837b68d8aeSMatthias Schmidt } else if (res == -2) { 1847b68d8aeSMatthias Schmidt /* 1857b68d8aeSMatthias Schmidt * If the return code is -2, then then the login attempt failed, 1867b68d8aeSMatthias Schmidt * do not try other login mechanisms 1877b68d8aeSMatthias Schmidt */ 1887b68d8aeSMatthias Schmidt return (-1); 1897b68d8aeSMatthias Schmidt } 1907b68d8aeSMatthias Schmidt #endif /* HAVE_CRYPTO */ 1917b68d8aeSMatthias Schmidt 1927b68d8aeSMatthias Schmidt if ((config->features & INSECURE) != 0) { 193f67bedddSMatthias Schmidt /* Send AUTH command according to RFC 2554 */ 194f67bedddSMatthias Schmidt send_remote_command(fd, "AUTH LOGIN"); 1957b68d8aeSMatthias Schmidt if (read_remote(fd, 0, NULL) != 3) { 196f67bedddSMatthias Schmidt syslog(LOG_ERR, "%s: remote delivery deferred:" 197f67bedddSMatthias Schmidt " AUTH login not available: %m", it->queueid); 198f67bedddSMatthias Schmidt return (1); 199f67bedddSMatthias Schmidt } 200f67bedddSMatthias Schmidt 201f67bedddSMatthias Schmidt len = base64_encode(login, strlen(login), &temp); 202f67bedddSMatthias Schmidt if (len <= 0) 203f67bedddSMatthias Schmidt return (-1); 204f67bedddSMatthias Schmidt 205f67bedddSMatthias Schmidt send_remote_command(fd, "%s", temp); 2067b68d8aeSMatthias Schmidt if (read_remote(fd, 0, NULL) != 3) { 207f67bedddSMatthias Schmidt syslog(LOG_ERR, "%s: remote delivery deferred:" 208f67bedddSMatthias Schmidt " AUTH login failed: %m", it->queueid); 209f67bedddSMatthias Schmidt return (-1); 210f67bedddSMatthias Schmidt } 211f67bedddSMatthias Schmidt 212f67bedddSMatthias Schmidt len = base64_encode(password, strlen(password), &temp); 213f67bedddSMatthias Schmidt if (len <= 0) 214f67bedddSMatthias Schmidt return (-1); 215f67bedddSMatthias Schmidt 216f67bedddSMatthias Schmidt send_remote_command(fd, "%s", temp); 2177b68d8aeSMatthias Schmidt res = read_remote(fd, 0, NULL); 2186ef9fe01SMatthias Schmidt if (res == 5) { 2196ef9fe01SMatthias Schmidt syslog(LOG_ERR, "%s: remote delivery failed:" 2206ef9fe01SMatthias Schmidt " Authentication failed: %m", it->queueid); 2216ef9fe01SMatthias Schmidt return (-1); 2226ef9fe01SMatthias Schmidt } else if (res != 2) { 2236ef9fe01SMatthias Schmidt syslog(LOG_ERR, "%s: remote delivery failed:" 224f67bedddSMatthias Schmidt " AUTH password failed: %m", it->queueid); 225f67bedddSMatthias Schmidt return (-1); 226f67bedddSMatthias Schmidt } 2277b68d8aeSMatthias Schmidt } else { 2287b68d8aeSMatthias Schmidt syslog(LOG_ERR, "%s: non-encrypted SMTP login is disabled in config, so skipping it. ", 2297b68d8aeSMatthias Schmidt it->queueid); 2307b68d8aeSMatthias Schmidt return (1); 2317b68d8aeSMatthias Schmidt } 232f67bedddSMatthias Schmidt 233f67bedddSMatthias Schmidt return (0); 234f67bedddSMatthias Schmidt } 235f67bedddSMatthias Schmidt 236f67bedddSMatthias Schmidt static int 237f67bedddSMatthias Schmidt open_connection(struct qitem *it, const char *host) 238f67bedddSMatthias Schmidt { 239f67bedddSMatthias Schmidt struct addrinfo hints, *res, *res0; 240f67bedddSMatthias Schmidt char servname[128]; 241f67bedddSMatthias Schmidt const char *errmsg = NULL; 242f67bedddSMatthias Schmidt int fd, error = 0, port; 243f67bedddSMatthias Schmidt 244dba19026SMatthias Schmidt if (config->port != 0) 245f67bedddSMatthias Schmidt port = config->port; 246f67bedddSMatthias Schmidt else 247f67bedddSMatthias Schmidt port = SMTP_PORT; 248f67bedddSMatthias Schmidt 2497b68d8aeSMatthias Schmidt /* FIXME get MX record of host */ 250f67bedddSMatthias Schmidt /* Shamelessly taken from getaddrinfo(3) */ 251f67bedddSMatthias Schmidt memset(&hints, 0, sizeof(hints)); 252f67bedddSMatthias Schmidt hints.ai_family = PF_UNSPEC; 253f67bedddSMatthias Schmidt hints.ai_socktype = SOCK_STREAM; 254f67bedddSMatthias Schmidt hints.ai_protocol = IPPROTO_TCP; 255f67bedddSMatthias Schmidt 256f67bedddSMatthias Schmidt snprintf(servname, sizeof(servname), "%d", port); 257f67bedddSMatthias Schmidt error = getaddrinfo(host, servname, &hints, &res0); 258f67bedddSMatthias Schmidt if (error) { 259f67bedddSMatthias Schmidt syslog(LOG_ERR, "%s: remote delivery deferred: " 260f67bedddSMatthias Schmidt "%s: %m", it->queueid, gai_strerror(error)); 261f67bedddSMatthias Schmidt return (-1); 262f67bedddSMatthias Schmidt } 263f67bedddSMatthias Schmidt fd = -1; 264f67bedddSMatthias Schmidt for (res = res0; res; res = res->ai_next) { 265f67bedddSMatthias Schmidt fd=socket(res->ai_family, res->ai_socktype, res->ai_protocol); 266f67bedddSMatthias Schmidt if (fd < 0) { 267f67bedddSMatthias Schmidt errmsg = "socket failed"; 268f67bedddSMatthias Schmidt continue; 269f67bedddSMatthias Schmidt } 270f67bedddSMatthias Schmidt if (connect(fd, res->ai_addr, res->ai_addrlen) < 0) { 271f67bedddSMatthias Schmidt errmsg = "connect failed"; 272f67bedddSMatthias Schmidt close(fd); 273f67bedddSMatthias Schmidt fd = -1; 274f67bedddSMatthias Schmidt continue; 275f67bedddSMatthias Schmidt } 276f67bedddSMatthias Schmidt break; 277f67bedddSMatthias Schmidt } 278f67bedddSMatthias Schmidt if (fd < 0) { 279f67bedddSMatthias Schmidt syslog(LOG_ERR, "%s: remote delivery deferred: %s (%s:%s)", 280f67bedddSMatthias Schmidt it->queueid, errmsg, host, servname); 281f67bedddSMatthias Schmidt freeaddrinfo(res0); 282f67bedddSMatthias Schmidt return (-1); 283f67bedddSMatthias Schmidt } 284f67bedddSMatthias Schmidt freeaddrinfo(res0); 285f67bedddSMatthias Schmidt return (fd); 286f67bedddSMatthias Schmidt } 287f67bedddSMatthias Schmidt 288f67bedddSMatthias Schmidt int 289*4a23bd3dSMatthias Schmidt deliver_remote(struct qitem *it, const char **errmsg) 290f67bedddSMatthias Schmidt { 291f67bedddSMatthias Schmidt struct authuser *a; 2926ef9fe01SMatthias Schmidt char *host, line[1000]; 2936ef9fe01SMatthias Schmidt int fd, error = 0, do_auth = 0, res = 0; 294f67bedddSMatthias Schmidt size_t linelen; 295f67bedddSMatthias Schmidt 296f67bedddSMatthias Schmidt host = strrchr(it->addr, '@'); 297f67bedddSMatthias Schmidt /* Should not happen */ 298f67bedddSMatthias Schmidt if (host == NULL) 299f67bedddSMatthias Schmidt return(-1); 300f67bedddSMatthias Schmidt else 301f67bedddSMatthias Schmidt /* Step over the @ */ 302f67bedddSMatthias Schmidt host++; 303f67bedddSMatthias Schmidt 304f67bedddSMatthias Schmidt /* Smarthost support? */ 305f67bedddSMatthias Schmidt if (config->smarthost != NULL && strlen(config->smarthost) > 0) { 306*4a23bd3dSMatthias Schmidt syslog(LOG_INFO, "%s: using smarthost (%s:%i)", 307*4a23bd3dSMatthias Schmidt it->queueid, config->smarthost, config->port); 308f67bedddSMatthias Schmidt host = config->smarthost; 309f67bedddSMatthias Schmidt } 310f67bedddSMatthias Schmidt 311f67bedddSMatthias Schmidt fd = open_connection(it, host); 312f67bedddSMatthias Schmidt if (fd < 0) 313f67bedddSMatthias Schmidt return (1); 314f67bedddSMatthias Schmidt 3156ef9fe01SMatthias Schmidt /* Check first reply from remote host */ 3166ef9fe01SMatthias Schmidt config->features |= NOSSL; 3177b68d8aeSMatthias Schmidt res = read_remote(fd, 0, NULL); 3186ef9fe01SMatthias Schmidt if (res != 2) { 3196ef9fe01SMatthias Schmidt syslog(LOG_INFO, "%s: Invalid initial response: %i", 3206ef9fe01SMatthias Schmidt it->queueid, res); 3216ef9fe01SMatthias Schmidt return(1); 3226ef9fe01SMatthias Schmidt } 3236ef9fe01SMatthias Schmidt config->features &= ~NOSSL; 3246ef9fe01SMatthias Schmidt 325f67bedddSMatthias Schmidt #ifdef HAVE_CRYPTO 326f67bedddSMatthias Schmidt if ((config->features & SECURETRANS) != 0) { 327f67bedddSMatthias Schmidt error = smtp_init_crypto(it, fd, config->features); 328f67bedddSMatthias Schmidt if (error >= 0) 3290ca0cd25SSascha Wildner syslog(LOG_INFO, "%s: SSL initialization successful", 330f67bedddSMatthias Schmidt it->queueid); 331f67bedddSMatthias Schmidt else 332f67bedddSMatthias Schmidt goto out; 333f67bedddSMatthias Schmidt } 334f67bedddSMatthias Schmidt 335f67bedddSMatthias Schmidt /* 336f67bedddSMatthias Schmidt * If the user doesn't want STARTTLS, but SSL encryption, we 337f67bedddSMatthias Schmidt * have to enable SSL first, then send EHLO 338f67bedddSMatthias Schmidt */ 339f67bedddSMatthias Schmidt if (((config->features & STARTTLS) == 0) && 340f67bedddSMatthias Schmidt ((config->features & SECURETRANS) != 0)) { 341f67bedddSMatthias Schmidt send_remote_command(fd, "EHLO %s", hostname()); 3427b68d8aeSMatthias Schmidt if (read_remote(fd, 0, NULL) != 2) { 343f67bedddSMatthias Schmidt syslog(LOG_ERR, "%s: remote delivery deferred: " 344f67bedddSMatthias Schmidt " EHLO failed: %m", it->queueid); 345f67bedddSMatthias Schmidt return (-1); 346f67bedddSMatthias Schmidt } 347f67bedddSMatthias Schmidt } 348f67bedddSMatthias Schmidt #endif /* HAVE_CRYPTO */ 349f67bedddSMatthias Schmidt if (((config->features & SECURETRANS) == 0)) { 350f67bedddSMatthias Schmidt send_remote_command(fd, "EHLO %s", hostname()); 3517b68d8aeSMatthias Schmidt if (read_remote(fd, 0, NULL) != 2) { 352f67bedddSMatthias Schmidt syslog(LOG_ERR, "%s: remote delivery deferred: " 353f67bedddSMatthias Schmidt " EHLO failed: %m", it->queueid); 354f67bedddSMatthias Schmidt return (-1); 355f67bedddSMatthias Schmidt } 356f67bedddSMatthias Schmidt } 357f67bedddSMatthias Schmidt 358f67bedddSMatthias Schmidt /* 359f67bedddSMatthias Schmidt * Use SMTP authentication if the user defined an entry for the remote 360f67bedddSMatthias Schmidt * or smarthost 361f67bedddSMatthias Schmidt */ 362f67bedddSMatthias Schmidt SLIST_FOREACH(a, &authusers, next) { 363f67bedddSMatthias Schmidt if (strcmp(a->host, host) == 0) { 364f67bedddSMatthias Schmidt do_auth = 1; 365f67bedddSMatthias Schmidt break; 366f67bedddSMatthias Schmidt } 367f67bedddSMatthias Schmidt } 368f67bedddSMatthias Schmidt 369f67bedddSMatthias Schmidt if (do_auth == 1) { 370b558d098SMatthias Schmidt /* 371b558d098SMatthias Schmidt * Check if the user wants plain text login without using 372b558d098SMatthias Schmidt * encryption. 373b558d098SMatthias Schmidt */ 374b558d098SMatthias Schmidt syslog(LOG_INFO, "%s: Use SMTP authentication", 375b558d098SMatthias Schmidt it->queueid); 376f67bedddSMatthias Schmidt error = smtp_login(it, fd, a->login, a->password); 377f67bedddSMatthias Schmidt if (error < 0) { 378f67bedddSMatthias Schmidt syslog(LOG_ERR, "%s: remote delivery failed:" 379f67bedddSMatthias Schmidt " SMTP login failed: %m", it->queueid); 380f67bedddSMatthias Schmidt return (-1); 381f67bedddSMatthias Schmidt } 382f67bedddSMatthias Schmidt /* SMTP login is not available, so try without */ 383f67bedddSMatthias Schmidt else if (error > 0) 384b558d098SMatthias Schmidt syslog(LOG_ERR, "%s: SMTP login not available." 385b558d098SMatthias Schmidt " Try without", it->queueid); 386b558d098SMatthias Schmidt } 387f67bedddSMatthias Schmidt 388f67bedddSMatthias Schmidt send_remote_command(fd, "MAIL FROM:<%s>", it->sender); 3897b68d8aeSMatthias Schmidt if (read_remote(fd, 0, NULL) != 2) { 390f67bedddSMatthias Schmidt syslog(LOG_ERR, "%s: remote delivery deferred:" 391f67bedddSMatthias Schmidt " MAIL FROM failed: %m", it->queueid); 392f67bedddSMatthias Schmidt return (1); 393f67bedddSMatthias Schmidt } 394f67bedddSMatthias Schmidt 395f67bedddSMatthias Schmidt send_remote_command(fd, "RCPT TO:<%s>", it->addr); 3967b68d8aeSMatthias Schmidt if (read_remote(fd, 0, NULL) != 2) { 397f67bedddSMatthias Schmidt syslog(LOG_ERR, "%s: remote delivery deferred:" 398f67bedddSMatthias Schmidt " RCPT TO failed: %m", it->queueid); 399f67bedddSMatthias Schmidt return (1); 400f67bedddSMatthias Schmidt } 401f67bedddSMatthias Schmidt 402f67bedddSMatthias Schmidt send_remote_command(fd, "DATA"); 4037b68d8aeSMatthias Schmidt if (read_remote(fd, 0, NULL) != 3) { 404f67bedddSMatthias Schmidt syslog(LOG_ERR, "%s: remote delivery deferred:" 405f67bedddSMatthias Schmidt " DATA failed: %m", it->queueid); 406f67bedddSMatthias Schmidt return (1); 407f67bedddSMatthias Schmidt } 408f67bedddSMatthias Schmidt 409f67bedddSMatthias Schmidt if (fseek(it->queuef, it->hdrlen, SEEK_SET) != 0) { 410f67bedddSMatthias Schmidt syslog(LOG_ERR, "%s: remote delivery deferred: cannot seek: %m", 411f67bedddSMatthias Schmidt it->queueid); 412f67bedddSMatthias Schmidt return (1); 413f67bedddSMatthias Schmidt } 414f67bedddSMatthias Schmidt 415f67bedddSMatthias Schmidt while (!feof(it->queuef)) { 416f67bedddSMatthias Schmidt if (fgets(line, sizeof(line), it->queuef) == NULL) 417f67bedddSMatthias Schmidt break; 418f67bedddSMatthias Schmidt linelen = strlen(line); 419f67bedddSMatthias Schmidt if (linelen == 0 || line[linelen - 1] != '\n') { 420f67bedddSMatthias Schmidt syslog(LOG_CRIT, "%s: remote delivery failed:" 421f67bedddSMatthias Schmidt "corrupted queue file", it->queueid); 422f67bedddSMatthias Schmidt *errmsg = "corrupted queue file"; 423f67bedddSMatthias Schmidt error = -1; 424f67bedddSMatthias Schmidt goto out; 425f67bedddSMatthias Schmidt } 426f67bedddSMatthias Schmidt 427f67bedddSMatthias Schmidt /* Remove trailing \n's and escape leading dots */ 428f67bedddSMatthias Schmidt trim_line(line); 429f67bedddSMatthias Schmidt 430f67bedddSMatthias Schmidt /* 431f67bedddSMatthias Schmidt * If the first character is a dot, we escape it so the line 432f67bedddSMatthias Schmidt * length increases 433f67bedddSMatthias Schmidt */ 434f67bedddSMatthias Schmidt if (line[0] == '.') 435f67bedddSMatthias Schmidt linelen++; 436f67bedddSMatthias Schmidt 437f67bedddSMatthias Schmidt if (send_remote_command(fd, "%s", line) != (ssize_t)linelen+1) { 438f67bedddSMatthias Schmidt syslog(LOG_ERR, "%s: remote delivery deferred: " 439f67bedddSMatthias Schmidt "write error", it->queueid); 440f67bedddSMatthias Schmidt error = 1; 441f67bedddSMatthias Schmidt goto out; 442f67bedddSMatthias Schmidt } 443f67bedddSMatthias Schmidt } 444f67bedddSMatthias Schmidt 445f67bedddSMatthias Schmidt send_remote_command(fd, "."); 4467b68d8aeSMatthias Schmidt if (read_remote(fd, 0, NULL) != 2) { 447f67bedddSMatthias Schmidt syslog(LOG_ERR, "%s: remote delivery deferred: %m", 448f67bedddSMatthias Schmidt it->queueid); 449f67bedddSMatthias Schmidt return (1); 450f67bedddSMatthias Schmidt } 451f67bedddSMatthias Schmidt 452f67bedddSMatthias Schmidt send_remote_command(fd, "QUIT"); 4537b68d8aeSMatthias Schmidt if (read_remote(fd, 0, NULL) != 2) { 454f67bedddSMatthias Schmidt syslog(LOG_ERR, "%s: remote delivery deferred: " 455f67bedddSMatthias Schmidt "QUIT failed: %m", it->queueid); 456f67bedddSMatthias Schmidt return (1); 457f67bedddSMatthias Schmidt } 458f67bedddSMatthias Schmidt out: 459f67bedddSMatthias Schmidt 460f67bedddSMatthias Schmidt close(fd); 461f67bedddSMatthias Schmidt return (error); 462f67bedddSMatthias Schmidt } 463f67bedddSMatthias Schmidt 464