1f67bedddSMatthias Schmidt /* 2f67bedddSMatthias Schmidt * Copyright (c) 2008 The DragonFly Project. All rights reserved. 3f67bedddSMatthias Schmidt * 4f67bedddSMatthias Schmidt * This code is derived from software contributed to The DragonFly Project 5f67bedddSMatthias Schmidt * by Matthias Schmidt <matthias@dragonflybsd.org>, University of Marburg, 6f67bedddSMatthias Schmidt * Germany. 7f67bedddSMatthias Schmidt * 8f67bedddSMatthias Schmidt * Redistribution and use in source and binary forms, with or without 9f67bedddSMatthias Schmidt * modification, are permitted provided that the following conditions 10f67bedddSMatthias Schmidt * are met: 11f67bedddSMatthias Schmidt * 12f67bedddSMatthias Schmidt * 1. Redistributions of source code must retain the above copyright 13f67bedddSMatthias Schmidt * notice, this list of conditions and the following disclaimer. 14f67bedddSMatthias Schmidt * 2. Redistributions in binary form must reproduce the above copyright 15f67bedddSMatthias Schmidt * notice, this list of conditions and the following disclaimer in 16f67bedddSMatthias Schmidt * the documentation and/or other materials provided with the 17f67bedddSMatthias Schmidt * distribution. 18f67bedddSMatthias Schmidt * 3. Neither the name of The DragonFly Project nor the names of its 19f67bedddSMatthias Schmidt * contributors may be used to endorse or promote products derived 20f67bedddSMatthias Schmidt * from this software without specific, prior written permission. 21f67bedddSMatthias Schmidt * 22f67bedddSMatthias Schmidt * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23f67bedddSMatthias Schmidt * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 24f67bedddSMatthias Schmidt * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 25f67bedddSMatthias Schmidt * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 26f67bedddSMatthias Schmidt * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 27f67bedddSMatthias Schmidt * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 28f67bedddSMatthias Schmidt * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 29f67bedddSMatthias Schmidt * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 30f67bedddSMatthias Schmidt * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 31f67bedddSMatthias Schmidt * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 32f67bedddSMatthias Schmidt * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33f67bedddSMatthias Schmidt * SUCH DAMAGE. 34f67bedddSMatthias Schmidt * 35*7b68d8aeSMatthias Schmidt * $DragonFly: src/libexec/dma/net.c,v 1.7 2008/09/02 15:11:49 matthias Exp $ 36f67bedddSMatthias Schmidt */ 37f67bedddSMatthias Schmidt 38f67bedddSMatthias Schmidt #include <sys/param.h> 39f67bedddSMatthias Schmidt #include <sys/queue.h> 40f67bedddSMatthias Schmidt #include <sys/stat.h> 41f67bedddSMatthias Schmidt #include <sys/types.h> 42f67bedddSMatthias Schmidt #include <sys/socket.h> 43f67bedddSMatthias Schmidt #include <netinet/in.h> 44f67bedddSMatthias Schmidt #include <arpa/inet.h> 45f67bedddSMatthias Schmidt 46f67bedddSMatthias Schmidt #ifdef HAVE_CRYPTO 47f67bedddSMatthias Schmidt #include <openssl/ssl.h> 48f67bedddSMatthias Schmidt #endif /* HAVE_CRYPTO */ 49f67bedddSMatthias Schmidt 50f67bedddSMatthias Schmidt #include <netdb.h> 51f67bedddSMatthias Schmidt #include <setjmp.h> 52f67bedddSMatthias Schmidt #include <signal.h> 53f67bedddSMatthias Schmidt #include <syslog.h> 54f67bedddSMatthias Schmidt #include <unistd.h> 55f67bedddSMatthias Schmidt 56f67bedddSMatthias Schmidt #include "dma.h" 57f67bedddSMatthias Schmidt 58f67bedddSMatthias Schmidt extern struct config *config; 59f67bedddSMatthias Schmidt extern struct authusers authusers; 60f67bedddSMatthias Schmidt static jmp_buf timeout_alarm; 61f67bedddSMatthias Schmidt 62f67bedddSMatthias Schmidt static void 63dba19026SMatthias Schmidt sig_alarm(int signo __unused) 64f67bedddSMatthias Schmidt { 65f67bedddSMatthias Schmidt longjmp(timeout_alarm, 1); 66f67bedddSMatthias Schmidt } 67f67bedddSMatthias Schmidt 68f67bedddSMatthias Schmidt ssize_t 69f67bedddSMatthias Schmidt send_remote_command(int fd, const char* fmt, ...) 70f67bedddSMatthias Schmidt { 71f67bedddSMatthias Schmidt va_list va; 72f67bedddSMatthias Schmidt char cmd[4096]; 73f67bedddSMatthias Schmidt ssize_t len = 0; 74f67bedddSMatthias Schmidt 75f67bedddSMatthias Schmidt va_start(va, fmt); 76f67bedddSMatthias Schmidt vsprintf(cmd, fmt, va); 77f67bedddSMatthias Schmidt 78f67bedddSMatthias Schmidt if (((config->features & SECURETRANS) != 0) && 796ef9fe01SMatthias Schmidt ((config->features & NOSSL) == 0)) { 80f67bedddSMatthias Schmidt len = SSL_write(config->ssl, (const char*)cmd, strlen(cmd)); 81f67bedddSMatthias Schmidt SSL_write(config->ssl, "\r\n", 2); 82f67bedddSMatthias Schmidt } 83f67bedddSMatthias Schmidt else { 84f67bedddSMatthias Schmidt len = write(fd, cmd, strlen(cmd)); 85f67bedddSMatthias Schmidt write(fd, "\r\n", 2); 86f67bedddSMatthias Schmidt } 87f67bedddSMatthias Schmidt va_end(va); 88f67bedddSMatthias Schmidt 89f67bedddSMatthias Schmidt return (len+2); 90f67bedddSMatthias Schmidt } 91f67bedddSMatthias Schmidt 926ef9fe01SMatthias Schmidt int 93*7b68d8aeSMatthias Schmidt read_remote(int fd, int extbufsize, char *extbuf) 94f67bedddSMatthias Schmidt { 956ef9fe01SMatthias Schmidt ssize_t rlen = 0; 966ef9fe01SMatthias Schmidt size_t pos, len; 976ef9fe01SMatthias Schmidt char buff[BUF_SIZE]; 98*7b68d8aeSMatthias Schmidt int done = 0, status = 0, extbufpos = 0; 99f67bedddSMatthias Schmidt 100f67bedddSMatthias Schmidt if (signal(SIGALRM, sig_alarm) == SIG_ERR) { 101f67bedddSMatthias Schmidt syslog(LOG_ERR, "SIGALRM error: %m"); 102f67bedddSMatthias Schmidt } 103f67bedddSMatthias Schmidt if (setjmp(timeout_alarm) != 0) { 104f67bedddSMatthias Schmidt syslog(LOG_ERR, "Timeout reached"); 105f67bedddSMatthias Schmidt return (1); 106f67bedddSMatthias Schmidt } 107f67bedddSMatthias Schmidt alarm(CON_TIMEOUT); 108f67bedddSMatthias Schmidt 109f67bedddSMatthias Schmidt /* 1106ef9fe01SMatthias Schmidt * Remote reading code from femail.c written by Henning Brauer of 1116ef9fe01SMatthias Schmidt * OpenBSD and released under a BSD style license. 112f67bedddSMatthias Schmidt */ 1136ef9fe01SMatthias Schmidt for (len = pos = 0; !done; ) { 114*7b68d8aeSMatthias Schmidt rlen = 0; 1156ef9fe01SMatthias Schmidt if (pos == 0 || 1166ef9fe01SMatthias Schmidt (pos > 0 && memchr(buff + pos, '\n', len - pos) == NULL)) { 1176ef9fe01SMatthias Schmidt memmove(buff, buff + pos, len - pos); 1186ef9fe01SMatthias Schmidt len -= pos; 1196ef9fe01SMatthias Schmidt pos = 0; 120f67bedddSMatthias Schmidt if (((config->features & SECURETRANS) != 0) && 1216ef9fe01SMatthias Schmidt (config->features & NOSSL) == 0) { 1226ef9fe01SMatthias Schmidt if ((rlen = SSL_read(config->ssl, buff + len, 1236ef9fe01SMatthias Schmidt sizeof(buff) - len)) == -1) 1246ef9fe01SMatthias Schmidt err(1, "read"); 1256ef9fe01SMatthias Schmidt } else { 1266ef9fe01SMatthias Schmidt if ((rlen = read(fd, buff + len, 1276ef9fe01SMatthias Schmidt sizeof(buff) - len)) == -1) 1286ef9fe01SMatthias Schmidt err(1, "read"); 1296ef9fe01SMatthias Schmidt } 1306ef9fe01SMatthias Schmidt len += rlen; 1316ef9fe01SMatthias Schmidt } 132*7b68d8aeSMatthias Schmidt /* 133*7b68d8aeSMatthias Schmidt * If there is an external buffer with a size bigger than zero 134*7b68d8aeSMatthias Schmidt * and as long as there is space in the external buffer and 135*7b68d8aeSMatthias Schmidt * there are new characters read from the mailserver 136*7b68d8aeSMatthias Schmidt * copy them to the external buffer 137*7b68d8aeSMatthias Schmidt */ 138*7b68d8aeSMatthias Schmidt if (extbufpos <= (extbufsize - 1) && rlen && extbufsize > 0 139*7b68d8aeSMatthias Schmidt && extbuf != NULL) { 140*7b68d8aeSMatthias Schmidt /* do not write over the bounds of the buffer */ 141*7b68d8aeSMatthias Schmidt if(extbufpos + rlen > (extbufsize - 1)) { 142*7b68d8aeSMatthias Schmidt rlen = extbufsize - extbufpos; 143*7b68d8aeSMatthias Schmidt } 144*7b68d8aeSMatthias Schmidt memcpy(extbuf + extbufpos, buff + len - rlen, rlen); 145*7b68d8aeSMatthias Schmidt extbufpos += rlen; 146*7b68d8aeSMatthias Schmidt } 1476ef9fe01SMatthias Schmidt for (; pos < len && buff[pos] >= '0' && buff[pos] <= '9'; pos++) 1486ef9fe01SMatthias Schmidt ; /* Do nothing */ 149f67bedddSMatthias Schmidt 1506ef9fe01SMatthias Schmidt if (pos == len) 1516ef9fe01SMatthias Schmidt return (0); 1526ef9fe01SMatthias Schmidt 1536ef9fe01SMatthias Schmidt if (buff[pos] == ' ') 1546ef9fe01SMatthias Schmidt done = 1; 1556ef9fe01SMatthias Schmidt else if (buff[pos] != '-') 1566ef9fe01SMatthias Schmidt syslog(LOG_ERR, "invalid syntax in reply from server"); 1576ef9fe01SMatthias Schmidt 1586ef9fe01SMatthias Schmidt /* skip up to \n */ 1596ef9fe01SMatthias Schmidt for (; pos < len && buff[pos - 1] != '\n'; pos++) 1606ef9fe01SMatthias Schmidt ; /* Do nothing */ 1616ef9fe01SMatthias Schmidt 1626ef9fe01SMatthias Schmidt } 163f67bedddSMatthias Schmidt alarm(0); 164f67bedddSMatthias Schmidt 1656ef9fe01SMatthias Schmidt status = atoi(buff); 1666ef9fe01SMatthias Schmidt return (status/100); 167f67bedddSMatthias Schmidt } 168f67bedddSMatthias Schmidt 169f67bedddSMatthias Schmidt /* 170f67bedddSMatthias Schmidt * Handle SMTP authentication 171f67bedddSMatthias Schmidt */ 172f67bedddSMatthias Schmidt static int 173f67bedddSMatthias Schmidt smtp_login(struct qitem *it, int fd, char *login, char* password) 174f67bedddSMatthias Schmidt { 175f67bedddSMatthias Schmidt char *temp; 1766ef9fe01SMatthias Schmidt int len, res = 0; 177f67bedddSMatthias Schmidt 178*7b68d8aeSMatthias Schmidt #ifdef HAVE_CRYPTO 179*7b68d8aeSMatthias Schmidt res = smtp_auth_md5(it, fd, login, password); 180*7b68d8aeSMatthias Schmidt if (res == 0) { 181*7b68d8aeSMatthias Schmidt return (0); 182*7b68d8aeSMatthias Schmidt } else if (res == -2) { 183*7b68d8aeSMatthias Schmidt /* 184*7b68d8aeSMatthias Schmidt * If the return code is -2, then then the login attempt failed, 185*7b68d8aeSMatthias Schmidt * do not try other login mechanisms 186*7b68d8aeSMatthias Schmidt */ 187*7b68d8aeSMatthias Schmidt return (-1); 188*7b68d8aeSMatthias Schmidt } 189*7b68d8aeSMatthias Schmidt #endif /* HAVE_CRYPTO */ 190*7b68d8aeSMatthias Schmidt 191*7b68d8aeSMatthias Schmidt if ((config->features & INSECURE) != 0) { 192f67bedddSMatthias Schmidt /* Send AUTH command according to RFC 2554 */ 193f67bedddSMatthias Schmidt send_remote_command(fd, "AUTH LOGIN"); 194*7b68d8aeSMatthias Schmidt if (read_remote(fd, 0, NULL) != 3) { 195f67bedddSMatthias Schmidt syslog(LOG_ERR, "%s: remote delivery deferred:" 196f67bedddSMatthias Schmidt " AUTH login not available: %m", it->queueid); 197f67bedddSMatthias Schmidt return (1); 198f67bedddSMatthias Schmidt } 199f67bedddSMatthias Schmidt 200f67bedddSMatthias Schmidt len = base64_encode(login, strlen(login), &temp); 201f67bedddSMatthias Schmidt if (len <= 0) 202f67bedddSMatthias Schmidt return (-1); 203f67bedddSMatthias Schmidt 204f67bedddSMatthias Schmidt send_remote_command(fd, "%s", temp); 205*7b68d8aeSMatthias Schmidt if (read_remote(fd, 0, NULL) != 3) { 206f67bedddSMatthias Schmidt syslog(LOG_ERR, "%s: remote delivery deferred:" 207f67bedddSMatthias Schmidt " AUTH login failed: %m", it->queueid); 208f67bedddSMatthias Schmidt return (-1); 209f67bedddSMatthias Schmidt } 210f67bedddSMatthias Schmidt 211f67bedddSMatthias Schmidt len = base64_encode(password, strlen(password), &temp); 212f67bedddSMatthias Schmidt if (len <= 0) 213f67bedddSMatthias Schmidt return (-1); 214f67bedddSMatthias Schmidt 215f67bedddSMatthias Schmidt send_remote_command(fd, "%s", temp); 216*7b68d8aeSMatthias Schmidt res = read_remote(fd, 0, NULL); 2176ef9fe01SMatthias Schmidt if (res == 5) { 2186ef9fe01SMatthias Schmidt syslog(LOG_ERR, "%s: remote delivery failed:" 2196ef9fe01SMatthias Schmidt " Authentication failed: %m", it->queueid); 2206ef9fe01SMatthias Schmidt return (-1); 2216ef9fe01SMatthias Schmidt } else if (res != 2) { 2226ef9fe01SMatthias Schmidt syslog(LOG_ERR, "%s: remote delivery failed:" 223f67bedddSMatthias Schmidt " AUTH password failed: %m", it->queueid); 224f67bedddSMatthias Schmidt return (-1); 225f67bedddSMatthias Schmidt } 226*7b68d8aeSMatthias Schmidt } else { 227*7b68d8aeSMatthias Schmidt syslog(LOG_ERR, "%s: non-encrypted SMTP login is disabled in config, so skipping it. ", 228*7b68d8aeSMatthias Schmidt it->queueid); 229*7b68d8aeSMatthias Schmidt return (1); 230*7b68d8aeSMatthias Schmidt } 231f67bedddSMatthias Schmidt 232f67bedddSMatthias Schmidt return (0); 233f67bedddSMatthias Schmidt } 234f67bedddSMatthias Schmidt 235f67bedddSMatthias Schmidt static int 236f67bedddSMatthias Schmidt open_connection(struct qitem *it, const char *host) 237f67bedddSMatthias Schmidt { 238f67bedddSMatthias Schmidt struct addrinfo hints, *res, *res0; 239f67bedddSMatthias Schmidt char servname[128]; 240f67bedddSMatthias Schmidt const char *errmsg = NULL; 241f67bedddSMatthias Schmidt int fd, error = 0, port; 242f67bedddSMatthias Schmidt 243dba19026SMatthias Schmidt if (config->port != 0) 244f67bedddSMatthias Schmidt port = config->port; 245f67bedddSMatthias Schmidt else 246f67bedddSMatthias Schmidt port = SMTP_PORT; 247f67bedddSMatthias Schmidt 248*7b68d8aeSMatthias Schmidt /* FIXME get MX record of host */ 249f67bedddSMatthias Schmidt /* Shamelessly taken from getaddrinfo(3) */ 250f67bedddSMatthias Schmidt memset(&hints, 0, sizeof(hints)); 251f67bedddSMatthias Schmidt hints.ai_family = PF_UNSPEC; 252f67bedddSMatthias Schmidt hints.ai_socktype = SOCK_STREAM; 253f67bedddSMatthias Schmidt hints.ai_protocol = IPPROTO_TCP; 254f67bedddSMatthias Schmidt 255f67bedddSMatthias Schmidt snprintf(servname, sizeof(servname), "%d", port); 256f67bedddSMatthias Schmidt error = getaddrinfo(host, servname, &hints, &res0); 257f67bedddSMatthias Schmidt if (error) { 258f67bedddSMatthias Schmidt syslog(LOG_ERR, "%s: remote delivery deferred: " 259f67bedddSMatthias Schmidt "%s: %m", it->queueid, gai_strerror(error)); 260f67bedddSMatthias Schmidt return (-1); 261f67bedddSMatthias Schmidt } 262f67bedddSMatthias Schmidt fd = -1; 263f67bedddSMatthias Schmidt for (res = res0; res; res = res->ai_next) { 264f67bedddSMatthias Schmidt fd=socket(res->ai_family, res->ai_socktype, res->ai_protocol); 265f67bedddSMatthias Schmidt if (fd < 0) { 266f67bedddSMatthias Schmidt errmsg = "socket failed"; 267f67bedddSMatthias Schmidt continue; 268f67bedddSMatthias Schmidt } 269f67bedddSMatthias Schmidt if (connect(fd, res->ai_addr, res->ai_addrlen) < 0) { 270f67bedddSMatthias Schmidt errmsg = "connect failed"; 271f67bedddSMatthias Schmidt close(fd); 272f67bedddSMatthias Schmidt fd = -1; 273f67bedddSMatthias Schmidt continue; 274f67bedddSMatthias Schmidt } 275f67bedddSMatthias Schmidt break; 276f67bedddSMatthias Schmidt } 277f67bedddSMatthias Schmidt if (fd < 0) { 278f67bedddSMatthias Schmidt syslog(LOG_ERR, "%s: remote delivery deferred: %s (%s:%s)", 279f67bedddSMatthias Schmidt it->queueid, errmsg, host, servname); 280f67bedddSMatthias Schmidt freeaddrinfo(res0); 281f67bedddSMatthias Schmidt return (-1); 282f67bedddSMatthias Schmidt } 283f67bedddSMatthias Schmidt freeaddrinfo(res0); 284f67bedddSMatthias Schmidt return (fd); 285f67bedddSMatthias Schmidt } 286f67bedddSMatthias Schmidt 287f67bedddSMatthias Schmidt int 288f67bedddSMatthias Schmidt deliver_remote(struct qitem *it, const char **errmsg) 289f67bedddSMatthias Schmidt { 290f67bedddSMatthias Schmidt struct authuser *a; 2916ef9fe01SMatthias Schmidt char *host, line[1000]; 2926ef9fe01SMatthias Schmidt int fd, error = 0, do_auth = 0, res = 0; 293f67bedddSMatthias Schmidt size_t linelen; 294f67bedddSMatthias Schmidt 295f67bedddSMatthias Schmidt host = strrchr(it->addr, '@'); 296f67bedddSMatthias Schmidt /* Should not happen */ 297f67bedddSMatthias Schmidt if (host == NULL) 298f67bedddSMatthias Schmidt return(-1); 299f67bedddSMatthias Schmidt else 300f67bedddSMatthias Schmidt /* Step over the @ */ 301f67bedddSMatthias Schmidt host++; 302f67bedddSMatthias Schmidt 303f67bedddSMatthias Schmidt /* Smarthost support? */ 304f67bedddSMatthias Schmidt if (config->smarthost != NULL && strlen(config->smarthost) > 0) { 305f67bedddSMatthias Schmidt syslog(LOG_INFO, "%s: using smarthost (%s)", 306f67bedddSMatthias Schmidt it->queueid, config->smarthost); 307f67bedddSMatthias Schmidt host = config->smarthost; 308f67bedddSMatthias Schmidt } 309f67bedddSMatthias Schmidt 310f67bedddSMatthias Schmidt fd = open_connection(it, host); 311f67bedddSMatthias Schmidt if (fd < 0) 312f67bedddSMatthias Schmidt return (1); 313f67bedddSMatthias Schmidt 3146ef9fe01SMatthias Schmidt /* Check first reply from remote host */ 3156ef9fe01SMatthias Schmidt config->features |= NOSSL; 316*7b68d8aeSMatthias Schmidt res = read_remote(fd, 0, NULL); 3176ef9fe01SMatthias Schmidt if (res != 2) { 3186ef9fe01SMatthias Schmidt syslog(LOG_INFO, "%s: Invalid initial response: %i", 3196ef9fe01SMatthias Schmidt it->queueid, res); 3206ef9fe01SMatthias Schmidt return(1); 3216ef9fe01SMatthias Schmidt } 3226ef9fe01SMatthias Schmidt config->features &= ~NOSSL; 3236ef9fe01SMatthias Schmidt 324f67bedddSMatthias Schmidt #ifdef HAVE_CRYPTO 325f67bedddSMatthias Schmidt if ((config->features & SECURETRANS) != 0) { 326f67bedddSMatthias Schmidt error = smtp_init_crypto(it, fd, config->features); 327f67bedddSMatthias Schmidt if (error >= 0) 3280ca0cd25SSascha Wildner syslog(LOG_INFO, "%s: SSL initialization successful", 329f67bedddSMatthias Schmidt it->queueid); 330f67bedddSMatthias Schmidt else 331f67bedddSMatthias Schmidt goto out; 332f67bedddSMatthias Schmidt } 333f67bedddSMatthias Schmidt 334f67bedddSMatthias Schmidt /* 335f67bedddSMatthias Schmidt * If the user doesn't want STARTTLS, but SSL encryption, we 336f67bedddSMatthias Schmidt * have to enable SSL first, then send EHLO 337f67bedddSMatthias Schmidt */ 338f67bedddSMatthias Schmidt if (((config->features & STARTTLS) == 0) && 339f67bedddSMatthias Schmidt ((config->features & SECURETRANS) != 0)) { 340f67bedddSMatthias Schmidt send_remote_command(fd, "EHLO %s", hostname()); 341*7b68d8aeSMatthias Schmidt if (read_remote(fd, 0, NULL) != 2) { 342f67bedddSMatthias Schmidt syslog(LOG_ERR, "%s: remote delivery deferred: " 343f67bedddSMatthias Schmidt " EHLO failed: %m", it->queueid); 344f67bedddSMatthias Schmidt return (-1); 345f67bedddSMatthias Schmidt } 346f67bedddSMatthias Schmidt } 347f67bedddSMatthias Schmidt #endif /* HAVE_CRYPTO */ 348f67bedddSMatthias Schmidt if (((config->features & SECURETRANS) == 0)) { 349f67bedddSMatthias Schmidt send_remote_command(fd, "EHLO %s", hostname()); 350*7b68d8aeSMatthias Schmidt if (read_remote(fd, 0, NULL) != 2) { 351f67bedddSMatthias Schmidt syslog(LOG_ERR, "%s: remote delivery deferred: " 352f67bedddSMatthias Schmidt " EHLO failed: %m", it->queueid); 353f67bedddSMatthias Schmidt return (-1); 354f67bedddSMatthias Schmidt } 355f67bedddSMatthias Schmidt } 356f67bedddSMatthias Schmidt 357f67bedddSMatthias Schmidt /* 358f67bedddSMatthias Schmidt * Use SMTP authentication if the user defined an entry for the remote 359f67bedddSMatthias Schmidt * or smarthost 360f67bedddSMatthias Schmidt */ 361f67bedddSMatthias Schmidt SLIST_FOREACH(a, &authusers, next) { 362f67bedddSMatthias Schmidt if (strcmp(a->host, host) == 0) { 363f67bedddSMatthias Schmidt do_auth = 1; 364f67bedddSMatthias Schmidt break; 365f67bedddSMatthias Schmidt } 366f67bedddSMatthias Schmidt } 367f67bedddSMatthias Schmidt 368f67bedddSMatthias Schmidt if (do_auth == 1) { 369b558d098SMatthias Schmidt /* 370b558d098SMatthias Schmidt * Check if the user wants plain text login without using 371b558d098SMatthias Schmidt * encryption. 372b558d098SMatthias Schmidt */ 373b558d098SMatthias Schmidt syslog(LOG_INFO, "%s: Use SMTP authentication", 374b558d098SMatthias Schmidt it->queueid); 375f67bedddSMatthias Schmidt error = smtp_login(it, fd, a->login, a->password); 376f67bedddSMatthias Schmidt if (error < 0) { 377f67bedddSMatthias Schmidt syslog(LOG_ERR, "%s: remote delivery failed:" 378f67bedddSMatthias Schmidt " SMTP login failed: %m", it->queueid); 379f67bedddSMatthias Schmidt return (-1); 380f67bedddSMatthias Schmidt } 381f67bedddSMatthias Schmidt /* SMTP login is not available, so try without */ 382f67bedddSMatthias Schmidt else if (error > 0) 383b558d098SMatthias Schmidt syslog(LOG_ERR, "%s: SMTP login not available." 384b558d098SMatthias Schmidt " Try without", it->queueid); 385b558d098SMatthias Schmidt } 386f67bedddSMatthias Schmidt 387f67bedddSMatthias Schmidt send_remote_command(fd, "MAIL FROM:<%s>", it->sender); 388*7b68d8aeSMatthias Schmidt if (read_remote(fd, 0, NULL) != 2) { 389f67bedddSMatthias Schmidt syslog(LOG_ERR, "%s: remote delivery deferred:" 390f67bedddSMatthias Schmidt " MAIL FROM failed: %m", it->queueid); 391f67bedddSMatthias Schmidt return (1); 392f67bedddSMatthias Schmidt } 393f67bedddSMatthias Schmidt 394f67bedddSMatthias Schmidt send_remote_command(fd, "RCPT TO:<%s>", it->addr); 395*7b68d8aeSMatthias Schmidt if (read_remote(fd, 0, NULL) != 2) { 396f67bedddSMatthias Schmidt syslog(LOG_ERR, "%s: remote delivery deferred:" 397f67bedddSMatthias Schmidt " RCPT TO failed: %m", it->queueid); 398f67bedddSMatthias Schmidt return (1); 399f67bedddSMatthias Schmidt } 400f67bedddSMatthias Schmidt 401f67bedddSMatthias Schmidt send_remote_command(fd, "DATA"); 402*7b68d8aeSMatthias Schmidt if (read_remote(fd, 0, NULL) != 3) { 403f67bedddSMatthias Schmidt syslog(LOG_ERR, "%s: remote delivery deferred:" 404f67bedddSMatthias Schmidt " DATA failed: %m", it->queueid); 405f67bedddSMatthias Schmidt return (1); 406f67bedddSMatthias Schmidt } 407f67bedddSMatthias Schmidt 408f67bedddSMatthias Schmidt if (fseek(it->queuef, it->hdrlen, SEEK_SET) != 0) { 409f67bedddSMatthias Schmidt syslog(LOG_ERR, "%s: remote delivery deferred: cannot seek: %m", 410f67bedddSMatthias Schmidt it->queueid); 411f67bedddSMatthias Schmidt return (1); 412f67bedddSMatthias Schmidt } 413f67bedddSMatthias Schmidt 414f67bedddSMatthias Schmidt while (!feof(it->queuef)) { 415f67bedddSMatthias Schmidt if (fgets(line, sizeof(line), it->queuef) == NULL) 416f67bedddSMatthias Schmidt break; 417f67bedddSMatthias Schmidt linelen = strlen(line); 418f67bedddSMatthias Schmidt if (linelen == 0 || line[linelen - 1] != '\n') { 419f67bedddSMatthias Schmidt syslog(LOG_CRIT, "%s: remote delivery failed:" 420f67bedddSMatthias Schmidt "corrupted queue file", it->queueid); 421f67bedddSMatthias Schmidt *errmsg = "corrupted queue file"; 422f67bedddSMatthias Schmidt error = -1; 423f67bedddSMatthias Schmidt goto out; 424f67bedddSMatthias Schmidt } 425f67bedddSMatthias Schmidt 426f67bedddSMatthias Schmidt /* Remove trailing \n's and escape leading dots */ 427f67bedddSMatthias Schmidt trim_line(line); 428f67bedddSMatthias Schmidt 429f67bedddSMatthias Schmidt /* 430f67bedddSMatthias Schmidt * If the first character is a dot, we escape it so the line 431f67bedddSMatthias Schmidt * length increases 432f67bedddSMatthias Schmidt */ 433f67bedddSMatthias Schmidt if (line[0] == '.') 434f67bedddSMatthias Schmidt linelen++; 435f67bedddSMatthias Schmidt 436f67bedddSMatthias Schmidt if (send_remote_command(fd, "%s", line) != (ssize_t)linelen+1) { 437f67bedddSMatthias Schmidt syslog(LOG_ERR, "%s: remote delivery deferred: " 438f67bedddSMatthias Schmidt "write error", it->queueid); 439f67bedddSMatthias Schmidt error = 1; 440f67bedddSMatthias Schmidt goto out; 441f67bedddSMatthias Schmidt } 442f67bedddSMatthias Schmidt } 443f67bedddSMatthias Schmidt 444f67bedddSMatthias Schmidt send_remote_command(fd, "."); 445*7b68d8aeSMatthias Schmidt if (read_remote(fd, 0, NULL) != 2) { 446f67bedddSMatthias Schmidt syslog(LOG_ERR, "%s: remote delivery deferred: %m", 447f67bedddSMatthias Schmidt it->queueid); 448f67bedddSMatthias Schmidt return (1); 449f67bedddSMatthias Schmidt } 450f67bedddSMatthias Schmidt 451f67bedddSMatthias Schmidt send_remote_command(fd, "QUIT"); 452*7b68d8aeSMatthias Schmidt if (read_remote(fd, 0, NULL) != 2) { 453f67bedddSMatthias Schmidt syslog(LOG_ERR, "%s: remote delivery deferred: " 454f67bedddSMatthias Schmidt "QUIT failed: %m", it->queueid); 455f67bedddSMatthias Schmidt return (1); 456f67bedddSMatthias Schmidt } 457f67bedddSMatthias Schmidt out: 458f67bedddSMatthias Schmidt 459f67bedddSMatthias Schmidt close(fd); 460f67bedddSMatthias Schmidt return (error); 461f67bedddSMatthias Schmidt } 462f67bedddSMatthias Schmidt 463