1f67bedddSMatthias Schmidt /* 2f67bedddSMatthias Schmidt * Copyright (c) 2008 The DragonFly Project. All rights reserved. 3f67bedddSMatthias Schmidt * 4f67bedddSMatthias Schmidt * This code is derived from software contributed to The DragonFly Project 5f67bedddSMatthias Schmidt * by Matthias Schmidt <matthias@dragonflybsd.org>, University of Marburg, 6f67bedddSMatthias Schmidt * Germany. 7f67bedddSMatthias Schmidt * 8f67bedddSMatthias Schmidt * Redistribution and use in source and binary forms, with or without 9f67bedddSMatthias Schmidt * modification, are permitted provided that the following conditions 10f67bedddSMatthias Schmidt * are met: 11f67bedddSMatthias Schmidt * 12f67bedddSMatthias Schmidt * 1. Redistributions of source code must retain the above copyright 13f67bedddSMatthias Schmidt * notice, this list of conditions and the following disclaimer. 14f67bedddSMatthias Schmidt * 2. Redistributions in binary form must reproduce the above copyright 15f67bedddSMatthias Schmidt * notice, this list of conditions and the following disclaimer in 16f67bedddSMatthias Schmidt * the documentation and/or other materials provided with the 17f67bedddSMatthias Schmidt * distribution. 18f67bedddSMatthias Schmidt * 3. Neither the name of The DragonFly Project nor the names of its 19f67bedddSMatthias Schmidt * contributors may be used to endorse or promote products derived 20f67bedddSMatthias Schmidt * from this software without specific, prior written permission. 21f67bedddSMatthias Schmidt * 22f67bedddSMatthias Schmidt * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23f67bedddSMatthias Schmidt * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 24f67bedddSMatthias Schmidt * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 25f67bedddSMatthias Schmidt * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 26f67bedddSMatthias Schmidt * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 27f67bedddSMatthias Schmidt * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 28f67bedddSMatthias Schmidt * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 29f67bedddSMatthias Schmidt * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 30f67bedddSMatthias Schmidt * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 31f67bedddSMatthias Schmidt * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 32f67bedddSMatthias Schmidt * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33f67bedddSMatthias Schmidt * SUCH DAMAGE. 34f67bedddSMatthias Schmidt */ 35f67bedddSMatthias Schmidt 36f67bedddSMatthias Schmidt #include <sys/param.h> 37f67bedddSMatthias Schmidt #include <sys/queue.h> 38f67bedddSMatthias Schmidt #include <sys/stat.h> 39f67bedddSMatthias Schmidt #include <sys/types.h> 40f67bedddSMatthias Schmidt #include <sys/socket.h> 41f67bedddSMatthias Schmidt #include <netinet/in.h> 42f67bedddSMatthias Schmidt #include <arpa/inet.h> 43f67bedddSMatthias Schmidt 44f67bedddSMatthias Schmidt #include <openssl/ssl.h> 45e2c88018SSimon Schubert #include <openssl/err.h> 46f67bedddSMatthias Schmidt 47bc7baf1dSSascha Wildner #include <err.h> 48a5a8a1a4SSimon Schubert #include <errno.h> 49f67bedddSMatthias Schmidt #include <netdb.h> 50f67bedddSMatthias Schmidt #include <setjmp.h> 51f67bedddSMatthias Schmidt #include <signal.h> 52f67bedddSMatthias Schmidt #include <syslog.h> 53f67bedddSMatthias Schmidt #include <unistd.h> 54f67bedddSMatthias Schmidt 55f67bedddSMatthias Schmidt #include "dma.h" 56f67bedddSMatthias Schmidt 57f67bedddSMatthias Schmidt static jmp_buf timeout_alarm; 58a5a8a1a4SSimon Schubert char neterr[BUF_SIZE]; 59f67bedddSMatthias Schmidt 60e2c88018SSimon Schubert char * 61e2c88018SSimon Schubert ssl_errstr(void) 62e2c88018SSimon Schubert { 63e2c88018SSimon Schubert long oerr, nerr; 64e2c88018SSimon Schubert 65e2c88018SSimon Schubert oerr = 0; 66e2c88018SSimon Schubert while ((nerr = ERR_get_error()) != 0) 67e2c88018SSimon Schubert oerr = nerr; 68e2c88018SSimon Schubert 69e2c88018SSimon Schubert return (ERR_error_string(oerr, NULL)); 70e2c88018SSimon Schubert } 71e2c88018SSimon Schubert 72f67bedddSMatthias Schmidt static void 73dba19026SMatthias Schmidt sig_alarm(int signo __unused) 74f67bedddSMatthias Schmidt { 75f67bedddSMatthias Schmidt longjmp(timeout_alarm, 1); 76f67bedddSMatthias Schmidt } 77f67bedddSMatthias Schmidt 78f67bedddSMatthias Schmidt ssize_t 79f67bedddSMatthias Schmidt send_remote_command(int fd, const char* fmt, ...) 80f67bedddSMatthias Schmidt { 81f67bedddSMatthias Schmidt va_list va; 82f67bedddSMatthias Schmidt char cmd[4096]; 832922fd2bSSimon Schubert size_t len, pos; 842922fd2bSSimon Schubert int s; 852922fd2bSSimon Schubert ssize_t n; 86f67bedddSMatthias Schmidt 87f67bedddSMatthias Schmidt va_start(va, fmt); 882922fd2bSSimon Schubert s = vsnprintf(cmd, sizeof(cmd) - 2, fmt, va); 892922fd2bSSimon Schubert va_end(va); 90e2c88018SSimon Schubert if (s == sizeof(cmd) - 2 || s < 0) { 91e2c88018SSimon Schubert strcpy(neterr, "Internal error: oversized command string"); 92e2c88018SSimon Schubert return (-1); 93e2c88018SSimon Schubert } 94e2c88018SSimon Schubert 952922fd2bSSimon Schubert /* We *know* there are at least two more bytes available */ 962922fd2bSSimon Schubert strcat(cmd, "\r\n"); 972922fd2bSSimon Schubert len = strlen(cmd); 98f67bedddSMatthias Schmidt 99ca259d14SSimon Schubert if (((config.features & SECURETRANS) != 0) && 100ca259d14SSimon Schubert ((config.features & NOSSL) == 0)) { 101ca259d14SSimon Schubert while ((s = SSL_write(config.ssl, (const char*)cmd, len)) <= 0) { 102ca259d14SSimon Schubert s = SSL_get_error(config.ssl, s); 1032922fd2bSSimon Schubert if (s != SSL_ERROR_WANT_READ && 104e2c88018SSimon Schubert s != SSL_ERROR_WANT_WRITE) { 105e2c88018SSimon Schubert strncpy(neterr, ssl_errstr(), sizeof(neterr)); 1062922fd2bSSimon Schubert return (-1); 1072922fd2bSSimon Schubert } 108f67bedddSMatthias Schmidt } 109e2c88018SSimon Schubert } 110f67bedddSMatthias Schmidt else { 1112922fd2bSSimon Schubert pos = 0; 1122922fd2bSSimon Schubert while (pos < len) { 1132922fd2bSSimon Schubert n = write(fd, cmd + pos, len - pos); 1142922fd2bSSimon Schubert if (n < 0) 1152922fd2bSSimon Schubert return (-1); 1162922fd2bSSimon Schubert pos += n; 117f67bedddSMatthias Schmidt } 1182922fd2bSSimon Schubert } 119f67bedddSMatthias Schmidt 1202922fd2bSSimon Schubert return (len); 121f67bedddSMatthias Schmidt } 122f67bedddSMatthias Schmidt 1236ef9fe01SMatthias Schmidt int 1247b68d8aeSMatthias Schmidt read_remote(int fd, int extbufsize, char *extbuf) 125f67bedddSMatthias Schmidt { 1266ef9fe01SMatthias Schmidt ssize_t rlen = 0; 1276ef9fe01SMatthias Schmidt size_t pos, len; 1286ef9fe01SMatthias Schmidt char buff[BUF_SIZE]; 1297b68d8aeSMatthias Schmidt int done = 0, status = 0, extbufpos = 0; 130f67bedddSMatthias Schmidt 131f67bedddSMatthias Schmidt if (signal(SIGALRM, sig_alarm) == SIG_ERR) { 132a5a8a1a4SSimon Schubert snprintf(neterr, sizeof(neterr), "SIGALRM error: %s", 133a5a8a1a4SSimon Schubert strerror(errno)); 134e2c88018SSimon Schubert return (-1); 135f67bedddSMatthias Schmidt } 136f67bedddSMatthias Schmidt if (setjmp(timeout_alarm) != 0) { 137a5a8a1a4SSimon Schubert snprintf(neterr, sizeof(neterr), "Timeout reached"); 138e2c88018SSimon Schubert return (-1); 139f67bedddSMatthias Schmidt } 140f67bedddSMatthias Schmidt alarm(CON_TIMEOUT); 141f67bedddSMatthias Schmidt 142f67bedddSMatthias Schmidt /* 1436ef9fe01SMatthias Schmidt * Remote reading code from femail.c written by Henning Brauer of 1446ef9fe01SMatthias Schmidt * OpenBSD and released under a BSD style license. 145f67bedddSMatthias Schmidt */ 1466ef9fe01SMatthias Schmidt for (len = pos = 0; !done; ) { 1477b68d8aeSMatthias Schmidt rlen = 0; 1486ef9fe01SMatthias Schmidt if (pos == 0 || 1496ef9fe01SMatthias Schmidt (pos > 0 && memchr(buff + pos, '\n', len - pos) == NULL)) { 1506ef9fe01SMatthias Schmidt memmove(buff, buff + pos, len - pos); 1516ef9fe01SMatthias Schmidt len -= pos; 1526ef9fe01SMatthias Schmidt pos = 0; 153ca259d14SSimon Schubert if (((config.features & SECURETRANS) != 0) && 154ca259d14SSimon Schubert (config.features & NOSSL) == 0) { 155ca259d14SSimon Schubert if ((rlen = SSL_read(config.ssl, buff + len, 156e2c88018SSimon Schubert sizeof(buff) - len)) == -1) { 157e2c88018SSimon Schubert strncpy(neterr, ssl_errstr(), sizeof(neterr)); 158e2c88018SSimon Schubert return (-1); 159e2c88018SSimon Schubert } 1606ef9fe01SMatthias Schmidt } else { 161e2c88018SSimon Schubert if ((rlen = read(fd, buff + len, sizeof(buff) - len)) == -1) { 162e2c88018SSimon Schubert strncpy(neterr, strerror(errno), sizeof(neterr)); 163e2c88018SSimon Schubert return (-1); 164e2c88018SSimon Schubert } 1656ef9fe01SMatthias Schmidt } 1666ef9fe01SMatthias Schmidt len += rlen; 1676ef9fe01SMatthias Schmidt } 1687b68d8aeSMatthias Schmidt /* 1697b68d8aeSMatthias Schmidt * If there is an external buffer with a size bigger than zero 1707b68d8aeSMatthias Schmidt * and as long as there is space in the external buffer and 1717b68d8aeSMatthias Schmidt * there are new characters read from the mailserver 1727b68d8aeSMatthias Schmidt * copy them to the external buffer 1737b68d8aeSMatthias Schmidt */ 1747b68d8aeSMatthias Schmidt if (extbufpos <= (extbufsize - 1) && rlen && extbufsize > 0 1757b68d8aeSMatthias Schmidt && extbuf != NULL) { 1767b68d8aeSMatthias Schmidt /* do not write over the bounds of the buffer */ 1777b68d8aeSMatthias Schmidt if(extbufpos + rlen > (extbufsize - 1)) { 1787b68d8aeSMatthias Schmidt rlen = extbufsize - extbufpos; 1797b68d8aeSMatthias Schmidt } 1807b68d8aeSMatthias Schmidt memcpy(extbuf + extbufpos, buff + len - rlen, rlen); 1817b68d8aeSMatthias Schmidt extbufpos += rlen; 1827b68d8aeSMatthias Schmidt } 1836ef9fe01SMatthias Schmidt for (; pos < len && buff[pos] >= '0' && buff[pos] <= '9'; pos++) 1846ef9fe01SMatthias Schmidt ; /* Do nothing */ 185f67bedddSMatthias Schmidt 1866ef9fe01SMatthias Schmidt if (pos == len) 1876ef9fe01SMatthias Schmidt return (0); 1886ef9fe01SMatthias Schmidt 189e2c88018SSimon Schubert if (buff[pos] == ' ') { 1906ef9fe01SMatthias Schmidt done = 1; 191e2c88018SSimon Schubert } else if (buff[pos] != '-') { 192e2c88018SSimon Schubert strcpy(neterr, "invalid syntax in reply from server"); 193e2c88018SSimon Schubert return (-1); 194e2c88018SSimon Schubert } 1956ef9fe01SMatthias Schmidt 1966ef9fe01SMatthias Schmidt /* skip up to \n */ 1976ef9fe01SMatthias Schmidt for (; pos < len && buff[pos - 1] != '\n'; pos++) 1986ef9fe01SMatthias Schmidt ; /* Do nothing */ 1996ef9fe01SMatthias Schmidt 2006ef9fe01SMatthias Schmidt } 201f67bedddSMatthias Schmidt alarm(0); 202f67bedddSMatthias Schmidt 203a5a8a1a4SSimon Schubert buff[len] = '\0'; 204a5a8a1a4SSimon Schubert while (len > 0 && (buff[len - 1] == '\r' || buff[len - 1] == '\n')) 205a5a8a1a4SSimon Schubert buff[--len] = '\0'; 206a5a8a1a4SSimon Schubert snprintf(neterr, sizeof(neterr), "%s", buff); 2076ef9fe01SMatthias Schmidt status = atoi(buff); 2086ef9fe01SMatthias Schmidt return (status/100); 209f67bedddSMatthias Schmidt } 210f67bedddSMatthias Schmidt 211f67bedddSMatthias Schmidt /* 212f67bedddSMatthias Schmidt * Handle SMTP authentication 213f67bedddSMatthias Schmidt */ 214f67bedddSMatthias Schmidt static int 215405f48eeSSimon Schubert smtp_login(int fd, char *login, char* password) 216f67bedddSMatthias Schmidt { 217f67bedddSMatthias Schmidt char *temp; 2186ef9fe01SMatthias Schmidt int len, res = 0; 219f67bedddSMatthias Schmidt 220405f48eeSSimon Schubert res = smtp_auth_md5(fd, login, password); 2217b68d8aeSMatthias Schmidt if (res == 0) { 2227b68d8aeSMatthias Schmidt return (0); 2237b68d8aeSMatthias Schmidt } else if (res == -2) { 2247b68d8aeSMatthias Schmidt /* 2257b68d8aeSMatthias Schmidt * If the return code is -2, then then the login attempt failed, 2267b68d8aeSMatthias Schmidt * do not try other login mechanisms 2277b68d8aeSMatthias Schmidt */ 2285d7fe8bbSSimon Schubert return (1); 2297b68d8aeSMatthias Schmidt } 2307b68d8aeSMatthias Schmidt 231ca259d14SSimon Schubert if ((config.features & INSECURE) != 0 || 232ca259d14SSimon Schubert (config.features & SECURETRANS) != 0) { 233f67bedddSMatthias Schmidt /* Send AUTH command according to RFC 2554 */ 234f67bedddSMatthias Schmidt send_remote_command(fd, "AUTH LOGIN"); 2357b68d8aeSMatthias Schmidt if (read_remote(fd, 0, NULL) != 3) { 236405f48eeSSimon Schubert syslog(LOG_NOTICE, "remote delivery deferred:" 237a5a8a1a4SSimon Schubert " AUTH login not available: %s", 238405f48eeSSimon Schubert neterr); 239f67bedddSMatthias Schmidt return (1); 240f67bedddSMatthias Schmidt } 241f67bedddSMatthias Schmidt 242f67bedddSMatthias Schmidt len = base64_encode(login, strlen(login), &temp); 2435d7fe8bbSSimon Schubert if (len < 0) { 2445d7fe8bbSSimon Schubert encerr: 245405f48eeSSimon Schubert syslog(LOG_ERR, "can not encode auth reply: %m"); 2465d7fe8bbSSimon Schubert return (1); 2475d7fe8bbSSimon Schubert } 248f67bedddSMatthias Schmidt 249f67bedddSMatthias Schmidt send_remote_command(fd, "%s", temp); 2505d7fe8bbSSimon Schubert free(temp); 251e2c88018SSimon Schubert res = read_remote(fd, 0, NULL); 252e2c88018SSimon Schubert if (res != 3) { 253405f48eeSSimon Schubert syslog(LOG_NOTICE, "remote delivery %s: AUTH login failed: %s", 254405f48eeSSimon Schubert res == 5 ? "failed" : "deferred", neterr); 255e2c88018SSimon Schubert return (res == 5 ? -1 : 1); 256f67bedddSMatthias Schmidt } 257f67bedddSMatthias Schmidt 258f67bedddSMatthias Schmidt len = base64_encode(password, strlen(password), &temp); 2595d7fe8bbSSimon Schubert if (len < 0) 2605d7fe8bbSSimon Schubert goto encerr; 261f67bedddSMatthias Schmidt 262f67bedddSMatthias Schmidt send_remote_command(fd, "%s", temp); 2635d7fe8bbSSimon Schubert free(temp); 2647b68d8aeSMatthias Schmidt res = read_remote(fd, 0, NULL); 265e2c88018SSimon Schubert if (res != 2) { 266405f48eeSSimon Schubert syslog(LOG_NOTICE, "remote delivery %s: Authentication failed: %s", 267405f48eeSSimon Schubert res == 5 ? "failed" : "deferred", neterr); 268e2c88018SSimon Schubert return (res == 5 ? -1 : 1); 269f67bedddSMatthias Schmidt } 2707b68d8aeSMatthias Schmidt } else { 271405f48eeSSimon Schubert syslog(LOG_WARNING, "non-encrypted SMTP login is disabled in config, so skipping it. "); 2727b68d8aeSMatthias Schmidt return (1); 2737b68d8aeSMatthias Schmidt } 274f67bedddSMatthias Schmidt 275f67bedddSMatthias Schmidt return (0); 276f67bedddSMatthias Schmidt } 277f67bedddSMatthias Schmidt 278f67bedddSMatthias Schmidt static int 2793021968aSSimon Schubert open_connection(struct mx_hostentry *h) 280f67bedddSMatthias Schmidt { 2813021968aSSimon Schubert int fd; 282f67bedddSMatthias Schmidt 2833021968aSSimon Schubert syslog(LOG_INFO, "trying remote delivery to %s [%s] pref %d", 2843021968aSSimon Schubert h->host, h->addr, h->pref); 285f67bedddSMatthias Schmidt 2863021968aSSimon Schubert fd = socket(h->ai.ai_family, h->ai.ai_socktype, h->ai.ai_protocol); 2873021968aSSimon Schubert if (fd < 0) { 2883021968aSSimon Schubert syslog(LOG_INFO, "socket for %s [%s] failed: %m", 2893021968aSSimon Schubert h->host, h->addr); 290f67bedddSMatthias Schmidt return (-1); 291f67bedddSMatthias Schmidt } 2923021968aSSimon Schubert 2933021968aSSimon Schubert if (connect(fd, (struct sockaddr *)&h->sa, h->sa.ss_len) < 0) { 2943021968aSSimon Schubert syslog(LOG_INFO, "connect to %s [%s] failed: %m", 2953021968aSSimon Schubert h->host, h->addr); 296f67bedddSMatthias Schmidt close(fd); 297f67bedddSMatthias Schmidt return (-1); 298f67bedddSMatthias Schmidt } 2993021968aSSimon Schubert 300f67bedddSMatthias Schmidt return (fd); 301f67bedddSMatthias Schmidt } 302f67bedddSMatthias Schmidt 30310eeb0dfSSimon Schubert static void 30410eeb0dfSSimon Schubert close_connection(int fd) 30510eeb0dfSSimon Schubert { 306ca259d14SSimon Schubert if (((config.features & SECURETRANS) != 0) && 307ca259d14SSimon Schubert ((config.features & NOSSL) == 0)) 308ca259d14SSimon Schubert SSL_shutdown(config.ssl); 30910eeb0dfSSimon Schubert 310ca259d14SSimon Schubert if (config.ssl != NULL) 311ca259d14SSimon Schubert SSL_free(config.ssl); 31210eeb0dfSSimon Schubert 31310eeb0dfSSimon Schubert close(fd); 31410eeb0dfSSimon Schubert } 31510eeb0dfSSimon Schubert 3163021968aSSimon Schubert static int 3173021968aSSimon Schubert deliver_to_host(struct qitem *it, struct mx_hostentry *host, void *errmsgc) 318f67bedddSMatthias Schmidt { 319f67bedddSMatthias Schmidt struct authuser *a; 3203021968aSSimon Schubert char line[1000]; 321f67bedddSMatthias Schmidt size_t linelen; 3223021968aSSimon Schubert int fd, error = 0, do_auth = 0, res = 0; 323f67bedddSMatthias Schmidt 324ebffba26SSimon Schubert if (fseek(it->mailf, 0, SEEK_SET) != 0) { 3257d35694eSSimon Schubert asprintf(errmsgc, "can not seek: %s", strerror(errno)); 3267d35694eSSimon Schubert return (-1); 3277d35694eSSimon Schubert } 3287d35694eSSimon Schubert 329405f48eeSSimon Schubert fd = open_connection(host); 330f67bedddSMatthias Schmidt if (fd < 0) 331f67bedddSMatthias Schmidt return (1); 332f67bedddSMatthias Schmidt 3333021968aSSimon Schubert #define READ_REMOTE_CHECK(c, exp) \ 3343021968aSSimon Schubert res = read_remote(fd, 0, NULL); \ 3353021968aSSimon Schubert if (res == 5) { \ 3363021968aSSimon Schubert syslog(LOG_ERR, "remote delivery to %s [%s] failed after %s: %s", \ 3373021968aSSimon Schubert host->host, host->addr, c, neterr); \ 3383021968aSSimon Schubert asprintf(errmsgc, "%s [%s] did not like our %s:\n%s", \ 3393021968aSSimon Schubert host->host, host->addr, c, neterr); \ 3403021968aSSimon Schubert return (-1); \ 3413021968aSSimon Schubert } else if (res != exp) { \ 3423021968aSSimon Schubert syslog(LOG_NOTICE, "remote delivery deferred: %s [%s] failed after %s: %s", \ 3433021968aSSimon Schubert host->host, host->addr, c, neterr); \ 3443021968aSSimon Schubert return (1); \ 3453021968aSSimon Schubert } 3463021968aSSimon Schubert 347*b8b7d065SSimon Schubert /* Check first reply from remote host */ 348*b8b7d065SSimon Schubert config.features |= NOSSL; 349*b8b7d065SSimon Schubert READ_REMOTE_CHECK("connect", 2); 350*b8b7d065SSimon Schubert 351*b8b7d065SSimon Schubert config.features &= ~NOSSL; 352*b8b7d065SSimon Schubert 353*b8b7d065SSimon Schubert if ((config.features & SECURETRANS) != 0) { 354*b8b7d065SSimon Schubert error = smtp_init_crypto(fd, config.features); 355*b8b7d065SSimon Schubert if (error >= 0) 356*b8b7d065SSimon Schubert syslog(LOG_DEBUG, "SSL initialization successful"); 357*b8b7d065SSimon Schubert else 358*b8b7d065SSimon Schubert goto out; 359*b8b7d065SSimon Schubert } 360*b8b7d065SSimon Schubert 361c21e2cfdSSimon Schubert /* XXX allow HELO fallback */ 362c21e2cfdSSimon Schubert /* XXX record ESMTP keywords */ 363f67bedddSMatthias Schmidt send_remote_command(fd, "EHLO %s", hostname()); 3643021968aSSimon Schubert READ_REMOTE_CHECK("EHLO", 2); 365f67bedddSMatthias Schmidt 366f67bedddSMatthias Schmidt /* 367f67bedddSMatthias Schmidt * Use SMTP authentication if the user defined an entry for the remote 368f67bedddSMatthias Schmidt * or smarthost 369f67bedddSMatthias Schmidt */ 370f67bedddSMatthias Schmidt SLIST_FOREACH(a, &authusers, next) { 3713021968aSSimon Schubert if (strcmp(a->host, host->host) == 0) { 372f67bedddSMatthias Schmidt do_auth = 1; 373f67bedddSMatthias Schmidt break; 374f67bedddSMatthias Schmidt } 375f67bedddSMatthias Schmidt } 376f67bedddSMatthias Schmidt 377f67bedddSMatthias Schmidt if (do_auth == 1) { 378b558d098SMatthias Schmidt /* 379b558d098SMatthias Schmidt * Check if the user wants plain text login without using 380b558d098SMatthias Schmidt * encryption. 381b558d098SMatthias Schmidt */ 382ca259d14SSimon Schubert syslog(LOG_INFO, "using SMTP authentication for user %s", a->login); 383405f48eeSSimon Schubert error = smtp_login(fd, a->login, a->password); 384f67bedddSMatthias Schmidt if (error < 0) { 385405f48eeSSimon Schubert syslog(LOG_ERR, "remote delivery failed:" 386405f48eeSSimon Schubert " SMTP login failed: %m"); 3873021968aSSimon Schubert asprintf(errmsgc, "SMTP login to %s failed", host->host); 388f67bedddSMatthias Schmidt return (-1); 389f67bedddSMatthias Schmidt } 390f67bedddSMatthias Schmidt /* SMTP login is not available, so try without */ 391405f48eeSSimon Schubert else if (error > 0) { 392405f48eeSSimon Schubert syslog(LOG_WARNING, "SMTP login not available. Trying without."); 393405f48eeSSimon Schubert } 394b558d098SMatthias Schmidt } 395f67bedddSMatthias Schmidt 396c21e2cfdSSimon Schubert /* XXX send ESMTP ENVID, RET (FULL/HDRS) and 8BITMIME */ 3977dfd2fd8SSimon Schubert send_remote_command(fd, "MAIL FROM:<%s>", it->sender); 3987dfd2fd8SSimon Schubert READ_REMOTE_CHECK("MAIL FROM", 2); 3997dfd2fd8SSimon Schubert 400c21e2cfdSSimon Schubert /* XXX send ESMTP ORCPT */ 401f67bedddSMatthias Schmidt send_remote_command(fd, "RCPT TO:<%s>", it->addr); 4027dfd2fd8SSimon Schubert READ_REMOTE_CHECK("RCPT TO", 2); 403f67bedddSMatthias Schmidt 404f67bedddSMatthias Schmidt send_remote_command(fd, "DATA"); 4057dfd2fd8SSimon Schubert READ_REMOTE_CHECK("DATA", 3); 406f67bedddSMatthias Schmidt 4070caaabf6SSimon Schubert error = 0; 408f4e61a9fSSimon 'corecode' Schubert while (!feof(it->mailf)) { 409f4e61a9fSSimon 'corecode' Schubert if (fgets(line, sizeof(line), it->mailf) == NULL) 410f67bedddSMatthias Schmidt break; 411f67bedddSMatthias Schmidt linelen = strlen(line); 412f67bedddSMatthias Schmidt if (linelen == 0 || line[linelen - 1] != '\n') { 413405f48eeSSimon Schubert syslog(LOG_CRIT, "remote delivery failed: corrupted queue file"); 4143021968aSSimon Schubert *(const char **)errmsgc = "corrupted queue file"; 415f67bedddSMatthias Schmidt error = -1; 416f67bedddSMatthias Schmidt goto out; 417f67bedddSMatthias Schmidt } 418f67bedddSMatthias Schmidt 419f67bedddSMatthias Schmidt /* Remove trailing \n's and escape leading dots */ 420f67bedddSMatthias Schmidt trim_line(line); 421f67bedddSMatthias Schmidt 422f67bedddSMatthias Schmidt /* 423f67bedddSMatthias Schmidt * If the first character is a dot, we escape it so the line 424f67bedddSMatthias Schmidt * length increases 425f67bedddSMatthias Schmidt */ 426f67bedddSMatthias Schmidt if (line[0] == '.') 427f67bedddSMatthias Schmidt linelen++; 428f67bedddSMatthias Schmidt 429f67bedddSMatthias Schmidt if (send_remote_command(fd, "%s", line) != (ssize_t)linelen+1) { 430405f48eeSSimon Schubert syslog(LOG_NOTICE, "remote delivery deferred: write error"); 431f67bedddSMatthias Schmidt error = 1; 432f67bedddSMatthias Schmidt goto out; 433f67bedddSMatthias Schmidt } 434f67bedddSMatthias Schmidt } 435f67bedddSMatthias Schmidt 436f67bedddSMatthias Schmidt send_remote_command(fd, "."); 4377dfd2fd8SSimon Schubert READ_REMOTE_CHECK("final DATA", 2); 438f67bedddSMatthias Schmidt 439f67bedddSMatthias Schmidt send_remote_command(fd, "QUIT"); 4406cfc247dSSimon Schubert if (read_remote(fd, 0, NULL) != 2) 441405f48eeSSimon Schubert syslog(LOG_INFO, "remote delivery succeeded but QUIT failed: %s", neterr); 442f67bedddSMatthias Schmidt out: 443f67bedddSMatthias Schmidt 44410eeb0dfSSimon Schubert close_connection(fd); 445f67bedddSMatthias Schmidt return (error); 446f67bedddSMatthias Schmidt } 447f67bedddSMatthias Schmidt 4483021968aSSimon Schubert int 4493021968aSSimon Schubert deliver_remote(struct qitem *it, const char **errmsg) 4503021968aSSimon Schubert { 4513021968aSSimon Schubert /* asprintf can't take const */ 4523021968aSSimon Schubert void *errmsgc = __DECONST(char **, errmsg); 4533021968aSSimon Schubert struct mx_hostentry *hosts, *h; 454ca259d14SSimon Schubert const char *host; 4553021968aSSimon Schubert int port; 4563021968aSSimon Schubert int error = 1, smarthost = 0; 4573021968aSSimon Schubert 4583021968aSSimon Schubert host = strrchr(it->addr, '@'); 4593021968aSSimon Schubert /* Should not happen */ 4603021968aSSimon Schubert if (host == NULL) { 4613021968aSSimon Schubert asprintf(errmsgc, "Internal error: badly formed address %s", 4623021968aSSimon Schubert it->addr); 4633021968aSSimon Schubert return(-1); 4643021968aSSimon Schubert } else { 4653021968aSSimon Schubert /* Step over the @ */ 4663021968aSSimon Schubert host++; 4673021968aSSimon Schubert } 4683021968aSSimon Schubert 4693021968aSSimon Schubert port = SMTP_PORT; 4703021968aSSimon Schubert 4713021968aSSimon Schubert /* Smarthost support? */ 472ca259d14SSimon Schubert if (config.smarthost != NULL) { 473ca259d14SSimon Schubert host = config.smarthost; 474ca259d14SSimon Schubert port = config.port; 475ca259d14SSimon Schubert syslog(LOG_INFO, "using smarthost (%s:%i)", host, port); 4763021968aSSimon Schubert smarthost = 1; 4773021968aSSimon Schubert } 4783021968aSSimon Schubert 4793021968aSSimon Schubert error = dns_get_mx_list(host, port, &hosts, smarthost); 4803021968aSSimon Schubert if (error) { 4813021968aSSimon Schubert syslog(LOG_NOTICE, "remote delivery %s: DNS failure (%s)", 4823021968aSSimon Schubert error < 0 ? "failed" : "deferred", 4833021968aSSimon Schubert host); 4843021968aSSimon Schubert return (error); 4853021968aSSimon Schubert } 4863021968aSSimon Schubert 4873021968aSSimon Schubert for (h = hosts; *h->host != 0; h++) { 4883021968aSSimon Schubert switch (deliver_to_host(it, h, errmsgc)) { 4893021968aSSimon Schubert case 0: 4903021968aSSimon Schubert /* success */ 4913021968aSSimon Schubert error = 0; 4923021968aSSimon Schubert goto out; 4933021968aSSimon Schubert case 1: 4943021968aSSimon Schubert /* temp failure */ 4953021968aSSimon Schubert error = 1; 4963021968aSSimon Schubert break; 4973021968aSSimon Schubert default: 4983021968aSSimon Schubert /* perm failure */ 4993021968aSSimon Schubert error = -1; 5003021968aSSimon Schubert goto out; 5013021968aSSimon Schubert } 5023021968aSSimon Schubert } 5033021968aSSimon Schubert out: 5043021968aSSimon Schubert free(hosts); 5053021968aSSimon Schubert 5063021968aSSimon Schubert return (error); 5073021968aSSimon Schubert } 508