1f67bedddSMatthias Schmidt /* 2f67bedddSMatthias Schmidt * Copyright (c) 2008 The DragonFly Project. All rights reserved. 3f67bedddSMatthias Schmidt * 4f67bedddSMatthias Schmidt * This code is derived from software contributed to The DragonFly Project 5f67bedddSMatthias Schmidt * by Matthias Schmidt <matthias@dragonflybsd.org>, University of Marburg, 6f67bedddSMatthias Schmidt * Germany. 7f67bedddSMatthias Schmidt * 8f67bedddSMatthias Schmidt * Redistribution and use in source and binary forms, with or without 9f67bedddSMatthias Schmidt * modification, are permitted provided that the following conditions 10f67bedddSMatthias Schmidt * are met: 11f67bedddSMatthias Schmidt * 12f67bedddSMatthias Schmidt * 1. Redistributions of source code must retain the above copyright 13f67bedddSMatthias Schmidt * notice, this list of conditions and the following disclaimer. 14f67bedddSMatthias Schmidt * 2. Redistributions in binary form must reproduce the above copyright 15f67bedddSMatthias Schmidt * notice, this list of conditions and the following disclaimer in 16f67bedddSMatthias Schmidt * the documentation and/or other materials provided with the 17f67bedddSMatthias Schmidt * distribution. 18f67bedddSMatthias Schmidt * 3. Neither the name of The DragonFly Project nor the names of its 19f67bedddSMatthias Schmidt * contributors may be used to endorse or promote products derived 20f67bedddSMatthias Schmidt * from this software without specific, prior written permission. 21f67bedddSMatthias Schmidt * 22f67bedddSMatthias Schmidt * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23f67bedddSMatthias Schmidt * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 24f67bedddSMatthias Schmidt * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 25f67bedddSMatthias Schmidt * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 26f67bedddSMatthias Schmidt * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 27f67bedddSMatthias Schmidt * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 28f67bedddSMatthias Schmidt * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 29f67bedddSMatthias Schmidt * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 30f67bedddSMatthias Schmidt * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 31f67bedddSMatthias Schmidt * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 32f67bedddSMatthias Schmidt * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33f67bedddSMatthias Schmidt * SUCH DAMAGE. 34f67bedddSMatthias Schmidt */ 35f67bedddSMatthias Schmidt 36f67bedddSMatthias Schmidt #include <sys/param.h> 37f67bedddSMatthias Schmidt #include <sys/queue.h> 38f67bedddSMatthias Schmidt #include <sys/stat.h> 39f67bedddSMatthias Schmidt #include <sys/types.h> 40f67bedddSMatthias Schmidt #include <sys/socket.h> 41f67bedddSMatthias Schmidt #include <netinet/in.h> 42f67bedddSMatthias Schmidt #include <arpa/inet.h> 43f67bedddSMatthias Schmidt 44f67bedddSMatthias Schmidt #include <openssl/ssl.h> 45e2c88018SSimon Schubert #include <openssl/err.h> 46f67bedddSMatthias Schmidt 47bc7baf1dSSascha Wildner #include <err.h> 48a5a8a1a4SSimon Schubert #include <errno.h> 49f67bedddSMatthias Schmidt #include <netdb.h> 50f67bedddSMatthias Schmidt #include <setjmp.h> 51f67bedddSMatthias Schmidt #include <signal.h> 52f67bedddSMatthias Schmidt #include <syslog.h> 53f67bedddSMatthias Schmidt #include <unistd.h> 54f67bedddSMatthias Schmidt 55f67bedddSMatthias Schmidt #include "dma.h" 56f67bedddSMatthias Schmidt 57f67bedddSMatthias Schmidt static jmp_buf timeout_alarm; 58a5a8a1a4SSimon Schubert char neterr[BUF_SIZE]; 59f67bedddSMatthias Schmidt 60e2c88018SSimon Schubert char * 61e2c88018SSimon Schubert ssl_errstr(void) 62e2c88018SSimon Schubert { 63e2c88018SSimon Schubert long oerr, nerr; 64e2c88018SSimon Schubert 65e2c88018SSimon Schubert oerr = 0; 66e2c88018SSimon Schubert while ((nerr = ERR_get_error()) != 0) 67e2c88018SSimon Schubert oerr = nerr; 68e2c88018SSimon Schubert 69e2c88018SSimon Schubert return (ERR_error_string(oerr, NULL)); 70e2c88018SSimon Schubert } 71e2c88018SSimon Schubert 72f67bedddSMatthias Schmidt static void 73dba19026SMatthias Schmidt sig_alarm(int signo __unused) 74f67bedddSMatthias Schmidt { 75f67bedddSMatthias Schmidt longjmp(timeout_alarm, 1); 76f67bedddSMatthias Schmidt } 77f67bedddSMatthias Schmidt 78f67bedddSMatthias Schmidt ssize_t 79f67bedddSMatthias Schmidt send_remote_command(int fd, const char* fmt, ...) 80f67bedddSMatthias Schmidt { 81f67bedddSMatthias Schmidt va_list va; 82f67bedddSMatthias Schmidt char cmd[4096]; 832922fd2bSSimon Schubert size_t len, pos; 842922fd2bSSimon Schubert int s; 852922fd2bSSimon Schubert ssize_t n; 86f67bedddSMatthias Schmidt 87f67bedddSMatthias Schmidt va_start(va, fmt); 882922fd2bSSimon Schubert s = vsnprintf(cmd, sizeof(cmd) - 2, fmt, va); 892922fd2bSSimon Schubert va_end(va); 90e2c88018SSimon Schubert if (s == sizeof(cmd) - 2 || s < 0) { 91e2c88018SSimon Schubert strcpy(neterr, "Internal error: oversized command string"); 92e2c88018SSimon Schubert return (-1); 93e2c88018SSimon Schubert } 94e2c88018SSimon Schubert 952922fd2bSSimon Schubert /* We *know* there are at least two more bytes available */ 962922fd2bSSimon Schubert strcat(cmd, "\r\n"); 972922fd2bSSimon Schubert len = strlen(cmd); 98f67bedddSMatthias Schmidt 99f67bedddSMatthias Schmidt if (((config->features & SECURETRANS) != 0) && 1006ef9fe01SMatthias Schmidt ((config->features & NOSSL) == 0)) { 1012922fd2bSSimon Schubert while ((s = SSL_write(config->ssl, (const char*)cmd, len)) <= 0) { 1022922fd2bSSimon Schubert s = SSL_get_error(config->ssl, s); 1032922fd2bSSimon Schubert if (s != SSL_ERROR_WANT_READ && 104e2c88018SSimon Schubert s != SSL_ERROR_WANT_WRITE) { 105e2c88018SSimon Schubert strncpy(neterr, ssl_errstr(), sizeof(neterr)); 1062922fd2bSSimon Schubert return (-1); 1072922fd2bSSimon Schubert } 108f67bedddSMatthias Schmidt } 109e2c88018SSimon Schubert } 110f67bedddSMatthias Schmidt else { 1112922fd2bSSimon Schubert pos = 0; 1122922fd2bSSimon Schubert while (pos < len) { 1132922fd2bSSimon Schubert n = write(fd, cmd + pos, len - pos); 1142922fd2bSSimon Schubert if (n < 0) 1152922fd2bSSimon Schubert return (-1); 1162922fd2bSSimon Schubert pos += n; 117f67bedddSMatthias Schmidt } 1182922fd2bSSimon Schubert } 119f67bedddSMatthias Schmidt 1202922fd2bSSimon Schubert return (len); 121f67bedddSMatthias Schmidt } 122f67bedddSMatthias Schmidt 1236ef9fe01SMatthias Schmidt int 1247b68d8aeSMatthias Schmidt read_remote(int fd, int extbufsize, char *extbuf) 125f67bedddSMatthias Schmidt { 1266ef9fe01SMatthias Schmidt ssize_t rlen = 0; 1276ef9fe01SMatthias Schmidt size_t pos, len; 1286ef9fe01SMatthias Schmidt char buff[BUF_SIZE]; 1297b68d8aeSMatthias Schmidt int done = 0, status = 0, extbufpos = 0; 130f67bedddSMatthias Schmidt 131f67bedddSMatthias Schmidt if (signal(SIGALRM, sig_alarm) == SIG_ERR) { 132a5a8a1a4SSimon Schubert snprintf(neterr, sizeof(neterr), "SIGALRM error: %s", 133a5a8a1a4SSimon Schubert strerror(errno)); 134e2c88018SSimon Schubert return (-1); 135f67bedddSMatthias Schmidt } 136f67bedddSMatthias Schmidt if (setjmp(timeout_alarm) != 0) { 137a5a8a1a4SSimon Schubert snprintf(neterr, sizeof(neterr), "Timeout reached"); 138e2c88018SSimon Schubert return (-1); 139f67bedddSMatthias Schmidt } 140f67bedddSMatthias Schmidt alarm(CON_TIMEOUT); 141f67bedddSMatthias Schmidt 142f67bedddSMatthias Schmidt /* 1436ef9fe01SMatthias Schmidt * Remote reading code from femail.c written by Henning Brauer of 1446ef9fe01SMatthias Schmidt * OpenBSD and released under a BSD style license. 145f67bedddSMatthias Schmidt */ 1466ef9fe01SMatthias Schmidt for (len = pos = 0; !done; ) { 1477b68d8aeSMatthias Schmidt rlen = 0; 1486ef9fe01SMatthias Schmidt if (pos == 0 || 1496ef9fe01SMatthias Schmidt (pos > 0 && memchr(buff + pos, '\n', len - pos) == NULL)) { 1506ef9fe01SMatthias Schmidt memmove(buff, buff + pos, len - pos); 1516ef9fe01SMatthias Schmidt len -= pos; 1526ef9fe01SMatthias Schmidt pos = 0; 153f67bedddSMatthias Schmidt if (((config->features & SECURETRANS) != 0) && 1546ef9fe01SMatthias Schmidt (config->features & NOSSL) == 0) { 1556ef9fe01SMatthias Schmidt if ((rlen = SSL_read(config->ssl, buff + len, 156e2c88018SSimon Schubert sizeof(buff) - len)) == -1) { 157e2c88018SSimon Schubert strncpy(neterr, ssl_errstr(), sizeof(neterr)); 158e2c88018SSimon Schubert return (-1); 159e2c88018SSimon Schubert } 1606ef9fe01SMatthias Schmidt } else { 161e2c88018SSimon Schubert if ((rlen = read(fd, buff + len, sizeof(buff) - len)) == -1) { 162e2c88018SSimon Schubert strncpy(neterr, strerror(errno), sizeof(neterr)); 163e2c88018SSimon Schubert return (-1); 164e2c88018SSimon Schubert } 1656ef9fe01SMatthias Schmidt } 1666ef9fe01SMatthias Schmidt len += rlen; 1676ef9fe01SMatthias Schmidt } 1687b68d8aeSMatthias Schmidt /* 1697b68d8aeSMatthias Schmidt * If there is an external buffer with a size bigger than zero 1707b68d8aeSMatthias Schmidt * and as long as there is space in the external buffer and 1717b68d8aeSMatthias Schmidt * there are new characters read from the mailserver 1727b68d8aeSMatthias Schmidt * copy them to the external buffer 1737b68d8aeSMatthias Schmidt */ 1747b68d8aeSMatthias Schmidt if (extbufpos <= (extbufsize - 1) && rlen && extbufsize > 0 1757b68d8aeSMatthias Schmidt && extbuf != NULL) { 1767b68d8aeSMatthias Schmidt /* do not write over the bounds of the buffer */ 1777b68d8aeSMatthias Schmidt if(extbufpos + rlen > (extbufsize - 1)) { 1787b68d8aeSMatthias Schmidt rlen = extbufsize - extbufpos; 1797b68d8aeSMatthias Schmidt } 1807b68d8aeSMatthias Schmidt memcpy(extbuf + extbufpos, buff + len - rlen, rlen); 1817b68d8aeSMatthias Schmidt extbufpos += rlen; 1827b68d8aeSMatthias Schmidt } 1836ef9fe01SMatthias Schmidt for (; pos < len && buff[pos] >= '0' && buff[pos] <= '9'; pos++) 1846ef9fe01SMatthias Schmidt ; /* Do nothing */ 185f67bedddSMatthias Schmidt 1866ef9fe01SMatthias Schmidt if (pos == len) 1876ef9fe01SMatthias Schmidt return (0); 1886ef9fe01SMatthias Schmidt 189e2c88018SSimon Schubert if (buff[pos] == ' ') { 1906ef9fe01SMatthias Schmidt done = 1; 191e2c88018SSimon Schubert } else if (buff[pos] != '-') { 192e2c88018SSimon Schubert strcpy(neterr, "invalid syntax in reply from server"); 193e2c88018SSimon Schubert return (-1); 194e2c88018SSimon Schubert } 1956ef9fe01SMatthias Schmidt 1966ef9fe01SMatthias Schmidt /* skip up to \n */ 1976ef9fe01SMatthias Schmidt for (; pos < len && buff[pos - 1] != '\n'; pos++) 1986ef9fe01SMatthias Schmidt ; /* Do nothing */ 1996ef9fe01SMatthias Schmidt 2006ef9fe01SMatthias Schmidt } 201f67bedddSMatthias Schmidt alarm(0); 202f67bedddSMatthias Schmidt 203a5a8a1a4SSimon Schubert buff[len] = '\0'; 204a5a8a1a4SSimon Schubert while (len > 0 && (buff[len - 1] == '\r' || buff[len - 1] == '\n')) 205a5a8a1a4SSimon Schubert buff[--len] = '\0'; 206a5a8a1a4SSimon Schubert snprintf(neterr, sizeof(neterr), "%s", buff); 2076ef9fe01SMatthias Schmidt status = atoi(buff); 2086ef9fe01SMatthias Schmidt return (status/100); 209f67bedddSMatthias Schmidt } 210f67bedddSMatthias Schmidt 211f67bedddSMatthias Schmidt /* 212f67bedddSMatthias Schmidt * Handle SMTP authentication 213f67bedddSMatthias Schmidt */ 214f67bedddSMatthias Schmidt static int 215405f48eeSSimon Schubert smtp_login(int fd, char *login, char* password) 216f67bedddSMatthias Schmidt { 217f67bedddSMatthias Schmidt char *temp; 2186ef9fe01SMatthias Schmidt int len, res = 0; 219f67bedddSMatthias Schmidt 220405f48eeSSimon Schubert res = smtp_auth_md5(fd, login, password); 2217b68d8aeSMatthias Schmidt if (res == 0) { 2227b68d8aeSMatthias Schmidt return (0); 2237b68d8aeSMatthias Schmidt } else if (res == -2) { 2247b68d8aeSMatthias Schmidt /* 2257b68d8aeSMatthias Schmidt * If the return code is -2, then then the login attempt failed, 2267b68d8aeSMatthias Schmidt * do not try other login mechanisms 2277b68d8aeSMatthias Schmidt */ 2285d7fe8bbSSimon Schubert return (1); 2297b68d8aeSMatthias Schmidt } 2307b68d8aeSMatthias Schmidt 231bf83173bSSimon Schubert if ((config->features & INSECURE) != 0 || 232bf83173bSSimon Schubert (config->features & SECURETRANS) != 0) { 233f67bedddSMatthias Schmidt /* Send AUTH command according to RFC 2554 */ 234f67bedddSMatthias Schmidt send_remote_command(fd, "AUTH LOGIN"); 2357b68d8aeSMatthias Schmidt if (read_remote(fd, 0, NULL) != 3) { 236405f48eeSSimon Schubert syslog(LOG_NOTICE, "remote delivery deferred:" 237a5a8a1a4SSimon Schubert " AUTH login not available: %s", 238405f48eeSSimon Schubert neterr); 239f67bedddSMatthias Schmidt return (1); 240f67bedddSMatthias Schmidt } 241f67bedddSMatthias Schmidt 242f67bedddSMatthias Schmidt len = base64_encode(login, strlen(login), &temp); 2435d7fe8bbSSimon Schubert if (len < 0) { 2445d7fe8bbSSimon Schubert encerr: 245405f48eeSSimon Schubert syslog(LOG_ERR, "can not encode auth reply: %m"); 2465d7fe8bbSSimon Schubert return (1); 2475d7fe8bbSSimon Schubert } 248f67bedddSMatthias Schmidt 249f67bedddSMatthias Schmidt send_remote_command(fd, "%s", temp); 2505d7fe8bbSSimon Schubert free(temp); 251e2c88018SSimon Schubert res = read_remote(fd, 0, NULL); 252e2c88018SSimon Schubert if (res != 3) { 253405f48eeSSimon Schubert syslog(LOG_NOTICE, "remote delivery %s: AUTH login failed: %s", 254405f48eeSSimon Schubert res == 5 ? "failed" : "deferred", neterr); 255e2c88018SSimon Schubert return (res == 5 ? -1 : 1); 256f67bedddSMatthias Schmidt } 257f67bedddSMatthias Schmidt 258f67bedddSMatthias Schmidt len = base64_encode(password, strlen(password), &temp); 2595d7fe8bbSSimon Schubert if (len < 0) 2605d7fe8bbSSimon Schubert goto encerr; 261f67bedddSMatthias Schmidt 262f67bedddSMatthias Schmidt send_remote_command(fd, "%s", temp); 2635d7fe8bbSSimon Schubert free(temp); 2647b68d8aeSMatthias Schmidt res = read_remote(fd, 0, NULL); 265e2c88018SSimon Schubert if (res != 2) { 266405f48eeSSimon Schubert syslog(LOG_NOTICE, "remote delivery %s: Authentication failed: %s", 267405f48eeSSimon Schubert res == 5 ? "failed" : "deferred", neterr); 268e2c88018SSimon Schubert return (res == 5 ? -1 : 1); 269f67bedddSMatthias Schmidt } 2707b68d8aeSMatthias Schmidt } else { 271405f48eeSSimon Schubert syslog(LOG_WARNING, "non-encrypted SMTP login is disabled in config, so skipping it. "); 2727b68d8aeSMatthias Schmidt return (1); 2737b68d8aeSMatthias Schmidt } 274f67bedddSMatthias Schmidt 275f67bedddSMatthias Schmidt return (0); 276f67bedddSMatthias Schmidt } 277f67bedddSMatthias Schmidt 278f67bedddSMatthias Schmidt static int 279405f48eeSSimon Schubert open_connection(const char *host) 280f67bedddSMatthias Schmidt { 281f67bedddSMatthias Schmidt struct addrinfo hints, *res, *res0; 282f67bedddSMatthias Schmidt char servname[128]; 283f67bedddSMatthias Schmidt const char *errmsg = NULL; 284f67bedddSMatthias Schmidt int fd, error = 0, port; 285f67bedddSMatthias Schmidt 286dba19026SMatthias Schmidt if (config->port != 0) 287f67bedddSMatthias Schmidt port = config->port; 288f67bedddSMatthias Schmidt else 289f67bedddSMatthias Schmidt port = SMTP_PORT; 290f67bedddSMatthias Schmidt 29195c8eb97SSimon Schubert /* XXX FIXME get MX record of host */ 292f67bedddSMatthias Schmidt /* Shamelessly taken from getaddrinfo(3) */ 293f67bedddSMatthias Schmidt memset(&hints, 0, sizeof(hints)); 294f67bedddSMatthias Schmidt hints.ai_family = PF_UNSPEC; 295f67bedddSMatthias Schmidt hints.ai_socktype = SOCK_STREAM; 296f67bedddSMatthias Schmidt hints.ai_protocol = IPPROTO_TCP; 297f67bedddSMatthias Schmidt 298f67bedddSMatthias Schmidt snprintf(servname, sizeof(servname), "%d", port); 299f67bedddSMatthias Schmidt error = getaddrinfo(host, servname, &hints, &res0); 300f67bedddSMatthias Schmidt if (error) { 301405f48eeSSimon Schubert syslog(LOG_NOTICE, "remote delivery deferred: %s", gai_strerror(error)); 302f67bedddSMatthias Schmidt return (-1); 303f67bedddSMatthias Schmidt } 304f67bedddSMatthias Schmidt fd = -1; 305f67bedddSMatthias Schmidt for (res = res0; res; res = res->ai_next) { 306f67bedddSMatthias Schmidt fd=socket(res->ai_family, res->ai_socktype, res->ai_protocol); 307f67bedddSMatthias Schmidt if (fd < 0) { 308f67bedddSMatthias Schmidt errmsg = "socket failed"; 309f67bedddSMatthias Schmidt continue; 310f67bedddSMatthias Schmidt } 311f67bedddSMatthias Schmidt if (connect(fd, res->ai_addr, res->ai_addrlen) < 0) { 312f67bedddSMatthias Schmidt errmsg = "connect failed"; 313f67bedddSMatthias Schmidt close(fd); 314f67bedddSMatthias Schmidt fd = -1; 315f67bedddSMatthias Schmidt continue; 316f67bedddSMatthias Schmidt } 317f67bedddSMatthias Schmidt break; 318f67bedddSMatthias Schmidt } 319f67bedddSMatthias Schmidt if (fd < 0) { 320405f48eeSSimon Schubert syslog(LOG_NOTICE, "remote delivery deferred: %s (%s:%s)", 321405f48eeSSimon Schubert errmsg, host, servname); 322f67bedddSMatthias Schmidt freeaddrinfo(res0); 323f67bedddSMatthias Schmidt return (-1); 324f67bedddSMatthias Schmidt } 325f67bedddSMatthias Schmidt freeaddrinfo(res0); 326f67bedddSMatthias Schmidt return (fd); 327f67bedddSMatthias Schmidt } 328f67bedddSMatthias Schmidt 32910eeb0dfSSimon Schubert static void 33010eeb0dfSSimon Schubert close_connection(int fd) 33110eeb0dfSSimon Schubert { 33210eeb0dfSSimon Schubert if (((config->features & SECURETRANS) != 0) && 33310eeb0dfSSimon Schubert ((config->features & NOSSL) == 0)) 33410eeb0dfSSimon Schubert SSL_shutdown(config->ssl); 33510eeb0dfSSimon Schubert 33610eeb0dfSSimon Schubert if (config->ssl != NULL) 33710eeb0dfSSimon Schubert SSL_free(config->ssl); 33810eeb0dfSSimon Schubert 33910eeb0dfSSimon Schubert close(fd); 34010eeb0dfSSimon Schubert } 34110eeb0dfSSimon Schubert 342f67bedddSMatthias Schmidt int 3435868e44cSSimon Schubert deliver_remote(struct qitem *it, const char **errmsg) 344f67bedddSMatthias Schmidt { 345f67bedddSMatthias Schmidt struct authuser *a; 3466ef9fe01SMatthias Schmidt char *host, line[1000]; 3476ef9fe01SMatthias Schmidt int fd, error = 0, do_auth = 0, res = 0; 348f67bedddSMatthias Schmidt size_t linelen; 3495868e44cSSimon Schubert /* asprintf can't take const */ 3505868e44cSSimon Schubert void *errmsgc = __DECONST(char **, errmsg); 351f67bedddSMatthias Schmidt 3527d35694eSSimon Schubert if (fseek(it->mailf, it->hdrlen, SEEK_SET) != 0) { 3537d35694eSSimon Schubert asprintf(errmsgc, "can not seek: %s", strerror(errno)); 3547d35694eSSimon Schubert return (-1); 3557d35694eSSimon Schubert } 3567d35694eSSimon Schubert 357f67bedddSMatthias Schmidt host = strrchr(it->addr, '@'); 358f67bedddSMatthias Schmidt /* Should not happen */ 35939f7c85aSSimon Schubert if (host == NULL) { 3605868e44cSSimon Schubert asprintf(errmsgc, "Internal error: badly formed address %s", 36139f7c85aSSimon Schubert it->addr); 362f67bedddSMatthias Schmidt return(-1); 36339f7c85aSSimon Schubert } else { 364f67bedddSMatthias Schmidt /* Step over the @ */ 365f67bedddSMatthias Schmidt host++; 36639f7c85aSSimon Schubert } 367f67bedddSMatthias Schmidt 368f67bedddSMatthias Schmidt /* Smarthost support? */ 369f67bedddSMatthias Schmidt if (config->smarthost != NULL && strlen(config->smarthost) > 0) { 370405f48eeSSimon Schubert syslog(LOG_INFO, "using smarthost (%s:%i)", 371405f48eeSSimon Schubert config->smarthost, config->port); 372f67bedddSMatthias Schmidt host = config->smarthost; 373f67bedddSMatthias Schmidt } 374f67bedddSMatthias Schmidt 375405f48eeSSimon Schubert fd = open_connection(host); 376f67bedddSMatthias Schmidt if (fd < 0) 377f67bedddSMatthias Schmidt return (1); 378f67bedddSMatthias Schmidt 3796ef9fe01SMatthias Schmidt /* Check first reply from remote host */ 3806ef9fe01SMatthias Schmidt config->features |= NOSSL; 3817b68d8aeSMatthias Schmidt res = read_remote(fd, 0, NULL); 3826ef9fe01SMatthias Schmidt if (res != 2) { 383405f48eeSSimon Schubert syslog(LOG_WARNING, "Invalid initial response: %i", res); 3846ef9fe01SMatthias Schmidt return(1); 3856ef9fe01SMatthias Schmidt } 3866ef9fe01SMatthias Schmidt config->features &= ~NOSSL; 3876ef9fe01SMatthias Schmidt 388f67bedddSMatthias Schmidt if ((config->features & SECURETRANS) != 0) { 389405f48eeSSimon Schubert error = smtp_init_crypto(fd, config->features); 390f67bedddSMatthias Schmidt if (error >= 0) 391405f48eeSSimon Schubert syslog(LOG_DEBUG, "SSL initialization successful"); 392f67bedddSMatthias Schmidt else 393f67bedddSMatthias Schmidt goto out; 394f67bedddSMatthias Schmidt } 39566674731SSimon Schubert 396*c21e2cfdSSimon Schubert /* XXX allow HELO fallback */ 397*c21e2cfdSSimon Schubert /* XXX record ESMTP keywords */ 398f67bedddSMatthias Schmidt send_remote_command(fd, "EHLO %s", hostname()); 3997b68d8aeSMatthias Schmidt if (read_remote(fd, 0, NULL) != 2) { 400405f48eeSSimon Schubert syslog(LOG_WARNING, "remote delivery deferred: EHLO failed: %s", neterr); 4015868e44cSSimon Schubert asprintf(errmsgc, "%s did not like our EHLO:\n%s", 40239f7c85aSSimon Schubert host, neterr); 403f67bedddSMatthias Schmidt return (-1); 404f67bedddSMatthias Schmidt } 405f67bedddSMatthias Schmidt 406f67bedddSMatthias Schmidt /* 407f67bedddSMatthias Schmidt * Use SMTP authentication if the user defined an entry for the remote 408f67bedddSMatthias Schmidt * or smarthost 409f67bedddSMatthias Schmidt */ 410f67bedddSMatthias Schmidt SLIST_FOREACH(a, &authusers, next) { 411f67bedddSMatthias Schmidt if (strcmp(a->host, host) == 0) { 412f67bedddSMatthias Schmidt do_auth = 1; 413f67bedddSMatthias Schmidt break; 414f67bedddSMatthias Schmidt } 415f67bedddSMatthias Schmidt } 416f67bedddSMatthias Schmidt 417f67bedddSMatthias Schmidt if (do_auth == 1) { 418b558d098SMatthias Schmidt /* 419b558d098SMatthias Schmidt * Check if the user wants plain text login without using 420b558d098SMatthias Schmidt * encryption. 421b558d098SMatthias Schmidt */ 422405f48eeSSimon Schubert syslog(LOG_INFO, "using SMTP authentication"); 423405f48eeSSimon Schubert error = smtp_login(fd, a->login, a->password); 424f67bedddSMatthias Schmidt if (error < 0) { 425405f48eeSSimon Schubert syslog(LOG_ERR, "remote delivery failed:" 426405f48eeSSimon Schubert " SMTP login failed: %m"); 4275868e44cSSimon Schubert asprintf(errmsgc, "SMTP login to %s failed", host); 428f67bedddSMatthias Schmidt return (-1); 429f67bedddSMatthias Schmidt } 430f67bedddSMatthias Schmidt /* SMTP login is not available, so try without */ 431405f48eeSSimon Schubert else if (error > 0) { 432405f48eeSSimon Schubert syslog(LOG_WARNING, "SMTP login not available. Trying without."); 433405f48eeSSimon Schubert } 434b558d098SMatthias Schmidt } 435f67bedddSMatthias Schmidt 4367dfd2fd8SSimon Schubert #define READ_REMOTE_CHECK(c, exp) \ 4377dfd2fd8SSimon Schubert res = read_remote(fd, 0, NULL); \ 4387dfd2fd8SSimon Schubert if (res == 5) { \ 439405f48eeSSimon Schubert syslog(LOG_ERR, "remote delivery failed: " \ 440405f48eeSSimon Schubert c " failed: %s", neterr); \ 4415868e44cSSimon Schubert asprintf(errmsgc, "%s did not like our " c ":\n%s", \ 44239f7c85aSSimon Schubert host, neterr); \ 4437dfd2fd8SSimon Schubert return (-1); \ 4447dfd2fd8SSimon Schubert } else if (res != exp) { \ 445405f48eeSSimon Schubert syslog(LOG_NOTICE, "remote delivery deferred: " \ 446405f48eeSSimon Schubert c " failed: %s", neterr); \ 4477dfd2fd8SSimon Schubert return (1); \ 448f67bedddSMatthias Schmidt } 449f67bedddSMatthias Schmidt 450*c21e2cfdSSimon Schubert /* XXX send ESMTP ENVID, RET (FULL/HDRS) and 8BITMIME */ 4517dfd2fd8SSimon Schubert send_remote_command(fd, "MAIL FROM:<%s>", it->sender); 4527dfd2fd8SSimon Schubert READ_REMOTE_CHECK("MAIL FROM", 2); 4537dfd2fd8SSimon Schubert 454*c21e2cfdSSimon Schubert /* XXX send ESMTP ORCPT */ 455f67bedddSMatthias Schmidt send_remote_command(fd, "RCPT TO:<%s>", it->addr); 4567dfd2fd8SSimon Schubert READ_REMOTE_CHECK("RCPT TO", 2); 457f67bedddSMatthias Schmidt 458f67bedddSMatthias Schmidt send_remote_command(fd, "DATA"); 4597dfd2fd8SSimon Schubert READ_REMOTE_CHECK("DATA", 3); 460f67bedddSMatthias Schmidt 4610caaabf6SSimon Schubert error = 0; 462f4e61a9fSSimon 'corecode' Schubert while (!feof(it->mailf)) { 463f4e61a9fSSimon 'corecode' Schubert if (fgets(line, sizeof(line), it->mailf) == NULL) 464f67bedddSMatthias Schmidt break; 465f67bedddSMatthias Schmidt linelen = strlen(line); 466f67bedddSMatthias Schmidt if (linelen == 0 || line[linelen - 1] != '\n') { 467405f48eeSSimon Schubert syslog(LOG_CRIT, "remote delivery failed: corrupted queue file"); 4685868e44cSSimon Schubert *errmsg = "corrupted queue file"; 469f67bedddSMatthias Schmidt error = -1; 470f67bedddSMatthias Schmidt goto out; 471f67bedddSMatthias Schmidt } 472f67bedddSMatthias Schmidt 473f67bedddSMatthias Schmidt /* Remove trailing \n's and escape leading dots */ 474f67bedddSMatthias Schmidt trim_line(line); 475f67bedddSMatthias Schmidt 476f67bedddSMatthias Schmidt /* 477f67bedddSMatthias Schmidt * If the first character is a dot, we escape it so the line 478f67bedddSMatthias Schmidt * length increases 479f67bedddSMatthias Schmidt */ 480f67bedddSMatthias Schmidt if (line[0] == '.') 481f67bedddSMatthias Schmidt linelen++; 482f67bedddSMatthias Schmidt 483f67bedddSMatthias Schmidt if (send_remote_command(fd, "%s", line) != (ssize_t)linelen+1) { 484405f48eeSSimon Schubert syslog(LOG_NOTICE, "remote delivery deferred: write error"); 485f67bedddSMatthias Schmidt error = 1; 486f67bedddSMatthias Schmidt goto out; 487f67bedddSMatthias Schmidt } 488f67bedddSMatthias Schmidt } 489f67bedddSMatthias Schmidt 490f67bedddSMatthias Schmidt send_remote_command(fd, "."); 4917dfd2fd8SSimon Schubert READ_REMOTE_CHECK("final DATA", 2); 492f67bedddSMatthias Schmidt 493f67bedddSMatthias Schmidt send_remote_command(fd, "QUIT"); 4946cfc247dSSimon Schubert if (read_remote(fd, 0, NULL) != 2) 495405f48eeSSimon Schubert syslog(LOG_INFO, "remote delivery succeeded but QUIT failed: %s", neterr); 496f67bedddSMatthias Schmidt out: 497f67bedddSMatthias Schmidt 49810eeb0dfSSimon Schubert close_connection(fd); 499f67bedddSMatthias Schmidt return (error); 500f67bedddSMatthias Schmidt } 501f67bedddSMatthias Schmidt 502