static void
mta_status(struct mta_session *s, int connerr, const char *fmt, ...)
{
struct envelope *e;
char *status;
va_list ap;
va_start(ap, fmt);
if (vasprintf(&status, fmt, ap) == -1)
fatal("vasprintf");
va_end(ap);
if (s->task) {
while((e = TAILQ_FIRST(&s->task->envelopes)))
mta_envelope_done(s->task, e, status);
free(s->task);
s->task = NULL;
stat_decrement("mta.task.running", 1);
}
if (connerr)
mta_route_error(s->route, status);
free(status);
}
static void
mta_error(struct mta_session *s, const char *fmt, ...)
{
va_list ap;
char *error;
int len;
va_start(ap, fmt);
if ((len = vasprintf(&error, fmt, ap)) == -1)
fatal("mta: vasprintf");
va_end(ap);
if (s->msgcount)
log_info("smtp-out: Error on session %016"PRIx64
" after %zu message%s sent: %s", s->id, s->msgcount,
(s->msgcount > 1) ? "s" : "", error);
else
log_info("smtp-out: Error on session %016"PRIx64 ": %s",
s->id, error);
/*
* If not connected yet, and the error is not local, just ignore it
* and try to reconnect.
*/
if (s->state == MTA_INIT &&
(errno == ETIMEDOUT || errno == ECONNREFUSED)) {
log_debug("debug: mta: not reporting route error yet");
free(error);
return;
}
mta_route_error(s->relay, s->route);
if (s->task)
mta_flush_task(s, IMSG_DELIVERY_TEMPFAIL, error, 0, 0);
free(error);
}
static void
mta_enter_state(struct mta_session *s, int newstate)
{
int oldstate;
struct secret secret;
struct mta_route *route;
struct mta_host *host;
struct sockaddr *sa;
int max_reuse;
ssize_t q;
#ifdef VALGRIND
bzero(&batch, sizeof(batch));
#endif
again:
oldstate = s->state;
log_trace(TRACE_MTA, "mta: %p: %s -> %s", s,
mta_strstate(oldstate),
mta_strstate(newstate));
s->state = newstate;
/* don't try this at home! */
#define mta_enter_state(_s, _st) do { newstate = _st; goto again; } while(0)
switch (s->state) {
case MTA_INIT:
if (s->route->auth)
mta_enter_state(s, MTA_SECRET);
else
mta_enter_state(s, MTA_MX);
break;
case MTA_DATA:
/*
* Obtain message body fd.
*/
imsg_compose_event(env->sc_ievs[PROC_QUEUE],
IMSG_QUEUE_MESSAGE_FD, s->task->msgid, 0, -1,
&s->id, sizeof(s->id));
break;
case MTA_SECRET:
/*
* Lookup AUTH secret.
*/
bzero(&secret, sizeof(secret));
secret.id = s->id;
strlcpy(secret.mapname, s->route->auth, sizeof(secret.mapname));
strlcpy(secret.host, s->route->hostname, sizeof(secret.host));
imsg_compose_event(env->sc_ievs[PROC_LKA], IMSG_LKA_SECRET,
0, 0, -1, &secret, sizeof(secret));
break;
case MTA_MX:
/*
* Lookup MX record.
*/
if (s->flags & MTA_FORCE_MX) /* XXX */
dns_query_host(s->route->hostname, s->route->port, s->id);
else
dns_query_mx(s->route->hostname, s->route->backupname, 0, s->id);
break;
case MTA_CONNECT:
/*
* Connect to the MX.
*/
/* cleanup previous connection if any */
iobuf_clear(&s->iobuf);
io_clear(&s->io);
if (s->flags & MTA_FORCE_ANYSSL)
max_reuse = 2;
else
max_reuse = 1;
/* pick next mx */
while ((host = TAILQ_FIRST(&s->hosts))) {
if (host->used == max_reuse) {
TAILQ_REMOVE(&s->hosts, host, entry);
free(host);
continue;
}
host->used++;
log_debug("mta: %p: connecting to %s...", s,
ss_to_text(&host->sa));
sa = (struct sockaddr *)&host->sa;
if (s->route->port)
sa_set_port(sa, s->route->port);
else if ((s->flags & MTA_FORCE_ANYSSL) && host->used == 1)
sa_set_port(sa, 465);
else if (s->flags & MTA_FORCE_SMTPS)
sa_set_port(sa, 465);
else
sa_set_port(sa, 25);
iobuf_xinit(&s->iobuf, 0, 0, "mta_enter_state");
io_init(&s->io, -1, s, mta_io, &s->iobuf);
io_set_timeout(&s->io, 10000);
if (io_connect(&s->io, sa, NULL) == -1) {
log_debug("mta: %p: connection failed: %s", s,
strerror(errno));
iobuf_clear(&s->iobuf);
/*
* This error is most likely a "no route",
* so there is no need to try the same
* relay again.
*/
TAILQ_REMOVE(&s->hosts, host, entry);
free(host);
continue;
}
return;
}
/* tried them all? */
mta_route_error(s->route, "150 Can not connect to MX");
mta_enter_state(s, MTA_DONE);
break;
case MTA_DONE:
/*
* Kill the mta session.
*/
log_debug("mta: %p: session done", s);
io_clear(&s->io);
iobuf_clear(&s->iobuf);
if (s->task)
fatalx("current task should have been deleted already");
if (s->datafp)
fclose(s->datafp);
s->datafp = NULL;
while ((host = TAILQ_FIRST(&s->hosts))) {
TAILQ_REMOVE(&s->hosts, host, entry);
free(host);
}
route = s->route;
tree_xpop(&sessions, s->id);
free(s);
stat_decrement("mta.session", 1);
mta_route_collect(route);
break;
case MTA_SMTP_BANNER:
/* just wait for banner */
s->is_reading = 1;
io_set_read(&s->io);
break;
case MTA_SMTP_EHLO:
s->ext = 0;
mta_send(s, "EHLO %s", env->sc_hostname);
break;
case MTA_SMTP_HELO:
s->ext = 0;
mta_send(s, "HELO %s", env->sc_hostname);
break;
case MTA_SMTP_STARTTLS:
if (s->flags & MTA_TLS) /* already started */
mta_enter_state(s, MTA_SMTP_AUTH);
else if ((s->ext & MTA_EXT_STARTTLS) == 0)
/* server doesn't support starttls, do not use it */
mta_enter_state(s, MTA_SMTP_AUTH);
else
mta_send(s, "STARTTLS");
break;
case MTA_SMTP_AUTH:
if (s->secret && s->flags & MTA_TLS)
mta_send(s, "AUTH PLAIN %s", s->secret);
else if (s->secret) {
log_debug("mta: %p: not using AUTH on non-TLS session",
s);
mta_enter_state(s, MTA_CONNECT);
} else {
mta_enter_state(s, MTA_SMTP_READY);
}
break;
case MTA_SMTP_READY:
/* ready to send a new mail */
if (s->ready == 0) {
s->ready = 1;
mta_route_ok(s->route);
}
if (s->msgcount >= s->route->maxmail) {
log_debug("mta: %p: cannot send more message to %s", s,
mta_route_to_text(s->route));
mta_enter_state(s, MTA_SMTP_QUIT);
} else if ((s->task = TAILQ_FIRST(&s->route->tasks))) {
log_debug("mta: %p: handling next task for %s", s,
mta_route_to_text(s->route));
TAILQ_REMOVE(&s->route->tasks, s->task, entry);
s->route->ntask -= 1;
s->task->session = s;
stat_decrement("mta.task", 1);
stat_increment("mta.task.running", 1);
mta_enter_state(s, MTA_DATA);
} else {
log_debug("mta: %p: no pending task for %s", s,
mta_route_to_text(s->route));
/* XXX stay open for a while? */
mta_enter_state(s, MTA_SMTP_QUIT);
}
break;
case MTA_SMTP_MAIL:
if (s->task->sender.user[0] && s->task->sender.domain[0])
mta_send(s, "MAIL FROM: <%s@%s>",
s->task->sender.user, s->task->sender.domain);
else
mta_send(s, "MAIL FROM: <>");
break;
case MTA_SMTP_RCPT:
if (s->currevp == NULL)
s->currevp = TAILQ_FIRST(&s->task->envelopes);
mta_send(s, "RCPT TO: <%s@%s>",
s->currevp->dest.user,
s->currevp->dest.domain);
break;
case MTA_SMTP_DATA:
fseek(s->datafp, 0, SEEK_SET);
mta_send(s, "DATA");
break;
case MTA_SMTP_BODY:
if (s->datafp == NULL) {
log_trace(TRACE_MTA, "mta: %p: end-of-file", s);
mta_enter_state(s, MTA_SMTP_DONE);
break;
}
if ((q = mta_queue_data(s)) == -1) {
mta_enter_state(s, MTA_DONE);
break;
}
log_trace(TRACE_MTA, "mta: %p: >>> [...%zi bytes...]", s, q);
break;
case MTA_SMTP_DONE:
mta_send(s, ".");
break;
case MTA_SMTP_QUIT:
mta_send(s, "QUIT");
break;
case MTA_SMTP_RSET:
mta_send(s, "RSET");
break;
default:
fatalx("mta_enter_state: unknown state");
}
#undef mta_enter_state
}
/*
* Handle a response to an SMTP command
*/
static void
mta_response(struct mta_session *s, char *line)
{
void *ssl;
struct envelope *evp;
switch (s->state) {
case MTA_SMTP_BANNER:
mta_enter_state(s, MTA_SMTP_EHLO);
break;
case MTA_SMTP_EHLO:
if (line[0] != '2') {
if ((s->flags & MTA_USE_AUTH) ||
!(s->flags & MTA_ALLOW_PLAIN)) {
mta_route_error(s->route, line);
mta_enter_state(s, MTA_DONE);
return;
}
mta_enter_state(s, MTA_SMTP_HELO);
return;
}
mta_enter_state(s, MTA_SMTP_STARTTLS);
break;
case MTA_SMTP_HELO:
if (line[0] != '2') {
mta_route_error(s->route, line);
mta_enter_state(s, MTA_DONE);
return;
}
mta_enter_state(s, MTA_SMTP_READY);
break;
case MTA_SMTP_STARTTLS:
if (line[0] != '2') {
if (s->flags & MTA_ALLOW_PLAIN) {
mta_enter_state(s, MTA_SMTP_AUTH);
return;
}
/* stop here if ssl can't be used */
mta_route_error(s->route, line);
mta_enter_state(s, MTA_DONE);
return;
}
ssl = ssl_mta_init(s->ssl);
if (ssl == NULL)
fatal("mta: ssl_mta_init");
s->is_reading = 0;
io_set_write(&s->io);
io_start_tls(&s->io, ssl);
break;
case MTA_SMTP_AUTH:
if (line[0] != '2') {
mta_route_error(s->route, line);
mta_enter_state(s, MTA_DONE);
return;
}
mta_enter_state(s, MTA_SMTP_READY);
break;
case MTA_SMTP_MAIL:
if (line[0] != '2') {
mta_status(s, 0, line);
mta_enter_state(s, MTA_SMTP_RSET);
return;
}
mta_enter_state(s, MTA_SMTP_RCPT);
break;
case MTA_SMTP_RCPT:
evp = s->currevp;
s->currevp = TAILQ_NEXT(s->currevp, entry);
if (line[0] != '2') {
mta_envelope_done(s->task, evp, line);
if (TAILQ_EMPTY(&s->task->envelopes)) {
free(s->task);
s->task = NULL;
stat_decrement("mta.task.running", 1);
mta_enter_state(s, MTA_SMTP_RSET);
break;
}
}
if (s->currevp == NULL)
mta_enter_state(s, MTA_SMTP_DATA);
else
mta_enter_state(s, MTA_SMTP_RCPT);
break;
case MTA_SMTP_DATA:
if (line[0] != '2' && line[0] != '3') {
mta_status(s, 0, line);
mta_enter_state(s, MTA_SMTP_RSET);
return;
}
mta_enter_state(s, MTA_SMTP_BODY);
break;
case MTA_SMTP_DONE:
mta_status(s, 0, line);
if (line[0] == '2')
s->msgcount++;
mta_enter_state(s, MTA_SMTP_READY);
break;
case MTA_SMTP_RSET:
mta_enter_state(s, MTA_SMTP_READY);
break;
default:
fatalx("mta_response() bad state");
}
}
void
mta_session_imsg(struct imsgev *iev, struct imsg *imsg)
{
uint64_t id;
struct mta_session *s;
struct mta_host *host;
struct secret *secret;
struct dns *dns;
const char *error;
void *ptr;
switch(imsg->hdr.type) {
case IMSG_QUEUE_MESSAGE_FD:
id = *(uint64_t*)(imsg->data);
if (imsg->fd == -1)
fatalx("mta: cannot obtain msgfd");
s = tree_xget(&sessions, id);
s->datafp = fdopen(imsg->fd, "r");
if (s->datafp == NULL)
fatal("mta: fdopen");
if (mta_check_loop(s->datafp)) {
log_debug("mta: loop detected");
fclose(s->datafp);
s->datafp = NULL;
mta_status(s, 0, "646 Loop detected");
mta_enter_state(s, MTA_SMTP_READY);
} else {
mta_enter_state(s, MTA_SMTP_MAIL);
}
return;
case IMSG_LKA_SECRET:
/* LKA responded to AUTH lookup. */
secret = imsg->data;
s = tree_xget(&sessions, secret->id);
s->secret = xstrdup(secret->secret, "mta: secret");
if (s->secret[0] == '\0') {
mta_route_error(s->route, "secrets lookup failed");
mta_enter_state(s, MTA_DONE);
} else
mta_enter_state(s, MTA_MX);
return;
case IMSG_DNS_HOST:
dns = imsg->data;
s = tree_xget(&sessions, dns->id);
host = xcalloc(1, sizeof *host, "mta: host");
host->sa = dns->ss;
TAILQ_INSERT_TAIL(&s->hosts, host, entry);
return;
case IMSG_DNS_HOST_END:
/* LKA responded to DNS lookup. */
dns = imsg->data;
s = tree_xget(&sessions, dns->id);
if (!dns->error) {
mta_enter_state(s, MTA_CONNECT);
return;
}
if (dns->error == DNS_RETRY)
error = "100 MX lookup failed temporarily";
else if (dns->error == DNS_EINVAL)
error = "600 Invalid domain name";
else if (dns->error == DNS_ENONAME)
error = "600 Domain does not exist";
else if (dns->error == DNS_ENOTFOUND)
error = "600 No MX address found for domain";
else
error = "100 Weird error";
mta_route_error(s->route, error);
mta_enter_state(s, MTA_CONNECT);
return;
case IMSG_DNS_PTR:
dns = imsg->data;
s = tree_xget(&sessions, dns->id);
host = TAILQ_FIRST(&s->hosts);
if (dns->error)
strlcpy(host->fqdn, "<unknown>", sizeof host->fqdn);
else
strlcpy(host->fqdn, dns->host, sizeof host->fqdn);
log_debug("mta: %p: connected to %s", s, host->fqdn);
/* check if we need to start tls now... */
if (((s->flags & MTA_FORCE_ANYSSL) && host->used == 1) ||
(s->flags & MTA_FORCE_SMTPS)) {
log_debug("mta: %p: trying smtps (ssl=%p)...", s, s->ssl);
if ((ptr = ssl_mta_init(s->ssl)) == NULL)
fatalx("mta: ssl_mta_init");
io_start_tls(&s->io, ptr);
} else {
mta_enter_state(s, MTA_SMTP_BANNER);
}
break;
default:
errx(1, "mta_session_imsg: unexpected %s imsg",
imsg_to_str(imsg->hdr.type));
}
}
