3 * Copyright (C) Igor Sysoev
7 #include <ngx_config.h>
11 #include <ngx_mail_smtp_module.h>
14 static void ngx_mail_smtp_resolve_addr_handler(ngx_resolver_ctx_t *ctx);
15 static void ngx_mail_smtp_resolve_name_handler(ngx_resolver_ctx_t *ctx);
16 static void ngx_mail_smtp_greeting(ngx_mail_session_t *s, ngx_connection_t *c);
17 static void ngx_mail_smtp_invalid_pipelining(ngx_event_t *rev);
18 static ngx_int_t ngx_mail_smtp_create_buffer(ngx_mail_session_t *s,
21 static ngx_int_t ngx_mail_smtp_helo(ngx_mail_session_t *s, ngx_connection_t *c);
22 static ngx_int_t ngx_mail_smtp_auth(ngx_mail_session_t *s, ngx_connection_t *c);
23 static ngx_int_t ngx_mail_smtp_mail(ngx_mail_session_t *s, ngx_connection_t *c);
24 static ngx_int_t ngx_mail_smtp_starttls(ngx_mail_session_t *s,
26 static ngx_int_t ngx_mail_smtp_rset(ngx_mail_session_t *s, ngx_connection_t *c);
27 static ngx_int_t ngx_mail_smtp_rcpt(ngx_mail_session_t *s, ngx_connection_t *c);
29 static ngx_int_t ngx_mail_smtp_discard_command(ngx_mail_session_t *s,
30 ngx_connection_t *c, char *err);
31 static void ngx_mail_smtp_log_rejected_command(ngx_mail_session_t *s,
32 ngx_connection_t *c, char *err);
35 static u_char smtp_ok[] = "250 2.0.0 OK" CRLF;
36 static u_char smtp_bye[] = "221 2.0.0 Bye" CRLF;
37 static u_char smtp_starttls[] = "220 2.0.0 Start TLS" CRLF;
38 static u_char smtp_next[] = "334 " CRLF;
39 static u_char smtp_username[] = "334 VXNlcm5hbWU6" CRLF;
40 static u_char smtp_password[] = "334 UGFzc3dvcmQ6" CRLF;
41 static u_char smtp_invalid_command[] = "500 5.5.1 Invalid command" CRLF;
42 static u_char smtp_invalid_pipelining[] =
43 "503 5.5.0 Improper use of SMTP command pipelining" CRLF;
44 static u_char smtp_invalid_argument[] = "501 5.5.4 Invalid argument" CRLF;
45 static u_char smtp_auth_required[] = "530 5.7.1 Authentication required" CRLF;
46 static u_char smtp_bad_sequence[] = "503 5.5.1 Bad sequence of commands" CRLF;
49 static ngx_str_t smtp_unavailable = ngx_string("[UNAVAILABLE]");
50 static ngx_str_t smtp_tempunavail = ngx_string("[TEMPUNAVAIL]");
54 ngx_mail_smtp_init_session(ngx_mail_session_t *s, ngx_connection_t *c)
56 struct sockaddr_in *sin;
57 ngx_resolver_ctx_t *ctx;
58 ngx_mail_core_srv_conf_t *cscf;
60 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
62 if (cscf->resolver == NULL) {
63 s->host = smtp_unavailable;
64 ngx_mail_smtp_greeting(s, c);
68 c->log->action = "in resolving client address";
70 ctx = ngx_resolve_start(cscf->resolver, NULL);
72 ngx_mail_close_connection(c);
78 sin = (struct sockaddr_in *) c->sockaddr;
80 ctx->addr = sin->sin_addr.s_addr;
81 ctx->handler = ngx_mail_smtp_resolve_addr_handler;
83 ctx->timeout = cscf->resolver_timeout;
85 if (ngx_resolve_addr(ctx) != NGX_OK) {
86 ngx_mail_close_connection(c);
92 ngx_mail_smtp_resolve_addr_handler(ngx_resolver_ctx_t *ctx)
95 ngx_mail_session_t *s;
96 ngx_mail_core_srv_conf_t *cscf;
102 ngx_log_error(NGX_LOG_ERR, c->log, 0,
103 "%V could not be resolved (%i: %s)",
104 &c->addr_text, ctx->state,
105 ngx_resolver_strerror(ctx->state));
107 if (ctx->state == NGX_RESOLVE_NXDOMAIN) {
108 s->host = smtp_unavailable;
111 s->host = smtp_tempunavail;
114 ngx_resolve_addr_done(ctx);
116 ngx_mail_smtp_greeting(s, s->connection);
121 c->log->action = "in resolving client hostname";
123 s->host.data = ngx_pstrdup(c->pool, &ctx->name);
124 if (s->host.data == NULL) {
125 ngx_resolve_addr_done(ctx);
126 ngx_mail_close_connection(c);
130 s->host.len = ctx->name.len;
132 ngx_resolve_addr_done(ctx);
134 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
135 "address resolved: %V", &s->host);
137 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
139 ctx = ngx_resolve_start(cscf->resolver, NULL);
141 ngx_mail_close_connection(c);
146 ctx->type = NGX_RESOLVE_A;
147 ctx->handler = ngx_mail_smtp_resolve_name_handler;
149 ctx->timeout = cscf->resolver_timeout;
151 if (ngx_resolve_name(ctx) != NGX_OK) {
152 ngx_mail_close_connection(c);
158 ngx_mail_smtp_resolve_name_handler(ngx_resolver_ctx_t *ctx)
163 struct sockaddr_in *sin;
164 ngx_mail_session_t *s;
170 ngx_log_error(NGX_LOG_ERR, c->log, 0,
171 "%V could not be resolved (%i: %s)",
172 &ctx->name, ctx->state,
173 ngx_resolver_strerror(ctx->state));
175 if (ctx->state == NGX_RESOLVE_NXDOMAIN) {
176 s->host = smtp_unavailable;
179 s->host = smtp_tempunavail;
186 sin = (struct sockaddr_in *) c->sockaddr;
188 for (i = 0; i < ctx->naddrs; i++) {
190 addr = ctx->addrs[i];
192 ngx_log_debug4(NGX_LOG_DEBUG_MAIL, c->log, 0,
193 "name was resolved to %ud.%ud.%ud.%ud",
194 (ntohl(addr) >> 24) & 0xff,
195 (ntohl(addr) >> 16) & 0xff,
196 (ntohl(addr) >> 8) & 0xff,
199 if (addr == sin->sin_addr.s_addr) {
204 s->host = smtp_unavailable;
209 ngx_resolve_name_done(ctx);
211 ngx_mail_smtp_greeting(s, c);
216 ngx_mail_smtp_greeting(ngx_mail_session_t *s, ngx_connection_t *c)
219 ngx_mail_core_srv_conf_t *cscf;
220 ngx_mail_smtp_srv_conf_t *sscf;
222 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
223 "smtp greeting for \"%V\"", &s->host);
225 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
226 sscf = ngx_mail_get_module_srv_conf(s, ngx_mail_smtp_module);
228 timeout = sscf->greeting_delay ? sscf->greeting_delay : cscf->timeout;
229 ngx_add_timer(c->read, timeout);
231 if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
232 ngx_mail_close_connection(c);
235 if (sscf->greeting_delay) {
236 c->read->handler = ngx_mail_smtp_invalid_pipelining;
240 c->read->handler = ngx_mail_smtp_init_protocol;
242 s->out = sscf->greeting;
244 ngx_mail_send(c->write);
249 ngx_mail_smtp_invalid_pipelining(ngx_event_t *rev)
252 ngx_mail_session_t *s;
253 ngx_mail_core_srv_conf_t *cscf;
254 ngx_mail_smtp_srv_conf_t *sscf;
259 c->log->action = "in delay pipelining state";
263 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "delay greeting");
267 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
269 c->read->handler = ngx_mail_smtp_init_protocol;
271 ngx_add_timer(c->read, cscf->timeout);
273 if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
274 ngx_mail_close_connection(c);
278 sscf = ngx_mail_get_module_srv_conf(s, ngx_mail_smtp_module);
280 s->out = sscf->greeting;
284 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "invalid pipelining");
286 if (s->buffer == NULL) {
287 if (ngx_mail_smtp_create_buffer(s, c) != NGX_OK) {
292 if (ngx_mail_smtp_discard_command(s, c,
293 "client was rejected before greeting: \"%V\"")
299 s->out.len = sizeof(smtp_invalid_pipelining) - 1;
300 s->out.data = smtp_invalid_pipelining;
303 ngx_mail_send(c->write);
308 ngx_mail_smtp_init_protocol(ngx_event_t *rev)
311 ngx_mail_session_t *s;
315 c->log->action = "in auth state";
318 ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
320 ngx_mail_close_connection(c);
326 if (s->buffer == NULL) {
327 if (ngx_mail_smtp_create_buffer(s, c) != NGX_OK) {
332 s->mail_state = ngx_smtp_start;
333 c->read->handler = ngx_mail_smtp_auth_state;
335 ngx_mail_smtp_auth_state(rev);
340 ngx_mail_smtp_create_buffer(ngx_mail_session_t *s, ngx_connection_t *c)
342 ngx_mail_smtp_srv_conf_t *sscf;
344 if (ngx_array_init(&s->args, c->pool, 2, sizeof(ngx_str_t)) == NGX_ERROR) {
345 ngx_mail_session_internal_server_error(s);
349 sscf = ngx_mail_get_module_srv_conf(s, ngx_mail_smtp_module);
351 s->buffer = ngx_create_temp_buf(c->pool, sscf->client_buffer_size);
352 if (s->buffer == NULL) {
353 ngx_mail_session_internal_server_error(s);
362 ngx_mail_smtp_auth_state(ngx_event_t *rev)
366 ngx_mail_session_t *s;
371 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "smtp auth state");
374 ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
376 ngx_mail_close_connection(c);
381 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "smtp send handler busy");
388 rc = ngx_mail_read_command(s, c);
390 if (rc == NGX_AGAIN || rc == NGX_ERROR) {
394 s->out.len = sizeof(smtp_ok) - 1;
395 s->out.data = smtp_ok;
398 switch (s->mail_state) {
402 switch (s->command) {
406 rc = ngx_mail_smtp_helo(s, c);
410 rc = ngx_mail_smtp_auth(s, c);
415 s->out.len = sizeof(smtp_bye) - 1;
416 s->out.data = smtp_bye;
420 rc = ngx_mail_smtp_mail(s, c);
424 rc = ngx_mail_smtp_rcpt(s, c);
428 rc = ngx_mail_smtp_rset(s, c);
434 case NGX_SMTP_STARTTLS:
435 rc = ngx_mail_smtp_starttls(s, c);
436 s->out.len = sizeof(smtp_starttls) - 1;
437 s->out.data = smtp_starttls;
441 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
447 case ngx_smtp_auth_login_username:
448 rc = ngx_mail_auth_login_username(s, c);
450 s->out.len = sizeof(smtp_password) - 1;
451 s->out.data = smtp_password;
452 s->mail_state = ngx_smtp_auth_login_password;
455 case ngx_smtp_auth_login_password:
456 rc = ngx_mail_auth_login_password(s, c);
459 case ngx_smtp_auth_plain:
460 rc = ngx_mail_auth_plain(s, c, 0);
463 case ngx_smtp_auth_cram_md5:
464 rc = ngx_mail_auth_cram_md5(s, c);
476 ngx_mail_session_internal_server_error(s);
479 case NGX_MAIL_PARSE_INVALID_COMMAND:
480 s->mail_state = ngx_smtp_start;
483 s->out.len = sizeof(smtp_invalid_command) - 1;
484 s->out.data = smtp_invalid_command;
490 s->buffer->pos = s->buffer->start;
491 s->buffer->last = s->buffer->start;
494 s->arg_start = s->buffer->start;
497 ngx_mail_send(c->write);
503 ngx_mail_smtp_helo(ngx_mail_session_t *s, ngx_connection_t *c)
506 ngx_mail_smtp_srv_conf_t *sscf;
508 if (s->args.nelts != 1) {
509 s->out.len = sizeof(smtp_invalid_argument) - 1;
510 s->out.data = smtp_invalid_argument;
517 s->smtp_helo.len = arg[0].len;
519 s->smtp_helo.data = ngx_pnalloc(c->pool, arg[0].len);
520 if (s->smtp_helo.data == NULL) {
524 ngx_memcpy(s->smtp_helo.data, arg[0].data, arg[0].len);
526 s->smtp_from.len = 0;
527 s->smtp_from.data = NULL;
529 s->smtp_to.data = NULL;
531 sscf = ngx_mail_get_module_srv_conf(s, ngx_mail_smtp_module);
533 if (s->command == NGX_SMTP_HELO) {
534 s->out = sscf->server_name;
541 if (c->ssl == NULL) {
542 ngx_mail_ssl_conf_t *sslcf;
544 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
546 if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) {
547 s->out = sscf->starttls_capability;
551 if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
552 s->out = sscf->starttls_only_capability;
558 s->out = sscf->capability;
566 ngx_mail_smtp_auth(ngx_mail_session_t *s, ngx_connection_t *c)
569 ngx_mail_core_srv_conf_t *cscf;
570 ngx_mail_smtp_srv_conf_t *sscf;
573 if (ngx_mail_starttls_only(s, c)) {
574 return NGX_MAIL_PARSE_INVALID_COMMAND;
578 if (s->args.nelts == 0) {
579 s->out.len = sizeof(smtp_invalid_argument) - 1;
580 s->out.data = smtp_invalid_argument;
585 rc = ngx_mail_auth_parse(s, c);
589 case NGX_MAIL_AUTH_LOGIN:
591 s->out.len = sizeof(smtp_username) - 1;
592 s->out.data = smtp_username;
593 s->mail_state = ngx_smtp_auth_login_username;
597 case NGX_MAIL_AUTH_PLAIN:
599 s->out.len = sizeof(smtp_next) - 1;
600 s->out.data = smtp_next;
601 s->mail_state = ngx_smtp_auth_plain;
605 case NGX_MAIL_AUTH_CRAM_MD5:
607 sscf = ngx_mail_get_module_srv_conf(s, ngx_mail_smtp_module);
609 if (!(sscf->auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)) {
610 return NGX_MAIL_PARSE_INVALID_COMMAND;
613 if (s->salt.data == NULL) {
614 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
616 if (ngx_mail_salt(s, c, cscf) != NGX_OK) {
621 if (ngx_mail_auth_cram_md5_salt(s, c, "334 ", 4) == NGX_OK) {
622 s->mail_state = ngx_smtp_auth_cram_md5;
634 ngx_mail_smtp_mail(ngx_mail_session_t *s, ngx_connection_t *c)
639 ngx_mail_smtp_srv_conf_t *sscf;
641 sscf = ngx_mail_get_module_srv_conf(s, ngx_mail_smtp_module);
643 if (!(sscf->auth_methods & NGX_MAIL_AUTH_NONE_ENABLED)) {
644 ngx_mail_smtp_log_rejected_command(s, c, "client was rejected: \"%V\"");
646 s->out.len = sizeof(smtp_auth_required) - 1;
647 s->out.data = smtp_auth_required;
654 if (s->smtp_from.len) {
655 s->out.len = sizeof(smtp_bad_sequence) - 1;
656 s->out.data = smtp_bad_sequence;
660 l.len = s->buffer->last - s->buffer->start;
661 l.data = s->buffer->start;
663 for (i = 0; i < l.len; i++) {
666 if (ch != CR && ch != LF) {
674 if (l.data[i - 1] != ' ') {
683 s->smtp_from.len = l.len;
685 s->smtp_from.data = ngx_pnalloc(c->pool, l.len);
686 if (s->smtp_from.data == NULL) {
690 ngx_memcpy(s->smtp_from.data, l.data, l.len);
692 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
693 "smtp mail from:\"%V\"", &s->smtp_from);
695 s->out.len = sizeof(smtp_ok) - 1;
696 s->out.data = smtp_ok;
703 ngx_mail_smtp_rcpt(ngx_mail_session_t *s, ngx_connection_t *c)
709 if (s->smtp_from.len == 0) {
710 s->out.len = sizeof(smtp_bad_sequence) - 1;
711 s->out.data = smtp_bad_sequence;
715 l.len = s->buffer->last - s->buffer->start;
716 l.data = s->buffer->start;
718 for (i = 0; i < l.len; i++) {
721 if (ch != CR && ch != LF) {
729 if (l.data[i - 1] != ' ') {
738 s->smtp_to.len = l.len;
740 s->smtp_to.data = ngx_pnalloc(c->pool, l.len);
741 if (s->smtp_to.data == NULL) {
745 ngx_memcpy(s->smtp_to.data, l.data, l.len);
747 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
748 "smtp rcpt to:\"%V\"", &s->smtp_to);
750 s->auth_method = NGX_MAIL_AUTH_NONE;
757 ngx_mail_smtp_rset(ngx_mail_session_t *s, ngx_connection_t *c)
759 s->smtp_from.len = 0;
760 s->smtp_from.data = NULL;
762 s->smtp_to.data = NULL;
764 s->out.len = sizeof(smtp_ok) - 1;
765 s->out.data = smtp_ok;
772 ngx_mail_smtp_starttls(ngx_mail_session_t *s, ngx_connection_t *c)
775 ngx_mail_ssl_conf_t *sslcf;
777 if (c->ssl == NULL) {
778 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
779 if (sslcf->starttls) {
782 * RFC3207 requires us to discard any knowledge
783 * obtained from client before STARTTLS.
786 s->smtp_helo.len = 0;
787 s->smtp_helo.data = NULL;
788 s->smtp_from.len = 0;
789 s->smtp_from.data = NULL;
791 s->smtp_to.data = NULL;
793 c->read->handler = ngx_mail_starttls_handler;
800 return NGX_MAIL_PARSE_INVALID_COMMAND;
805 ngx_mail_smtp_discard_command(ngx_mail_session_t *s, ngx_connection_t *c,
810 n = c->recv(c, s->buffer->last, s->buffer->end - s->buffer->last);
812 if (n == NGX_ERROR || n == 0) {
813 ngx_mail_close_connection(c);
818 s->buffer->last += n;
821 if (n == NGX_AGAIN) {
822 if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
823 ngx_mail_session_internal_server_error(s);
830 ngx_mail_smtp_log_rejected_command(s, c, err);
832 s->buffer->pos = s->buffer->start;
833 s->buffer->last = s->buffer->start;
840 ngx_mail_smtp_log_rejected_command(ngx_mail_session_t *s, ngx_connection_t *c,
847 if (c->log->log_level < NGX_LOG_INFO) {
851 cmd.len = s->buffer->last - s->buffer->start;
852 cmd.data = s->buffer->start;
854 for (i = 0; i < cmd.len; i++) {
857 if (ch != CR && ch != LF) {
866 ngx_log_error(NGX_LOG_INFO, c->log, 0, err, &cmd);