Lines Matching +full:mx +full:- +full:specific
2 * Copyright (c) 1998-2004, 2006, 2010, 2020-2023 Proofpoint, Inc. and its suppliers.
4 * Copyright (c) 1986, 1995-1997 Eric P. Allman. All rights reserved.
18 SM_RCSID("@(#)$Id: domain.c,v 8.205 2013-11-22 20:51:55 ca Exp $ (with name server)")
20 SM_RCSID("@(#)$Id: domain.c,v 8.205 2013-11-22 20:51:55 ca Exp $ (without name server)")
86 sm_dprintf("len=%u, %02x-%02x-%02x",
95 ** TLSA_RR_CMP -- Compare two TLSA RRs
98 ** rr1 -- TLSA RR (entry to be added)
99 ** l1 -- length of rr1
100 ** rr2 -- TLSA RR
101 ** l2 -- length of rr2
144 return preference[r1] - preference[r2];
161 return preference[r1] - preference[r2];
166 ** 0 -- Exact match
167 ** 1 -- SHA-256 hash
168 ** 2 -- SHA-512 hash
179 return preference[r1] - preference[r2];
194 /* new entry is unsupported? -> append */
197 /* current entry is unsupported? -> insert new one */
199 return -1;
207 ** TLSAINSERT -- Insert a TLSA RR
210 ** dane_tlsa -- dane_tlsa entry
211 ** rr -- TLSA RR
212 ** pn -- (point to) number of entries
233 r1 = rr->rr_u.rr_data;
234 l1 = rr->rr_size;
241 r = tlsa_rr_cmp(r1, l1, dane_tlsa->dane_tlsa_rr[i],
242 dane_tlsa->dane_tlsa_len[i]);
256 j = MAX_TLSA_RR - 1;
257 SM_FREE(dane_tlsa->dane_tlsa_rr[j]);
258 dane_tlsa->dane_tlsa_len[j] = 0;
263 for (j = MAX_TLSA_RR - 2; j >= i; j--)
265 dane_tlsa->dane_tlsa_rr[j + 1] = dane_tlsa->dane_tlsa_rr[j];
266 dane_tlsa->dane_tlsa_len[j + 1] = dane_tlsa->dane_tlsa_len[j];
269 dane_tlsa->dane_tlsa_rr[i] = r1;
270 dane_tlsa->dane_tlsa_len[i] = l1;
278 dane_tlsa->dane_tlsa_rr[*pn] = r1;
279 dane_tlsa->dane_tlsa_len[*pn] = l1;
293 rr->rr_u.rr_data = NULL;
299 ** TLSAADD -- add TLSA records to dane_tlsa entry
302 ** name -- key for stab entry (for debugging output)
303 ** dr -- DNS reply
304 ** dane_tlsa -- dane_tlsa entry
305 ** dnsrc -- DNS lookup return code (h_errno)
306 ** nr -- current number of TLSA records in dane_tlsa entry
307 ** pttl -- (pointer to) TTL (in/out)
308 ** level -- recursion level (CNAMEs)
338 name, dane_tlsa->dane_tlsa_dnsrc, dnsrc);
341 dane_tlsa->dane_tlsa_dnsrc = dnsrc;
344 *pttl = tTdlevel(8)-110; /* how to make this an option? */
353 if (dr->dns_r_h.ad != 1 && Dane == DANE_SECURE) /* not secure? */
359 for (rr = dr->dns_r_head; rr != NULL; rr = rr->rr_next)
363 if (rr->rr_type != T_TLSA)
365 if (rr->rr_type != T_CNAME && tTd(8, 8))
367 dns_type_to_string(rr->rr_type));
370 tlsa_chk = dane_tlsa_chk(rr->rr_u.rr_data, rr->rr_size, name,
388 tlsa_rr_print(rr->rr_u.rr_data, rr->rr_size);
397 if (ttl > rr->rr_ttl && rr->rr_ttl > 0)
398 ttl = rr->rr_ttl;
409 tlsa_rr_print(dane_tlsa->dane_tlsa_rr[ui],
410 dane_tlsa->dane_tlsa_len[ui]);
421 for (rr = dr->dns_r_head; rr != NULL && nprev == nr; rr = rr->rr_next)
426 if (rr->rr_type != T_CNAME)
432 name, rr->rr_u.rr_txt, level);
436 drc = dns_lookup_int(rr->rr_u.rr_txt, C_IN, T_TLSA, 0, 0,
442 name, rr->rr_u.rr_txt, level,
443 (void *)drc, drc != NULL ? drc->dns_r_h.ad : -1,
463 ** GETTLSA -- get TLSA records for named host using DNS
466 ** host -- host
467 ** name -- name for stab entry key (if NULL: host)
468 ** pste -- (pointer to) stab entry (output)
469 ** flags -- TLSAFL*
470 ** mxttl -- TTL of MX (or host)
471 ** port -- port number used in TLSA queries (_PORT._tcp.)
514 ** If host->MX lookup was not secure then do not look up TLSA RRs.
516 ** it is (SHOULD!) NOT stored in dane_tlsa->dane_tlsa_flags
533 if (len > 1 && name[len - 1] == '.')
535 len--;
539 len = -1;
550 dane_tlsa = ste->s_tlsa;
553 // /* Do not reload TLSA RRs if the MX RRs were not securely retrieved. */
564 …printf("gettlsa: host=%s, found-ste=%p, ste_flags=%#lx, expired=%d\n", host, ste, ste->s_tlsa->dan…
565 if (dane_tlsa->dane_tlsa_exp <= now
573 n_rrs = dane_tlsa->dane_tlsa_n;
587 n_rrs = -ENOMEM;
593 /* There are flags to store -- just set those, do nothing else. */
596 dane_tlsa->dane_tlsa_flags = flags;
608 /* disabled -- what to do with these two counters? log them "somewhere"? */
615 // for (rr = dr->dns_r_head; rr != NULL; rr = rr->rr_next)
619 // if (rr->rr_type != T_TLSA)
622 // tlsa_chk = dane_tlsa_chk(rr->rr_u.rr_data,
623 // rr->rr_size, name, false);
633 dr != NULL ? dr->dns_r_h.ad : -1, err, herr);
643 host, n_rrs, dane_tlsa->dane_tlsa_dnsrc);
648 dane_tlsa->dane_tlsa_n = n_rrs;
651 SM_FREE(dane_tlsa->dane_tlsa_sni);
652 dane_tlsa->dane_tlsa_sni = sm_strdup(host);
660 ste->s_tlsa = dane_tlsa;
663 dane_tlsa->dane_tlsa_exp = now + SM_MIN(ttl, SM_DEFAULT_TTL);
671 n_rrs = -1;
688 ** GETFALLBACKMXRR -- get MX resource records for fallback MX host.
697 ** host -- the name of the fallback MX host.
700 ** number of MX records.
707 int NumFallbackMXHosts = 0; /* Number of fallback MX hosts (after MX expansion) */
764 ** FALLBACKMXRR -- add MX resource records for fallback MX host to list.
767 ** nmx -- current number of MX records.
768 ** prefs -- array of preferences.
769 ** mxhosts -- array of MX hosts (maximum size: MAXMXHOSTS)
772 ** new number of MX records.
775 ** If FallbackMX was set, it appends the MX records for
790 prefs[nmx] = prefs[nmx - 1] + 1;
801 ** HN2ALABEL -- convert hostname in U-label format to A-label format
804 ** hostname -- hostname in U-label format
807 ** hostname in A-label format in a local static buffer.
824 buf, sizeof(buf) - 1,
832 ** GETMXRR -- get MX resource records for a domain
835 ** host -- the name of the host to MX [must be x]
836 ** mxhosts -- a pointer to a return buffer of MX records.
837 ** mxprefs -- a pointer to a return buffer of MX preferences.
839 ** flags -- flags:
840 ** DROPLOCALHOST -- If true, all MX records less preferred
843 ** TRYFALLBACK -- add also fallback MX host?
844 ** ISAD -- host lookup was secure?
845 ** rcode -- a pointer to an EX_ status code.
846 ** pttl -- pointer to return TTL (can be NULL).
847 ** port -- port number used in TLSA queries (_PORT._tcp.)
848 ** pad -- (output parameter, pointer to) AD flag (can be NULL)
851 ** The number of MX records found.
852 ** -1 if there is an internal failure.
853 ** If no MX records are found, mxhosts[0] is set to host
929 /* efficiency hack -- numeric or non-MX lookups */
948 host = sm_rpool_strdup_x(CurEnv->e_rpool, hn2alabel(host));
953 ** If we don't have MX records in our host switch, don't
954 ** try for MX records. Note that this really isn't "right",
957 ** MX lookups. However, that should be a degenerate case.
993 /* no MX data on this host */
1006 case -1:
1010 /* name server is hosed -- push to fallback */
1029 ad = ad && hp->ad;
1043 for (qdcount = ntohs((unsigned short) hp->qdcount);
1044 qdcount--;
1052 buflen = sizeof(MXHostBuf) - 1;
1055 ancount = ntohs((unsigned short) hp->ancount);
1059 while (--ancount >= 0 && cp < eom && nmx < MAXMXHOSTS - 1)
1092 /* Support for RFC7505 "MX 0 ." */
1099 sm_dprintf("found localhost (%s) in MX list, pref=%d\n",
1124 sm_dprintf("getmxrr: 1: host=%s, mx=%s, flags=%#lx\n", host, bp, flags);
1141 ** host MX 0 .
1146 if (0 == n || bp[-1] != '.')
1157 buflen -= n + 1;
1160 /* Support for RFC7505 "MX 0 ." */
1164 sm_dprintf("getmxrr: Null MX record found, domain doesn't accept mail (RFC7505)\n");
1203 for (i = 0; i < nmx - 1; )
1215 nmx--;
1227 ** If we have deleted all MX entries, this is
1228 ** an error -- we should NEVER send to a host that
1229 ** has an MX, and this should have been caught
1273 syserr("MX list for %s points back to %s",
1299 /* this may be an MX suppression-style address */
1329 if (strlen(ahn) >= sizeof(MXHostBuf) - 1)
1336 (void) sm_strlcpy(hn, ahn, sizeof(MXHostBuf) - 1);
1345 (n = getcanonname(mxhosts[0], sizeof(MXHostBuf) - 2, false,
1350 if (bp[-1] != '.')
1381 sm_dprintf("getmxrr: 3: host=%s, mx=%s, flags=%#lx, ad=%d\n",
1421 return -1;
1425 ** MXRAND -- create a randomizer for equal MX preferences
1427 ** If two MX hosts have equal preferences we want to randomize
1430 ** computes a pseudo-random hash function from the host name.
1433 ** host -- the name of the host.
1474 ** BESTMX -- find the best MX for a name
1502 nmx = getmxrr(name, mxhosts, NULL, 0, statp, NULL, -1, NULL);
1506 if (bitset(MF_MATCHONLY, map->map_mflags))
1508 if ((map->map_coldelim == '\0') || (nmx == 1))
1512 ** We were given a -z flag (return all MXs) and there are multiple
1519 if (strchr(mxhosts[i], map->map_coldelim) != NULL)
1521 syserr("bestmx_map_lookup: MX host %.64s includes map delimiter character 0x%02X",
1522 mxhosts[i], map->map_coldelim);
1528 len -= strlen(mxhosts[i]) + 1;
1546 buf[end] = map->map_coldelim;
1552 truncate_at_delim(buf, PSBUFSIZE / 2, map->map_coldelim);
1559 if (strchr(mxhosts[i], map->map_coldelim) != NULL)
1561 syserr("bestmx_map_lookup: MX host %.64s includes map delimiter character 0x%02X",
1562 mxhosts[i], map->map_coldelim);
1570 *p++ = map->map_coldelim;
1573 (void) sm_strlcpy(p, mxhosts[i], sizeof(buf) - len);
1586 ** DNS_GETCANONNAME -- get the canonical name for named host using DNS
1588 ** This algorithm tries to be smart about wildcard MX records.
1590 ** against a wildcard or a specific MX.
1593 ** to be specific.
1595 ** If we match an MX in one pass and lose it in the next, we use
1596 ** the old one. For example, consider an MX matching *.FOO.BAR.COM.
1597 ** A hostname bletch.foo.bar.com will match against this MX, but
1598 ** will stop matching when we try bletch.bar.com -- so we know
1600 ** there was also an MX record matching *.BAR.COM, but there are
1604 ** host -- a buffer containing the name of the host.
1605 ** This is a value-result parameter.
1606 ** hbsize -- the size of the host buffer.
1607 ** trymx -- if set, try MX records as well as A and CNAME.
1608 ** statp -- pointer to place to store status.
1609 ** pttl -- pointer to return TTL (can be NULL).
1612 ** >0 -- if the host was found.
1613 ** 0 -- otherwise.
1653 if ((_res.options & RES_INIT) == 0 && res_init() == -1)
1712 if (n >= 0 && *--cp != '.' && bitset(RES_DNSRCH, _res.options))
1759 qtype == T_MX ? "MX" :
1827 /* definite no -- try the next domain */
1843 ** wild card MX record, we will accept MX as well.
1849 if (0 == hp->ad)
1852 /* skip question part of response -- we know what we asked */
1853 for (qdcount = ntohs((unsigned short) hp->qdcount);
1854 qdcount--;
1861 ntohs((unsigned short) hp->qdcount));
1868 for (ancount = ntohs((unsigned short) hp->ancount);
1869 --ancount >= 0 && ap < eom;
1888 ** If we are using MX matches and have
1903 ** in the absence of a wildcard MX this must
1904 ** still be a real MX match.
1905 ** Such MX matches are as good as an A match,
1923 /* got CNAME -- guaranteed canonical */
1933 if (CurEnv->e_message == NULL)
1941 CurEnv->e_message =
1943 CurEnv->e_rpool, ebuf);
1959 ** should point at the canonical name -- but
1974 ** Got a good match -- either an A, CNAME, or an
1975 ** exact MX record. Save it and get out of here.
1984 ** If this was a T_A query and we haven't yet found a MX