Keep the MX name and use it as SNI servername

author: Laurent Bercot <ska-skaware@skarnet.org> 2026-02-10 07:51:49 +0000
committer: Laurent Bercot <ska-skaware@skarnet.org> 2026-02-10 07:51:49 +0000
commit: 27a9b53363ff44df5b9b5acd17e64c77ec6ede53 (patch)
tree: b94a71a5942d7a43874b98c5f577efe533cf15d0
parent: 34b8a10af3b6999e8dfbb1ee267bd58c09b27bfd (diff)
download: smtpd-starttls-proxy-27a9b53363ff44df5b9b5acd17e64c77ec6ede53.tar.gz
4 files changed, 27 insertions, 17 deletions
diff --git a/src/qmail-remote/dns.c b/src/qmail-remote/dns.c
index 08bd9ca..4970ec4 100644
--- a/src/qmail-remote/dns.c
+++ b/src/qmail-remote/dns.c
@@ -35,6 +35,7 @@ struct mxipinfo_s
 {
   stralloc ip4 ;
   stralloc ip6 ;
+  size_t pos ;
   uint16_t id4 ;
   uint16_t id6 ;
 } ;
@@ -47,13 +48,16 @@ static int mx_cmp (void const *a, void const *b)
   return aa->preference < bb-> preference ? -1 : aa->preference > bb->preference ;
 }
 
-static unsigned int use_host_as_mx (skadns_t *a, char const *host, genalloc *mxip, tain const *deadline)
+static unsigned int use_host_as_mx (skadns_t *a, char const *host, genalloc *mxip, stralloc *storage, tain const *deadline)
 {
+  size_t hostlen = strlen(host) ;
   unsigned int newreqs = 0 ;
   mxipinfo info = MXIPINFO_ZERO ;
   s6dns_domain_t q ;
-  if (!s6dns_domain_fromstring_noqualify_encode(&q, host, strlen(host)))
+  if (!s6dns_domain_fromstring_noqualify_encode(&q, host, hostlen))
     qmailr_tempusys("DNS-encode host domain") ;
+  info.pos = storage->len ;
+  if (!stralloc_catb(storage, host, hostlen+1)) dienomem() ;
   if (!skadns_send_g(a, &info.id4, &q, S6DNS_T_A, deadline, deadline))
     qmailr_tempusys("send ", "A", " DNS query") ;
   LOLDEBUG("sending A for %s, id %hu", host, info.id4) ;
@@ -140,7 +144,7 @@ unsigned int dns_stuff (char const *host, char const *const *eaddr, unsigned int
   else
   {
     mxn = 1 ;
-    pending += use_host_as_mx(&a, host, &mxipi, &deadline) ;
+    pending += use_host_as_mx(&a, host, &mxipi, storage, &deadline) ;
   }
 
   while (pending)
@@ -184,21 +188,23 @@ unsigned int dns_stuff (char const *host, char const *const *eaddr, unsigned int
           qsort(mxs, mxn, sizeof(s6dns_message_rr_mx_t), &mx_cmp) ;
           for (unsigned int i = 0 ; i < mxn ; i++)
           {
-#ifdef DEBUG
-            char exch[256] ;
-            s6dns_domain_tostring(exch, 256, &mxs[i].exchange) ;
-#endif
             mxipinfo *p = genalloc_s(mxipinfo, &mxipi) + i ;
+            unsigned int len ;
+            if (!stralloc_readyplus(storage, 256)) dienomem() ;
+            p->pos = storage->len ;
+            len = s6dns_domain_tostring(storage->s + p->pos, 256, &mxs[i].exchange) ;
+            if (!len) qmailr_perm("invalid MX name") ;
+            storage->len += len ; storage->s[storage->len++] = 0 ;
             p->ip4 = p->ip6 = stralloc_zero ;
             s6dns_domain_encode(&mxs[i].exchange) ;
             if (!skadns_send_g(&a, &p->id4, &mxs[i].exchange, S6DNS_T_A, &deadline, &deadline))
               qmailr_tempusys("send ", "A", " DNS query") ;
-            LOLDEBUG("sending A for %s, id %hu", exch, p->id4) ;
+            LOLDEBUG("sending A for %s, id %hu", storage->s + p->pos, p->id4) ;
             pending++ ;
 #ifdef SKALIBS_IPV6_ENABLED
             if (!skadns_send_g(&a, &p->id6, &mxs[i].exchange, S6DNS_T_AAAA, &deadline, &deadline))
               qmailr_tempusys("send ", "AAAA", " DNS query") ;
-            LOLDEBUG("sending AAAA for %s, id %hu", exch, p->id6) ;
+            LOLDEBUG("sending AAAA for %s, id %hu", storage->s + p->pos, p->id6) ;
             pending++ ;
 #endif
           }
@@ -207,7 +213,7 @@ unsigned int dns_stuff (char const *host, char const *const *eaddr, unsigned int
         else
         {
           mxn = 1 ;
-          pending += use_host_as_mx(&a, host, &mxipi, &deadline) ;
+          pending += use_host_as_mx(&a, host, &mxipi, storage, &deadline) ;
         }
         continue ;
       }
@@ -331,6 +337,7 @@ unsigned int dns_stuff (char const *host, char const *const *eaddr, unsigned int
   {
     mxip data ;
     mxipinfo *p = genalloc_s(mxipinfo, &mxipi) + i ;
+    data.namepos = p->pos ;
     data.n4 = p->ip4.len >> 2 ;
     data.pos4 = storage->len ;
     if (!stralloc_catb(storage, p->ip4.s, p->ip4.len)) dienomem() ;
diff --git a/src/qmail-remote/qmail-remote.c b/src/qmail-remote/qmail-remote.c
index 9c9bc15..d5bf0ea 100644
--- a/src/qmail-remote/qmail-remote.c
+++ b/src/qmail-remote/qmail-remote.c
@@ -92,7 +92,7 @@ static int smtp_start (buffer *in, buffer *out, char const *helohost, unsigned i
   return hastls ;
 }
 
-static void attempt_smtp (int fd, char const *ip, int is6, unsigned int timeoutconnect, unsigned int timeoutremote, qmailr_tls const *qtls, size_t helopos, size_t const *eaddrpos, unsigned int n, char const *storage)
+static void attempt_smtp (int fd, char const *ip, int is6, unsigned int timeoutconnect, unsigned int timeoutremote, qmailr_tls const *qtls, size_t helopos, size_t const *eaddrpos, unsigned int n, size_t mxnamepos, char const *storage)
 {
   int hastls ;
   char inbuf[2048] ;
@@ -121,7 +121,7 @@ static void attempt_smtp (int fd, char const *ip, int is6, unsigned int timeoutc
         qmailr_smtp_quit(&out, timeoutremote) ;
         qmailr_temp("Connected to ", fmtip, " but connection died") ;
       }
-      else if (r == 220) run_tls(fd, fmtip, timeoutconnect, timeoutremote, qtls, helopos, eaddrpos, n, storage) ;
+      else if (r == 220) run_tls(fd, fmtip, timeoutconnect, timeoutremote, qtls, helopos, eaddrpos, n, mxnamepos, storage) ;
       if (qtls->strictness) return ;
     }
     else if (qtls->strictness >= 2) return ;
@@ -239,7 +239,7 @@ int main (int argc, char const *const *argv)
           }
           if (!qmailr_tcpto_update(ip, 1, 0))
             qmailr_tempusys("update ", "tcpto6") ;
-          attempt_smtp(fd, ip, 1, timeoutconnect, timeoutremote, &qtls, helopos, eaddrpos, argc, storage.s) ;
+          attempt_smtp(fd, ip, 1, timeoutconnect, timeoutremote, &qtls, helopos, eaddrpos, argc, mxs[i].namepos, storage.s) ;
           fd_close(fd) ;
         }
 #endif
@@ -265,7 +265,7 @@ int main (int argc, char const *const *argv)
           }
           if (!qmailr_tcpto_update(ip, 0, 0))
             qmailr_tempusys("update ", "tcpto") ;
-          attempt_smtp(fd, ip, 0, timeoutconnect, timeoutremote, &qtls, helopos, eaddrpos, argc, storage.s) ;
+          attempt_smtp(fd, ip, 0, timeoutconnect, timeoutremote, &qtls, helopos, eaddrpos, argc, mxs[i].namepos, storage.s) ;
           fd_close(fd) ;
         }
       }
diff --git a/src/qmail-remote/qmail-remote.h b/src/qmail-remote/qmail-remote.h
index 24be70e..ad36d88 100644
--- a/src/qmail-remote/qmail-remote.h
+++ b/src/qmail-remote/qmail-remote.h
@@ -21,6 +21,7 @@
 typedef struct mxip_s mxip, *mxip_ref ;
 struct mxip_s
 {
+  size_t namepos ;
   size_t pos4 ;
   size_t pos6 ;
   uint16_t n4 ;
@@ -45,6 +46,6 @@ extern int smtproutes_match (smtproutes const *, char const *, stralloc *, size_
 extern void smtproutes_free (smtproutes *) ;
 
 
-extern void run_tls (int, char const *, unsigned int, unsigned int, qmailr_tls const *, size_t, size_t const *, unsigned int, char const *) gccattr_noreturn ;
+extern void run_tls (int, char const *, unsigned int, unsigned int, qmailr_tls const *, size_t, size_t const *, unsigned int, size_t, char const *) gccattr_noreturn ;
 
 #endif
diff --git a/src/qmail-remote/tls.c b/src/qmail-remote/tls.c
index 77be6f8..a679467 100644
--- a/src/qmail-remote/tls.c
+++ b/src/qmail-remote/tls.c
@@ -31,7 +31,7 @@ So instead of execing, we spawn it and stick around to translate
 the exit code and the error message back to qmail-rspawn.
 */
 
-void run_tls (int fdr, char const *fmtip, unsigned int timeoutconnect, unsigned int timeoutremote, qmailr_tls const *qtls, size_t helopos, size_t const *eaddrpos, unsigned int n, char const *storage)
+void run_tls (int fdr, char const *fmtip, unsigned int timeoutconnect, unsigned int timeoutremote, qmailr_tls const *qtls, size_t helopos, size_t const *eaddrpos, unsigned int n, size_t mxnamepos, char const *storage)
 {
   int wstat ;
   pid_t pid ;
@@ -48,7 +48,7 @@ void run_tls (int fdr, char const *fmtip, unsigned int timeoutconnect, unsigned
   char fmtw[UINT_FMT] ;
   char fmtt[UINT_FMT] ;
   char fmtk[UINT_FMT] ;
-  char const *argv[20 + n] ;
+  char const *argv[22 + n] ;
 
   if (fdw == -1) qmailr_tempusys("duplicate file descriptor") ;
   if (pipe(p) == -1) qmailr_tempusys("pipe") ;
@@ -76,6 +76,8 @@ void run_tls (int fdr, char const *fmtip, unsigned int timeoutconnect, unsigned
   argv[m++] = fmtr ;
   argv[m++] = "-7" ;
   argv[m++] = fmtw ;
+  argv[m++] = "-k" ;
+  argv[m++] = storage + mxnamepos ;
   argv[m++] = "--" ;
 
   argv[m++] = SMTPD_STARTTLS_PROXY_LIBEXECPREFIX "qmail-remote-io" ;
author	Laurent Bercot <ska-skaware@skarnet.org>	2026-02-10 07:51:49 +0000
committer	Laurent Bercot <ska-skaware@skarnet.org>	2026-02-10 07:51:49 +0000
commit	27a9b53363ff44df5b9b5acd17e64c77ec6ede53 (patch)
tree	b94a71a5942d7a43874b98c5f577efe533cf15d0
parent	34b8a10af3b6999e8dfbb1ee267bd58c09b27bfd (diff)
download	smtpd-starttls-proxy-27a9b53363ff44df5b9b5acd17e64c77ec6ede53.tar.gz