1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
5 /* Copyright (c) University of Cambridge 1995 - 2018 */
6 /* Copyright (c) The Exim Maintainers 2020 */
7 /* See the file NOTICE for conditions of use and distribution. */
9 /* Functions concerned with running Exim as a daemon */
15 /* Structure for holding data for each SMTP connection */
17 typedef struct smtp_slot {
18 pid_t pid; /* pid of the spawned reception process */
19 uschar *host_address; /* address of the client host */
22 /* An empty slot for initializing (Standard C does not allow constructor
23 expressions in assignments except as initializers in declarations). */
25 static smtp_slot empty_smtp_slot = { .pid = 0, .host_address = NULL };
29 /*************************************************
30 * Local static variables *
31 *************************************************/
33 static SIGNAL_BOOL sigchld_seen;
34 static SIGNAL_BOOL sighup_seen;
35 static SIGNAL_BOOL sigterm_seen;
37 static int accept_retry_count = 0;
38 static int accept_retry_errno;
39 static BOOL accept_retry_select_failed;
41 static int queue_run_count = 0;
42 static pid_t *queue_pid_slots = NULL;
43 static smtp_slot *smtp_slots = NULL;
45 static BOOL write_pid = TRUE;
49 /*************************************************
51 *************************************************/
53 /* All this handler does is to set a flag and re-enable the signal.
55 Argument: the signal number
60 sighup_handler(int sig)
62 sig = sig; /* Keep picky compilers happy */
64 signal(SIGHUP, sighup_handler);
69 /*************************************************
70 * SIGCHLD handler for main daemon process *
71 *************************************************/
73 /* Don't re-enable the handler here, since we aren't doing the
74 waiting here. If the signal is re-enabled, there will just be an
75 infinite sequence of calls to this handler. The SIGCHLD signal is
76 used just as a means of waking up the daemon so that it notices
77 terminated subprocesses as soon as possible.
79 Argument: the signal number
84 main_sigchld_handler(int sig)
86 sig = sig; /* Keep picky compilers happy */
87 os_non_restarting_signal(SIGCHLD, SIG_DFL);
92 /* SIGTERM handler. Try to get the damon pif file removed
96 main_sigterm_handler(int sig)
104 /*************************************************
105 * Unexpected errors in SMTP calls *
106 *************************************************/
108 /* This function just saves a bit of repetitious coding.
111 log_msg Text of message to be logged
112 smtp_msg Text of SMTP error message
113 was_errno The failing errno
119 never_error(uschar *log_msg, uschar *smtp_msg, int was_errno)
121 uschar *emsg = was_errno <= 0
122 ? US"" : string_sprintf(": %s", strerror(was_errno));
123 log_write(0, LOG_MAIN|LOG_PANIC, "%s%s", log_msg, emsg);
124 if (smtp_out) smtp_printf("421 %s\r\n", FALSE, smtp_msg);
130 /*************************************************
131 *************************************************/
133 #ifndef EXIM_HAVE_ABSTRACT_UNIX_SOCKETS
135 unlink_notifier_socket(void)
137 uschar * s = expand_string(notifier_socket);
138 DEBUG(D_any) debug_printf("unlinking notifier socket %s\n", s);
145 close_daemon_sockets(int daemon_notifier_fd,
146 int * listen_sockets, int listen_socket_count)
148 if (daemon_notifier_fd >= 0)
150 (void) close(daemon_notifier_fd);
151 daemon_notifier_fd = -1;
152 #ifndef EXIM_HAVE_ABSTRACT_UNIX_SOCKETS
153 unlink_notifier_socket();
157 for (int i = 0; i < listen_socket_count; i++) (void) close(listen_sockets[i]);
161 /*************************************************
162 * Handle a connected SMTP call *
163 *************************************************/
165 /* This function is called when an SMTP connection has been accepted.
166 If there are too many, give an error message and close down. Otherwise
167 spin off a sub-process to handle the call. The list of listening sockets
168 is required so that they can be closed in the sub-process. Take care not to
169 leak store in this process - reset the stacking pool at the end.
172 listen_sockets sockets which are listening for incoming calls
173 listen_socket_count count of listening sockets
174 accept_socket socket of the current accepted call
175 accepted socket information about the current call
181 handle_smtp_call(int *listen_sockets, int listen_socket_count,
182 int accept_socket, struct sockaddr *accepted)
185 union sockaddr_46 interface_sockaddr;
186 EXIM_SOCKLEN_T ifsize = sizeof(interface_sockaddr);
187 int dup_accept_socket = -1;
188 int max_for_this_host = 0;
189 int save_log_selector = *log_selector;
192 rmark reset_point = store_mark();
194 /* Make the address available in ASCII representation, and also fish out
197 sender_host_address = host_ntoa(-1, accepted, NULL, &sender_host_port);
198 DEBUG(D_any) debug_printf("Connection request from %s port %d\n",
199 sender_host_address, sender_host_port);
201 /* Set up the output stream, check the socket has duplicated, and set up the
202 input stream. These operations fail only the exceptional circumstances. Note
203 that never_error() won't use smtp_out if it is NULL. */
205 if (!(smtp_out = fdopen(accept_socket, "wb")))
207 never_error(US"daemon: fdopen() for smtp_out failed", US"", errno);
211 if ((dup_accept_socket = dup(accept_socket)) < 0)
213 never_error(US"daemon: couldn't dup socket descriptor",
214 US"Connection setup failed", errno);
218 if (!(smtp_in = fdopen(dup_accept_socket, "rb")))
220 never_error(US"daemon: fdopen() for smtp_in failed",
221 US"Connection setup failed", errno);
225 /* Get the data for the local interface address. Panic for most errors, but
226 "connection reset by peer" just means the connection went away. */
228 if (getsockname(accept_socket, (struct sockaddr *)(&interface_sockaddr),
231 log_write(0, LOG_MAIN | ((errno == ECONNRESET)? 0 : LOG_PANIC),
232 "getsockname() failed: %s", strerror(errno));
233 smtp_printf("421 Local problem: getsockname() failed; please try again later\r\n", FALSE);
237 interface_address = host_ntoa(-1, &interface_sockaddr, NULL, &interface_port);
238 DEBUG(D_interface) debug_printf("interface address=%s port=%d\n",
239 interface_address, interface_port);
241 /* Build a string identifying the remote host and, if requested, the port and
242 the local interface data. This is for logging; at the end of this function the
243 memory is reclaimed. */
245 whofrom = string_append(NULL, 3, "[", sender_host_address, "]");
247 if (LOGGING(incoming_port))
248 whofrom = string_fmt_append(whofrom, ":%d", sender_host_port);
250 if (LOGGING(incoming_interface))
251 whofrom = string_fmt_append(whofrom, " I=[%s]:%d",
252 interface_address, interface_port);
254 (void) string_from_gstring(whofrom); /* Terminate the newly-built string */
256 /* Check maximum number of connections. We do not check for reserved
257 connections or unacceptable hosts here. That is done in the subprocess because
258 it might take some time. */
260 if (smtp_accept_max > 0 && smtp_accept_count >= smtp_accept_max)
262 DEBUG(D_any) debug_printf("rejecting SMTP connection: count=%d max=%d\n",
263 smtp_accept_count, smtp_accept_max);
264 smtp_printf("421 Too many concurrent SMTP connections; "
265 "please try again later.\r\n", FALSE);
266 log_write(L_connection_reject,
267 LOG_MAIN, "Connection from %s refused: too many connections",
272 /* If a load limit above which only reserved hosts are acceptable is defined,
273 get the load average here, and if there are in fact no reserved hosts, do
274 the test right away (saves a fork). If there are hosts, do the check in the
275 subprocess because it might take time. */
277 if (smtp_load_reserve >= 0)
279 load_average = OS_GETLOADAVG();
280 if (smtp_reserve_hosts == NULL && load_average > smtp_load_reserve)
282 DEBUG(D_any) debug_printf("rejecting SMTP connection: load average = %.2f\n",
283 (double)load_average/1000.0);
284 smtp_printf("421 Too much load; please try again later.\r\n", FALSE);
285 log_write(L_connection_reject,
286 LOG_MAIN, "Connection from %s refused: load average = %.2f",
287 whofrom->s, (double)load_average/1000.0);
292 /* Check that one specific host (strictly, IP address) is not hogging
293 resources. This is done here to prevent a denial of service attack by someone
294 forcing you to fork lots of times before denying service. The value of
295 smtp_accept_max_per_host is a string which is expanded. This makes it possible
296 to provide host-specific limits according to $sender_host address, but because
297 this is in the daemon mainline, only fast expansions (such as inline address
298 checks) should be used. The documentation is full of warnings. */
300 if (smtp_accept_max_per_host != NULL)
302 uschar *expanded = expand_string(smtp_accept_max_per_host);
303 if (expanded == NULL)
305 if (!f.expand_string_forcedfail)
306 log_write(0, LOG_MAIN|LOG_PANIC, "expansion of smtp_accept_max_per_host "
307 "failed for %s: %s", whofrom->s, expand_string_message);
309 /* For speed, interpret a decimal number inline here */
312 uschar *s = expanded;
314 max_for_this_host = max_for_this_host * 10 + *s++ - '0';
316 log_write(0, LOG_MAIN|LOG_PANIC, "expansion of smtp_accept_max_per_host "
317 "for %s contains non-digit: %s", whofrom->s, expanded);
321 /* If we have fewer connections than max_for_this_host, we can skip the tedious
322 per host_address checks. Note that at this stage smtp_accept_count contains the
323 count of *other* connections, not including this one. */
325 if ((max_for_this_host > 0) &&
326 (smtp_accept_count >= max_for_this_host))
328 int host_accept_count = 0;
329 int other_host_count = 0; /* keep a count of non matches to optimise */
331 for (int i = 0; i < smtp_accept_max; ++i)
332 if (smtp_slots[i].host_address)
334 if (Ustrcmp(sender_host_address, smtp_slots[i].host_address) == 0)
339 /* Testing all these strings is expensive - see if we can drop out
340 early, either by hitting the target, or finding there are not enough
341 connections left to make the target. */
343 if ((host_accept_count >= max_for_this_host) ||
344 ((smtp_accept_count - other_host_count) < max_for_this_host))
348 if (host_accept_count >= max_for_this_host)
350 DEBUG(D_any) debug_printf("rejecting SMTP connection: too many from this "
351 "IP address: count=%d max=%d\n",
352 host_accept_count, max_for_this_host);
353 smtp_printf("421 Too many concurrent SMTP connections "
354 "from this IP address; please try again later.\r\n", FALSE);
355 log_write(L_connection_reject,
356 LOG_MAIN, "Connection from %s refused: too many connections "
357 "from that IP address", whofrom->s);
363 /* OK, the connection count checks have been passed. Before we can fork the
364 accepting process, we must first log the connection if requested. This logging
365 used to happen in the subprocess, but doing that means that the value of
366 smtp_accept_count can be out of step by the time it is logged. So we have to do
367 the logging here and accept the performance cost. Note that smtp_accept_count
368 hasn't yet been incremented to take account of this connection.
370 In order to minimize the cost (because this is going to happen for every
371 connection), do a preliminary selector test here. This saves ploughing through
372 the generalized logging code each time when the selector is false. If the
373 selector is set, check whether the host is on the list for logging. If not,
374 arrange to unset the selector in the subprocess. */
376 if (LOGGING(smtp_connection))
378 uschar *list = hosts_connection_nolog;
379 memset(sender_host_cache, 0, sizeof(sender_host_cache));
380 if (list != NULL && verify_check_host(&list) == OK)
381 save_log_selector &= ~L_smtp_connection;
383 log_write(L_smtp_connection, LOG_MAIN, "SMTP connection from %s "
384 "(TCP/IP connection count = %d)", whofrom->s, smtp_accept_count + 1);
387 /* Now we can fork the accepting process; do a lookup tidy, just in case any
388 expansion above did a lookup. */
391 pid = exim_fork(US"daemon-accept");
393 /* Handle the child process */
397 int queue_only_reason = 0;
398 int old_pool = store_pool;
399 int save_debug_selector = debug_selector;
400 BOOL local_queue_only;
401 BOOL session_local_queue_only;
403 struct sigaction act;
406 smtp_accept_count++; /* So that it includes this process */
408 /* May have been modified for the subprocess */
410 *log_selector = save_log_selector;
412 /* Get the local interface address into permanent store */
414 store_pool = POOL_PERM;
415 interface_address = string_copy(interface_address);
416 store_pool = old_pool;
418 /* Check for a tls-on-connect port */
420 if (host_is_tls_on_connect_port(interface_port)) tls_in.on_connect = TRUE;
422 /* Expand smtp_active_hostname if required. We do not do this any earlier,
423 because it may depend on the local interface address (indeed, that is most
424 likely what it depends on.) */
426 smtp_active_hostname = primary_hostname;
427 if (raw_active_hostname)
429 uschar * nah = expand_string(raw_active_hostname);
432 if (!f.expand_string_forcedfail)
434 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand \"%s\" "
435 "(smtp_active_hostname): %s", raw_active_hostname,
436 expand_string_message);
437 smtp_printf("421 Local configuration error; "
438 "please try again later.\r\n", FALSE);
441 exim_underbar_exit(EXIT_FAILURE);
444 else if (*nah) smtp_active_hostname = nah;
447 /* Initialize the queueing flags */
450 session_local_queue_only = queue_only;
452 /* Close the listening sockets, and set the SIGCHLD handler to SIG_IGN.
453 We also attempt to set things up so that children are automatically reaped,
454 but just in case this isn't available, there's a paranoid waitpid() in the
455 loop too (except for systems where we are sure it isn't needed). See the more
456 extensive comment before the reception loop in exim.c for a fuller
457 explanation of this logic. */
459 close_daemon_sockets(daemon_notifier_fd, listen_sockets, listen_socket_count);
461 /* Set FD_CLOEXEC on the SMTP socket. We don't want any rogue child processes
462 to be able to communicate with them, under any circumstances. */
463 (void)fcntl(accept_socket, F_SETFD,
464 fcntl(accept_socket, F_GETFD) | FD_CLOEXEC);
465 (void)fcntl(dup_accept_socket, F_SETFD,
466 fcntl(dup_accept_socket, F_GETFD) | FD_CLOEXEC);
469 act.sa_handler = SIG_IGN;
470 sigemptyset(&(act.sa_mask));
471 act.sa_flags = SA_NOCLDWAIT;
472 sigaction(SIGCHLD, &act, NULL);
474 signal(SIGCHLD, SIG_IGN);
476 signal(SIGTERM, SIG_DFL);
478 /* Attempt to get an id from the sending machine via the RFC 1413
479 protocol. We do this in the sub-process in order not to hold up the
480 main process if there is any delay. Then set up the fullhost information
481 in case there is no HELO/EHLO.
483 If debugging is enabled only for the daemon, we must turn if off while
484 finding the id, but turn it on again afterwards so that information about the
485 incoming connection is output. */
487 if (f.debug_daemon) debug_selector = 0;
488 verify_get_ident(IDENT_PORT);
489 host_build_sender_fullhost();
490 debug_selector = save_debug_selector;
493 debug_printf("Process %d is handling incoming connection from %s\n",
494 (int)getpid(), sender_fullhost);
496 /* Now disable debugging permanently if it's required only for the daemon
499 if (f.debug_daemon) debug_selector = 0;
501 /* If there are too many child processes for immediate delivery,
502 set the session_local_queue_only flag, which is initialized from the
503 configured value and may therefore already be TRUE. Leave logging
504 till later so it will have a message id attached. Note that there is no
505 possibility of re-calculating this per-message, because the value of
506 smtp_accept_count does not change in this subprocess. */
508 if (smtp_accept_queue > 0 && smtp_accept_count > smtp_accept_queue)
510 session_local_queue_only = TRUE;
511 queue_only_reason = 1;
514 /* Handle the start of the SMTP session, then loop, accepting incoming
515 messages from the SMTP connection. The end will come at the QUIT command,
516 when smtp_setup_msg() returns 0. A break in the connection causes the
517 process to die (see accept.c).
519 NOTE: We do *not* call smtp_log_no_mail() if smtp_start_session() fails,
520 because a log line has already been written for all its failure exists
521 (usually "connection refused: <reason>") and writing another one is
522 unnecessary clutter. */
524 if (!smtp_start_session())
528 exim_underbar_exit(EXIT_SUCCESS);
534 message_id[0] = 0; /* Clear out any previous message_id */
535 reset_point = store_mark(); /* Save current store high water point */
538 debug_printf("Process %d is ready for new message\n", (int)getpid());
540 /* Smtp_setup_msg() returns 0 on QUIT or if the call is from an
541 unacceptable host or if an ACL "drop" command was triggered, -1 on
542 connection lost, and +1 on validly reaching DATA. Receive_msg() almost
543 always returns TRUE when smtp_input is true; just retry if no message was
544 accepted (can happen for invalid message parameters). However, it can yield
545 FALSE if the connection was forcibly dropped by the DATA ACL. */
547 if ((rc = smtp_setup_msg()) > 0)
549 BOOL ok = receive_msg(FALSE);
550 search_tidyup(); /* Close cached databases */
551 if (!ok) /* Connection was dropped */
553 cancel_cutthrough_connection(TRUE, US"receive dropped");
555 smtp_log_no_mail(); /* Log no mail if configured */
556 exim_underbar_exit(EXIT_SUCCESS);
558 if (message_id[0] == 0) continue; /* No message was accepted */
564 int fd = fileno(smtp_in);
568 /* drain socket, for clean TCP FINs */
569 if (fcntl(fd, F_SETFL, O_NONBLOCK) == 0)
570 for(int i = 16; read(fd, buf, sizeof(buf)) > 0 && i > 0; ) i--;
572 cancel_cutthrough_connection(TRUE, US"message setup dropped");
574 smtp_log_no_mail(); /* Log no mail if configured */
576 /*XXX should we pause briefly, hoping that the client will be the
577 active TCP closer hence get the TCP_WAIT endpoint? */
578 DEBUG(D_receive) debug_printf("SMTP>>(close on process exit)\n");
579 exim_underbar_exit(rc ? EXIT_FAILURE : EXIT_SUCCESS);
582 /* Show the recipients when debugging */
587 debug_printf("Sender: %s\n", sender_address);
590 debug_printf("Recipients:\n");
591 for (int i = 0; i < recipients_count; i++)
592 debug_printf(" %s\n", recipients_list[i].address);
596 /* A message has been accepted. Clean up any previous delivery processes
597 that have completed and are defunct, on systems where they don't go away
598 by themselves (see comments when setting SIG_IGN above). On such systems
599 (if any) these delivery processes hang around after termination until
600 the next message is received. */
602 #ifndef SIG_IGN_WORKS
603 while (waitpid(-1, NULL, WNOHANG) > 0);
606 /* Reclaim up the store used in accepting this message */
609 int r = receive_messagecount;
610 BOOL q = f.queue_only_policy;
611 smtp_reset(reset_point);
613 f.queue_only_policy = q;
614 receive_messagecount = r;
617 /* If queue_only is set or if there are too many incoming connections in
618 existence, session_local_queue_only will be TRUE. If it is not, check
619 whether we have received too many messages in this session for immediate
622 if (!session_local_queue_only &&
623 smtp_accept_queue_per_connection > 0 &&
624 receive_messagecount > smtp_accept_queue_per_connection)
626 session_local_queue_only = TRUE;
627 queue_only_reason = 2;
630 /* Initialize local_queue_only from session_local_queue_only. If it is not
631 true, and queue_only_load is set, check that the load average is below it.
632 If local_queue_only is set by this means, we also set if for the session if
633 queue_only_load_latch is true (the default). This means that, once set,
634 local_queue_only remains set for any subsequent messages on the same SMTP
635 connection. This is a deliberate choice; even though the load average may
636 fall, it doesn't seem right to deliver later messages on the same call when
637 not delivering earlier ones. However, the are special circumstances such as
638 very long-lived connections from scanning appliances where this is not the
639 best strategy. In such cases, queue_only_load_latch should be set false. */
641 if ( !(local_queue_only = session_local_queue_only)
642 && queue_only_load >= 0
643 && (local_queue_only = (load_average = OS_GETLOADAVG()) > queue_only_load)
646 queue_only_reason = 3;
647 if (queue_only_load_latch) session_local_queue_only = TRUE;
650 /* Log the queueing here, when it will get a message id attached, but
651 not if queue_only is set (case 0). */
653 if (local_queue_only) switch(queue_only_reason)
655 case 1: log_write(L_delay_delivery,
656 LOG_MAIN, "no immediate delivery: too many connections "
657 "(%d, max %d)", smtp_accept_count, smtp_accept_queue);
660 case 2: log_write(L_delay_delivery,
661 LOG_MAIN, "no immediate delivery: more than %d messages "
662 "received in one connection", smtp_accept_queue_per_connection);
665 case 3: log_write(L_delay_delivery,
666 LOG_MAIN, "no immediate delivery: load average %.2f",
667 (double)load_average/1000.0);
671 /* If a delivery attempt is required, spin off a new process to handle it.
672 If we are not root, we have to re-exec exim unless deliveries are being
673 done unprivileged. */
675 else if ( (!f.queue_only_policy || f.queue_smtp)
676 && !f.deliver_freeze)
680 /* Before forking, ensure that the C output buffer is flushed. Otherwise
681 anything that it in it will get duplicated, leading to duplicate copies
682 of the pending output. */
686 if ((dpid = exim_fork(US"daemon-accept-delivery")) == 0)
688 (void)fclose(smtp_in);
689 (void)fclose(smtp_out);
691 /* Don't ever molest the parent's SSL connection, but do clean up
692 the data structures if necessary. */
695 tls_close(NULL, TLS_NO_SHUTDOWN);
698 /* Reset SIGHUP and SIGCHLD in the child in both cases. */
700 signal(SIGHUP, SIG_DFL);
701 signal(SIGCHLD, SIG_DFL);
702 signal(SIGTERM, SIG_DFL);
704 if (geteuid() != root_uid && !deliver_drop_privilege)
706 signal(SIGALRM, SIG_DFL);
707 delivery_re_exec(CEE_EXEC_PANIC);
708 /* Control does not return here. */
711 /* No need to re-exec; SIGALRM remains set to the default handler */
713 (void) deliver_message(message_id, FALSE, FALSE);
715 exim_underbar_exit(EXIT_SUCCESS);
720 release_cutthrough_connection(US"passed for delivery");
721 DEBUG(D_any) debug_printf("forked delivery process %d\n", (int)dpid);
725 cancel_cutthrough_connection(TRUE, US"delivery fork failed");
726 log_write(0, LOG_MAIN|LOG_PANIC, "daemon: delivery process fork "
727 "failed: %s", strerror(errno));
734 /* Carrying on in the parent daemon process... Can't do much if the fork
735 failed. Otherwise, keep count of the number of accepting processes and
736 remember the pid for ticking off when the child completes. */
739 never_error(US"daemon: accept process fork failed", US"Fork failed", errno);
742 for (int i = 0; i < smtp_accept_max; ++i)
743 if (smtp_slots[i].pid <= 0)
745 smtp_slots[i].pid = pid;
746 /* Connection closes come asyncronously, so we cannot stack this store */
747 if (smtp_accept_max_per_host)
748 smtp_slots[i].host_address = string_copy_malloc(sender_host_address);
752 DEBUG(D_any) debug_printf("%d SMTP accept process%s running\n",
753 smtp_accept_count, smtp_accept_count == 1 ? "" : "es");
756 /* Get here via goto in error cases */
760 /* Close the streams associated with the socket which will also close the
761 socket fds in this process. We can't do anything if fclose() fails, but
762 logging brings it to someone's attention. However, "connection reset by peer"
763 isn't really a problem, so skip that one. On Solaris, a dropped connection can
764 manifest itself as a broken pipe, so drop that one too. If the streams don't
765 exist, something went wrong while setting things up. Make sure the socket
766 descriptors are closed, in order to drop the connection. */
770 if (fclose(smtp_out) != 0 && errno != ECONNRESET && errno != EPIPE)
771 log_write(0, LOG_MAIN|LOG_PANIC, "daemon: fclose(smtp_out) failed: %s",
775 else (void)close(accept_socket);
779 if (fclose(smtp_in) != 0 && errno != ECONNRESET && errno != EPIPE)
780 log_write(0, LOG_MAIN|LOG_PANIC, "daemon: fclose(smtp_in) failed: %s",
784 else (void)close(dup_accept_socket);
786 /* Release any store used in this process, including the store used for holding
787 the incoming host address and an expanded active_hostname. */
791 sender_host_address = NULL;
792 store_reset(reset_point);
793 sender_host_address = NULL;
799 /*************************************************
800 * Check wildcard listen special cases *
801 *************************************************/
803 /* This function is used when binding and listening on lists of addresses and
804 ports. It tests for special cases of wildcard listening, when IPv4 and IPv6
805 sockets may interact in different ways in different operating systems. It is
806 passed an error number, the list of listening addresses, and the current
807 address. Two checks are available: for a previous wildcard IPv6 address, or for
808 a following wildcard IPv4 address, in both cases on the same port.
810 In practice, pairs of wildcard addresses should be adjacent in the address list
811 because they are sorted that way below.
815 addresses the list of addresses
816 ipa the current IP address
817 back if TRUE, check for previous wildcard IPv6 address
818 if FALSE, check for a following wildcard IPv4 address
820 Returns: TRUE or FALSE
824 check_special_case(int eno, ip_address_item *addresses, ip_address_item *ipa,
827 ip_address_item *ipa2;
829 /* For the "back" case, if the failure was "address in use" for a wildcard IPv4
830 address, seek a previous IPv6 wildcard address on the same port. As it is
831 previous, it must have been successfully bound and be listening. Flag it as a
832 "6 including 4" listener. */
836 if (eno != EADDRINUSE || ipa->address[0] != 0) return FALSE;
837 for (ipa2 = addresses; ipa2 != ipa; ipa2 = ipa2->next)
839 if (ipa2->address[1] == 0 && ipa2->port == ipa->port)
841 ipa2->v6_include_v4 = TRUE;
847 /* For the "forward" case, if the current address is a wildcard IPv6 address,
848 we seek a following wildcard IPv4 address on the same port. */
852 if (ipa->address[0] != ':' || ipa->address[1] != 0) return FALSE;
853 for (ipa2 = ipa->next; ipa2 != NULL; ipa2 = ipa2->next)
854 if (ipa2->address[0] == 0 && ipa->port == ipa2->port) return TRUE;
863 /*************************************************
864 * Handle terminating subprocesses *
865 *************************************************/
867 /* Handle the termination of child processes. Theoretically, this need be done
868 only when sigchld_seen is TRUE, but rumour has it that some systems lose
869 SIGCHLD signals at busy times, so to be on the safe side, this function is
870 called each time round. It shouldn't be too expensive.
877 handle_ending_processes(void)
882 while ((pid = waitpid(-1, &status, WNOHANG)) > 0)
886 debug_printf("child %d ended: status=0x%x\n", (int)pid, status);
888 if (WIFEXITED(status))
889 debug_printf(" normal exit, %d\n", WEXITSTATUS(status));
890 else if (WIFSIGNALED(status))
891 debug_printf(" signal exit, signal %d%s\n", WTERMSIG(status),
892 WCOREDUMP(status) ? " (core dumped)" : "");
896 /* If it's a listening daemon for which we are keeping track of individual
897 subprocesses, deal with an accepting process that has terminated. */
902 for (i = 0; i < smtp_accept_max; i++)
903 if (smtp_slots[i].pid == pid)
905 if (smtp_slots[i].host_address)
906 store_free(smtp_slots[i].host_address);
907 smtp_slots[i] = empty_smtp_slot;
908 if (--smtp_accept_count < 0) smtp_accept_count = 0;
909 DEBUG(D_any) debug_printf("%d SMTP accept process%s now running\n",
910 smtp_accept_count, (smtp_accept_count == 1)? "" : "es");
913 if (i < smtp_accept_max) continue; /* Found an accepting process */
916 /* If it wasn't an accepting process, see if it was a queue-runner
917 process that we are tracking. */
921 int max = atoi(CS expand_string(queue_run_max));
922 for (int i = 0; i < max; i++)
923 if (queue_pid_slots[i] == pid)
925 queue_pid_slots[i] = 0;
926 if (--queue_run_count < 0) queue_run_count = 0;
927 DEBUG(D_any) debug_printf("%d queue-runner process%s now running\n",
928 queue_run_count, (queue_run_count == 1)? "" : "es");
938 set_pid_file_path(void)
940 if (override_pid_file_path)
941 pid_file_path = override_pid_file_path;
944 pid_file_path = string_sprintf("%s/exim-daemon.pid", spool_directory);
946 if (pid_file_path[0] != '/')
947 log_write(0, LOG_PANIC_DIE, "pid file path %s must be absolute\n", pid_file_path);
951 /* Remove the daemon's pidfile. Note: runs with root privilege,
952 as a direct child of the daemon. Does not return. */
955 delete_pid_file(void)
957 uschar * daemon_pid = string_sprintf("%d\n", (int)getppid());
961 if ((f = Ufopen(pid_file_path, "rb")))
963 if ( fgets(CS big_buffer, big_buffer_size, f)
964 && Ustrcmp(daemon_pid, big_buffer) == 0
966 if (Uunlink(pid_file_path) == 0)
969 debug_printf("%s unlink: %s\n", pid_file_path, strerror(errno));
973 debug_printf("unlinked %s\n", pid_file_path);
978 debug_printf("%s\n", string_open_failed(errno, "pid file %s",
980 exim_exit(EXIT_SUCCESS);
984 /* Called by the daemon; exec a child to get the pid file deleted
985 since we may require privs for the containing directory */
992 if (daemon_notifier_fd >= 0)
994 close(daemon_notifier_fd);
995 daemon_notifier_fd = -1;
996 #ifndef EXIM_HAVE_ABSTRACT_UNIX_SOCKETS
997 unlink_notifier_socket();
1001 if (f.running_in_test_harness || write_pid)
1003 if ((pid = exim_fork(US"daemon-del-pidfile")) == 0)
1005 if (override_pid_file_path)
1006 (void)child_exec_exim(CEE_EXEC_PANIC, FALSE, NULL, FALSE, 3,
1007 "-oP", override_pid_file_path, "-oPX");
1009 (void)child_exec_exim(CEE_EXEC_PANIC, FALSE, NULL, FALSE, 1, "-oPX");
1011 /* Control never returns here. */
1014 child_close(pid, 1);
1016 exim_exit(EXIT_SUCCESS);
1020 /*************************************************
1021 * Listener socket for local work prompts *
1022 *************************************************/
1025 daemon_notifier_socket(void)
1028 const uschar * where;
1029 struct sockaddr_un sa_un = {.sun_family = AF_UNIX};
1032 if (override_local_interfaces && !override_pid_file_path)
1035 debug_printf("-oX used without -oP so not creating notifier socket\n");
1039 DEBUG(D_any) debug_printf("creating notifier socket\n");
1042 if ((fd = socket(PF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0)) < 0)
1043 { where = US"socket"; goto bad; }
1045 if ((fd = socket(PF_UNIX, SOCK_DGRAM, 0)) < 0)
1046 { where = US"socket"; goto bad; }
1047 (void)fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
1050 #ifdef EXIM_HAVE_ABSTRACT_UNIX_SOCKETS
1051 sa_un.sun_path[0] = 0; /* Abstract local socket addr - Linux-specific? */
1052 len = offsetof(struct sockaddr_un, sun_path) + 1
1053 + snprintf(sa_un.sun_path+1, sizeof(sa_un.sun_path)-1, "%s",
1054 expand_string(notifier_socket));
1055 DEBUG(D_any) debug_printf(" @%s\n", sa_un.sun_path+1);
1056 #else /* filesystem-visible and persistent; will neeed removal */
1057 len = offsetof(struct sockaddr_un, sun_path)
1058 + snprintf(sa_un.sun_path, sizeof(sa_un.sun_path), "%s",
1059 expand_string(notifier_socket));
1060 DEBUG(D_any) debug_printf(" %s\n", sa_un.sun_path);
1063 if (bind(fd, (const struct sockaddr *)&sa_un, len) < 0)
1064 { where = US"bind"; goto bad; }
1066 #ifdef SO_PASSCRED /* Linux */
1067 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &on, sizeof(on)) < 0)
1068 { where = US"SO_PASSCRED"; goto bad2; }
1069 #elif defined(LOCAL_CREDS) /* FreeBSD-ish */
1070 if (setsockopt(fd, 0, LOCAL_CREDS, &on, sizeof(on)) < 0)
1071 { where = US"LOCAL_CREDS"; goto bad2; }
1074 /* debug_printf("%s: fd %d\n", __FUNCTION__, fd); */
1075 daemon_notifier_fd = fd;
1079 #ifndef EXIM_HAVE_ABSTRACT_UNIX_SOCKETS
1080 Uunlink(sa_un.sun_path);
1083 log_write(0, LOG_MAIN|LOG_PANIC, "%s %s: %s",
1084 __FUNCTION__, where, strerror(errno));
1090 static uschar queuerun_msgid[MESSAGE_ID_LENGTH+1];
1092 /* Return TRUE if a sigalrm should be emulated */
1094 daemon_notification(void)
1096 uschar buf[256], cbuf[256];
1097 struct sockaddr_un sa_un;
1098 struct iovec iov = {.iov_base = buf, .iov_len = sizeof(buf)-1};
1099 struct msghdr msg = { .msg_name = &sa_un,
1100 .msg_namelen = sizeof(sa_un),
1103 .msg_control = cbuf,
1104 .msg_controllen = sizeof(cbuf)
1108 buf[sizeof(buf)-1] = 0;
1109 if ((sz = recvmsg(daemon_notifier_fd, &msg, 0)) <= 0) return FALSE;
1110 if (sz >= sizeof(buf)) return FALSE;
1113 debug_printf("addrlen %d\n", msg.msg_namelen);
1115 DEBUG(D_queue_run) debug_printf("%s from addr '%s%.*s'\n", __FUNCTION__,
1116 *sa_un.sun_path ? "" : "@",
1117 (int)msg.msg_namelen - (*sa_un.sun_path ? 0 : 1),
1118 sa_un.sun_path + (*sa_un.sun_path ? 0 : 1));
1120 /* Refuse to handle the item unless the peer has good credentials */
1121 #ifdef SCM_CREDENTIALS
1122 # define EXIM_SCM_CR_TYPE SCM_CREDENTIALS
1123 #elif defined(LOCAL_CREDS) && defined(SCM_CREDS)
1124 # define EXIM_SCM_CR_TYPE SCM_CREDS
1126 /* The OS has no way to get the creds of the caller (for a unix/datagram socket.
1127 Punt; don't try to check. */
1130 #ifdef EXIM_SCM_CR_TYPE
1131 for (struct cmsghdr * cp = CMSG_FIRSTHDR(&msg);
1133 cp = CMSG_NXTHDR(&msg, cp))
1134 if (cp->cmsg_level == SOL_SOCKET && cp->cmsg_type == EXIM_SCM_CR_TYPE)
1136 # ifdef SCM_CREDENTIALS /* Linux */
1137 struct ucred * cr = (struct ucred *) CMSG_DATA(cp);
1138 if (cr->uid && cr->uid != exim_uid)
1140 DEBUG(D_queue_run) debug_printf("%s: sender creds pid %d uid %d gid %d\n",
1141 __FUNCTION__, (int)cr->pid, (int)cr->uid, (int)cr->gid);
1144 # elif defined(LOCAL_CREDS) /* BSD-ish */
1145 struct sockcred * cr = (struct sockcred *) CMSG_DATA(cp);
1146 if (cr->sc_uid && cr->sc_uid != exim_uid)
1148 DEBUG(D_queue_run) debug_printf("%s: sender creds pid ??? uid %d gid %d\n",
1149 __FUNCTION__, (int)cr->sc_uid, (int)cr->sc_gid);
1160 #ifdef EXPERIMENTAL_QUEUE_RAMP
1161 case NOTIFY_MSG_QRUN:
1162 /* this should be a message_id */
1164 debug_printf("%s: qrunner trigger: %s\n", __FUNCTION__, buf+1);
1165 memcpy(queuerun_msgid, buf+1, MESSAGE_ID_LENGTH+1);
1167 #endif /*EXPERIMENTAL_QUEUE_RAMP*/
1169 case NOTIFY_QUEUE_SIZE_REQ:
1172 int len = snprintf(CS buf, sizeof(buf), "%u", queue_count_cached());
1175 debug_printf("%s: queue size request: %s\n", __FUNCTION__, buf);
1177 if (sendto(daemon_notifier_fd, buf, len, 0,
1178 (const struct sockaddr *)&sa_un, msg.msg_namelen) < 0)
1179 log_write(0, LOG_MAIN|LOG_PANIC,
1180 "%s: sendto: %s\n", __FUNCTION__, strerror(errno));
1188 /*************************************************
1189 * Exim Daemon Mainline *
1190 *************************************************/
1192 /* The daemon can do two jobs, either of which is optional:
1194 (1) Listens for incoming SMTP calls and spawns off a sub-process to handle
1195 each one. This is requested by the -bd option, with -oX specifying the SMTP
1196 port on which to listen (for testing).
1198 (2) Spawns a queue-running process every so often. This is controlled by the
1199 -q option with a an interval time. (If no time is given, a single queue run
1200 is done from the main function, and control doesn't get here.)
1202 Root privilege is required in order to attach to port 25. Some systems require
1203 it when calling socket() rather than bind(). To cope with all cases, we run as
1204 root for both socket() and bind(). Some systems also require root in order to
1205 write to the pid file directory. This function must therefore be called as root
1206 if it is to work properly in all circumstances. Once the socket is bound and
1207 the pid file written, root privilege is given up if there is an exim uid.
1209 There are no arguments to this function, and it never returns. */
1215 int *listen_sockets = NULL;
1216 int listen_socket_count = 0;
1217 ip_address_item *addresses = NULL;
1218 time_t last_connection_time = (time_t)0;
1219 int local_queue_run_max = atoi(CS expand_string(queue_run_max));
1221 process_purpose = US"daemon";
1223 /* If any debugging options are set, turn on the D_pid bit so that all
1224 debugging lines get the pid added. */
1226 DEBUG(D_any|D_v) debug_selector |= D_pid;
1228 if (f.inetd_wait_mode)
1230 listen_socket_count = 1;
1231 listen_sockets = store_get(sizeof(int), FALSE);
1233 if (dup2(0, 3) == -1)
1234 log_write(0, LOG_MAIN|LOG_PANIC_DIE,
1235 "failed to dup inetd socket safely away: %s", strerror(errno));
1237 listen_sockets[0] = 3;
1243 if (debug_file == stderr)
1245 /* need a call to log_write before call to open debug_file, so that
1246 log.c:file_path has been initialised. This is unfortunate. */
1247 log_write(0, LOG_MAIN, "debugging Exim in inetd wait mode starting");
1251 exim_nullstd(); /* re-open fd2 after we just closed it again */
1252 debug_logging_activate(US"-wait", NULL);
1255 DEBUG(D_any) debug_printf("running in inetd wait mode\n");
1257 /* As per below, when creating sockets ourselves, we handle tcp_nodelay for
1258 our own buffering; we assume though that inetd set the socket REUSEADDR. */
1261 if (setsockopt(3, IPPROTO_TCP, TCP_NODELAY, US &on, sizeof(on)))
1262 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to set socket NODELAY: %s",
1267 if (f.inetd_wait_mode || f.daemon_listen)
1269 /* If any option requiring a load average to be available during the
1270 reception of a message is set, call os_getloadavg() while we are root
1271 for those OS for which this is necessary the first time it is called (in
1272 order to perform an "open" on the kernel memory file). */
1274 #ifdef LOAD_AVG_NEEDS_ROOT
1275 if (queue_only_load >= 0 || smtp_load_reserve >= 0 ||
1276 (deliver_queue_load_max >= 0 && deliver_drop_privilege))
1277 (void)os_getloadavg();
1282 /* Do the preparation for setting up a listener on one or more interfaces, and
1283 possible on various ports. This is controlled by the combination of
1284 local_interfaces (which can set IP addresses and ports) and daemon_smtp_port
1285 (which is a list of default ports to use for those items in local_interfaces
1286 that do not specify a port). The -oX command line option can be used to
1287 override one or both of these options.
1289 If local_interfaces is not set, the default is to listen on all interfaces.
1290 When it is set, it can include "all IPvx interfaces" as an item. This is useful
1291 when different ports are in use.
1293 It turns out that listening on all interfaces is messy in an IPv6 world,
1294 because several different implementation approaches have been taken. This code
1295 is now supposed to work with all of them. The point of difference is whether an
1296 IPv6 socket that is listening on all interfaces will receive incoming IPv4
1297 calls or not. We also have to cope with the case when IPv6 libraries exist, but
1298 there is no IPv6 support in the kernel.
1300 . On Solaris, an IPv6 socket will accept IPv4 calls, and give them as mapped
1301 addresses. However, if an IPv4 socket is also listening on all interfaces,
1302 calls are directed to the appropriate socket.
1304 . On (some versions of) Linux, an IPv6 socket will accept IPv4 calls, and
1305 give them as mapped addresses, but an attempt also to listen on an IPv4
1306 socket on all interfaces causes an error.
1308 . On OpenBSD, an IPv6 socket will not accept IPv4 calls. You have to set up
1309 two sockets if you want to accept both kinds of call.
1311 . FreeBSD is like OpenBSD, but it has the IPV6_V6ONLY socket option, which
1312 can be turned off, to make it behave like the versions of Linux described
1315 . I heard a report that the USAGI IPv6 stack for Linux has implemented
1318 So, what we do when IPv6 is supported is as follows:
1320 (1) After it is set up, the list of interfaces is scanned for wildcard
1321 addresses. If an IPv6 and an IPv4 wildcard are both found for the same
1322 port, the list is re-arranged so that they are together, with the IPv6
1325 (2) If the creation of a wildcard IPv6 socket fails, we just log the error and
1326 carry on if an IPv4 wildcard socket for the same port follows later in the
1327 list. This allows Exim to carry on in the case when the kernel has no IPv6
1330 (3) Having created an IPv6 wildcard socket, we try to set IPV6_V6ONLY if that
1331 option is defined. However, if setting fails, carry on regardless (but log
1334 (4) If binding or listening on an IPv6 wildcard socket fails, it is a serious
1337 (5) If binding or listening on an IPv4 wildcard socket fails with the error
1338 EADDRINUSE, and a previous interface was an IPv6 wildcard for the same
1339 port (which must have succeeded or we wouldn't have got this far), we
1340 assume we are in the situation where just a single socket is permitted,
1341 and ignore the error.
1345 The preparation code decodes options and sets up the relevant data. We do this
1346 first, so that we can return non-zero if there are any syntax errors, and also
1349 if (f.daemon_listen && !f.inetd_wait_mode)
1351 int *default_smtp_port;
1355 const uschar * list;
1356 uschar *local_iface_source = US"local_interfaces";
1357 ip_address_item *ipa;
1358 ip_address_item **pipa;
1360 /* If -oX was used, disable the writing of a pid file unless -oP was
1361 explicitly used to force it. Then scan the string given to -oX. Any items
1362 that contain neither a dot nor a colon are used to override daemon_smtp_port.
1363 Any other items are used to override local_interfaces. */
1365 if (override_local_interfaces)
1367 gstring * new_smtp_port = NULL;
1368 gstring * new_local_interfaces = NULL;
1370 if (!override_pid_file_path) write_pid = FALSE;
1372 list = override_local_interfaces;
1374 while ((s = string_nextinlist(&list, &sep, NULL, 0)))
1377 gstring ** gp = Ustrpbrk(s, ".:") ? &new_local_interfaces : &new_smtp_port;
1383 *gp = string_catn(*gp, US"<", 1);
1386 *gp = string_catn(*gp, joinstr, 2);
1387 *gp = string_cat (*gp, s);
1392 daemon_smtp_port = string_from_gstring(new_smtp_port);
1393 DEBUG(D_any) debug_printf("daemon_smtp_port overridden by -oX:\n %s\n",
1397 if (new_local_interfaces)
1399 local_interfaces = string_from_gstring(new_local_interfaces);
1400 local_iface_source = US"-oX data";
1401 DEBUG(D_any) debug_printf("local_interfaces overridden by -oX:\n %s\n",
1406 /* Create a list of default SMTP ports, to be used if local_interfaces
1407 contains entries without explicit ports. First count the number of ports, then
1408 build a translated list in a vector. */
1410 list = daemon_smtp_port;
1412 while ((s = string_nextinlist(&list, &sep, NULL, 0)))
1414 default_smtp_port = store_get((pct+1) * sizeof(int), FALSE);
1415 list = daemon_smtp_port;
1418 (s = string_nextinlist(&list, &sep, NULL, 0));
1424 default_smtp_port[pct] = Ustrtol(s, &end, 0);
1425 if (end != s + Ustrlen(s))
1426 log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "invalid SMTP port: %s", s);
1430 struct servent *smtp_service = getservbyname(CS s, "tcp");
1432 log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "TCP port \"%s\" not found", s);
1433 default_smtp_port[pct] = ntohs(smtp_service->s_port);
1436 default_smtp_port[pct] = 0;
1438 /* Check the list of TLS-on-connect ports and do name lookups if needed */
1440 list = tls_in.on_connect_ports;
1442 while ((s = string_nextinlist(&list, &sep, big_buffer, big_buffer_size)))
1447 list = tls_in.on_connect_ports;
1448 tls_in.on_connect_ports = NULL;
1450 while ((s = string_nextinlist(&list, &sep, big_buffer, big_buffer_size)))
1454 struct servent * smtp_service = getservbyname(CS s, "tcp");
1456 log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "TCP port \"%s\" not found", s);
1457 s = string_sprintf("%d", (int)ntohs(smtp_service->s_port));
1459 g = string_append_listele(g, ':', s);
1462 tls_in.on_connect_ports = g->s;
1466 /* Create the list of local interfaces, possibly with ports included. This
1467 list may contain references to 0.0.0.0 and ::0 as wildcards. These special
1468 values are converted below. */
1470 addresses = host_build_ifacelist(local_interfaces, local_iface_source);
1472 /* In the list of IP addresses, convert 0.0.0.0 into an empty string, and ::0
1473 into the string ":". We use these to recognize wildcards in IPv4 and IPv6. In
1474 fact, many IP stacks recognize 0.0.0.0 and ::0 and handle them as wildcards
1475 anyway, but we need to know which are the wildcard addresses, and the shorter
1478 In the same scan, fill in missing port numbers from the default list. When
1479 there is more than one item in the list, extra items are created. */
1481 for (ipa = addresses; ipa; ipa = ipa->next)
1483 if (Ustrcmp(ipa->address, "0.0.0.0") == 0)
1484 ipa->address[0] = 0;
1485 else if (Ustrcmp(ipa->address, "::0") == 0)
1487 ipa->address[0] = ':';
1488 ipa->address[1] = 0;
1491 if (ipa->port > 0) continue;
1493 if (daemon_smtp_port[0] <= 0)
1494 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "no port specified for interface "
1495 "%s and daemon_smtp_port is unset; cannot start daemon",
1496 ipa->address[0] == 0 ? US"\"all IPv4\"" :
1497 ipa->address[1] == 0 ? US"\"all IPv6\"" : ipa->address);
1499 ipa->port = default_smtp_port[0];
1500 for (int i = 1; default_smtp_port[i] > 0; i++)
1502 ip_address_item *new = store_get(sizeof(ip_address_item), FALSE);
1504 memcpy(new->address, ipa->address, Ustrlen(ipa->address) + 1);
1505 new->port = default_smtp_port[i];
1506 new->next = ipa->next;
1512 /* Scan the list of addresses for wildcards. If we find an IPv4 and an IPv6
1513 wildcard for the same port, ensure that (a) they are together and (b) the
1514 IPv6 address comes first. This makes handling the messy features easier, and
1515 also simplifies the construction of the "daemon started" log line. */
1518 for (ipa = addresses; ipa; pipa = &ipa->next, ipa = ipa->next)
1520 ip_address_item *ipa2;
1522 /* Handle an IPv4 wildcard */
1524 if (ipa->address[0] == 0)
1525 for (ipa2 = ipa; ipa2->next; ipa2 = ipa2->next)
1527 ip_address_item *ipa3 = ipa2->next;
1528 if (ipa3->address[0] == ':' &&
1529 ipa3->address[1] == 0 &&
1530 ipa3->port == ipa->port)
1532 ipa2->next = ipa3->next;
1539 /* Handle an IPv6 wildcard. */
1541 else if (ipa->address[0] == ':' && ipa->address[1] == 0)
1542 for (ipa2 = ipa; ipa2->next; ipa2 = ipa2->next)
1544 ip_address_item *ipa3 = ipa2->next;
1545 if (ipa3->address[0] == 0 && ipa3->port == ipa->port)
1547 ipa2->next = ipa3->next;
1548 ipa3->next = ipa->next;
1556 /* Get a vector to remember all the sockets in */
1558 for (ipa = addresses; ipa; ipa = ipa->next)
1559 listen_socket_count++;
1560 listen_sockets = store_get(sizeof(int) * listen_socket_count, FALSE);
1562 } /* daemon_listen but not inetd_wait_mode */
1564 if (f.daemon_listen)
1567 /* Do a sanity check on the max connects value just to save us from getting
1568 a huge amount of store. */
1570 if (smtp_accept_max > 4095) smtp_accept_max = 4096;
1572 /* There's no point setting smtp_accept_queue unless it is less than the max
1573 connects limit. The configuration reader ensures that the max is set if the
1574 queue-only option is set. */
1576 if (smtp_accept_queue > smtp_accept_max) smtp_accept_queue = 0;
1578 /* Get somewhere to keep the list of SMTP accepting pids if we are keeping
1579 track of them for total number and queue/host limits. */
1581 if (smtp_accept_max > 0)
1583 smtp_slots = store_get(smtp_accept_max * sizeof(smtp_slot), FALSE);
1584 for (int i = 0; i < smtp_accept_max; i++) smtp_slots[i] = empty_smtp_slot;
1588 /* The variable background_daemon is always false when debugging, but
1589 can also be forced false in order to keep a non-debugging daemon in the
1590 foreground. If background_daemon is true, close all open file descriptors that
1591 we know about, but then re-open stdin, stdout, and stderr to /dev/null. Also
1592 do this for inetd_wait mode.
1594 This is protection against any called functions (in libraries, or in
1595 Perl, or whatever) that think they can write to stderr (or stdout). Before this
1596 was added, it was quite likely that an SMTP connection would use one of these
1597 file descriptors, in which case writing random stuff to it caused chaos.
1599 Then disconnect from the controlling terminal, Most modern Unixes seem to have
1600 setsid() for getting rid of the controlling terminal. For any OS that doesn't,
1601 setsid() can be #defined as a no-op, or as something else. */
1603 if (f.background_daemon || f.inetd_wait_mode)
1605 log_close_all(); /* Just in case anything was logged earlier */
1606 search_tidyup(); /* Just in case any were used in reading the config. */
1607 (void)close(0); /* Get rid of stdin/stdout/stderr */
1610 exim_nullstd(); /* Connect stdin/stdout/stderr to /dev/null */
1611 log_stderr = NULL; /* So no attempt to copy paniclog output */
1614 if (f.background_daemon)
1616 /* If the parent process of this one has pid == 1, we are re-initializing the
1617 daemon as the result of a SIGHUP. In this case, there is no need to do
1618 anything, because the controlling terminal has long gone. Otherwise, fork, in
1619 case current process is a process group leader (see 'man setsid' for an
1620 explanation) before calling setsid(). */
1624 pid_t pid = exim_fork(US"daemon");
1625 if (pid < 0) log_write(0, LOG_MAIN|LOG_PANIC_DIE,
1626 "fork() failed when starting daemon: %s", strerror(errno));
1627 if (pid > 0) exit(EXIT_SUCCESS); /* in parent process, just exit */
1628 (void)setsid(); /* release controlling terminal */
1632 /* We are now in the disconnected, daemon process (unless debugging). Set up
1633 the listening sockets if required. */
1635 daemon_notifier_socket();
1637 if (f.daemon_listen && !f.inetd_wait_mode)
1640 ip_address_item *ipa;
1642 /* For each IP address, create a socket, bind it to the appropriate port, and
1643 start listening. See comments above about IPv6 sockets that may or may not
1644 accept IPv4 calls when listening on all interfaces. We also have to cope with
1645 the case of a system with IPv6 libraries, but no IPv6 support in the kernel.
1646 listening, provided a wildcard IPv4 socket for the same port follows. */
1648 for (ipa = addresses, sk = 0; sk < listen_socket_count; ipa = ipa->next, sk++)
1651 ip_address_item *ipa2;
1654 if (Ustrchr(ipa->address, ':') != NULL)
1657 wildcard = ipa->address[1] == 0;
1662 wildcard = ipa->address[0] == 0;
1665 if ((listen_sockets[sk] = ip_socket(SOCK_STREAM, af)) < 0)
1667 if (check_special_case(0, addresses, ipa, FALSE))
1669 log_write(0, LOG_MAIN, "Failed to create IPv6 socket for wildcard "
1670 "listening (%s): will use IPv4", strerror(errno));
1673 log_write(0, LOG_PANIC_DIE, "IPv%c socket creation failed: %s",
1674 (af == AF_INET6)? '6' : '4', strerror(errno));
1677 /* If this is an IPv6 wildcard socket, set IPV6_V6ONLY if that option is
1678 available. Just log failure (can get protocol not available, just like
1679 socket creation can). */
1682 if (af == AF_INET6 && wildcard &&
1683 setsockopt(listen_sockets[sk], IPPROTO_IPV6, IPV6_V6ONLY, CS (&on),
1685 log_write(0, LOG_MAIN, "Setting IPV6_V6ONLY on daemon's IPv6 wildcard "
1686 "socket failed (%s): carrying on without it", strerror(errno));
1687 #endif /* IPV6_V6ONLY */
1689 /* Set SO_REUSEADDR so that the daemon can be restarted while a connection
1690 is being handled. Without this, a connection will prevent reuse of the
1691 smtp port for listening. */
1693 if (setsockopt(listen_sockets[sk], SOL_SOCKET, SO_REUSEADDR,
1694 US (&on), sizeof(on)) < 0)
1695 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "setting SO_REUSEADDR on socket "
1696 "failed when starting daemon: %s", strerror(errno));
1698 /* Set TCP_NODELAY; Exim does its own buffering. There is a switch to
1699 disable this because it breaks some broken clients. */
1701 if (tcp_nodelay) setsockopt(listen_sockets[sk], IPPROTO_TCP, TCP_NODELAY,
1702 US (&on), sizeof(on));
1704 /* Now bind the socket to the required port; if Exim is being restarted
1705 it may not always be possible to bind immediately, even with SO_REUSEADDR
1706 set, so try 10 times, waiting between each try. After 10 failures, we give
1707 up. In an IPv6 environment, if bind () fails with the error EADDRINUSE and
1708 we are doing wildcard IPv4 listening and there was a previous IPv6 wildcard
1709 address for the same port, ignore the error on the grounds that we must be
1710 in a system where the IPv6 socket accepts both kinds of call. This is
1711 necessary for (some release of) USAGI Linux; other IP stacks fail at the
1712 listen() stage instead. */
1715 f.tcp_fastopen_ok = TRUE;
1720 if (ip_bind(listen_sockets[sk], af, ipa->address, ipa->port) >= 0) break;
1721 if (check_special_case(errno, addresses, ipa, TRUE))
1723 DEBUG(D_any) debug_printf("wildcard IPv4 bind() failed after IPv6 "
1724 "listen() success; EADDRINUSE ignored\n");
1725 (void)close(listen_sockets[sk]);
1728 msg = US strerror(errno);
1734 if (daemon_startup_retries <= 0)
1735 log_write(0, LOG_MAIN|LOG_PANIC_DIE,
1736 "socket bind() to port %d for address %s failed: %s: "
1737 "daemon abandoned", ipa->port, addr, msg);
1738 log_write(0, LOG_MAIN, "socket bind() to port %d for address %s "
1739 "failed: %s: waiting %s before trying again (%d more %s)",
1740 ipa->port, addr, msg, readconf_printtime(daemon_startup_sleep),
1741 daemon_startup_retries, (daemon_startup_retries > 1)? "tries" : "try");
1742 daemon_startup_retries--;
1743 sleep(daemon_startup_sleep);
1748 debug_printf("listening on all interfaces (IPv%c) port %d\n",
1749 af == AF_INET6 ? '6' : '4', ipa->port);
1751 debug_printf("listening on %s port %d\n", ipa->address, ipa->port);
1753 #if defined(TCP_FASTOPEN) && !defined(__APPLE__)
1754 if ( f.tcp_fastopen_ok
1755 && setsockopt(listen_sockets[sk], IPPROTO_TCP, TCP_FASTOPEN,
1756 &smtp_connect_backlog, sizeof(smtp_connect_backlog)))
1758 DEBUG(D_any) debug_printf("setsockopt FASTOPEN: %s\n", strerror(errno));
1759 f.tcp_fastopen_ok = FALSE;
1763 /* Start listening on the bound socket, establishing the maximum backlog of
1764 connections that is allowed. On success, continue to the next address. */
1766 if (listen(listen_sockets[sk], smtp_connect_backlog) >= 0)
1768 #if defined(TCP_FASTOPEN) && defined(__APPLE__)
1769 if ( f.tcp_fastopen_ok
1770 && setsockopt(listen_sockets[sk], IPPROTO_TCP, TCP_FASTOPEN,
1773 DEBUG(D_any) debug_printf("setsockopt FASTOPEN: %s\n", strerror(errno));
1774 f.tcp_fastopen_ok = FALSE;
1780 /* Listening has failed. In an IPv6 environment, as for bind(), if listen()
1781 fails with the error EADDRINUSE and we are doing IPv4 wildcard listening
1782 and there was a previous successful IPv6 wildcard listen on the same port,
1783 we want to ignore the error on the grounds that we must be in a system
1784 where the IPv6 socket accepts both kinds of call. */
1786 if (!check_special_case(errno, addresses, ipa, TRUE))
1787 log_write(0, LOG_PANIC_DIE, "listen() failed on interface %s: %s",
1789 ? af == AF_INET6 ? US"(any IPv6)" : US"(any IPv4)" : ipa->address,
1792 DEBUG(D_any) debug_printf("wildcard IPv4 listen() failed after IPv6 "
1793 "listen() success; EADDRINUSE ignored\n");
1794 (void)close(listen_sockets[sk]);
1796 /* Come here if there has been a problem with the socket which we
1797 are going to ignore. We remove the address from the chain, and back up the
1801 sk--; /* Back up the count */
1802 listen_socket_count--; /* Reduce the total */
1803 if (ipa == addresses) addresses = ipa->next; else
1805 for (ipa2 = addresses; ipa2->next != ipa; ipa2 = ipa2->next);
1806 ipa2->next = ipa->next;
1809 } /* End of bind/listen loop for each address */
1810 } /* End of setup for listening */
1813 /* If we are not listening, we want to write a pid file only if -oP was
1814 explicitly given. */
1816 else if (!override_pid_file_path)
1819 /* Write the pid to a known file for assistance in identification, if required.
1820 We do this before giving up root privilege, because on some systems it is
1821 necessary to be root in order to write into the pid file directory. There's
1822 nothing to stop multiple daemons running, as long as no more than one listens
1823 on a given TCP/IP port on the same interface(s). However, in these
1824 circumstances it gets far too complicated to mess with pid file names
1825 automatically. Consequently, Exim 4 writes a pid file only
1827 (a) When running in the test harness, or
1828 (b) When -bd is used and -oX is not used, or
1829 (c) When -oP is used to supply a path.
1831 The variable daemon_write_pid is used to control this. */
1833 if (f.running_in_test_harness || write_pid)
1837 set_pid_file_path();
1838 if ((f = modefopen(pid_file_path, "wb", 0644)))
1840 (void)fprintf(f, "%d\n", (int)getpid());
1842 DEBUG(D_any) debug_printf("pid written to %s\n", pid_file_path);
1846 debug_printf("%s\n", string_open_failed(errno, "pid file %s",
1850 /* Set up the handler for SIGHUP, which causes a restart of the daemon. */
1852 sighup_seen = FALSE;
1853 signal(SIGHUP, sighup_handler);
1855 /* Give up root privilege at this point (assuming that exim_uid and exim_gid
1856 are not root). The third argument controls the running of initgroups().
1857 Normally we do this, in order to set up the groups for the Exim user. However,
1858 if we are not root at this time - some odd installations run that way - we
1861 exim_setugid(exim_uid, exim_gid, geteuid()==root_uid, US"running as a daemon");
1863 /* Update the originator_xxx fields so that received messages as listed as
1864 coming from Exim, not whoever started the daemon. */
1866 originator_uid = exim_uid;
1867 originator_gid = exim_gid;
1868 originator_login = (pw = getpwuid(exim_uid))
1869 ? string_copy_perm(US pw->pw_name, FALSE) : US"exim";
1871 /* Get somewhere to keep the list of queue-runner pids if we are keeping track
1872 of them (and also if we are doing queue runs). */
1874 if (queue_interval > 0 && local_queue_run_max > 0)
1876 queue_pid_slots = store_get(local_queue_run_max * sizeof(pid_t), FALSE);
1877 for (int i = 0; i < local_queue_run_max; i++) queue_pid_slots[i] = 0;
1880 /* Set up the handler for termination of child processes, and the one
1881 telling us to die. */
1883 sigchld_seen = FALSE;
1884 os_non_restarting_signal(SIGCHLD, main_sigchld_handler);
1886 sigterm_seen = FALSE;
1887 os_non_restarting_signal(SIGTERM, main_sigterm_handler);
1889 /* If we are to run the queue periodically, pretend the alarm has just gone
1890 off. This will cause the first queue-runner to get kicked off straight away. */
1892 sigalrm_seen = (queue_interval > 0);
1894 /* Log the start up of a daemon - at least one of listening or queue running
1897 if (f.inetd_wait_mode)
1899 uschar *p = big_buffer;
1901 if (inetd_wait_timeout >= 0)
1902 sprintf(CS p, "terminating after %d seconds", inetd_wait_timeout);
1904 sprintf(CS p, "with no wait timeout");
1906 log_write(0, LOG_MAIN,
1907 "exim %s daemon started: pid=%d, launched with listening socket, %s",
1908 version_string, getpid(), big_buffer);
1909 set_process_info("daemon(%s): pre-listening socket", version_string);
1911 /* set up the timeout logic */
1912 sigalrm_seen = TRUE;
1915 else if (f.daemon_listen)
1918 int smtps_ports = 0;
1919 ip_address_item * ipa;
1921 uschar * qinfo = queue_interval > 0
1922 ? string_sprintf("-q%s%s",
1923 f.queue_2stage ? "q" : "", readconf_printtime(queue_interval))
1924 : US"no queue runs";
1926 /* Build a list of listening addresses in big_buffer, but limit it to 10
1927 items. The style is for backwards compatibility.
1929 It is now possible to have some ports listening for SMTPS (the old,
1930 deprecated protocol that starts TLS without using STARTTLS), and others
1931 listening for standard SMTP. Keep their listings separate. */
1933 for (int j = 0, i; j < 2; j++)
1935 for (i = 0, ipa = addresses; i < 10 && ipa; i++, ipa = ipa->next)
1937 /* First time round, look for SMTP ports; second time round, look for
1938 SMTPS ports. Build IP+port strings. */
1940 if (host_is_tls_on_connect_port(ipa->port) == (j > 0))
1947 /* Now the information about the port (and sometimes interface) */
1949 if (ipa->address[0] == ':' && ipa->address[1] == 0)
1951 if (ipa->next && ipa->next->address[0] == 0 &&
1952 ipa->next->port == ipa->port)
1954 ipa->log = string_sprintf(" port %d (IPv6 and IPv4)", ipa->port);
1955 (ipa = ipa->next)->log = NULL;
1957 else if (ipa->v6_include_v4)
1958 ipa->log = string_sprintf(" port %d (IPv6 with IPv4)", ipa->port);
1960 ipa->log = string_sprintf(" port %d (IPv6)", ipa->port);
1962 else if (ipa->address[0] == 0) /* v4 wildcard */
1963 ipa->log = string_sprintf(" port %d (IPv4)", ipa->port);
1964 else /* check for previously-seen IP */
1966 ip_address_item * i2;
1967 for (i2 = addresses; i2 != ipa; i2 = i2->next)
1968 if ( host_is_tls_on_connect_port(i2->port) == (j > 0)
1969 && Ustrcmp(ipa->address, i2->address) == 0
1971 { /* found; append port to list */
1972 for (p = i2->log; *p; ) p++; /* end of existing string */
1973 if (*--p == '}') *p = '\0'; /* drop EOL */
1974 while (isdigit(*--p)) ; /* char before port */
1976 i2->log = *p == ':' /* no list yet? */
1977 ? string_sprintf("%.*s{%s,%d}",
1978 (int)(p - i2->log + 1), i2->log, p+1, ipa->port)
1979 : string_sprintf("%s,%d}", i2->log, ipa->port);
1983 if (i2 == ipa) /* first-time IP */
1984 ipa->log = string_sprintf(" [%s]:%d", ipa->address, ipa->port);
1991 for (int j = 0, i; j < 2; j++)
1993 /* First time round, look for SMTP ports; second time round, look for
1994 SMTPS ports. For the first one of each, insert leading text. */
1999 p += sprintf(CS p, "SMTP on");
2002 if (smtps_ports > 0)
2003 p += sprintf(CS p, "%sSMTPS on",
2004 smtp_ports == 0 ? "" : " and for ");
2006 /* Now the information about the port (and sometimes interface) */
2008 for (i = 0, ipa = addresses; i < 10 && ipa; i++, ipa = ipa->next)
2009 if (host_is_tls_on_connect_port(ipa->port) == (j > 0))
2011 p += sprintf(CS p, "%s", ipa->log);
2014 p += sprintf(CS p, " ...");
2017 log_write(0, LOG_MAIN,
2018 "exim %s daemon started: pid=%d, %s, listening for %s",
2019 version_string, getpid(), qinfo, big_buffer);
2020 set_process_info("daemon(%s): %s, listening for %s",
2021 version_string, qinfo, big_buffer);
2026 uschar * s = *queue_name
2027 ? string_sprintf("-qG%s/%s", queue_name, readconf_printtime(queue_interval))
2028 : string_sprintf("-q%s", readconf_printtime(queue_interval));
2029 log_write(0, LOG_MAIN,
2030 "exim %s daemon started: pid=%d, %s, not listening for SMTP",
2031 version_string, getpid(), s);
2032 set_process_info("daemon(%s): %s, not listening", version_string, s);
2035 /* Do any work it might be useful to amortize over our children
2036 (eg: compile regex) */
2039 smtp_deliver_init(); /* Used for callouts */
2041 #ifndef DISABLE_DKIM
2043 # ifdef MEASURE_TIMING
2045 gettimeofday(&t0, NULL);
2048 # ifdef MEASURE_TIMING
2049 report_time_since(&t0, US"dkim_exim_init (delta)");
2054 #ifdef WITH_CONTENT_SCAN
2061 /* Close the log so it can be renamed and moved. In the few cases below where
2062 this long-running process writes to the log (always exceptional conditions), it
2063 closes the log afterwards, for the same reason. */
2067 DEBUG(D_any) debug_print_ids(US"daemon running with");
2069 /* Any messages accepted via this route are going to be SMTP. */
2073 #ifdef MEASURE_TIMING
2074 report_time_since(×tamp_startup, US"daemon loop start"); /* testcase 0022 */
2077 /* Enter the never-ending loop... */
2082 struct sockaddr_in6 accepted;
2084 struct sockaddr_in accepted;
2091 daemon_die(); /* Does not return */
2093 /* This code is placed first in the loop, so that it gets obeyed at the
2094 start, before the first wait, for the queue-runner case, so that the first
2095 one can be started immediately.
2097 The other option is that we have an inetd wait timeout specified to -bw. */
2101 if (inetd_wait_timeout > 0)
2103 time_t resignal_interval = inetd_wait_timeout;
2105 if (last_connection_time == (time_t)0)
2108 debug_printf("inetd wait timeout expired, but still not seen first message, ignoring\n");
2112 time_t now = time(NULL);
2113 if (now == (time_t)-1)
2115 DEBUG(D_any) debug_printf("failed to get time: %s\n", strerror(errno));
2119 if ((now - last_connection_time) >= inetd_wait_timeout)
2122 debug_printf("inetd wait timeout %d expired, ending daemon\n",
2123 inetd_wait_timeout);
2124 log_write(0, LOG_MAIN, "exim %s daemon terminating, inetd wait timeout reached.\n",
2130 resignal_interval -= (now - last_connection_time);
2135 sigalrm_seen = FALSE;
2136 ALARM(resignal_interval);
2141 DEBUG(D_any) debug_printf("%s received\n",
2142 #ifdef EXPERIMENTAL_QUEUE_RAMP
2143 *queuerun_msgid ? "qrun notification" :
2147 /* Do a full queue run in a child process, if required, unless we already
2148 have enough queue runners on the go. If we are not running as root, a
2149 re-exec is required. */
2151 if ( queue_interval > 0
2152 && (local_queue_run_max <= 0 || queue_run_count < local_queue_run_max))
2154 if ((pid = exim_fork(US"queue-runner")) == 0)
2156 /* Disable debugging if it's required only for the daemon process. We
2157 leave the above message, because it ties up with the "child ended"
2158 debugging messages. */
2160 if (f.debug_daemon) debug_selector = 0;
2162 /* Close any open listening sockets in the child */
2164 close_daemon_sockets(daemon_notifier_fd,
2165 listen_sockets, listen_socket_count);
2167 /* Reset SIGHUP and SIGCHLD in the child in both cases. */
2169 signal(SIGHUP, SIG_DFL);
2170 signal(SIGCHLD, SIG_DFL);
2171 signal(SIGTERM, SIG_DFL);
2173 /* Re-exec if privilege has been given up, unless deliver_drop_
2174 privilege is set. Reset SIGALRM before exec(). */
2176 if (geteuid() != root_uid && !deliver_drop_privilege)
2183 signal(SIGALRM, SIG_DFL);
2187 #ifdef EXPERIMENTAL_QUEUE_RAMP
2191 if (f.queue_run_first_delivery) *p++ = 'i';
2192 if (f.queue_run_force) *p++ = 'f';
2193 if (f.deliver_force_thaw) *p++ = 'f';
2194 if (f.queue_run_local) *p++ = 'l';
2196 extra[0] = *queue_name
2197 ? string_sprintf("%sG%s", opt, queue_name) : opt;
2199 #ifdef EXPERIMENTAL_QUEUE_RAMP
2200 if (*queuerun_msgid)
2202 log_write(0, LOG_MAIN, "notify triggered queue run");
2203 extra[extracount++] = queuerun_msgid; /* Trigger only the */
2204 extra[extracount++] = queuerun_msgid; /* one message */
2208 /* If -R or -S were on the original command line, ensure they get
2211 if (deliver_selectstring)
2213 extra[extracount++] = f.deliver_selectstring_regex ? US"-Rr" : US"-R";
2214 extra[extracount++] = deliver_selectstring;
2217 if (deliver_selectstring_sender)
2219 extra[extracount++] = f.deliver_selectstring_sender_regex
2221 extra[extracount++] = deliver_selectstring_sender;
2224 /* Overlay this process with a new execution. */
2226 (void)child_exec_exim(CEE_EXEC_PANIC, FALSE, NULL, FALSE, extracount,
2227 extra[0], extra[1], extra[2], extra[3], extra[4], extra[5], extra[6]);
2229 /* Control never returns here. */
2232 /* No need to re-exec; SIGALRM remains set to the default handler */
2234 #ifdef EXPERIMENTAL_QUEUE_RAMP
2235 if (*queuerun_msgid)
2237 log_write(0, LOG_MAIN, "notify triggered queue run");
2238 f.queue_2stage = FALSE;
2239 queue_run(queuerun_msgid, queuerun_msgid, FALSE);
2243 queue_run(NULL, NULL, FALSE);
2244 exim_underbar_exit(EXIT_SUCCESS);
2249 log_write(0, LOG_MAIN|LOG_PANIC, "daemon: fork of queue-runner "
2250 "process failed: %s", strerror(errno));
2255 for (int i = 0; i < local_queue_run_max; ++i)
2256 if (queue_pid_slots[i] <= 0)
2258 queue_pid_slots[i] = pid;
2262 DEBUG(D_any) debug_printf("%d queue-runner process%s running\n",
2263 queue_run_count, queue_run_count == 1 ? "" : "es");
2267 /* Reset the alarm clock */
2269 sigalrm_seen = FALSE;
2270 #ifdef EXPERIMENTAL_QUEUE_RAMP
2271 if (*queuerun_msgid)
2272 *queuerun_msgid = 0;
2275 ALARM(queue_interval);
2278 } /* sigalrm_seen */
2281 /* Sleep till a connection happens if listening, and handle the connection if
2282 that is why we woke up. The FreeBSD operating system requires the use of
2283 select() before accept() because the latter function is not interrupted by
2284 a signal, and we want to wake up for SIGCHLD and SIGALRM signals. Some other
2285 OS do notice signals in accept() but it does no harm to have the select()
2286 in for all of them - and it won't then be a lurking problem for ports to
2287 new OS. In fact, the later addition of listening on specific interfaces only
2288 requires this way of working anyway. */
2290 if (f.daemon_listen)
2292 int lcount, select_errno;
2294 BOOL select_failed = FALSE;
2295 fd_set select_listen;
2297 FD_ZERO(&select_listen);
2298 if (daemon_notifier_fd >= 0)
2299 FD_SET(daemon_notifier_fd, &select_listen);
2300 for (int sk = 0; sk < listen_socket_count; sk++)
2302 FD_SET(listen_sockets[sk], &select_listen);
2303 if (listen_sockets[sk] > max_socket) max_socket = listen_sockets[sk];
2306 DEBUG(D_any) debug_printf("Listening...\n");
2308 /* In rare cases we may have had a SIGCHLD signal in the time between
2309 setting the handler (below) and getting back here. If so, pretend that the
2310 select() was interrupted so that we reap the child. This might still leave
2311 a small window when a SIGCHLD could get lost. However, since we use SIGCHLD
2312 only to do the reaping more quickly, it shouldn't result in anything other
2313 than a delay until something else causes a wake-up. */
2321 lcount = select(max_socket + 1, (SELECT_ARG2_TYPE *)&select_listen,
2326 select_failed = TRUE;
2330 /* Clean up any subprocesses that may have terminated. We need to do this
2331 here so that smtp_accept_max_per_host works when a connection to that host
2332 has completed, and we are about to accept a new one. When this code was
2333 later in the sequence, a new connection could be rejected, even though an
2334 old one had just finished. Preserve the errno from any select() failure for
2335 the use of the common select/accept error processing below. */
2337 select_errno = errno;
2338 handle_ending_processes();
2339 errno = select_errno;
2342 /* Create or rotate any required keys */
2346 /* Loop for all the sockets that are currently ready to go. If select
2347 actually failed, we have set the count to 1 and select_failed=TRUE, so as
2348 to use the common error code for select/accept below. */
2350 while (lcount-- > 0)
2352 int accept_socket = -1;
2356 if ( daemon_notifier_fd >= 0
2357 && FD_ISSET(daemon_notifier_fd, &select_listen))
2359 FD_CLR(daemon_notifier_fd, &select_listen);
2360 sigalrm_seen = daemon_notification();
2361 break; /* to top of daemon loop */
2363 for (int sk = 0; sk < listen_socket_count; sk++)
2364 if (FD_ISSET(listen_sockets[sk], &select_listen))
2366 len = sizeof(accepted);
2367 accept_socket = accept(listen_sockets[sk],
2368 (struct sockaddr *)&accepted, &len);
2369 FD_CLR(listen_sockets[sk], &select_listen);
2374 /* If select or accept has failed and this was not caused by an
2375 interruption, log the incident and try again. With asymmetric TCP/IP
2376 routing errors such as "No route to network" have been seen here. Also
2377 "connection reset by peer" has been seen. These cannot be classed as
2378 disastrous errors, but they could fill up a lot of log. The code in smail
2379 crashes the daemon after 10 successive failures of accept, on the grounds
2380 that some OS fail continuously. Exim originally followed suit, but this
2381 appears to have caused problems. Now it just keeps going, but instead of
2382 logging each error, it batches them up when they are continuous. */
2384 if (accept_socket < 0 && errno != EINTR)
2386 if (accept_retry_count == 0)
2388 accept_retry_errno = errno;
2389 accept_retry_select_failed = select_failed;
2391 else if ( errno != accept_retry_errno
2392 || select_failed != accept_retry_select_failed
2393 || accept_retry_count >= 50)
2395 log_write(0, LOG_MAIN | (accept_retry_count >= 50? LOG_PANIC : 0),
2396 "%d %s() failure%s: %s",
2398 accept_retry_select_failed? "select" : "accept",
2399 accept_retry_count == 1 ? "" : "s",
2400 strerror(accept_retry_errno));
2402 accept_retry_count = 0;
2403 accept_retry_errno = errno;
2404 accept_retry_select_failed = select_failed;
2406 accept_retry_count++;
2410 if (accept_retry_count > 0)
2412 log_write(0, LOG_MAIN, "%d %s() failure%s: %s",
2414 accept_retry_select_failed? "select" : "accept",
2415 (accept_retry_count == 1)? "" : "s",
2416 strerror(accept_retry_errno));
2418 accept_retry_count = 0;
2422 /* If select/accept succeeded, deal with the connection. */
2424 if (accept_socket >= 0)
2426 if (inetd_wait_timeout)
2427 last_connection_time = time(NULL);
2428 handle_smtp_call(listen_sockets, listen_socket_count, accept_socket,
2429 (struct sockaddr *)&accepted);
2434 /* If not listening, then just sleep for the queue interval. If we woke
2435 up early the last time for some other signal, it won't matter because
2436 the alarm signal will wake at the right time. This code originally used
2437 sleep() but it turns out that on the FreeBSD system, sleep() is not inter-
2438 rupted by signals, so it wasn't waking up for SIGALRM or SIGCHLD. Luckily
2439 select() can be used as an interruptible sleep() on all versions of Unix. */
2444 tv.tv_sec = queue_interval;
2446 select(0, NULL, NULL, NULL, &tv);
2447 handle_ending_processes();
2450 /* Re-enable the SIGCHLD handler if it has been run. It can't do it
2451 for itself, because it isn't doing the waiting itself. */
2455 sigchld_seen = FALSE;
2456 os_non_restarting_signal(SIGCHLD, main_sigchld_handler);
2459 /* Handle being woken by SIGHUP. We know at this point that the result
2460 of accept() has been dealt with, so we can re-exec exim safely, first
2461 closing the listening sockets so that they can be reused. Cancel any pending
2462 alarm in case it is just about to go off, and set SIGHUP to be ignored so
2463 that another HUP in quick succession doesn't clobber the new daemon before it
2464 gets going. All log files get closed by the close-on-exec flag; however, if
2465 the exec fails, we need to close the logs. */
2469 log_write(0, LOG_MAIN, "pid %d: SIGHUP received: re-exec daemon",
2471 close_daemon_sockets(daemon_notifier_fd,
2472 listen_sockets, listen_socket_count);
2474 signal(SIGHUP, SIG_IGN);
2475 sighup_argv[0] = exim_path;
2477 execv(CS exim_path, (char *const *)sighup_argv);
2478 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "pid %d: exec of %s failed: %s",
2479 getpid(), exim_path, strerror(errno));
2483 } /* End of main loop */
2485 /* Control never reaches here */
2490 /* End of exim_daemon.c */