TFO: cleanup the TCP pure ack of SMTP banner

[exim.git] / src / src / daemon.c

diff --git a/src/src/daemon.c b/src/src/daemon.c
index 83131fa1d94330eb439e779cd63bdbf3d16f5d5c..1006961d35b09220e47686d9f43ce31d8cfe66fe 100644 (file)
--- a/src/src/daemon.c
+++ b/src/src/daemon.c
@@ -1426,6 +1426,7 @@ if (f.daemon_listen && !f.inetd_wait_mode)
 
   list = tls_in.on_connect_ports;
   sep = 0;
+  /* the list isn't expanded so cannot be tainted.  If it ever is we will trap here */
   while ((s = string_nextinlist(&list, &sep, big_buffer, big_buffer_size)))
     if (!isdigit(*s))
       {
@@ -2430,6 +2431,11 @@ for (;;)
 
       if (accept_socket >= 0)
         {
+#ifdef TCP_QUICKACK /* Avoid pure-ACKs while in tls protocol pingpong phase */
+       /* Unfortunately we cannot be certain to do this before a TLS-on-connect
+       Client Hello arrives and is acked. We do it as early as possible. */
+       (void) setsockopt(accept_socket, IPPROTO_TCP, TCP_QUICKACK, US &off, sizeof(off));
+#endif
         if (inetd_wait_timeout)
           last_connection_time = time(NULL);
         handle_smtp_call(listen_sockets, listen_socket_count, accept_socket,