.cindex "banner for SMTP"
.cindex "welcome banner for SMTP"
.cindex "customizing" "SMTP banner"
-This string, which is expanded every time it is used, is output as the initial
+If a connect ACL does not supply a message,
+this string (which is expanded every time it is used) is output as the initial
positive response to an SMTP connection. The default setting is:
.code
smtp_banner = $smtp_active_hostname ESMTP Exim \
$version_number $tod_full
.endd
-Failure to expand the string causes a panic error. If you want to create a
+.new
+Failure to expand the string causes a panic error;
+a forced fail just closes the connection.
+.wen
+If you want to create a
multiline response to the initial SMTP connection, use &"\n"& in the string at
appropriate points, but not at the end. Note that the 220 code is not included
in this string. Exim adds it automatically (several times in the case of a
esc = US""; /* Default extended status code */
esclen = 0; /* Length of esc */
-if (!user_msg)
- {
- if (!(s = expand_string(smtp_banner)))
- log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Expansion of \"%s\" (smtp_banner) "
- "failed: %s", smtp_banner, expand_string_message);
- }
-else
+if (user_msg)
{
int codelen = 3;
s = user_msg;
esclen = codelen - 4;
}
}
+else if (!(s = expand_string(smtp_banner)))
+ {
+ log_write(0, f.expand_string_forcedfail ? LOG_MAIN : LOG_MAIN|LOG_PANIC_DIE,
+ "Expansion of \"%s\" (smtp_banner) failed: %s",
+ smtp_banner, expand_string_message);
+ /* for force-fail */
+#ifndef DISABLE_TLS
+ if (tls_in.on_connect) tls_close(NULL, TLS_SHUTDOWN_WAIT);
+#endif
+ return FALSE;
+ }
/* Remove any terminating newlines; might as well remove trailing space too */
tls_certificate = DIR/aux-fixed/cert1
host_reject_connection = ${acl {hrc}}
+smtp_banner = ${if != {$received_port}{PORT_D4} {my banner}fail}
event_action = ${acl {tls_fail}}
log_selector = +pid
tls_certificate = DIR/aux-fixed/cert1
host_reject_connection = ${acl {hrc}}
+smtp_banner = ${if != {$received_port}{PORT_D4} {my banner}fail}
event_action = ${acl {tls_fail}}
log_selector = +pid
******** SERVER ********
-1999-03-02 09:44:33 [1237] exim x.yz daemon started: pid=p1236, no queue runs, listening for SMTPS on port PORT_D port PORT_D2 port PORT_D3
+1999-03-02 09:44:33 [1237] exim x.yz daemon started: pid=p1236, no queue runs, listening for SMTPS on port PORT_D port PORT_D2 port PORT_D3 port PORT_D4
1999-03-02 09:44:33 [1238] eval host_reject_connection
1999-03-02 09:44:33 [1238] ACL conn
1999-03-02 09:44:33 [1238] ACL quit
1999-03-02 09:44:33 [1235] H=[127.0.0.1] dropped by 'connect' ACL: we dislike you
1999-03-02 09:44:33 [1240] eval host_reject_connection
1999-03-02 09:44:33 [1240] ACL conn
-1999-03-02 09:44:33 [1240] EV tls:fail:connect
-1999-03-02 09:44:33 [1240] EVDATA: (gnutls_handshake): The TLS connection was non-properly terminated.
-1999-03-02 09:44:33 [1240] TLS error on connection from [127.0.0.1] (tls lib accept fn): TCP connection closed by peer
+1999-03-02 09:44:33 [1240] Expansion of "${if != {$received_port}{1228} {my banner}fail}" (smtp_banner) failed: "if" failed and "fail" requested
+1999-03-02 09:44:33 [1241] eval host_reject_connection
+1999-03-02 09:44:33 [1241] ACL conn
+1999-03-02 09:44:33 [1241] EV tls:fail:connect
+1999-03-02 09:44:33 [1241] EVDATA: (gnutls_handshake): The TLS connection was non-properly terminated.
+1999-03-02 09:44:33 [1241] TLS error on connection from [127.0.0.1] (tls lib accept fn): TCP connection closed by peer
******** SERVER ********
-1999-03-02 09:44:33 [1237] exim x.yz daemon started: pid=p1236, no queue runs, listening for SMTPS on port PORT_D port PORT_D2 port PORT_D3
+1999-03-02 09:44:33 [1237] exim x.yz daemon started: pid=p1236, no queue runs, listening for SMTPS on port PORT_D port PORT_D2 port PORT_D3 port PORT_D4
1999-03-02 09:44:33 [1238] eval host_reject_connection
1999-03-02 09:44:33 [1238] ACL conn
1999-03-02 09:44:33 [1238] ACL quit
1999-03-02 09:44:33 [1235] H=[127.0.0.1] dropped by 'connect' ACL: we dislike you
1999-03-02 09:44:33 [1240] eval host_reject_connection
1999-03-02 09:44:33 [1240] ACL conn
-1999-03-02 09:44:33 [1240] EV tls:fail:connect
-1999-03-02 09:44:33 [1240] EVDATA: SSL_accept: TCP connection closed by peer
-1999-03-02 09:44:33 [1240] TLS error on connection from [127.0.0.1] (tls lib accept fn): TCP connection closed by peer
+1999-03-02 09:44:33 [1240] Expansion of "${if != {$received_port}{1228} {my banner}fail}" (smtp_banner) failed: "if" failed and "fail" requested
+1999-03-02 09:44:33 [1241] eval host_reject_connection
+1999-03-02 09:44:33 [1241] ACL conn
+1999-03-02 09:44:33 [1241] EV tls:fail:connect
+1999-03-02 09:44:33 [1241] EVDATA: SSL_accept: TCP connection closed by peer
+1999-03-02 09:44:33 [1241] TLS error on connection from [127.0.0.1] (tls lib accept fn): TCP connection closed by peer
# smtp-on-connect drop-before-tls-accept
#
-exim -DSERVER=server -tls-on-connect -bd -oX PORT_D:PORT_D2:PORT_D3
+exim -DSERVER=server -tls-on-connect -bd -oX PORT_D:PORT_D2:PORT_D3:PORT_D4
****
#
# Normal, full connect and quit
???*
****
#
+# server fails banner expansion
+client-anytls -tls-on-connect 127.0.0.1 PORT_D4
+???*
+****
+#
# client disconnects before server TLS accept completes
client 127.0.0.1 PORT_D
+++ 1
# smtp-on-connect drop-before-tls-accept
#
-exim -DSERVER=server -tls-on-connect -bd -oX PORT_D:PORT_D2:PORT_D3
+exim -DSERVER=server -tls-on-connect -bd -oX PORT_D:PORT_D2:PORT_D3:PORT_D4
****
#
# Normal, full connect and quit
???*
****
#
+# server fails banner expansion
+client-anytls -tls-on-connect 127.0.0.1 PORT_D4
+???*
+****
+#
+#
# client disconnects before server TLS accept completes
client 127.0.0.1 PORT_D
+++ 1
Attempting to start TLS
Succeeded in starting TLS
??? 220
-<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+<<< 220 my banner
>>> quit
??? 221
<<< 221 myhost.test.ex closing connection
Attempting to start TLS
Succeeded in starting TLS
??? 220
-<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+<<< 220 my banner
End of script
Connecting to 127.0.0.1 port 1226 ... connected
Attempting to start TLS
???*
Expected EOF read
End of script
+Connecting to 127.0.0.1 port 1228 ... connected
+Attempting to start TLS
+Succeeded in starting TLS
+???*
+Expected EOF read
+End of script
Connecting to 127.0.0.1 port 1225 ... connected
+++ 1
End of script
Attempting to start TLS
Succeeded in starting TLS
??? 220
-<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+<<< 220 my banner
>>> quit
??? 221
<<< 221 myhost.test.ex closing connection
Attempting to start TLS
Succeeded in starting TLS
??? 220
-<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+<<< 220 my banner
End of script
Connecting to 127.0.0.1 port 1226 ... connected
Attempting to start TLS
???*
Expected EOF read
End of script
+Connecting to 127.0.0.1 port 1228 ... connected
+Attempting to start TLS
+Succeeded in starting TLS
+???*
+Expected EOF read
+End of script
Connecting to 127.0.0.1 port 1225 ... connected
+++ 1
End of script
git://git.exim.org / exim.git / commitdiff