diff options
author | Jeremy Harris <jgh146exb@wizmail.org> | 2022-12-31 13:37:17 +0000 |
---|---|---|
committer | Jeremy Harris <jgh146exb@wizmail.org> | 2022-12-31 17:14:58 +0000 |
commit | 57d70161718e02927a22d6a3481803b72035ac46 (patch) | |
tree | 3206e22d7f40acda759609c3bf3a3a754fee534a /src | |
parent | 5281dce92f37ab268bfa781e384d64dc5947203f (diff) | |
download | exim4-57d70161718e02927a22d6a3481803b72035ac46.tar.gz |
Close server smtp socket explicitly on connect ACL "drop"
Diffstat (limited to 'src')
-rw-r--r-- | src/src/smtp_in.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index 1cfcc0404..6880e3c09 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -3565,6 +3565,19 @@ problem, because we get here only if some other ACL has issued "drop", and in that case, *its* custom messages will have been used above. */ smtp_notquit_exit(US"acl-drop", NULL, NULL); + +/* An overenthusiastic fail2ban/iptables implimentation has been seen to result +in the TCP conn staying open, and retrying, despite this process exiting. A +malicious client could possibly do the same, tying up server netowrking +resources. Close the socket explicitly to try to avoid that (there's a note in +the Linux socket(7) manpage, SO_LINGER para, to the effect that exim() without +close() results in the socket always lingering). */ + +(void) poll_one_fd(fileno(smtp_in), POLLIN, 200); +DEBUG(D_any) debug_printf_indent("SMTP(close)>>\n"); +(void) fclose(smtp_in); +(void) fclose(smtp_out); + return 2; } |