<!DOCTYPE html PUBLIC "XSLT-compat">
<html lang="en-GB">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<link rel="stylesheet" type="text/css" href="../../../../common.css">
<meta name="author" content="The Exim Project. <http://www.exim.org/>">
<meta name="copyright" content="Copyright ©2010 The Exim Project. All rights reserved">
<meta name="description" content="Exim is a message transfer agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet.">
<meta name="keywords" content="exim,smtp,mta,email">
<meta name="robots" content="noodp,noydir,index,follow">
<meta name="viewport" content="width=device-width">
<title>13. Starting the daemon and the use of network interfaces</title>
<link rel="stylesheet" type="text/css" href="../../../../doc/chapter.css">
<link rel="canonical" href="http://www.exim.org/exim-html-current/doc/html/spec_html/ch13.html">
</head>
<body>
<h1 id="header"><a href="../../../..">Exim Internet Mailer</a></h1>
<div id="outer">
<ul id="nav_flow" class="nav">
<li><a href="../../../../index.html">Home</a></li>
<li><a href="../../../../mirrors.html">Download</a></li>
<li><a href="../../../../docs.html">Documentation</a></li>
<li><a href="../../../../maillist.html">Mailing Lists</a></li>
<li><a href="http://wiki.exim.org/">Wiki</a></li>
<li><a href="http://www.exim.org/bugzilla/">Bugs</a></li>
<li><a href="../../../../credits.html">Credits</a></li>
<li class="search"><form action="http://www.google.com/search" method="get">
<span class="search_field_container"><input type="search" name="q" placeholder="Search Docs" class="search_field"></span><input type="hidden" name="hl" value="en"><input type="hidden" name="ie" value="UTF-8"><input type="hidden" name="as_qdr" value="all"><input type="hidden" name="q" value="site:www.exim.org"><input type="hidden" name="q" value="inurl:exim-html-current">
</form></li>
</ul>
<div id="inner"><div id="content">
<a class="previous_page" href="ch12.html"><-previous</a><a class="next_page" href="ch14.html">next-></a><div id="chapter" class="chapter">
<h2 id="CHAPinterfaces" class="">Chapter 13 - Starting the daemon and the use of network interfaces</h2>
<p>
A host that is connected to a TCP/IP network may have one or more physical
hardware network interfaces. Each of these interfaces may be configured as one
or more “logical” interfaces, which are the entities that a program actually
works with. Each of these logical interfaces is associated with an IP address.
In addition, TCP/IP software supports “loopback” interfaces (127.0.0.1 in
IPv4 and ::1 in IPv6), which do not use any physical hardware. Exim requires
knowledge about the host’s interfaces for use in three different circumstances:
</p>
<ol>
<li>
<p>
When a listening daemon is started, Exim needs to know which interfaces
and ports to listen on.
</p>
</li>
<li>
<p>
When Exim is routing an address, it needs to know which IP addresses
are associated with local interfaces. This is required for the correct
processing of MX lists by removing the local host and others with the
same or higher priority values. Also, Exim needs to detect cases
when an address is routed to an IP address that in fact belongs to the
local host. Unless the <span class="docbook_option">self</span> router option or the <span class="docbook_option">allow_localhost</span>
option of the smtp transport is set (as appropriate), this is treated
as an error situation.
</p>
</li>
<li>
<p>
When Exim connects to a remote host, it may need to know which interface to use
for the outgoing connection.
</p>
</li>
</ol>
<p>
Exim’s default behaviour is likely to be appropriate in the vast majority
of cases. If your host has only one interface, and you want all its IP
addresses to be treated in the same way, and you are using only the
standard SMTP port, you should not need to take any special action. The
rest of this chapter does not apply to you.
</p>
<p>
In a more complicated situation you may want to listen only on certain
interfaces, or on different ports, and for this reason there are a number of
options that can be used to influence Exim’s behaviour. The rest of this
chapter describes how they operate.
</p>
<p>
When a message is received over TCP/IP, the interface and port that were
actually used are set in $received_ip_address and $received_port.
</p>
<div class="section">
<h3 id="SECID89" class="">1. Starting a listening daemon</h3>
<p>
When a listening daemon is started (by means of the <span class="docbook_option">-bd</span> command line
option), the interfaces and ports on which it listens are controlled by the
following options:
</p>
<ul>
<li>
<p>
<span class="docbook_option">daemon_smtp_ports</span> contains a list of default ports. (For backward
compatibility, this option can also be specified in the singular.)
</p>
</li>
<li>
<p>
<span class="docbook_option">local_interfaces</span> contains list of interface IP addresses on which to
listen. Each item may optionally also specify a port.
</p>
</li>
</ul>
<p>
The default list separator in both cases is a colon, but this can be changed as
described in section <a href="ch06.html#SECTlistconstruct" title="6. The Exim run time configuration file">6.19</a>. When IPv6 addresses are involved,
it is usually best to change the separator to avoid having to double all the
colons. For example:
</p>
<div class="docbook_literallayout"><pre>
local_interfaces = <; 127.0.0.1 ; \
192.168.23.65 ; \
::1 ; \
3ffe:ffff:836f::fe86:a061
</pre></div>
<p>
There are two different formats for specifying a port along with an IP address
in <span class="docbook_option">local_interfaces</span>:
</p>
<ol>
<li>
<p>
The port is added onto the address with a dot separator. For example, to listen
on port 1234 on two different IP addresses:
</p>
<div class="docbook_literallayout"><pre>
local_interfaces = <; 192.168.23.65.1234 ; \
3ffe:ffff:836f::fe86:a061.1234
</pre></div>
</li>
<li>
<p>
The IP address is enclosed in square brackets, and the port is added
with a colon separator, for example:
</p>
<div class="docbook_literallayout"><pre>
local_interfaces = <; [192.168.23.65]:1234 ; \
[3ffe:ffff:836f::fe86:a061]:1234
</pre></div>
</li>
</ol>
<p>
When a port is not specified, the value of <span class="docbook_option">daemon_smtp_ports</span> is used. The
default setting contains just one port:
</p>
<div class="docbook_literallayout"><pre>
daemon_smtp_ports = smtp
</pre></div>
<p>
If more than one port is listed, each interface that does not have its own port
specified listens on all of them. Ports that are listed in
<span class="docbook_option">daemon_smtp_ports</span> can be identified either by name (defined in
<span class="docbook_filename">/etc/services</span>) or by number. However, when ports are given with individual
IP addresses in <span class="docbook_option">local_interfaces</span>, only numbers (not names) can be used.
</p>
</div>
<div class="section">
<h3 id="SECID90" class="">2. Special IP listening addresses</h3>
<p>
The addresses 0.0.0.0 and ::0 are treated specially. They are interpreted
as “all IPv4 interfaces” and “all IPv6 interfaces”, respectively. In each
case, Exim tells the TCP/IP stack to “listen on all IPv<span class="docbook_emphasis">x</span> interfaces”
instead of setting up separate listening sockets for each interface. The
default value of <span class="docbook_option">local_interfaces</span> is
</p>
<div class="docbook_literallayout"><pre>
local_interfaces = 0.0.0.0
</pre></div>
<p>
when Exim is built without IPv6 support; otherwise it is:
</p>
<div class="docbook_literallayout"><pre>
local_interfaces = <; ::0 ; 0.0.0.0
</pre></div>
<p>
Thus, by default, Exim listens on all available interfaces, on the SMTP port.
</p>
</div>
<div class="section">
<h3 id="SECID91" class="">3. Overriding local_interfaces and daemon_smtp_ports</h3>
<p>
The <span class="docbook_option">-oX</span> command line option can be used to override the values of
<span class="docbook_option">daemon_smtp_ports</span> and/or <span class="docbook_option">local_interfaces</span> for a particular daemon
instance. Another way of doing this would be to use macros and the <span class="docbook_option">-D</span>
option. However, <span class="docbook_option">-oX</span> can be used by any admin user, whereas modification of
the runtime configuration by <span class="docbook_option">-D</span> is allowed only when the caller is root or
exim.
</p>
<p>
The value of <span class="docbook_option">-oX</span> is a list of items. The default colon separator can be
changed in the usual way if required. If there are any items that do not
contain dots or colons (that is, are not IP addresses), the value of
<span class="docbook_option">daemon_smtp_ports</span> is replaced by the list of those items. If there are any
items that do contain dots or colons, the value of <span class="docbook_option">local_interfaces</span> is
replaced by those items. Thus, for example,
</p>
<div class="docbook_literallayout"><pre>
-oX 1225
</pre></div>
<p>
overrides <span class="docbook_option">daemon_smtp_ports</span>, but leaves <span class="docbook_option">local_interfaces</span> unchanged,
whereas
</p>
<div class="docbook_literallayout"><pre>
-oX 192.168.34.5.1125
</pre></div>
<p>
overrides <span class="docbook_option">local_interfaces</span>, leaving <span class="docbook_option">daemon_smtp_ports</span> unchanged.
(However, since <span class="docbook_option">local_interfaces</span> now contains no items without ports, the
value of <span class="docbook_option">daemon_smtp_ports</span> is no longer relevant in this example.)
</p>
</div>
<div class="section">
<h3 id="SECTsupobssmt" class="">4. Support for the obsolete SSMTP (or SMTPS) protocol</h3>
<p>
Exim supports the obsolete SSMTP protocol (also known as SMTPS) that was used
before the STARTTLS command was standardized for SMTP. Some legacy clients
still use this protocol. If the <span class="docbook_option">tls_on_connect_ports</span> option is set to a
list of port numbers, connections to those ports must use SSMTP. The most
common use of this option is expected to be
</p>
<div class="docbook_literallayout"><pre>
tls_on_connect_ports = 465
</pre></div>
<p>
because 465 is the usual port number used by the legacy clients. There is also
a command line option <span class="docbook_option">-tls-on-connect</span>, which forces all ports to behave in
this way when a daemon is started.
</p>
<p>
<span class="docbook_emphasis">Warning</span>: Setting <span class="docbook_option">tls_on_connect_ports</span> does not of itself cause the
daemon to listen on those ports. You must still specify them in
<span class="docbook_option">daemon_smtp_ports</span>, <span class="docbook_option">local_interfaces</span>, or the <span class="docbook_option">-oX</span> option. (This is
because <span class="docbook_option">tls_on_connect_ports</span> applies to <span class="docbook_option">inetd</span> connections as well as to
connections via the daemon.)
</p>
</div>
<div class="section">
<h3 id="SECID92" class="">5. IPv6 address scopes</h3>
<p>
IPv6 addresses have “scopes”, and a host with multiple hardware interfaces
can, in principle, have the same link-local IPv6 address on different
interfaces. Thus, additional information is needed, over and above the IP
address, to distinguish individual interfaces. A convention of using a
percent sign followed by something (often the interface name) has been
adopted in some cases, leading to addresses like this:
</p>
<div class="docbook_literallayout"><pre>
fe80::202:b3ff:fe03:45c1%eth0
</pre></div>
<p>
To accommodate this usage, a percent sign followed by an arbitrary string is
allowed at the end of an IPv6 address. By default, Exim calls <span class="docbook_function">getaddrinfo()</span>
to convert a textual IPv6 address for actual use. This function recognizes the
percent convention in operating systems that support it, and it processes the
address appropriately. Unfortunately, some older libraries have problems with
<span class="docbook_function">getaddrinfo()</span>. If
</p>
<div class="docbook_literallayout"><pre>
IPV6_USE_INET_PTON=yes
</pre></div>
<p>
is set in <span class="docbook_filename">Local/Makefile</span> (or an OS-dependent Makefile) when Exim is built,
Exim uses <span class="docbook_emphasis">inet_pton()</span> to convert a textual IPv6 address for actual use,
instead of <span class="docbook_function">getaddrinfo()</span>. (Before version 4.14, it always used this
function.) Of course, this means that the additional functionality of
<span class="docbook_function">getaddrinfo()</span> – recognizing scoped addresses – is lost.
</p>
</div>
<div class="section">
<h3 id="SECID93" class="">6. Disabling IPv6</h3>
<p>
Sometimes it happens that an Exim binary that was compiled with IPv6 support is
run on a host whose kernel does not support IPv6. The binary will fall back to
using IPv4, but it may waste resources looking up AAAA records, and trying to
connect to IPv6 addresses, causing delays to mail delivery. If you set the
<span class="docbook_option">disable_ipv6</span> option true, even if the Exim binary has IPv6 support, no IPv6
activities take place. AAAA records are never looked up, and any IPv6 addresses
that are listed in <span class="docbook_option">local_interfaces</span>, data for the <span class="docbook_command">manualroute</span> router,
etc. are ignored. If IP literals are enabled, the <span class="docbook_command">ipliteral</span> router declines
to handle IPv6 literal addresses.
</p>
<p>
On the other hand, when IPv6 is in use, there may be times when you want to
disable it for certain hosts or domains. You can use the <span class="docbook_option">dns_ipv4_lookup</span>
option to globally suppress the lookup of AAAA records for specified domains,
and you can use the <span class="docbook_option">ignore_target_hosts</span> generic router option to ignore
IPv6 addresses in an individual router.
</p>
</div>
<div class="section">
<h3 id="SECID94" class="">7. Examples of starting a listening daemon</h3>
<p>
The default case in an IPv6 environment is
</p>
<div class="docbook_literallayout"><pre>
daemon_smtp_ports = smtp
local_interfaces = <; ::0 ; 0.0.0.0
</pre></div>
<p>
This specifies listening on the smtp port on all IPv6 and IPv4 interfaces.
Either one or two sockets may be used, depending on the characteristics of
the TCP/IP stack. (This is complicated and messy; for more information,
read the comments in the <span class="docbook_filename">daemon.c</span> source file.)
</p>
<p>
To specify listening on ports 25 and 26 on all interfaces:
</p>
<div class="docbook_literallayout"><pre>
daemon_smtp_ports = 25 : 26
</pre></div>
<p>
(leaving <span class="docbook_option">local_interfaces</span> at the default setting) or, more explicitly:
</p>
<div class="docbook_literallayout"><pre>
local_interfaces = <; ::0.25 ; ::0.26 \
0.0.0.0.25 ; 0.0.0.0.26
</pre></div>
<p>
To listen on the default port on all IPv4 interfaces, and on port 26 on the
IPv4 loopback address only:
</p>
<div class="docbook_literallayout"><pre>
local_interfaces = 0.0.0.0 : 127.0.0.1.26
</pre></div>
<p>
To specify listening on the default port on specific interfaces only:
</p>
<div class="docbook_literallayout"><pre>
local_interfaces = 192.168.34.67 : 192.168.34.67
</pre></div>
<p>
<span class="docbook_emphasis">Warning</span>: Such a setting excludes listening on the loopback interfaces.
</p>
</div>
<div class="section">
<h3 id="SECTreclocipadd" class="">8. Recognizing the local host</h3>
<p>
The <span class="docbook_option">local_interfaces</span> option is also used when Exim needs to determine
whether or not an IP address refers to the local host. That is, the IP
addresses of all the interfaces on which a daemon is listening are always
treated as local.
</p>
<p>
For this usage, port numbers in <span class="docbook_option">local_interfaces</span> are ignored. If either of
the items 0.0.0.0 or ::0 are encountered, Exim gets a complete list of
available interfaces from the operating system, and extracts the relevant
(that is, IPv4 or IPv6) addresses to use for checking.
</p>
<p>
Some systems set up large numbers of virtual interfaces in order to provide
many virtual web servers. In this situation, you may want to listen for
email on only a few of the available interfaces, but nevertheless treat all
interfaces as local when routing. You can do this by setting
<span class="docbook_option">extra_local_interfaces</span> to a list of IP addresses, possibly including the
“all” wildcard values. These addresses are recognized as local, but are not
used for listening. Consider this example:
</p>
<div class="docbook_literallayout"><pre>
local_interfaces = <; 127.0.0.1 ; ::1 ; \
192.168.53.235 ; \
3ffe:2101:12:1:a00:20ff:fe86:a061
extra_local_interfaces = <; ::0 ; 0.0.0.0
</pre></div>
<p>
The daemon listens on the loopback interfaces and just one IPv4 and one IPv6
address, but all available interface addresses are treated as local when
Exim is routing.
</p>
<p>
In some environments the local host name may be in an MX list, but with an IP
address that is not assigned to any local interface. In other cases it may be
desirable to treat other host names as if they referred to the local host. Both
these cases can be handled by setting the <span class="docbook_option">hosts_treat_as_local</span> option.
This contains host names rather than IP addresses. When a host is referenced
during routing, either via an MX record or directly, it is treated as the local
host if its name matches <span class="docbook_option">hosts_treat_as_local</span>, or if any of its IP
addresses match <span class="docbook_option">local_interfaces</span> or <span class="docbook_option">extra_local_interfaces</span>.
</p>
</div>
<div class="section">
<h3 id="SECID95" class="">9. Delivering to a remote host</h3>
<p>
Delivery to a remote host is handled by the smtp transport. By default, it
allows the system’s TCP/IP functions to choose which interface to use (if
there is more than one) when connecting to a remote host. However, the
<span class="docbook_option">interface</span> option can be set to specify which interface is used. See the
description of the smtp transport in chapter <a href="ch30.html" title="30. The smtp transport">30</a> for more
details.
</p>
</div>
</div>
<a class="previous_page" href="ch12.html"><-previous</a><a class="next_page" href="ch14.html">next-></a>
</div></div>
<iframe id="branding" name="branding" src="../../../../branding/branding.html" height="0" frameborder="no" scrolling="no"></iframe><div id="footer">Website design by <a href="https://secure.grepular.com/">Mike Cardwell</a>, of <a href="http://cardwellit.com/">Cardwell IT Ltd.</a>
</div>
<div class="left_bar"></div>
<div class="right_bar"></div>
<div id="toc">
<ul class="hidden"></ul>
<img src="../../../../doc/contents.png" width="16" height="155">
</div>
</div>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js"></script><script type="text/javascript" src="../../../../common.js"></script><script type="text/javascript" src="../../../../doc/chapter.js"></script>
</body>
</html>
