message "unable to setsocketopt(IP_TOS)" in logs

Adam Tauno Williams awilliam at
Fri Feb 16 06:42:59 EST 2018

On Fri, 2018-02-16 at 08:55 +0100, Chentao Credungtao via Info-cyrus
> cyrus/master[7082]: unable to setsocketopt(IP_TOS) service
> lmtpunix/unix: Operation not supported 
> cyrus/master[7082]: unable to setsocketopt(IP_TOS) service
> notify/unix: Operation not supported 

It is likely just the configuration of your host/nodes/whatevers.

ToS is frequently disabled as it is deprecated.  ToS comes from RFC1349
which was obsoleted by RFC2474 and RFC2475.  So in many cases the
failure of the call is treated as a non-critical event.

RFC2474, which obsoletes ToS, was released in December of 1999.

Some routers might still pay attention to ToS bits, but probably not.
And many routers will rewrite your ToS to zero either way.

You can happily ignore these messages.

If you want to dig further you will have to try to grant the process
the CAP_NET_ADMIN capability, which might make it work.

Capabilities are what allow you to do things like run ping as non-root.

# sudo getcap /usr/bin/ping
/usr/bin/ping = cap_net_raw+ep

So you can add the capability to the Cyrus binaries if it is important
to you;  provided the feature is supported in the underlying OS.

sudo setcap  cap_net_admin+ep {application}

Note that there are potential security issues created by giving
applications capabilities.

Adam Tauno Williams <mailto:awilliam at> GPG D95ED383

More information about the Info-cyrus mailing list