1 /* $NetBSD: qmgr.c,v 1.1.1.2 2010/06/17 18:06:56 tron Exp $ */ 2 3 /*++ 4 /* NAME 5 /* qmgr 8 6 /* SUMMARY 7 /* old Postfix queue manager 8 /* SYNOPSIS 9 /* \fBqmgr\fR [generic Postfix daemon options] 10 /* DESCRIPTION 11 /* The \fBqmgr\fR(8) daemon awaits the arrival of incoming mail 12 /* and arranges for its delivery via Postfix delivery processes. 13 /* The actual mail routing strategy is delegated to the 14 /* \fBtrivial-rewrite\fR(8) daemon. 15 /* This program expects to be run from the \fBmaster\fR(8) process 16 /* manager. 17 /* 18 /* Mail addressed to the local \fBdouble-bounce\fR address is 19 /* logged and discarded. This stops potential loops caused by 20 /* undeliverable bounce notifications. 21 /* MAIL QUEUES 22 /* .ad 23 /* .fi 24 /* The \fBqmgr\fR(8) daemon maintains the following queues: 25 /* .IP \fBincoming\fR 26 /* Inbound mail from the network, or mail picked up by the 27 /* local \fBpickup\fR(8) agent from the \fBmaildrop\fR directory. 28 /* .IP \fBactive\fR 29 /* Messages that the queue manager has opened for delivery. Only 30 /* a limited number of messages is allowed to enter the \fBactive\fR 31 /* queue (leaky bucket strategy, for a fixed delivery rate). 32 /* .IP \fBdeferred\fR 33 /* Mail that could not be delivered upon the first attempt. The queue 34 /* manager implements exponential backoff by doubling the time between 35 /* delivery attempts. 36 /* .IP \fBcorrupt\fR 37 /* Unreadable or damaged queue files are moved here for inspection. 38 /* .IP \fBhold\fR 39 /* Messages that are kept "on hold" are kept here until someone 40 /* sets them free. 41 /* DELIVERY STATUS REPORTS 42 /* .ad 43 /* .fi 44 /* The \fBqmgr\fR(8) daemon keeps an eye on per-message delivery status 45 /* reports in the following directories. Each status report file has 46 /* the same name as the corresponding message file: 47 /* .IP \fBbounce\fR 48 /* Per-recipient status information about why mail is bounced. 49 /* These files are maintained by the \fBbounce\fR(8) daemon. 50 /* .IP \fBdefer\fR 51 /* Per-recipient status information about why mail is delayed. 52 /* These files are maintained by the \fBdefer\fR(8) daemon. 53 /* .IP \fBtrace\fR 54 /* Per-recipient status information as requested with the 55 /* Postfix "\fBsendmail -v\fR" or "\fBsendmail -bv\fR" command. 56 /* These files are maintained by the \fBtrace\fR(8) daemon. 57 /* .PP 58 /* The \fBqmgr\fR(8) daemon is responsible for asking the 59 /* \fBbounce\fR(8), \fBdefer\fR(8) or \fBtrace\fR(8) daemons to 60 /* send delivery reports. 61 /* STRATEGIES 62 /* .ad 63 /* .fi 64 /* The queue manager implements a variety of strategies for 65 /* either opening queue files (input) or for message delivery (output). 66 /* .IP "\fBleaky bucket\fR" 67 /* This strategy limits the number of messages in the \fBactive\fR queue 68 /* and prevents the queue manager from running out of memory under 69 /* heavy load. 70 /* .IP \fBfairness\fR 71 /* When the \fBactive\fR queue has room, the queue manager takes one 72 /* message from the \fBincoming\fR queue and one from the \fBdeferred\fR 73 /* queue. This prevents a large mail backlog from blocking the delivery 74 /* of new mail. 75 /* .IP "\fBslow start\fR" 76 /* This strategy eliminates "thundering herd" problems by slowly 77 /* adjusting the number of parallel deliveries to the same destination. 78 /* .IP "\fBround robin\fR 79 /* The queue manager sorts delivery requests by destination. 80 /* Round-robin selection prevents one destination from dominating 81 /* deliveries to other destinations. 82 /* .IP "\fBexponential backoff\fR" 83 /* Mail that cannot be delivered upon the first attempt is deferred. 84 /* The time interval between delivery attempts is doubled after each 85 /* attempt. 86 /* .IP "\fBdestination status cache\fR" 87 /* The queue manager avoids unnecessary delivery attempts by 88 /* maintaining a short-term, in-memory list of unreachable destinations. 89 /* TRIGGERS 90 /* .ad 91 /* .fi 92 /* On an idle system, the queue manager waits for the arrival of 93 /* trigger events, or it waits for a timer to go off. A trigger 94 /* is a one-byte message. 95 /* Depending on the message received, the queue manager performs 96 /* one of the following actions (the message is followed by the 97 /* symbolic constant used internally by the software): 98 /* .IP "\fBD (QMGR_REQ_SCAN_DEFERRED)\fR" 99 /* Start a deferred queue scan. If a deferred queue scan is already 100 /* in progress, that scan will be restarted as soon as it finishes. 101 /* .IP "\fBI (QMGR_REQ_SCAN_INCOMING)\fR" 102 /* Start an incoming queue scan. If an incoming queue scan is already 103 /* in progress, that scan will be restarted as soon as it finishes. 104 /* .IP "\fBA (QMGR_REQ_SCAN_ALL)\fR" 105 /* Ignore deferred queue file time stamps. The request affects 106 /* the next deferred queue scan. 107 /* .IP "\fBF (QMGR_REQ_FLUSH_DEAD)\fR" 108 /* Purge all information about dead transports and destinations. 109 /* .IP "\fBW (TRIGGER_REQ_WAKEUP)\fR" 110 /* Wakeup call, This is used by the master server to instantiate 111 /* servers that should not go away forever. The action is to start 112 /* an incoming queue scan. 113 /* .PP 114 /* The \fBqmgr\fR(8) daemon reads an entire buffer worth of triggers. 115 /* Multiple identical trigger requests are collapsed into one, and 116 /* trigger requests are sorted so that \fBA\fR and \fBF\fR precede 117 /* \fBD\fR and \fBI\fR. Thus, in order to force a deferred queue run, 118 /* one would request \fBA F D\fR; in order to notify the queue manager 119 /* of the arrival of new mail one would request \fBI\fR. 120 /* STANDARDS 121 /* RFC 3463 (Enhanced status codes) 122 /* RFC 3464 (Delivery status notifications) 123 /* SECURITY 124 /* .ad 125 /* .fi 126 /* The \fBqmgr\fR(8) daemon is not security sensitive. It reads 127 /* single-character messages from untrusted local users, and thus may 128 /* be susceptible to denial of service attacks. The \fBqmgr\fR(8) daemon 129 /* does not talk to the outside world, and it can be run at fixed low 130 /* privilege in a chrooted environment. 131 /* DIAGNOSTICS 132 /* Problems and transactions are logged to the \fBsyslog\fR(8) daemon. 133 /* Corrupted message files are saved to the \fBcorrupt\fR queue 134 /* for further inspection. 135 /* 136 /* Depending on the setting of the \fBnotify_classes\fR parameter, 137 /* the postmaster is notified of bounces and of other trouble. 138 /* BUGS 139 /* A single queue manager process has to compete for disk access with 140 /* multiple front-end processes such as \fBcleanup\fR(8). A sudden burst of 141 /* inbound mail can negatively impact outbound delivery rates. 142 /* CONFIGURATION PARAMETERS 143 /* .ad 144 /* .fi 145 /* Changes to \fBmain.cf\fR are not picked up automatically, 146 /* as \fBqmgr\fR(8) 147 /* is a persistent process. Use the command "\fBpostfix reload\fR" after 148 /* a configuration change. 149 /* 150 /* The text below provides only a parameter summary. See 151 /* \fBpostconf\fR(5) for more details including examples. 152 /* 153 /* In the text below, \fItransport\fR is the first field in a 154 /* \fBmaster.cf\fR entry. 155 /* COMPATIBILITY CONTROLS 156 /* .ad 157 /* .fi 158 /* Available before Postfix version 2.5: 159 /* .IP "\fBallow_min_user (no)\fR" 160 /* Allow a sender or recipient address to have `-' as the first 161 /* character. 162 /* .PP 163 /* Available with Postfix version 2.7 and later: 164 /* .IP "\fBdefault_filter_nexthop (empty)\fR" 165 /* When a content_filter or FILTER request specifies no explicit 166 /* next-hop destination, use $default_filter_nexthop instead; when 167 /* that value is empty, use the domain in the recipient address. 168 /* ACTIVE QUEUE CONTROLS 169 /* .ad 170 /* .fi 171 /* .IP "\fBqmgr_clog_warn_time (300s)\fR" 172 /* The minimal delay between warnings that a specific destination is 173 /* clogging up the Postfix active queue. 174 /* .IP "\fBqmgr_message_active_limit (20000)\fR" 175 /* The maximal number of messages in the active queue. 176 /* .IP "\fBqmgr_message_recipient_limit (20000)\fR" 177 /* The maximal number of recipients held in memory by the Postfix 178 /* queue manager, and the maximal size of the size of the short-term, 179 /* in-memory "dead" destination status cache. 180 /* DELIVERY CONCURRENCY CONTROLS 181 /* .ad 182 /* .fi 183 /* .IP "\fBqmgr_fudge_factor (100)\fR" 184 /* Obsolete feature: the percentage of delivery resources that a busy 185 /* mail system will use up for delivery of a large mailing list 186 /* message. 187 /* .IP "\fBinitial_destination_concurrency (5)\fR" 188 /* The initial per-destination concurrency level for parallel delivery 189 /* to the same destination. 190 /* .IP "\fBdefault_destination_concurrency_limit (20)\fR" 191 /* The default maximal number of parallel deliveries to the same 192 /* destination. 193 /* .IP "\fItransport\fB_destination_concurrency_limit ($default_destination_concurrency_limit)\fR" 194 /* Idem, for delivery via the named message \fItransport\fR. 195 /* .PP 196 /* Available in Postfix version 2.5 and later: 197 /* .IP "\fItransport\fB_initial_destination_concurrency ($initial_destination_concurrency)\fR" 198 /* Initial concurrency for delivery via the named message 199 /* \fItransport\fR. 200 /* .IP "\fBdefault_destination_concurrency_failed_cohort_limit (1)\fR" 201 /* How many pseudo-cohorts must suffer connection or handshake 202 /* failure before a specific destination is considered unavailable 203 /* (and further delivery is suspended). 204 /* .IP "\fItransport\fB_destination_concurrency_failed_cohort_limit ($default_destination_concurrency_failed_cohort_limit)\fR" 205 /* Idem, for delivery via the named message \fItransport\fR. 206 /* .IP "\fBdefault_destination_concurrency_negative_feedback (1)\fR" 207 /* The per-destination amount of delivery concurrency negative 208 /* feedback, after a delivery completes with a connection or handshake 209 /* failure. 210 /* .IP "\fItransport\fB_destination_concurrency_negative_feedback ($default_destination_concurrency_negative_feedback)\fR" 211 /* Idem, for delivery via the named message \fItransport\fR. 212 /* .IP "\fBdefault_destination_concurrency_positive_feedback (1)\fR" 213 /* The per-destination amount of delivery concurrency positive 214 /* feedback, after a delivery completes without connection or handshake 215 /* failure. 216 /* .IP "\fItransport\fB_destination_concurrency_positive_feedback ($default_destination_concurrency_positive_feedback)\fR" 217 /* Idem, for delivery via the named message \fItransport\fR. 218 /* .IP "\fBdestination_concurrency_feedback_debug (no)\fR" 219 /* Make the queue manager's feedback algorithm verbose for performance 220 /* analysis purposes. 221 /* RECIPIENT SCHEDULING CONTROLS 222 /* .ad 223 /* .fi 224 /* .IP "\fBdefault_destination_recipient_limit (50)\fR" 225 /* The default maximal number of recipients per message delivery. 226 /* .IP \fItransport\fB_destination_recipient_limit\fR 227 /* Idem, for delivery via the named message \fItransport\fR. 228 /* OTHER RESOURCE AND RATE CONTROLS 229 /* .ad 230 /* .fi 231 /* .IP "\fBminimal_backoff_time (300s)\fR" 232 /* The minimal time between attempts to deliver a deferred message; 233 /* prior to Postfix 2.4 the default value was 1000s. 234 /* .IP "\fBmaximal_backoff_time (4000s)\fR" 235 /* The maximal time between attempts to deliver a deferred message. 236 /* .IP "\fBmaximal_queue_lifetime (5d)\fR" 237 /* The maximal time a message is queued before it is sent back as 238 /* undeliverable. 239 /* .IP "\fBqueue_run_delay (300s)\fR" 240 /* The time between deferred queue scans by the queue manager; 241 /* prior to Postfix 2.4 the default value was 1000s. 242 /* .IP "\fBtransport_retry_time (60s)\fR" 243 /* The time between attempts by the Postfix queue manager to contact 244 /* a malfunctioning message delivery transport. 245 /* .PP 246 /* Available in Postfix version 2.1 and later: 247 /* .IP "\fBbounce_queue_lifetime (5d)\fR" 248 /* The maximal time a bounce message is queued before it is considered 249 /* undeliverable. 250 /* .PP 251 /* Available in Postfix version 2.5 and later: 252 /* .IP "\fBdefault_destination_rate_delay (0s)\fR" 253 /* The default amount of delay that is inserted between individual 254 /* deliveries to the same destination; with per-destination recipient 255 /* limit > 1, a destination is a domain, otherwise it is a recipient. 256 /* .IP "\fItransport\fB_destination_rate_delay $default_destination_rate_delay 257 /* Idem, for delivery via the named message \fItransport\fR. 258 /* .SH MISCELLANEOUS CONTROLS 259 /* .ad 260 /* .fi 261 /* .IP "\fBconfig_directory (see 'postconf -d' output)\fR" 262 /* The default location of the Postfix main.cf and master.cf 263 /* configuration files. 264 /* .IP "\fBdefer_transports (empty)\fR" 265 /* The names of message delivery transports that should not deliver mail 266 /* unless someone issues "\fBsendmail -q\fR" or equivalent. 267 /* .IP "\fBdelay_logging_resolution_limit (2)\fR" 268 /* The maximal number of digits after the decimal point when logging 269 /* sub-second delay values. 270 /* .IP "\fBhelpful_warnings (yes)\fR" 271 /* Log warnings about problematic configuration settings, and provide 272 /* helpful suggestions. 273 /* .IP "\fBipc_timeout (3600s)\fR" 274 /* The time limit for sending or receiving information over an internal 275 /* communication channel. 276 /* .IP "\fBprocess_id (read-only)\fR" 277 /* The process ID of a Postfix command or daemon process. 278 /* .IP "\fBprocess_name (read-only)\fR" 279 /* The process name of a Postfix command or daemon process. 280 /* .IP "\fBqueue_directory (see 'postconf -d' output)\fR" 281 /* The location of the Postfix top-level queue directory. 282 /* .IP "\fBsyslog_facility (mail)\fR" 283 /* The syslog facility of Postfix logging. 284 /* .IP "\fBsyslog_name (see 'postconf -d' output)\fR" 285 /* The mail system name that is prepended to the process name in syslog 286 /* records, so that "smtpd" becomes, for example, "postfix/smtpd". 287 /* FILES 288 /* /var/spool/postfix/incoming, incoming queue 289 /* /var/spool/postfix/active, active queue 290 /* /var/spool/postfix/deferred, deferred queue 291 /* /var/spool/postfix/bounce, non-delivery status 292 /* /var/spool/postfix/defer, non-delivery status 293 /* /var/spool/postfix/trace, delivery status 294 /* SEE ALSO 295 /* trivial-rewrite(8), address routing 296 /* bounce(8), delivery status reports 297 /* postconf(5), configuration parameters 298 /* master(5), generic daemon options 299 /* master(8), process manager 300 /* syslogd(8), system logging 301 /* README FILES 302 /* .ad 303 /* .fi 304 /* Use "\fBpostconf readme_directory\fR" or 305 /* "\fBpostconf html_directory\fR" to locate this information. 306 /* .na 307 /* .nf 308 /* QSHAPE_README, Postfix queue analysis 309 /* LICENSE 310 /* .ad 311 /* .fi 312 /* The Secure Mailer license must be distributed with this software. 313 /* AUTHOR(S) 314 /* Wietse Venema 315 /* IBM T.J. Watson Research 316 /* P.O. Box 704 317 /* Yorktown Heights, NY 10598, USA 318 /*--*/ 319 320 /* System library. */ 321 322 #include <sys_defs.h> 323 #include <stdlib.h> 324 #include <unistd.h> 325 #include <ctype.h> 326 327 /* Utility library. */ 328 329 #include <msg.h> 330 #include <events.h> 331 #include <vstream.h> 332 #include <dict.h> 333 334 /* Global library. */ 335 336 #include <mail_queue.h> 337 #include <recipient_list.h> 338 #include <mail_conf.h> 339 #include <mail_params.h> 340 #include <mail_version.h> 341 #include <mail_proto.h> /* QMGR_SCAN constants */ 342 #include <mail_flow.h> 343 #include <flush_clnt.h> 344 345 /* Master process interface */ 346 347 #include <master_proto.h> 348 #include <mail_server.h> 349 350 /* Application-specific. */ 351 352 #include "qmgr.h" 353 354 /* 355 * Tunables. 356 */ 357 int var_queue_run_delay; 358 int var_min_backoff_time; 359 int var_max_backoff_time; 360 int var_max_queue_time; 361 int var_dsn_queue_time; 362 int var_qmgr_active_limit; 363 int var_qmgr_rcpt_limit; 364 int var_init_dest_concurrency; 365 int var_transport_retry_time; 366 int var_dest_con_limit; 367 int var_dest_rcpt_limit; 368 char *var_defer_xports; 369 int var_qmgr_fudge; 370 int var_local_rcpt_lim; /* XXX */ 371 int var_local_con_lim; /* XXX */ 372 int var_proc_limit; 373 bool var_verp_bounce_off; 374 int var_qmgr_clog_warn_time; 375 char *var_conc_pos_feedback; 376 char *var_conc_neg_feedback; 377 int var_conc_cohort_limit; 378 int var_conc_feedback_debug; 379 int var_dest_rate_delay; 380 char *var_def_filter_nexthop; 381 382 static QMGR_SCAN *qmgr_scans[2]; 383 384 #define QMGR_SCAN_IDX_INCOMING 0 385 #define QMGR_SCAN_IDX_DEFERRED 1 386 #define QMGR_SCAN_IDX_COUNT (sizeof(qmgr_scans) / sizeof(qmgr_scans[0])) 387 388 /* qmgr_deferred_run_event - queue manager heartbeat */ 389 390 static void qmgr_deferred_run_event(int unused_event, char *dummy) 391 { 392 393 /* 394 * This routine runs when it is time for another deferred queue scan. 395 * Make sure this routine gets called again in the future. 396 */ 397 qmgr_scan_request(qmgr_scans[QMGR_SCAN_IDX_DEFERRED], QMGR_SCAN_START); 398 event_request_timer(qmgr_deferred_run_event, dummy, var_queue_run_delay); 399 } 400 401 /* qmgr_trigger_event - respond to external trigger(s) */ 402 403 static void qmgr_trigger_event(char *buf, int len, 404 char *unused_service, char **argv) 405 { 406 int incoming_flag = 0; 407 int deferred_flag = 0; 408 int i; 409 410 /* 411 * Sanity check. This service takes no command-line arguments. 412 */ 413 if (argv[0]) 414 msg_fatal("unexpected command-line argument: %s", argv[0]); 415 416 /* 417 * Collapse identical requests that have arrived since we looked last 418 * time. There is no client feedback so there is no need to process each 419 * request in order. And as long as we don't have conflicting requests we 420 * are free to sort them into the most suitable order. 421 */ 422 #define QMGR_FLUSH_BEFORE (QMGR_FLUSH_ONCE | QMGR_FLUSH_DFXP) 423 424 for (i = 0; i < len; i++) { 425 if (msg_verbose) 426 msg_info("request: %d (%c)", 427 buf[i], ISALNUM(buf[i]) ? buf[i] : '?'); 428 switch (buf[i]) { 429 case TRIGGER_REQ_WAKEUP: 430 case QMGR_REQ_SCAN_INCOMING: 431 incoming_flag |= QMGR_SCAN_START; 432 break; 433 case QMGR_REQ_SCAN_DEFERRED: 434 deferred_flag |= QMGR_SCAN_START; 435 break; 436 case QMGR_REQ_FLUSH_DEAD: 437 deferred_flag |= QMGR_FLUSH_BEFORE; 438 incoming_flag |= QMGR_FLUSH_BEFORE; 439 break; 440 case QMGR_REQ_SCAN_ALL: 441 deferred_flag |= QMGR_SCAN_ALL; 442 incoming_flag |= QMGR_SCAN_ALL; 443 break; 444 default: 445 if (msg_verbose) 446 msg_info("request ignored"); 447 break; 448 } 449 } 450 451 /* 452 * Process each request type at most once. Modifiers take effect upon the 453 * next queue run. If no queue run is in progress, and a queue scan is 454 * requested, the request takes effect immediately. 455 */ 456 if (incoming_flag != 0) 457 qmgr_scan_request(qmgr_scans[QMGR_SCAN_IDX_INCOMING], incoming_flag); 458 if (deferred_flag != 0) 459 qmgr_scan_request(qmgr_scans[QMGR_SCAN_IDX_DEFERRED], deferred_flag); 460 } 461 462 /* qmgr_loop - queue manager main loop */ 463 464 static int qmgr_loop(char *unused_name, char **unused_argv) 465 { 466 char *path; 467 int token_count; 468 int feed = 0; 469 int scan_idx; /* Priority order scan index */ 470 static int first_scan_idx = QMGR_SCAN_IDX_INCOMING; 471 int last_scan_idx = QMGR_SCAN_IDX_COUNT - 1; 472 int delay; 473 474 /* 475 * This routine runs as part of the event handling loop, after the event 476 * manager has delivered a timer or I/O event (including the completion 477 * of a connection to a delivery process), or after it has waited for a 478 * specified amount of time. The result value of qmgr_loop() specifies 479 * how long the event manager should wait for the next event. 480 */ 481 #define DONT_WAIT 0 482 #define WAIT_FOR_EVENT (-1) 483 484 /* 485 * Attempt to drain the active queue by allocating a suitable delivery 486 * process and by delivering mail via it. Delivery process allocation and 487 * mail delivery are asynchronous. 488 */ 489 qmgr_active_drain(); 490 491 /* 492 * Let some new blood into the active queue when the queue size is 493 * smaller than some configurable limit, and when the number of in-core 494 * recipients does not exceed some configurable limit. 495 * 496 * We import one message per interrupt, to optimally tune the input count 497 * for the number of delivery agent protocol wait states, as explained in 498 * qmgr_transport.c. 499 */ 500 delay = WAIT_FOR_EVENT; 501 for (scan_idx = 0; qmgr_message_count < var_qmgr_active_limit 502 && qmgr_recipient_count < var_qmgr_rcpt_limit 503 && scan_idx < QMGR_SCAN_IDX_COUNT; ++scan_idx) { 504 last_scan_idx = (scan_idx + first_scan_idx) % QMGR_SCAN_IDX_COUNT; 505 if ((path = qmgr_scan_next(qmgr_scans[last_scan_idx])) != 0) { 506 delay = DONT_WAIT; 507 if ((feed = qmgr_active_feed(qmgr_scans[last_scan_idx], path)) != 0) 508 break; 509 } 510 } 511 512 /* 513 * Round-robin the queue scans. When the active queue becomes full, 514 * prefer new mail over deferred mail. 515 */ 516 if (qmgr_message_count < var_qmgr_active_limit 517 && qmgr_recipient_count < var_qmgr_rcpt_limit) { 518 first_scan_idx = (last_scan_idx + 1) % QMGR_SCAN_IDX_COUNT; 519 } else if (first_scan_idx != QMGR_SCAN_IDX_INCOMING) { 520 first_scan_idx = QMGR_SCAN_IDX_INCOMING; 521 } 522 523 /* 524 * Global flow control. If enabled, slow down receiving processes that 525 * get ahead of the queue manager, but don't block them completely. 526 */ 527 if (var_in_flow_delay > 0) { 528 token_count = mail_flow_count(); 529 if (token_count < var_proc_limit) { 530 if (feed != 0 && last_scan_idx == QMGR_SCAN_IDX_INCOMING) 531 mail_flow_put(1); 532 else if (qmgr_scans[QMGR_SCAN_IDX_INCOMING]->handle == 0) 533 mail_flow_put(var_proc_limit - token_count); 534 } else if (token_count > var_proc_limit) { 535 mail_flow_get(token_count - var_proc_limit); 536 } 537 } 538 return (delay); 539 } 540 541 /* pre_accept - see if tables have changed */ 542 543 static void pre_accept(char *unused_name, char **unused_argv) 544 { 545 const char *table; 546 547 if ((table = dict_changed_name()) != 0) { 548 msg_info("table %s has changed -- restarting", table); 549 exit(0); 550 } 551 } 552 553 /* qmgr_pre_init - pre-jail initialization */ 554 555 static void qmgr_pre_init(char *unused_name, char **unused_argv) 556 { 557 flush_init(); 558 } 559 560 /* qmgr_post_init - post-jail initialization */ 561 562 static void qmgr_post_init(char *unused_name, char **unused_argv) 563 { 564 565 /* 566 * Sanity check. 567 */ 568 if (var_qmgr_rcpt_limit < var_qmgr_active_limit) { 569 msg_warn("%s is smaller than %s - adjusting %s", 570 VAR_QMGR_RCPT_LIMIT, VAR_QMGR_ACT_LIMIT, VAR_QMGR_RCPT_LIMIT); 571 var_qmgr_rcpt_limit = var_qmgr_active_limit; 572 } 573 if (var_dsn_queue_time > var_max_queue_time) { 574 msg_warn("%s is larger than %s - adjusting %s", 575 VAR_DSN_QUEUE_TIME, VAR_MAX_QUEUE_TIME, VAR_DSN_QUEUE_TIME); 576 var_dsn_queue_time = var_max_queue_time; 577 } 578 579 /* 580 * This routine runs after the skeleton code has entered the chroot jail. 581 * Prevent automatic process suicide after a limited number of client 582 * requests or after a limited amount of idle time. Move any left-over 583 * entries from the active queue to the incoming queue, and give them a 584 * time stamp into the future, in order to allow ongoing deliveries to 585 * finish first. Start scanning the incoming and deferred queues. 586 * Left-over active queue entries are moved to the incoming queue because 587 * the incoming queue has priority; moving left-overs to the deferred 588 * queue could cause anomalous delays when "postfix reload/start" are 589 * issued often. 590 */ 591 var_use_limit = 0; 592 var_idle_limit = 0; 593 qmgr_move(MAIL_QUEUE_ACTIVE, MAIL_QUEUE_INCOMING, event_time()); 594 qmgr_scans[QMGR_SCAN_IDX_INCOMING] = qmgr_scan_create(MAIL_QUEUE_INCOMING); 595 qmgr_scans[QMGR_SCAN_IDX_DEFERRED] = qmgr_scan_create(MAIL_QUEUE_DEFERRED); 596 qmgr_scan_request(qmgr_scans[QMGR_SCAN_IDX_INCOMING], QMGR_SCAN_START); 597 qmgr_deferred_run_event(0, (char *) 0); 598 } 599 600 MAIL_VERSION_STAMP_DECLARE; 601 602 /* main - the main program */ 603 604 int main(int argc, char **argv) 605 { 606 static const CONFIG_STR_TABLE str_table[] = { 607 VAR_DEFER_XPORTS, DEF_DEFER_XPORTS, &var_defer_xports, 0, 0, 608 VAR_CONC_POS_FDBACK, DEF_CONC_POS_FDBACK, &var_conc_pos_feedback, 1, 0, 609 VAR_CONC_NEG_FDBACK, DEF_CONC_NEG_FDBACK, &var_conc_neg_feedback, 1, 0, 610 VAR_DEF_FILTER_NEXTHOP, DEF_DEF_FILTER_NEXTHOP, &var_def_filter_nexthop, 0, 0, 611 0, 612 }; 613 static const CONFIG_TIME_TABLE time_table[] = { 614 VAR_QUEUE_RUN_DELAY, DEF_QUEUE_RUN_DELAY, &var_queue_run_delay, 1, 0, 615 VAR_MIN_BACKOFF_TIME, DEF_MIN_BACKOFF_TIME, &var_min_backoff_time, 1, 0, 616 VAR_MAX_BACKOFF_TIME, DEF_MAX_BACKOFF_TIME, &var_max_backoff_time, 1, 0, 617 VAR_MAX_QUEUE_TIME, DEF_MAX_QUEUE_TIME, &var_max_queue_time, 0, 8640000, 618 VAR_DSN_QUEUE_TIME, DEF_DSN_QUEUE_TIME, &var_dsn_queue_time, 0, 8640000, 619 VAR_XPORT_RETRY_TIME, DEF_XPORT_RETRY_TIME, &var_transport_retry_time, 1, 0, 620 VAR_QMGR_CLOG_WARN_TIME, DEF_QMGR_CLOG_WARN_TIME, &var_qmgr_clog_warn_time, 0, 0, 621 VAR_DEST_RATE_DELAY, DEF_DEST_RATE_DELAY, &var_dest_rate_delay, 0, 0, 622 0, 623 }; 624 static const CONFIG_INT_TABLE int_table[] = { 625 VAR_QMGR_ACT_LIMIT, DEF_QMGR_ACT_LIMIT, &var_qmgr_active_limit, 1, 0, 626 VAR_QMGR_RCPT_LIMIT, DEF_QMGR_RCPT_LIMIT, &var_qmgr_rcpt_limit, 1, 0, 627 VAR_INIT_DEST_CON, DEF_INIT_DEST_CON, &var_init_dest_concurrency, 1, 0, 628 VAR_DEST_CON_LIMIT, DEF_DEST_CON_LIMIT, &var_dest_con_limit, 0, 0, 629 VAR_DEST_RCPT_LIMIT, DEF_DEST_RCPT_LIMIT, &var_dest_rcpt_limit, 0, 0, 630 VAR_QMGR_FUDGE, DEF_QMGR_FUDGE, &var_qmgr_fudge, 10, 100, 631 VAR_LOCAL_RCPT_LIMIT, DEF_LOCAL_RCPT_LIMIT, &var_local_rcpt_lim, 0, 0, 632 VAR_LOCAL_CON_LIMIT, DEF_LOCAL_CON_LIMIT, &var_local_con_lim, 0, 0, 633 VAR_PROC_LIMIT, DEF_PROC_LIMIT, &var_proc_limit, 1, 0, 634 VAR_CONC_COHORT_LIM, DEF_CONC_COHORT_LIM, &var_conc_cohort_limit, 0, 0, 635 0, 636 }; 637 static const CONFIG_BOOL_TABLE bool_table[] = { 638 VAR_VERP_BOUNCE_OFF, DEF_VERP_BOUNCE_OFF, &var_verp_bounce_off, 639 VAR_CONC_FDBACK_DEBUG, DEF_CONC_FDBACK_DEBUG, &var_conc_feedback_debug, 640 0, 641 }; 642 643 /* 644 * Fingerprint executables and core dumps. 645 */ 646 MAIL_VERSION_STAMP_ALLOCATE; 647 648 /* 649 * Use the trigger service skeleton, because no-one else should be 650 * monitoring our service port while this process runs, and because we do 651 * not talk back to the client. 652 */ 653 trigger_server_main(argc, argv, qmgr_trigger_event, 654 MAIL_SERVER_INT_TABLE, int_table, 655 MAIL_SERVER_STR_TABLE, str_table, 656 MAIL_SERVER_BOOL_TABLE, bool_table, 657 MAIL_SERVER_TIME_TABLE, time_table, 658 MAIL_SERVER_PRE_INIT, qmgr_pre_init, 659 MAIL_SERVER_POST_INIT, qmgr_post_init, 660 MAIL_SERVER_LOOP, qmgr_loop, 661 MAIL_SERVER_PRE_ACCEPT, pre_accept, 662 MAIL_SERVER_SOLITARY, 663 0); 664 } 665