1 /* $NetBSD: qmgr.c,v 1.1.1.5 2014/07/06 19:27:53 tron Exp $ */ 2 3 /*++ 4 /* NAME 5 /* qmgr 8 6 /* SUMMARY 7 /* old Postfix queue manager 8 /* SYNOPSIS 9 /* \fBqmgr\fR [generic Postfix daemon options] 10 /* DESCRIPTION 11 /* The \fBqmgr\fR(8) daemon awaits the arrival of incoming mail 12 /* and arranges for its delivery via Postfix delivery processes. 13 /* The actual mail routing strategy is delegated to the 14 /* \fBtrivial-rewrite\fR(8) daemon. 15 /* This program expects to be run from the \fBmaster\fR(8) process 16 /* manager. 17 /* 18 /* Mail addressed to the local \fBdouble-bounce\fR address is 19 /* logged and discarded. This stops potential loops caused by 20 /* undeliverable bounce notifications. 21 /* MAIL QUEUES 22 /* .ad 23 /* .fi 24 /* The \fBqmgr\fR(8) daemon maintains the following queues: 25 /* .IP \fBincoming\fR 26 /* Inbound mail from the network, or mail picked up by the 27 /* local \fBpickup\fR(8) agent from the \fBmaildrop\fR directory. 28 /* .IP \fBactive\fR 29 /* Messages that the queue manager has opened for delivery. Only 30 /* a limited number of messages is allowed to enter the \fBactive\fR 31 /* queue (leaky bucket strategy, for a fixed delivery rate). 32 /* .IP \fBdeferred\fR 33 /* Mail that could not be delivered upon the first attempt. The queue 34 /* manager implements exponential backoff by doubling the time between 35 /* delivery attempts. 36 /* .IP \fBcorrupt\fR 37 /* Unreadable or damaged queue files are moved here for inspection. 38 /* .IP \fBhold\fR 39 /* Messages that are kept "on hold" are kept here until someone 40 /* sets them free. 41 /* DELIVERY STATUS REPORTS 42 /* .ad 43 /* .fi 44 /* The \fBqmgr\fR(8) daemon keeps an eye on per-message delivery status 45 /* reports in the following directories. Each status report file has 46 /* the same name as the corresponding message file: 47 /* .IP \fBbounce\fR 48 /* Per-recipient status information about why mail is bounced. 49 /* These files are maintained by the \fBbounce\fR(8) daemon. 50 /* .IP \fBdefer\fR 51 /* Per-recipient status information about why mail is delayed. 52 /* These files are maintained by the \fBdefer\fR(8) daemon. 53 /* .IP \fBtrace\fR 54 /* Per-recipient status information as requested with the 55 /* Postfix "\fBsendmail -v\fR" or "\fBsendmail -bv\fR" command. 56 /* These files are maintained by the \fBtrace\fR(8) daemon. 57 /* .PP 58 /* The \fBqmgr\fR(8) daemon is responsible for asking the 59 /* \fBbounce\fR(8), \fBdefer\fR(8) or \fBtrace\fR(8) daemons to 60 /* send delivery reports. 61 /* STRATEGIES 62 /* .ad 63 /* .fi 64 /* The queue manager implements a variety of strategies for 65 /* either opening queue files (input) or for message delivery (output). 66 /* .IP "\fBleaky bucket\fR" 67 /* This strategy limits the number of messages in the \fBactive\fR queue 68 /* and prevents the queue manager from running out of memory under 69 /* heavy load. 70 /* .IP \fBfairness\fR 71 /* When the \fBactive\fR queue has room, the queue manager takes one 72 /* message from the \fBincoming\fR queue and one from the \fBdeferred\fR 73 /* queue. This prevents a large mail backlog from blocking the delivery 74 /* of new mail. 75 /* .IP "\fBslow start\fR" 76 /* This strategy eliminates "thundering herd" problems by slowly 77 /* adjusting the number of parallel deliveries to the same destination. 78 /* .IP "\fBround robin\fR 79 /* The queue manager sorts delivery requests by destination. 80 /* Round-robin selection prevents one destination from dominating 81 /* deliveries to other destinations. 82 /* .IP "\fBexponential backoff\fR" 83 /* Mail that cannot be delivered upon the first attempt is deferred. 84 /* The time interval between delivery attempts is doubled after each 85 /* attempt. 86 /* .IP "\fBdestination status cache\fR" 87 /* The queue manager avoids unnecessary delivery attempts by 88 /* maintaining a short-term, in-memory list of unreachable destinations. 89 /* TRIGGERS 90 /* .ad 91 /* .fi 92 /* On an idle system, the queue manager waits for the arrival of 93 /* trigger events, or it waits for a timer to go off. A trigger 94 /* is a one-byte message. 95 /* Depending on the message received, the queue manager performs 96 /* one of the following actions (the message is followed by the 97 /* symbolic constant used internally by the software): 98 /* .IP "\fBD (QMGR_REQ_SCAN_DEFERRED)\fR" 99 /* Start a deferred queue scan. If a deferred queue scan is already 100 /* in progress, that scan will be restarted as soon as it finishes. 101 /* .IP "\fBI (QMGR_REQ_SCAN_INCOMING)\fR" 102 /* Start an incoming queue scan. If an incoming queue scan is already 103 /* in progress, that scan will be restarted as soon as it finishes. 104 /* .IP "\fBA (QMGR_REQ_SCAN_ALL)\fR" 105 /* Ignore deferred queue file time stamps. The request affects 106 /* the next deferred queue scan. 107 /* .IP "\fBF (QMGR_REQ_FLUSH_DEAD)\fR" 108 /* Purge all information about dead transports and destinations. 109 /* .IP "\fBW (TRIGGER_REQ_WAKEUP)\fR" 110 /* Wakeup call, This is used by the master server to instantiate 111 /* servers that should not go away forever. The action is to start 112 /* an incoming queue scan. 113 /* .PP 114 /* The \fBqmgr\fR(8) daemon reads an entire buffer worth of triggers. 115 /* Multiple identical trigger requests are collapsed into one, and 116 /* trigger requests are sorted so that \fBA\fR and \fBF\fR precede 117 /* \fBD\fR and \fBI\fR. Thus, in order to force a deferred queue run, 118 /* one would request \fBA F D\fR; in order to notify the queue manager 119 /* of the arrival of new mail one would request \fBI\fR. 120 /* STANDARDS 121 /* RFC 3463 (Enhanced status codes) 122 /* RFC 3464 (Delivery status notifications) 123 /* SECURITY 124 /* .ad 125 /* .fi 126 /* The \fBqmgr\fR(8) daemon is not security sensitive. It reads 127 /* single-character messages from untrusted local users, and thus may 128 /* be susceptible to denial of service attacks. The \fBqmgr\fR(8) daemon 129 /* does not talk to the outside world, and it can be run at fixed low 130 /* privilege in a chrooted environment. 131 /* DIAGNOSTICS 132 /* Problems and transactions are logged to the \fBsyslog\fR(8) daemon. 133 /* Corrupted message files are saved to the \fBcorrupt\fR queue 134 /* for further inspection. 135 /* 136 /* Depending on the setting of the \fBnotify_classes\fR parameter, 137 /* the postmaster is notified of bounces and of other trouble. 138 /* BUGS 139 /* A single queue manager process has to compete for disk access with 140 /* multiple front-end processes such as \fBcleanup\fR(8). A sudden burst of 141 /* inbound mail can negatively impact outbound delivery rates. 142 /* CONFIGURATION PARAMETERS 143 /* .ad 144 /* .fi 145 /* Changes to \fBmain.cf\fR are not picked up automatically, 146 /* as \fBqmgr\fR(8) 147 /* is a persistent process. Use the command "\fBpostfix reload\fR" after 148 /* a configuration change. 149 /* 150 /* The text below provides only a parameter summary. See 151 /* \fBpostconf\fR(5) for more details including examples. 152 /* 153 /* In the text below, \fItransport\fR is the first field in a 154 /* \fBmaster.cf\fR entry. 155 /* COMPATIBILITY CONTROLS 156 /* .ad 157 /* .fi 158 /* Available before Postfix version 2.5: 159 /* .IP "\fBallow_min_user (no)\fR" 160 /* Allow a sender or recipient address to have `-' as the first 161 /* character. 162 /* .PP 163 /* Available with Postfix version 2.7 and later: 164 /* .IP "\fBdefault_filter_nexthop (empty)\fR" 165 /* When a content_filter or FILTER request specifies no explicit 166 /* next-hop destination, use $default_filter_nexthop instead; when 167 /* that value is empty, use the domain in the recipient address. 168 /* ACTIVE QUEUE CONTROLS 169 /* .ad 170 /* .fi 171 /* .IP "\fBqmgr_clog_warn_time (300s)\fR" 172 /* The minimal delay between warnings that a specific destination is 173 /* clogging up the Postfix active queue. 174 /* .IP "\fBqmgr_message_active_limit (20000)\fR" 175 /* The maximal number of messages in the active queue. 176 /* .IP "\fBqmgr_message_recipient_limit (20000)\fR" 177 /* The maximal number of recipients held in memory by the Postfix 178 /* queue manager, and the maximal size of the short-term, 179 /* in-memory "dead" destination status cache. 180 /* DELIVERY CONCURRENCY CONTROLS 181 /* .ad 182 /* .fi 183 /* .IP "\fBqmgr_fudge_factor (100)\fR" 184 /* Obsolete feature: the percentage of delivery resources that a busy 185 /* mail system will use up for delivery of a large mailing list 186 /* message. 187 /* .IP "\fBinitial_destination_concurrency (5)\fR" 188 /* The initial per-destination concurrency level for parallel delivery 189 /* to the same destination. 190 /* .IP "\fBdefault_destination_concurrency_limit (20)\fR" 191 /* The default maximal number of parallel deliveries to the same 192 /* destination. 193 /* .IP "\fItransport\fB_destination_concurrency_limit ($default_destination_concurrency_limit)\fR" 194 /* Idem, for delivery via the named message \fItransport\fR. 195 /* .PP 196 /* Available in Postfix version 2.5 and later: 197 /* .IP "\fItransport\fB_initial_destination_concurrency ($initial_destination_concurrency)\fR" 198 /* Initial concurrency for delivery via the named message 199 /* \fItransport\fR. 200 /* .IP "\fBdefault_destination_concurrency_failed_cohort_limit (1)\fR" 201 /* How many pseudo-cohorts must suffer connection or handshake 202 /* failure before a specific destination is considered unavailable 203 /* (and further delivery is suspended). 204 /* .IP "\fItransport\fB_destination_concurrency_failed_cohort_limit ($default_destination_concurrency_failed_cohort_limit)\fR" 205 /* Idem, for delivery via the named message \fItransport\fR. 206 /* .IP "\fBdefault_destination_concurrency_negative_feedback (1)\fR" 207 /* The per-destination amount of delivery concurrency negative 208 /* feedback, after a delivery completes with a connection or handshake 209 /* failure. 210 /* .IP "\fItransport\fB_destination_concurrency_negative_feedback ($default_destination_concurrency_negative_feedback)\fR" 211 /* Idem, for delivery via the named message \fItransport\fR. 212 /* .IP "\fBdefault_destination_concurrency_positive_feedback (1)\fR" 213 /* The per-destination amount of delivery concurrency positive 214 /* feedback, after a delivery completes without connection or handshake 215 /* failure. 216 /* .IP "\fItransport\fB_destination_concurrency_positive_feedback ($default_destination_concurrency_positive_feedback)\fR" 217 /* Idem, for delivery via the named message \fItransport\fR. 218 /* .IP "\fBdestination_concurrency_feedback_debug (no)\fR" 219 /* Make the queue manager's feedback algorithm verbose for performance 220 /* analysis purposes. 221 /* RECIPIENT SCHEDULING CONTROLS 222 /* .ad 223 /* .fi 224 /* .IP "\fBdefault_destination_recipient_limit (50)\fR" 225 /* The default maximal number of recipients per message delivery. 226 /* .IP \fItransport\fB_destination_recipient_limit\fR 227 /* Idem, for delivery via the named message \fItransport\fR. 228 /* OTHER RESOURCE AND RATE CONTROLS 229 /* .ad 230 /* .fi 231 /* .IP "\fBminimal_backoff_time (300s)\fR" 232 /* The minimal time between attempts to deliver a deferred message; 233 /* prior to Postfix 2.4 the default value was 1000s. 234 /* .IP "\fBmaximal_backoff_time (4000s)\fR" 235 /* The maximal time between attempts to deliver a deferred message. 236 /* .IP "\fBmaximal_queue_lifetime (5d)\fR" 237 /* Consider a message as undeliverable, when delivery fails with a 238 /* temporary error, and the time in the queue has reached the 239 /* maximal_queue_lifetime limit. 240 /* .IP "\fBqueue_run_delay (300s)\fR" 241 /* The time between deferred queue scans by the queue manager; 242 /* prior to Postfix 2.4 the default value was 1000s. 243 /* .IP "\fBtransport_retry_time (60s)\fR" 244 /* The time between attempts by the Postfix queue manager to contact 245 /* a malfunctioning message delivery transport. 246 /* .PP 247 /* Available in Postfix version 2.1 and later: 248 /* .IP "\fBbounce_queue_lifetime (5d)\fR" 249 /* Consider a bounce message as undeliverable, when delivery fails 250 /* with a temporary error, and the time in the queue has reached the 251 /* bounce_queue_lifetime limit. 252 /* .PP 253 /* Available in Postfix version 2.5 and later: 254 /* .IP "\fBdefault_destination_rate_delay (0s)\fR" 255 /* The default amount of delay that is inserted between individual 256 /* deliveries to the same destination; the resulting behavior depends 257 /* on the value of the corresponding per-destination recipient limit. 258 /* .IP "\fItransport\fB_destination_rate_delay $default_destination_rate_delay 259 /* Idem, for delivery via the named message \fItransport\fR. 260 /* SAFETY CONTROLS 261 /* .ad 262 /* .fi 263 /* .IP "\fBqmgr_daemon_timeout (1000s)\fR" 264 /* How much time a Postfix queue manager process may take to handle 265 /* a request before it is terminated by a built-in watchdog timer. 266 /* .IP "\fBqmgr_ipc_timeout (60s)\fR" 267 /* The time limit for the queue manager to send or receive information 268 /* over an internal communication channel. 269 /* MISCELLANEOUS CONTROLS 270 /* .ad 271 /* .fi 272 /* .IP "\fBconfig_directory (see 'postconf -d' output)\fR" 273 /* The default location of the Postfix main.cf and master.cf 274 /* configuration files. 275 /* .IP "\fBdefer_transports (empty)\fR" 276 /* The names of message delivery transports that should not deliver mail 277 /* unless someone issues "\fBsendmail -q\fR" or equivalent. 278 /* .IP "\fBdelay_logging_resolution_limit (2)\fR" 279 /* The maximal number of digits after the decimal point when logging 280 /* sub-second delay values. 281 /* .IP "\fBhelpful_warnings (yes)\fR" 282 /* Log warnings about problematic configuration settings, and provide 283 /* helpful suggestions. 284 /* .IP "\fBprocess_id (read-only)\fR" 285 /* The process ID of a Postfix command or daemon process. 286 /* .IP "\fBprocess_name (read-only)\fR" 287 /* The process name of a Postfix command or daemon process. 288 /* .IP "\fBqueue_directory (see 'postconf -d' output)\fR" 289 /* The location of the Postfix top-level queue directory. 290 /* .IP "\fBsyslog_facility (mail)\fR" 291 /* The syslog facility of Postfix logging. 292 /* .IP "\fBsyslog_name (see 'postconf -d' output)\fR" 293 /* The mail system name that is prepended to the process name in syslog 294 /* records, so that "smtpd" becomes, for example, "postfix/smtpd". 295 /* FILES 296 /* /var/spool/postfix/incoming, incoming queue 297 /* /var/spool/postfix/active, active queue 298 /* /var/spool/postfix/deferred, deferred queue 299 /* /var/spool/postfix/bounce, non-delivery status 300 /* /var/spool/postfix/defer, non-delivery status 301 /* /var/spool/postfix/trace, delivery status 302 /* SEE ALSO 303 /* trivial-rewrite(8), address routing 304 /* bounce(8), delivery status reports 305 /* postconf(5), configuration parameters 306 /* master(5), generic daemon options 307 /* master(8), process manager 308 /* syslogd(8), system logging 309 /* README FILES 310 /* .ad 311 /* .fi 312 /* Use "\fBpostconf readme_directory\fR" or 313 /* "\fBpostconf html_directory\fR" to locate this information. 314 /* .na 315 /* .nf 316 /* QSHAPE_README, Postfix queue analysis 317 /* LICENSE 318 /* .ad 319 /* .fi 320 /* The Secure Mailer license must be distributed with this software. 321 /* AUTHOR(S) 322 /* Wietse Venema 323 /* IBM T.J. Watson Research 324 /* P.O. Box 704 325 /* Yorktown Heights, NY 10598, USA 326 /*--*/ 327 328 /* System library. */ 329 330 #include <sys_defs.h> 331 #include <stdlib.h> 332 #include <unistd.h> 333 #include <ctype.h> 334 335 /* Utility library. */ 336 337 #include <msg.h> 338 #include <events.h> 339 #include <vstream.h> 340 #include <dict.h> 341 342 /* Global library. */ 343 344 #include <mail_queue.h> 345 #include <recipient_list.h> 346 #include <mail_conf.h> 347 #include <mail_params.h> 348 #include <mail_version.h> 349 #include <mail_proto.h> /* QMGR_SCAN constants */ 350 #include <mail_flow.h> 351 #include <flush_clnt.h> 352 353 /* Master process interface */ 354 355 #include <master_proto.h> 356 #include <mail_server.h> 357 358 /* Application-specific. */ 359 360 #include "qmgr.h" 361 362 /* 363 * Tunables. 364 */ 365 int var_queue_run_delay; 366 int var_min_backoff_time; 367 int var_max_backoff_time; 368 int var_max_queue_time; 369 int var_dsn_queue_time; 370 int var_qmgr_active_limit; 371 int var_qmgr_rcpt_limit; 372 int var_init_dest_concurrency; 373 int var_transport_retry_time; 374 int var_dest_con_limit; 375 int var_dest_rcpt_limit; 376 char *var_defer_xports; 377 int var_qmgr_fudge; 378 int var_local_rcpt_lim; /* XXX */ 379 int var_local_con_lim; /* XXX */ 380 bool var_verp_bounce_off; 381 int var_qmgr_clog_warn_time; 382 char *var_conc_pos_feedback; 383 char *var_conc_neg_feedback; 384 int var_conc_cohort_limit; 385 int var_conc_feedback_debug; 386 int var_dest_rate_delay; 387 char *var_def_filter_nexthop; 388 int var_qmgr_daemon_timeout; 389 int var_qmgr_ipc_timeout; 390 391 static QMGR_SCAN *qmgr_scans[2]; 392 393 #define QMGR_SCAN_IDX_INCOMING 0 394 #define QMGR_SCAN_IDX_DEFERRED 1 395 #define QMGR_SCAN_IDX_COUNT (sizeof(qmgr_scans) / sizeof(qmgr_scans[0])) 396 397 /* qmgr_deferred_run_event - queue manager heartbeat */ 398 399 static void qmgr_deferred_run_event(int unused_event, char *dummy) 400 { 401 402 /* 403 * This routine runs when it is time for another deferred queue scan. 404 * Make sure this routine gets called again in the future. 405 */ 406 qmgr_scan_request(qmgr_scans[QMGR_SCAN_IDX_DEFERRED], QMGR_SCAN_START); 407 event_request_timer(qmgr_deferred_run_event, dummy, var_queue_run_delay); 408 } 409 410 /* qmgr_trigger_event - respond to external trigger(s) */ 411 412 static void qmgr_trigger_event(char *buf, int len, 413 char *unused_service, char **argv) 414 { 415 int incoming_flag = 0; 416 int deferred_flag = 0; 417 int i; 418 419 /* 420 * Sanity check. This service takes no command-line arguments. 421 */ 422 if (argv[0]) 423 msg_fatal("unexpected command-line argument: %s", argv[0]); 424 425 /* 426 * Collapse identical requests that have arrived since we looked last 427 * time. There is no client feedback so there is no need to process each 428 * request in order. And as long as we don't have conflicting requests we 429 * are free to sort them into the most suitable order. 430 */ 431 #define QMGR_FLUSH_BEFORE (QMGR_FLUSH_ONCE | QMGR_FLUSH_DFXP) 432 433 for (i = 0; i < len; i++) { 434 if (msg_verbose) 435 msg_info("request: %d (%c)", 436 buf[i], ISALNUM(buf[i]) ? buf[i] : '?'); 437 switch (buf[i]) { 438 case TRIGGER_REQ_WAKEUP: 439 case QMGR_REQ_SCAN_INCOMING: 440 incoming_flag |= QMGR_SCAN_START; 441 break; 442 case QMGR_REQ_SCAN_DEFERRED: 443 deferred_flag |= QMGR_SCAN_START; 444 break; 445 case QMGR_REQ_FLUSH_DEAD: 446 deferred_flag |= QMGR_FLUSH_BEFORE; 447 incoming_flag |= QMGR_FLUSH_BEFORE; 448 break; 449 case QMGR_REQ_SCAN_ALL: 450 deferred_flag |= QMGR_SCAN_ALL; 451 incoming_flag |= QMGR_SCAN_ALL; 452 break; 453 default: 454 if (msg_verbose) 455 msg_info("request ignored"); 456 break; 457 } 458 } 459 460 /* 461 * Process each request type at most once. Modifiers take effect upon the 462 * next queue run. If no queue run is in progress, and a queue scan is 463 * requested, the request takes effect immediately. 464 */ 465 if (incoming_flag != 0) 466 qmgr_scan_request(qmgr_scans[QMGR_SCAN_IDX_INCOMING], incoming_flag); 467 if (deferred_flag != 0) 468 qmgr_scan_request(qmgr_scans[QMGR_SCAN_IDX_DEFERRED], deferred_flag); 469 } 470 471 /* qmgr_loop - queue manager main loop */ 472 473 static int qmgr_loop(char *unused_name, char **unused_argv) 474 { 475 char *path; 476 int token_count; 477 int feed = 0; 478 int scan_idx; /* Priority order scan index */ 479 static int first_scan_idx = QMGR_SCAN_IDX_INCOMING; 480 int last_scan_idx = QMGR_SCAN_IDX_COUNT - 1; 481 int delay; 482 483 /* 484 * This routine runs as part of the event handling loop, after the event 485 * manager has delivered a timer or I/O event (including the completion 486 * of a connection to a delivery process), or after it has waited for a 487 * specified amount of time. The result value of qmgr_loop() specifies 488 * how long the event manager should wait for the next event. 489 */ 490 #define DONT_WAIT 0 491 #define WAIT_FOR_EVENT (-1) 492 493 /* 494 * Attempt to drain the active queue by allocating a suitable delivery 495 * process and by delivering mail via it. Delivery process allocation and 496 * mail delivery are asynchronous. 497 */ 498 qmgr_active_drain(); 499 500 /* 501 * Let some new blood into the active queue when the queue size is 502 * smaller than some configurable limit, and when the number of in-core 503 * recipients does not exceed some configurable limit. 504 * 505 * We import one message per interrupt, to optimally tune the input count 506 * for the number of delivery agent protocol wait states, as explained in 507 * qmgr_transport.c. 508 */ 509 delay = WAIT_FOR_EVENT; 510 for (scan_idx = 0; qmgr_message_count < var_qmgr_active_limit 511 && qmgr_recipient_count < var_qmgr_rcpt_limit 512 && scan_idx < QMGR_SCAN_IDX_COUNT; ++scan_idx) { 513 last_scan_idx = (scan_idx + first_scan_idx) % QMGR_SCAN_IDX_COUNT; 514 if ((path = qmgr_scan_next(qmgr_scans[last_scan_idx])) != 0) { 515 delay = DONT_WAIT; 516 if ((feed = qmgr_active_feed(qmgr_scans[last_scan_idx], path)) != 0) 517 break; 518 } 519 } 520 521 /* 522 * Round-robin the queue scans. When the active queue becomes full, 523 * prefer new mail over deferred mail. 524 */ 525 if (qmgr_message_count < var_qmgr_active_limit 526 && qmgr_recipient_count < var_qmgr_rcpt_limit) { 527 first_scan_idx = (last_scan_idx + 1) % QMGR_SCAN_IDX_COUNT; 528 } else if (first_scan_idx != QMGR_SCAN_IDX_INCOMING) { 529 first_scan_idx = QMGR_SCAN_IDX_INCOMING; 530 } 531 532 /* 533 * Global flow control. If enabled, slow down receiving processes that 534 * get ahead of the queue manager, but don't block them completely. 535 */ 536 if (var_in_flow_delay > 0) { 537 token_count = mail_flow_count(); 538 if (token_count < var_proc_limit) { 539 if (feed != 0 && last_scan_idx == QMGR_SCAN_IDX_INCOMING) 540 mail_flow_put(1); 541 else if (qmgr_scans[QMGR_SCAN_IDX_INCOMING]->handle == 0) 542 mail_flow_put(var_proc_limit - token_count); 543 } else if (token_count > var_proc_limit) { 544 mail_flow_get(token_count - var_proc_limit); 545 } 546 } 547 return (delay); 548 } 549 550 /* pre_accept - see if tables have changed */ 551 552 static void pre_accept(char *unused_name, char **unused_argv) 553 { 554 const char *table; 555 556 if ((table = dict_changed_name()) != 0) { 557 msg_info("table %s has changed -- restarting", table); 558 exit(0); 559 } 560 } 561 562 /* qmgr_pre_init - pre-jail initialization */ 563 564 static void qmgr_pre_init(char *unused_name, char **unused_argv) 565 { 566 flush_init(); 567 } 568 569 /* qmgr_post_init - post-jail initialization */ 570 571 static void qmgr_post_init(char *unused_name, char **unused_argv) 572 { 573 574 /* 575 * Sanity check. 576 */ 577 if (var_qmgr_rcpt_limit < var_qmgr_active_limit) { 578 msg_warn("%s is smaller than %s - adjusting %s", 579 VAR_QMGR_RCPT_LIMIT, VAR_QMGR_ACT_LIMIT, VAR_QMGR_RCPT_LIMIT); 580 var_qmgr_rcpt_limit = var_qmgr_active_limit; 581 } 582 if (var_dsn_queue_time > var_max_queue_time) { 583 msg_warn("%s is larger than %s - adjusting %s", 584 VAR_DSN_QUEUE_TIME, VAR_MAX_QUEUE_TIME, VAR_DSN_QUEUE_TIME); 585 var_dsn_queue_time = var_max_queue_time; 586 } 587 588 /* 589 * This routine runs after the skeleton code has entered the chroot jail. 590 * Prevent automatic process suicide after a limited number of client 591 * requests or after a limited amount of idle time. Move any left-over 592 * entries from the active queue to the incoming queue, and give them a 593 * time stamp into the future, in order to allow ongoing deliveries to 594 * finish first. Start scanning the incoming and deferred queues. 595 * Left-over active queue entries are moved to the incoming queue because 596 * the incoming queue has priority; moving left-overs to the deferred 597 * queue could cause anomalous delays when "postfix reload/start" are 598 * issued often. Override the IPC timeout (default 3600s) so that the 599 * queue manager can reset a broken IPC channel before the watchdog timer 600 * goes off. 601 */ 602 var_ipc_timeout = var_qmgr_ipc_timeout; 603 var_use_limit = 0; 604 var_idle_limit = 0; 605 qmgr_move(MAIL_QUEUE_ACTIVE, MAIL_QUEUE_INCOMING, event_time()); 606 qmgr_scans[QMGR_SCAN_IDX_INCOMING] = qmgr_scan_create(MAIL_QUEUE_INCOMING); 607 qmgr_scans[QMGR_SCAN_IDX_DEFERRED] = qmgr_scan_create(MAIL_QUEUE_DEFERRED); 608 qmgr_scan_request(qmgr_scans[QMGR_SCAN_IDX_INCOMING], QMGR_SCAN_START); 609 qmgr_deferred_run_event(0, (char *) 0); 610 } 611 612 MAIL_VERSION_STAMP_DECLARE; 613 614 /* main - the main program */ 615 616 int main(int argc, char **argv) 617 { 618 static const CONFIG_STR_TABLE str_table[] = { 619 VAR_DEFER_XPORTS, DEF_DEFER_XPORTS, &var_defer_xports, 0, 0, 620 VAR_CONC_POS_FDBACK, DEF_CONC_POS_FDBACK, &var_conc_pos_feedback, 1, 0, 621 VAR_CONC_NEG_FDBACK, DEF_CONC_NEG_FDBACK, &var_conc_neg_feedback, 1, 0, 622 VAR_DEF_FILTER_NEXTHOP, DEF_DEF_FILTER_NEXTHOP, &var_def_filter_nexthop, 0, 0, 623 0, 624 }; 625 static const CONFIG_TIME_TABLE time_table[] = { 626 VAR_QUEUE_RUN_DELAY, DEF_QUEUE_RUN_DELAY, &var_queue_run_delay, 1, 0, 627 VAR_MIN_BACKOFF_TIME, DEF_MIN_BACKOFF_TIME, &var_min_backoff_time, 1, 0, 628 VAR_MAX_BACKOFF_TIME, DEF_MAX_BACKOFF_TIME, &var_max_backoff_time, 1, 0, 629 VAR_MAX_QUEUE_TIME, DEF_MAX_QUEUE_TIME, &var_max_queue_time, 0, 8640000, 630 VAR_DSN_QUEUE_TIME, DEF_DSN_QUEUE_TIME, &var_dsn_queue_time, 0, 8640000, 631 VAR_XPORT_RETRY_TIME, DEF_XPORT_RETRY_TIME, &var_transport_retry_time, 1, 0, 632 VAR_QMGR_CLOG_WARN_TIME, DEF_QMGR_CLOG_WARN_TIME, &var_qmgr_clog_warn_time, 0, 0, 633 VAR_DEST_RATE_DELAY, DEF_DEST_RATE_DELAY, &var_dest_rate_delay, 0, 0, 634 VAR_QMGR_DAEMON_TIMEOUT, DEF_QMGR_DAEMON_TIMEOUT, &var_qmgr_daemon_timeout, 1, 0, 635 VAR_QMGR_IPC_TIMEOUT, DEF_QMGR_IPC_TIMEOUT, &var_qmgr_ipc_timeout, 1, 0, 636 0, 637 }; 638 static const CONFIG_INT_TABLE int_table[] = { 639 VAR_QMGR_ACT_LIMIT, DEF_QMGR_ACT_LIMIT, &var_qmgr_active_limit, 1, 0, 640 VAR_QMGR_RCPT_LIMIT, DEF_QMGR_RCPT_LIMIT, &var_qmgr_rcpt_limit, 1, 0, 641 VAR_INIT_DEST_CON, DEF_INIT_DEST_CON, &var_init_dest_concurrency, 1, 0, 642 VAR_DEST_CON_LIMIT, DEF_DEST_CON_LIMIT, &var_dest_con_limit, 0, 0, 643 VAR_DEST_RCPT_LIMIT, DEF_DEST_RCPT_LIMIT, &var_dest_rcpt_limit, 0, 0, 644 VAR_QMGR_FUDGE, DEF_QMGR_FUDGE, &var_qmgr_fudge, 10, 100, 645 VAR_LOCAL_RCPT_LIMIT, DEF_LOCAL_RCPT_LIMIT, &var_local_rcpt_lim, 0, 0, 646 VAR_LOCAL_CON_LIMIT, DEF_LOCAL_CON_LIMIT, &var_local_con_lim, 0, 0, 647 VAR_CONC_COHORT_LIM, DEF_CONC_COHORT_LIM, &var_conc_cohort_limit, 0, 0, 648 0, 649 }; 650 static const CONFIG_BOOL_TABLE bool_table[] = { 651 VAR_VERP_BOUNCE_OFF, DEF_VERP_BOUNCE_OFF, &var_verp_bounce_off, 652 VAR_CONC_FDBACK_DEBUG, DEF_CONC_FDBACK_DEBUG, &var_conc_feedback_debug, 653 0, 654 }; 655 656 /* 657 * Fingerprint executables and core dumps. 658 */ 659 MAIL_VERSION_STAMP_ALLOCATE; 660 661 /* 662 * Use the trigger service skeleton, because no-one else should be 663 * monitoring our service port while this process runs, and because we do 664 * not talk back to the client. 665 */ 666 trigger_server_main(argc, argv, qmgr_trigger_event, 667 MAIL_SERVER_INT_TABLE, int_table, 668 MAIL_SERVER_STR_TABLE, str_table, 669 MAIL_SERVER_BOOL_TABLE, bool_table, 670 MAIL_SERVER_TIME_TABLE, time_table, 671 MAIL_SERVER_PRE_INIT, qmgr_pre_init, 672 MAIL_SERVER_POST_INIT, qmgr_post_init, 673 MAIL_SERVER_LOOP, qmgr_loop, 674 MAIL_SERVER_PRE_ACCEPT, pre_accept, 675 MAIL_SERVER_SOLITARY, 676 MAIL_SERVER_WATCHDOG, &var_qmgr_daemon_timeout, 677 0); 678 } 679