[2024-11-27 11:12] Philipp <phil...@bureaucracy.de>
> I would like to understand whats the reason for this quite low limit.
> Also I'm currently unsure what a reasonable default limit would be.
> An option to change this limit would also be nice. I check if I can
> write a patch for this on the weekend.
I have attached a patch for this. I haven't had the time to test it.
Philipp
From 1244e3c40ab0af30d578e9fe71671a5a5fd60d68 Mon Sep 17 00:00:00 2001
From: Philipp <philipp+open...@bureaucracy.de>
Date: Sun, 1 Dec 2024 12:15:22 +0100
Subject: [PATCH] add connection limit config to control socket
---
usr.sbin/smtpd/config.c | 2 ++
usr.sbin/smtpd/control.c | 3 +--
usr.sbin/smtpd/parse.y | 25 ++++++++++++++++++++++++-
usr.sbin/smtpd/smtpd.h | 2 ++
4 files changed, 29 insertions(+), 3 deletions(-)
diff --git a/usr.sbin/smtpd/config.c b/usr.sbin/smtpd/config.c
index 5e6a278e..cbd0de13 100644
--- a/usr.sbin/smtpd/config.c
+++ b/usr.sbin/smtpd/config.c
@@ -72,6 +72,8 @@ config_default(void)
conf->sc_mda_task_lowat = 30;
conf->sc_mda_task_release = 10;
+ conf->sc_socket_max_connections = 32;
+
/* Report mails delayed for more than 4 hours */
conf->sc_bounce_warn[0] = 3600 * 4;
diff --git a/usr.sbin/smtpd/control.c b/usr.sbin/smtpd/control.c
index 8b29defe..3e7ada58 100644
--- a/usr.sbin/smtpd/control.c
+++ b/usr.sbin/smtpd/control.c
@@ -75,7 +75,6 @@ static struct tree ctl_count;
static struct stat_digest digest;
#define CONTROL_FD_RESERVE 5
-#define CONTROL_MAXCONN_PER_CLIENT 32
static void
control_imsg(struct mproc *p, struct imsg *imsg)
@@ -317,7 +316,7 @@ control_accept(int listenfd, short event, void *arg)
tree_xset(&ctl_count, euid, count);
}
- if (*count == CONTROL_MAXCONN_PER_CLIENT) {
+ if (*count == env->sc_socket_max_connections) {
close(connfd);
log_warnx("warn: too many connections to control socket "
"from user with uid %lu", (unsigned long int)euid);
diff --git a/usr.sbin/smtpd/parse.y b/usr.sbin/smtpd/parse.y
index 795e9527..60a8bd6c 100644
--- a/usr.sbin/smtpd/parse.y
+++ b/usr.sbin/smtpd/parse.y
@@ -179,7 +179,7 @@ typedef struct {
%token ACTION ADMD ALIAS ANY ARROW AUTH AUTH_OPTIONAL
%token BACKUP BOUNCE BYPASS
-%token CA CERT CHAIN CHROOT CIPHERS COMMIT COMPRESSION CONNECT
+%token CA CERT CHAIN CHROOT CIPHERS COMMIT COMPRESSION CONNECT CONTROL
%token DATA DATA_LINE DHE DISCONNECT DOMAIN
%token EHLO ENABLE ENCRYPTION ERROR EXPAND_ONLY
%token FCRDNS FILTER FOR FORWARD_ONLY FROM
@@ -215,6 +215,7 @@ grammar : /* empty */
| grammar bounce '\n'
| grammar admd '\n'
| grammar ca '\n'
+ | grammar control '\n'
| grammar mda '\n'
| grammar mta '\n'
| grammar pki '\n'
@@ -534,6 +535,10 @@ scheduler:
SCHEDULER LIMIT limits_scheduler
;
+control:
+CONTROL LIMIT limits_ctl
+;
+
smtp:
SMTP LIMIT limits_smtp
@@ -2114,6 +2119,23 @@ limits_scheduler: opt_limit_scheduler limits_scheduler
| /* empty */
;
+opt_limit_ctl: STRING NUMBER {
+ if (!strcmp($1, "max-conections")) {
+ conf->sc_socket_max_connections = $2;
+ }
+ else {
+ yyerror("invalid control-socket limit keyword: %s", $1);
+ free($1);
+ YYERROR;
+ }
+ free($1);
+ }
+ ;
+
+limits_ctl: opt_limit_ctl limits_ctl
+ | /* empty */
+ ;
+
opt_sock_listen : FILTER STRING {
struct filter_config *fc;
@@ -2675,6 +2697,7 @@ lookup(char *s)
{ "commit", COMMIT },
{ "compression", COMPRESSION },
{ "connect", CONNECT },
+ { "control", CONTROL },
{ "data", DATA },
{ "data-line", DATA_LINE },
{ "dhe", DHE },
diff --git a/usr.sbin/smtpd/smtpd.h b/usr.sbin/smtpd/smtpd.h
index 413a1c9f..16d89114 100644
--- a/usr.sbin/smtpd/smtpd.h
+++ b/usr.sbin/smtpd/smtpd.h
@@ -610,6 +610,8 @@ struct smtpd {
size_t sc_scheduler_max_msg_batch_size;
size_t sc_scheduler_max_schedule;
+ size_t sc_socket_max_connections;
+
struct dict *sc_filter_processes_dict;
int sc_ttl;
--
2.39.5
