On Fri, Jun 27, 2014 at 04:16:44PM +0200, Markus Benning wrote:
>
> Am 27.06.2014 15:31 schrieb wie...@porcupine.org:
> >
> > Wietse:
> > > Why not patch Postfix ONLY to implement a configurable connection
> > > use limit that is less than the limit in the policy daemon?
> >
> > Markus Benning:
> > > This would require that the connections can be shared across
> > > smtpd server processes and to use a connection pool.
> >
> > OK, here is my last attempt. Please pay attention.
> >
> > You have a policy daemon that wants to disconnect after N requests
> > (N >= 1) PER POLICY CONNECTION. Why not patch the Postfix policy
> > client to disconnect after N policy requests AND STOP THERE? Why
> > do you also have muck with the pause-after-error safety mechanism?
> >
> > Wietse
>
> Okay, thats exactly what the max_keepalive part of the patch does.
> I'll remove the error sleep timer changes on monday and resend the patch.
>
> Markus
Okay, i reverted the pause after error changes.
The max_keepalive parameter has been renamed to
smtpd_policy_service_reuse_count_limit to be closer to the
naming scheme of the other parameters.
And i added some documentation to the patch.
Markus
diff -uNr postfix-2.11.1.orig/html/postconf.5.html postfix-2.11.1/html/postconf.5.html
--- postfix-2.11.1.orig/html/postconf.5.html 2014-06-26 16:54:03.000000000 +0200
+++ postfix-2.11.1/html/postconf.5.html 2014-06-30 09:30:59.000000000 +0200
@@ -13770,6 +13770,21 @@
</DD>
+<DT><b><a name="smtpd_policy_service_reuse_count_limit">smtpd_policy_service_reuse_count_limit</a>
+(default: 0)</b></DT><DD>
+
+<p>
+The number of requests after that the Postfix SMTP server closes the
+connection to a policy server, or zero (no limit).
+</p>
+
+<p>
+This feature is available in Postfix 2.12 and later.
+</p>
+
+
+</DD>
+
<DT><b><a name="smtpd_policy_service_timeout">smtpd_policy_service_timeout</a>
(default: 100s)</b></DT><DD>
diff -uNr postfix-2.11.1.orig/html/SMTPD_POLICY_README.html postfix-2.11.1/html/SMTPD_POLICY_README.html
--- postfix-2.11.1.orig/html/SMTPD_POLICY_README.html 2014-06-26 16:54:03.000000000 +0200
+++ postfix-2.11.1/html/SMTPD_POLICY_README.html 2014-06-30 09:30:56.000000000 +0200
@@ -227,6 +227,10 @@
Instead the server must log a warning and disconnect. Postfix will
retry the request at some later time. </p>
+<p> If the policy server enforces an limit of maximum requests per
+connection smtpd_policy_service_reuse_count_limit should be set to
+use the same limit to avoid delayed reconnects. </p>
+
<h2><a name="client_config">Policy client/server configuration</a></h2>
<p> The Postfix delegated policy client can connect to a TCP socket
@@ -340,6 +344,10 @@
<li> <p> <a href="postconf.5.html#smtpd_policy_service_timeout">smtpd_policy_service_timeout</a> (default: 100s): The time
limit to connect to, send to or receive from a policy server. </p>
+<li> <p> smtpd_policy_service_reuse_count_limit (default: 0): The number of
+requests after that the Postfix SMTP server closes the connection,
+or zero (no limit). </p>
+
</ul>
<h2><a name="greylist">Example: greylist policy server</a></h2>
diff -uNr postfix-2.11.1.orig/man/man5/postconf.5 postfix-2.11.1/man/man5/postconf.5
--- postfix-2.11.1.orig/man/man5/postconf.5 2014-06-26 16:54:03.000000000 +0200
+++ postfix-2.11.1/man/man5/postconf.5 2014-06-30 09:30:59.000000000 +0200
@@ -9105,6 +9105,11 @@
closed.
.PP
This feature is available in Postfix 2.1 and later.
+.SH smtpd_policy_service_reuse_count_limit (default: 0)
+The number of requests after that the Postfix SMTP server closes the
+connection to a policy server, or zero (no limit).
+.PP
+This feature is available in Postfix 2.12 and later.
.SH smtpd_policy_service_timeout (default: 100s)
The time limit for connecting to, writing to or receiving from a
delegated SMTPD policy server.
diff -uNr postfix-2.11.1.orig/proto/postconf.proto postfix-2.11.1/proto/postconf.proto
--- postfix-2.11.1.orig/proto/postconf.proto 2014-06-26 16:54:03.000000000 +0200
+++ postfix-2.11.1/proto/postconf.proto 2014-06-30 09:27:16.000000000 +0200
@@ -8230,6 +8230,17 @@
This feature is available in Postfix 2.1 and later.
</p>
+%PARAM smtpd_policy_service_reuse_count_limit 0
+
+<p>
+The number of requests after that the Postfix SMTP server closes the
+connection to a policy server, or zero (no limit).
+</p>
+
+<p>
+This feature is available in Postfix 2.12 and later.
+</p>
+
%PARAM smtpd_reject_unlisted_recipient yes
<p>
diff -uNr postfix-2.11.1.orig/proto/SMTPD_POLICY_README.html postfix-2.11.1/proto/SMTPD_POLICY_README.html
--- postfix-2.11.1.orig/proto/SMTPD_POLICY_README.html 2014-06-26 16:54:03.000000000 +0200
+++ postfix-2.11.1/proto/SMTPD_POLICY_README.html 2014-06-30 09:22:42.000000000 +0200
@@ -227,6 +227,10 @@
Instead the server must log a warning and disconnect. Postfix will
retry the request at some later time. </p>
+<p> If the policy server enforces an limit of maximum requests per
+connection smtpd_policy_service_reuse_count_limit should be set to
+use the same limit to avoid delayed reconnects. </p>
+
<h2><a name="client_config">Policy client/server configuration</a></h2>
<p> The Postfix delegated policy client can connect to a TCP socket
@@ -340,6 +344,10 @@
<li> <p> smtpd_policy_service_timeout (default: 100s): The time
limit to connect to, send to or receive from a policy server. </p>
+<li> <p> smtpd_policy_service_reuse_count_limit (default: 0): The number of
+requests after that the Postfix SMTP server closes the connection,
+or zero (no limit). </p>
+
</ul>
<h2><a name="greylist">Example: greylist policy server</a></h2>
diff -uNr postfix-2.11.1.orig/src/global/anvil_clnt.c postfix-2.11.1/src/global/anvil_clnt.c
--- postfix-2.11.1.orig/src/global/anvil_clnt.c 2014-06-26 16:54:03.000000000 +0200
+++ postfix-2.11.1/src/global/anvil_clnt.c 2014-06-30 08:51:22.000000000 +0200
@@ -163,9 +163,9 @@
*/
#ifndef VAR_ANVIL_SERVICE
anvil_clnt = attr_clnt_create("local:" ANVIL_CLASS "/" ANVIL_SERVICE,
- var_ipc_timeout, 0, 0);
+ var_ipc_timeout, 0, 0, 0);
#else
- anvil_clnt = attr_clnt_create(var_anvil_service, var_ipc_timeout, 0, 0);
+ anvil_clnt = attr_clnt_create(var_anvil_service, var_ipc_timeout, 0, 0, 0);
#endif
return ((ANVIL_CLNT *) anvil_clnt);
}
diff -uNr postfix-2.11.1.orig/src/global/mail_params.h postfix-2.11.1/src/global/mail_params.h
--- postfix-2.11.1.orig/src/global/mail_params.h 2014-06-26 16:54:03.000000000 +0200
+++ postfix-2.11.1/src/global/mail_params.h 2014-06-30 08:54:19.000000000 +0200
@@ -2879,6 +2879,10 @@
#define DEF_SMTPD_POLICY_TMOUT "100s"
extern int var_smtpd_policy_tmout;
+#define VAR_SMTPD_POLICY_REUSE_COUNT "smtpd_policy_service_reuse_count_limit"
+#define DEF_SMTPD_POLICY_REUSE_COUNT 0
+extern int var_smtpd_policy_reuse_count;
+
#define VAR_SMTPD_POLICY_IDLE "smtpd_policy_service_max_idle"
#define DEF_SMTPD_POLICY_IDLE "300s"
extern int var_smtpd_policy_idle;
diff -uNr postfix-2.11.1.orig/src/smtpd/smtpd.c postfix-2.11.1/src/smtpd/smtpd.c
--- postfix-2.11.1.orig/src/smtpd/smtpd.c 2014-06-26 16:54:03.000000000 +0200
+++ postfix-2.11.1/src/smtpd/smtpd.c 2014-06-30 08:55:57.000000000 +0200
@@ -1220,6 +1220,7 @@
char *var_smtpd_proxy_opts;
char *var_input_transp;
int var_smtpd_policy_tmout;
+int var_smtpd_policy_reuse_count;
int var_smtpd_policy_idle;
int var_smtpd_policy_ttl;
char *var_xclient_hosts;
@@ -5314,6 +5315,7 @@
#ifdef USE_TLS
VAR_SMTPD_TLS_CCERT_VD, DEF_SMTPD_TLS_CCERT_VD, &var_smtpd_tls_ccert_vd, 0, 0,
#endif
+ VAR_SMTPD_POLICY_REUSE_COUNT, DEF_SMTPD_POLICY_REUSE_COUNT, &var_smtpd_policy_reuse_count, 0, 0,
0,
};
static const CONFIG_TIME_TABLE time_table[] = {
diff -uNr postfix-2.11.1.orig/src/smtpd/smtpd_check.c postfix-2.11.1/src/smtpd/smtpd_check.c
--- postfix-2.11.1.orig/src/smtpd/smtpd_check.c 2014-06-26 16:54:03.000000000 +0200
+++ postfix-2.11.1/src/smtpd/smtpd_check.c 2014-06-30 08:57:36.000000000 +0200
@@ -463,7 +463,8 @@
(char *) attr_clnt_create(name,
var_smtpd_policy_tmout,
var_smtpd_policy_idle,
- var_smtpd_policy_ttl));
+ var_smtpd_policy_ttl,
+ var_smtpd_policy_reuse_count));
}
/* smtpd_check_parse - pre-parse restrictions */
@@ -5217,6 +5218,7 @@
int var_verify_poll_count;
int var_verify_poll_delay;
int var_smtpd_policy_tmout;
+int var_smtpd_policy_reuse_count;
int var_smtpd_policy_idle;
int var_smtpd_policy_ttl;
int var_smtpd_rej_unl_from;
diff -uNr postfix-2.11.1.orig/src/tls/tls_mgr.c postfix-2.11.1/src/tls/tls_mgr.c
--- postfix-2.11.1.orig/src/tls/tls_mgr.c 2014-06-26 16:54:03.000000000 +0200
+++ postfix-2.11.1/src/tls/tls_mgr.c 2014-06-30 09:06:03.000000000 +0200
@@ -163,7 +163,7 @@
service = concatenate("local:" TLS_MGR_CLASS "/", var_tls_mgr_service,
(char *) 0);
tls_mgr = attr_clnt_create(service, var_ipc_timeout,
- var_ipc_idle_limit, var_ipc_ttl_limit);
+ var_ipc_idle_limit, var_ipc_ttl_limit, 0);
myfree(service);
attr_clnt_control(tls_mgr,
diff -uNr postfix-2.11.1.orig/src/util/attr_clnt.c postfix-2.11.1/src/util/attr_clnt.c
--- postfix-2.11.1.orig/src/util/attr_clnt.c 2014-06-26 16:54:03.000000000 +0200
+++ postfix-2.11.1/src/util/attr_clnt.c 2014-06-30 09:02:50.000000000 +0200
@@ -95,6 +95,8 @@
AUTO_CLNT *auto_clnt;
ATTR_CLNT_PRINT_FN print;
ATTR_CLNT_SCAN_FN scan;
+ int reuse_count_limit;
+ int reuse_counter;
};
/* attr_clnt_free - destroy attribute client */
@@ -108,7 +110,7 @@
/* attr_clnt_create - create attribute client */
ATTR_CLNT *attr_clnt_create(const char *service, int timeout,
- int max_idle, int max_ttl)
+ int max_idle, int max_ttl, int reuse_count)
{
ATTR_CLNT *client;
@@ -116,6 +118,8 @@
client->auto_clnt = auto_clnt_create(service, timeout, max_idle, max_ttl);
client->scan = attr_vscan_plain;
client->print = attr_vprint_plain;
+ client->reuse_count_limit = reuse_count;
+ client->reuse_counter = 0;
return (client);
}
@@ -188,8 +192,14 @@
ret = client->scan(stream, recv_flags, ap);
va_end(ap);
/* Finalize argument lists before returning. */
- if (ret > 0)
+ if (ret > 0) {
+ if( client->reuse_count_limit ) {
+ client->reuse_counter++;
+ if( client->reuse_counter >= client->reuse_count_limit )
+ auto_clnt_recover(client->auto_clnt);
+ }
break;
+ }
}
}
if (++count >= 2
diff -uNr postfix-2.11.1.orig/src/util/attr_clnt.h postfix-2.11.1/src/util/attr_clnt.h
--- postfix-2.11.1.orig/src/util/attr_clnt.h 2014-06-26 16:54:03.000000000 +0200
+++ postfix-2.11.1/src/util/attr_clnt.h 2014-06-30 09:01:44.000000000 +0200
@@ -28,7 +28,7 @@
typedef int (*ATTR_CLNT_PRINT_FN) (VSTREAM *, int, va_list);
typedef int (*ATTR_CLNT_SCAN_FN) (VSTREAM *, int, va_list);
-extern ATTR_CLNT *attr_clnt_create(const char *, int, int, int);
+extern ATTR_CLNT *attr_clnt_create(const char *, int, int, int, int);
extern int attr_clnt_request(ATTR_CLNT *, int,...);
extern void attr_clnt_free(ATTR_CLNT *);
extern void attr_clnt_control(ATTR_CLNT *, int, ...);
