Hello,
> Am 20.12.2024 um 19:26 schrieb Wietse Venema via Postfix-devel
> <[email protected]>:
>
> Christian Roessner via Postfix-devel:
>> Hi,
>>
>> why does exist a hard coded limit of 100000 characters in the
>> netstring payload for socket maps? I have a customer who uses a
>> socketmap for virtual aliases and he had to switch to the memcache
>> protocol (he wrote a service speaking memcache) to workaround this
>> issue, because memcache values seem not to have this limit.
>
> Even memcached has limits, he just hasn't run into them.
>
> Postfix virtual aliases have multiple limits. In fact, Postfix has
> limits for everything, to prevent one bad actior from locking up
> the entire server.
>
>> Would it be possible to either drop this limit,
>
> Sorry, that would make Postfix vulnerable by default, and that is
> undesirable.
>
>> set it higher it or have a configuration parameter for it?
>
> It could be made configurable. For an example of this, see how the
> "berkeley_db_read_buffer_size" configuration parameter controls a
> global variable in the dict_db.c module.
>
> Such a global variable already exists in dict_sockmap.c.
It is about 25 years ago that I did C-programming, so please be nice to me, if
my first attempt is not perfect ;-)
Could you please give me a hint, if the following approach goes into the right
direction?
---------------------------------------------------------------------------------------------------------
diff --color -Naur postfix-3.9.1/src/global/mail_params.c
postfix-3.9.1-with-sockmap_var/src/global/mail_params.c
--- postfix-3.9.1/src/global/mail_params.c 2023-06-10 23:15:48
+++ postfix-3.9.1-with-sockmap_var/src/global/mail_params.c 2025-01-03
13:07:38
@@ -352,6 +352,7 @@
int var_verify_neg_cache;
int var_oldlog_compat;
int var_delay_max_res;
+int var_sockmap_max_reply;
char *var_int_filt_classes;
int var_cyrus_sasl_authzid;
@@ -838,6 +839,7 @@
VAR_MIME_BOUND_LEN, DEF_MIME_BOUND_LEN, &var_mime_bound_len, 1, 0,
VAR_DELAY_MAX_RES, DEF_DELAY_MAX_RES, &var_delay_max_res,
MIN_DELAY_MAX_RES, MAX_DELAY_MAX_RES,
VAR_INET_WINDOW, DEF_INET_WINDOW, &var_inet_windowsize, 0, 0,
+ VAR_SOCKMAP_MAX_REPLY, DEF_SOCKMAP_MAX_REPLY, &var_sockmap_max_reply, 1, 0,
0,
};
static const CONFIG_LONG_TABLE long_defaults[] = {
@@ -986,6 +988,7 @@
check_overlap();
dict_db_cache_size = var_db_read_buf;
dict_lmdb_map_size = var_lmdb_map_size;
+ dict_sockmap_max_reply = var_sockmap_max_reply;
inet_windowsize = var_inet_windowsize;
if (set_logwriter_create_perms(var_maillog_file_perms) < 0)
msg_warn("ignoring bad permissions: %s = %s",
diff --color -Naur postfix-3.9.1/src/global/mail_params.h
postfix-3.9.1-with-sockmap_var/src/global/mail_params.h
--- postfix-3.9.1/src/global/mail_params.h 2024-02-20 16:37:05
+++ postfix-3.9.1-with-sockmap_var/src/global/mail_params.h 2025-01-03
13:10:22
@@ -4455,6 +4455,14 @@
#define DEF_ALLOW_SRV_FALLBACK 0
extern bool var_allow_srv_fallback;
+ /*
+ * Limit for the sockmap reply size
+ */
+#define VAR_SOCKMAP_MAX_REPLY "socketmap_max_reply_size"
+#define DEF_SOCKMAP_MAX_REPLY 100000 /* reply size limit */
+extern int dict_sockmap_max_reply;
+extern int var_sockmap_max_reply;
+
/* LICENSE
/* .ad
/* .fi
diff --color -Naur postfix-3.9.1/src/util/dict_sockmap.c
postfix-3.9.1-with-sockmap_var/src/util/dict_sockmap.c
--- postfix-3.9.1/src/util/dict_sockmap.c 2020-09-13 17:18:21
+++ postfix-3.9.1-with-sockmap_var/src/util/dict_sockmap.c 2025-01-03
12:40:09
@@ -111,7 +111,6 @@
* Default limits.
*/
#define DICT_SOCKMAP_DEF_TIMEOUT 100 /* connect/read/write timeout */
-#define DICT_SOCKMAP_DEF_MAX_REPLY 100000 /* reply size limit */
#define DICT_SOCKMAP_DEF_MAX_IDLE 10 /* close idle socket */
#define DICT_SOCKMAP_DEF_MAX_TTL 100 /* close old socket */
@@ -119,7 +118,7 @@
* Class variables.
*/
static int dict_sockmap_timeout = DICT_SOCKMAP_DEF_TIMEOUT;
-static int dict_sockmap_max_reply = DICT_SOCKMAP_DEF_MAX_REPLY;
+int dict_sockmap_max_reply;
static int dict_sockmap_max_idle = DICT_SOCKMAP_DEF_MAX_IDLE;
static int dict_sockmap_max_ttl = DICT_SOCKMAP_DEF_MAX_TTL;
---------------------------------------------------------------------------------------------------------
I ran:
- make makefiles
- make
No errors so far.
Thanks for any hints to make it better. Also, the documentation part is
missing. I am not a perfect English speaker/writer, so I am not sure, if you
would prefer adding the parameter documentation yourself.
Many thanks in advance
Christian Rößner
--
Rößner-Network-Solutions
Zertifizierter ITSiBe / CISO
Marburger Str. 70a, 36304 Alsfeld
Fax: +49 6631 78823409, Mobil: +49 171 9905345
USt-IdNr.: DE225643613, https://roessner.website
PGP fingerprint: 658D 1342 B762 F484 2DDF 1E88 38A5 4346 D727 94E5
_______________________________________________
Postfix-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
