Quoting "Eric Shubert" <[email protected]>:
To be clear about this, the symptom/result of this bug is defunct
qmail-spamd processes. Their parents are spamdyke processes that are
waiting for "TLS ended and closed" events that never occur. This is
typically after a TIMEOUT error message that is issued after any one of
the spamdyke DENIED_* rejections. Killing the parent spamdyke processes
clears things up effectively.
I may change my mind about this :-/
(I do hate making myself look like an idiot)
The attached patch adds a timeout on STARTTLS, if idle-timeout-secs is set.
You may get some offset warnings from patch, but that's because I have
other patches installed.
AFAICT, other SSL usage is fine (quick check), but I'll have another
look at some point.
Apologies for doubting you.
-trog
diff -u -r spamdyke-4.0.10-grayweeks+revc-hr+tls-ciphers+local/spamdyke/tls.c spamdyke-4.0.10/spamdyke/tls.c
--- spamdyke-4.0.10-grayweeks+revc-hr+tls-ciphers+local/spamdyke/tls.c 2010-03-05 13:12:45.160555290 +0000
+++ spamdyke-4.0.10/spamdyke/tls.c 2010-03-17 12:18:17.441884929 +0000
@@ -283,6 +283,39 @@
return(tls_init_inner(current_settings, ¤t_settings->tls_context, ¤t_settings->tls_session));
}
+int tls_can_read_fd(struct filter_settings *current_settings, int read_fd)
+ {
+ fd_set listen_set;
+ struct timeval listen_timeout;
+ int return_value;
+
+ listen_timeout.tv_sec = 0;
+ listen_timeout.tv_usec = 0;
+
+ FD_ZERO(&listen_set);
+ FD_SET(read_fd, &listen_set);
+
+ if (current_settings->current_options->timeout_command > 0)
+ {
+ listen_timeout.tv_sec = MAXVAL(2, current_settings->current_options->timeout_command);
+
+ if ((listen_timeout.tv_sec == 0) ||
+ (listen_timeout.tv_sec < MIN_SELECT_SECS_TIMEOUT))
+ {
+ listen_timeout.tv_sec = MIN_SELECT_SECS_TIMEOUT;
+ listen_timeout.tv_usec = MIN_SELECT_USECS_TIMEOUT;
+ }
+ }
+
+ if (select(read_fd + 1, &listen_set, NULL, NULL, (current_settings->current_options->timeout_command > 0) ? &listen_timeout : NULL) == 1)
+ return_value = 1;
+ else {
+ return_value = 0;
+ }
+
+ return return_value;
+ }
+
/*
* Return value:
* ERROR: 0
@@ -297,7 +330,8 @@
if ((current_settings->tls_session != NULL) &&
SSL_set_rfd(current_settings->tls_session, read_fd) &&
- SSL_set_wfd(current_settings->tls_session, write_fd))
+ SSL_set_wfd(current_settings->tls_session, write_fd) &&
+ tls_can_read_fd(current_settings, read_fd))
if ((tls_return = SSL_accept(current_settings->tls_session)) == 1)
{
SSL_set_mode(current_settings->tls_session, SSL_MODE_ENABLE_PARTIAL_WRITE);
@@ -309,8 +343,6 @@
}
else
SPAMDYKE_LOG_VERBOSE(current_settings, LOG_ERROR_TLS_ACCEPT ": %s", tls_error(current_settings, tls_return));
- else
- SPAMDYKE_LOG_ERROR(current_settings, LOG_ERROR_TLS_INIT);
return(return_value);
}_______________________________________________
spamdyke-users mailing list
[email protected]
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
