Re: [PATCH] smtpd_policy_service_(error_sleep_time|max_keepalive)

Mon, 30 Jun 2014 00:45:25 -0700 

On Fri, Jun 27, 2014 at 04:16:44PM +0200, Markus Benning wrote:
> 
> Am 27.06.2014 15:31 schrieb [email protected]:
> >
> > Wietse: 
> > > Why not patch Postfix ONLY to implement a configurable connection 
> > > use limit that is less than the limit in the policy daemon? 
> >
> > Markus Benning: 
> > > This would require that the connections can be shared across 
> > > smtpd server processes and to use a connection pool. 
> >
> > OK, here is my last attempt. Please pay attention. 
> >
> > You have a policy daemon that wants to disconnect after N requests 
> > (N >= 1) PER POLICY CONNECTION. Why not patch the Postfix policy 
> > client to disconnect after N policy requests AND STOP THERE? Why 
> > do you also have muck with the pause-after-error safety mechanism? 
> >
> > Wietse
> 
> Okay, thats exactly what the max_keepalive part of the patch does.     
> I'll remove the error sleep timer changes on monday and resend the patch.
> 
>   Markus

Okay, i reverted the pause after error changes.

The max_keepalive parameter has been renamed to
smtpd_policy_service_reuse_count_limit to be closer to the
naming scheme of the other parameters.

And i added some documentation to the patch.

 Markus


diff -uNr postfix-2.11.1.orig/html/postconf.5.html postfix-2.11.1/html/postconf.5.html
--- postfix-2.11.1.orig/html/postconf.5.html	2014-06-26 16:54:03.000000000 +0200
+++ postfix-2.11.1/html/postconf.5.html	2014-06-30 09:30:59.000000000 +0200
@@ -13770,6 +13770,21 @@
 
 </DD>
 
+<DT><b><a name="smtpd_policy_service_reuse_count_limit">smtpd_policy_service_reuse_count_limit</a>
+(default: 0)</b></DT><DD>
+
+<p>
+The number of requests after that the Postfix SMTP server closes the
+connection to a policy server, or zero (no limit).
+</p>
+
+<p>
+This feature is available in Postfix 2.12 and later.
+</p>
+
+
+</DD>
+
 <DT><b><a name="smtpd_policy_service_timeout">smtpd_policy_service_timeout</a>
 (default: 100s)</b></DT><DD>
 
diff -uNr postfix-2.11.1.orig/html/SMTPD_POLICY_README.html postfix-2.11.1/html/SMTPD_POLICY_README.html
--- postfix-2.11.1.orig/html/SMTPD_POLICY_README.html	2014-06-26 16:54:03.000000000 +0200
+++ postfix-2.11.1/html/SMTPD_POLICY_README.html	2014-06-30 09:30:56.000000000 +0200
@@ -227,6 +227,10 @@
 Instead the server must log a warning and disconnect.  Postfix will
 retry the request at some later time.  </p>
 
+<p> If the policy server enforces an limit of maximum requests per
+connection smtpd_policy_service_reuse_count_limit should be set to
+use the same limit to avoid delayed reconnects. </p>
+
 <h2><a name="client_config">Policy client/server configuration</a></h2>
 
 <p> The Postfix delegated policy client can connect to a TCP socket
@@ -340,6 +344,10 @@
 <li> <p> <a href="postconf.5.html#smtpd_policy_service_timeout">smtpd_policy_service_timeout</a> (default: 100s): The time
 limit to connect to, send to or receive from a policy server. </p>
 
+<li> <p> smtpd_policy_service_reuse_count_limit (default: 0): The number of
+requests after that the Postfix SMTP server closes the connection,
+or zero (no limit). </p>
+
 </ul>
 
 <h2><a name="greylist">Example: greylist policy server</a></h2>
diff -uNr postfix-2.11.1.orig/man/man5/postconf.5 postfix-2.11.1/man/man5/postconf.5
--- postfix-2.11.1.orig/man/man5/postconf.5	2014-06-26 16:54:03.000000000 +0200
+++ postfix-2.11.1/man/man5/postconf.5	2014-06-30 09:30:59.000000000 +0200
@@ -9105,6 +9105,11 @@
 closed.
 .PP
 This feature is available in Postfix 2.1 and later.
+.SH smtpd_policy_service_reuse_count_limit (default: 0)
+The number of requests after that the Postfix SMTP server closes the
+connection to a policy server, or zero (no limit).
+.PP
+This feature is available in Postfix 2.12 and later.
 .SH smtpd_policy_service_timeout (default: 100s)
 The time limit for connecting to, writing to or receiving from a
 delegated SMTPD policy server.
diff -uNr postfix-2.11.1.orig/proto/postconf.proto postfix-2.11.1/proto/postconf.proto
--- postfix-2.11.1.orig/proto/postconf.proto	2014-06-26 16:54:03.000000000 +0200
+++ postfix-2.11.1/proto/postconf.proto	2014-06-30 09:27:16.000000000 +0200
@@ -8230,6 +8230,17 @@
 This feature is available in Postfix 2.1 and later.
 </p>
 
+%PARAM smtpd_policy_service_reuse_count_limit 0
+
+<p>
+The number of requests after that the Postfix SMTP server closes the
+connection to a policy server, or zero (no limit).
+</p>
+
+<p>
+This feature is available in Postfix 2.12 and later.
+</p>
+
 %PARAM smtpd_reject_unlisted_recipient yes
 
 <p>
diff -uNr postfix-2.11.1.orig/proto/SMTPD_POLICY_README.html postfix-2.11.1/proto/SMTPD_POLICY_README.html
--- postfix-2.11.1.orig/proto/SMTPD_POLICY_README.html	2014-06-26 16:54:03.000000000 +0200
+++ postfix-2.11.1/proto/SMTPD_POLICY_README.html	2014-06-30 09:22:42.000000000 +0200
@@ -227,6 +227,10 @@
 Instead the server must log a warning and disconnect.  Postfix will
 retry the request at some later time.  </p>
 
+<p> If the policy server enforces an limit of maximum requests per
+connection smtpd_policy_service_reuse_count_limit should be set to
+use the same limit to avoid delayed reconnects. </p>
+
 <h2><a name="client_config">Policy client/server configuration</a></h2>
 
 <p> The Postfix delegated policy client can connect to a TCP socket
@@ -340,6 +344,10 @@
 <li> <p> smtpd_policy_service_timeout (default: 100s): The time
 limit to connect to, send to or receive from a policy server. </p>
 
+<li> <p> smtpd_policy_service_reuse_count_limit (default: 0): The number of
+requests after that the Postfix SMTP server closes the connection,
+or zero (no limit). </p>
+
 </ul>
 
 <h2><a name="greylist">Example: greylist policy server</a></h2>
diff -uNr postfix-2.11.1.orig/src/global/anvil_clnt.c postfix-2.11.1/src/global/anvil_clnt.c
--- postfix-2.11.1.orig/src/global/anvil_clnt.c	2014-06-26 16:54:03.000000000 +0200
+++ postfix-2.11.1/src/global/anvil_clnt.c	2014-06-30 08:51:22.000000000 +0200
@@ -163,9 +163,9 @@
      */
 #ifndef VAR_ANVIL_SERVICE
     anvil_clnt = attr_clnt_create("local:" ANVIL_CLASS "/" ANVIL_SERVICE,
-				  var_ipc_timeout, 0, 0);
+				  var_ipc_timeout, 0, 0, 0);
 #else
-    anvil_clnt = attr_clnt_create(var_anvil_service, var_ipc_timeout, 0, 0);
+    anvil_clnt = attr_clnt_create(var_anvil_service, var_ipc_timeout, 0, 0, 0);
 #endif
     return ((ANVIL_CLNT *) anvil_clnt);
 }
diff -uNr postfix-2.11.1.orig/src/global/mail_params.h postfix-2.11.1/src/global/mail_params.h
--- postfix-2.11.1.orig/src/global/mail_params.h	2014-06-26 16:54:03.000000000 +0200
+++ postfix-2.11.1/src/global/mail_params.h	2014-06-30 08:54:19.000000000 +0200
@@ -2879,6 +2879,10 @@
 #define DEF_SMTPD_POLICY_TMOUT		"100s"
 extern int var_smtpd_policy_tmout;
 
+#define VAR_SMTPD_POLICY_REUSE_COUNT         "smtpd_policy_service_reuse_count_limit"
+#define DEF_SMTPD_POLICY_REUSE_COUNT         0
+extern int var_smtpd_policy_reuse_count;
+
 #define VAR_SMTPD_POLICY_IDLE		"smtpd_policy_service_max_idle"
 #define DEF_SMTPD_POLICY_IDLE		"300s"
 extern int var_smtpd_policy_idle;
diff -uNr postfix-2.11.1.orig/src/smtpd/smtpd.c postfix-2.11.1/src/smtpd/smtpd.c
--- postfix-2.11.1.orig/src/smtpd/smtpd.c	2014-06-26 16:54:03.000000000 +0200
+++ postfix-2.11.1/src/smtpd/smtpd.c	2014-06-30 08:55:57.000000000 +0200
@@ -1220,6 +1220,7 @@
 char   *var_smtpd_proxy_opts;
 char   *var_input_transp;
 int     var_smtpd_policy_tmout;
+int     var_smtpd_policy_reuse_count;
 int     var_smtpd_policy_idle;
 int     var_smtpd_policy_ttl;
 char   *var_xclient_hosts;
@@ -5314,6 +5315,7 @@
 #ifdef USE_TLS
 	VAR_SMTPD_TLS_CCERT_VD, DEF_SMTPD_TLS_CCERT_VD, &var_smtpd_tls_ccert_vd, 0, 0,
 #endif
+	VAR_SMTPD_POLICY_REUSE_COUNT, DEF_SMTPD_POLICY_REUSE_COUNT, &var_smtpd_policy_reuse_count, 0, 0,
 	0,
     };
     static const CONFIG_TIME_TABLE time_table[] = {
diff -uNr postfix-2.11.1.orig/src/smtpd/smtpd_check.c postfix-2.11.1/src/smtpd/smtpd_check.c
--- postfix-2.11.1.orig/src/smtpd/smtpd_check.c	2014-06-26 16:54:03.000000000 +0200
+++ postfix-2.11.1/src/smtpd/smtpd_check.c	2014-06-30 08:57:36.000000000 +0200
@@ -463,7 +463,8 @@
 		     (char *) attr_clnt_create(name,
 					       var_smtpd_policy_tmout,
 					       var_smtpd_policy_idle,
-					       var_smtpd_policy_ttl));
+					       var_smtpd_policy_ttl,
+					       var_smtpd_policy_reuse_count));
 }
 
 /* smtpd_check_parse - pre-parse restrictions */
@@ -5217,6 +5218,7 @@
 int     var_verify_poll_count;
 int     var_verify_poll_delay;
 int     var_smtpd_policy_tmout;
+int     var_smtpd_policy_reuse_count;
 int     var_smtpd_policy_idle;
 int     var_smtpd_policy_ttl;
 int     var_smtpd_rej_unl_from;
diff -uNr postfix-2.11.1.orig/src/tls/tls_mgr.c postfix-2.11.1/src/tls/tls_mgr.c
--- postfix-2.11.1.orig/src/tls/tls_mgr.c	2014-06-26 16:54:03.000000000 +0200
+++ postfix-2.11.1/src/tls/tls_mgr.c	2014-06-30 09:06:03.000000000 +0200
@@ -163,7 +163,7 @@
     service = concatenate("local:" TLS_MGR_CLASS "/", var_tls_mgr_service,
 			  (char *) 0);
     tls_mgr = attr_clnt_create(service, var_ipc_timeout,
-			       var_ipc_idle_limit, var_ipc_ttl_limit);
+			       var_ipc_idle_limit, var_ipc_ttl_limit, 0);
     myfree(service);
 
     attr_clnt_control(tls_mgr,
diff -uNr postfix-2.11.1.orig/src/util/attr_clnt.c postfix-2.11.1/src/util/attr_clnt.c
--- postfix-2.11.1.orig/src/util/attr_clnt.c	2014-06-26 16:54:03.000000000 +0200
+++ postfix-2.11.1/src/util/attr_clnt.c	2014-06-30 09:02:50.000000000 +0200
@@ -95,6 +95,8 @@
     AUTO_CLNT *auto_clnt;
     ATTR_CLNT_PRINT_FN print;
     ATTR_CLNT_SCAN_FN scan;
+    int reuse_count_limit;
+    int reuse_counter;
 };
 
 /* attr_clnt_free - destroy attribute client */
@@ -108,7 +110,7 @@
 /* attr_clnt_create - create attribute client */
 
 ATTR_CLNT *attr_clnt_create(const char *service, int timeout,
-			            int max_idle, int max_ttl)
+			            int max_idle, int max_ttl, int reuse_count)
 {
     ATTR_CLNT *client;
 
@@ -116,6 +118,8 @@
     client->auto_clnt = auto_clnt_create(service, timeout, max_idle, max_ttl);
     client->scan = attr_vscan_plain;
     client->print = attr_vprint_plain;
+    client->reuse_count_limit = reuse_count;
+    client->reuse_counter = 0;
     return (client);
 }
 
@@ -188,8 +192,14 @@
 		ret = client->scan(stream, recv_flags, ap);
 		va_end(ap);
 		/* Finalize argument lists before returning. */
-		if (ret > 0)
+		if (ret > 0) {
+                    if( client->reuse_count_limit ) {
+	                client->reuse_counter++;
+	                if( client->reuse_counter >= client->reuse_count_limit )
+		            auto_clnt_recover(client->auto_clnt);
+	            }
 		    break;
+		}
 	    }
 	}
 	if (++count >= 2
diff -uNr postfix-2.11.1.orig/src/util/attr_clnt.h postfix-2.11.1/src/util/attr_clnt.h
--- postfix-2.11.1.orig/src/util/attr_clnt.h	2014-06-26 16:54:03.000000000 +0200
+++ postfix-2.11.1/src/util/attr_clnt.h	2014-06-30 09:01:44.000000000 +0200
@@ -28,7 +28,7 @@
 typedef int (*ATTR_CLNT_PRINT_FN) (VSTREAM *, int, va_list);
 typedef int (*ATTR_CLNT_SCAN_FN) (VSTREAM *, int, va_list);
 
-extern ATTR_CLNT *attr_clnt_create(const char *, int, int, int);
+extern ATTR_CLNT *attr_clnt_create(const char *, int, int, int, int);
 extern int attr_clnt_request(ATTR_CLNT *, int,...);
 extern void attr_clnt_free(ATTR_CLNT *);
 extern void attr_clnt_control(ATTR_CLNT *, int, ...);

Reply via email to