1/*++ 2/* NAME 3/* qmgr 8 4/* SUMMARY 5/* old Postfix queue manager 6/* SYNOPSIS 7/* \fBqmgr\fR [generic Postfix daemon options] 8/* DESCRIPTION 9/* The \fBqmgr\fR(8) daemon awaits the arrival of incoming mail 10/* and arranges for its delivery via Postfix delivery processes. 11/* The actual mail routing strategy is delegated to the 12/* \fBtrivial-rewrite\fR(8) daemon. 13/* This program expects to be run from the \fBmaster\fR(8) process 14/* manager. 15/* 16/* Mail addressed to the local \fBdouble-bounce\fR address is 17/* logged and discarded. This stops potential loops caused by 18/* undeliverable bounce notifications. 19/* MAIL QUEUES 20/* .ad 21/* .fi 22/* The \fBqmgr\fR(8) daemon maintains the following queues: 23/* .IP \fBincoming\fR 24/* Inbound mail from the network, or mail picked up by the 25/* local \fBpickup\fR(8) agent from the \fBmaildrop\fR directory. 26/* .IP \fBactive\fR 27/* Messages that the queue manager has opened for delivery. Only 28/* a limited number of messages is allowed to enter the \fBactive\fR 29/* queue (leaky bucket strategy, for a fixed delivery rate). 30/* .IP \fBdeferred\fR 31/* Mail that could not be delivered upon the first attempt. The queue 32/* manager implements exponential backoff by doubling the time between 33/* delivery attempts. 34/* .IP \fBcorrupt\fR 35/* Unreadable or damaged queue files are moved here for inspection. 36/* .IP \fBhold\fR 37/* Messages that are kept "on hold" are kept here until someone 38/* sets them free. 39/* DELIVERY STATUS REPORTS 40/* .ad 41/* .fi 42/* The \fBqmgr\fR(8) daemon keeps an eye on per-message delivery status 43/* reports in the following directories. Each status report file has 44/* the same name as the corresponding message file: 45/* .IP \fBbounce\fR 46/* Per-recipient status information about why mail is bounced. 47/* These files are maintained by the \fBbounce\fR(8) daemon. 48/* .IP \fBdefer\fR 49/* Per-recipient status information about why mail is delayed. 50/* These files are maintained by the \fBdefer\fR(8) daemon. 51/* .IP \fBtrace\fR 52/* Per-recipient status information as requested with the 53/* Postfix "\fBsendmail -v\fR" or "\fBsendmail -bv\fR" command. 54/* These files are maintained by the \fBtrace\fR(8) daemon. 55/* .PP 56/* The \fBqmgr\fR(8) daemon is responsible for asking the 57/* \fBbounce\fR(8), \fBdefer\fR(8) or \fBtrace\fR(8) daemons to 58/* send delivery reports. 59/* STRATEGIES 60/* .ad 61/* .fi 62/* The queue manager implements a variety of strategies for 63/* either opening queue files (input) or for message delivery (output). 64/* .IP "\fBleaky bucket\fR" 65/* This strategy limits the number of messages in the \fBactive\fR queue 66/* and prevents the queue manager from running out of memory under 67/* heavy load. 68/* .IP \fBfairness\fR 69/* When the \fBactive\fR queue has room, the queue manager takes one 70/* message from the \fBincoming\fR queue and one from the \fBdeferred\fR 71/* queue. This prevents a large mail backlog from blocking the delivery 72/* of new mail. 73/* .IP "\fBslow start\fR" 74/* This strategy eliminates "thundering herd" problems by slowly 75/* adjusting the number of parallel deliveries to the same destination. 76/* .IP "\fBround robin\fR 77/* The queue manager sorts delivery requests by destination. 78/* Round-robin selection prevents one destination from dominating 79/* deliveries to other destinations. 80/* .IP "\fBexponential backoff\fR" 81/* Mail that cannot be delivered upon the first attempt is deferred. 82/* The time interval between delivery attempts is doubled after each 83/* attempt. 84/* .IP "\fBdestination status cache\fR" 85/* The queue manager avoids unnecessary delivery attempts by 86/* maintaining a short-term, in-memory list of unreachable destinations. 87/* TRIGGERS 88/* .ad 89/* .fi 90/* On an idle system, the queue manager waits for the arrival of 91/* trigger events, or it waits for a timer to go off. A trigger 92/* is a one-byte message. 93/* Depending on the message received, the queue manager performs 94/* one of the following actions (the message is followed by the 95/* symbolic constant used internally by the software): 96/* .IP "\fBD (QMGR_REQ_SCAN_DEFERRED)\fR" 97/* Start a deferred queue scan. If a deferred queue scan is already 98/* in progress, that scan will be restarted as soon as it finishes. 99/* .IP "\fBI (QMGR_REQ_SCAN_INCOMING)\fR" 100/* Start an incoming queue scan. If an incoming queue scan is already 101/* in progress, that scan will be restarted as soon as it finishes. 102/* .IP "\fBA (QMGR_REQ_SCAN_ALL)\fR" 103/* Ignore deferred queue file time stamps. The request affects 104/* the next deferred queue scan. 105/* .IP "\fBF (QMGR_REQ_FLUSH_DEAD)\fR" 106/* Purge all information about dead transports and destinations. 107/* .IP "\fBW (TRIGGER_REQ_WAKEUP)\fR" 108/* Wakeup call, This is used by the master server to instantiate 109/* servers that should not go away forever. The action is to start 110/* an incoming queue scan. 111/* .PP 112/* The \fBqmgr\fR(8) daemon reads an entire buffer worth of triggers. 113/* Multiple identical trigger requests are collapsed into one, and 114/* trigger requests are sorted so that \fBA\fR and \fBF\fR precede 115/* \fBD\fR and \fBI\fR. Thus, in order to force a deferred queue run, 116/* one would request \fBA F D\fR; in order to notify the queue manager 117/* of the arrival of new mail one would request \fBI\fR. 118/* STANDARDS 119/* RFC 3463 (Enhanced status codes) 120/* RFC 3464 (Delivery status notifications) 121/* SECURITY 122/* .ad 123/* .fi 124/* The \fBqmgr\fR(8) daemon is not security sensitive. It reads 125/* single-character messages from untrusted local users, and thus may 126/* be susceptible to denial of service attacks. The \fBqmgr\fR(8) daemon 127/* does not talk to the outside world, and it can be run at fixed low 128/* privilege in a chrooted environment. 129/* DIAGNOSTICS 130/* Problems and transactions are logged to the \fBsyslog\fR(8) daemon. 131/* Corrupted message files are saved to the \fBcorrupt\fR queue 132/* for further inspection. 133/* 134/* Depending on the setting of the \fBnotify_classes\fR parameter, 135/* the postmaster is notified of bounces and of other trouble. 136/* BUGS 137/* A single queue manager process has to compete for disk access with 138/* multiple front-end processes such as \fBcleanup\fR(8). A sudden burst of 139/* inbound mail can negatively impact outbound delivery rates. 140/* CONFIGURATION PARAMETERS 141/* .ad 142/* .fi 143/* Changes to \fBmain.cf\fR are not picked up automatically, 144/* as \fBqmgr\fR(8) 145/* is a persistent process. Use the command "\fBpostfix reload\fR" after 146/* a configuration change. 147/* 148/* The text below provides only a parameter summary. See 149/* \fBpostconf\fR(5) for more details including examples. 150/* 151/* In the text below, \fItransport\fR is the first field in a 152/* \fBmaster.cf\fR entry. 153/* COMPATIBILITY CONTROLS 154/* .ad 155/* .fi 156/* Available before Postfix version 2.5: 157/* .IP "\fBallow_min_user (no)\fR" 158/* Allow a sender or recipient address to have `-' as the first 159/* character. 160/* .PP 161/* Available with Postfix version 2.7 and later: 162/* .IP "\fBdefault_filter_nexthop (empty)\fR" 163/* When a content_filter or FILTER request specifies no explicit 164/* next-hop destination, use $default_filter_nexthop instead; when 165/* that value is empty, use the domain in the recipient address. 166/* ACTIVE QUEUE CONTROLS 167/* .ad 168/* .fi 169/* .IP "\fBqmgr_clog_warn_time (300s)\fR" 170/* The minimal delay between warnings that a specific destination is 171/* clogging up the Postfix active queue. 172/* .IP "\fBqmgr_message_active_limit (20000)\fR" 173/* The maximal number of messages in the active queue. 174/* .IP "\fBqmgr_message_recipient_limit (20000)\fR" 175/* The maximal number of recipients held in memory by the Postfix 176/* queue manager, and the maximal size of the short-term, 177/* in-memory "dead" destination status cache. 178/* DELIVERY CONCURRENCY CONTROLS 179/* .ad 180/* .fi 181/* .IP "\fBqmgr_fudge_factor (100)\fR" 182/* Obsolete feature: the percentage of delivery resources that a busy 183/* mail system will use up for delivery of a large mailing list 184/* message. 185/* .IP "\fBinitial_destination_concurrency (5)\fR" 186/* The initial per-destination concurrency level for parallel delivery 187/* to the same destination. 188/* .IP "\fBdefault_destination_concurrency_limit (20)\fR" 189/* The default maximal number of parallel deliveries to the same 190/* destination. 191/* .IP "\fItransport\fB_destination_concurrency_limit ($default_destination_concurrency_limit)\fR" 192/* Idem, for delivery via the named message \fItransport\fR. 193/* .PP 194/* Available in Postfix version 2.5 and later: 195/* .IP "\fItransport\fB_initial_destination_concurrency ($initial_destination_concurrency)\fR" 196/* Initial concurrency for delivery via the named message 197/* \fItransport\fR. 198/* .IP "\fBdefault_destination_concurrency_failed_cohort_limit (1)\fR" 199/* How many pseudo-cohorts must suffer connection or handshake 200/* failure before a specific destination is considered unavailable 201/* (and further delivery is suspended). 202/* .IP "\fItransport\fB_destination_concurrency_failed_cohort_limit ($default_destination_concurrency_failed_cohort_limit)\fR" 203/* Idem, for delivery via the named message \fItransport\fR. 204/* .IP "\fBdefault_destination_concurrency_negative_feedback (1)\fR" 205/* The per-destination amount of delivery concurrency negative 206/* feedback, after a delivery completes with a connection or handshake 207/* failure. 208/* .IP "\fItransport\fB_destination_concurrency_negative_feedback ($default_destination_concurrency_negative_feedback)\fR" 209/* Idem, for delivery via the named message \fItransport\fR. 210/* .IP "\fBdefault_destination_concurrency_positive_feedback (1)\fR" 211/* The per-destination amount of delivery concurrency positive 212/* feedback, after a delivery completes without connection or handshake 213/* failure. 214/* .IP "\fItransport\fB_destination_concurrency_positive_feedback ($default_destination_concurrency_positive_feedback)\fR" 215/* Idem, for delivery via the named message \fItransport\fR. 216/* .IP "\fBdestination_concurrency_feedback_debug (no)\fR" 217/* Make the queue manager's feedback algorithm verbose for performance 218/* analysis purposes. 219/* RECIPIENT SCHEDULING CONTROLS 220/* .ad 221/* .fi 222/* .IP "\fBdefault_destination_recipient_limit (50)\fR" 223/* The default maximal number of recipients per message delivery. 224/* .IP \fItransport\fB_destination_recipient_limit\fR 225/* Idem, for delivery via the named message \fItransport\fR. 226/* OTHER RESOURCE AND RATE CONTROLS 227/* .ad 228/* .fi 229/* .IP "\fBminimal_backoff_time (300s)\fR" 230/* The minimal time between attempts to deliver a deferred message; 231/* prior to Postfix 2.4 the default value was 1000s. 232/* .IP "\fBmaximal_backoff_time (4000s)\fR" 233/* The maximal time between attempts to deliver a deferred message. 234/* .IP "\fBmaximal_queue_lifetime (5d)\fR" 235/* Consider a message as undeliverable, when delivery fails with a 236/* temporary error, and the time in the queue has reached the 237/* maximal_queue_lifetime limit. 238/* .IP "\fBqueue_run_delay (300s)\fR" 239/* The time between deferred queue scans by the queue manager; 240/* prior to Postfix 2.4 the default value was 1000s. 241/* .IP "\fBtransport_retry_time (60s)\fR" 242/* The time between attempts by the Postfix queue manager to contact 243/* a malfunctioning message delivery transport. 244/* .PP 245/* Available in Postfix version 2.1 and later: 246/* .IP "\fBbounce_queue_lifetime (5d)\fR" 247/* Consider a bounce message as undeliverable, when delivery fails 248/* with a temporary error, and the time in the queue has reached the 249/* bounce_queue_lifetime limit. 250/* .PP 251/* Available in Postfix version 2.5 and later: 252/* .IP "\fBdefault_destination_rate_delay (0s)\fR" 253/* The default amount of delay that is inserted between individual 254/* deliveries to the same destination; the resulting behavior depends 255/* on the value of the corresponding per-destination recipient limit. 256/* .IP "\fItransport\fB_destination_rate_delay $default_destination_rate_delay 257/* Idem, for delivery via the named message \fItransport\fR. 258/* SAFETY CONTROLS 259/* .ad 260/* .fi 261/* .IP "\fBqmgr_daemon_timeout (1000s)\fR" 262/* How much time a Postfix queue manager process may take to handle 263/* a request before it is terminated by a built-in watchdog timer. 264/* .IP "\fBqmgr_ipc_timeout (60s)\fR" 265/* The time limit for the queue manager to send or receive information 266/* over an internal communication channel. 267/* MISCELLANEOUS CONTROLS 268/* .ad 269/* .fi 270/* .IP "\fBconfig_directory (see 'postconf -d' output)\fR" 271/* The default location of the Postfix main.cf and master.cf 272/* configuration files. 273/* .IP "\fBdefer_transports (empty)\fR" 274/* The names of message delivery transports that should not deliver mail 275/* unless someone issues "\fBsendmail -q\fR" or equivalent. 276/* .IP "\fBdelay_logging_resolution_limit (2)\fR" 277/* The maximal number of digits after the decimal point when logging 278/* sub-second delay values. 279/* .IP "\fBhelpful_warnings (yes)\fR" 280/* Log warnings about problematic configuration settings, and provide 281/* helpful suggestions. 282/* .IP "\fBprocess_id (read-only)\fR" 283/* The process ID of a Postfix command or daemon process. 284/* .IP "\fBprocess_name (read-only)\fR" 285/* The process name of a Postfix command or daemon process. 286/* .IP "\fBqueue_directory (see 'postconf -d' output)\fR" 287/* The location of the Postfix top-level queue directory. 288/* .IP "\fBsyslog_facility (mail)\fR" 289/* The syslog facility of Postfix logging. 290/* .IP "\fBsyslog_name (see 'postconf -d' output)\fR" 291/* The mail system name that is prepended to the process name in syslog 292/* records, so that "smtpd" becomes, for example, "postfix/smtpd". 293/* FILES 294/* /var/spool/postfix/incoming, incoming queue 295/* /var/spool/postfix/active, active queue 296/* /var/spool/postfix/deferred, deferred queue 297/* /var/spool/postfix/bounce, non-delivery status 298/* /var/spool/postfix/defer, non-delivery status 299/* /var/spool/postfix/trace, delivery status 300/* SEE ALSO 301/* trivial-rewrite(8), address routing 302/* bounce(8), delivery status reports 303/* postconf(5), configuration parameters 304/* master(5), generic daemon options 305/* master(8), process manager 306/* syslogd(8), system logging 307/* README FILES 308/* .ad 309/* .fi 310/* Use "\fBpostconf readme_directory\fR" or 311/* "\fBpostconf html_directory\fR" to locate this information. 312/* .na 313/* .nf 314/* QSHAPE_README, Postfix queue analysis 315/* LICENSE 316/* .ad 317/* .fi 318/* The Secure Mailer license must be distributed with this software. 319/* AUTHOR(S) 320/* Wietse Venema 321/* IBM T.J. Watson Research 322/* P.O. Box 704 323/* Yorktown Heights, NY 10598, USA 324/*--*/ 325 326/* System library. */ 327 328#include <sys_defs.h> 329#include <stdlib.h> 330#include <unistd.h> 331#include <ctype.h> 332 333/* Utility library. */ 334 335#include <msg.h> 336#include <events.h> 337#include <vstream.h> 338#include <dict.h> 339 340/* Global library. */ 341 342#include <mail_queue.h> 343#include <recipient_list.h> 344#include <mail_conf.h> 345#include <mail_params.h> 346#include <mail_version.h> 347#include <mail_proto.h> /* QMGR_SCAN constants */ 348#include <mail_flow.h> 349#include <flush_clnt.h> 350 351/* Master process interface */ 352 353#include <master_proto.h> 354#include <mail_server.h> 355 356/* Application-specific. */ 357 358#include "qmgr.h" 359 360 /* 361 * Tunables. 362 */ 363int var_queue_run_delay; 364int var_min_backoff_time; 365int var_max_backoff_time; 366int var_max_queue_time; 367int var_dsn_queue_time; 368int var_qmgr_active_limit; 369int var_qmgr_rcpt_limit; 370int var_init_dest_concurrency; 371int var_transport_retry_time; 372int var_dest_con_limit; 373int var_dest_rcpt_limit; 374char *var_defer_xports; 375int var_qmgr_fudge; 376int var_local_rcpt_lim; /* XXX */ 377int var_local_con_lim; /* XXX */ 378bool var_verp_bounce_off; 379int var_qmgr_clog_warn_time; 380char *var_conc_pos_feedback; 381char *var_conc_neg_feedback; 382int var_conc_cohort_limit; 383int var_conc_feedback_debug; 384int var_dest_rate_delay; 385char *var_def_filter_nexthop; 386int var_qmgr_daemon_timeout; 387int var_qmgr_ipc_timeout; 388 389static QMGR_SCAN *qmgr_scans[2]; 390 391#define QMGR_SCAN_IDX_INCOMING 0 392#define QMGR_SCAN_IDX_DEFERRED 1 393#define QMGR_SCAN_IDX_COUNT (sizeof(qmgr_scans) / sizeof(qmgr_scans[0])) 394 395/* qmgr_deferred_run_event - queue manager heartbeat */ 396 397static void qmgr_deferred_run_event(int unused_event, char *dummy) 398{ 399 400 /* 401 * This routine runs when it is time for another deferred queue scan. 402 * Make sure this routine gets called again in the future. 403 */ 404 qmgr_scan_request(qmgr_scans[QMGR_SCAN_IDX_DEFERRED], QMGR_SCAN_START); 405 event_request_timer(qmgr_deferred_run_event, dummy, var_queue_run_delay); 406} 407 408/* qmgr_trigger_event - respond to external trigger(s) */ 409 410static void qmgr_trigger_event(char *buf, int len, 411 char *unused_service, char **argv) 412{ 413 int incoming_flag = 0; 414 int deferred_flag = 0; 415 int i; 416 417 /* 418 * Sanity check. This service takes no command-line arguments. 419 */ 420 if (argv[0]) 421 msg_fatal("unexpected command-line argument: %s", argv[0]); 422 423 /* 424 * Collapse identical requests that have arrived since we looked last 425 * time. There is no client feedback so there is no need to process each 426 * request in order. And as long as we don't have conflicting requests we 427 * are free to sort them into the most suitable order. 428 */ 429#define QMGR_FLUSH_BEFORE (QMGR_FLUSH_ONCE | QMGR_FLUSH_DFXP) 430 431 for (i = 0; i < len; i++) { 432 if (msg_verbose) 433 msg_info("request: %d (%c)", 434 buf[i], ISALNUM(buf[i]) ? buf[i] : '?'); 435 switch (buf[i]) { 436 case TRIGGER_REQ_WAKEUP: 437 case QMGR_REQ_SCAN_INCOMING: 438 incoming_flag |= QMGR_SCAN_START; 439 break; 440 case QMGR_REQ_SCAN_DEFERRED: 441 deferred_flag |= QMGR_SCAN_START; 442 break; 443 case QMGR_REQ_FLUSH_DEAD: 444 deferred_flag |= QMGR_FLUSH_BEFORE; 445 incoming_flag |= QMGR_FLUSH_BEFORE; 446 break; 447 case QMGR_REQ_SCAN_ALL: 448 deferred_flag |= QMGR_SCAN_ALL; 449 incoming_flag |= QMGR_SCAN_ALL; 450 break; 451 default: 452 if (msg_verbose) 453 msg_info("request ignored"); 454 break; 455 } 456 } 457 458 /* 459 * Process each request type at most once. Modifiers take effect upon the 460 * next queue run. If no queue run is in progress, and a queue scan is 461 * requested, the request takes effect immediately. 462 */ 463 if (incoming_flag != 0) 464 qmgr_scan_request(qmgr_scans[QMGR_SCAN_IDX_INCOMING], incoming_flag); 465 if (deferred_flag != 0) 466 qmgr_scan_request(qmgr_scans[QMGR_SCAN_IDX_DEFERRED], deferred_flag); 467} 468 469/* qmgr_loop - queue manager main loop */ 470 471static int qmgr_loop(char *unused_name, char **unused_argv) 472{ 473 char *path; 474 int token_count; 475 int feed = 0; 476 int scan_idx; /* Priority order scan index */ 477 static int first_scan_idx = QMGR_SCAN_IDX_INCOMING; 478 int last_scan_idx = QMGR_SCAN_IDX_COUNT - 1; 479 int delay; 480 481 /* 482 * This routine runs as part of the event handling loop, after the event 483 * manager has delivered a timer or I/O event (including the completion 484 * of a connection to a delivery process), or after it has waited for a 485 * specified amount of time. The result value of qmgr_loop() specifies 486 * how long the event manager should wait for the next event. 487 */ 488#define DONT_WAIT 0 489#define WAIT_FOR_EVENT (-1) 490 491 /* 492 * Attempt to drain the active queue by allocating a suitable delivery 493 * process and by delivering mail via it. Delivery process allocation and 494 * mail delivery are asynchronous. 495 */ 496 qmgr_active_drain(); 497 498 /* 499 * Let some new blood into the active queue when the queue size is 500 * smaller than some configurable limit, and when the number of in-core 501 * recipients does not exceed some configurable limit. 502 * 503 * We import one message per interrupt, to optimally tune the input count 504 * for the number of delivery agent protocol wait states, as explained in 505 * qmgr_transport.c. 506 */ 507 delay = WAIT_FOR_EVENT; 508 for (scan_idx = 0; qmgr_message_count < var_qmgr_active_limit 509 && qmgr_recipient_count < var_qmgr_rcpt_limit 510 && scan_idx < QMGR_SCAN_IDX_COUNT; ++scan_idx) { 511 last_scan_idx = (scan_idx + first_scan_idx) % QMGR_SCAN_IDX_COUNT; 512 if ((path = qmgr_scan_next(qmgr_scans[last_scan_idx])) != 0) { 513 delay = DONT_WAIT; 514 if ((feed = qmgr_active_feed(qmgr_scans[last_scan_idx], path)) != 0) 515 break; 516 } 517 } 518 519 /* 520 * Round-robin the queue scans. When the active queue becomes full, 521 * prefer new mail over deferred mail. 522 */ 523 if (qmgr_message_count < var_qmgr_active_limit 524 && qmgr_recipient_count < var_qmgr_rcpt_limit) { 525 first_scan_idx = (last_scan_idx + 1) % QMGR_SCAN_IDX_COUNT; 526 } else if (first_scan_idx != QMGR_SCAN_IDX_INCOMING) { 527 first_scan_idx = QMGR_SCAN_IDX_INCOMING; 528 } 529 530 /* 531 * Global flow control. If enabled, slow down receiving processes that 532 * get ahead of the queue manager, but don't block them completely. 533 */ 534 if (var_in_flow_delay > 0) { 535 token_count = mail_flow_count(); 536 if (token_count < var_proc_limit) { 537 if (feed != 0 && last_scan_idx == QMGR_SCAN_IDX_INCOMING) 538 mail_flow_put(1); 539 else if (qmgr_scans[QMGR_SCAN_IDX_INCOMING]->handle == 0) 540 mail_flow_put(var_proc_limit - token_count); 541 } else if (token_count > var_proc_limit) { 542 mail_flow_get(token_count - var_proc_limit); 543 } 544 } 545 return (delay); 546} 547 548/* pre_accept - see if tables have changed */ 549 550static void pre_accept(char *unused_name, char **unused_argv) 551{ 552 const char *table; 553 554 if ((table = dict_changed_name()) != 0) { 555 msg_info("table %s has changed -- restarting", table); 556 exit(0); 557 } 558} 559 560/* qmgr_pre_init - pre-jail initialization */ 561 562static void qmgr_pre_init(char *unused_name, char **unused_argv) 563{ 564 flush_init(); 565} 566 567/* qmgr_post_init - post-jail initialization */ 568 569static void qmgr_post_init(char *unused_name, char **unused_argv) 570{ 571 572 /* 573 * Sanity check. 574 */ 575 if (var_qmgr_rcpt_limit < var_qmgr_active_limit) { 576 msg_warn("%s is smaller than %s - adjusting %s", 577 VAR_QMGR_RCPT_LIMIT, VAR_QMGR_ACT_LIMIT, VAR_QMGR_RCPT_LIMIT); 578 var_qmgr_rcpt_limit = var_qmgr_active_limit; 579 } 580 if (var_dsn_queue_time > var_max_queue_time) { 581 msg_warn("%s is larger than %s - adjusting %s", 582 VAR_DSN_QUEUE_TIME, VAR_MAX_QUEUE_TIME, VAR_DSN_QUEUE_TIME); 583 var_dsn_queue_time = var_max_queue_time; 584 } 585 586 /* 587 * This routine runs after the skeleton code has entered the chroot jail. 588 * Prevent automatic process suicide after a limited number of client 589 * requests or after a limited amount of idle time. Move any left-over 590 * entries from the active queue to the incoming queue, and give them a 591 * time stamp into the future, in order to allow ongoing deliveries to 592 * finish first. Start scanning the incoming and deferred queues. 593 * Left-over active queue entries are moved to the incoming queue because 594 * the incoming queue has priority; moving left-overs to the deferred 595 * queue could cause anomalous delays when "postfix reload/start" are 596 * issued often. Override the IPC timeout (default 3600s) so that the 597 * queue manager can reset a broken IPC channel before the watchdog timer 598 * goes off. 599 */ 600 var_ipc_timeout = var_qmgr_ipc_timeout; 601 var_use_limit = 0; 602 var_idle_limit = 0; 603 qmgr_move(MAIL_QUEUE_ACTIVE, MAIL_QUEUE_INCOMING, event_time()); 604 qmgr_scans[QMGR_SCAN_IDX_INCOMING] = qmgr_scan_create(MAIL_QUEUE_INCOMING); 605 qmgr_scans[QMGR_SCAN_IDX_DEFERRED] = qmgr_scan_create(MAIL_QUEUE_DEFERRED); 606 qmgr_scan_request(qmgr_scans[QMGR_SCAN_IDX_INCOMING], QMGR_SCAN_START); 607 qmgr_deferred_run_event(0, (char *) 0); 608} 609 610MAIL_VERSION_STAMP_DECLARE; 611 612/* main - the main program */ 613 614int main(int argc, char **argv) 615{ 616 static const CONFIG_STR_TABLE str_table[] = { 617 VAR_DEFER_XPORTS, DEF_DEFER_XPORTS, &var_defer_xports, 0, 0, 618 VAR_CONC_POS_FDBACK, DEF_CONC_POS_FDBACK, &var_conc_pos_feedback, 1, 0, 619 VAR_CONC_NEG_FDBACK, DEF_CONC_NEG_FDBACK, &var_conc_neg_feedback, 1, 0, 620 VAR_DEF_FILTER_NEXTHOP, DEF_DEF_FILTER_NEXTHOP, &var_def_filter_nexthop, 0, 0, 621 0, 622 }; 623 static const CONFIG_TIME_TABLE time_table[] = { 624 VAR_QUEUE_RUN_DELAY, DEF_QUEUE_RUN_DELAY, &var_queue_run_delay, 1, 0, 625 VAR_MIN_BACKOFF_TIME, DEF_MIN_BACKOFF_TIME, &var_min_backoff_time, 1, 0, 626 VAR_MAX_BACKOFF_TIME, DEF_MAX_BACKOFF_TIME, &var_max_backoff_time, 1, 0, 627 VAR_MAX_QUEUE_TIME, DEF_MAX_QUEUE_TIME, &var_max_queue_time, 0, 8640000, 628 VAR_DSN_QUEUE_TIME, DEF_DSN_QUEUE_TIME, &var_dsn_queue_time, 0, 8640000, 629 VAR_XPORT_RETRY_TIME, DEF_XPORT_RETRY_TIME, &var_transport_retry_time, 1, 0, 630 VAR_QMGR_CLOG_WARN_TIME, DEF_QMGR_CLOG_WARN_TIME, &var_qmgr_clog_warn_time, 0, 0, 631 VAR_DEST_RATE_DELAY, DEF_DEST_RATE_DELAY, &var_dest_rate_delay, 0, 0, 632 VAR_QMGR_DAEMON_TIMEOUT, DEF_QMGR_DAEMON_TIMEOUT, &var_qmgr_daemon_timeout, 1, 0, 633 VAR_QMGR_IPC_TIMEOUT, DEF_QMGR_IPC_TIMEOUT, &var_qmgr_ipc_timeout, 1, 0, 634 0, 635 }; 636 static const CONFIG_INT_TABLE int_table[] = { 637 VAR_QMGR_ACT_LIMIT, DEF_QMGR_ACT_LIMIT, &var_qmgr_active_limit, 1, 0, 638 VAR_QMGR_RCPT_LIMIT, DEF_QMGR_RCPT_LIMIT, &var_qmgr_rcpt_limit, 1, 0, 639 VAR_INIT_DEST_CON, DEF_INIT_DEST_CON, &var_init_dest_concurrency, 1, 0, 640 VAR_DEST_CON_LIMIT, DEF_DEST_CON_LIMIT, &var_dest_con_limit, 0, 0, 641 VAR_DEST_RCPT_LIMIT, DEF_DEST_RCPT_LIMIT, &var_dest_rcpt_limit, 0, 0, 642 VAR_QMGR_FUDGE, DEF_QMGR_FUDGE, &var_qmgr_fudge, 10, 100, 643 VAR_LOCAL_RCPT_LIMIT, DEF_LOCAL_RCPT_LIMIT, &var_local_rcpt_lim, 0, 0, 644 VAR_LOCAL_CON_LIMIT, DEF_LOCAL_CON_LIMIT, &var_local_con_lim, 0, 0, 645 VAR_CONC_COHORT_LIM, DEF_CONC_COHORT_LIM, &var_conc_cohort_limit, 0, 0, 646 0, 647 }; 648 static const CONFIG_BOOL_TABLE bool_table[] = { 649 VAR_VERP_BOUNCE_OFF, DEF_VERP_BOUNCE_OFF, &var_verp_bounce_off, 650 VAR_CONC_FDBACK_DEBUG, DEF_CONC_FDBACK_DEBUG, &var_conc_feedback_debug, 651 0, 652 }; 653 654 /* 655 * Fingerprint executables and core dumps. 656 */ 657 MAIL_VERSION_STAMP_ALLOCATE; 658 659 /* 660 * Use the trigger service skeleton, because no-one else should be 661 * monitoring our service port while this process runs, and because we do 662 * not talk back to the client. 663 */ 664 trigger_server_main(argc, argv, qmgr_trigger_event, 665 MAIL_SERVER_INT_TABLE, int_table, 666 MAIL_SERVER_STR_TABLE, str_table, 667 MAIL_SERVER_BOOL_TABLE, bool_table, 668 MAIL_SERVER_TIME_TABLE, time_table, 669 MAIL_SERVER_PRE_INIT, qmgr_pre_init, 670 MAIL_SERVER_POST_INIT, qmgr_post_init, 671 MAIL_SERVER_LOOP, qmgr_loop, 672 MAIL_SERVER_PRE_ACCEPT, pre_accept, 673 MAIL_SERVER_SOLITARY, 674 MAIL_SERVER_WATCHDOG, &var_qmgr_daemon_timeout, 675 0); 676} 677