1/*++ 2/* NAME 3/* qmgr 8 4/* SUMMARY 5/* Postfix queue manager 6/* SYNOPSIS 7/* \fBqmgr\fR [generic Postfix daemon options] 8/* DESCRIPTION 9/* The \fBqmgr\fR(8) daemon awaits the arrival of incoming mail 10/* and arranges for its delivery via Postfix delivery processes. 11/* The actual mail routing strategy is delegated to the 12/* \fBtrivial-rewrite\fR(8) daemon. 13/* This program expects to be run from the \fBmaster\fR(8) process 14/* manager. 15/* 16/* Mail addressed to the local \fBdouble-bounce\fR address is 17/* logged and discarded. This stops potential loops caused by 18/* undeliverable bounce notifications. 19/* MAIL QUEUES 20/* .ad 21/* .fi 22/* The \fBqmgr\fR(8) daemon maintains the following queues: 23/* .IP \fBincoming\fR 24/* Inbound mail from the network, or mail picked up by the 25/* local \fBpickup\fR(8) daemon from the \fBmaildrop\fR directory. 26/* .IP \fBactive\fR 27/* Messages that the queue manager has opened for delivery. Only 28/* a limited number of messages is allowed to enter the \fBactive\fR 29/* queue (leaky bucket strategy, for a fixed delivery rate). 30/* .IP \fBdeferred\fR 31/* Mail that could not be delivered upon the first attempt. The queue 32/* manager implements exponential backoff by doubling the time between 33/* delivery attempts. 34/* .IP \fBcorrupt\fR 35/* Unreadable or damaged queue files are moved here for inspection. 36/* .IP \fBhold\fR 37/* Messages that are kept "on hold" are kept here until someone 38/* sets them free. 39/* DELIVERY STATUS REPORTS 40/* .ad 41/* .fi 42/* The \fBqmgr\fR(8) daemon keeps an eye on per-message delivery status 43/* reports in the following directories. Each status report file has 44/* the same name as the corresponding message file: 45/* .IP \fBbounce\fR 46/* Per-recipient status information about why mail is bounced. 47/* These files are maintained by the \fBbounce\fR(8) daemon. 48/* .IP \fBdefer\fR 49/* Per-recipient status information about why mail is delayed. 50/* These files are maintained by the \fBdefer\fR(8) daemon. 51/* .IP \fBtrace\fR 52/* Per-recipient status information as requested with the 53/* Postfix "\fBsendmail -v\fR" or "\fBsendmail -bv\fR" command. 54/* These files are maintained by the \fBtrace\fR(8) daemon. 55/* .PP 56/* The \fBqmgr\fR(8) daemon is responsible for asking the 57/* \fBbounce\fR(8), \fBdefer\fR(8) or \fBtrace\fR(8) daemons to 58/* send delivery reports. 59/* STRATEGIES 60/* .ad 61/* .fi 62/* The queue manager implements a variety of strategies for 63/* either opening queue files (input) or for message delivery (output). 64/* .IP "\fBleaky bucket\fR" 65/* This strategy limits the number of messages in the \fBactive\fR queue 66/* and prevents the queue manager from running out of memory under 67/* heavy load. 68/* .IP \fBfairness\fR 69/* When the \fBactive\fR queue has room, the queue manager takes one 70/* message from the \fBincoming\fR queue and one from the \fBdeferred\fR 71/* queue. This prevents a large mail backlog from blocking the delivery 72/* of new mail. 73/* .IP "\fBslow start\fR" 74/* This strategy eliminates "thundering herd" problems by slowly 75/* adjusting the number of parallel deliveries to the same destination. 76/* .IP "\fBround robin\fR 77/* The queue manager sorts delivery requests by destination. 78/* Round-robin selection prevents one destination from dominating 79/* deliveries to other destinations. 80/* .IP "\fBexponential backoff\fR" 81/* Mail that cannot be delivered upon the first attempt is deferred. 82/* The time interval between delivery attempts is doubled after each 83/* attempt. 84/* .IP "\fBdestination status cache\fR" 85/* The queue manager avoids unnecessary delivery attempts by 86/* maintaining a short-term, in-memory list of unreachable destinations. 87/* .IP "\fBpreemptive message scheduling\fR" 88/* The queue manager attempts to minimize the average per-recipient delay 89/* while still preserving the correct per-message delays, using 90/* a sophisticated preemptive message scheduling. 91/* TRIGGERS 92/* .ad 93/* .fi 94/* On an idle system, the queue manager waits for the arrival of 95/* trigger events, or it waits for a timer to go off. A trigger 96/* is a one-byte message. 97/* Depending on the message received, the queue manager performs 98/* one of the following actions (the message is followed by the 99/* symbolic constant used internally by the software): 100/* .IP "\fBD (QMGR_REQ_SCAN_DEFERRED)\fR" 101/* Start a deferred queue scan. If a deferred queue scan is already 102/* in progress, that scan will be restarted as soon as it finishes. 103/* .IP "\fBI (QMGR_REQ_SCAN_INCOMING)\fR" 104/* Start an incoming queue scan. If an incoming queue scan is already 105/* in progress, that scan will be restarted as soon as it finishes. 106/* .IP "\fBA (QMGR_REQ_SCAN_ALL)\fR" 107/* Ignore deferred queue file time stamps. The request affects 108/* the next deferred queue scan. 109/* .IP "\fBF (QMGR_REQ_FLUSH_DEAD)\fR" 110/* Purge all information about dead transports and destinations. 111/* .IP "\fBW (TRIGGER_REQ_WAKEUP)\fR" 112/* Wakeup call, This is used by the master server to instantiate 113/* servers that should not go away forever. The action is to start 114/* an incoming queue scan. 115/* .PP 116/* The \fBqmgr\fR(8) daemon reads an entire buffer worth of triggers. 117/* Multiple identical trigger requests are collapsed into one, and 118/* trigger requests are sorted so that \fBA\fR and \fBF\fR precede 119/* \fBD\fR and \fBI\fR. Thus, in order to force a deferred queue run, 120/* one would request \fBA F D\fR; in order to notify the queue manager 121/* of the arrival of new mail one would request \fBI\fR. 122/* STANDARDS 123/* RFC 3463 (Enhanced status codes) 124/* RFC 3464 (Delivery status notifications) 125/* SECURITY 126/* .ad 127/* .fi 128/* The \fBqmgr\fR(8) daemon is not security sensitive. It reads 129/* single-character messages from untrusted local users, and thus may 130/* be susceptible to denial of service attacks. The \fBqmgr\fR(8) daemon 131/* does not talk to the outside world, and it can be run at fixed low 132/* privilege in a chrooted environment. 133/* DIAGNOSTICS 134/* Problems and transactions are logged to the syslog daemon. 135/* Corrupted message files are saved to the \fBcorrupt\fR queue 136/* for further inspection. 137/* 138/* Depending on the setting of the \fBnotify_classes\fR parameter, 139/* the postmaster is notified of bounces and of other trouble. 140/* BUGS 141/* A single queue manager process has to compete for disk access with 142/* multiple front-end processes such as \fBcleanup\fR(8). A sudden burst of 143/* inbound mail can negatively impact outbound delivery rates. 144/* CONFIGURATION PARAMETERS 145/* .ad 146/* .fi 147/* Changes to \fBmain.cf\fR are not picked up automatically 148/* as \fBqmgr\fR(8) 149/* is a persistent process. Use the "\fBpostfix reload\fR" command after 150/* a configuration change. 151/* 152/* The text below provides only a parameter summary. See 153/* \fBpostconf\fR(5) for more details including examples. 154/* 155/* In the text below, \fItransport\fR is the first field in a 156/* \fBmaster.cf\fR entry. 157/* COMPATIBILITY CONTROLS 158/* .ad 159/* .fi 160/* Available before Postfix version 2.5: 161/* .IP "\fBallow_min_user (no)\fR" 162/* Allow a sender or recipient address to have `-' as the first 163/* character. 164/* .PP 165/* Available with Postfix version 2.7 and later: 166/* .IP "\fBdefault_filter_nexthop (empty)\fR" 167/* When a content_filter or FILTER request specifies no explicit 168/* next-hop destination, use $default_filter_nexthop instead; when 169/* that value is empty, use the domain in the recipient address. 170/* ACTIVE QUEUE CONTROLS 171/* .ad 172/* .fi 173/* .IP "\fBqmgr_clog_warn_time (300s)\fR" 174/* The minimal delay between warnings that a specific destination is 175/* clogging up the Postfix active queue. 176/* .IP "\fBqmgr_message_active_limit (20000)\fR" 177/* The maximal number of messages in the active queue. 178/* .IP "\fBqmgr_message_recipient_limit (20000)\fR" 179/* The maximal number of recipients held in memory by the Postfix 180/* queue manager, and the maximal size of the short-term, 181/* in-memory "dead" destination status cache. 182/* .IP "\fBqmgr_message_recipient_minimum (10)\fR" 183/* The minimal number of in-memory recipients for any message. 184/* .IP "\fBdefault_recipient_limit (20000)\fR" 185/* The default per-transport upper limit on the number of in-memory 186/* recipients. 187/* .IP "\fItransport\fB_recipient_limit ($default_recipient_limit)\fR" 188/* Idem, for delivery via the named message \fItransport\fR. 189/* .IP "\fBdefault_extra_recipient_limit (1000)\fR" 190/* The default value for the extra per-transport limit imposed on the 191/* number of in-memory recipients. 192/* .IP "\fItransport\fB_extra_recipient_limit ($default_extra_recipient_limit)\fR" 193/* Idem, for delivery via the named message \fItransport\fR. 194/* .PP 195/* Available in Postfix version 2.4 and later: 196/* .IP "\fBdefault_recipient_refill_limit (100)\fR" 197/* The default per-transport limit on the number of recipients refilled at 198/* once. 199/* .IP "\fItransport\fB_recipient_refill_limit ($default_recipient_refill_limit)\fR" 200/* Idem, for delivery via the named message \fItransport\fR. 201/* .IP "\fBdefault_recipient_refill_delay (5s)\fR" 202/* The default per-transport maximum delay between recipients refills. 203/* .IP "\fItransport\fB_recipient_refill_delay ($default_recipient_refill_delay)\fR" 204/* Idem, for delivery via the named message \fItransport\fR. 205/* DELIVERY CONCURRENCY CONTROLS 206/* .ad 207/* .fi 208/* .IP "\fBinitial_destination_concurrency (5)\fR" 209/* The initial per-destination concurrency level for parallel delivery 210/* to the same destination. 211/* .IP "\fBdefault_destination_concurrency_limit (20)\fR" 212/* The default maximal number of parallel deliveries to the same 213/* destination. 214/* .IP "\fItransport\fB_destination_concurrency_limit ($default_destination_concurrency_limit)\fR" 215/* Idem, for delivery via the named message \fItransport\fR. 216/* .PP 217/* Available in Postfix version 2.5 and later: 218/* .IP "\fItransport\fB_initial_destination_concurrency ($initial_destination_concurrency)\fR" 219/* Initial concurrency for delivery via the named message 220/* \fItransport\fR. 221/* .IP "\fBdefault_destination_concurrency_failed_cohort_limit (1)\fR" 222/* How many pseudo-cohorts must suffer connection or handshake 223/* failure before a specific destination is considered unavailable 224/* (and further delivery is suspended). 225/* .IP "\fItransport\fB_destination_concurrency_failed_cohort_limit ($default_destination_concurrency_failed_cohort_limit)\fR" 226/* Idem, for delivery via the named message \fItransport\fR. 227/* .IP "\fBdefault_destination_concurrency_negative_feedback (1)\fR" 228/* The per-destination amount of delivery concurrency negative 229/* feedback, after a delivery completes with a connection or handshake 230/* failure. 231/* .IP "\fItransport\fB_destination_concurrency_negative_feedback ($default_destination_concurrency_negative_feedback)\fR" 232/* Idem, for delivery via the named message \fItransport\fR. 233/* .IP "\fBdefault_destination_concurrency_positive_feedback (1)\fR" 234/* The per-destination amount of delivery concurrency positive 235/* feedback, after a delivery completes without connection or handshake 236/* failure. 237/* .IP "\fItransport\fB_destination_concurrency_positive_feedback ($default_destination_concurrency_positive_feedback)\fR" 238/* Idem, for delivery via the named message \fItransport\fR. 239/* .IP "\fBdestination_concurrency_feedback_debug (no)\fR" 240/* Make the queue manager's feedback algorithm verbose for performance 241/* analysis purposes. 242/* RECIPIENT SCHEDULING CONTROLS 243/* .ad 244/* .fi 245/* .IP "\fBdefault_destination_recipient_limit (50)\fR" 246/* The default maximal number of recipients per message delivery. 247/* .IP "\fItransport\fB_destination_recipient_limit ($default_destination_recipient_limit)\fR" 248/* Idem, for delivery via the named message \fItransport\fR. 249/* MESSAGE SCHEDULING CONTROLS 250/* .ad 251/* .fi 252/* .IP "\fBdefault_delivery_slot_cost (5)\fR" 253/* How often the Postfix queue manager's scheduler is allowed to 254/* preempt delivery of one message with another. 255/* .IP "\fItransport\fB_delivery_slot_cost ($default_delivery_slot_cost)\fR" 256/* Idem, for delivery via the named message \fItransport\fR. 257/* .IP "\fBdefault_minimum_delivery_slots (3)\fR" 258/* How many recipients a message must have in order to invoke the 259/* Postfix queue manager's scheduling algorithm at all. 260/* .IP "\fItransport\fB_minimum_delivery_slots ($default_minimum_delivery_slots)\fR" 261/* Idem, for delivery via the named message \fItransport\fR. 262/* .IP "\fBdefault_delivery_slot_discount (50)\fR" 263/* The default value for transport-specific _delivery_slot_discount 264/* settings. 265/* .IP "\fItransport\fB_delivery_slot_discount ($default_delivery_slot_discount)\fR" 266/* Idem, for delivery via the named message \fItransport\fR. 267/* .IP "\fBdefault_delivery_slot_loan (3)\fR" 268/* The default value for transport-specific _delivery_slot_loan 269/* settings. 270/* .IP "\fItransport\fB_delivery_slot_loan ($default_delivery_slot_loan)\fR" 271/* Idem, for delivery via the named message \fItransport\fR. 272/* OTHER RESOURCE AND RATE CONTROLS 273/* .ad 274/* .fi 275/* .IP "\fBminimal_backoff_time (300s)\fR" 276/* The minimal time between attempts to deliver a deferred message; 277/* prior to Postfix 2.4 the default value was 1000s. 278/* .IP "\fBmaximal_backoff_time (4000s)\fR" 279/* The maximal time between attempts to deliver a deferred message. 280/* .IP "\fBmaximal_queue_lifetime (5d)\fR" 281/* Consider a message as undeliverable, when delivery fails with a 282/* temporary error, and the time in the queue has reached the 283/* maximal_queue_lifetime limit. 284/* .IP "\fBqueue_run_delay (300s)\fR" 285/* The time between deferred queue scans by the queue manager; 286/* prior to Postfix 2.4 the default value was 1000s. 287/* .IP "\fBtransport_retry_time (60s)\fR" 288/* The time between attempts by the Postfix queue manager to contact 289/* a malfunctioning message delivery transport. 290/* .PP 291/* Available in Postfix version 2.1 and later: 292/* .IP "\fBbounce_queue_lifetime (5d)\fR" 293/* Consider a bounce message as undeliverable, when delivery fails 294/* with a temporary error, and the time in the queue has reached the 295/* bounce_queue_lifetime limit. 296/* .PP 297/* Available in Postfix version 2.5 and later: 298/* .IP "\fBdefault_destination_rate_delay (0s)\fR" 299/* The default amount of delay that is inserted between individual 300/* deliveries to the same destination; the resulting behavior depends 301/* on the value of the corresponding per-destination recipient limit. 302/* .IP "\fItransport\fB_destination_rate_delay $default_destination_rate_delay 303/* Idem, for delivery via the named message \fItransport\fR. 304/* SAFETY CONTROLS 305/* .ad 306/* .fi 307/* .IP "\fBqmgr_daemon_timeout (1000s)\fR" 308/* How much time a Postfix queue manager process may take to handle 309/* a request before it is terminated by a built-in watchdog timer. 310/* .IP "\fBqmgr_ipc_timeout (60s)\fR" 311/* The time limit for the queue manager to send or receive information 312/* over an internal communication channel. 313/* MISCELLANEOUS CONTROLS 314/* .ad 315/* .fi 316/* .IP "\fBconfig_directory (see 'postconf -d' output)\fR" 317/* The default location of the Postfix main.cf and master.cf 318/* configuration files. 319/* .IP "\fBdefer_transports (empty)\fR" 320/* The names of message delivery transports that should not deliver mail 321/* unless someone issues "\fBsendmail -q\fR" or equivalent. 322/* .IP "\fBdelay_logging_resolution_limit (2)\fR" 323/* The maximal number of digits after the decimal point when logging 324/* sub-second delay values. 325/* .IP "\fBhelpful_warnings (yes)\fR" 326/* Log warnings about problematic configuration settings, and provide 327/* helpful suggestions. 328/* .IP "\fBprocess_id (read-only)\fR" 329/* The process ID of a Postfix command or daemon process. 330/* .IP "\fBprocess_name (read-only)\fR" 331/* The process name of a Postfix command or daemon process. 332/* .IP "\fBqueue_directory (see 'postconf -d' output)\fR" 333/* The location of the Postfix top-level queue directory. 334/* .IP "\fBsyslog_facility (mail)\fR" 335/* The syslog facility of Postfix logging. 336/* .IP "\fBsyslog_name (see 'postconf -d' output)\fR" 337/* The mail system name that is prepended to the process name in syslog 338/* records, so that "smtpd" becomes, for example, "postfix/smtpd". 339/* FILES 340/* /var/spool/postfix/incoming, incoming queue 341/* /var/spool/postfix/active, active queue 342/* /var/spool/postfix/deferred, deferred queue 343/* /var/spool/postfix/bounce, non-delivery status 344/* /var/spool/postfix/defer, non-delivery status 345/* /var/spool/postfix/trace, delivery status 346/* SEE ALSO 347/* trivial-rewrite(8), address routing 348/* bounce(8), delivery status reports 349/* postconf(5), configuration parameters 350/* master(5), generic daemon options 351/* master(8), process manager 352/* syslogd(8), system logging 353/* README FILES 354/* .ad 355/* .fi 356/* Use "\fBpostconf readme_directory\fR" or 357/* "\fBpostconf html_directory\fR" to locate this information. 358/* .na 359/* .nf 360/* SCHEDULER_README, scheduling algorithm 361/* QSHAPE_README, Postfix queue analysis 362/* LICENSE 363/* .ad 364/* .fi 365/* The Secure Mailer license must be distributed with this software. 366/* AUTHOR(S) 367/* Wietse Venema 368/* IBM T.J. Watson Research 369/* P.O. Box 704 370/* Yorktown Heights, NY 10598, USA 371/* 372/* Preemptive scheduler enhancements: 373/* Patrik Rak 374/* Modra 6 375/* 155 00, Prague, Czech Republic 376/*--*/ 377 378/* System library. */ 379 380#include <sys_defs.h> 381#include <stdlib.h> 382#include <unistd.h> 383#include <ctype.h> 384 385/* Utility library. */ 386 387#include <msg.h> 388#include <events.h> 389#include <vstream.h> 390#include <dict.h> 391 392/* Global library. */ 393 394#include <mail_queue.h> 395#include <recipient_list.h> 396#include <mail_conf.h> 397#include <mail_params.h> 398#include <mail_version.h> 399#include <mail_proto.h> /* QMGR_SCAN constants */ 400#include <mail_flow.h> 401#include <flush_clnt.h> 402 403/* Master process interface */ 404 405#include <master_proto.h> 406#include <mail_server.h> 407 408/* Application-specific. */ 409 410#include "qmgr.h" 411 412 /* 413 * Tunables. 414 */ 415int var_queue_run_delay; 416int var_min_backoff_time; 417int var_max_backoff_time; 418int var_max_queue_time; 419int var_dsn_queue_time; 420int var_qmgr_active_limit; 421int var_qmgr_rcpt_limit; 422int var_qmgr_msg_rcpt_limit; 423int var_xport_rcpt_limit; 424int var_stack_rcpt_limit; 425int var_xport_refill_limit; 426int var_xport_refill_delay; 427int var_delivery_slot_cost; 428int var_delivery_slot_loan; 429int var_delivery_slot_discount; 430int var_min_delivery_slots; 431int var_init_dest_concurrency; 432int var_transport_retry_time; 433int var_dest_con_limit; 434int var_dest_rcpt_limit; 435char *var_defer_xports; 436int var_local_con_lim; 437int var_local_rcpt_lim; 438bool var_verp_bounce_off; 439int var_qmgr_clog_warn_time; 440char *var_conc_pos_feedback; 441char *var_conc_neg_feedback; 442int var_conc_cohort_limit; 443int var_conc_feedback_debug; 444int var_dest_rate_delay; 445char *var_def_filter_nexthop; 446int var_qmgr_daemon_timeout; 447int var_qmgr_ipc_timeout; 448 449static QMGR_SCAN *qmgr_scans[2]; 450 451#define QMGR_SCAN_IDX_INCOMING 0 452#define QMGR_SCAN_IDX_DEFERRED 1 453#define QMGR_SCAN_IDX_COUNT (sizeof(qmgr_scans) / sizeof(qmgr_scans[0])) 454 455/* qmgr_deferred_run_event - queue manager heartbeat */ 456 457static void qmgr_deferred_run_event(int unused_event, char *dummy) 458{ 459 460 /* 461 * This routine runs when it is time for another deferred queue scan. 462 * Make sure this routine gets called again in the future. 463 */ 464 qmgr_scan_request(qmgr_scans[QMGR_SCAN_IDX_DEFERRED], QMGR_SCAN_START); 465 event_request_timer(qmgr_deferred_run_event, dummy, var_queue_run_delay); 466} 467 468/* qmgr_trigger_event - respond to external trigger(s) */ 469 470static void qmgr_trigger_event(char *buf, int len, 471 char *unused_service, char **argv) 472{ 473 int incoming_flag = 0; 474 int deferred_flag = 0; 475 int i; 476 477 /* 478 * Sanity check. This service takes no command-line arguments. 479 */ 480 if (argv[0]) 481 msg_fatal("unexpected command-line argument: %s", argv[0]); 482 483 /* 484 * Collapse identical requests that have arrived since we looked last 485 * time. There is no client feedback so there is no need to process each 486 * request in order. And as long as we don't have conflicting requests we 487 * are free to sort them into the most suitable order. 488 */ 489#define QMGR_FLUSH_BEFORE (QMGR_FLUSH_ONCE | QMGR_FLUSH_DFXP) 490 491 for (i = 0; i < len; i++) { 492 if (msg_verbose) 493 msg_info("request: %d (%c)", 494 buf[i], ISALNUM(buf[i]) ? buf[i] : '?'); 495 switch (buf[i]) { 496 case TRIGGER_REQ_WAKEUP: 497 case QMGR_REQ_SCAN_INCOMING: 498 incoming_flag |= QMGR_SCAN_START; 499 break; 500 case QMGR_REQ_SCAN_DEFERRED: 501 deferred_flag |= QMGR_SCAN_START; 502 break; 503 case QMGR_REQ_FLUSH_DEAD: 504 deferred_flag |= QMGR_FLUSH_BEFORE; 505 incoming_flag |= QMGR_FLUSH_BEFORE; 506 break; 507 case QMGR_REQ_SCAN_ALL: 508 deferred_flag |= QMGR_SCAN_ALL; 509 incoming_flag |= QMGR_SCAN_ALL; 510 break; 511 default: 512 if (msg_verbose) 513 msg_info("request ignored"); 514 break; 515 } 516 } 517 518 /* 519 * Process each request type at most once. Modifiers take effect upon the 520 * next queue run. If no queue run is in progress, and a queue scan is 521 * requested, the request takes effect immediately. 522 */ 523 if (incoming_flag != 0) 524 qmgr_scan_request(qmgr_scans[QMGR_SCAN_IDX_INCOMING], incoming_flag); 525 if (deferred_flag != 0) 526 qmgr_scan_request(qmgr_scans[QMGR_SCAN_IDX_DEFERRED], deferred_flag); 527} 528 529/* qmgr_loop - queue manager main loop */ 530 531static int qmgr_loop(char *unused_name, char **unused_argv) 532{ 533 char *path; 534 int token_count; 535 int feed = 0; 536 int scan_idx; /* Priority order scan index */ 537 static int first_scan_idx = QMGR_SCAN_IDX_INCOMING; 538 int last_scan_idx = QMGR_SCAN_IDX_COUNT - 1; 539 int delay; 540 541 /* 542 * This routine runs as part of the event handling loop, after the event 543 * manager has delivered a timer or I/O event (including the completion 544 * of a connection to a delivery process), or after it has waited for a 545 * specified amount of time. The result value of qmgr_loop() specifies 546 * how long the event manager should wait for the next event. 547 */ 548#define DONT_WAIT 0 549#define WAIT_FOR_EVENT (-1) 550 551 /* 552 * Attempt to drain the active queue by allocating a suitable delivery 553 * process and by delivering mail via it. Delivery process allocation and 554 * mail delivery are asynchronous. 555 */ 556 qmgr_active_drain(); 557 558 /* 559 * Let some new blood into the active queue when the queue size is 560 * smaller than some configurable limit. 561 * 562 * We import one message per interrupt, to optimally tune the input count 563 * for the number of delivery agent protocol wait states, as explained in 564 * qmgr_transport.c. 565 */ 566 delay = WAIT_FOR_EVENT; 567 for (scan_idx = 0; qmgr_message_count < var_qmgr_active_limit 568 && scan_idx < QMGR_SCAN_IDX_COUNT; ++scan_idx) { 569 last_scan_idx = (scan_idx + first_scan_idx) % QMGR_SCAN_IDX_COUNT; 570 if ((path = qmgr_scan_next(qmgr_scans[last_scan_idx])) != 0) { 571 delay = DONT_WAIT; 572 if ((feed = qmgr_active_feed(qmgr_scans[last_scan_idx], path)) != 0) 573 break; 574 } 575 } 576 577 /* 578 * Round-robin the queue scans. When the active queue becomes full, 579 * prefer new mail over deferred mail. 580 */ 581 if (qmgr_message_count < var_qmgr_active_limit) { 582 first_scan_idx = (last_scan_idx + 1) % QMGR_SCAN_IDX_COUNT; 583 } else if (first_scan_idx != QMGR_SCAN_IDX_INCOMING) { 584 first_scan_idx = QMGR_SCAN_IDX_INCOMING; 585 } 586 587 /* 588 * Global flow control. If enabled, slow down receiving processes that 589 * get ahead of the queue manager, but don't block them completely. 590 */ 591 if (var_in_flow_delay > 0) { 592 token_count = mail_flow_count(); 593 if (token_count < var_proc_limit) { 594 if (feed != 0 && last_scan_idx == QMGR_SCAN_IDX_INCOMING) 595 mail_flow_put(1); 596 else if (qmgr_scans[QMGR_SCAN_IDX_INCOMING]->handle == 0) 597 mail_flow_put(var_proc_limit - token_count); 598 } else if (token_count > var_proc_limit) { 599 mail_flow_get(token_count - var_proc_limit); 600 } 601 } 602 return (delay); 603} 604 605/* pre_accept - see if tables have changed */ 606 607static void pre_accept(char *unused_name, char **unused_argv) 608{ 609 const char *table; 610 611 if ((table = dict_changed_name()) != 0) { 612 msg_info("table %s has changed -- restarting", table); 613 exit(0); 614 } 615} 616 617/* qmgr_pre_init - pre-jail initialization */ 618 619static void qmgr_pre_init(char *unused_name, char **unused_argv) 620{ 621 flush_init(); 622} 623 624/* qmgr_post_init - post-jail initialization */ 625 626static void qmgr_post_init(char *name, char **unused_argv) 627{ 628 629 /* 630 * Backwards compatibility. 631 */ 632 if (strcmp(var_procname, "nqmgr") == 0) { 633 msg_warn("please update the %s/%s file; the new queue manager", 634 var_config_dir, MASTER_CONF_FILE); 635 msg_warn("(old name: nqmgr) has become the standard queue manager (new name: qmgr)"); 636 msg_warn("support for the name old name (nqmgr) will be removed from Postfix"); 637 } 638 639 /* 640 * Sanity check. 641 */ 642 if (var_qmgr_rcpt_limit < var_qmgr_active_limit) { 643 msg_warn("%s is smaller than %s - adjusting %s", 644 VAR_QMGR_RCPT_LIMIT, VAR_QMGR_ACT_LIMIT, VAR_QMGR_RCPT_LIMIT); 645 var_qmgr_rcpt_limit = var_qmgr_active_limit; 646 } 647 if (var_dsn_queue_time > var_max_queue_time) { 648 msg_warn("%s is larger than %s - adjusting %s", 649 VAR_DSN_QUEUE_TIME, VAR_MAX_QUEUE_TIME, VAR_DSN_QUEUE_TIME); 650 var_dsn_queue_time = var_max_queue_time; 651 } 652 653 /* 654 * This routine runs after the skeleton code has entered the chroot jail. 655 * Prevent automatic process suicide after a limited number of client 656 * requests or after a limited amount of idle time. Move any left-over 657 * entries from the active queue to the incoming queue, and give them a 658 * time stamp into the future, in order to allow ongoing deliveries to 659 * finish first. Start scanning the incoming and deferred queues. 660 * Left-over active queue entries are moved to the incoming queue because 661 * the incoming queue has priority; moving left-overs to the deferred 662 * queue could cause anomalous delays when "postfix reload/start" are 663 * issued often. Override the IPC timeout (default 3600s) so that the 664 * queue manager can reset a broken IPC channel before the watchdog timer 665 * goes off. 666 */ 667 var_ipc_timeout = var_qmgr_ipc_timeout; 668 var_use_limit = 0; 669 var_idle_limit = 0; 670 qmgr_move(MAIL_QUEUE_ACTIVE, MAIL_QUEUE_INCOMING, event_time()); 671 qmgr_scans[QMGR_SCAN_IDX_INCOMING] = qmgr_scan_create(MAIL_QUEUE_INCOMING); 672 qmgr_scans[QMGR_SCAN_IDX_DEFERRED] = qmgr_scan_create(MAIL_QUEUE_DEFERRED); 673 qmgr_scan_request(qmgr_scans[QMGR_SCAN_IDX_INCOMING], QMGR_SCAN_START); 674 qmgr_deferred_run_event(0, (char *) 0); 675} 676 677MAIL_VERSION_STAMP_DECLARE; 678 679/* main - the main program */ 680 681int main(int argc, char **argv) 682{ 683 static const CONFIG_STR_TABLE str_table[] = { 684 VAR_DEFER_XPORTS, DEF_DEFER_XPORTS, &var_defer_xports, 0, 0, 685 VAR_CONC_POS_FDBACK, DEF_CONC_POS_FDBACK, &var_conc_pos_feedback, 1, 0, 686 VAR_CONC_NEG_FDBACK, DEF_CONC_NEG_FDBACK, &var_conc_neg_feedback, 1, 0, 687 VAR_DEF_FILTER_NEXTHOP, DEF_DEF_FILTER_NEXTHOP, &var_def_filter_nexthop, 0, 0, 688 0, 689 }; 690 static const CONFIG_TIME_TABLE time_table[] = { 691 VAR_QUEUE_RUN_DELAY, DEF_QUEUE_RUN_DELAY, &var_queue_run_delay, 1, 0, 692 VAR_MIN_BACKOFF_TIME, DEF_MIN_BACKOFF_TIME, &var_min_backoff_time, 1, 0, 693 VAR_MAX_BACKOFF_TIME, DEF_MAX_BACKOFF_TIME, &var_max_backoff_time, 1, 0, 694 VAR_MAX_QUEUE_TIME, DEF_MAX_QUEUE_TIME, &var_max_queue_time, 0, 8640000, 695 VAR_DSN_QUEUE_TIME, DEF_DSN_QUEUE_TIME, &var_dsn_queue_time, 0, 8640000, 696 VAR_XPORT_RETRY_TIME, DEF_XPORT_RETRY_TIME, &var_transport_retry_time, 1, 0, 697 VAR_QMGR_CLOG_WARN_TIME, DEF_QMGR_CLOG_WARN_TIME, &var_qmgr_clog_warn_time, 0, 0, 698 VAR_XPORT_REFILL_DELAY, DEF_XPORT_REFILL_DELAY, &var_xport_refill_delay, 1, 0, 699 VAR_DEST_RATE_DELAY, DEF_DEST_RATE_DELAY, &var_dest_rate_delay, 0, 0, 700 VAR_QMGR_DAEMON_TIMEOUT, DEF_QMGR_DAEMON_TIMEOUT, &var_qmgr_daemon_timeout, 1, 0, 701 VAR_QMGR_IPC_TIMEOUT, DEF_QMGR_IPC_TIMEOUT, &var_qmgr_ipc_timeout, 1, 0, 702 0, 703 }; 704 static const CONFIG_INT_TABLE int_table[] = { 705 VAR_QMGR_ACT_LIMIT, DEF_QMGR_ACT_LIMIT, &var_qmgr_active_limit, 1, 0, 706 VAR_QMGR_RCPT_LIMIT, DEF_QMGR_RCPT_LIMIT, &var_qmgr_rcpt_limit, 1, 0, 707 VAR_QMGR_MSG_RCPT_LIMIT, DEF_QMGR_MSG_RCPT_LIMIT, &var_qmgr_msg_rcpt_limit, 1, 0, 708 VAR_XPORT_RCPT_LIMIT, DEF_XPORT_RCPT_LIMIT, &var_xport_rcpt_limit, 0, 0, 709 VAR_STACK_RCPT_LIMIT, DEF_STACK_RCPT_LIMIT, &var_stack_rcpt_limit, 0, 0, 710 VAR_XPORT_REFILL_LIMIT, DEF_XPORT_REFILL_LIMIT, &var_xport_refill_limit, 1, 0, 711 VAR_DELIVERY_SLOT_COST, DEF_DELIVERY_SLOT_COST, &var_delivery_slot_cost, 0, 0, 712 VAR_DELIVERY_SLOT_LOAN, DEF_DELIVERY_SLOT_LOAN, &var_delivery_slot_loan, 0, 0, 713 VAR_DELIVERY_SLOT_DISCOUNT, DEF_DELIVERY_SLOT_DISCOUNT, &var_delivery_slot_discount, 0, 100, 714 VAR_MIN_DELIVERY_SLOTS, DEF_MIN_DELIVERY_SLOTS, &var_min_delivery_slots, 0, 0, 715 VAR_INIT_DEST_CON, DEF_INIT_DEST_CON, &var_init_dest_concurrency, 1, 0, 716 VAR_DEST_CON_LIMIT, DEF_DEST_CON_LIMIT, &var_dest_con_limit, 0, 0, 717 VAR_DEST_RCPT_LIMIT, DEF_DEST_RCPT_LIMIT, &var_dest_rcpt_limit, 0, 0, 718 VAR_LOCAL_RCPT_LIMIT, DEF_LOCAL_RCPT_LIMIT, &var_local_rcpt_lim, 0, 0, 719 VAR_LOCAL_CON_LIMIT, DEF_LOCAL_CON_LIMIT, &var_local_con_lim, 0, 0, 720 VAR_CONC_COHORT_LIM, DEF_CONC_COHORT_LIM, &var_conc_cohort_limit, 0, 0, 721 0, 722 }; 723 static const CONFIG_BOOL_TABLE bool_table[] = { 724 VAR_VERP_BOUNCE_OFF, DEF_VERP_BOUNCE_OFF, &var_verp_bounce_off, 725 VAR_CONC_FDBACK_DEBUG, DEF_CONC_FDBACK_DEBUG, &var_conc_feedback_debug, 726 0, 727 }; 728 729 /* 730 * Fingerprint executables and core dumps. 731 */ 732 MAIL_VERSION_STAMP_ALLOCATE; 733 734 /* 735 * Use the trigger service skeleton, because no-one else should be 736 * monitoring our service port while this process runs, and because we do 737 * not talk back to the client. 738 */ 739 trigger_server_main(argc, argv, qmgr_trigger_event, 740 MAIL_SERVER_INT_TABLE, int_table, 741 MAIL_SERVER_STR_TABLE, str_table, 742 MAIL_SERVER_BOOL_TABLE, bool_table, 743 MAIL_SERVER_TIME_TABLE, time_table, 744 MAIL_SERVER_PRE_INIT, qmgr_pre_init, 745 MAIL_SERVER_POST_INIT, qmgr_post_init, 746 MAIL_SERVER_LOOP, qmgr_loop, 747 MAIL_SERVER_PRE_ACCEPT, pre_accept, 748 MAIL_SERVER_SOLITARY, 749 MAIL_SERVER_WATCHDOG, &var_qmgr_daemon_timeout, 750 0); 751} 752