static int smtpd_proxy_save_rec_fprintf(VSTREAM *stream, int rec_type,
const char *fmt,...)
{
const char *myname = "smtpd_proxy_save_rec_fprintf";
va_list ap;
int ret;
/*
* Sanity check.
*/
if (stream == 0)
msg_panic("%s: attempt to use closed stream", myname);
/*
* Save one content record. Errors and results must be as with
* rec_fprintf().
*/
va_start(ap, fmt);
if (rec_type == REC_TYPE_NORM)
ret = rec_vfprintf(stream, rec_type, fmt, ap);
else
msg_panic("%s: need REC_TYPE_NORM", myname);
va_end(ap);
/*
* Errors last.
*/
if (ret != rec_type) {
(void) smtpd_proxy_replay_rdwr_error(VSTREAM_TO_SMTPD_STATE(stream));
return (REC_TYPE_ERROR);
}
return (rec_type);
}
static int smtpd_proxy_save_rec_put(VSTREAM *stream, int rec_type,
const char *data, ssize_t len)
{
const char *myname = "smtpd_proxy_save_rec_put";
int ret;
#define VSTREAM_TO_SMTPD_STATE(s) ((SMTPD_STATE *) vstream_context(s))
/*
* Sanity check.
*/
if (stream == 0)
msg_panic("%s: attempt to use closed stream", myname);
/*
* Send one content record. Errors and results must be as with rec_put().
*/
if (rec_type == REC_TYPE_NORM || rec_type == REC_TYPE_CONT)
ret = rec_put(stream, rec_type, data, len);
else
msg_panic("%s: need REC_TYPE_NORM or REC_TYPE_CONT", myname);
/*
* Errors last.
*/
if (ret != rec_type) {
(void) smtpd_proxy_replay_rdwr_error(VSTREAM_TO_SMTPD_STATE(stream));
return (REC_TYPE_ERROR);
}
return (rec_type);
}
static int smtpd_proxy_replay_setup(SMTPD_STATE *state)
{
const char *myname = "smtpd_proxy_replay_setup";
off_t file_offs;
/*
* Where possible reuse an existing replay logfile, because creating a
* file is expensive compared to reading or writing. For security reasons
* we must truncate the file before reuse. For performance reasons we
* should truncate the file immediately after the end of a mail
* transaction. We enforce the security guarantee upon reuse, by
* requiring that no I/O happened since the file was truncated. This is
* less expensive than truncating the file redundantly.
*/
if (smtpd_proxy_replay_stream != 0) {
/* vstream_ftell() won't invoke the kernel, so all errors are mine. */
if ((file_offs = vstream_ftell(smtpd_proxy_replay_stream)) != 0)
msg_panic("%s: bad before-queue filter speed-adjust log offset %lu",
myname, (unsigned long) file_offs);
vstream_clearerr(smtpd_proxy_replay_stream);
if (msg_verbose)
msg_info("%s: reuse speed-adjust stream fd=%d", myname,
vstream_fileno(smtpd_proxy_replay_stream));
/* Here, smtpd_proxy_replay_stream != 0 */
}
/*
* Create a new replay logfile.
*/
if (smtpd_proxy_replay_stream == 0) {
smtpd_proxy_replay_stream = mail_queue_enter(MAIL_QUEUE_INCOMING, 0,
(struct timeval *) 0);
if (smtpd_proxy_replay_stream == 0)
return (smtpd_proxy_replay_rdwr_error(state));
if (unlink(VSTREAM_PATH(smtpd_proxy_replay_stream)) < 0)
msg_warn("remove before-queue filter speed-adjust log %s: %m",
VSTREAM_PATH(smtpd_proxy_replay_stream));
if (msg_verbose)
msg_info("%s: new speed-adjust stream fd=%d", myname,
vstream_fileno(smtpd_proxy_replay_stream));
}
/*
* Needed by our DATA-phase record emulation routines.
*/
vstream_control(smtpd_proxy_replay_stream, VSTREAM_CTL_CONTEXT,
(char *) state, VSTREAM_CTL_END);
return (0);
}
static int smtpd_proxy_save_cmd(SMTPD_STATE *state, int expect, const char *fmt,...)
{
va_list ap;
/*
* Errors first.
*/
if (vstream_ferror(smtpd_proxy_replay_stream)
|| vstream_feof(smtpd_proxy_replay_stream))
return (smtpd_proxy_replay_rdwr_error(state));
/*
* Save the expected reply first, so that the replayer can safely
* overwrite the input buffer with the command.
*/
rec_fprintf(smtpd_proxy_replay_stream, REC_TYPE_RCPT, "%d", expect);
/*
* The command can be omitted at the start of an SMTP session. This is
* not documented as part of the official interface because it is used
* only internally to this module. Use an explicit null string in case
* the SMTPD_PROXY_CONN_FMT implementation details change.
*/
if (fmt == SMTPD_PROXY_CONN_FMT)
fmt = "";
/*
* Save the command to the replay log, and send it to the before-queue
* filter after we have received the entire message.
*/
va_start(ap, fmt);
rec_vfprintf(smtpd_proxy_replay_stream, REC_TYPE_FROM, fmt, ap);
va_end(ap);
/*
* If we just saved the "." command, replay the log.
*/
return (strcmp(fmt, ".") ? 0 : smtpd_proxy_replay_send(state));
}
static int smtpd_proxy_replay_send(SMTPD_STATE *state)
{
const char *myname = "smtpd_proxy_replay_send";
static VSTRING *replay_buf = 0;
SMTPD_PROXY *proxy = state->proxy;
int rec_type;
int expect = SMTPD_PROX_WANT_BAD;
/*
* Sanity check.
*/
if (smtpd_proxy_replay_stream == 0)
msg_panic("%s: no before-queue filter speed-adjust log", myname);
/*
* Errors first.
*/
if (vstream_ferror(smtpd_proxy_replay_stream)
|| vstream_feof(smtpd_proxy_replay_stream)
|| rec_put(smtpd_proxy_replay_stream, REC_TYPE_END, "", 0) != REC_TYPE_END
|| vstream_fflush(smtpd_proxy_replay_stream))
/* NOT: fsync(vstream_fileno(smtpd_proxy_replay_stream)) */
return (smtpd_proxy_replay_rdwr_error(state));
/*
* Delayed connection to the before-queue filter.
*/
if (smtpd_proxy_connect(state) < 0)
return (-1);
/*
* Replay the speed-match log. We do sanity check record content, but we
* don't implement a protocol state engine here, since we are reading
* from a file that we just wrote ourselves.
*
* This is different than the MailChannels patented solution that
* multiplexes a large number of slowed-down inbound connections over a
* small number of fast connections to a local MTA.
*
* - MailChannels receives mail directly from the Internet. It uses one
* connection to the local MTA to reject invalid recipients before
* receiving the entire email message at reduced bit rates, and then uses
* a different connection to quickly deliver the message to the local
* MTA.
*
* - Postfix receives mail directly from the Internet. The Postfix SMTP
* server rejects invalid recipients before receiving the entire message
* over the Internet, and then delivers the message quickly to a local
* SMTP-based content filter.
*/
if (replay_buf == 0)
replay_buf = vstring_alloc(100);
if (vstream_fseek(smtpd_proxy_replay_stream, (off_t) 0, SEEK_SET) < 0)
return (smtpd_proxy_replay_rdwr_error(state));
for (;;) {
switch (rec_type = rec_get(smtpd_proxy_replay_stream, replay_buf,
REC_FLAG_NONE)) {
/*
* Message content.
*/
case REC_TYPE_NORM:
case REC_TYPE_CONT:
if (smtpd_proxy_rec_put(proxy->service_stream, rec_type,
STR(replay_buf), LEN(replay_buf)) < 0)
return (-1);
break;
/*
* Expected server reply type.
*/
case REC_TYPE_RCPT:
if (!alldig(STR(replay_buf))
|| (expect = atoi(STR(replay_buf))) == SMTPD_PROX_WANT_BAD)
msg_panic("%s: malformed server reply type: %s",
myname, STR(replay_buf));
break;
/*
* Client command, or void. Bail out on the first negative proxy
* response. This is OK, because the filter must use the same
* reply code for all recipients of a multi-recipient message.
*/
case REC_TYPE_FROM:
if (expect == SMTPD_PROX_WANT_BAD)
msg_panic("%s: missing server reply type", myname);
if (smtpd_proxy_cmd(state, expect, *STR(replay_buf) ? "%s" :
SMTPD_PROXY_CONN_FMT, STR(replay_buf)) < 0)
return (-1);
expect = SMTPD_PROX_WANT_BAD;
break;
/*
* Explicit end marker, instead of implicit EOF.
*/
case REC_TYPE_END:
return (0);
/*
* Errors.
*/
case REC_TYPE_ERROR:
return (smtpd_proxy_replay_rdwr_error(state));
default:
msg_panic("%s: unexpected record type; %d", myname, rec_type);
}
}
}
static int smtpd_proxy_replay_send(SMTPD_STATE *state)
{
const char *myname = "smtpd_proxy_replay_send";
static VSTRING *replay_buf = 0;
SMTPD_PROXY *proxy = state->proxy;
int rec_type;
int expect = SMTPD_PROX_WANT_BAD;
/*
* Sanity check.
*/
if (smtpd_proxy_replay_stream == 0)
msg_panic("%s: no before-queue filter speed-adjust log", myname);
/*
* Errors first.
*/
if (vstream_ferror(smtpd_proxy_replay_stream)
|| vstream_feof(smtpd_proxy_replay_stream)
|| rec_put(smtpd_proxy_replay_stream, REC_TYPE_END, "", 0) != REC_TYPE_END
|| vstream_fflush(smtpd_proxy_replay_stream))
/* NOT: fsync(vstream_fileno(smtpd_proxy_replay_stream)) */
return (smtpd_proxy_replay_rdwr_error(state));
/*
* Delayed connection to the before-queue filter.
*/
if (smtpd_proxy_connect(state) < 0)
return (-1);
/*
* Replay the speed-match log. We do sanity check record content, but we
* don't implement a protocol state engine here, since we are reading
* from a file that we just wrote ourselves.
*/
if (replay_buf == 0)
replay_buf = vstring_alloc(100);
if (vstream_fseek(smtpd_proxy_replay_stream, (off_t) 0, SEEK_SET) < 0)
return (smtpd_proxy_replay_rdwr_error(state));
for (;;) {
switch (rec_type = rec_get(smtpd_proxy_replay_stream, replay_buf,
REC_FLAG_NONE)) {
/*
* Message content.
*/
case REC_TYPE_NORM:
case REC_TYPE_CONT:
if (smtpd_proxy_rec_put(proxy->service_stream, rec_type,
STR(replay_buf), LEN(replay_buf)) < 0)
return (-1);
break;
/*
* Expected server reply type.
*/
case REC_TYPE_RCPT:
if (!alldig(STR(replay_buf))
|| (expect = atoi(STR(replay_buf))) == SMTPD_PROX_WANT_BAD)
msg_panic("%s: malformed server reply type: %s",
myname, STR(replay_buf));
break;
/*
* Client command, or void. Bail out on the first negative proxy
* response. This is OK, because the filter must use the same
* reply code for all recipients of a multi-recipient message.
*/
case REC_TYPE_FROM:
if (expect == SMTPD_PROX_WANT_BAD)
msg_panic("%s: missing server reply type", myname);
if (smtpd_proxy_cmd(state, expect, *STR(replay_buf) ? "%s" :
SMTPD_PROXY_CONN_FMT, STR(replay_buf)) < 0)
return (-1);
expect = SMTPD_PROX_WANT_BAD;
break;
/*
* Explicit end marker, instead of implicit EOF.
*/
case REC_TYPE_END:
return (0);
/*
* Errors.
*/
case REC_TYPE_ERROR:
return (smtpd_proxy_replay_rdwr_error(state));
default:
msg_panic("%s: unexpected record type; %d", myname, rec_type);
}
}
}
