static int smtpd_proxy_save_rec_fprintf(VSTREAM *stream, int rec_type, const char *fmt,...) { const char *myname = "smtpd_proxy_save_rec_fprintf"; va_list ap; int ret; /* * Sanity check. */ if (stream == 0) msg_panic("%s: attempt to use closed stream", myname); /* * Save one content record. Errors and results must be as with * rec_fprintf(). */ va_start(ap, fmt); if (rec_type == REC_TYPE_NORM) ret = rec_vfprintf(stream, rec_type, fmt, ap); else msg_panic("%s: need REC_TYPE_NORM", myname); va_end(ap); /* * Errors last. */ if (ret != rec_type) { (void) smtpd_proxy_replay_rdwr_error(VSTREAM_TO_SMTPD_STATE(stream)); return (REC_TYPE_ERROR); } return (rec_type); }
static int smtpd_proxy_save_rec_put(VSTREAM *stream, int rec_type, const char *data, ssize_t len) { const char *myname = "smtpd_proxy_save_rec_put"; int ret; #define VSTREAM_TO_SMTPD_STATE(s) ((SMTPD_STATE *) vstream_context(s)) /* * Sanity check. */ if (stream == 0) msg_panic("%s: attempt to use closed stream", myname); /* * Send one content record. Errors and results must be as with rec_put(). */ if (rec_type == REC_TYPE_NORM || rec_type == REC_TYPE_CONT) ret = rec_put(stream, rec_type, data, len); else msg_panic("%s: need REC_TYPE_NORM or REC_TYPE_CONT", myname); /* * Errors last. */ if (ret != rec_type) { (void) smtpd_proxy_replay_rdwr_error(VSTREAM_TO_SMTPD_STATE(stream)); return (REC_TYPE_ERROR); } return (rec_type); }
static int smtpd_proxy_replay_setup(SMTPD_STATE *state) { const char *myname = "smtpd_proxy_replay_setup"; off_t file_offs; /* * Where possible reuse an existing replay logfile, because creating a * file is expensive compared to reading or writing. For security reasons * we must truncate the file before reuse. For performance reasons we * should truncate the file immediately after the end of a mail * transaction. We enforce the security guarantee upon reuse, by * requiring that no I/O happened since the file was truncated. This is * less expensive than truncating the file redundantly. */ if (smtpd_proxy_replay_stream != 0) { /* vstream_ftell() won't invoke the kernel, so all errors are mine. */ if ((file_offs = vstream_ftell(smtpd_proxy_replay_stream)) != 0) msg_panic("%s: bad before-queue filter speed-adjust log offset %lu", myname, (unsigned long) file_offs); vstream_clearerr(smtpd_proxy_replay_stream); if (msg_verbose) msg_info("%s: reuse speed-adjust stream fd=%d", myname, vstream_fileno(smtpd_proxy_replay_stream)); /* Here, smtpd_proxy_replay_stream != 0 */ } /* * Create a new replay logfile. */ if (smtpd_proxy_replay_stream == 0) { smtpd_proxy_replay_stream = mail_queue_enter(MAIL_QUEUE_INCOMING, 0, (struct timeval *) 0); if (smtpd_proxy_replay_stream == 0) return (smtpd_proxy_replay_rdwr_error(state)); if (unlink(VSTREAM_PATH(smtpd_proxy_replay_stream)) < 0) msg_warn("remove before-queue filter speed-adjust log %s: %m", VSTREAM_PATH(smtpd_proxy_replay_stream)); if (msg_verbose) msg_info("%s: new speed-adjust stream fd=%d", myname, vstream_fileno(smtpd_proxy_replay_stream)); } /* * Needed by our DATA-phase record emulation routines. */ vstream_control(smtpd_proxy_replay_stream, VSTREAM_CTL_CONTEXT, (char *) state, VSTREAM_CTL_END); return (0); }
static int smtpd_proxy_save_cmd(SMTPD_STATE *state, int expect, const char *fmt,...) { va_list ap; /* * Errors first. */ if (vstream_ferror(smtpd_proxy_replay_stream) || vstream_feof(smtpd_proxy_replay_stream)) return (smtpd_proxy_replay_rdwr_error(state)); /* * Save the expected reply first, so that the replayer can safely * overwrite the input buffer with the command. */ rec_fprintf(smtpd_proxy_replay_stream, REC_TYPE_RCPT, "%d", expect); /* * The command can be omitted at the start of an SMTP session. This is * not documented as part of the official interface because it is used * only internally to this module. Use an explicit null string in case * the SMTPD_PROXY_CONN_FMT implementation details change. */ if (fmt == SMTPD_PROXY_CONN_FMT) fmt = ""; /* * Save the command to the replay log, and send it to the before-queue * filter after we have received the entire message. */ va_start(ap, fmt); rec_vfprintf(smtpd_proxy_replay_stream, REC_TYPE_FROM, fmt, ap); va_end(ap); /* * If we just saved the "." command, replay the log. */ return (strcmp(fmt, ".") ? 0 : smtpd_proxy_replay_send(state)); }
static int smtpd_proxy_replay_send(SMTPD_STATE *state) { const char *myname = "smtpd_proxy_replay_send"; static VSTRING *replay_buf = 0; SMTPD_PROXY *proxy = state->proxy; int rec_type; int expect = SMTPD_PROX_WANT_BAD; /* * Sanity check. */ if (smtpd_proxy_replay_stream == 0) msg_panic("%s: no before-queue filter speed-adjust log", myname); /* * Errors first. */ if (vstream_ferror(smtpd_proxy_replay_stream) || vstream_feof(smtpd_proxy_replay_stream) || rec_put(smtpd_proxy_replay_stream, REC_TYPE_END, "", 0) != REC_TYPE_END || vstream_fflush(smtpd_proxy_replay_stream)) /* NOT: fsync(vstream_fileno(smtpd_proxy_replay_stream)) */ return (smtpd_proxy_replay_rdwr_error(state)); /* * Delayed connection to the before-queue filter. */ if (smtpd_proxy_connect(state) < 0) return (-1); /* * Replay the speed-match log. We do sanity check record content, but we * don't implement a protocol state engine here, since we are reading * from a file that we just wrote ourselves. * * This is different than the MailChannels patented solution that * multiplexes a large number of slowed-down inbound connections over a * small number of fast connections to a local MTA. * * - MailChannels receives mail directly from the Internet. It uses one * connection to the local MTA to reject invalid recipients before * receiving the entire email message at reduced bit rates, and then uses * a different connection to quickly deliver the message to the local * MTA. * * - Postfix receives mail directly from the Internet. The Postfix SMTP * server rejects invalid recipients before receiving the entire message * over the Internet, and then delivers the message quickly to a local * SMTP-based content filter. */ if (replay_buf == 0) replay_buf = vstring_alloc(100); if (vstream_fseek(smtpd_proxy_replay_stream, (off_t) 0, SEEK_SET) < 0) return (smtpd_proxy_replay_rdwr_error(state)); for (;;) { switch (rec_type = rec_get(smtpd_proxy_replay_stream, replay_buf, REC_FLAG_NONE)) { /* * Message content. */ case REC_TYPE_NORM: case REC_TYPE_CONT: if (smtpd_proxy_rec_put(proxy->service_stream, rec_type, STR(replay_buf), LEN(replay_buf)) < 0) return (-1); break; /* * Expected server reply type. */ case REC_TYPE_RCPT: if (!alldig(STR(replay_buf)) || (expect = atoi(STR(replay_buf))) == SMTPD_PROX_WANT_BAD) msg_panic("%s: malformed server reply type: %s", myname, STR(replay_buf)); break; /* * Client command, or void. Bail out on the first negative proxy * response. This is OK, because the filter must use the same * reply code for all recipients of a multi-recipient message. */ case REC_TYPE_FROM: if (expect == SMTPD_PROX_WANT_BAD) msg_panic("%s: missing server reply type", myname); if (smtpd_proxy_cmd(state, expect, *STR(replay_buf) ? "%s" : SMTPD_PROXY_CONN_FMT, STR(replay_buf)) < 0) return (-1); expect = SMTPD_PROX_WANT_BAD; break; /* * Explicit end marker, instead of implicit EOF. */ case REC_TYPE_END: return (0); /* * Errors. */ case REC_TYPE_ERROR: return (smtpd_proxy_replay_rdwr_error(state)); default: msg_panic("%s: unexpected record type; %d", myname, rec_type); } } }
static int smtpd_proxy_replay_send(SMTPD_STATE *state) { const char *myname = "smtpd_proxy_replay_send"; static VSTRING *replay_buf = 0; SMTPD_PROXY *proxy = state->proxy; int rec_type; int expect = SMTPD_PROX_WANT_BAD; /* * Sanity check. */ if (smtpd_proxy_replay_stream == 0) msg_panic("%s: no before-queue filter speed-adjust log", myname); /* * Errors first. */ if (vstream_ferror(smtpd_proxy_replay_stream) || vstream_feof(smtpd_proxy_replay_stream) || rec_put(smtpd_proxy_replay_stream, REC_TYPE_END, "", 0) != REC_TYPE_END || vstream_fflush(smtpd_proxy_replay_stream)) /* NOT: fsync(vstream_fileno(smtpd_proxy_replay_stream)) */ return (smtpd_proxy_replay_rdwr_error(state)); /* * Delayed connection to the before-queue filter. */ if (smtpd_proxy_connect(state) < 0) return (-1); /* * Replay the speed-match log. We do sanity check record content, but we * don't implement a protocol state engine here, since we are reading * from a file that we just wrote ourselves. */ if (replay_buf == 0) replay_buf = vstring_alloc(100); if (vstream_fseek(smtpd_proxy_replay_stream, (off_t) 0, SEEK_SET) < 0) return (smtpd_proxy_replay_rdwr_error(state)); for (;;) { switch (rec_type = rec_get(smtpd_proxy_replay_stream, replay_buf, REC_FLAG_NONE)) { /* * Message content. */ case REC_TYPE_NORM: case REC_TYPE_CONT: if (smtpd_proxy_rec_put(proxy->service_stream, rec_type, STR(replay_buf), LEN(replay_buf)) < 0) return (-1); break; /* * Expected server reply type. */ case REC_TYPE_RCPT: if (!alldig(STR(replay_buf)) || (expect = atoi(STR(replay_buf))) == SMTPD_PROX_WANT_BAD) msg_panic("%s: malformed server reply type: %s", myname, STR(replay_buf)); break; /* * Client command, or void. Bail out on the first negative proxy * response. This is OK, because the filter must use the same * reply code for all recipients of a multi-recipient message. */ case REC_TYPE_FROM: if (expect == SMTPD_PROX_WANT_BAD) msg_panic("%s: missing server reply type", myname); if (smtpd_proxy_cmd(state, expect, *STR(replay_buf) ? "%s" : SMTPD_PROXY_CONN_FMT, STR(replay_buf)) < 0) return (-1); expect = SMTPD_PROX_WANT_BAD; break; /* * Explicit end marker, instead of implicit EOF. */ case REC_TYPE_END: return (0); /* * Errors. */ case REC_TYPE_ERROR: return (smtpd_proxy_replay_rdwr_error(state)); default: msg_panic("%s: unexpected record type; %d", myname, rec_type); } } }