Simon Schubert [Mon, 28 Jun 2010 22:49:53 +0000 (00:49 +0200)]
catch SIGHUP so that sleeps can be interrupted by the user
A SIGHUP sent to the dma process will run the no-op signal handler and
break the sleep(3) call in deliver.
Do not increase the backoff if sleep was interrupted.
Submitted-by: Peter Pentchev <roam@ringlet.net> (earlier version)
Simon Schubert [Mon, 28 Jun 2010 22:49:42 +0000 (00:49 +0200)]
properly randomize the message id
We would only use the queue id of the message as its message id, which
is generated from the inode number of the message's queue file. Inode
numbers are readily reused on many file systems, which leads to
repeating message ids.
Create real randomized message ids instead.
Submitted-by: Peter Pentchev <roam@ringlet.net> (earlier version)
Simon Schubert [Mon, 28 Jun 2010 22:48:52 +0000 (00:48 +0200)]
load_queue: use stat(2) instead of de->d_type
Some filesystems (notably XFS) do not set the d_type field in the dirent
structure. This prevents dma from delivering any of the queued messages.
Rework the code to use stat() instead.
Submitted-by: Peter Pentchev <roam@ringlet.net> (earlier version)
Simon Schubert [Sat, 3 Oct 2009 19:32:07 +0000 (21:32 +0200)]
dma: don't use __unused
__unused avoids a gcc warning that the parameter is not being used, but
this does not exist in other systems or is overloaded with a different
meaning.
Instead simply use a cast to (void) to silence gcc.
Simon Schubert [Tue, 21 Jul 2009 23:21:44 +0000 (01:21 +0200)]
dma: don't block when trying to aquire a queue file
We might race with some other process, so it is imperative to treat a
locked file as a soft error instead of blocking on the file until the
other process unlocks it.
Simon Schubert [Mon, 20 Jul 2009 19:53:32 +0000 (21:53 +0200)]
dma: rewrite file management
Close files as early as possible, possibly re-open them later. This is
so that we avoid filedesc sharing problems completely and that we won't
run out of fdesc in case of a large queue.
Simon Schubert [Thu, 16 Jul 2009 11:43:28 +0000 (13:43 +0200)]
dma: treat encrypted connections as secure
Users have to set the INSECURE config option to allow dma to send
plaintext passwords on login. This commit allows dma to send plaintext
passwords through TLS connections even if the INSECURE config option is
not set.
The downside is that this allows a man-in-the-middle attack on the
password exchange. The only solution to this is checking the server
certificate, but we don't do that (yet).
Simon Schubert [Thu, 16 Jul 2009 09:54:44 +0000 (11:54 +0200)]
dma: correctly initialize error before delivering mail
error is used to return failure or success from deliver_remote(). However
error is also used before, so we have to make sure that it is initialized
to 0, else a previous (non-fatal) error could pull through, even if the
delivery was successful.
Simon Schubert [Thu, 9 Jul 2009 21:24:35 +0000 (23:24 +0200)]
dma: prevent races from sharing fd between children
On fork, fds are shared between children. If two processes work on
different recipients, but on the same queue file, they might get
confused when the fd (and thus the offset) is shared. Prevent this by
re-opening the queue file after fork.
Reported-by: Daniel Roethlisberger <daniel@roe.ch>
Simon Schubert [Thu, 9 Jul 2009 20:21:26 +0000 (22:21 +0200)]
dma: constify bounce reason and avoid strdup
We don't need to care about freeing the bounce reason string, because
bounce is only called once. Convert all bounce reason strings to
const char * and avoid calling strdup() on them. Dynamic strings from
asprintf() need some de-const massaging.
Simon Schubert [Thu, 9 Jul 2009 19:15:54 +0000 (21:15 +0200)]
dma: provide proper bounce error message
This may not be the best solution - the error message buffer has now
turned dynamic, but the only alternative I see is to make it a static
array in net.c... and I'm not quite sure if I want to do that just now.
Simon Schubert [Thu, 9 Jul 2009 12:37:16 +0000 (14:37 +0200)]
dma: lock temp files on creation
Lock the temporary files after creating them to protect from a "dma -q"
run at just the wrong time causing a double delivery attempt for
the same message.