-TCONFIG_STR_TABLE
-TCONFIG_TIME_FN_TABLE
-TCONFIG_TIME_TABLE
+-TCRATE_LOCAL
+-TCRATE_REMOTE
-TCTABLE
-TCTABLE_ENTRY
-TDELIVER_ATTR
Portability: added localhost to mydestination for sites that
turn off append_dot_mydomain. File: global/mail_params.h.
+20031027
+
+ Portability: MacOS X Bind8 compatibility. File: makedefs.
+
+20031103
+
+ Robustness: flush pipelined "." and "quit" replies to avoid
+ repeated deliveries in case of a program crash (you know,
+ the kind of thing that happens before Postfix release :-).
+ File: smtpd/smtpd.c.
+
+20031105
+
+ Portability: turn off NETINFO support for MacOS X Panther
+ by default. Files: makedefs, util/sys_defs.h.
+
+20031106
+
+ Feature: the sample greylist policy server is now case
+ insensitive. File: examples/smtpd-policy/smtpd-policy.pl.
+
+20031103-20031110
+
+ Feature: preliminary support to restrict the number of
+ simultaneous and successive connections that a client is
+ can make to the Postfix SMTP server, with a whitelist
+ capability to disable the restriction for authorized clients.
+ Most of the work is implemented by a new "crate" server
+ (connection Count and RATE management). Parameters:
+ smtpd_client_connection_count_limit, smtpd_client_connection-
+ _rate_limit, smtpd_client_connection_limit_exceptions,
+ connection_rate_time_unit, and connection_rate_purge_delay.
+ Documentation: smtpd(8), crate(8), sample-smtpd.cf. Files:
+ smtpd/smtpd.c, global/crate_clnt.[hc], crate/crate.c.
+
+
+20031110
+
+ Cleanup: Postfix now supports the /0 netmask (match every
+ address). This is useful as a catch-all pattern at the
+ end of a table. Files: util/dict_cidr.c, util/match_ops.c.
+
Open problems:
High: when virtual aliasing is turned off after content
src/showq src/postalias src/postcat src/postconf src/postdrop \
src/postkick src/postlock src/postlog src/postmap src/postqueue \
src/postsuper src/nqmgr src/qmqpd src/spawn src/flush src/verify \
- src/virtual src/proxymap
+ src/virtual src/proxymap src/crate
MANDIRS = proto man html
default: update
The saslauthd daemon is also contained in the cyrus-sasl source
tarball. It is more flexible than the pwcheck daemon, in that it
-can authenticate against PAM and various other sources.
+can authenticate against PAM and various other sources. To use
+PAM, start saslauthd with "-a pam".
In order to authenticate against SASL's own password database:
# Lookup the time stamp for this client/sender/recipient.
$key = $attr{"client_address"}."/".$attr{"sender"}."/".$attr{"recipient"};
+ $key =~ tr /A-Z/a-z/;
$time_stamp = read_database($key);
$now = time();
date. Snapshots change only the release date, unless they include
the same bugfixes as a patch release.
+Incompatible changes with Postfix snapshot 2.0.16-20031110
+==========================================================
+
+The demo greylist policy server is now case insensitive.
+
+Major changes with Postfix snapshot 2.0.16-20031110
+===================================================
+
+Preliminary support for limiting the number of connection attempts
+from an SMTP client. The limits are disabled by default. The
+parameter smtpd_client_connection_count_limit restricts the number
+of simultaneous connections by any client, and the parameter
+smtpd_client_connection_rate_limit restricts the number of connection
+attempts per unit time that any client can make. The time unit is
+specified with the connection_rate_time_unit parameter, default
+one minute). When Postfix rejects a client, it sends a 450 status
+code and disconnects. The smtpd_client_connection_limit_exceptions
+parameter takes a list of network blocks or domain names that are
+excluded from these restrictions (by default, clients in $mynetworks).
+
Incompatible changes with Postfix snapshot 2.0.16-20031022
==========================================================
#
# network_address/network_mask result
# When a search string matches the specified network
-# block, use the corresponding result value.
+# block, use the corresponding result value. Specify
+# 0.0.0.0/0 to match every address.
#
# network_address result
-# When a search string matches the specified network
+# When a search string matches the specified network
# address, use the corresponding result value.
#
# blank lines and comments
-# Empty lines and whitespace-only lines are ignored,
-# as are lines whose first non-whitespace character
+# Empty lines and whitespace-only lines are ignored,
+# as are lines whose first non-whitespace character
# is a `#'.
#
# multi-line text
-# A logical line starts with non-whitespace text. A
-# line that starts with whitespace continues a logi-
+# A logical line starts with non-whitespace text. A
+# line that starts with whitespace continues a logi-
# cal line.
#
# SEARCH ORDER
-# Patterns are applied in the order as specified in the
-# table, until a pattern is found that matches the search
+# Patterns are applied in the order as specified in the
+# table, until a pattern is found that matches the search
# string.
#
# EXAMPLE SMTPD ACCESS MAP
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
+crate unix - - n - 1 crate
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
echo Editing $config_directory/master.cf, adding missing entry for proxymap service
cat >>$config_directory/master.cf <<EOF || exit 1
proxymap unix - - n - - proxymap
+EOF
+ }
+
+ # Add missing crate service to master.cf.
+
+ grep '^crate.*crate' $config_directory/master.cf >/dev/null || {
+ echo Editing $config_directory/master.cf, adding missing entry for crate service
+ cat >>$config_directory/master.cf <<EOF || exit 1
+crate unix - - n - 1 crate
EOF
}
$queue_directory/trace:d:$mail_owner:-:700:ucr
$daemon_directory/bounce:f:root:-:755
$daemon_directory/cleanup:f:root:-:755
+$daemon_directory/crate:f:root:-:755
$daemon_directory/error:f:root:-:755
$daemon_directory/flush:f:root:-:755
$daemon_directory/lmtp:f:root:-:755
$manpage_directory/man5/virtual.5:f:root:-:644
$manpage_directory/man8/bounce.8:f:root:-:644
$manpage_directory/man8/cleanup.8:f:root:-:644
+$manpage_directory/man8/crate.8:f:root:-:644
$manpage_directory/man8/defer.8:f:root:-:644
$manpage_directory/man8/error.8:f:root:-:644
$manpage_directory/man8/flush.8:f:root:-:644
do
test -d $dir && find $dir -type f -print | while read path
do
- cmp -s $path /$path ||
- $WARN $queue_directory/$path and /$path differ
+ test -e /$path && {
+ cmp -s $path /$path ||
+ $WARN $queue_directory/$path and /$path differ
+ }
done
done
#
#smtpd_sender_login_maps =
+#
+# Resource limits
+#
+
+# The smtpd_client_connection_count_limit parameter controls how many
+# simultaneous connections any client is allowed to make to this
+# service.
+#
+# By default, every client can make as many connections as Postfix
+# can accept (defined by the process limit in the master.cf file).
+#
+# smtpd_client_connection_count_limit = 10
+smtpd_client_connection_count_limit = 0
+
+# The smtpd_client_connection_rate_limit parameter controls how many
+# connection attempts any client is allowed to make to this service
+# per time unit.
+#
+# The time unit is specified with the connection_rate_time_unit
+# configuration parameter, and defaults to one minute.
+#
+# By default, every client can make as many connections as Postfix
+# can accept.
+#
+# smtpd_client_connection_rate_limit = 100
+smtpd_client_connection_rate_limit = 0
+
+# The smtpd_client_connection_limit_exceptions parameter controls what
+# clients are excluded from connection count or connection rate
+# restrictions.
+#
+# By default, clients in trusted networks are excluded. Specify a
+# list of network blocks, hostnames or .domain names (the initial
+# initial dot causes the domain to match any name below it).
+#
+smtpd_client_connection_limit_exceptions = $mynetworks
+
#
# MISCELLANEOUS
#
#
# Specify an explicit list of network/netmask patterns, where the
# mask specifies the number of bits in the network part of a host
-# address.
+# address. You can also specify hostnames or .domain names (the
+# initial dot causes the domain to match any name below it).
#
# You can also specify the absolute pathname of a pattern file instead
# of listing the patterns here. Specify type:table for table-based lookups
#
# Specify an explicit list of network/netmask patterns, where the
# mask specifies the number of bits in the network part of a host
-# address.
+# address. You can also specify hostnames or .domain names (the
+# initial dot causes the domain to match any name below it).
#
# You can also specify the absolute pathname of a pattern file instead
# of listing the patterns here. Specify type:table for table-based lookups
#
smtpd_authorized_xloginfo_clients =
-# The smtpd_authorized_xverp_clients parameter specifies what clients
+# The smtpd_authorized_verp_clients parameter specifies what clients
# are allowed to specify the SMTP XVERP command. This command requests
# that mail be delivered one recipient at a time with a per recipient
# return address.
#
# Specify an explicit list of network/netmask patterns, where the
# mask specifies the number of bits in the network part of a host
-# address.
+# address. You can also specify hostnames or .domain names (the
+# initial dot causes the domain to match any name below it).
#
# You can also specify the absolute pathname of a pattern file instead
# of listing the patterns here. Specify type:table for table-based lookups
# (the value on the table right-hand side is not used).
#
-smtpd_authorized_xverp_clients =
+smtpd_authorized_verp_clients =
# The smtpd_banner parameter specifies the text that follows the 220
# status code in the SMTP greeting banner. Some people like to see
# the mail version advertised. By default, Postfix shows no version.
#
-# You MUST specify the $myhostname at the start of the text.
+# You MUST specify $myhostname at the start of the text. This is
+# required by the SMTP protocol.
#
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_banner = $myhostname ESMTP $mail_name
# Lookup the time stamp for this client/sender/recipient.
$key = $attr{"client_address"}."/".$attr{"sender"}."/".$attr{"recipient"};
+ $key =~ tr /A-Z/a-z/;
$time_stamp = read_database($key);
$now = time();
lmtp.8.html master.8.html pickup.8.html pipe.8.html qmgr.8.html \
showq.8.html smtp.8.html smtpd.8.html trivial-rewrite.8.html \
nqmgr.8.html spawn.8.html flush.8.html virtual.8.html qmqpd.8.html \
- trace.8.html verify.8.html proxymap.8.html
+ trace.8.html verify.8.html proxymap.8.html crate.8.html
COMMANDS= mailq.1.html newaliases.1.html postalias.1.html postcat.1.html \
postconf.1.html postfix.1.html postkick.1.html postlock.1.html \
postlog.1.html postdrop.1.html postmap.1.html sendmail.1.html \
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@
+crate.8.html: ../src/crate/crate.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@
+
lmtp.8.html: ../src/lmtp/lmtp.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@
-<html> <
head> </head> <body> <pre>
+<html> <body> <pre>
CIDR_TABLE(5) CIDR_TABLE(5)
<b>NAME</b>
<b>TABLE FORMAT</b>
The general form of a Postfix CIDR table is:
- <i>network_address</i><b>/</b><i>network_mask result</i>
+ <i>network</i><b>_</b><i>address</i><b>/</b><i>network</i><b>_</b><i>mask result</i>
When a search string matches the specified network
- block, use the corresponding <i>result</i> value.
+ block, use the corresponding <i>result</i> value. Specify
+ 0.0.0.0/0 to match every address.
- <i>network_address result</i>
- When a search string matches the specified network
+ <i>network</i><b>_</b><i>address result</i>
+ When a search string matches the specified network
address, use the corresponding <i>result</i> value.
blank lines and comments
- Empty lines and whitespace-only lines are ignored,
- as are lines whose first non-whitespace character
+ Empty lines and whitespace-only lines are ignored,
+ as are lines whose first non-whitespace character
is a `#'.
multi-line text
- A logical line starts with non-whitespace text. A
- line that starts with whitespace continues a logi-
+ A logical line starts with non-whitespace text. A
+ line that starts with whitespace continues a logi-
cal line.
<b>SEARCH ORDER</b>
- Patterns are applied in the order as specified in the
- table, until a pattern is found that matches the search
+ Patterns are applied in the order as specified in the
+ table, until a pattern is found that matches the search
string.
<b>EXAMPLE SMTPD ACCESS MAP</b>
--- /dev/null
+<html> <body> <pre>
+CRATE(8) CRATE(8)
+
+<b>NAME</b>
+ crate - Postfix connection count and rate management
+
+<b>SYNOPSIS</b>
+ <b>crate</b> [generic Postfix daemon options]
+
+<b>DESCRIPTION</b>
+ The Postfix <b>crate</b> server maintains statistics that other
+ Postfix servers can use to limit the number of simultane-
+ ous connections as well as the frequency of connection
+ attempts over a configurable unit of time. This server is
+ designed to run under control by the Postfix master
+ server.
+
+<b>PROTOCOL</b>
+ When a connection is established, a rate limited server
+ sends the following request to the <b>crate</b> server:
+
+ <b>request=connect</b>
+ <b>ident=</b><i>string</i>
+
+ This registers a new connection for the remote client and
+ the rate limited service specified with <i>string</i>. The <b>crate</b>
+ server answers with the number of simultaneous connections
+ and the number of connections per unit time for that (ser-
+ vice, client) combination:
+
+ <b>status=0</b>
+ <b>count=</b><i>number</i>
+ <b>rate=</b><i>number</i>
+
+ It is left up to the rate limited service to decide if the
+ remote client connection request is acceptable.
+
+ When a remote client disconnects, a rate limited server
+ sends the following request to the <b>crate</b> server:
+
+ <b>request=disconnect</b>
+ <b>ident=</b><i>string</i>
+
+ This registers a disconnect event for the remote client
+ and the rate limited service specified with <i>string</i>. The
+ rate limit management server replies with:
+
+ <b>status=0</b>
+
+<b>SECURITY</b>
+ The connection count and rate management service is not
+ security sensitive. It does not talk to the network or
+ local users, and it can run chrooted at fixed low privi-
+ lege.
+
+ This server maintains an in-memory table with information
+ about past and current clients of a rate limited service.
+ Although state is kept only temporarily, this may require
+ a lot of memory when a system handles connections from
+ many remote clients, or when a system comes under a dis-
+ tributed denial of service attack. In that case, reduce
+ the time unit over which statistics are kept.
+
+ Systems behind network address translating routers or
+ proxies appear to have the same client address and can run
+ into connection count and/or rate limits falsely.
+
+<b>DIAGNOSTICS</b>
+ Problems and transactions are logged to <b>syslogd</b>(8).
+
+<b>BUGS</b>
+ All state is lost when the service is restarted.
+
+ In this first implementation, a count or rate limited
+ server can have only one client at a time.
+
+<b>CONFIGURATION PARAMETERS</b>
+ The following <b>main.cf</b> parameters are especially relevant
+ to this program. Use the <b>postfix reload</b> command after a
+ configuration change.
+
+ <b>connection_rate_purge_delay</b>
+ How long remote client state is remembered after
+ the remote client has disconnected completely. This
+ should not be smaller than the unit of time over
+ which connection rates are calculated.
+
+ <b>connection_rate_time_unit</b>
+ The unit of time over which connection rates are
+ calculated.
+
+<b>SEE ALSO</b>
+ <a href="smtpd.8.html">smtpd(8)</a> Postfix SMTP server
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this
+ software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ CRATE(8)
+</pre> </body> </html>
receipt of RSET etc. only if the number of history
lines exceeds the given threshold.
+ <b>smtpd_client_connection_count_limit</b>
+ The maximal number of simultaneous connections that
+ any client is allowed to make to this service.
+
+ <b>smtpd_client_connection_rate_limit</b>
+ The maximal number of connections per unit time
+ (specified with <b>connection_rate_time_unit</b>) that any
+ client is allowed to make to this service.
+
+ <b>smtpd_client_connection_limit_exceptions</b>
+ Hostnames, .domain names or network address blocks
+ of clients that are excluded from connection count
+ or rate limits.
+
<b>Tarpitting</b>
<b>smtpd_error_sleep_time</b>
Time to wait in seconds before sending a 4xx or 5xx
<b>smtpd_soft_error_limit</b>
When an SMTP client has made this number of errors,
- wait <i>error</i><b>_</b><i>count</i> seconds before responding to any
+ wait <i>error</i><b>_</b><i>count</i> seconds before responding to any
client request.
<b>smtpd_hard_error_limit</b>
- Disconnect after a client has made this number of
+ Disconnect after a client has made this number of
errors.
<b>smtpd_junk_command_limit</b>
Limit the number of times a client can issue a junk
- command such as NOOP, VRFY, ETRN or RSET in one
- SMTP session before it is penalized with tarpit
+ command such as NOOP, VRFY, ETRN or RSET in one
+ SMTP session before it is penalized with tarpit
delays.
<b>Delegated policy</b>
receiving from a delegated SMTPD policy server.
<b>smtpd_policy_service_max_idle</b>
- Time after which an unused SMTPD policy service
+ Time after which an unused SMTPD policy service
connection is closed.
<b>smtpd_policy_service_timeout</b>
- Time after which an active SMTPD policy service
+ Time after which an active SMTPD policy service
connection is closed.
<b>UCE control restrictions</b>
<b>parent_domain_matches_subdomains</b>
- List of Postfix features that use <i>domain.tld</i> pat-
- terns to match <i>sub.domain.tld</i> (as opposed to
+ List of Postfix features that use <i>domain.tld</i> pat-
+ terns to match <i>sub.domain.tld</i> (as opposed to
requiring <i>.domain.tld</i> patterns).
<b>smtpd_client_restrictions</b>
tem.
<b>smtpd_helo_required</b>
- Require that clients introduce themselves at the
+ Require that clients introduce themselves at the
beginning of an SMTP session.
<b>smtpd_helo_restrictions</b>
- Restrict what client hostnames are allowed in <b>HELO</b>
+ Restrict what client hostnames are allowed in <b>HELO</b>
and <b>EHLO</b> commands.
<b>smtpd_sender_restrictions</b>
- Restrict what sender addresses are allowed in <b>MAIL</b>
+ Restrict what sender addresses are allowed in <b>MAIL</b>
<b>FROM</b> commands.
<b>smtpd_recipient_restrictions</b>
- Restrict what recipient addresses are allowed in
+ Restrict what recipient addresses are allowed in
<b>RCPT TO</b> commands.
<b>smtpd_etrn_restrictions</b>
mands, and what clients may issue <b>ETRN</b> commands.
<b>smtpd_data_restrictions</b>
- Restrictions on the <b>DATA</b> command. Currently, the
- only restriction that makes sense here is
+ Restrictions on the <b>DATA</b> command. Currently, the
+ only restriction that makes sense here is
<b>reject_unauth_pipelining</b>.
<b>allow_untrusted_routing</b>
- Allow untrusted clients to specify addresses with
- sender-specified routing. Enabling this opens up
- nasty relay loopholes involving trusted backup MX
+ Allow untrusted clients to specify addresses with
+ sender-specified routing. Enabling this opens up
+ nasty relay loopholes involving trusted backup MX
hosts.
<b>smtpd_restriction_classes</b>
- Declares the name of zero or more parameters that
- contain a list of UCE restrictions. The names of
- these parameters can then be used instead of the
+ Declares the name of zero or more parameters that
+ contain a list of UCE restrictions. The names of
+ these parameters can then be used instead of the
restriction lists that they represent.
<b>smtpd_null_access_lookup_key</b>
- The lookup key to be used in SMTPD access tables
- instead of the null sender address. A null sender
+ The lookup key to be used in SMTPD access tables
+ instead of the null sender address. A null sender
address cannot be looked up.
<b>maps_rbl_domains</b> (deprecated)
- List of DNS domains that publish the addresses of
+ List of DNS domains that publish the addresses of
blacklisted hosts. This is used with the deprecated
<b>reject_maps_rbl</b> restriction.
<b>permit_mx_backup_networks</b>
- Only domains whose primary MX hosts match the
- listed networks are eligible for the <b>per-</b>
+ Only domains whose primary MX hosts match the
+ listed networks are eligible for the <b>per-</b>
<b>mit_mx_backup</b> feature.
<b>relay_domains</b>
- Restrict what domains this mail system will relay
- mail to. The domains are routed to the delivery
+ Restrict what domains this mail system will relay
+ mail to. The domains are routed to the delivery
agent specified with the <b>relay_transport</b> setting.
<b>Sender/recipient address verification</b>
Address verification is implemented by sending probe email
- messages that are not actually delivered, and is enabled
- via the reject_unverified_{sender,recipient} access
- restriction. The status of verification probes is main-
+ messages that are not actually delivered, and is enabled
+ via the reject_unverified_{sender,recipient} access
+ restriction. The status of verification probes is main-
tained by the address verification service.
<b>address_verify_poll_count</b>
- How many times to query the address verification
- service for completion of an address verification
- request. Specify 1 to implement a simple form of
- greylisting, that is, always defer the request for
+ How many times to query the address verification
+ service for completion of an address verification
+ request. Specify 1 to implement a simple form of
+ greylisting, that is, always defer the request for
a new sender or recipient address.
<b>address_verify_poll_delay</b>
- Time to wait after querying the address verifica-
+ Time to wait after querying the address verifica-
tion service for completion of an address verifica-
tion request.
<b>UCE control responses</b>
<b>access_map_reject_code</b>
- Response code when a client violates an access
+ Response code when a client violates an access
database restriction.
<b>default_rbl_reply</b>
Default template reply when a request is RBL black-
- listed. This template is used by the <b>reject_rbl_*</b>
- and <b>reject_rhsbl_*</b> restrictions. See also:
+ listed. This template is used by the <b>reject_rbl_*</b>
+ and <b>reject_rhsbl_*</b> restrictions. See also:
<b>rbl_reply_maps</b> and <b>smtpd_expansion_filter</b>.
<b>defer_code</b>
- Response code when a client request is rejected by
+ Response code when a client request is rejected by
the <b>defer</b> restriction.
<b>invalid_hostname_reject_code</b>
- Response code when a client violates the
+ Response code when a client violates the
<b>reject_invalid_hostname</b> restriction.
<b>maps_rbl_reject_code</b>
Response code when a request is RBL blacklisted.
<b>multi_recipient_bounce_reject_code</b>
- Response code when a multi-recipient bounce is
+ Response code when a multi-recipient bounce is
blocked.
<b>rbl_reply_maps</b>
- Table with template responses for RBL blacklisted
- requests, indexed by RBL domain name. These tem-
+ Table with template responses for RBL blacklisted
+ requests, indexed by RBL domain name. These tem-
plates are used by the <b>reject_rbl_*</b> and
- <b>reject_rhsbl_*</b> restrictions. See also:
+ <b>reject_rhsbl_*</b> restrictions. See also:
<b>default_rbl_reply</b> and <b>smtpd_expansion_filter</b>.
<b>reject_code</b>
- Response code when the client matches a <b>reject</b>
+ Response code when the client matches a <b>reject</b>
restriction.
<b>relay_domains_reject_code</b>
mail relay policy.
<b>unknown_address_reject_code</b>
- Response code when a client violates the
+ Response code when a client violates the
<b>reject_unknown_address</b> restriction.
<b>unknown_client_reject_code</b>
tion.
<b>unknown_hostname_reject_code</b>
- Response code when a client violates the
+ Response code when a client violates the
<b>reject_unknown_hostname</b> restriction.
<b>unverified_sender_reject_code</b>
- Response code when a sender address is known to be
+ Response code when a sender address is known to be
undeliverable.
<b>unverified_recipient_reject_code</b>
- Response code when a recipient address is known to
+ Response code when a recipient address is known to
be undeliverable.
<b>SEE ALSO</b>
<a href="verify.8.html">verify(8)</a> address verification service
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
SYSLIBS="-lresolv -lsocket -lnsl"
;;
Rhapsody.5*|Darwin.*)
- SYSTYPE=RHAPSODY5
+ SYSTYPE=MACOSX
# Use the native compiler by default
: ${CC=cc}
- AWK=gawk
case $RELEASE in
- 1.[0-3]) ;;
+ 1.[0-3]) AWK=gawk
+ ;;
+ [2-6].*) AWK=awk
+ SYSLIBS=-flat_namespace
+ ;;
*) AWK=awk
SYSLIBS=-flat_namespace
+ CCARGS="$CCARGS -DBIND_8_COMPAT -DNO_NETINFO"
;;
esac
;;
man8/lmtp.8 man8/master.8 man8/pickup.8 man8/pipe.8 man8/qmgr.8 \
man8/showq.8 man8/smtp.8 man8/smtpd.8 man8/trivial-rewrite.8 \
man8/nqmgr.8 man8/spawn.8 man8/flush.8 man8/virtual.8 man8/qmqpd.8 \
- man8/verify.8 man8/trace.8 man8/proxymap.8
+ man8/verify.8 man8/trace.8 man8/proxymap.8 man8/crate.8
COMMANDS= man1/postalias.1 man1/postcat.1 man1/postconf.1 man1/postfix.1 \
man1/postkick.1 man1/postlock.1 man1/postlog.1 man1/postdrop.1 \
man1/postmap.1 man1/sendmail.1 man1/mailq.1 man1/newaliases.1 \
man8/cleanup.8: ../src/cleanup/cleanup.c
../mantools/srctoman $? >$@
+man8/crate.8: ../src/crate/crate.c
+ ../mantools/srctoman $? >$@
+
man8/error.8: ../src/error/error.c
../mantools/srctoman $? >$@
.fi
\fIsmtp-sink\fR listens on the named host (or address) and port.
It takes SMTP messages from the network and throws them away.
-The purpose is to measure SMTP client performance, not protocol
+The purpose is to measure client performance, not protocol
compliance.
+
Connections can be accepted on IPV4 endpoints or UNIX-domain sockets.
IPV4 is the default.
This program is the complement of the \fIsmtp-source\fR program.
Display a running counter that is updated whenever an SMTP
QUIT command is executed.
.IP \fB-e\fR
-Disable ESMTP support.
+Do not announce ESMTP support.
.IP "\fB-f \fIcommand,command,...\fR"
Reject the specified commands with a hard (5xx) error code.
.IP \fB-h\fI hostname\fR
Use \fIhostname\fR in the SMTP greeting, in the HELO response,
and in the EHLO response. The default hostname is "smtp-sink".
.IP \fB-L\fR
-Enable LMTP rather than SMTP.
+Enable LMTP instead of SMTP.
.IP "\fB-n \fIcount\fR"
Terminate after \fIcount\fR sessions. This is for testing purposes.
.IP \fB-p\fR
-Disable ESMTP command pipelining.
+Do not announce support for ESMTP command pipelining.
.IP \fB-P\fR
Change the server greeting so that it appears to come through
a CISCO PIX system. Implies \fB-e\fR.
.IP "\fB-w \fIdelay\fR"
Wait \fIdelay\fR seconds before responding to a DATA command.
.IP \fB-8\fR
-Disable 8BITMIME support.
+Do not announce 8BITMIME support.
.IP [\fBinet:\fR][\fIhost\fR]:\fIport\fR
Listen on network interface \fIhost\fR (default: any interface)
TCP port \fIport\fR. Both \fIhost\fR and \fIport\fR may be
The general form of a Postfix CIDR table is:
.IP "\fInetwork_address\fB/\fInetwork_mask result\fR"
When a search string matches the specified network block,
-use the corresponding \fIresult\fR value.
+use the corresponding \fIresult\fR value. Specify
+0.0.0.0/0 to match every address.
.IP "\fInetwork_address result\fR"
When a search string matches the specified network address,
use the corresponding \fIresult\fR value.
--- /dev/null
+.TH CRATE 8
+.ad
+.fi
+.SH NAME
+crate
+\-
+Postfix connection count and rate management
+.SH SYNOPSIS
+.na
+.nf
+\fBcrate\fR [generic Postfix daemon options]
+.SH DESCRIPTION
+.ad
+.fi
+The Postfix \fBcrate\fR server maintains statistics that other
+Postfix servers can use to limit the number of simultaneous
+connections as well as the frequency of connection attempts
+over a configurable unit of time.
+This server is designed to run under control by the Postfix
+master server.
+.SH PROTOCOL
+.na
+.nf
+.ad
+.fi
+When a connection is established, a rate limited server
+sends the following request to the \fBcrate\fR server:
+.PP
+.in +4
+\fBrequest=connect\fR
+.br
+\fBident=\fIstring\fR
+.in
+.PP
+This registers a new connection for the remote client and the rate
+limited service specified with \fIstring\fR. The \fBcrate\fR server
+answers with the number of simultaneous connections and the
+number of connections per unit time for that (service, client)
+combination:
+.PP
+.in +4
+\fBstatus=0\fR
+.br
+\fBcount=\fInumber\fR
+.br
+\fBrate=\fInumber\fR
+.in
+.PP
+It is left up to the rate limited service to decide if the
+remote client connection request is acceptable.
+.PP
+When a remote client disconnects, a rate limited server
+sends the following request to the \fBcrate\fR server:
+.PP
+.in +4
+\fBrequest=disconnect\fR
+.br
+\fBident=\fIstring\fR
+.in
+.PP
+This registers a disconnect event for the remote client and the rate
+limited service specified with \fIstring\fR. The rate limit management
+server replies with:
+.PP
+.ti +4
+\fBstatus=0\fR
+.PP
+.SH SECURITY
+.na
+.nf
+.ad
+.fi
+The connection count and rate management service is not security
+sensitive. It does not talk to the network or local users,
+and it can run chrooted at fixed low privilege.
+
+This server maintains an in-memory table with information about
+past and current clients of a rate limited service. Although state
+is kept only temporarily, this may require a lot of memory when a
+system handles connections from many remote clients, or when a system
+comes under a distributed denial of service attack. In that case,
+reduce the time unit over which statistics are kept.
+
+Systems behind network address translating routers or proxies
+appear to have the same client address and can run into connection
+count and/or rate limits falsely.
+.SH DIAGNOSTICS
+.ad
+.fi
+Problems and transactions are logged to \fBsyslogd\fR(8).
+.SH BUGS
+.ad
+.fi
+All state is lost when the service is restarted.
+
+In this first implementation, a count or rate limited server
+can have only one client at a time.
+.SH CONFIGURATION PARAMETERS
+.na
+.nf
+.ad
+.fi
+The following \fBmain.cf\fR parameters are especially relevant to
+this program. Use the \fBpostfix reload\fR command after
+a configuration change.
+.IP \fBconnection_rate_purge_delay\fR
+How long remote client state is remembered after the remote client
+has disconnected completely. This should not be smaller than the
+unit of time over which connection rates are calculated.
+.IP \fBconnection_rate_time_unit\fR
+The unit of time over which connection rates are calculated.
+.SH SEE ALSO
+.na
+.nf
+smtpd(8) Postfix SMTP server
+.SH LICENSE
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH AUTHOR(S)
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
.IP \fBsmtpd_history_flush_threshold\fR
Flush the command history to postmaster after receipt of RSET etc.
only if the number of history lines exceeds the given threshold.
+.IP \fBsmtpd_client_connection_count_limit\fR
+The maximal number of simultaneous connections that any
+client is allowed to make to this service.
+.IP \fBsmtpd_client_connection_rate_limit\fR
+The maximal number of connections per unit time (specified
+with \fBconnection_rate_time_unit\fR) that any client
+is allowed to make to this service.
+.IP \fBsmtpd_client_connection_limit_exceptions\fR
+Hostnames, .domain names or network address blocks of clients
+that are excluded from connection count or rate limits.
.SH Tarpitting
.ad
.fi
# The general form of a Postfix CIDR table is:
# .IP "\fInetwork_address\fB/\fInetwork_mask result\fR"
# When a search string matches the specified network block,
-# use the corresponding \fIresult\fR value.
+# use the corresponding \fIresult\fR value. Specify
+# 0.0.0.0/0 to match every address.
# .IP "\fInetwork_address result\fR"
# When a search string matches the specified network address,
# use the corresponding \fIresult\fR value.
bounce.o: ../../include/attr.h
bounce.o: ../../include/mail_queue.h
bounce.o: ../../include/mail_params.h
+bounce.o: ../../include/crate_clnt.h
+bounce.o: ../../include/attr_clnt.h
bounce.o: ../../include/mail_conf.h
bounce.o: ../../include/bounce.h
bounce.o: ../../include/deliver_request.h
bounce_append_service.o: ../../include/vstream.h
bounce_append_service.o: ../../include/stringops.h
bounce_append_service.o: ../../include/mail_params.h
+bounce_append_service.o: ../../include/crate_clnt.h
+bounce_append_service.o: ../../include/attr_clnt.h
+bounce_append_service.o: ../../include/attr.h
bounce_append_service.o: ../../include/mail_queue.h
bounce_append_service.o: ../../include/quote_822_local.h
bounce_append_service.o: ../../include/quote_flags.h
bounce_append_service.o: ../../include/myflock.h
bounce_append_service.o: ../../include/mail_proto.h
bounce_append_service.o: ../../include/iostuff.h
-bounce_append_service.o: ../../include/attr.h
bounce_append_service.o: bounce_service.h
bounce_append_service.o: ../../include/bounce_log.h
bounce_cleanup.o: bounce_cleanup.c
bounce_notify_service.o: ../../include/vbuf.h
bounce_notify_service.o: ../../include/name_mask.h
bounce_notify_service.o: ../../include/mail_params.h
+bounce_notify_service.o: ../../include/crate_clnt.h
+bounce_notify_service.o: ../../include/attr_clnt.h
+bounce_notify_service.o: ../../include/attr.h
bounce_notify_service.o: ../../include/mail_queue.h
bounce_notify_service.o: ../../include/vstring.h
bounce_notify_service.o: ../../include/post_mail.h
bounce_notify_util.o: ../../include/line_wrap.h
bounce_notify_util.o: ../../include/stringops.h
bounce_notify_util.o: ../../include/xtext.h
+bounce_notify_util.o: ../../include/myflock.h
bounce_notify_util.o: ../../include/mail_queue.h
bounce_notify_util.o: ../../include/quote_822_local.h
bounce_notify_util.o: ../../include/quote_flags.h
bounce_notify_util.o: ../../include/mail_params.h
+bounce_notify_util.o: ../../include/crate_clnt.h
+bounce_notify_util.o: ../../include/attr_clnt.h
+bounce_notify_util.o: ../../include/attr.h
bounce_notify_util.o: ../../include/is_header.h
bounce_notify_util.o: ../../include/record.h
bounce_notify_util.o: ../../include/rec_type.h
bounce_notify_util.o: ../../include/mail_date.h
bounce_notify_util.o: ../../include/mail_proto.h
bounce_notify_util.o: ../../include/iostuff.h
-bounce_notify_util.o: ../../include/attr.h
bounce_notify_util.o: ../../include/lex_822.h
bounce_notify_util.o: ../../include/deliver_completed.h
bounce_notify_util.o: bounce_service.h
bounce_notify_verp.o: ../../include/vbuf.h
bounce_notify_verp.o: ../../include/name_mask.h
bounce_notify_verp.o: ../../include/mail_params.h
+bounce_notify_verp.o: ../../include/crate_clnt.h
+bounce_notify_verp.o: ../../include/attr_clnt.h
+bounce_notify_verp.o: ../../include/attr.h
bounce_notify_verp.o: ../../include/mail_queue.h
bounce_notify_verp.o: ../../include/vstring.h
bounce_notify_verp.o: ../../include/post_mail.h
bounce_one_service.o: ../../include/vbuf.h
bounce_one_service.o: ../../include/name_mask.h
bounce_one_service.o: ../../include/mail_params.h
+bounce_one_service.o: ../../include/crate_clnt.h
+bounce_one_service.o: ../../include/attr_clnt.h
+bounce_one_service.o: ../../include/attr.h
bounce_one_service.o: ../../include/post_mail.h
bounce_one_service.o: ../../include/cleanup_user.h
bounce_one_service.o: ../../include/mail_addr.h
bounce_trace_service.o: ../../include/vstream.h
bounce_trace_service.o: ../../include/vbuf.h
bounce_trace_service.o: ../../include/mail_params.h
+bounce_trace_service.o: ../../include/crate_clnt.h
+bounce_trace_service.o: ../../include/attr_clnt.h
+bounce_trace_service.o: ../../include/attr.h
bounce_trace_service.o: ../../include/mail_queue.h
bounce_trace_service.o: ../../include/vstring.h
bounce_trace_service.o: ../../include/post_mail.h
bounce_warn_service.o: ../../include/vbuf.h
bounce_warn_service.o: ../../include/name_mask.h
bounce_warn_service.o: ../../include/mail_params.h
+bounce_warn_service.o: ../../include/crate_clnt.h
+bounce_warn_service.o: ../../include/attr_clnt.h
+bounce_warn_service.o: ../../include/attr.h
bounce_warn_service.o: ../../include/mail_queue.h
bounce_warn_service.o: ../../include/vstring.h
bounce_warn_service.o: ../../include/post_mail.h
cleanup.o: ../../include/iostuff.h
cleanup.o: ../../include/attr.h
cleanup.o: ../../include/mail_params.h
+cleanup.o: ../../include/crate_clnt.h
+cleanup.o: ../../include/attr_clnt.h
cleanup.o: ../../include/record.h
cleanup.o: ../../include/rec_type.h
cleanup.o: ../../include/mail_server.h
cleanup_addr.o: ../../include/rec_type.h
cleanup_addr.o: ../../include/cleanup_user.h
cleanup_addr.o: ../../include/mail_params.h
+cleanup_addr.o: ../../include/crate_clnt.h
+cleanup_addr.o: ../../include/attr_clnt.h
+cleanup_addr.o: ../../include/attr.h
cleanup_addr.o: ../../include/ext_prop.h
cleanup_addr.o: ../../include/mail_addr.h
cleanup_addr.o: ../../include/canon_addr.h
cleanup_api.o: ../../include/deliver_request.h
cleanup_api.o: ../../include/recipient_list.h
cleanup_api.o: ../../include/mail_params.h
+cleanup_api.o: ../../include/crate_clnt.h
+cleanup_api.o: ../../include/attr_clnt.h
cleanup_api.o: ../../include/mail_stream.h
cleanup_api.o: ../../include/hold_message.h
cleanup_api.o: cleanup.h
cleanup_envelope.o: ../../include/cleanup_user.h
cleanup_envelope.o: ../../include/qmgr_user.h
cleanup_envelope.o: ../../include/mail_params.h
+cleanup_envelope.o: ../../include/crate_clnt.h
+cleanup_envelope.o: ../../include/attr_clnt.h
+cleanup_envelope.o: ../../include/attr.h
cleanup_envelope.o: ../../include/verp_sender.h
cleanup_envelope.o: cleanup.h
cleanup_envelope.o: ../../include/argv.h
cleanup_extracted.o: ../../include/record.h
cleanup_extracted.o: ../../include/rec_type.h
cleanup_extracted.o: ../../include/mail_params.h
+cleanup_extracted.o: ../../include/crate_clnt.h
+cleanup_extracted.o: ../../include/attr_clnt.h
+cleanup_extracted.o: ../../include/attr.h
cleanup_extracted.o: ../../include/mail_proto.h
cleanup_extracted.o: ../../include/iostuff.h
-cleanup_extracted.o: ../../include/attr.h
cleanup_extracted.o: cleanup.h
cleanup_extracted.o: ../../include/argv.h
cleanup_extracted.o: ../../include/maps.h
cleanup_init.o: ../../include/name_mask.h
cleanup_init.o: ../../include/mail_addr.h
cleanup_init.o: ../../include/mail_params.h
+cleanup_init.o: ../../include/crate_clnt.h
+cleanup_init.o: ../../include/attr_clnt.h
+cleanup_init.o: ../../include/attr.h
+cleanup_init.o: ../../include/vstream.h
+cleanup_init.o: ../../include/vbuf.h
cleanup_init.o: ../../include/ext_prop.h
cleanup_init.o: cleanup.h
cleanup_init.o: ../../include/vstring.h
-cleanup_init.o: ../../include/vbuf.h
-cleanup_init.o: ../../include/vstream.h
cleanup_init.o: ../../include/argv.h
cleanup_init.o: ../../include/nvtable.h
cleanup_init.o: ../../include/htable.h
cleanup_map1n.o: ../../include/dict.h
cleanup_map1n.o: ../../include/vstream.h
cleanup_map1n.o: ../../include/mail_params.h
+cleanup_map1n.o: ../../include/crate_clnt.h
+cleanup_map1n.o: ../../include/attr_clnt.h
+cleanup_map1n.o: ../../include/attr.h
cleanup_map1n.o: ../../include/mail_addr_map.h
cleanup_map1n.o: ../../include/maps.h
cleanup_map1n.o: ../../include/cleanup_user.h
cleanup_masquerade.o: ../../include/mymalloc.h
cleanup_masquerade.o: ../../include/stringops.h
cleanup_masquerade.o: ../../include/mail_params.h
+cleanup_masquerade.o: ../../include/crate_clnt.h
+cleanup_masquerade.o: ../../include/attr_clnt.h
+cleanup_masquerade.o: ../../include/attr.h
+cleanup_masquerade.o: ../../include/vstream.h
cleanup_masquerade.o: ../../include/tok822.h
cleanup_masquerade.o: ../../include/resolve_clnt.h
cleanup_masquerade.o: ../../include/quote_822_local.h
cleanup_masquerade.o: ../../include/quote_flags.h
cleanup_masquerade.o: cleanup.h
-cleanup_masquerade.o: ../../include/vstream.h
cleanup_masquerade.o: ../../include/nvtable.h
cleanup_masquerade.o: ../../include/maps.h
cleanup_masquerade.o: ../../include/dict.h
cleanup_message.o: ../../include/quote_822_local.h
cleanup_message.o: ../../include/quote_flags.h
cleanup_message.o: ../../include/mail_params.h
+cleanup_message.o: ../../include/crate_clnt.h
+cleanup_message.o: ../../include/attr_clnt.h
+cleanup_message.o: ../../include/attr.h
cleanup_message.o: ../../include/mail_date.h
cleanup_message.o: ../../include/mail_addr.h
cleanup_message.o: ../../include/is_header.h
cleanup_message.o: ../../include/ext_prop.h
cleanup_message.o: ../../include/mail_proto.h
cleanup_message.o: ../../include/iostuff.h
-cleanup_message.o: ../../include/attr.h
cleanup_message.o: ../../include/mime_state.h
cleanup_message.o: ../../include/lex_822.h
cleanup_message.o: cleanup.h
cleanup_out.o: ../../include/rec_type.h
cleanup_out.o: ../../include/cleanup_user.h
cleanup_out.o: ../../include/mail_params.h
+cleanup_out.o: ../../include/crate_clnt.h
+cleanup_out.o: ../../include/attr_clnt.h
+cleanup_out.o: ../../include/attr.h
cleanup_out.o: cleanup.h
cleanup_out.o: ../../include/argv.h
cleanup_out.o: ../../include/nvtable.h
cleanup_out_recipient.o: ../../include/argv.h
cleanup_out_recipient.o: ../../include/been_here.h
cleanup_out_recipient.o: ../../include/mail_params.h
+cleanup_out_recipient.o: ../../include/crate_clnt.h
+cleanup_out_recipient.o: ../../include/attr_clnt.h
+cleanup_out_recipient.o: ../../include/attr.h
+cleanup_out_recipient.o: ../../include/vstream.h
+cleanup_out_recipient.o: ../../include/vbuf.h
cleanup_out_recipient.o: ../../include/rec_type.h
cleanup_out_recipient.o: ../../include/ext_prop.h
cleanup_out_recipient.o: ../../include/cleanup_user.h
cleanup_out_recipient.o: cleanup.h
cleanup_out_recipient.o: ../../include/vstring.h
-cleanup_out_recipient.o: ../../include/vbuf.h
-cleanup_out_recipient.o: ../../include/vstream.h
cleanup_out_recipient.o: ../../include/nvtable.h
cleanup_out_recipient.o: ../../include/htable.h
cleanup_out_recipient.o: ../../include/mymalloc.h
cleanup_state.o: ../../include/htable.h
cleanup_state.o: ../../include/been_here.h
cleanup_state.o: ../../include/mail_params.h
+cleanup_state.o: ../../include/crate_clnt.h
+cleanup_state.o: ../../include/attr_clnt.h
+cleanup_state.o: ../../include/attr.h
+cleanup_state.o: ../../include/vstream.h
cleanup_state.o: ../../include/mime_state.h
cleanup_state.o: ../../include/header_opts.h
cleanup_state.o: cleanup.h
-cleanup_state.o: ../../include/vstream.h
cleanup_state.o: ../../include/argv.h
cleanup_state.o: ../../include/nvtable.h
cleanup_state.o: ../../include/maps.h
--- /dev/null
+../../.indent.pro
\ No newline at end of file
--- /dev/null
+been_here_xt 2 0
+bounce_append 5 0
+cleanup_out_format 1 0
+defer_append 5 0
+mail_command 1 0
+mail_print 1 0
+msg_error 0 0
+msg_fatal 0 0
+msg_info 0 0
+msg_panic 0 0
+msg_warn 0 0
+opened 4 0
+post_mail_fprintf 1 0
+qmgr_message_bounce 2 0
+rec_fprintf 2 0
+sent 4 0
+smtp_cmd 1 0
+smtp_mesg_fail 2 0
+smtp_printf 1 0
+smtp_rcpt_fail 3 0
+smtp_site_fail 2 0
+udp_syslog 1 0
+vstream_fprintf 1 0
+vstream_printf 0 0
+vstring_sprintf 1 0
--- /dev/null
+SHELL = /bin/sh
+SRCS = crate.c
+OBJS = crate.o
+HDRS =
+TESTSRC =
+WARN = -W -Wformat -Wimplicit -Wmissing-prototypes \
+ -Wparentheses -Wstrict-prototypes -Wswitch -Wuninitialized \
+ -Wunused
+DEFS = -I. -I$(INC_DIR) -D$(SYSTYPE)
+CFLAGS = $(DEBUG) $(OPT) $(DEFS)
+TESTPROG=
+PROG = crate
+INC_DIR = ../../include
+LIBS = ../../lib/libmaster.a ../../lib/libglobal.a ../../lib/libutil.a
+
+.c.o:; $(CC) $(CFLAGS) -c $*.c
+
+$(PROG): $(OBJS) $(LIBS)
+ $(CC) $(CFLAGS) -o $@ $(OBJS) $(LIBS) $(SYSLIBS)
+
+Makefile: Makefile.in
+ (set -e; echo "# DO NOT EDIT"; $(OPTS) $(SHELL) ../../makedefs && cat $?) >$@
+
+test: $(TESTPROG)
+
+tests: test
+
+update: ../../libexec/$(PROG)
+
+../../libexec/$(PROG): $(PROG)
+ cp $(PROG) ../../libexec
+
+printfck: $(OBJS) $(PROG)
+ rm -rf printfck
+ mkdir printfck
+ sed '1,/^# do not edit/!d' Makefile >printfck/Makefile
+ set -e; for i in *.c; do printfck -f .printfck $$i >printfck/$$i; done
+ cd printfck; make "INC_DIR=../../../include" `cd ..; ls *.o`
+
+lint:
+ lint $(DEFS) $(SRCS) $(LINTFIX)
+
+clean:
+ rm -f *.o *core $(PROG) $(TESTPROG) junk
+ rm -rf printfck
+
+tidy: clean
+
+depend: $(MAKES)
+ (sed '1,/^# do not edit/!d' Makefile.in; \
+ set -e; for i in [a-z][a-z0-9]*.c; do \
+ $(CC) -E $(DEFS) $(INCL) $$i | sed -n -e '/^# *1 *"\([^"]*\)".*/{' \
+ -e 's//'`echo $$i|sed 's/c$$/o/'`': \1/' -e 'p' -e '}'; \
+ done) | grep -v '[.][o][:][ ][/]' >$$$$ && mv $$$$ Makefile.in
+ @$(EXPORT) make -f Makefile.in Makefile 1>&2
+
+# do not edit below this line - it is generated by 'make depend'
+crate.o: crate.c
+crate.o: ../../include/sys_defs.h
+crate.o: ../../include/msg.h
+crate.o: ../../include/mymalloc.h
+crate.o: ../../include/htable.h
+crate.o: ../../include/binhash.h
+crate.o: ../../include/stringops.h
+crate.o: ../../include/vstring.h
+crate.o: ../../include/vbuf.h
+crate.o: ../../include/events.h
+crate.o: ../../include/mail_conf.h
+crate.o: ../../include/mail_params.h
+crate.o: ../../include/crate_clnt.h
+crate.o: ../../include/attr_clnt.h
+crate.o: ../../include/attr.h
+crate.o: ../../include/vstream.h
+crate.o: ../../include/mail_proto.h
+crate.o: ../../include/iostuff.h
+crate.o: ../../include/mail_server.h
--- /dev/null
+/*++
+/* NAME
+/* crate 8
+/* SUMMARY
+/* Postfix connection count and rate management
+/* SYNOPSIS
+/* \fBcrate\fR [generic Postfix daemon options]
+/* DESCRIPTION
+/* The Postfix \fBcrate\fR server maintains statistics that other
+/* Postfix servers can use to limit the number of simultaneous
+/* connections as well as the frequency of connection attempts
+/* over a configurable unit of time.
+/* This server is designed to run under control by the Postfix
+/* master server.
+/* PROTOCOL
+/* .ad
+/* .fi
+/* When a connection is established, a rate limited server
+/* sends the following request to the \fBcrate\fR server:
+/* .PP
+/* .in +4
+/* \fBrequest=connect\fR
+/* .br
+/* \fBident=\fIstring\fR
+/* .in
+/* .PP
+/* This registers a new connection for the remote client and the rate
+/* limited service specified with \fIstring\fR. The \fBcrate\fR server
+/* answers with the number of simultaneous connections and the
+/* number of connections per unit time for that (service, client)
+/* combination:
+/* .PP
+/* .in +4
+/* \fBstatus=0\fR
+/* .br
+/* \fBcount=\fInumber\fR
+/* .br
+/* \fBrate=\fInumber\fR
+/* .in
+/* .PP
+/* It is left up to the rate limited service to decide if the
+/* remote client connection request is acceptable.
+/* .PP
+/* When a remote client disconnects, a rate limited server
+/* sends the following request to the \fBcrate\fR server:
+/* .PP
+/* .in +4
+/* \fBrequest=disconnect\fR
+/* .br
+/* \fBident=\fIstring\fR
+/* .in
+/* .PP
+/* This registers a disconnect event for the remote client and the rate
+/* limited service specified with \fIstring\fR. The rate limit management
+/* server replies with:
+/* .PP
+/* .ti +4
+/* \fBstatus=0\fR
+/* .PP
+/* SECURITY
+/* .ad
+/* .fi
+/* The connection count and rate management service is not security
+/* sensitive. It does not talk to the network or local users,
+/* and it can run chrooted at fixed low privilege.
+/*
+/* This server maintains an in-memory table with information about
+/* past and current clients of a rate limited service. Although state
+/* is kept only temporarily, this may require a lot of memory when a
+/* system handles connections from many remote clients, or when a system
+/* comes under a distributed denial of service attack. In that case,
+/* reduce the time unit over which statistics are kept.
+/*
+/* Systems behind network address translating routers or proxies
+/* appear to have the same client address and can run into connection
+/* count and/or rate limits falsely.
+/* DIAGNOSTICS
+/* Problems and transactions are logged to \fBsyslogd\fR(8).
+/* BUGS
+/* All state is lost when the service is restarted.
+/*
+/* In this first implementation, a count or rate limited server
+/* can have only one client at a time.
+/* CONFIGURATION PARAMETERS
+/* .ad
+/* .fi
+/* The following \fBmain.cf\fR parameters are especially relevant to
+/* this program. Use the \fBpostfix reload\fR command after
+/* a configuration change.
+/* .IP \fBconnection_rate_purge_delay\fR
+/* How long remote client state is remembered after the remote client
+/* has disconnected completely. This should not be smaller than the
+/* unit of time over which connection rates are calculated.
+/* .IP \fBconnection_rate_time_unit\fR
+/* The unit of time over which connection rates are calculated.
+/* SEE ALSO
+/* smtpd(8) Postfix SMTP server
+/* LICENSE
+/* .ad
+/* .fi
+/* The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/* Wietse Venema
+/* IBM T.J. Watson Research
+/* P.O. Box 704
+/* Yorktown Heights, NY 10598, USA
+/*--*/
+
+/* System library. */
+
+#include <sys_defs.h>
+#include <sys/time.h>
+#include <limits.h>
+
+/* Utility library. */
+
+#include <msg.h>
+#include <mymalloc.h>
+#include <htable.h>
+#include <binhash.h>
+#include <stringops.h>
+#include <events.h>
+
+/* Global library. */
+
+#include <mail_conf.h>
+#include <mail_params.h>
+#include <mail_proto.h>
+#include <crate_clnt.h>
+
+/* Server skeleton. */
+
+#include <mail_server.h>
+
+/* Application-specific. */
+
+int var_crate_sample;
+int var_crate_purge;
+
+ /*
+ * State.
+ */
+static HTABLE *crate_remote_map;
+static BINHASH *crate_local_map;
+
+ /*
+ * Remote client state.
+ */
+typedef struct {
+ char *ident; /* lookup key */
+ int count; /* connection count */
+ int rate; /* connection rate */
+ time_t start; /* time of first rate sample */
+} CRATE_REMOTE;
+
+ /*
+ * Local (i.e. rate limit client) state.
+ */
+typedef struct {
+ CRATE_REMOTE *crate_remote; /* XXX should be list */
+} CRATE_LOCAL;
+
+ /*
+ * Silly little macros.
+ */
+#define STR(x) vstring_str(x)
+#define STREQ(x,y) (strcmp((x), (y)) == 0)
+
+ /*
+ * The following operations are implemented as macros with recognizable
+ * names so that we don't lose sight of what the code is trying to do, and
+ * related operations are defined side by side so that it isn't pages apart.
+ */
+#define CRATE_REMOTE_FIRST(remote, id) \
+ do { \
+ (remote)->ident = mystrdup(id); \
+ (remote)->count = 1; \
+ (remote)->rate = 1; \
+ (remote)->start = event_time(); \
+ } while(0)
+
+#define CRATE_REMOTE_FREE(remote) \
+ do { \
+ myfree((remote)->ident); \
+ myfree((char *) (remote)); \
+ } while(0)
+
+#define CRATE_REMOTE_NEXT(remote) \
+ do { \
+ time_t _now = event_time(); \
+ if ((remote)->start + var_crate_sample < _now) { \
+ (remote)->rate = 1; \
+ (remote)->start = _now; \
+ } else if ((remote)->rate < INT_MAX) { \
+ (remote)->rate += 1; \
+ } \
+ if ((remote)->count == 0) \
+ event_cancel_timer(crate_remote_expire, (char *) remote); \
+ (remote)->count++; \
+ } while(0)
+
+#define CRATE_REMOTE_DROP_ONE(remote) \
+ do { \
+ if ((remote) && (remote)->count > 0) { \
+ if (--(remote)->count == 0) \
+ event_request_timer(crate_remote_expire, (char *) remote, \
+ var_crate_purge); \
+ } \
+ } while(0)
+
+#define CRATE_LOCAL_INIT(local) \
+ do { \
+ (local)->crate_remote = 0; \
+ } while(0)
+
+#define CRATE_LOCAL_ADD_ONE(local, remote) \
+ do { \
+ /* XXX allow multiple remote clients per local server. */ \
+ if ((local)->crate_remote) \
+ CRATE_REMOTE_DROP_ONE((local)->crate_remote); \
+ (local)->crate_remote = (remote); \
+ } while(0)
+
+#define CRATE_LOCAL_DROP_ONE(local, remote) \
+ do { \
+ /* XXX allow multiple remote clients per local server. */ \
+ if ((local)->crate_remote == (remote)) \
+ (local)->crate_remote = 0; \
+ } while(0)
+
+#define CRATE_LOCAL_DROP_ALL(stream, local) \
+ do { \
+ /* XXX allow multiple remote clients per local server. */ \
+ if ((local)->crate_remote) \
+ crate_remote_disconnect((stream), (local)->crate_remote->ident); \
+ } while (0)
+
+/* crate_remote_expire - purge expired connection state */
+
+static void crate_remote_expire(int unused_event, char *context)
+{
+ CRATE_REMOTE *crate_remote = (CRATE_REMOTE *) context;
+ char *myname = "crate_remote_expire";
+
+ if (msg_verbose)
+ msg_info("%s %s", myname, crate_remote->ident);
+
+ if (crate_remote->count != 0)
+ msg_panic("%s: bad connection count: %d",
+ myname, crate_remote->count);
+
+ htable_delete(crate_remote_map, crate_remote->ident,
+ (void (*) (char *)) 0);
+ CRATE_REMOTE_FREE(crate_remote);
+}
+
+/* crate_remote_lookup - dump address status */
+
+static void crate_remote_lookup(VSTREAM *client_stream, const char *ident)
+{
+ CRATE_REMOTE *crate_remote;
+ char *myname = "crate_remote_lookup";
+ HTABLE_INFO **ht_info;
+ HTABLE_INFO **ht;
+
+ if (msg_verbose)
+ msg_info("%s fd=%d stream=0x%lx ident=%s",
+ myname, vstream_fileno(client_stream),
+ (unsigned long) client_stream, ident);
+
+ /*
+ * Look up remote client information.
+ */
+ if (STREQ(ident, "*")) {
+ attr_print_plain(client_stream, ATTR_FLAG_MORE,
+ ATTR_TYPE_NUM, CRATE_ATTR_STATUS, CRATE_STAT_OK,
+ ATTR_TYPE_END);
+ ht_info = htable_list(crate_remote_map);
+ for (ht = ht_info; *ht; ht++) {
+ crate_remote = (CRATE_REMOTE *) ht[0]->value;
+ attr_print_plain(client_stream, ATTR_FLAG_MORE,
+ ATTR_TYPE_STR, CRATE_ATTR_IDENT, ht[0]->key,
+ ATTR_TYPE_NUM, CRATE_ATTR_COUNT, crate_remote->count,
+ ATTR_TYPE_NUM, CRATE_ATTR_RATE, crate_remote->rate,
+ ATTR_TYPE_END);
+ }
+ attr_print_plain(client_stream, ATTR_FLAG_NONE, ATTR_TYPE_END);
+ myfree((char *) ht_info);
+ } else if ((crate_remote =
+ (CRATE_REMOTE *) htable_find(crate_remote_map, ident)) == 0) {
+ attr_print_plain(client_stream, ATTR_FLAG_NONE,
+ ATTR_TYPE_NUM, CRATE_ATTR_STATUS, CRATE_STAT_FAIL,
+ ATTR_TYPE_NUM, CRATE_ATTR_COUNT, 0,
+ ATTR_TYPE_NUM, CRATE_ATTR_RATE, 0,
+ ATTR_TYPE_END);
+ } else {
+ attr_print_plain(client_stream, ATTR_FLAG_NONE,
+ ATTR_TYPE_NUM, CRATE_ATTR_STATUS, CRATE_STAT_OK,
+ ATTR_TYPE_NUM, CRATE_ATTR_COUNT, crate_remote->count,
+ ATTR_TYPE_NUM, CRATE_ATTR_RATE, crate_remote->rate,
+ ATTR_TYPE_END);
+ }
+}
+
+/* crate_remote_connect - report connection event, query address status */
+
+static void crate_remote_connect(VSTREAM *client_stream, const char *ident)
+{
+ CRATE_REMOTE *crate_remote;
+ CRATE_LOCAL *crate_local;
+ char *myname = "crate_remote_connect";
+ time_t now;
+
+ if (msg_verbose)
+ msg_info("%s fd=%d stream=0x%lx ident=%s",
+ myname, vstream_fileno(client_stream),
+ (unsigned long) client_stream, ident);
+
+ /*
+ * Look up remote connection count information. Update remote connection
+ * rate information. Simply reset the counter every var_crate_sample
+ * seconds. This is easier than maintaining a moving average and it gives
+ * a quicker response to tresspassers.
+ */
+ if ((crate_remote =
+ (CRATE_REMOTE *) htable_find(crate_remote_map, ident)) == 0) {
+ crate_remote = (CRATE_REMOTE *) mymalloc(sizeof(*crate_remote));
+ CRATE_REMOTE_FIRST(crate_remote, ident);
+ htable_enter(crate_remote_map, ident, (char *) crate_remote);
+ } else {
+ CRATE_REMOTE_NEXT(crate_remote);
+ }
+
+ /*
+ * Record this connection under the local client information, so that we
+ * can clean up all its connection state when the local client goes away.
+ */
+ if ((crate_local =
+ (CRATE_LOCAL *) binhash_find(crate_local_map,
+ (char *) &client_stream,
+ sizeof(client_stream))) == 0) {
+ crate_local = (CRATE_LOCAL *) mymalloc(sizeof(*crate_local));
+ CRATE_LOCAL_INIT(crate_local);
+ binhash_enter(crate_local_map, (char *) &client_stream,
+ sizeof(client_stream), (char *) crate_local);
+ }
+ CRATE_LOCAL_ADD_ONE(crate_local, crate_remote);
+ if (msg_verbose)
+ msg_info("%s: crate_local 0x%lx",
+ myname, (unsigned long) crate_local);
+
+ /*
+ * Respond to the local client.
+ */
+ attr_print_plain(client_stream, ATTR_FLAG_NONE,
+ ATTR_TYPE_NUM, CRATE_ATTR_STATUS, CRATE_STAT_OK,
+ ATTR_TYPE_NUM, CRATE_ATTR_COUNT, crate_remote->count,
+ ATTR_TYPE_NUM, CRATE_ATTR_RATE, crate_remote->rate,
+ ATTR_TYPE_END);
+}
+
+/* crate_remote_disconnect - report disconnect event */
+
+static void crate_remote_disconnect(VSTREAM *client_stream, const char *ident)
+{
+ CRATE_REMOTE *crate_remote;
+ CRATE_LOCAL *crate_local;
+ char *myname = "crate_remote_disconnect";
+
+ if (msg_verbose)
+ msg_info("%s fd=%d stream=0x%lx ident=%s",
+ myname, vstream_fileno(client_stream),
+ (unsigned long) client_stream, ident);
+
+ /*
+ * Look up the remote client.
+ */
+ if ((crate_remote =
+ (CRATE_REMOTE *) htable_find(crate_remote_map, ident)) != 0)
+ CRATE_REMOTE_DROP_ONE(crate_remote);
+
+ /*
+ * Update the local client information.
+ */
+ if ((crate_local =
+ (CRATE_LOCAL *) binhash_find(crate_local_map,
+ (char *) &client_stream,
+ sizeof(client_stream))) != 0)
+ CRATE_LOCAL_DROP_ONE(crate_local, crate_remote);
+ if (msg_verbose)
+ msg_info("%s: crate_local 0x%lx",
+ myname, (unsigned long) crate_local);
+
+ /*
+ * Respond to the local client.
+ */
+ attr_print_plain(client_stream, ATTR_FLAG_NONE,
+ ATTR_TYPE_NUM, CRATE_ATTR_STATUS, CRATE_STAT_OK,
+ ATTR_TYPE_END);
+}
+
+/* crate_service_done - clean up */
+
+static void crate_service_done(VSTREAM *client_stream, char *unused_service,
+ char **unused_argv)
+{
+ CRATE_LOCAL *crate_local;
+ char *myname = "crate_service_done";
+
+ if (msg_verbose)
+ msg_info("%s fd=%d stream=0x%lx",
+ myname, vstream_fileno(client_stream),
+ (unsigned long) client_stream);
+
+ /*
+ * Look up the local client, and get rid of open remote connection state
+ * that we still have for this local client. Do not destroy remote client
+ * status information before it expires.
+ */
+ if ((crate_local =
+ (CRATE_LOCAL *) binhash_find(crate_local_map,
+ (char *) &client_stream,
+ sizeof(client_stream))) != 0) {
+ if (msg_verbose)
+ msg_info("%s: crate_local 0x%lx",
+ myname, (unsigned long) crate_local);
+ CRATE_LOCAL_DROP_ALL(client_stream, crate_local);
+ binhash_delete(crate_local_map,
+ (char *) &client_stream,
+ sizeof(client_stream), myfree);
+ } else if (msg_verbose)
+ msg_info("client socket not found for fd=%d",
+ vstream_fileno(client_stream));
+}
+
+/* crate_service - perform service for client */
+
+static void crate_service(VSTREAM *client_stream, char *service, char **argv)
+{
+ VSTRING *request = vstring_alloc(10);
+ VSTRING *ident = vstring_alloc(10);
+
+ /*
+ * Sanity check. This service takes no command-line arguments.
+ */
+ if (argv[0])
+ msg_fatal("unexpected command-line argument: %s", argv[0]);
+
+ /*
+ * This routine runs whenever a client connects to the socket dedicated
+ * to the client connection rate management service. All
+ * connection-management stuff is handled by the common code in
+ * multi_server.c.
+ */
+ if (attr_scan_plain(client_stream,
+ ATTR_FLAG_MISSING | ATTR_FLAG_STRICT,
+ ATTR_TYPE_STR, CRATE_ATTR_REQ, request,
+ ATTR_TYPE_STR, CRATE_ATTR_IDENT, ident,
+ ATTR_TYPE_END) == 2) {
+ if (STREQ(STR(request), CRATE_REQ_CONN)) {
+ crate_remote_connect(client_stream, STR(ident));
+ } else if (STREQ(STR(request), CRATE_REQ_DISC)) {
+ crate_remote_disconnect(client_stream, STR(ident));
+ } else if (STREQ(STR(request), CRATE_REQ_LOOKUP)) {
+ crate_remote_lookup(client_stream, STR(ident));
+ } else {
+ msg_warn("unrecognized request: \"%s\", ignored", STR(request));
+ attr_print_plain(client_stream, ATTR_FLAG_NONE,
+ ATTR_TYPE_NUM, CRATE_ATTR_STATUS, CRATE_STAT_FAIL,
+ ATTR_TYPE_END);
+ }
+ vstream_fflush(client_stream);
+ } else {
+ /* Note: invokes crate_service_done() */
+ multi_server_disconnect(client_stream);
+ }
+ vstring_free(ident);
+ vstring_free(request);
+}
+
+/* post_jail_init - post-jail initialization */
+
+static void post_jail_init(char *unused_name, char **unused_argv)
+{
+
+ /*
+ * Sanity check.
+ */
+ if (var_crate_purge < var_crate_sample)
+ msg_fatal("%s should not be less than %s",
+ VAR_CRATE_PURGE, VAR_CRATE_SAMPLE);
+
+ /*
+ * Initial client state tables.
+ */
+ crate_remote_map = htable_create(1000);
+ crate_local_map = binhash_create(100);
+
+ /*
+ * Do not limit the number of client requests.
+ */
+ var_use_limit = 0;
+}
+
+/* main - pass control to the multi-threaded skeleton */
+
+int main(int argc, char **argv)
+{
+ static CONFIG_TIME_TABLE time_table[] = {
+ VAR_CRATE_SAMPLE, DEF_CRATE_SAMPLE, &var_crate_sample, 1, 0,
+ VAR_CRATE_PURGE, DEF_CRATE_PURGE, &var_crate_purge, 1, 0,
+ 0,
+ };
+
+ multi_server_main(argc, argv, crate_service,
+ MAIL_SERVER_TIME_TABLE, time_table,
+ MAIL_SERVER_POST_INIT, post_jail_init,
+ MAIL_SERVER_SOLITARY,
+ MAIL_SERVER_PRE_DISCONN, crate_service_done,
+ 0);
+}
flush.o: ../../include/scan_dir.h
flush.o: ../../include/stringops.h
flush.o: ../../include/mail_params.h
+flush.o: ../../include/crate_clnt.h
+flush.o: ../../include/attr_clnt.h
+flush.o: ../../include/attr.h
flush.o: ../../include/mail_queue.h
flush.o: ../../include/mail_proto.h
flush.o: ../../include/iostuff.h
-flush.o: ../../include/attr.h
flush.o: ../../include/mail_flush.h
flush.o: ../../include/flush_clnt.h
flush.o: ../../include/mail_conf.h
verp_sender.c match_parent_style.c mime_state.c header_token.c \
strip_addr.c virtual8_maps.c hold_message.c verify_clnt.c \
trace.c log_adhoc.c verify.c dict_proxy.c mail_dict.c input_transp.c \
- cleanup_strflags.c
+ cleanup_strflags.c crate_clnt.c
OBJS = been_here.o bounce.o canon_addr.o cleanup_strerror.o clnt_stream.o \
debug_peer.o debug_process.o defer.o deliver_completed.o \
deliver_flock.o deliver_pass.o deliver_request.o domain_list.o \
verp_sender.o match_parent_style.o mime_state.o header_token.o \
strip_addr.o virtual8_maps.o hold_message.o verify_clnt.o \
trace.o log_adhoc.o verify.o dict_proxy.o mail_dict.o input_transp.o \
- cleanup_strflags.o
+ cleanup_strflags.o crate_clnt.o
HDRS = been_here.h bounce.h canon_addr.h cleanup_user.h clnt_stream.h \
config.h debug_peer.h debug_process.h defer.h deliver_completed.h \
deliver_flock.h deliver_pass.h deliver_request.h domain_list.h \
match_parent_style.h quote_flags.h mime_state.h header_token.h \
lex_822.h strip_addr.h virtual8_maps.h hold_message.h verify_clnt.h \
trace.h log_adhoc.h verify.h dict_proxy.h mail_dict.h qmgr_user.h \
- input_transp.h
+ input_transp.h crate_clnt.h
TESTSRC = rec2stream.c stream2rec.c recdump.c
WARN = -W -Wformat -Wimplicit -Wmissing-prototypes \
-Wparentheses -Wstrict-prototypes -Wswitch -Wuninitialized \
off_cvt quote_822_local rec2stream recdump resolve_clnt \
resolve_local rewrite_clnt stream2rec string_list tok822_parse \
quote_821_local mail_conf_time mime_state strip_addr \
- virtual8_maps verify_clnt xtext
+ virtual8_maps verify_clnt xtext crate_clnt
LIBS = ../../lib/libutil.a
LIB_DIR = ../../lib
$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
mv junk $@.o
+crate_clnt: $(LIB)
+ mv $@.o junk
+ $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
+ mv junk $@.o
+
tests: tok822_test mime_test mime_nest mime_8bit mime_dom mime_trunc \
mime_cvt mime_cvt2 mime_cvt3 strip_addr_test tok822_limit_test \
virtual8_test xtext_test
abounce.o: ../../include/vstream.h
abounce.o: ../../include/vbuf.h
abounce.o: mail_params.h
+abounce.o: crate_clnt.h
+abounce.o: ../../include/attr_clnt.h
+abounce.o: ../../include/attr.h
abounce.o: mail_proto.h
abounce.o: ../../include/iostuff.h
-abounce.o: ../../include/attr.h
abounce.o: abounce.h
abounce.o: bounce.h
abounce.o: deliver_request.h
bounce.o: ../../include/vstring.h
bounce.o: ../../include/vbuf.h
bounce.o: mail_params.h
-bounce.o: mail_proto.h
+bounce.o: crate_clnt.h
+bounce.o: ../../include/attr_clnt.h
+bounce.o: ../../include/attr.h
bounce.o: ../../include/vstream.h
+bounce.o: mail_proto.h
bounce.o: ../../include/iostuff.h
-bounce.o: ../../include/attr.h
bounce.o: log_adhoc.h
bounce.o: verify.h
bounce.o: deliver_request.h
bounce_log.o: ../../include/vstring_vstream.h
bounce_log.o: ../../include/stringops.h
bounce_log.o: mail_params.h
+bounce_log.o: crate_clnt.h
+bounce_log.o: ../../include/attr_clnt.h
+bounce_log.o: ../../include/attr.h
bounce_log.o: mail_proto.h
bounce_log.o: ../../include/iostuff.h
-bounce_log.o: ../../include/attr.h
bounce_log.o: mail_queue.h
bounce_log.o: bounce_log.h
canon_addr.o: canon_addr.c
clnt_stream.o: mail_proto.h
clnt_stream.o: ../../include/attr.h
clnt_stream.o: mail_params.h
+clnt_stream.o: crate_clnt.h
+clnt_stream.o: ../../include/attr_clnt.h
clnt_stream.o: clnt_stream.h
+crate_clnt.o: crate_clnt.c
+crate_clnt.o: ../../include/sys_defs.h
+crate_clnt.o: ../../include/mymalloc.h
+crate_clnt.o: ../../include/msg.h
+crate_clnt.o: ../../include/attr_clnt.h
+crate_clnt.o: ../../include/attr.h
+crate_clnt.o: ../../include/vstream.h
+crate_clnt.o: ../../include/vbuf.h
+crate_clnt.o: ../../include/stringops.h
+crate_clnt.o: ../../include/vstring.h
+crate_clnt.o: mail_proto.h
+crate_clnt.o: ../../include/iostuff.h
+crate_clnt.o: mail_params.h
+crate_clnt.o: crate_clnt.h
+create_clnt.o: create_clnt.c
debug_peer.o: debug_peer.c
debug_peer.o: ../../include/sys_defs.h
debug_peer.o: ../../include/msg.h
debug_peer.o: mail_params.h
+debug_peer.o: crate_clnt.h
+debug_peer.o: ../../include/attr_clnt.h
+debug_peer.o: ../../include/attr.h
+debug_peer.o: ../../include/vstream.h
+debug_peer.o: ../../include/vbuf.h
debug_peer.o: namadr_list.h
debug_peer.o: ../../include/match_list.h
debug_peer.o: ../../include/match_ops.h
debug_process.o: ../../include/sys_defs.h
debug_process.o: ../../include/msg.h
debug_process.o: mail_params.h
+debug_process.o: crate_clnt.h
+debug_process.o: ../../include/attr_clnt.h
+debug_process.o: ../../include/attr.h
+debug_process.o: ../../include/vstream.h
+debug_process.o: ../../include/vbuf.h
debug_process.o: mail_conf.h
debug_process.o: debug_process.h
defer.o: defer.c
defer.o: ../../include/vstring.h
defer.o: ../../include/vbuf.h
defer.o: mail_params.h
-defer.o: mail_queue.h
+defer.o: crate_clnt.h
+defer.o: ../../include/attr_clnt.h
+defer.o: ../../include/attr.h
defer.o: ../../include/vstream.h
+defer.o: mail_queue.h
defer.o: mail_proto.h
defer.o: ../../include/iostuff.h
-defer.o: ../../include/attr.h
defer.o: flush_clnt.h
defer.o: verify.h
defer.o: deliver_request.h
deliver_flock.o: ../../include/myflock.h
deliver_flock.o: ../../include/iostuff.h
deliver_flock.o: mail_params.h
+deliver_flock.o: crate_clnt.h
+deliver_flock.o: ../../include/attr_clnt.h
+deliver_flock.o: ../../include/attr.h
+deliver_flock.o: ../../include/vstream.h
deliver_flock.o: deliver_flock.h
deliver_pass.o: deliver_pass.c
deliver_pass.o: ../../include/sys_defs.h
deliver_pass.o: ../../include/split_at.h
deliver_pass.o: ../../include/mymalloc.h
deliver_pass.o: mail_params.h
+deliver_pass.o: crate_clnt.h
+deliver_pass.o: ../../include/attr_clnt.h
+deliver_pass.o: ../../include/attr.h
deliver_pass.o: deliver_pass.h
deliver_pass.o: deliver_request.h
deliver_pass.o: recipient_list.h
deliver_pass.o: mail_proto.h
deliver_pass.o: ../../include/iostuff.h
-deliver_pass.o: ../../include/attr.h
deliver_request.o: deliver_request.c
deliver_request.o: ../../include/sys_defs.h
deliver_request.o: ../../include/msg.h
dict_proxy.o: mail_proto.h
dict_proxy.o: ../../include/iostuff.h
dict_proxy.o: mail_params.h
+dict_proxy.o: crate_clnt.h
+dict_proxy.o: ../../include/attr_clnt.h
dict_proxy.o: clnt_stream.h
dict_proxy.o: dict_proxy.h
domain_list.o: domain_list.c
dot_lockfile.o: ../../include/mymalloc.h
dot_lockfile.o: ../../include/iostuff.h
dot_lockfile.o: mail_params.h
+dot_lockfile.o: crate_clnt.h
+dot_lockfile.o: ../../include/attr_clnt.h
+dot_lockfile.o: ../../include/attr.h
+dot_lockfile.o: ../../include/vstream.h
dot_lockfile.o: dot_lockfile.h
dot_lockfile_as.o: dot_lockfile_as.c
dot_lockfile_as.o: ../../include/sys_defs.h
ext_prop.o: ../../include/sys_defs.h
ext_prop.o: ../../include/name_mask.h
ext_prop.o: mail_params.h
+ext_prop.o: crate_clnt.h
+ext_prop.o: ../../include/attr_clnt.h
+ext_prop.o: ../../include/attr.h
+ext_prop.o: ../../include/vstream.h
+ext_prop.o: ../../include/vbuf.h
ext_prop.o: ext_prop.h
file_id.o: file_id.c
file_id.o: ../../include/sys_defs.h
flush_clnt.o: mail_flush.h
flush_clnt.o: flush_clnt.h
flush_clnt.o: mail_params.h
+flush_clnt.o: crate_clnt.h
+flush_clnt.o: ../../include/attr_clnt.h
header_opts.o: header_opts.c
header_opts.o: ../../include/sys_defs.h
header_opts.o: ../../include/msg.h
hold_message.o: ../../include/vbuf.h
hold_message.o: ../../include/vstream.h
hold_message.o: mail_params.h
+hold_message.o: crate_clnt.h
+hold_message.o: ../../include/attr_clnt.h
+hold_message.o: ../../include/attr.h
hold_message.o: hold_message.h
input_transp.o: input_transp.c
input_transp.o: ../../include/sys_defs.h
input_transp.o: ../../include/name_mask.h
input_transp.o: mail_params.h
+input_transp.o: crate_clnt.h
+input_transp.o: ../../include/attr_clnt.h
+input_transp.o: ../../include/attr.h
+input_transp.o: ../../include/vstream.h
+input_transp.o: ../../include/vbuf.h
input_transp.o: input_transp.h
is_header.o: is_header.c
is_header.o: ../../include/sys_defs.h
mail_addr.o: ../../include/vstring.h
mail_addr.o: ../../include/vbuf.h
mail_addr.o: mail_params.h
+mail_addr.o: crate_clnt.h
+mail_addr.o: ../../include/attr_clnt.h
+mail_addr.o: ../../include/attr.h
+mail_addr.o: ../../include/vstream.h
mail_addr.o: mail_addr.h
mail_addr_crunch.o: mail_addr_crunch.c
mail_addr_crunch.o: ../../include/sys_defs.h
mail_addr_find.o: ../../include/vstring.h
mail_addr_find.o: ../../include/mymalloc.h
mail_addr_find.o: mail_params.h
+mail_addr_find.o: crate_clnt.h
+mail_addr_find.o: ../../include/attr_clnt.h
+mail_addr_find.o: ../../include/attr.h
mail_addr_find.o: strip_addr.h
mail_addr_find.o: mail_addr_find.h
mail_addr_find.o: maps.h
mail_conf.o: ../../include/stringops.h
mail_conf.o: ../../include/readlline.h
mail_conf.o: mail_params.h
+mail_conf.o: crate_clnt.h
+mail_conf.o: ../../include/attr_clnt.h
+mail_conf.o: ../../include/attr.h
mail_conf.o: mail_conf.h
mail_conf_bool.o: mail_conf_bool.c
mail_conf_bool.o: ../../include/sys_defs.h
mail_copy.o: mail_addr.h
mail_copy.o: mark_corrupt.h
mail_copy.o: mail_params.h
+mail_copy.o: crate_clnt.h
+mail_copy.o: ../../include/attr_clnt.h
+mail_copy.o: ../../include/attr.h
mail_copy.o: mail_copy.h
mail_date.o: mail_date.c
mail_date.o: ../../include/sys_defs.h
mail_flush.o: mail_flush.c
mail_flush.o: ../../include/sys_defs.h
mail_flush.o: mail_params.h
-mail_flush.o: mail_proto.h
+mail_flush.o: crate_clnt.h
+mail_flush.o: ../../include/attr_clnt.h
+mail_flush.o: ../../include/attr.h
mail_flush.o: ../../include/vstream.h
mail_flush.o: ../../include/vbuf.h
+mail_flush.o: mail_proto.h
mail_flush.o: ../../include/iostuff.h
-mail_flush.o: ../../include/attr.h
mail_flush.o: mail_flush.h
mail_open_ok.o: mail_open_ok.c
mail_open_ok.o: ../../include/sys_defs.h
mail_params.o: ../../include/attr.h
mail_params.o: verp_sender.h
mail_params.o: mail_params.h
+mail_params.o: crate_clnt.h
+mail_params.o: ../../include/attr_clnt.h
mail_pathname.o: mail_pathname.c
mail_pathname.o: ../../include/sys_defs.h
mail_pathname.o: ../../include/stringops.h
mail_queue.o: ../../include/valid_hostname.h
mail_queue.o: file_id.h
mail_queue.o: mail_params.h
+mail_queue.o: crate_clnt.h
+mail_queue.o: ../../include/attr_clnt.h
+mail_queue.o: ../../include/attr.h
mail_queue.o: mail_queue.h
mail_run.o: mail_run.c
mail_run.o: ../../include/sys_defs.h
mail_run.o: ../../include/vbuf.h
mail_run.o: ../../include/mymalloc.h
mail_run.o: mail_params.h
+mail_run.o: crate_clnt.h
+mail_run.o: ../../include/attr_clnt.h
+mail_run.o: ../../include/attr.h
+mail_run.o: ../../include/vstream.h
mail_run.o: mail_run.h
mail_scan_dir.o: mail_scan_dir.c
mail_scan_dir.o: ../../include/sys_defs.h
mail_stream.o: mail_queue.h
mail_stream.o: opened.h
mail_stream.o: mail_params.h
+mail_stream.o: crate_clnt.h
+mail_stream.o: ../../include/attr_clnt.h
mail_stream.o: mail_stream.h
mail_task.o: mail_task.c
mail_task.o: ../../include/sys_defs.h
mail_task.o: ../../include/vbuf.h
mail_task.o: ../../include/safe.h
mail_task.o: mail_params.h
+mail_task.o: crate_clnt.h
+mail_task.o: ../../include/attr_clnt.h
+mail_task.o: ../../include/attr.h
+mail_task.o: ../../include/vstream.h
mail_task.o: mail_conf.h
mail_task.o: mail_task.h
mail_trigger.o: mail_trigger.c
mail_trigger.o: ../../include/iostuff.h
mail_trigger.o: ../../include/trigger.h
mail_trigger.o: mail_params.h
-mail_trigger.o: mail_proto.h
+mail_trigger.o: crate_clnt.h
+mail_trigger.o: ../../include/attr_clnt.h
+mail_trigger.o: ../../include/attr.h
mail_trigger.o: ../../include/vstream.h
mail_trigger.o: ../../include/vbuf.h
-mail_trigger.o: ../../include/attr.h
+mail_trigger.o: mail_proto.h
mail_version.o: mail_version.c
maps.o: maps.c
maps.o: ../../include/sys_defs.h
mark_corrupt.o: mail_queue.h
mark_corrupt.o: ../../include/vstring.h
mark_corrupt.o: mail_params.h
+mark_corrupt.o: crate_clnt.h
+mark_corrupt.o: ../../include/attr_clnt.h
+mark_corrupt.o: ../../include/attr.h
mark_corrupt.o: deliver_request.h
mark_corrupt.o: recipient_list.h
mark_corrupt.o: mark_corrupt.h
match_parent_style.o: ../../include/match_list.h
match_parent_style.o: ../../include/match_ops.h
match_parent_style.o: mail_params.h
+match_parent_style.o: crate_clnt.h
+match_parent_style.o: ../../include/attr_clnt.h
+match_parent_style.o: ../../include/attr.h
+match_parent_style.o: ../../include/vstream.h
+match_parent_style.o: ../../include/vbuf.h
match_parent_style.o: match_parent_style.h
mbox_conf.o: mbox_conf.c
mbox_conf.o: ../../include/sys_defs.h
mbox_conf.o: ../../include/name_mask.h
mbox_conf.o: ../../include/argv.h
mbox_conf.o: mail_params.h
+mbox_conf.o: crate_clnt.h
+mbox_conf.o: ../../include/attr_clnt.h
+mbox_conf.o: ../../include/attr.h
+mbox_conf.o: ../../include/vstream.h
+mbox_conf.o: ../../include/vbuf.h
mbox_conf.o: mbox_conf.h
mbox_open.o: mbox_open.c
mbox_open.o: ../../include/sys_defs.h
mime_state.o: is_header.h
mime_state.o: header_opts.h
mime_state.o: mail_params.h
+mime_state.o: crate_clnt.h
+mime_state.o: ../../include/attr_clnt.h
+mime_state.o: ../../include/attr.h
+mime_state.o: ../../include/vstream.h
mime_state.o: header_token.h
mime_state.o: lex_822.h
mime_state.o: mime_state.h
mkmap_db.o: ../../include/dict_db.h
mkmap_db.o: ../../include/myflock.h
mkmap_db.o: mail_params.h
+mkmap_db.o: crate_clnt.h
+mkmap_db.o: ../../include/attr_clnt.h
+mkmap_db.o: ../../include/attr.h
mkmap_db.o: mkmap.h
mkmap_dbm.o: mkmap_dbm.c
mkmap_dbm.o: ../../include/sys_defs.h
mynetworks.o: ../../include/name_mask.h
mynetworks.o: own_inet_addr.h
mynetworks.o: mail_params.h
+mynetworks.o: crate_clnt.h
+mynetworks.o: ../../include/attr_clnt.h
+mynetworks.o: ../../include/attr.h
+mynetworks.o: ../../include/vstream.h
mynetworks.o: mynetworks.h
mypwd.o: mypwd.c
mypwd.o: ../../include/sys_defs.h
own_inet_addr.o: ../../include/vstring.h
own_inet_addr.o: ../../include/vbuf.h
own_inet_addr.o: mail_params.h
+own_inet_addr.o: crate_clnt.h
+own_inet_addr.o: ../../include/attr_clnt.h
+own_inet_addr.o: ../../include/attr.h
+own_inet_addr.o: ../../include/vstream.h
own_inet_addr.o: own_inet_addr.h
peer_name.o: peer_name.c
peer_name.o: ../../include/sys_defs.h
pipe_command.o: ../../include/set_eugid.h
pipe_command.o: ../../include/argv.h
pipe_command.o: mail_params.h
+pipe_command.o: crate_clnt.h
+pipe_command.o: ../../include/attr_clnt.h
+pipe_command.o: ../../include/attr.h
pipe_command.o: mail_copy.h
pipe_command.o: ../../include/clean_env.h
pipe_command.o: pipe_command.h
post_mail.o: ../../include/mymalloc.h
post_mail.o: ../../include/events.h
post_mail.o: mail_params.h
+post_mail.o: crate_clnt.h
+post_mail.o: ../../include/attr_clnt.h
+post_mail.o: ../../include/attr.h
post_mail.o: record.h
post_mail.o: rec_type.h
post_mail.o: mail_proto.h
post_mail.o: ../../include/iostuff.h
-post_mail.o: ../../include/attr.h
post_mail.o: cleanup_user.h
post_mail.o: post_mail.h
post_mail.o: mail_date.h
remove.o: ../../include/vstring.h
remove.o: ../../include/vbuf.h
remove.o: mail_params.h
+remove.o: crate_clnt.h
+remove.o: ../../include/attr_clnt.h
+remove.o: ../../include/attr.h
+remove.o: ../../include/vstream.h
resolve_clnt.o: resolve_clnt.c
resolve_clnt.o: ../../include/sys_defs.h
resolve_clnt.o: ../../include/msg.h
resolve_clnt.o: mail_proto.h
resolve_clnt.o: ../../include/attr.h
resolve_clnt.o: mail_params.h
+resolve_clnt.o: crate_clnt.h
+resolve_clnt.o: ../../include/attr_clnt.h
resolve_clnt.o: clnt_stream.h
resolve_clnt.o: resolve_clnt.h
resolve_local.o: resolve_local.c
resolve_local.o: ../../include/match_list.h
resolve_local.o: ../../include/match_ops.h
resolve_local.o: mail_params.h
+resolve_local.o: crate_clnt.h
+resolve_local.o: ../../include/attr_clnt.h
+resolve_local.o: ../../include/attr.h
+resolve_local.o: ../../include/vstream.h
+resolve_local.o: ../../include/vbuf.h
resolve_local.o: own_inet_addr.h
resolve_local.o: resolve_local.h
resolve_local.o: match_parent_style.h
rewrite_clnt.o: mail_proto.h
rewrite_clnt.o: ../../include/attr.h
rewrite_clnt.o: mail_params.h
+rewrite_clnt.o: crate_clnt.h
+rewrite_clnt.o: ../../include/attr_clnt.h
rewrite_clnt.o: clnt_stream.h
rewrite_clnt.o: rewrite_clnt.h
sent.o: sent.c
sent.o: ../../include/vstring.h
sent.o: ../../include/vbuf.h
sent.o: mail_params.h
+sent.o: crate_clnt.h
+sent.o: ../../include/attr_clnt.h
+sent.o: ../../include/attr.h
+sent.o: ../../include/vstream.h
sent.o: verify.h
sent.o: deliver_request.h
-sent.o: ../../include/vstream.h
sent.o: recipient_list.h
sent.o: log_adhoc.h
sent.o: trace.h
split_addr.o: ../../include/sys_defs.h
split_addr.o: ../../include/split_at.h
split_addr.o: mail_params.h
+split_addr.o: crate_clnt.h
+split_addr.o: ../../include/attr_clnt.h
+split_addr.o: ../../include/attr.h
+split_addr.o: ../../include/vstream.h
+split_addr.o: ../../include/vbuf.h
split_addr.o: mail_addr.h
split_addr.o: split_addr.h
stream2rec.o: stream2rec.c
timed_ipc.o: ../../include/vstream.h
timed_ipc.o: ../../include/vbuf.h
timed_ipc.o: mail_params.h
+timed_ipc.o: crate_clnt.h
+timed_ipc.o: ../../include/attr_clnt.h
+timed_ipc.o: ../../include/attr.h
timed_ipc.o: timed_ipc.h
tok822_find.o: tok822_find.c
tok822_find.o: ../../include/sys_defs.h
trace.o: ../../include/vstring.h
trace.o: ../../include/vbuf.h
trace.o: mail_params.h
-trace.o: mail_proto.h
+trace.o: crate_clnt.h
+trace.o: ../../include/attr_clnt.h
+trace.o: ../../include/attr.h
trace.o: ../../include/vstream.h
+trace.o: mail_proto.h
trace.o: ../../include/iostuff.h
-trace.o: ../../include/attr.h
trace.o: verify_clnt.h
trace.o: deliver_request.h
trace.o: recipient_list.h
verify.o: ../../include/vstring.h
verify.o: ../../include/vbuf.h
verify.o: mail_params.h
-verify.o: mail_proto.h
+verify.o: crate_clnt.h
+verify.o: ../../include/attr_clnt.h
+verify.o: ../../include/attr.h
verify.o: ../../include/vstream.h
+verify.o: mail_proto.h
verify.o: ../../include/iostuff.h
-verify.o: ../../include/attr.h
verify.o: verify_clnt.h
verify.o: deliver_request.h
verify.o: recipient_list.h
verify_clnt.o: ../../include/vstring.h
verify_clnt.o: ../../include/attr.h
verify_clnt.o: mail_params.h
+verify_clnt.o: crate_clnt.h
+verify_clnt.o: ../../include/attr_clnt.h
verify_clnt.o: mail_proto.h
verify_clnt.o: ../../include/iostuff.h
verify_clnt.o: clnt_stream.h
verp_sender.o: ../../include/vstring.h
verp_sender.o: ../../include/vbuf.h
verp_sender.o: mail_params.h
+verp_sender.o: crate_clnt.h
+verp_sender.o: ../../include/attr_clnt.h
+verp_sender.o: ../../include/attr.h
+verp_sender.o: ../../include/vstream.h
verp_sender.o: verp_sender.h
virtual8_maps.o: virtual8_maps.c
virtual8_maps.o: ../../include/sys_defs.h
virtual8_maps.o: ../../include/vbuf.h
virtual8_maps.o: ../../include/argv.h
virtual8_maps.o: mail_params.h
+virtual8_maps.o: crate_clnt.h
+virtual8_maps.o: ../../include/attr_clnt.h
+virtual8_maps.o: ../../include/attr.h
virtual8_maps.o: strip_addr.h
virtual8_maps.o: virtual8_maps.h
xtext.o: xtext.c
--- /dev/null
+/*++
+/* NAME
+/* crate_clnt 3
+/* SUMMARY
+/* connection rate client interface
+/* SYNOPSIS
+/* #include <crate_clnt.h>
+/*
+/* CRATE_CLNT *crate_clnt_create(void)
+/*
+/* void crate_clnt_free(crate_clnt)
+/* CRATE_CLNT *crate_clnt;
+/*
+/* int crate_clnt_connect(crate_clnt, service, addr,
+/* count, rate)
+/* CRATE_CLNT *crate_clnt;
+/* const char *service;
+/* const char *addr;
+/* int *count;
+/* int *rate;
+/*
+/* int crate_clnt_disconnect(crate_clnt, service, addr)
+/* CRATE_CLNT *crate_clnt;
+/* const char *service;
+/* const char *addr;
+/*
+/* int crate_clnt_lookup(crate_clnt, service, addr,
+/* count, rate)
+/* CRATE_CLNT *crate_clnt;
+/* const char *service;
+/* const char *addr;
+/* int *count;
+/* int *rate;
+/* DESCRIPTION
+/* crate_clnt_create() instantiates a crate service client endpoint.
+/*
+/* crate_clnt_connect() informs the crate server that a
+/* client has connected, and returns the current connection
+/* count and connection rate for that client.
+/*
+/* crate_clnt_disconnect() informs the crate server that a
+/* client has disconnected.
+/*
+/* crate_clnt_lookup() looks up the current connection
+/* count and connection rate for that client.
+/*
+/* crate_clnt_free() destroys a crate service client endpoint.
+/*
+/* Arguments:
+/* .IP crate_clnt
+/* Client rate control service handle.
+/* .IP service
+/* The service that the remote client is connected to.
+/* .IP addr
+/* Null terminated string that identifies the remote client.
+/* .IP count
+/* Pointer to storage for the current number of connections from
+/* this remote client.
+/* .IP rate
+/* Pointer to storage for the current connection rate for this
+/* remote client.
+/* DIAGNOSTICS
+/* crate_clnt_connect() and crate_clnt_disconnect() return
+/* CRATE_STAT_OK in case of success, CRATE_STAT_FAIL otherwise
+/* (either the communication with the server is broken or the
+/* server experienced a problem).
+/* SEE ALSO
+/* crate(8) Postfix client rate control service
+/* LICENSE
+/* .ad
+/* .fi
+/* The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/* Wietse Venema
+/* IBM T.J. Watson Research
+/* P.O. Box 704
+/* Yorktown Heights, NY 10598, USA
+/*--*/
+
+/* System library. */
+
+#include <sys_defs.h>
+
+/* Utility library. */
+
+#include <mymalloc.h>
+#include <msg.h>
+#include <attr_clnt.h>
+#include <stringops.h>
+
+/* Global library. */
+
+#include <mail_proto.h>
+#include <mail_params.h>
+#include <crate_clnt.h>
+
+/* Application specific. */
+
+#define CRATE_IDENT(service, addr) \
+ printable(concatenate(service, ":", addr, (char *) 0), '?')
+
+/* crate_clnt_create - instantiate connection rate service client */
+
+CRATE_CLNT *crate_clnt_create(void)
+{
+ ATTR_CLNT *crate_clnt;
+
+ crate_clnt = attr_clnt_create(var_crate_service, var_ipc_timeout, 0, 0);
+ return ((CRATE_CLNT *) crate_clnt);
+}
+
+/* crate_clnt_free - destroy connection rate service client */
+
+void crate_clnt_free(CRATE_CLNT * crate_clnt)
+{
+ attr_clnt_free((ATTR_CLNT *) crate_clnt);
+}
+
+/* crate_clnt_lookup - status query */
+
+int crate_clnt_lookup(CRATE_CLNT * crate_clnt, const char *service,
+ const char *addr, int *count, int *rate)
+{
+ char *ident = CRATE_IDENT(service, addr);
+ int status;
+
+ if (attr_clnt_request((ATTR_CLNT *) crate_clnt,
+ ATTR_FLAG_NONE, /* Query attributes. */
+ ATTR_TYPE_STR, CRATE_ATTR_REQ, CRATE_REQ_LOOKUP,
+ ATTR_TYPE_STR, CRATE_ATTR_IDENT, ident,
+ ATTR_TYPE_END,
+ ATTR_FLAG_MISSING, /* Reply attributes. */
+ ATTR_TYPE_NUM, CRATE_ATTR_STATUS, &status,
+ ATTR_TYPE_NUM, CRATE_ATTR_COUNT, count,
+ ATTR_TYPE_NUM, CRATE_ATTR_RATE, rate,
+ ATTR_TYPE_END) != 3)
+ status = CRATE_STAT_FAIL;
+ myfree(ident);
+ return (status);
+}
+
+/* crate_clnt_connect - heads-up and policy query */
+
+int crate_clnt_connect(CRATE_CLNT * crate_clnt, const char *service,
+ const char *addr, int *count, int *rate)
+{
+ char *ident = CRATE_IDENT(service, addr);
+ int status;
+
+ if (attr_clnt_request((ATTR_CLNT *) crate_clnt,
+ ATTR_FLAG_NONE, /* Query attributes. */
+ ATTR_TYPE_STR, CRATE_ATTR_REQ, CRATE_REQ_CONN,
+ ATTR_TYPE_STR, CRATE_ATTR_IDENT, ident,
+ ATTR_TYPE_END,
+ ATTR_FLAG_MISSING, /* Reply attributes. */
+ ATTR_TYPE_NUM, CRATE_ATTR_STATUS, &status,
+ ATTR_TYPE_NUM, CRATE_ATTR_COUNT, count,
+ ATTR_TYPE_NUM, CRATE_ATTR_RATE, rate,
+ ATTR_TYPE_END) != 3)
+ status = CRATE_STAT_FAIL;
+ myfree(ident);
+ return (status);
+}
+
+/* crate_clnt_disconnect - heads-up only */
+
+int crate_clnt_disconnect(CRATE_CLNT * crate_clnt, const char *service,
+ const char *addr)
+{
+ char *ident = CRATE_IDENT(service, addr);
+ int status;
+
+ if (attr_clnt_request((ATTR_CLNT *) crate_clnt,
+ ATTR_FLAG_NONE, /* Query attributes. */
+ ATTR_TYPE_STR, CRATE_ATTR_REQ, CRATE_REQ_DISC,
+ ATTR_TYPE_STR, CRATE_ATTR_IDENT, ident,
+ ATTR_TYPE_END,
+ ATTR_FLAG_MISSING, /* Reply attributes. */
+ ATTR_TYPE_NUM, CRATE_ATTR_STATUS, &status,
+ ATTR_TYPE_END) != 1)
+ status = CRATE_STAT_FAIL;
+ myfree(ident);
+ return (status);
+}
+
+#ifdef TEST
+
+ /*
+ * Stand-alone client for testing.
+ */
+#include <unistd.h>
+#include <string.h>
+#include <msg_vstream.h>
+#include <mail_conf.h>
+#include <mail_params.h>
+#include <vstring_vstream.h>
+
+int main(int unused_argc, char **argv)
+{
+ VSTRING *inbuf = vstring_alloc(1);
+ char *bufp;
+ char *cmd;
+ char *service;
+ char *addr;
+ int count;
+ int rate;
+ CRATE_CLNT *crate;
+
+ msg_vstream_init(argv[0], VSTREAM_ERR);
+
+ mail_conf_read();
+ msg_info("using config files in %s", var_config_dir);
+ if (chdir(var_queue_dir) < 0)
+ msg_fatal("chdir %s: %m", var_queue_dir);
+
+ msg_verbose++;
+
+ crate = crate_clnt_create();
+
+ while (vstring_fgets_nonl(inbuf, VSTREAM_IN)) {
+ bufp = vstring_str(inbuf);
+ if ((cmd = mystrtok(&bufp, " ")) == 0 || *bufp == 0
+ || (service = mystrtok(&bufp, " ")) == 0 || *service == 0
+ || (addr = mystrtok(&bufp, " ")) == 0 || *addr == 0
+ || mystrtok(&bufp, " ") != 0) {
+ vstream_printf("usage: connect service addr|disconnect service addr\n");
+ vstream_fflush(VSTREAM_OUT);
+ continue;
+ }
+ if (strncmp(cmd, "connect", 1) == 0) {
+ if (crate_clnt_connect(crate, service, addr, &count, &rate) != CRATE_STAT_OK)
+ msg_warn("error!");
+ else
+ vstream_printf("count=%d, rate=%d\n", count, rate);
+ } else if (strncmp(cmd, "disconnect", 1) == 0) {
+ if (crate_clnt_disconnect(crate, service, addr) != CRATE_STAT_OK)
+ msg_warn("error!");
+ else
+ vstream_printf("OK\n");
+ } else if (strncmp(cmd, "lookup", 1) == 0) {
+ if (crate_clnt_lookup(crate, service, addr, &count, &rate) != CRATE_STAT_OK)
+ msg_warn("error!");
+ else
+ vstream_printf("count=%d, rate=%d\n", count, rate);
+ } else
+ vstream_printf("usage: connect ident|disconnect ident\n");
+ vstream_fflush(VSTREAM_OUT);
+ }
+ vstring_free(inbuf);
+ crate_clnt_free(crate);
+ return (0);
+}
+
+#endif
--- /dev/null
+#ifndef _CRATE_CLNT_H_INCLUDED_
+#define _CRATE_CLNT_H_INCLUDED_
+
+/*++
+/* NAME
+/* crate_clnt 3h
+/* SUMMARY
+/* connection rate client interface
+/* SYNOPSIS
+/* #include <crate_clnt.h>
+/* DESCRIPTION
+/* .nf
+
+ /*
+ * System library.
+ */
+#include <stdarg.h>
+
+ /*
+ * Utility library.
+ */
+#include <attr_clnt.h>
+
+ /*
+ * Protocol interface: requests and endpoints.
+ */
+#define CRATE_SERVICE "crate"
+#define CRATE_CLASS "private"
+
+#define CRATE_ATTR_REQ "request"
+#define CRATE_REQ_CONN "connect"
+#define CRATE_REQ_DISC "disconnect"
+#define CRATE_REQ_LOOKUP "lookup"
+#define CRATE_ATTR_IDENT "ident"
+#define CRATE_ATTR_COUNT "count"
+#define CRATE_ATTR_RATE "rate"
+#define CRATE_ATTR_STATUS "status"
+
+#define CRATE_STAT_OK 0
+#define CRATE_STAT_FAIL (-1)
+
+ /*
+ * Functional interface.
+ */
+typedef struct CRATE_CLNT CRATE_CLNT;
+
+extern CRATE_CLNT *crate_clnt_create(void);
+extern int crate_clnt_connect(CRATE_CLNT *, const char *, const char *, int *, int *);
+extern int crate_clnt_disconnect(CRATE_CLNT *, const char *, const char *);
+extern void crate_clnt_free(CRATE_CLNT *);
+
+/* LICENSE
+/* .ad
+/* .fi
+/* The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/* Wietse Venema
+/* IBM T.J. Watson Research
+/* P.O. Box 704
+/* Yorktown Heights, NY 10598, USA
+/*--*/
+
+#endif
char *var_flush_service;
char *var_verify_service;
char *var_trace_service;
+char *var_crate_service;
int var_db_create_buf;
int var_db_read_buf;
int var_mime_maxdepth;
VAR_FLUSH_SERVICE, DEF_FLUSH_SERVICE, &var_flush_service, 1, 0,
VAR_VERIFY_SERVICE, DEF_VERIFY_SERVICE, &var_verify_service, 1, 0,
VAR_TRACE_SERVICE, DEF_TRACE_SERVICE, &var_trace_service, 1, 0,
+ VAR_CRATE_SERVICE, DEF_CRATE_SERVICE, &var_crate_service, 1, 0,
0,
};
static CONFIG_STR_FN_TABLE function_str_defaults_2[] = {
#define CHECK_POLICY_SERVICE "check_policy_service"
+ /*
+ * Client rate control.
+ */
+#define VAR_SMTPD_CRATE_LIMIT "smtpd_client_connection_rate_limit"
+#define DEF_SMTPD_CRATE_LIMIT 0
+extern int var_smtpd_crate_limit;
+
+#define VAR_SMTPD_CCONN_LIMIT "smtpd_client_connection_count_limit"
+#define DEF_SMTPD_CCONN_LIMIT 0
+extern int var_smtpd_cconn_limit;
+
+#define VAR_SMTPD_HOGGERS "smtpd_client_connection_limit_exceptions"
+#define DEF_SMTPD_HOGGERS "$" VAR_MYNETWORKS
+extern char *var_smtpd_hoggers;
+
+#define VAR_CRATE_SAMPLE "connection_rate_time_unit"
+#define DEF_CRATE_SAMPLE "60s"
+extern int var_crate_sample;
+
+#define VAR_CRATE_PURGE "connection_rate_purge_delay"
+#define DEF_CRATE_PURGE "$" VAR_CRATE_SAMPLE
+extern int var_crate_purge;
+
+ /*
+ * Temporary stop gap.
+ */
+#include <crate_clnt.h>
+
+#define VAR_CRATE_SERVICE "connection_rate_service"
+#define DEF_CRATE_SERVICE "local:" CRATE_CLASS "/" CRATE_SERVICE
+extern char *var_crate_service;
+
/* LICENSE
/* .ad
/* .fi
* Patches change the patchlevel and the release date. Snapshots change the
* release date only, unless they include the same bugfix as a patch release.
*/
-#define MAIL_RELEASE_DATE "20031022"
+#define MAIL_RELEASE_DATE "20031110"
#define VAR_MAIL_VERSION "mail_version"
#define DEF_MAIL_VERSION "2.0.16-" MAIL_RELEASE_DATE
lmtp.o: ../../include/recipient_list.h
lmtp.o: ../../include/mail_queue.h
lmtp.o: ../../include/mail_params.h
+lmtp.o: ../../include/crate_clnt.h
+lmtp.o: ../../include/attr_clnt.h
+lmtp.o: ../../include/attr.h
lmtp.o: ../../include/mail_conf.h
lmtp.o: ../../include/debug_peer.h
lmtp.o: ../../include/mail_error.h
lmtp_addr.o: ../../include/inet_addr_list.h
lmtp_addr.o: ../../include/stringops.h
lmtp_addr.o: ../../include/mail_params.h
+lmtp_addr.o: ../../include/crate_clnt.h
+lmtp_addr.o: ../../include/attr_clnt.h
+lmtp_addr.o: ../../include/attr.h
+lmtp_addr.o: ../../include/vstream.h
lmtp_addr.o: ../../include/own_inet_addr.h
lmtp_addr.o: ../../include/dns.h
lmtp_addr.o: lmtp.h
-lmtp_addr.o: ../../include/vstream.h
lmtp_addr.o: ../../include/argv.h
lmtp_addr.o: ../../include/deliver_request.h
lmtp_addr.o: ../../include/recipient_list.h
lmtp_chat.o: ../../include/deliver_request.h
lmtp_chat.o: ../../include/smtp_stream.h
lmtp_chat.o: ../../include/mail_params.h
+lmtp_chat.o: ../../include/crate_clnt.h
+lmtp_chat.o: ../../include/attr_clnt.h
+lmtp_chat.o: ../../include/attr.h
lmtp_chat.o: ../../include/mail_addr.h
lmtp_chat.o: ../../include/post_mail.h
lmtp_chat.o: ../../include/cleanup_user.h
lmtp_connect.o: ../../include/host_port.h
lmtp_connect.o: ../../include/sane_connect.h
lmtp_connect.o: ../../include/mail_params.h
-lmtp_connect.o: ../../include/mail_proto.h
+lmtp_connect.o: ../../include/crate_clnt.h
+lmtp_connect.o: ../../include/attr_clnt.h
lmtp_connect.o: ../../include/attr.h
+lmtp_connect.o: ../../include/mail_proto.h
lmtp_connect.o: ../../include/dns.h
lmtp_connect.o: lmtp.h
lmtp_connect.o: ../../include/argv.h
lmtp_proto.o: ../../include/stringops.h
lmtp_proto.o: ../../include/mymalloc.h
lmtp_proto.o: ../../include/mail_params.h
+lmtp_proto.o: ../../include/crate_clnt.h
+lmtp_proto.o: ../../include/attr_clnt.h
+lmtp_proto.o: ../../include/attr.h
lmtp_proto.o: ../../include/smtp_stream.h
lmtp_proto.o: ../../include/mail_queue.h
lmtp_proto.o: ../../include/recipient_list.h
lmtp_proto.o: ../../include/quote_flags.h
lmtp_proto.o: ../../include/mail_proto.h
lmtp_proto.o: ../../include/iostuff.h
-lmtp_proto.o: ../../include/attr.h
lmtp_proto.o: lmtp.h
lmtp_proto.o: ../../include/argv.h
lmtp_proto.o: lmtp_sasl.h
lmtp_sasl_glue.o: ../../include/split_at.h
lmtp_sasl_glue.o: ../../include/name_mask.h
lmtp_sasl_glue.o: ../../include/mail_params.h
+lmtp_sasl_glue.o: ../../include/crate_clnt.h
+lmtp_sasl_glue.o: ../../include/attr_clnt.h
+lmtp_sasl_glue.o: ../../include/attr.h
+lmtp_sasl_glue.o: ../../include/vstream.h
lmtp_sasl_glue.o: ../../include/string_list.h
lmtp_sasl_glue.o: ../../include/match_list.h
lmtp_sasl_glue.o: ../../include/match_ops.h
lmtp_sasl_glue.o: ../../include/maps.h
lmtp_sasl_glue.o: ../../include/dict.h
-lmtp_sasl_glue.o: ../../include/vstream.h
lmtp_sasl_glue.o: ../../include/argv.h
lmtp_sasl_glue.o: lmtp.h
lmtp_sasl_glue.o: ../../include/deliver_request.h
lmtp_sasl_proto.o: ../../include/msg.h
lmtp_sasl_proto.o: ../../include/mymalloc.h
lmtp_sasl_proto.o: ../../include/mail_params.h
-lmtp_sasl_proto.o: lmtp.h
+lmtp_sasl_proto.o: ../../include/crate_clnt.h
+lmtp_sasl_proto.o: ../../include/attr_clnt.h
+lmtp_sasl_proto.o: ../../include/attr.h
lmtp_sasl_proto.o: ../../include/vstream.h
lmtp_sasl_proto.o: ../../include/vbuf.h
+lmtp_sasl_proto.o: lmtp.h
lmtp_sasl_proto.o: ../../include/vstring.h
lmtp_sasl_proto.o: ../../include/argv.h
lmtp_sasl_proto.o: ../../include/deliver_request.h
alias.o: ../../include/vstring.h
alias.o: ../../include/mymalloc.h
alias.o: ../../include/mail_params.h
+alias.o: ../../include/crate_clnt.h
+alias.o: ../../include/attr_clnt.h
+alias.o: ../../include/attr.h
alias.o: ../../include/defer.h
alias.o: ../../include/bounce.h
alias.o: ../../include/deliver_request.h
command.o: ../../include/sent.h
command.o: ../../include/been_here.h
command.o: ../../include/mail_params.h
+command.o: ../../include/crate_clnt.h
+command.o: ../../include/attr_clnt.h
+command.o: ../../include/attr.h
command.o: ../../include/pipe_command.h
command.o: ../../include/mail_copy.h
command.o: local.h
dotforward.o: ../../include/recipient_list.h
dotforward.o: ../../include/been_here.h
dotforward.o: ../../include/mail_params.h
+dotforward.o: ../../include/crate_clnt.h
+dotforward.o: ../../include/attr_clnt.h
+dotforward.o: ../../include/attr.h
dotforward.o: ../../include/mail_conf.h
dotforward.o: ../../include/ext_prop.h
dotforward.o: ../../include/sent.h
file.o: ../../include/sent.h
file.o: ../../include/been_here.h
file.o: ../../include/mail_params.h
+file.o: ../../include/crate_clnt.h
+file.o: ../../include/attr_clnt.h
+file.o: ../../include/attr.h
file.o: ../../include/mbox_conf.h
file.o: ../../include/argv.h
file.o: ../../include/mbox_open.h
forward.o: ../../include/mark_corrupt.h
forward.o: ../../include/mail_date.h
forward.o: ../../include/mail_params.h
+forward.o: ../../include/crate_clnt.h
+forward.o: ../../include/attr_clnt.h
forward.o: local.h
forward.o: ../../include/been_here.h
forward.o: ../../include/tok822.h
include.o: ../../include/defer.h
include.o: ../../include/been_here.h
include.o: ../../include/mail_params.h
+include.o: ../../include/crate_clnt.h
+include.o: ../../include/attr_clnt.h
+include.o: ../../include/attr.h
include.o: ../../include/ext_prop.h
include.o: ../../include/sent.h
include.o: local.h
indirect.o: ../../include/msg.h
indirect.o: ../../include/htable.h
indirect.o: ../../include/mail_params.h
+indirect.o: ../../include/crate_clnt.h
+indirect.o: ../../include/attr_clnt.h
+indirect.o: ../../include/attr.h
+indirect.o: ../../include/vstream.h
+indirect.o: ../../include/vbuf.h
indirect.o: ../../include/bounce.h
indirect.o: ../../include/deliver_request.h
indirect.o: ../../include/vstring.h
-indirect.o: ../../include/vbuf.h
-indirect.o: ../../include/vstream.h
indirect.o: ../../include/recipient_list.h
indirect.o: ../../include/defer.h
indirect.o: ../../include/been_here.h
local.o: ../../include/deliver_request.h
local.o: ../../include/deliver_completed.h
local.o: ../../include/mail_params.h
+local.o: ../../include/crate_clnt.h
+local.o: ../../include/attr_clnt.h
+local.o: ../../include/attr.h
local.o: ../../include/mail_addr.h
local.o: ../../include/mail_conf.h
local.o: ../../include/been_here.h
local_expand.o: ../../include/mac_expand.h
local_expand.o: ../../include/mac_parse.h
local_expand.o: ../../include/mail_params.h
+local_expand.o: ../../include/crate_clnt.h
+local_expand.o: ../../include/attr_clnt.h
+local_expand.o: ../../include/attr.h
+local_expand.o: ../../include/vstream.h
local_expand.o: local.h
local_expand.o: ../../include/htable.h
-local_expand.o: ../../include/vstream.h
local_expand.o: ../../include/been_here.h
local_expand.o: ../../include/tok822.h
local_expand.o: ../../include/resolve_clnt.h
mailbox.o: ../../include/mypwd.h
mailbox.o: ../../include/been_here.h
mailbox.o: ../../include/mail_params.h
+mailbox.o: ../../include/crate_clnt.h
+mailbox.o: ../../include/attr_clnt.h
+mailbox.o: ../../include/attr.h
mailbox.o: ../../include/deliver_pass.h
mailbox.o: ../../include/mail_proto.h
mailbox.o: ../../include/iostuff.h
-mailbox.o: ../../include/attr.h
mailbox.o: ../../include/mbox_open.h
mailbox.o: ../../include/safe_open.h
mailbox.o: ../../include/maps.h
maildir.o: ../../include/defer.h
maildir.o: ../../include/sent.h
maildir.o: ../../include/mail_params.h
+maildir.o: ../../include/crate_clnt.h
+maildir.o: ../../include/attr_clnt.h
+maildir.o: ../../include/attr.h
maildir.o: local.h
maildir.o: ../../include/htable.h
maildir.o: ../../include/been_here.h
recipient.o: ../../include/recipient_list.h
recipient.o: ../../include/defer.h
recipient.o: ../../include/mail_params.h
+recipient.o: ../../include/crate_clnt.h
+recipient.o: ../../include/attr_clnt.h
+recipient.o: ../../include/attr.h
recipient.o: ../../include/split_addr.h
recipient.o: ../../include/strip_addr.h
recipient.o: ../../include/ext_prop.h
resolve.o: ../../include/rewrite_clnt.h
resolve.o: ../../include/tok822.h
resolve.o: ../../include/mail_params.h
+resolve.o: ../../include/crate_clnt.h
+resolve.o: ../../include/attr_clnt.h
resolve.o: ../../include/defer.h
resolve.o: ../../include/bounce.h
resolve.o: ../../include/deliver_request.h
token.o: ../../include/tok822.h
token.o: ../../include/resolve_clnt.h
token.o: ../../include/mail_params.h
+token.o: ../../include/crate_clnt.h
+token.o: ../../include/attr_clnt.h
+token.o: ../../include/attr.h
token.o: ../../include/bounce.h
token.o: ../../include/deliver_request.h
token.o: ../../include/recipient_list.h
unknown.o: ../../include/mymalloc.h
unknown.o: ../../include/been_here.h
unknown.o: ../../include/mail_params.h
-unknown.o: ../../include/mail_proto.h
+unknown.o: ../../include/crate_clnt.h
+unknown.o: ../../include/attr_clnt.h
+unknown.o: ../../include/attr.h
unknown.o: ../../include/vstream.h
+unknown.o: ../../include/mail_proto.h
unknown.o: ../../include/iostuff.h
-unknown.o: ../../include/attr.h
unknown.o: ../../include/bounce.h
unknown.o: ../../include/deliver_request.h
unknown.o: ../../include/recipient_list.h
msg_warn("mailing list \"%s\" needs an \"owner-%s\" alias",
name, name);
#endif
- if (alias_count < 1)
+ if (alias_count < 1) {
+ msg_warn("no recipient in alias lookup result for %s", name);
*statusp = defer_append(BOUNCE_FLAGS(state.request),
BOUNCE_ATTR(state.msg_attr),
- "no recipient in alias lookup result");
+ "alias database unavailable");
+ }
myfree(expansion);
if (owner)
myfree(owner);
master.o: ../../include/argv.h
master.o: ../../include/safe.h
master.o: ../../include/mail_params.h
+master.o: ../../include/crate_clnt.h
+master.o: ../../include/attr_clnt.h
+master.o: ../../include/attr.h
master.o: ../../include/mail_version.h
master.o: ../../include/debug_process.h
master.o: ../../include/mail_task.h
master_ent.o: ../../include/iostuff.h
master_ent.o: ../../include/attr.h
master_ent.o: ../../include/mail_params.h
+master_ent.o: ../../include/crate_clnt.h
+master_ent.o: ../../include/attr_clnt.h
master_ent.o: ../../include/own_inet_addr.h
master_ent.o: master_proto.h
master_ent.o: master.h
master_listen.o: ../../include/set_eugid.h
master_listen.o: ../../include/set_ugid.h
master_listen.o: ../../include/mail_params.h
+master_listen.o: ../../include/crate_clnt.h
+master_listen.o: ../../include/attr_clnt.h
+master_listen.o: ../../include/attr.h
+master_listen.o: ../../include/vstream.h
master_listen.o: master.h
master_proto.o: master_proto.c
master_proto.o: ../../include/sys_defs.h
master_vars.o: ../../include/mymalloc.h
master_vars.o: ../../include/mail_conf.h
master_vars.o: ../../include/mail_params.h
+master_vars.o: ../../include/crate_clnt.h
+master_vars.o: ../../include/attr_clnt.h
+master_vars.o: ../../include/attr.h
+master_vars.o: ../../include/vstream.h
master_vars.o: master.h
master_wakeup.o: master_wakeup.c
master_wakeup.o: ../../include/sys_defs.h
master_wakeup.o: ../../include/iostuff.h
master_wakeup.o: ../../include/attr.h
master_wakeup.o: ../../include/mail_params.h
+master_wakeup.o: ../../include/crate_clnt.h
+master_wakeup.o: ../../include/attr_clnt.h
master_wakeup.o: mail_server.h
master_wakeup.o: master.h
multi_server.o: multi_server.c
multi_server.o: ../../include/mail_task.h
multi_server.o: ../../include/debug_process.h
multi_server.o: ../../include/mail_params.h
+multi_server.o: ../../include/crate_clnt.h
+multi_server.o: ../../include/attr_clnt.h
+multi_server.o: ../../include/attr.h
multi_server.o: ../../include/mail_conf.h
multi_server.o: ../../include/mail_dict.h
multi_server.o: ../../include/timed_ipc.h
single_server.o: ../../include/watchdog.h
single_server.o: ../../include/split_at.h
single_server.o: ../../include/mail_params.h
+single_server.o: ../../include/crate_clnt.h
+single_server.o: ../../include/attr_clnt.h
+single_server.o: ../../include/attr.h
single_server.o: ../../include/mail_task.h
single_server.o: ../../include/debug_process.h
single_server.o: ../../include/mail_conf.h
trigger_server.o: ../../include/watchdog.h
trigger_server.o: ../../include/split_at.h
trigger_server.o: ../../include/mail_params.h
+trigger_server.o: ../../include/crate_clnt.h
+trigger_server.o: ../../include/attr_clnt.h
+trigger_server.o: ../../include/attr.h
trigger_server.o: ../../include/mail_task.h
trigger_server.o: ../../include/debug_process.h
trigger_server.o: ../../include/mail_conf.h
#define MAIL_SERVER_PRE_ACCEPT 14
#define MAIL_SERVER_SOLITARY 15
#define MAIL_SERVER_UNLIMITED 16
+#define MAIL_SERVER_PRE_DISCONN 17
#define MAIL_SERVER_IN_FLOW_DELAY 20
typedef int (*MAIL_SERVER_LOOP_FN) (char *, char **);
typedef void (*MAIL_SERVER_EXIT_FN) (char *, char **);
typedef void (*MAIL_SERVER_ACCEPT_FN) (char *, char **);
+typedef void (*MAIL_SERVER_DISCONN_FN) (VSTREAM *, char *, char **);
/*
* single_server.c
/* Function to be executed prior to accepting a new connection.
/* .sp
/* Only the last instance of this parameter type is remembered.
+/* .IP "MAIL_SERVER_PRE_DISCONN (VSTREAM *, void *(char *service_name, char **argv))"
+/* A pointer to a function that is called
+/* by the multi_server_disconnect() function (see below).
+/* .sp
+/* Only the last instance of this parameter type is remembered.
/* .IP "MAIL_SERVER_IN_FLOW_DELAY (none)"
/* Pause $in_flow_delay seconds when no "mail flow control token"
/* is available. A token is consumed for each connection request.
static void (*multi_server_pre_accept) (char *, char **);
static VSTREAM *multi_server_lock;
static int multi_server_in_flow_delay;
+static void (*multi_server_pre_disconn) (VSTREAM *, char *, char **);
/* multi_server_exit - normal termination */
{
if (msg_verbose)
msg_info("connection closed fd %d", vstream_fileno(stream));
+ if (multi_server_pre_disconn)
+ multi_server_pre_disconn(stream, multi_server_name, multi_server_argv);
event_disable_readwrite(vstream_fileno(stream));
(void) vstream_fclose(stream);
client_count--;
case MAIL_SERVER_PRE_ACCEPT:
multi_server_pre_accept = va_arg(ap, MAIL_SERVER_ACCEPT_FN);
break;
+ case MAIL_SERVER_PRE_DISCONN:
+ multi_server_pre_disconn = va_arg(ap, MAIL_SERVER_DISCONN_FN);
+ break;
case MAIL_SERVER_IN_FLOW_DELAY:
multi_server_in_flow_delay = 1;
break;
qmgr.o: ../../include/recipient_list.h
qmgr.o: ../../include/mail_conf.h
qmgr.o: ../../include/mail_params.h
+qmgr.o: ../../include/crate_clnt.h
+qmgr.o: ../../include/attr_clnt.h
+qmgr.o: ../../include/attr.h
qmgr.o: ../../include/mail_proto.h
qmgr.o: ../../include/iostuff.h
-qmgr.o: ../../include/attr.h
qmgr.o: ../../include/mail_flow.h
qmgr.o: ../../include/master_proto.h
qmgr.o: ../../include/mail_server.h
qmgr_active.o: ../../include/vstream.h
qmgr_active.o: ../../include/vbuf.h
qmgr_active.o: ../../include/mail_params.h
+qmgr_active.o: ../../include/crate_clnt.h
+qmgr_active.o: ../../include/attr_clnt.h
+qmgr_active.o: ../../include/attr.h
qmgr_active.o: ../../include/mail_open_ok.h
qmgr_active.o: ../../include/mail_queue.h
qmgr_active.o: ../../include/vstring.h
qmgr_deliver.o: ../../include/attr.h
qmgr_deliver.o: ../../include/recipient_list.h
qmgr_deliver.o: ../../include/mail_params.h
+qmgr_deliver.o: ../../include/crate_clnt.h
+qmgr_deliver.o: ../../include/attr_clnt.h
qmgr_deliver.o: ../../include/deliver_request.h
qmgr_deliver.o: ../../include/verp_sender.h
qmgr_deliver.o: qmgr.h
qmgr_entry.o: ../../include/vstream.h
qmgr_entry.o: ../../include/vbuf.h
qmgr_entry.o: ../../include/mail_params.h
+qmgr_entry.o: ../../include/crate_clnt.h
+qmgr_entry.o: ../../include/attr_clnt.h
+qmgr_entry.o: ../../include/attr.h
qmgr_entry.o: qmgr.h
qmgr_entry.o: ../../include/scan_dir.h
qmgr_job.o: qmgr_job.c
qmgr_message.o: ../../include/dict.h
qmgr_message.o: ../../include/mail_queue.h
qmgr_message.o: ../../include/mail_params.h
+qmgr_message.o: ../../include/crate_clnt.h
+qmgr_message.o: ../../include/attr_clnt.h
+qmgr_message.o: ../../include/attr.h
qmgr_message.o: ../../include/canon_addr.h
qmgr_message.o: ../../include/record.h
qmgr_message.o: ../../include/rec_type.h
qmgr_message.o: ../../include/verp_sender.h
qmgr_message.o: ../../include/mail_proto.h
qmgr_message.o: ../../include/iostuff.h
-qmgr_message.o: ../../include/attr.h
qmgr_message.o: ../../include/qmgr_user.h
qmgr_message.o: ../../include/rewrite_clnt.h
qmgr_message.o: ../../include/resolve_clnt.h
qmgr_queue.o: ../../include/events.h
qmgr_queue.o: ../../include/htable.h
qmgr_queue.o: ../../include/mail_params.h
-qmgr_queue.o: ../../include/recipient_list.h
-qmgr_queue.o: qmgr.h
+qmgr_queue.o: ../../include/crate_clnt.h
+qmgr_queue.o: ../../include/attr_clnt.h
+qmgr_queue.o: ../../include/attr.h
qmgr_queue.o: ../../include/vstream.h
qmgr_queue.o: ../../include/vbuf.h
+qmgr_queue.o: ../../include/recipient_list.h
+qmgr_queue.o: qmgr.h
qmgr_queue.o: ../../include/scan_dir.h
qmgr_rcpt_list.o: qmgr_rcpt_list.c
qmgr_rcpt_list.o: ../../include/sys_defs.h
qmgr_transport.o: ../../include/recipient_list.h
qmgr_transport.o: ../../include/mail_conf.h
qmgr_transport.o: ../../include/mail_params.h
+qmgr_transport.o: ../../include/crate_clnt.h
+qmgr_transport.o: ../../include/attr_clnt.h
qmgr_transport.o: qmgr.h
qmgr_transport.o: ../../include/scan_dir.h
pickup.o: ../../include/cleanup_user.h
pickup.o: ../../include/mail_date.h
pickup.o: ../../include/mail_params.h
+pickup.o: ../../include/crate_clnt.h
+pickup.o: ../../include/attr_clnt.h
pickup.o: ../../include/mail_conf.h
pickup.o: ../../include/record.h
pickup.o: ../../include/rec_type.h
pipe.o: ../../include/recipient_list.h
pipe.o: ../../include/deliver_request.h
pipe.o: ../../include/mail_params.h
+pipe.o: ../../include/crate_clnt.h
+pipe.o: ../../include/attr_clnt.h
+pipe.o: ../../include/attr.h
pipe.o: ../../include/mail_conf.h
pipe.o: ../../include/bounce.h
pipe.o: ../../include/defer.h
postalias.o: ../../include/mail_conf.h
postalias.o: ../../include/mail_dict.h
postalias.o: ../../include/mail_params.h
+postalias.o: ../../include/crate_clnt.h
+postalias.o: ../../include/attr_clnt.h
+postalias.o: ../../include/attr.h
postalias.o: ../../include/mkmap.h
postalias.o: ../../include/dict.h
postalias.o: ../../include/argv.h
postcat.o: ../../include/mail_queue.h
postcat.o: ../../include/mail_conf.h
postcat.o: ../../include/mail_params.h
+postcat.o: ../../include/crate_clnt.h
+postcat.o: ../../include/attr_clnt.h
+postcat.o: ../../include/attr.h
postconf.o: ../../include/attr.h
postconf.o: ../../include/mail_version.h
postconf.o: ../../include/mail_params.h
+postconf.o: ../../include/crate_clnt.h
+postconf.o: ../../include/attr_clnt.h
postconf.o: ../../include/mail_addr.h
postconf.o: ../../include/mbox_conf.h
postconf.o: time_vars.h
postdrop.o: ../../include/attr.h
postdrop.o: ../../include/mail_queue.h
postdrop.o: ../../include/mail_params.h
+postdrop.o: ../../include/crate_clnt.h
+postdrop.o: ../../include/attr_clnt.h
postdrop.o: ../../include/mail_conf.h
postdrop.o: ../../include/mail_task.h
postdrop.o: ../../include/clean_env.h
postfix.o: ../../include/safe.h
postfix.o: ../../include/mail_conf.h
postfix.o: ../../include/mail_params.h
+postfix.o: ../../include/crate_clnt.h
+postfix.o: ../../include/attr_clnt.h
+postfix.o: ../../include/attr.h
postkick.o: ../../include/iostuff.h
postkick.o: ../../include/attr.h
postkick.o: ../../include/mail_params.h
+postkick.o: ../../include/crate_clnt.h
+postkick.o: ../../include/attr_clnt.h
postkick.o: ../../include/mail_conf.h
postlock.o: ../../include/msg_vstream.h
postlock.o: ../../include/iostuff.h
postlock.o: ../../include/mail_params.h
+postlock.o: ../../include/crate_clnt.h
+postlock.o: ../../include/attr_clnt.h
+postlock.o: ../../include/attr.h
postlock.o: ../../include/dot_lockfile.h
postlock.o: ../../include/deliver_flock.h
postlock.o: ../../include/myflock.h
postlog.o: ../../include/msg_vstream.h
postlog.o: ../../include/msg_syslog.h
postlog.o: ../../include/mail_params.h
+postlog.o: ../../include/crate_clnt.h
+postlog.o: ../../include/attr_clnt.h
+postlog.o: ../../include/attr.h
postlog.o: ../../include/mail_conf.h
postmap.o: ../../include/mail_conf.h
postmap.o: ../../include/mail_dict.h
postmap.o: ../../include/mail_params.h
+postmap.o: ../../include/crate_clnt.h
+postmap.o: ../../include/attr_clnt.h
+postmap.o: ../../include/attr.h
postmap.o: ../../include/mkmap.h
postmap.o: ../../include/dict.h
postmap.o: ../../include/argv.h
postqueue.o: ../../include/mail_proto.h
postqueue.o: ../../include/attr.h
postqueue.o: ../../include/mail_params.h
+postqueue.o: ../../include/crate_clnt.h
+postqueue.o: ../../include/attr_clnt.h
postqueue.o: ../../include/mail_conf.h
postqueue.o: ../../include/mail_task.h
postqueue.o: ../../include/debug_process.h
postsuper.o: ../../include/mail_task.h
postsuper.o: ../../include/mail_conf.h
postsuper.o: ../../include/mail_params.h
+postsuper.o: ../../include/crate_clnt.h
+postsuper.o: ../../include/attr_clnt.h
+postsuper.o: ../../include/attr.h
postsuper.o: ../../include/mail_queue.h
postsuper.o: ../../include/mail_open_ok.h
proxymap.o: ../../include/argv.h
proxymap.o: ../../include/mail_conf.h
proxymap.o: ../../include/mail_params.h
+proxymap.o: ../../include/crate_clnt.h
+proxymap.o: ../../include/attr_clnt.h
+proxymap.o: ../../include/attr.h
proxymap.o: ../../include/mail_proto.h
proxymap.o: ../../include/iostuff.h
-proxymap.o: ../../include/attr.h
proxymap.o: ../../include/dict_proxy.h
proxymap.o: ../../include/mail_server.h
qmgr.o: ../../include/recipient_list.h
qmgr.o: ../../include/mail_conf.h
qmgr.o: ../../include/mail_params.h
+qmgr.o: ../../include/crate_clnt.h
+qmgr.o: ../../include/attr_clnt.h
+qmgr.o: ../../include/attr.h
qmgr.o: ../../include/mail_proto.h
qmgr.o: ../../include/iostuff.h
-qmgr.o: ../../include/attr.h
qmgr.o: ../../include/mail_flow.h
qmgr.o: ../../include/master_proto.h
qmgr.o: ../../include/mail_server.h
qmgr_active.o: ../../include/vstream.h
qmgr_active.o: ../../include/vbuf.h
qmgr_active.o: ../../include/mail_params.h
+qmgr_active.o: ../../include/crate_clnt.h
+qmgr_active.o: ../../include/attr_clnt.h
+qmgr_active.o: ../../include/attr.h
qmgr_active.o: ../../include/mail_open_ok.h
qmgr_active.o: ../../include/mail_queue.h
qmgr_active.o: ../../include/vstring.h
qmgr_deliver.o: ../../include/attr.h
qmgr_deliver.o: ../../include/recipient_list.h
qmgr_deliver.o: ../../include/mail_params.h
+qmgr_deliver.o: ../../include/crate_clnt.h
+qmgr_deliver.o: ../../include/attr_clnt.h
qmgr_deliver.o: ../../include/deliver_request.h
qmgr_deliver.o: ../../include/verp_sender.h
qmgr_deliver.o: qmgr.h
qmgr_entry.o: ../../include/vstream.h
qmgr_entry.o: ../../include/vbuf.h
qmgr_entry.o: ../../include/mail_params.h
+qmgr_entry.o: ../../include/crate_clnt.h
+qmgr_entry.o: ../../include/attr_clnt.h
+qmgr_entry.o: ../../include/attr.h
qmgr_entry.o: qmgr.h
qmgr_entry.o: ../../include/scan_dir.h
qmgr_message.o: qmgr_message.c
qmgr_message.o: ../../include/dict.h
qmgr_message.o: ../../include/mail_queue.h
qmgr_message.o: ../../include/mail_params.h
+qmgr_message.o: ../../include/crate_clnt.h
+qmgr_message.o: ../../include/attr_clnt.h
+qmgr_message.o: ../../include/attr.h
qmgr_message.o: ../../include/canon_addr.h
qmgr_message.o: ../../include/record.h
qmgr_message.o: ../../include/rec_type.h
qmgr_message.o: ../../include/verp_sender.h
qmgr_message.o: ../../include/mail_proto.h
qmgr_message.o: ../../include/iostuff.h
-qmgr_message.o: ../../include/attr.h
qmgr_message.o: ../../include/qmgr_user.h
qmgr_message.o: ../../include/rewrite_clnt.h
qmgr_message.o: ../../include/resolve_clnt.h
qmgr_queue.o: ../../include/events.h
qmgr_queue.o: ../../include/htable.h
qmgr_queue.o: ../../include/mail_params.h
-qmgr_queue.o: ../../include/recipient_list.h
-qmgr_queue.o: qmgr.h
+qmgr_queue.o: ../../include/crate_clnt.h
+qmgr_queue.o: ../../include/attr_clnt.h
+qmgr_queue.o: ../../include/attr.h
qmgr_queue.o: ../../include/vstream.h
qmgr_queue.o: ../../include/vbuf.h
+qmgr_queue.o: ../../include/recipient_list.h
+qmgr_queue.o: qmgr.h
qmgr_queue.o: ../../include/scan_dir.h
qmgr_rcpt_list.o: qmgr_rcpt_list.c
qmgr_rcpt_list.o: ../../include/sys_defs.h
qmgr_transport.o: ../../include/recipient_list.h
qmgr_transport.o: ../../include/mail_conf.h
qmgr_transport.o: ../../include/mail_params.h
+qmgr_transport.o: ../../include/crate_clnt.h
+qmgr_transport.o: ../../include/attr_clnt.h
qmgr_transport.o: qmgr.h
qmgr_transport.o: ../../include/scan_dir.h
qmqpd.o: ../../include/dict.h
qmqpd.o: ../../include/argv.h
qmqpd.o: ../../include/mail_params.h
+qmqpd.o: ../../include/crate_clnt.h
+qmqpd.o: ../../include/attr_clnt.h
+qmqpd.o: ../../include/attr.h
qmqpd.o: ../../include/record.h
qmqpd.o: ../../include/rec_type.h
qmqpd.o: ../../include/mail_proto.h
qmqpd.o: ../../include/iostuff.h
-qmqpd.o: ../../include/attr.h
qmqpd.o: ../../include/cleanup_user.h
qmqpd.o: ../../include/mail_date.h
qmqpd.o: ../../include/mail_conf.h
sendmail.o: ../../include/mail_proto.h
sendmail.o: ../../include/attr.h
sendmail.o: ../../include/mail_params.h
+sendmail.o: ../../include/crate_clnt.h
+sendmail.o: ../../include/attr_clnt.h
sendmail.o: ../../include/record.h
sendmail.o: ../../include/rec_type.h
sendmail.o: ../../include/rec_streamlf.h
showq.o: ../../include/attr.h
showq.o: ../../include/mail_date.h
showq.o: ../../include/mail_params.h
+showq.o: ../../include/crate_clnt.h
+showq.o: ../../include/attr_clnt.h
showq.o: ../../include/mail_scan_dir.h
showq.o: ../../include/mail_conf.h
showq.o: ../../include/record.h
smtp.o: ../../include/vstring.h
smtp.o: ../../include/recipient_list.h
smtp.o: ../../include/mail_params.h
+smtp.o: ../../include/crate_clnt.h
+smtp.o: ../../include/attr_clnt.h
+smtp.o: ../../include/attr.h
smtp.o: ../../include/mail_conf.h
smtp.o: ../../include/debug_peer.h
smtp.o: ../../include/mail_error.h
smtp.o: ../../include/deliver_pass.h
smtp.o: ../../include/mail_proto.h
smtp.o: ../../include/iostuff.h
-smtp.o: ../../include/attr.h
smtp.o: ../../include/mail_server.h
smtp.o: smtp.h
smtp.o: smtp_sasl.h
smtp_addr.o: ../../include/stringops.h
smtp_addr.o: ../../include/myrand.h
smtp_addr.o: ../../include/mail_params.h
+smtp_addr.o: ../../include/crate_clnt.h
+smtp_addr.o: ../../include/attr_clnt.h
+smtp_addr.o: ../../include/attr.h
+smtp_addr.o: ../../include/vstream.h
smtp_addr.o: ../../include/own_inet_addr.h
smtp_addr.o: ../../include/dns.h
smtp_addr.o: smtp.h
-smtp_addr.o: ../../include/vstream.h
smtp_addr.o: ../../include/argv.h
smtp_addr.o: ../../include/deliver_request.h
smtp_addr.o: ../../include/recipient_list.h
smtp_chat.o: ../../include/deliver_request.h
smtp_chat.o: ../../include/smtp_stream.h
smtp_chat.o: ../../include/mail_params.h
+smtp_chat.o: ../../include/crate_clnt.h
+smtp_chat.o: ../../include/attr_clnt.h
+smtp_chat.o: ../../include/attr.h
smtp_chat.o: ../../include/mail_addr.h
smtp_chat.o: ../../include/post_mail.h
smtp_chat.o: ../../include/cleanup_user.h
smtp_connect.o: ../../include/host_port.h
smtp_connect.o: ../../include/sane_connect.h
smtp_connect.o: ../../include/mail_params.h
+smtp_connect.o: ../../include/crate_clnt.h
+smtp_connect.o: ../../include/attr_clnt.h
+smtp_connect.o: ../../include/attr.h
smtp_connect.o: ../../include/own_inet_addr.h
smtp_connect.o: ../../include/dns.h
smtp_connect.o: smtp.h
smtp_proto.o: ../../include/iostuff.h
smtp_proto.o: ../../include/split_at.h
smtp_proto.o: ../../include/mail_params.h
+smtp_proto.o: ../../include/crate_clnt.h
+smtp_proto.o: ../../include/attr_clnt.h
+smtp_proto.o: ../../include/attr.h
smtp_proto.o: ../../include/smtp_stream.h
smtp_proto.o: ../../include/mail_queue.h
smtp_proto.o: ../../include/recipient_list.h
smtp_proto.o: ../../include/quote_821_local.h
smtp_proto.o: ../../include/quote_flags.h
smtp_proto.o: ../../include/mail_proto.h
-smtp_proto.o: ../../include/attr.h
smtp_proto.o: ../../include/mime_state.h
smtp_proto.o: ../../include/header_opts.h
smtp_proto.o: smtp.h
smtp_sasl_glue.o: ../../include/split_at.h
smtp_sasl_glue.o: ../../include/name_mask.h
smtp_sasl_glue.o: ../../include/mail_params.h
+smtp_sasl_glue.o: ../../include/crate_clnt.h
+smtp_sasl_glue.o: ../../include/attr_clnt.h
+smtp_sasl_glue.o: ../../include/attr.h
+smtp_sasl_glue.o: ../../include/vstream.h
smtp_sasl_glue.o: ../../include/string_list.h
smtp_sasl_glue.o: ../../include/match_list.h
smtp_sasl_glue.o: ../../include/match_ops.h
smtp_sasl_glue.o: ../../include/maps.h
smtp_sasl_glue.o: ../../include/dict.h
-smtp_sasl_glue.o: ../../include/vstream.h
smtp_sasl_glue.o: ../../include/argv.h
smtp_sasl_glue.o: smtp.h
smtp_sasl_glue.o: ../../include/deliver_request.h
smtp_sasl_proto.o: ../../include/msg.h
smtp_sasl_proto.o: ../../include/mymalloc.h
smtp_sasl_proto.o: ../../include/mail_params.h
-smtp_sasl_proto.o: smtp.h
+smtp_sasl_proto.o: ../../include/crate_clnt.h
+smtp_sasl_proto.o: ../../include/attr_clnt.h
+smtp_sasl_proto.o: ../../include/attr.h
smtp_sasl_proto.o: ../../include/vstream.h
smtp_sasl_proto.o: ../../include/vbuf.h
+smtp_sasl_proto.o: smtp.h
smtp_sasl_proto.o: ../../include/vstring.h
smtp_sasl_proto.o: ../../include/argv.h
smtp_sasl_proto.o: ../../include/deliver_request.h
smtpd.o: ../../include/watchdog.h
smtpd.o: ../../include/iostuff.h
smtpd.o: ../../include/mail_params.h
+smtpd.o: ../../include/crate_clnt.h
+smtpd.o: ../../include/attr_clnt.h
+smtpd.o: ../../include/attr.h
smtpd.o: ../../include/record.h
smtpd.o: ../../include/rec_type.h
smtpd.o: ../../include/mail_proto.h
-smtpd.o: ../../include/attr.h
smtpd.o: ../../include/cleanup_user.h
smtpd.o: ../../include/mail_date.h
smtpd.o: ../../include/mail_conf.h
smtpd_chat.o: ../../include/iostuff.h
smtpd_chat.o: ../../include/attr.h
smtpd_chat.o: ../../include/mail_params.h
+smtpd_chat.o: ../../include/crate_clnt.h
+smtpd_chat.o: ../../include/attr_clnt.h
smtpd_chat.o: ../../include/mail_addr.h
smtpd_chat.o: ../../include/post_mail.h
smtpd_chat.o: ../../include/cleanup_user.h
smtpd_check.o: ../../include/namadr_list.h
smtpd_check.o: ../../include/domain_list.h
smtpd_check.o: ../../include/mail_params.h
+smtpd_check.o: ../../include/crate_clnt.h
smtpd_check.o: ../../include/canon_addr.h
smtpd_check.o: ../../include/resolve_clnt.h
smtpd_check.o: ../../include/mail_error.h
smtpd_proxy.o: ../../include/smtp_stream.h
smtpd_proxy.o: ../../include/cleanup_user.h
smtpd_proxy.o: ../../include/mail_params.h
+smtpd_proxy.o: ../../include/crate_clnt.h
+smtpd_proxy.o: ../../include/attr_clnt.h
+smtpd_proxy.o: ../../include/attr.h
smtpd_proxy.o: ../../include/rec_type.h
smtpd_proxy.o: smtpd.h
smtpd_proxy.o: ../../include/argv.h
smtpd_sasl_glue.o: ../../include/match_ops.h
smtpd_sasl_glue.o: ../../include/name_mask.h
smtpd_sasl_glue.o: ../../include/mail_params.h
+smtpd_sasl_glue.o: ../../include/crate_clnt.h
+smtpd_sasl_glue.o: ../../include/attr_clnt.h
+smtpd_sasl_glue.o: ../../include/attr.h
+smtpd_sasl_glue.o: ../../include/vstream.h
+smtpd_sasl_glue.o: ../../include/vbuf.h
smtpd_sasl_glue.o: ../../include/smtp_stream.h
smtpd_sasl_glue.o: ../../include/vstring.h
-smtpd_sasl_glue.o: ../../include/vbuf.h
-smtpd_sasl_glue.o: ../../include/vstream.h
smtpd_sasl_glue.o: smtpd.h
smtpd_sasl_glue.o: ../../include/argv.h
smtpd_sasl_glue.o: ../../include/mail_stream.h
smtpd_sasl_proto.o: ../../include/msg.h
smtpd_sasl_proto.o: ../../include/mymalloc.h
smtpd_sasl_proto.o: ../../include/mail_params.h
-smtpd_sasl_proto.o: ../../include/mail_proto.h
+smtpd_sasl_proto.o: ../../include/crate_clnt.h
+smtpd_sasl_proto.o: ../../include/attr_clnt.h
+smtpd_sasl_proto.o: ../../include/attr.h
smtpd_sasl_proto.o: ../../include/vstream.h
smtpd_sasl_proto.o: ../../include/vbuf.h
+smtpd_sasl_proto.o: ../../include/mail_proto.h
smtpd_sasl_proto.o: ../../include/iostuff.h
-smtpd_sasl_proto.o: ../../include/attr.h
smtpd_sasl_proto.o: ../../include/mail_error.h
smtpd_sasl_proto.o: ../../include/name_mask.h
smtpd_sasl_proto.o: smtpd.h
smtpd_state.o: ../../include/msg.h
smtpd_state.o: ../../include/cleanup_user.h
smtpd_state.o: ../../include/mail_params.h
+smtpd_state.o: ../../include/crate_clnt.h
+smtpd_state.o: ../../include/attr_clnt.h
+smtpd_state.o: ../../include/attr.h
smtpd_state.o: ../../include/mail_error.h
smtpd_state.o: ../../include/mail_proto.h
smtpd_state.o: ../../include/iostuff.h
-smtpd_state.o: ../../include/attr.h
smtpd_state.o: smtpd.h
smtpd_state.o: ../../include/vstring.h
smtpd_state.o: ../../include/argv.h
/* .IP \fBsmtpd_history_flush_threshold\fR
/* Flush the command history to postmaster after receipt of RSET etc.
/* only if the number of history lines exceeds the given threshold.
+/* .IP \fBsmtpd_client_connection_count_limit\fR
+/* The maximal number of simultaneous connections that any
+/* client is allowed to make to this service.
+/* .IP \fBsmtpd_client_connection_rate_limit\fR
+/* The maximal number of connections per unit time (specified
+/* with \fBconnection_rate_time_unit\fR) that any client
+/* is allowed to make to this service.
+/* .IP \fBsmtpd_client_connection_limit_exceptions\fR
+/* Hostnames, .domain names or network address blocks of clients
+/* that are excluded from connection count or rate limits.
/* .SH Tarpitting
/* .ad
/* .fi
#include <lex_822.h>
#include <namadr_list.h>
#include <input_transp.h>
+#include <crate_clnt.h>
/* Single-threaded server skeleton. */
int var_smtpd_policy_ttl;
char *var_xaddr_clients;
char *var_xloginfo_clients;
+int var_smtpd_crate_limit;
+int var_smtpd_cconn_limit;
+char *var_smtpd_hoggers;
/*
* Silly little macros.
*/
static NAMADR_LIST *xloginfo_clients;
+ /*
+ * Client connection and rate limiting.
+ */
+CRATE_CLNT *crate_clnt;
+static NAMADR_LIST *hogger_list;
+
/*
* Other application-specific globals.
*/
* Don't bother checking the syntax.
*/
smtpd_chat_reply(state, "221 Bye");
+
+ /*
+ * When the "." and quit replies are pipelined, make sure they are
+ * flushed now, to avoid repeated mail deliveries in case of a crash in
+ * the "clean up before disconnect" code.
+ */
+ vstream_fflush(state->client);
return (0);
}
static int xloginfo_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
{
- char *cp;
/*
* Sanity checks.
/* smtpd_proto - talk the SMTP protocol */
-static void smtpd_proto(SMTPD_STATE *state)
+static void smtpd_proto(SMTPD_STATE *state, const char *service)
{
int argc;
SMTPD_TOKEN *argv;
SMTPD_CMD *cmdp;
+ int count;
+ int crate;
/*
* Print a greeting banner and run the state machine. Read SMTP commands
break;
case 0:
+ if (SMTPD_STAND_ALONE(state) == 0
+ && crate_clnt
+ && !namadr_list_match(hogger_list, state->name, state->addr)
+ && crate_clnt_connect(crate_clnt, service, state->addr,
+ &count, &crate) == CRATE_STAT_OK) {
+ if (var_smtpd_cconn_limit > 0 && count > var_smtpd_cconn_limit) {
+ smtpd_chat_reply(state, "450 Too many connections from %s",
+ state->addr);
+ msg_warn("Too many connections from %s for service %s",
+ state->addr, service);
+ break;
+ }
+ if (var_smtpd_crate_limit > 0 && crate > var_smtpd_crate_limit) {
+ smtpd_chat_reply(state, "450 Too many connections from %s",
+ state->addr);
+ msg_warn("Too frequent connections from %s for service %s",
+ state->addr, service);
+ break;
+ }
+ }
if (SMTPD_STAND_ALONE(state) == 0
&& var_smtpd_delay_reject == 0
&& (state->access_denied = smtpd_check_client(state)) != 0) {
}
break;
}
+ if (crate_clnt)
+ crate_clnt_disconnect(crate_clnt, service, state->addr);
/*
* Log abnormal session termination, in case postmaster notification has
/* smtpd_service - service one client */
-static void smtpd_service(VSTREAM *stream, char *unused_service, char **argv)
+static void smtpd_service(VSTREAM *stream, char *service, char **argv)
{
SMTPD_STATE state;
/*
* Provide the SMTP service.
*/
- smtpd_proto(&state);
+ smtpd_proto(&state, service);
/*
* After the client has gone away, clean up whatever we have set up at
verp_clients = namadr_list_init(MATCH_FLAG_NONE, var_verp_clients);
xaddr_clients = namadr_list_init(MATCH_FLAG_NONE, var_xaddr_clients);
xloginfo_clients = namadr_list_init(MATCH_FLAG_NONE, var_xloginfo_clients);
+ hogger_list = namadr_list_init(MATCH_FLAG_NONE, var_smtpd_hoggers);
if (getuid() == 0 || getuid() == var_owner_uid)
smtpd_check_init();
debug_peer_init();
* recipient checks, address mapping, header_body_checks?.
*/
smtpd_input_transp_mask =
- input_transp_mask(VAR_INPUT_TRANSP, var_input_transp);
+ input_transp_mask(VAR_INPUT_TRANSP, var_input_transp);
/*
* Sanity checks. The queue_minfree value should be at least as large as
&& var_message_limit > 0
&& var_queue_minfree / 2 < var_message_limit)
msg_warn("%s(%lu) should be at least 2*%s(%lu)",
- VAR_QUEUE_MINFREE, (unsigned long) var_queue_minfree,
- VAR_MESSAGE_LIMIT, (unsigned long) var_message_limit);
+ VAR_QUEUE_MINFREE, (unsigned long) var_queue_minfree,
+ VAR_MESSAGE_LIMIT, (unsigned long) var_message_limit);
+
+ /*
+ * Connection rate management.
+ */
+ if (var_smtpd_crate_limit || var_smtpd_cconn_limit)
+ crate_clnt = crate_clnt_create();
}
/* main - the main program */
VAR_VIRT_MAILBOX_CODE, DEF_VIRT_MAILBOX_CODE, &var_virt_mailbox_code, 0, 0,
VAR_RELAY_RCPT_CODE, DEF_RELAY_RCPT_CODE, &var_relay_rcpt_code, 0, 0,
VAR_VERIFY_POLL_COUNT, DEF_VERIFY_POLL_COUNT, &var_verify_poll_count, 1, 0,
+ VAR_SMTPD_CRATE_LIMIT, DEF_SMTPD_CRATE_LIMIT, &var_smtpd_crate_limit, 0, 0,
+ VAR_SMTPD_CCONN_LIMIT, DEF_SMTPD_CCONN_LIMIT, &var_smtpd_cconn_limit, 0, 0,
0,
};
static CONFIG_TIME_TABLE time_table[] = {
VAR_INPUT_TRANSP, DEF_INPUT_TRANSP, &var_input_transp, 0, 0,
VAR_XADDR_CLIENTS, DEF_XADDR_CLIENTS, &var_xaddr_clients, 0, 0,
VAR_XLOGINFO_CLIENTS, DEF_XLOGINFO_CLIENTS, &var_xloginfo_clients, 0, 0,
+ VAR_SMTPD_HOGGERS, DEF_SMTPD_HOGGERS, &var_smtpd_hoggers, 0, 0,
0,
};
static CONFIG_RAW_TABLE raw_table[] = {
"552 Message size exceeds fixed limit");
return (STR(error_text));
}
-
fsspace(".", &fsbuf);
if (msg_verbose)
msg_info("%s: blocks %lu avail %lu min_free %lu msg_size_limit %lu",
/* DESCRIPTION
/* \fIsmtp-sink\fR listens on the named host (or address) and port.
/* It takes SMTP messages from the network and throws them away.
-/* The purpose is to measure SMTP client performance, not protocol
+/* The purpose is to measure client performance, not protocol
/* compliance.
+/*
/* Connections can be accepted on IPV4 endpoints or UNIX-domain sockets.
/* IPV4 is the default.
/* This program is the complement of the \fIsmtp-source\fR program.
/* Display a running counter that is updated whenever an SMTP
/* QUIT command is executed.
/* .IP \fB-e\fR
-/* Disable ESMTP support.
+/* Do not announce ESMTP support.
/* .IP "\fB-f \fIcommand,command,...\fR"
/* Reject the specified commands with a hard (5xx) error code.
/* .IP \fB-h\fI hostname\fR
/* Use \fIhostname\fR in the SMTP greeting, in the HELO response,
/* and in the EHLO response. The default hostname is "smtp-sink".
/* .IP \fB-L\fR
-/* Enable LMTP rather than SMTP.
+/* Enable LMTP instead of SMTP.
/* .IP "\fB-n \fIcount\fR"
/* Terminate after \fIcount\fR sessions. This is for testing purposes.
/* .IP \fB-p\fR
-/* Disable ESMTP command pipelining.
+/* Do not announce support for ESMTP command pipelining.
/* .IP \fB-P\fR
/* Change the server greeting so that it appears to come through
/* a CISCO PIX system. Implies \fB-e\fR.
/* .IP "\fB-w \fIdelay\fR"
/* Wait \fIdelay\fR seconds before responding to a DATA command.
/* .IP \fB-8\fR
-/* Disable 8BITMIME support.
+/* Do not announce 8BITMIME support.
/* .IP [\fBinet:\fR][\fIhost\fR]:\fIport\fR
/* Listen on network interface \fIhost\fR (default: any interface)
/* TCP port \fIport\fR. Both \fIhost\fR and \fIport\fR may be
spawn.o: ../../include/timed_wait.h
spawn.o: ../../include/set_eugid.h
spawn.o: ../../include/mail_params.h
+spawn.o: ../../include/crate_clnt.h
+spawn.o: ../../include/attr_clnt.h
+spawn.o: ../../include/attr.h
spawn.o: ../../include/mail_server.h
spawn.o: ../../include/mail_conf.h
resolve.o: ../../include/stringops.h
resolve.o: ../../include/mymalloc.h
resolve.o: ../../include/mail_params.h
+resolve.o: ../../include/crate_clnt.h
+resolve.o: ../../include/attr_clnt.h
+resolve.o: ../../include/attr.h
resolve.o: ../../include/mail_proto.h
resolve.o: ../../include/iostuff.h
-resolve.o: ../../include/attr.h
resolve.o: ../../include/rewrite_clnt.h
resolve.o: ../../include/resolve_local.h
resolve.o: ../../include/mail_conf.h
rewrite.o: ../../include/vstring_vstream.h
rewrite.o: ../../include/split_at.h
rewrite.o: ../../include/mail_params.h
+rewrite.o: ../../include/crate_clnt.h
+rewrite.o: ../../include/attr_clnt.h
+rewrite.o: ../../include/attr.h
rewrite.o: ../../include/mail_proto.h
rewrite.o: ../../include/iostuff.h
-rewrite.o: ../../include/attr.h
rewrite.o: ../../include/resolve_local.h
rewrite.o: ../../include/tok822.h
rewrite.o: ../../include/resolve_clnt.h
transport.o: ../../include/argv.h
transport.o: ../../include/strip_addr.h
transport.o: ../../include/mail_params.h
+transport.o: ../../include/crate_clnt.h
+transport.o: ../../include/attr_clnt.h
+transport.o: ../../include/attr.h
transport.o: ../../include/maps.h
transport.o: ../../include/match_parent_style.h
transport.o: ../../include/match_ops.h
transport.o: ../../include/mail_proto.h
transport.o: ../../include/iostuff.h
-transport.o: ../../include/attr.h
transport.o: transport.h
trivial-rewrite.o: trivial-rewrite.c
trivial-rewrite.o: ../../include/sys_defs.h
trivial-rewrite.o: ../../include/dict.h
trivial-rewrite.o: ../../include/argv.h
trivial-rewrite.o: ../../include/mail_params.h
+trivial-rewrite.o: ../../include/crate_clnt.h
+trivial-rewrite.o: ../../include/attr_clnt.h
+trivial-rewrite.o: ../../include/attr.h
trivial-rewrite.o: ../../include/mail_proto.h
trivial-rewrite.o: ../../include/iostuff.h
-trivial-rewrite.o: ../../include/attr.h
trivial-rewrite.o: ../../include/resolve_local.h
trivial-rewrite.o: ../../include/mail_conf.h
trivial-rewrite.o: ../../include/resolve_clnt.h
/* SYNOPSIS
/* #include <attr_clnt.h>
/*
+/* typedef int (*ATTR_CLNT_PRINT_FN) (VSTREAM *, int, va_list);
+/* typedef int (*ATTR_CLNT_SCAN_FN) (VSTREAM *, int, va_list);
+/*
/* ATTR_CLNT *attr_clnt_create(server, timeout, max_idle, max_ttl)
/* const char *server;
/* int timeout;
/*
/* void attr_clnt_free(client)
/* ATTR_CLNT *client;
+/*
+/* void attr_clnt_control(client, name, value, ... ATTR_CLNT_CTL_END)
+/* ATTR_CLNT *client;
+/* int name;
/* DESCRIPTION
/* This module implements a client for a simple attribute-based
-/* protocol as described in attr_scan_plain(3).
+/* protocol. The default protocol is described in attr_scan_plain(3).
/*
/* attr_clnt_create() creates a client handle. The server
/* argument specifies "transport:servername" where transport is
/* currently limited to "inet" or "unix", and servername has the
/* form "host:port", "private/servicename" or "public/servicename".
/* The timeout parameter limits the time for sending or receiving
-/* a reply, and the ttl parameter controls how long an unused
-/* connection is kept open.
+/* a reply, max_idle specifies how long an idle connection is
+/* kept open, and the max_ttl parameter bounds the time that a
+/* connection is kept open.
+/* Specify zero to disable a max_idle or max_ttl limit.
/*
/* attr_clnt_request() sends the specified request attributes and
/* receives a reply. The reply argument specifies a name-value table.
/* result is the number of attributes received or -1 in case of trouble.
/*
/* attr_clnt_free() destroys a client handle and closes its connection.
+/*
+/* attr_clnt_control() allows the user to fine tune the behavior of
+/* the specified client. The arguments are a list of (name, value)
+/* terminated with ATTR_CLNT_CTL_END.
+/* The following lists the names and the types of the corresponding
+/* value arguments.
+/* .IP "ATTR_CLNT_CTL_PROTO(ATTR_CLNT_PRINT_FN, ATTR_CLNT_SCAN_FN)"
+/* Specifies alternatives for the attr_plain_print() and
+/* attr_plain_scan() functions.
/* DIAGNOSTICS
/* Warnings: communication failure.
/* SEE ALSO
int (*connect) (const char *, int, int);
char *endpoint;
int timeout;
- int (*print) (VSTREAM *, int, va_list);
- int (*scan) (VSTREAM *, int, va_list);
+ ATTR_CLNT_PRINT_FN print;
+ ATTR_CLNT_SCAN_FN scan;
};
/* attr_clnt_connect - connect to server */
VSTREAM *fp;
int fd;
- fd = client->connect(client->endpoint, NON_BLOCKING, client->timeout);
+ fd = client->connect(client->endpoint, BLOCKING, client->timeout);
if (fd < 0) {
msg_warn("connect to %s: %m", client->endpoint);
return (0);
client->timeout = timeout;
if (strcmp(transport, "inet") == 0) {
client->connect = inet_connect;
+ } else if (strcmp(transport, "local") == 0) {
+ client->connect = LOCAL_CONNECT;
} else if (strcmp(transport, "unix") == 0) {
client->connect = unix_connect;
} else {
}
for (;;) {
+ errno = 0;
if ((stream = auto_clnt_access(client->auto_clnt)) != 0
&& readable(vstream_fileno(stream)) == 0) {
errno = 0;
}
if (++count >= 2
|| msg_verbose
- || (errno != EPIPE && errno != ENOENT && errno != ECONNRESET))
+ || (errno && errno != EPIPE && errno != ENOENT && errno != ECONNRESET))
msg_warn("problem talking to server %s: %m", client->endpoint);
if (count >= 2)
return (-1);
auto_clnt_recover(client->auto_clnt);
}
}
+
+/* attr_clnt_control - fine control */
+
+void attr_clnt_control(ATTR_CLNT *client, int name,...)
+{
+ char *myname = "attr_clnt_control";
+ va_list ap;
+
+ for (va_start(ap, name); name != ATTR_CLNT_CTL_END; name = va_arg(ap, int)) {
+ switch (name) {
+ case ATTR_CLNT_CTL_PROTO:
+ client->print = va_arg(ap, ATTR_CLNT_PRINT_FN);
+ client->scan = va_arg(ap, ATTR_CLNT_SCAN_FN);
+ break;
+ default:
+ msg_panic("%s: bad name %d", myname, name);
+ }
+ }
+}
* External interface.
*/
typedef struct ATTR_CLNT ATTR_CLNT;
+typedef int (*ATTR_CLNT_PRINT_FN) (VSTREAM *, int, va_list);
+typedef int (*ATTR_CLNT_SCAN_FN) (VSTREAM *, int, va_list);
extern ATTR_CLNT *attr_clnt_create(const char *, int, int, int);
extern int attr_clnt_request(ATTR_CLNT *, int,...);
extern void attr_clnt_free(ATTR_CLNT *);
+extern void attr_clnt_control(ATTR_CLNT *, int, ...);
+
+#define ATTR_CLNT_CTL_END 0
+#define ATTR_CLNT_CTL_PROTO 1
/* LICENSE
/* .ad
/*
/* Arguments:
/* .IP max_idle
-/* Idle time after which the client disconnects.
+/* Idle time after which the client disconnects. Specify 0 to disable
+/* the limit.
/* .IP max_ttl
/* Upper bound on the time that a connection is allowed to persist.
+/* Specify 0 to disable the limit.
/* .IP open_action
/* Application call-back routine that opens a stream or returns a
/* null pointer upon failure. In case of success, the call-back routine
close_on_exec(vstream_fileno(auto_clnt->vstream), CLOSE_ON_EXEC);
event_enable_read(vstream_fileno(auto_clnt->vstream), auto_clnt_event,
(char *) auto_clnt);
- event_request_timer(auto_clnt_event, (char *) auto_clnt,
- auto_clnt->max_idle);
- event_request_timer(auto_clnt_ttl_event, (char *) auto_clnt,
- auto_clnt->max_ttl);
+ if (auto_clnt->max_idle > 0)
+ event_request_timer(auto_clnt_event, (char *) auto_clnt,
+ auto_clnt->max_idle);
+ if (auto_clnt->max_ttl > 0)
+ event_request_timer(auto_clnt_ttl_event, (char *) auto_clnt,
+ auto_clnt->max_ttl);
}
}
/*
* Parse the key into network and mask, and destroy the key. Treat a bare
* network address as /32.
+ *
+ * We need explicit code for /0. The result of << is undefined when the
+ * shift is greater or equal to the number of bits in the shifted
+ * operand.
*/
if ((mask = split_at(key, '/')) != 0) {
- if ((mask_shift = atoi(mask)) <= 0 || mask_shift > BITS_PER_ADDR
+ if (!alldig(mask) || (mask_shift = atoi(mask)) > BITS_PER_ADDR
|| (net_bits = inet_addr(key)) == INADDR_NONE) {
msg_warn("cidr map %s, line %d: bad net/mask pattern: \"%s/%s\": "
"skipping this rule", mapname, lineno, key, mask);
return (0);
}
- mask_bits = htonl((0xffffffff) << (BITS_PER_ADDR - mask_shift));
+ mask_bits = mask_shift > 0 ?
+ htonl((0xffffffff) << (BITS_PER_ADDR - mask_shift)) : 0;
if (net_bits & ~mask_bits) {
net_addr.s_addr = (net_bits & mask_bits);
msg_warn("cidr map %s, line %d: net/mask pattern \"%s/%s\" with "
/* match_parse_mask - parse net/mask pattern */
static int match_parse_mask(const char *pattern, unsigned long *net_bits,
- int *mask_shift)
+ unsigned int *mask_shift)
{
char *saved_pattern;
char *mask;
saved_pattern = mystrdup(pattern);
if ((mask = split_at(saved_pattern, '/')) != 0) {
- if ((*mask_shift = atoi(mask)) <= 0 || *mask_shift > BITS_PER_ADDR
+ if (!alldig(mask) || (*mask_shift = atoi(mask)) > BITS_PER_ADDR
|| (*net_bits = inet_addr(saved_pattern)) == INADDR_NONE) {
msg_fatal("bad net/mask pattern: %s", pattern);
}
int match_hostaddr(int unused_flags, const char *addr, const char *pattern)
{
char *myname = "match_hostaddr";
- int mask_shift;
+ unsigned int mask_shift;
unsigned long mask_bits;
unsigned long net_bits;
unsigned long addr_bits;
addr_bits = inet_addr(addr);
if (addr_bits == INADDR_NONE)
msg_fatal("%s: bad address argument: %s", myname, addr);
- mask_bits = htonl((0xffffffff) << (BITS_PER_ADDR - mask_shift));
+ mask_bits = mask_shift > 0 ?
+ htonl((0xffffffff) << (BITS_PER_ADDR - mask_shift)) : 0;
if ((addr_bits & mask_bits) == net_bits)
return (1);
if (net_bits & ~mask_bits) {
#define NORETURN void
#define PRINTFLIKE(x,y)
#define SCANFLIKE(x,y)
+#ifndef NO_NETINFO
#define HAS_NETINFO
+#endif
#define NATIVE_SENDMAIL_PATH "/usr/sbin/sendmail"
#define NATIVE_MAILQ_PATH "/usr/bin/mailq"
#define NATIVE_NEWALIAS_PATH "/usr/bin/newaliases"
verify.o: ../../include/split_at.h
verify.o: ../../include/mail_conf.h
verify.o: ../../include/mail_params.h
+verify.o: ../../include/crate_clnt.h
+verify.o: ../../include/attr_clnt.h
+verify.o: ../../include/attr.h
verify.o: ../../include/mail_proto.h
verify.o: ../../include/iostuff.h
-verify.o: ../../include/attr.h
verify.o: ../../include/post_mail.h
verify.o: ../../include/cleanup_user.h
verify.o: ../../include/verify_clnt.h
mailbox.o: ../../include/recipient_list.h
mailbox.o: ../../include/sent.h
mailbox.o: ../../include/mail_params.h
+mailbox.o: ../../include/crate_clnt.h
+mailbox.o: ../../include/attr_clnt.h
+mailbox.o: ../../include/attr.h
mailbox.o: ../../include/mail_addr_find.h
mailbox.o: ../../include/maps.h
mailbox.o: ../../include/dict.h
maildir.o: ../../include/defer.h
maildir.o: ../../include/sent.h
maildir.o: ../../include/mail_params.h
+maildir.o: ../../include/crate_clnt.h
+maildir.o: ../../include/attr_clnt.h
+maildir.o: ../../include/attr.h
maildir.o: virtual.h
maildir.o: ../../include/maps.h
maildir.o: ../../include/dict.h
virtual.o: ../../include/deliver_request.h
virtual.o: ../../include/deliver_completed.h
virtual.o: ../../include/mail_params.h
+virtual.o: ../../include/crate_clnt.h
+virtual.o: ../../include/attr_clnt.h
+virtual.o: ../../include/attr.h
virtual.o: ../../include/mail_conf.h
virtual.o: ../../include/mail_addr_find.h
virtual.o: ../../include/maps.h
projects / thirdparty / postfix.git / commitdiff
