From: Dhawal Doshy (dhawalnetmagicsolutions.com)
Date: Wed May 03 2006 - 10:13:29 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Wietse Venema wrote:
> Dhawal Doshy:
>> MailScanner currently works in this fashion:
>> Internet ==> postfix ==> hold queue ==> MailScanner ==> Incoming queue
>> ==> local delivery or relay
>>
>> From what i understand, the part where mailscanner re-queues mails to
>> the postfix incoming queue is the questionable part..
>>
>> So what conclusion do we (the non-programmer postfix users) draw from
>> your discussion? What are the changes expected that i need to
>> communicate to the mailscanner development team?
>>
>> Finally, what would be required to make mailscanner an approved
>> Content-Scanner for postfix.
>
> It takes a stable EXTERNAL interface, so that non-Postfix software
> is immune to changes in Postfix INTERNAL details.
>
> For example, software that speak SMTP is largely immune to changes
> in Postfix internal details, because SMTP is well defined.
>
> Absent precisely formulated requirements I can't define an external
> interface for content management.
>
> Wietse

Wietse, i dug up an old post of your mentioning the requirement to make
mailscanner safe with the queue implementation back then (01/15/2004):

1) The Postfix queue would have to be changed from a three-state
incoming/active/deferred organization to a four-state organization of
unfiltered/incoming/active/deferred.

MailScanner: This is being done by introducing the well docuemted 'hold'
interface.

2) All four queues MUST BE in the same file system. Otherwise mail will
be corrupted or lost.

MailScanner: MailScanner doesn't require changing the postfix queue
structure, except for introducing the 'hold' queue.

3) A modified cleanup server drops new mail into the "unfiltered" queue
and notifies mailscanner, while the unmodified cleanup server drops
locally forwarded mail into the incoming queue and informs the queue
manager as usual.

MailScanner: There is no modified cleanup server, this role is played by
the header_checks parameter.

4) Mailscanner MUST NOT move queue files except by renaming them between
Postfix queue directories. Otherwise mail will be corrupted or lost.

MailScanner: Queue files are renamed as original_queue_id.random_number
when moved from hold to incoming.

5) Mailscanner MUST maintain the relationship between the file name and
the file inode number. Otherwise mail will be corrupted or lost.

MailScanner: See reply to point 4. original filename is appended with a
random number.

6) hehe.. there was no point number 6.

7) Mailscanner must be crash proof. Like Postfix, it MUST NOT take
irreversible actions, or actions that may require undo operations after
a system crash. Otherwise mail will be corrupted or lost.

MailScanner: MailScanner, from what i understand doesn't move the queue
file from hold to incoming till it is processed.. in the event of a
crash, mails in the hold queue will be re-processed.

8) Mailscanner MUST NOT modify queue files. If content needs to be
updates, Mailscanner MUST create a new queue file and delete the
original only after the new file has been committed to stable storage.
Otherwise mail will be corrupted or lost.

MailScanner: See points 4,5,7

9) When creating a queue file, Mailscanner MUST adhere to the convention
that the file permissions are set to "executable" only after the file
contents are safely stored. Otherwise mail will be corrupted or lost.

MailScanner: As per the mailscanner author, this point is adhered to. i
wouldn't know the specifics however.

10) Mailscanner should never touch a queue file that has an advisory
lock (flock or fcntl lock, depending on the system environment).
Otherwise mail will be corrupted or lost.

MailScanner: As per the mailscanner author, this point is adhered to as
well. Again, i wouldn't know the specifics as to how.

The only drawback as per postfix standards is that mailscanner doesn't
talk SMTP. Iff the above explanation is safe enough, then maybe (just
maybe) it doesn't need to talk SMTP at all. Can you share your comments?

Finally, sorry for being such a nag, but i'd really like to see
mailscanner as an approved content scanner for postfix.

thanks,
- dhawal

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]