From: Wietse Venema (wietseporcupine.org)
Date: Sun Sep 02 2007 - 10:08:03 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It may be relatively easy to implement stress-dependent Postfix
SMTP server personality. Most of the material needed for this
already exists in Postfix.

Here is how it could work:

- The master(8) daemon passes a new command-line option to the
  smtpd(8) child processes; the option indicates whether or not
  all the SMTP service ports are busy. This is a simple change.

- In the smtpd(8) child process, switch to an alternate set of
  main.cf configuration parameters, depending on command-line
  options received from the master daemon. This is not new: it's
  how the combined SMTP/LMTP client chooses between SMTP and LMTP.

- Of course, stress information would be made available in the
  policy protocol, and perhaps to Milters.

Each smtpd_mumble configuration parameter would then get its own
doppelgaenger, for example stress_smtpd_mumble (a fixed prefix is
easily implemented with a shell script, and is less work than having
to define a lot of new parameter names in the Postfix source code).

So we would have

    smtpd_timeout = 45s
    stress_smtpd_timeout = 10s

    smtpd_hard_error_limit = 10
    stress_smtpd_hard_error_limit = 1

The more courageous sysadmins would make smtpd_delay_reject dependend
on stress level and provide alternate sets of smtpd_mumble_restrictions.

How would one test the alternate personality? Switching to a
different set of main.cf parameters is not possible after a Postfix
daemon has already read main.cf, so the switch must happen before
main.cf is read (*).

Testing would require an extra master.cf entry

    127.0.0.1:12345 .. .. .. .. .. smtp -p stress

(or whatever) to connect to an smtpd(8) process that is always in
the stress mode personality.

Thus, stress-dependent server behavior can be implemented with
minor Postfix modifications, but it has a few obvious limitations.

- Testing is possible only by connecting to the test port and using
  the XCLIENT protocol. Not a big deal, because stress-dependent
  behavior is for advanced system administrators. Hopefully some
  day someone will finally implement a utility that uses the XCLIENT
  protocol to automate Postfix tests.

- stress_smtpd_mumble parameters would default to $smtpd_mumble.
  This may cause some anomalies when the $smtpd_mumble parameter's
  actual value contains "... $smtpd_mumble ..."; the non-stress
  reference won't be replaced by " ... $stress_smtpd_mumble ...".

- No client dependent switching of main.cf parameters: the parameters
  are chosen before smtpd knows what client has connected (*). When
  the stress hits the fan, legitimate clients and strangers both
  experience the same reduced level of service.

Making the Postfix SMTP server change personality depending on
client identity (or client history) requires invasive changes (*).

If client-dependent personalities are needed. it would make more
sense to have a front end (kernel or user-land) that forwards
preferred clients to a nicer smtpd(8) instance, and that forwards
strangers to a more hostile one.

        Wietse

(*) Changing this would violate the constraint that I am spending
    most of my time not working on Postfix for the rest of the year.
    http://marc.info/?l=php-dev&m=116621380305497&w=2
    Sactifices must be made.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]