[Mimedefang] Debian squeeze postfix mimedefang
Michiel Brandenburg
apex at xepa.nl
Wed Jun 15 16:54:42 EDT 2011
Hi all,
> FYI for Debian sendmail users, the same thing needed to be done on a
> system running "wheezy", e.g., add the following to
> `/etc/init.d/mimedefang':
I have seen this problem too, I have looked at the code and it seems
that there is a delay between the creation of the socket (using
smfi_setconn mimedefang.c line 2442) and exit of the parent process
after daemonizing. Could it be that the smfi_setconn only indicates the
intent to create the socket and does not do the actual socket creation
itself ? Just theorizing here mind you.
I seem to remember reading somewhere when this function fails, the only
place you can check it is in the smfi_main function. Might be that this
is the actual place that this socket is created. If this is the case
it's created after the fork this might explain the delay, and thus
wheezy (my flavor) messes up with parallel booting assuming mimedefang
is ready while it's still starting. Sendmail (in my case) is then
started and can not connect to the socket.
> # Start mimedefang
> printf "%-59s" "Starting $prog: "
> rm -f $SOCKET> /dev/null 2>&1
> $PROGDIR/$prog -P $PID -R $LOOPBACK_RESERVED_CONNECTIONS \
> <snip>
> RETVAL=$?
> if [ $RETVAL = 0 ] ; then
> + #
> + # To avoid a warning message when sendmail is started,
> + # give some time to create the Milter socket file.
> + #
> + sleep 2
Might be better to add some sleeping loop here checking on the
appearance of the socket, on some of my systems it appears in 1 sec
others 2-3 seconds. As a server might do all of it's init.d within 10
sec .. adding 2 sec sleeping time seems horrible :)
A better fix might be to let the parent process exit only when the
socket has been created, don't know if this is a wanted feature but it
might be the best solution. A non-zero exit status can be returned if
this socket does not appear in a certain time frame. If the choice is
made to change mimedefang.c it might also be best to move the waiting on
the multiplexor being alive (it's checked 50 times at 3 sec intervals
after the fork) so we can be sure all is ok before we tell the world all
is well when in fact something failed. Not sure a connection attempt is
made after entering smfi_main, but logging 'Multiplexor unresponsive -
entering main loop anyway' seems to indicated that that case might fall
into the bad category.
That or we can ask the libmilter ppl to keep trying to connect and not
assume that the socket will never appear, not sure how that will work
out though.
> As an additional item for Debian mimedefang/sendmail users, you may
> need to tweak the ownership of a couple of files:
I added smmsp to the defang group that seems to work too, no need to
change the init.d script in my case. Adding this user to the defang
group may introduct security issues as the mail server can then read /
write most of the internal mimedefang temp files, on the other hand the
mailserver supplied mimedefang with the data.
Adding the mailserver user to the defang group allows postfix / sendmail
configurations to use the same init.d script .. add postfix to defang
group or add smmsp :) Or run mimedefang as another user/group, my
thoughts are to keep this out of the init.d scripting as there probably
is no 100% correct way to do this for all platforms out there.
--
Michiel Brandenburg
More information about the MIMEDefang
mailing list