Question regarding FLOCK or POSIX with Sendmail 8.13.x and MailScanner.

Scott Silva ssilva at sgvwater.com
Thu Nov 2 20:29:11 GMT 2006 

Duncan, Brian M. spake the following on 11/2/2006 9:39 AM:
> 
> 
> 
>> I can't tell you why your version is different, maybe a
> 
>> custom compiled version to get around the Flock exploit that
> 
>> was posted about the time 8.12.11 came out. The consensus so
> 
>> far has been ; Linux and sendmail 8.12 = flock Linux and
> 
>> sendmail 8.13 = posix Also note that there have been some
> 
>> problems with dovecot if it is set to a different locking.
>>
> 
>> I am still curious as to how you have been so lucky with no problems!
>> Are you running on a filesystem other than ext2/ext3?
>> Maybe Core 4 has a kernel that doesn't have the locking
> 
>> problem that the enterprise distros lack because of the
> 
>> conservative patching that is done.
>>
> 
> 
> 
> I use Ext3 on all of my mail boxes.  Maybe it is due to the kernel
> somehow, or the sendmail RPM's that I used.  I am using the Fedora
> compiled kernels.  I switched over to posix earlier on my servers and
> have not noticed any differences Yet.  I have been keeping a close eye
> on the /var/spool/mqueue folders.
> 
> I was more worried about having trouble switching to posix, since this
> one box has passed probably close to 200 million messages without issues
> with flock on.  I was feeling like if it's not broke don't fix it type
> situation.  Yet I see allot of people running into this problem.
> 
> 
> I have been trying to find a way to 100% determine what lock method
> sendmail uses.  From scanning the mailing lists and searching allot of
> people tell others to check with sendmail -d0.1 -d0.4 -bt </dev/null.
> 
> If it lists flock in the compiled options then it's using flock.  I have
> NOT been able to confirm this.
> 
> Here is one host of ours that just rejects messages. (It is a Sendmail
> 8.12.x box, so it SHOULD be using flock from what I understand)
> 
> It was compiled from RPM on 03/08/06, I checked the SPEC file and see
> nothing specifying lock type.  The only reason I updated this one was
> due to an exploit at the time if I recall correctly.
> 
> Version 8.12.11.20060308
>  Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX
>                 MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET
> NETINET6
>                 NETUNIX NEWDB NIS PIPELINING SASL SCANF TCPWRAPPERS
> USERDB
>                 USE_LDAP_INIT
>  
> 
> This is my 8.13 boxes: (same on all of them)
> 
> Version 8.13.8
>  Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX
>                 MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET
> NETINET6
>                 NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP
> STARTTLS
>                 TCPWRAPPERS USERDB USE_LDAP_INIT
Definately not there or you would see HASFLOCK. Flock in sendmail is a
compile-time option, and RedHat always seemed to turn it on in 8.12. It is a
faster lock, but not safer. Your rpm must have been compiled without it, or
compiled with "-DHASFLOCK=0"

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

More information about the MailScanner mailing list