Question regarding FLOCK or POSIX with Sendmail 8.13.x and
MailScanner.
Tom G. Christensen
tgc at statsbiblioteket.dk
Fri Nov 3 08:34:30 GMT 2006
Scott Silva wrote:
> Duncan, Brian M. spake the following on 11/2/2006 9:39 AM:
>>
>>
>>> I can't tell you why your version is different, maybe a
>>> custom compiled version to get around the Flock exploit that
>>> was posted about the time 8.12.11 came out. The consensus so
>>> far has been ; Linux and sendmail 8.12 = flock Linux and
>>> sendmail 8.13 = posix Also note that there have been some
>>> problems with dovecot if it is set to a different locking.
>>>
>>> I am still curious as to how you have been so lucky with no problems!
>>> Are you running on a filesystem other than ext2/ext3?
>>> Maybe Core 4 has a kernel that doesn't have the locking
>>> problem that the enterprise distros lack because of the
>>> conservative patching that is done.
>>>
>>
>>
>> I use Ext3 on all of my mail boxes. Maybe it is due to the kernel
>> somehow, or the sendmail RPM's that I used. I am using the Fedora
>> compiled kernels. I switched over to posix earlier on my servers and
>> have not noticed any differences Yet. I have been keeping a close eye
>> on the /var/spool/mqueue folders.
>>
>> I was more worried about having trouble switching to posix, since this
>> one box has passed probably close to 200 million messages without issues
>> with flock on. I was feeling like if it's not broke don't fix it type
>> situation. Yet I see allot of people running into this problem.
>>
>>
>> I have been trying to find a way to 100% determine what lock method
>> sendmail uses. From scanning the mailing lists and searching allot of
>> people tell others to check with sendmail -d0.1 -d0.4 -bt </dev/null.
>>
>> If it lists flock in the compiled options then it's using flock. I have
>> NOT been able to confirm this.
>>
>> Here is one host of ours that just rejects messages. (It is a Sendmail
>> 8.12.x box, so it SHOULD be using flock from what I understand)
>>
>> It was compiled from RPM on 03/08/06, I checked the SPEC file and see
>> nothing specifying lock type. The only reason I updated this one was
>> due to an exploit at the time if I recall correctly.
>>
>> Version 8.12.11.20060308
>> Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX
>> MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET
>> NETINET6
>> NETUNIX NEWDB NIS PIPELINING SASL SCANF TCPWRAPPERS
>> USERDB
>> USE_LDAP_INIT
>>
>>
>> This is my 8.13 boxes: (same on all of them)
>>
>> Version 8.13.8
>> Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX
>> MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET
>> NETINET6
>> NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP
>> STARTTLS
>> TCPWRAPPERS USERDB USE_LDAP_INIT
> Definately not there or you would see HASFLOCK. Flock in sendmail is a
> compile-time option, and RedHat always seemed to turn it on in 8.12. It is a
> faster lock, but not safer. Your rpm must have been compiled without it, or
> compiled with "-DHASFLOCK=0"
>
I looked into the sendmail 8.12.11 source as delivered in the RHEL 3
src.rpm.
It has this snippet in the Linux section of include/sm/conf.h:
# ifndef HASFLOCK
# if LINUX_VERSION_CODE < 66399
# define HASFLOCK 0 /* flock(2) is broken after 0.99.13 */
# else /* LINUX_VERSION_CODE < 66399 */
# define HASFLOCK 1 /* flock(2) fixed after 1.3.95 */
# endif /* LINUX_VERSION_CODE < 66399 */
# endif /* ! HASFLOCK */
A quick grep reveals that HASFLOCK is not defined anywhere outside of
include/sm/conf.h so I take it this means flock is the default for Linux
in sendmail 8.12.11.
Also grep -i flock on /usr/lib/sendmail gives a match.
This type of default define is apparently not added to the Compiled
with: output.
I've run MailScanner on RHEL 2.1 for a long time, first with sendmail
8.11 and now with 8.12 (from RH errata). I've always used flock and I
haven't seen any issues with it.
It's not that I get all that much mail but my primary mx do process
about 10-14K mails a day.
-tgc
More information about the MailScanner
mailing list