| blob | b476ff7e9ce5a06601b239ae8f1333ef758e8c5e |
1 /* $NetBSD$ */
3 /*++
4 /* NAME
5 /* qmgr_entry 3
6 /* SUMMARY
7 /* per-site queue entries
8 /* SYNOPSIS
9 /* #include "qmgr.h"
10 /*
11 /* QMGR_ENTRY *qmgr_entry_create(peer, message)
12 /* QMGR_PEER *peer;
13 /* QMGR_MESSAGE *message;
14 /*
15 /* void qmgr_entry_done(entry, which)
16 /* QMGR_ENTRY *entry;
17 /* int which;
18 /*
19 /* QMGR_ENTRY *qmgr_entry_select(queue)
20 /* QMGR_QUEUE *queue;
21 /*
22 /* void qmgr_entry_unselect(queue, entry)
23 /* QMGR_QUEUE *queue;
24 /* QMGR_ENTRY *entry;
25 /*
26 /* void qmgr_entry_move_todo(dst, entry)
27 /* QMGR_QUEUE *dst;
28 /* QMGR_ENTRY *entry;
29 /* DESCRIPTION
30 /* These routines add/delete/manipulate per-site message
31 /* delivery requests.
32 /*
33 /* qmgr_entry_create() creates an entry for the named peer and message,
34 /* and appends the entry to the peer's list and its queue's todo list.
35 /* Filling in and cleaning up the recipients is the responsibility
36 /* of the caller.
37 /*
38 /* qmgr_entry_done() discards a per-site queue entry. The
39 /* \fIwhich\fR argument is either QMGR_QUEUE_BUSY for an entry
40 /* of the site's `busy' list (i.e. queue entries that have been
41 /* selected for actual delivery), or QMGR_QUEUE_TODO for an entry
42 /* of the site's `todo' list (i.e. queue entries awaiting selection
43 /* for actual delivery).
44 /*
45 /* qmgr_entry_done() discards its peer structure when the peer
46 /* is not referenced anymore.
47 /*
48 /* qmgr_entry_done() triggers cleanup of the per-site queue when
49 /* the site has no pending deliveries, and the site is either
50 /* alive, or the site is dead and the number of in-core queues
51 /* exceeds a configurable limit (see qmgr_queue_done()).
52 /*
53 /* qmgr_entry_done() triggers special action when the last in-core
54 /* queue entry for a message is done with: either read more
55 /* recipients from the queue file, delete the queue file, or move
56 /* the queue file to the deferred queue; send bounce reports to the
57 /* message originator (see qmgr_active_done()).
58 /*
59 /* qmgr_entry_select() selects first entry from the named
60 /* per-site queue's `todo' list for actual delivery. The entry is
61 /* moved to the queue's `busy' list: the list of messages being
62 /* delivered. The entry is also removed from its peer list.
63 /*
64 /* qmgr_entry_unselect() takes the named entry off the named
65 /* per-site queue's `busy' list and moves it to the queue's
66 /* `todo' list. The entry is also prepended to its peer list again.
67 /*
68 /* qmgr_entry_move_todo() moves the specified "todo" queue entry
69 /* to the specified "todo" queue.
70 /* DIAGNOSTICS
71 /* Panic: interface violations, internal inconsistencies.
72 /* LICENSE
73 /* .ad
74 /* .fi
75 /* The Secure Mailer license must be distributed with this software.
76 /* AUTHOR(S)
77 /* Wietse Venema
78 /* IBM T.J. Watson Research
79 /* P.O. Box 704
80 /* Yorktown Heights, NY 10598, USA
81 /*
82 /* Preemptive scheduler enhancements:
83 /* Patrik Rak
84 /* Modra 6
85 /* 155 00, Prague, Czech Republic
86 /*--*/
88 /* System library. */
90 #include <sys_defs.h>
91 #include <stdlib.h>
92 #include <time.h>
94 /* Utility library. */
96 #include <msg.h>
97 #include <mymalloc.h>
98 #include <events.h>
99 #include <vstream.h>
101 /* Global library. */
103 #include <mail_params.h>
106 /* Application-specific. */
110 /* qmgr_entry_select - select queue entry for delivery */
113 {
127 /*
128 * With opportunistic session caching, the delivery agent must not
129 * only 1) save a session upon completion, but also 2) reuse a cached
130 * session upon the next delivery request. In order to not miss out
131 * on 2), we have to make caching sticky or else we get silly
132 * behavior when the in-memory queue drains. Specifically, new
133 * connections must not be made as long as cached connections exist.
134 *
135 * Safety: don't enable opportunistic session caching unless the queue
136 * manager is able to schedule concurrent or back-to-back deliveries
137 * (we need to recognize back-to-back deliveries for transports with
138 * concurrency 1).
139 *
140 * If caching has previously been enabled, but is not now, fetch any
141 * existing entries from the cache, but don't add new ones.
142 */
143 #define CONCURRENT_OR_BACK_TO_BACK_DELIVERY() \
144 (queue->busy_refcount > 1 || BACK_TO_BACK_DELIVERY())
146 #define BACK_TO_BACK_DELIVERY() \
147 (queue->last_done + 1 >= event_time())
149 /*
150 * Turn on session caching after we get up to speed. Don't enable
151 * session caching just because we have concurrent deliveries. This
152 * prevents unnecessary session caching when we have a burst of mail
153 * <= the initial concurrency limit.
154 */
161 }
162 }
164 /*
165 * Turn off session caching when concurrency drops and we're running
166 * out of steam. This is what prevents from turning off session
167 * caching too early, and from making new connections while old ones
168 * are still cached.
169 */
176 }
177 }
178 }
180 }
182 /* qmgr_entry_unselect - unselect queue entry for delivery */
185 {
189 /*
190 * Move the entry back to the todo lists. In case of the peer list, put
191 * it back to the beginning, so the select()/unselect() does not reorder
192 * entries. We use this in qmgr_message_assign() to put recipients into
193 * existing entries when possible.
194 */
201 }
203 /* qmgr_entry_move_todo - move entry between todo queues */
206 {
224 /*
225 * Create new entry, swap the recipients between the two entries,
226 * adjusting the job counters accordingly, then dispose of the old entry.
227 *
228 * Note that qmgr_entry_done() will also take care of adjusting the
229 * recipient limits of all the message jobs, so we do not have to do that
230 * explicitly for the new job here.
231 *
232 * XXX This does not enforce the per-entry recipient limit, but that is not
233 * a problem as long as qmgr_entry_move_todo() is called only to bounce
234 * or defer mail.
235 */
247 }
249 /* qmgr_entry_done - dispose of queue entry */
252 {
260 /*
261 * Take this entry off the in-core queue.
262 */
275 }
277 /*
278 * Decrease the in-core recipient counts and free the recipient list and
279 * the structure itself.
280 */
287 /*
288 * Make sure that the transport of any retired or finishing job that
289 * donated recipient slots to this message gets them back first. Then, if
290 * possible, pass the remaining unused recipient slots to the next job on
291 * the job list.
292 */
298 }
301 }
303 /*
304 * We implement a rate-limited queue by emulating a slow delivery
305 * channel. We insert the artificial delays with qmgr_queue_suspend().
306 *
307 * When a queue is suspended, we must postpone any job scheduling decisions
308 * until the queue is resumed. Otherwise, we make those decisions now.
309 * The job scheduling decisions are made by qmgr_job_blocker_update().
310 */
319 }
324 /*
325 * When there are no more entries for this peer, discard the peer
326 * structure.
327 */
332 /*
333 * Maintain back-to-back delivery status.
334 */
338 /*
339 * When the in-core queue for this site is empty and when this site is
340 * not dead or suspended, discard the in-core queue. When this site is
341 * dead, but the number of in-core queues exceeds some threshold, get rid
342 * of this in-core queue anyway, in order to avoid running out of memory.
343 */
349 }
351 /*
352 * Update the in-core message reference count. When the in-core message
353 * structure has no more references, dispose of the message.
354 */
358 }
360 /* qmgr_entry_create - create queue todo entry */
363 {
367 /*
368 * Sanity check.
369 */
373 /*
374 * Create the delivery request.
375 */
389 /*
390 * Warn if a destination is falling behind while the active queue
391 * contains a non-trivial amount of single-recipient email. When a
392 * destination takes up more and more space in the active queue, then
393 * other mail will not get through and delivery performance will suffer.
394 *
395 * XXX At this point in the code, the busy reference count is still less
396 * than the concurrency limit (otherwise this code would not be invoked
397 * in the first place) so we have to make make some awkward adjustments
398 * below.
399 *
400 * XXX The queue length test below looks at the active queue share of an
401 * individual destination. This catches the case where mail for one
402 * destination is falling behind because it has to round-robin compete
403 * with many other destinations. However, Postfix will also perform
404 * poorly when most of the active queue is tied up by a small number of
405 * concurrency limited destinations. The queue length test below detects
406 * such conditions only indirectly.
407 *
408 * XXX This code does not detect the case that the active queue is being
409 * starved because incoming mail is pounding the disk.
410 */
445 }
449 VAR_QMGR_CLOG_WARN_TIME);
451 }
452 }
454 }