Karl O. Pinc:
> Hello,
>
> I've written what I thought would be about the simplest possible after
> queue content filter (appended), and it's behaving in ways I don't
> expect.
This is a shell script that sits between a Postfix SMTP client and
a Postfix SMTP server. It is implemented with awk and nc. awk
reads from the SMTP client and sends modified content into nc.
The shell script runs as a child process of the spawn daemon.
Postfix --> awk -\ Postfix
SMTP nc <---> SMTP
client <--------/ server
The biggest problem with this script are:
1) Your script only works if the Postfix SMTP server closes the
connection immediately after the completion of a MAIL FROM
transaction. Otherwise, the nc process will hang until the
Postfix SMTP server times out after 1000 seconds.
2) Your script assumes that every SMTP connection will have only
one MAIL FROM transaction. However, the SMTP protocol supports
more than one MAIL FROM transaction per SMTP connection, and
Postfix expects that SMTP clients implement this part of the
SMTP standard.
The Postfix SMTP server closes the connection immediately when the
SMTP client sends a QUIT command; when the SMTP client closes the
connection; when the connection is idle for 1000 seconds; or when
some error condition requires the connection to be closed down.
Under peak loads, the Postfix SMTP client will not send QUIT after
every MAIL FROM transaction. Instead, it will try to use the same
connection for a sequence of MAIL FROM transactions. This saves
overhead and is enabled by default. Instead of sending QUIT after
the completion of a MAIL FROM transaction, the Postfix SMTP client
leaves the connection open. This connection can be used for another
MAIL FROM transaction, or it is closed when some timer expires.
Unfortunately, your script is not built to handle multiple SMTP
deliveries over the same connection, and your script is not built
to handle the case where the Postfix SMTP server does not close a
connection immediately.
The bug is that you use nc, which does not terminate until it
encounters an end-of-file condition on input from BOTH stdin AND
from the network. This approach is not a suitable basis for
implementing an SMTP client.
A properly implemented SMTP proxy filter takes action immediately
when it encounters an end-of-file condition on input from EITHER
stdin OR from the network.
Thus, your script is a good example of how not to implement an SMTP
proxy.
Wietse
