Wietse Venema:
> lst_ho...@kwsoft.de:
> > Zitat von Wietse Venema <wie...@porcupine.org>:
> >
> > > lst_ho...@kwsoft.de:
> > >> With both changes it looks ok now (first blacklisted, second
> > >> whitelisted):
> > >>
> > >>
> > >> Jan 17 16:28:23 hpux2 postfix/master[28899]: daemon started -- version
> > >> 2.8.0-RC1, configuration /etc/postfix
> > >> Jan 17 16:28:33 hpux2 postfix/postscreen[28903]: CONNECT from
> > >> [10.1.70.1]:48111
> > >> Jan 17 16:28:33 hpux2 postfix/postscreen[28903]: entering STRESS mode
> > >> with 1 connections
> > >> Jan 17 16:28:33 hpux2 postfix/postscreen[28903]: BLACKLISTED
> > >> [10.1.70.1]:48111
> > >> Jan 17 16:28:33 hpux2 postfix/postscreen[28903]: PASS OLD
> > >> [10.1.70.1]:48111
> > >> Jan 17 16:28:33 hpux2 postfix/postscreen[28903]: leaving STRESS mode
> > >> with 0 connections
> > >
> > > Do you have a low postscreen_pre_queue_limit limit? It should
> > > normally enter stress mode with more than 1 connection.
> > >
> > > Wietse
> >
> > Not that i'm aware of. This is a test-only install, so the values are
> > at default beside the parameters needed to get postscreen working, so
> > it should be at $default_process_limit which is reported by postconf
> > with "100".
>
> In that case, would you briefly run it as "postscreen -v" and report
> the postscreen_command_time_limit logging as it starts up. ]
>
> This is what I expect to see (default_process_limit = 100):
>
> Jan 17 11:32:56 tail postfix/postscreen[17566]:
> postscreen_command_time_limit: stress=10 normal=300 lowat=70 hiwat=90
>
> hiwat=90 means enter stress mode with 90 or more connections
> lowat=70 means leave stress mode with 70 or fewer connections.
>
> You don't want to leave verbose mode on because it slows down
> postscreen which handles by all SMTP connections.
If this is what I suspect, then the HP-UX linker does not distinguish
between psc_check_queue_length_hiwat and psc_check_queue_length_lowat.
Both names are 28 characters, which is within the ANSI C limit for
internal symbol significance, but above the guaranteed 6-character
limit for external symbol significance.
These two variables are initialized in the postscreen.c module,
but the "entering/leaving STRESS" checks are done in the
postscreen_state.c module. If the linker truncates the names, then
postscreen_state.c will access a variable with a shorter name that
may be left at zero.
In detail, psc_new_session_state() checks the high-water mark (and
logs "entering STRESS mode with 1 connections") while and
psc_free_session_state() checks the low-water mark (and logs "leaving
STRESS mode with 0 connections"). This confirms that they both
test a variable that is left at zero instead of the long-name
variables that are initialized at 70 and 90, respectively.
Try adding to postscreen.h two lines at the top with:
#define psc_check_queue_length_hiwat psc_hiwat
#define psc_check_queue_length_lowat psc_lowat
Wietse
