Viktor Dukhovni:
> On Wed, Sep 02, 2015 at 05:16:13PM +0200, Markus Benning wrote:
>
> > when running multiple checks in a policy daemon each check
> > needs to be running on a different port in the policy daemon
> > for the policy daemon to be able differentiate between the
> > checks when processing the request.
> >
> > What about adding a "virtual servers" feature to the policy check
> > similar to the Host: header in HTTP?
>
> Instead of focusing how you got there (consolidating multiple
> instances of the service onto a single port), it makes more sense
> to focus on the resulting semantics. Namely, you want to send the
> policy service a "query type" or a "context" string so that it can
> perform a suitable "lookup".
I agree that "context" is better than "vhost". To avoid collisions
with future protocol extensions I would make the name more specifc,
and use "policy_context" or something like that.
> > In main.cf:
> >
> > smtpd_client_restrictions =
> > check_policy_service { inet:localhost:12345, timeout=10s,
> > default_action=DUNNO, vhost=reputation }
> > check_policy_service { inet:localhost:12345, timeout=10s,
> > default_action=DUNNO, vhost=accounting }
Reusing the same client socket for multiple policy clients requires
a reference-counting mechanism that is best implemented in the lower
layers of the Postfix infrastructure. It is a unlikely that one
Postfix daemon process will be making multiple simultaneous requests
to the same endpoint, but it if does at some point in the future,
then the *_clnt APIs would need to be updated with an extra flag
to prevent client endpoint sharing.
Can you update the patch?
Wietse
