Alex:
> Hi,
>
> > >> smtpd_tls_session_cache_database
> > >
> > > This is defined to the default for all instances:
> > > smtpd_tls_session_cache_database =
> > > btree:/var/lib/postfix/smtpd_tls_session_cache
> >
> > That's wrong. The session cache needs to be:
> >
> > smtpd_tls_session_cache_database =
> > ${data_directory}/smtpd_tls_session_cache
> >
> > with (enforced by postmulti) distict values of `data_directory`
> > for each instance. Only the default instance gets to scribble
> > in "/var/lib/postfix".
>
> Ah yes, of course. Thank you.
The xxx_tls_session_cache_database implementation has code that
uses DICT_FLAG_OPEN_LOCK and would have prevented sharing this
database, but that code is not enabled.
In src/tls/tls_scache.c:
#ifdef SINGLE_UPDATER
#define DICT_FLAGS (DICT_FLAG_DUP_REPLACE | DICT_FLAG_OPEN_LOCK \
| DICT_FLAG_UTF8_REQUEST)
#else
#define DICT_FLAGS \
(DICT_FLAG_DUP_REPLACE | DICT_FLAG_LOCK | DICT_FLAG_SYNC_UPDATE \
| DICT_FLAG_UTF8_REQUEST)
#endif
As SINGLE_UPDATER is never defined, the second variant is used.
Postscreen uses DICT_FLAG_OPEN_LOCK unconditionally:
#define PSC_DICT_OPEN_FLAGS (DICT_FLAG_DUP_REPLACE | DICT_FLAG_SYNC_UPDATE | \
DICT_FLAG_OPEN_LOCK)
We have good results with postscreen, so I'm changing the
xxx_tls_session_cache_database code to use DICT_FLAG_OPEN_LOCK as
well, starting in Postfix 3.7.
Wietse
