Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Qmail>
  3. users
Advice Required - for avoiding conflict betwen qmail-smtpd, rblsmtpd loaded as shared objects in tcpserver
mbhangui at gmail
Mar 31, 2017, 10:05 AM
Post #1 of 23 (5881 views)
Permalink
In recent past I worked on an idea that I had
to eliminate the frequent fork() / exec()
calls made by tcpserver for incoming emails

Summary
-------------
1. the entire smtpd code was written as a function smtp_init()
and compiled as /usr/lib/indimail/plugins/qmail_smtpd.so
2. the entire rblsmtpd code was written as a function rblsmtpd()
and compiled as /usr/lib/indimail/plugins/rblsmtpd.so
3. wrote a function load_shared() for tcpserver which is just
a 40 line function using dlopen(). To avoid messing up
this email link to this function is here
https://sourceforge.net/p/indimail/code/ci/master/tree/ucspi-tcp-0.88/load_shared.c

How it works
------------------
You declare environment variables PLUGIN0, PLUGIN1, ... to load
the plugins using dlopen. Normally tcpserver will load a function with
the basename of the plugin after removing ".so" from the name.
One can fine tune the behaviour for each
plugin by defining additional variables (but not necessary) like
PLUGIN0_init, PLUGIN0_dir
The value of PLUGIN0, PLUGIN1, etc variables should
point to the path. e.g.

PLUGIN0=/usr/lib/indimail/plugins/qmail_smtpd.so
PLUGIN1=/usr/lib/indimail/plugins/rblsmtpd.so
PLUGIN0_init=smtp_init
PLUGIN0_dir=/etc/indimail/control

The above causes tcpserver to load qmail_smtpd.so
and execute rblsmtpd() function for rbl and smtp_init() function
for each and every connection. BTW my supervise run file
for qmail-smtpd is like this
QMAILDUID=`/usr/bin/id -u indimail`
NOFILESGID=`/usr/bin/id -g indimail`
ME=`head -1 /etc/indimail/control/me`
HOSTNAME=`uname -n`

if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$ME" ]; then
echo QMAILDUID, NOFILESGID, or ME is unset in
echo /service/qmail-smtpd.25/run
sleep 5
exit 1
fi
if [ ! -f /etc/indimail/control/rcpthosts ]; then
echo "No /etc/indimail/control/rcpthosts!"
echo "Refusing to start SMTP listener because it'll create an open relay"
sleep 5
exit 1
fi

exec /usr/bin/envdir /service/qmail-smtpd.25/variables sh -c "
exec /usr/bin/softlimit -m \$SOFT_MEM -o 1024 \
/usr/bin/tcpserver -v -h -R -l \$LOCALIP \
-x /etc/indimail/tcp.smtp.cdb \
-c /service/qmail-smtpd.25/variables/MAXDAEMONS -o -b \$MAXDAEMONS \
-u $QMAILDUID -g $NOFILESGID \$LOCALIP \$PORT \$RBLCOMMAND \
/usr/lib/indimail/plugins/qmail_smtpd.so $HOSTNAME \$AUTHMODULES
/bin/false 2>&1"

Problem Statement
===============
1. There are duplicate functions between the shared
library of qmail_smtpd.so and rblsmtpd.so. This should
not have been an issue as I am using the flags
RTLD_NOW|RTLD_LOCAL|RTLD_NODELETE
I had hoped that RTLD_LOCAL will ensure that symbols
local to qmail_smtpd.so will not be used by rblsmtpd()
and vice versa.

2. However my tcpserver code had a control_readline()
function which was slightly different than the
control_readline() function used in qmail_smptd.so.
On CentOS7 I found that, smtp_init() function loaded
from qmail_smtpd.so started using the tcpserver's
control_readlne() function and it resulted in a BUG

3. To resolve this issue, I made both the functions same

4. I did objdump on qmail_smtpd.so and rblsmtpd.so and
found additional duplicate functions, which I believe
shoudn't be a problem ??? I used the command
$ objdump -T rblsmtpd.so |grep ".text" |awk '{print $7}' > /tmp/rbl
$ objdump -T qmail_smtpd.so |grep ".text"|awk '{print $7}' > /tmp/smtp
$ cat /tmp/smtp /tmp/rbl |sort |uniq -c|sort -k1|grep ".* 2"
2 alloc
2 alloc_free
2 alloc_re
2 byte_copy
2 byte_copyr
2 byte_diff
2 byte_zero
2 case_diffb
2 case_diffs
2 commands
2 env_get
2 error_str
2 fmt_ulong
2 ndelay_on
2 open_read
2 scan_ulong
2 scan_xlong
2 sig_catch
2 stralloc_append
2 stralloc_cat
2 stralloc_catb
2 stralloc_cats
2 stralloc_copy
2 stralloc_copyb
2 stralloc_copys
2 stralloc_ready
2 stralloc_readyplus
2 str_chr
2 str_diff
2 str_len
2 str_start

5. I need to do the same for global variables
but stuck because of lack of knowledge

6. I have done some deep reading on dlopen()
and have additionally added the flag
RTLD_DEEPBIND available since
glibc 2.3.4. Removing the duplicate
functions and RTLD_DEEPBIND has
fixed the bug i encountered on CentOS7

7. I have saved on the exec call and copying
of program space when exec happens
but loading of control files still happens
in the child after fork(). My idea is to
write a separate shared object just
to load all the control files. But it involves
some tedious work due to so many global
variables, especially the stralloc variables

Worries
======
1. Maybe I have done something stupid here
eventhough it works for me

2. I don't have the full knowledge of how
the ld loader works and half baked
knowledge is not good.

3. I believe this will require community effort,
and I am ready to work under someone's
guidance. I believe this can be done
for qmail/netqmail as indimail is basically
DJB's qmail with some meddling of my own.
I do believe that this (along with loading
of control files in the parent) will result
in some good performance improvement.
Kai Peter did reach out to me and Erwin
But somehow, we never got in touch as
I have to figure out how to use IRC. But
I am ready to play a developer role if
someone steps in to revive qmail. I have
looked at sendmail/postfix code and
feel it would be a shame have a far
superior code lose out.

Copying Kai and Eh in this email as I find them still
interested in working to improve qmail and I do once
in a while look at Eh's code. If I borrow his code, I do mention
it in the indimail CREDITS file

--
Regards Manvendra - http://www.indimail.org
GPG Pub Key
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC7CBC760014D250C
Re: Advice Required - for avoiding conflict betwen qmail-smtpd, rblsmtpd loaded as shared objects in tcpserver [ In reply to ]
search-web-for-address at pyropus
Apr 1, 2017, 10:06 AM
Post #2 of 23 (5881 views)
Permalink
Manvendra Bhangui <mbhangui@gmail.com> wrote:
> In recent past I worked on an idea that I had to eliminate the frequent
> fork() / exec() calls made by tcpserver for incoming emails

Er, why?

tcpserver does this by design. Part of the reason for that is separation of
privelege; no child process, which handles a single connection, can interfere
with the operation of any other connection, even if the exec'd program is a
buggy mess of security holes. In other words, it's a security feature.

It's also extremely efficient; the process is tiny and a fork/exec is cheap on
reasonable operating systems and even vaguely-modern hardware. Do you
actually have data showing that this minimal overhead is a bottleneck in your
situation? If not, why are you trying to eliminate it?

Charles
--
--------------------------------------------------------------------------
Charles Cazabon
GPL'ed software available at: http://pyropus.ca/software/
Read http://pyropus.ca/personal/writings/12-steps-to-qmail-list-bliss.html
--------------------------------------------------------------------------
Re: Advice Required - for avoiding conflict betwen qmail-smtpd, rblsmtpd loaded as shared objects in tcpserver [ In reply to ]
feh at fehcom
Apr 1, 2017, 3:02 PM
Post #3 of 23 (5879 views)
Permalink
Hi Manvendra (and all other readers),

> Am 31.03.2017 um 19:05 schrieb Manvendra Bhangui <mbhangui@gmail.com>:
>
> In recent past I worked on an idea that I had
> to eliminate the frequent fork() / exec()
> calls made by tcpserver for incoming emails
>
> Summary
> -------------
> 1. the entire smtpd code was written as a function smtp_init()
> and compiled as /usr/lib/indimail/plugins/qmail_smtpd.so
> 2. the entire rblsmtpd code was written as a function rblsmtpd()
> and compiled as /usr/lib/indimail/plugins/rblsmtpd.so
> 3. wrote a function load_shared() for tcpserver which is just
> a 40 line function using dlopen(). To avoid messing up
> this email link to this function is here
> https://sourceforge.net/p/indimail/code/ci/master/tree/ucspi-tcp-0.88/load_shared.c
>

actually, Charles spoke out what is common believe: Fork/Exec is an operation to lightweight to invest a lot of efforts to improve it. In particular considering the benefits of an uncompromised and clean environment (unlike a thread). HW multithreading (lots of CPUs) will again be in favor of this decision.

I'm also not so positive regarding shared modules in qmail. Clearly, an entire new architecture paradigm should be substantiated with numbers and profiling is certainly necessary. However, I don't see (though without numbers by myself) a great need to change qmail's internal working structure; in particular regarding portability.

Currently, Kai Peter (eqmai) and me (s/qmail) are going to bundle our activities to focus on an 'alternative' qmail to feed the need for a concurrent and stable replacement for qmail. We've had this discussion months ago, and I rather invite you to participate again (let's do that off-line).

Regards.
--eh.

Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de | PGP Key-Id: EE00CF65

Attached Files:

Re: Advice Required - for avoiding conflict betwen qmail-smtpd, rblsmtpd loaded as shared objects in tcpserver [ In reply to ]
mbhangui at gmail
Apr 1, 2017, 9:33 PM
Post #4 of 23 (5879 views)
Permalink
On 2 April 2017 at 03:32, Erwin Hoffmann <feh@fehcom.de> wrote:
> Hi Manvendra (and all other readers),

> actually, Charles spoke out what is common believe: Fork/Exec is an operation to lightweight to invest a lot of efforts to improve it. In particular considering the benefits of an uncompromised and clean environment (unlike a thread). HW multithreading (lots of CPUs) will again be in favor of this decision.
>
> I'm also not so positive regarding shared modules in qmail. Clearly, an entire new architecture paradigm should be substantiated with numbers and profiling is certainly necessary. However, I don't see (though without numbers by myself) a great need to change qmail's internal working structure; in particular regarding portability.
>

I do have a peculiar situation. Unlike qmail/netqmail, I have too many
control files being opened in qmail-smtpd. These get loaded again and
again for each and every mail that comes into the system using SMTP.
This whole idea of using dlopen() was just to move the loading all the
control files in the main() function of tcpserver. Subsequent calls to
qmail-smtpd will happen by calling a fuction smtp_init() instead of
exec(). I do agree that fork()/exec() gives you an uncompromised
environment. The other advantage of having shared modules or plugins
is the ability to add functionality without modifying the original
code.

> Currently, Kai Peter (eqmai) and me (s/qmail) are going to bundle our activities to focus on an 'alternative' qmail to feed the need for a concurrent and stable replacement for qmail. We've had this discussion months ago, and I rather invite you to participate again (let's do that off-line).

Sure Eh, There are few things I an definitely bring to the table (rpm,
debian and docker images).

--
Regards Manvendra - http://www.indimail.org
GPG Pub Key
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC7CBC760014D250C
Re: Advice Required - for avoiding conflict betwen qmail-smtpd, rblsmtpd loaded as shared objects in tcpserver [ In reply to ]
mbhangui at gmail
Apr 1, 2017, 9:48 PM
Post #5 of 23 (5879 views)
Permalink
On 1 April 2017 at 22:36, Charles Cazabon
<search-web-for-address@pyropus.ca> wrote:
> Manvendra Bhangui <mbhangui@gmail.com> wrote:
>> In recent past I worked on an idea that I had to eliminate the frequent
>> fork() / exec() calls made by tcpserver for incoming emails
>
> Er, why?

I do have a situation where I open around 23 control files in the
qmail-smtpd process. I want to move this to the main() of the
tcpserver process and avoid loading it again and again.

> tcpserver does this by design. Part of the reason for that is separation of
> privelege; no child process, which handles a single connection, can interfere
> with the operation of any other connection, even if the exec'd program is a
> buggy mess of security holes. In other words, it's a security feature.
>

Yes. This is the biggest reason in favour of the existing tcpserver design.

> It's also extremely efficient; the process is tiny and a fork/exec is cheap on
> reasonable operating systems and even vaguely-modern hardware. Do you
> actually have data showing that this minimal overhead is a bottleneck in your
> situation? If not, why are you trying to eliminate it?
>

No I do not have any data. It is definitely not a bottleneck. It's
just that the idea of loading the control files just once does look
good. The right thing to do is load it only once, if it can be done
without compromising the integrity of tcpserver. Hence the question on
dlopen(). Is there a way one can keep the symbols private?. I mean if
I load qmail_smtpd.so for a function named qmail_smtp(), can I
restrict the symbols loaded only to the functions loaded from
qmail_smtpd.so?
Re: Advice Required - for avoiding conflict betwen qmail-smtpd, rblsmtpd loaded as shared objects in tcpserver [ In reply to ]
mbhangui at gmail
Apr 1, 2017, 10:21 PM
Post #6 of 23 (5879 views)
Permalink
On 2 April 2017 at 10:34, Jens Bauer <jens@plustv.dk> wrote:
> Hi Manvendra.
>
> On Sun, 2 Apr 2017 10:18:31 +0530, Manvendra Bhangui wrote:
>> No I do not have any data. It is definitely not a bottleneck. It's
>> just that the idea of loading the control files just once does look
>> good. The right thing to do is load it only once, if it can be done
>> without compromising the integrity of tcpserver.
>
> I agree on this and I like the idea (especially because I once ran out of open files in Apache, since I had a log file for each web-site it served).
>
> Question: Do you read the data into read-only memory and then share a pointer (when read-only memory is available, that is) ?
>

I have written a wrapper named open_control_once() to open any control
file. This function sets up a flag to indicate that a control file has
been opened. If it is called multiple times, it just returns without
doing anything. The data however is not in read-only memory (constmap
and stralloc structures). But I do prevent a control file from being
opened multiple times.
Re: Advice Required - for avoiding conflict betwen qmail-smtpd, rblsmtpd loaded as shared objects in tcpserver [ In reply to ]
mbhangui at gmail
Apr 2, 2017, 1:03 AM
Post #7 of 23 (5879 views)
Permalink
On 2 April 2017 at 03:32, Erwin Hoffmann <feh@fehcom.de> wrote:
> actually, Charles spoke out what is common believe: Fork/Exec is an operation to lightweight to invest a lot of efforts to improve it. In particular considering the benefits of an uncompromised and clean environment (unlike a thread). HW multithreading (lots of CPUs) will again be in favor of this decision.
>

Just to be clear, The design I spoke about, tcpserver still does a
fork() and only then executes the function loaded in an earlier call
to dlopen(). However, if it does invoke an initialization function, if
in case PLUGIN_n_init is defined. In the case of qmail_smtpd.so, I do
invoke smtp_init(). smtp_init() is a simple function which loads only
the control files. This function can be written carefully so as not to
compromise the environment of the parent. I think that's what you
meant about "uncompromised and clean environment"

I am attaching a simple textual representation of the dlopen() design
for tcpserver. If you see, the only way the environment can be
compromised is by a bad load_control_files() function

Attached Files:

Re: Advice Required - for avoiding conflict betwen qmail-smtpd, rblsmtpd loaded as shared objects in tcpserver [ In reply to ]
search-web-for-address at pyropus
Apr 2, 2017, 8:17 AM
Post #8 of 23 (5879 views)
Permalink
Manvendra Bhangui <mbhangui@gmail.com> wrote:
> On 1 April 2017 at 22:36, Charles Cazabon wrote:
>
> > reasonable operating systems and even vaguely-modern hardware. Do you
> > actually have data showing that this minimal overhead is a bottleneck in
> > your situation? If not, why are you trying to eliminate it?
>
> I do have a situation where I open around 23 control files in the
> qmail-smtpd process. I want to move this to the main() of the
> tcpserver process and avoid loading it again and again.
[...]
> No I do not have any data. It is definitely not a bottleneck. It's
> just that the idea of loading the control files just once does look
> good.

I'm afraid you're fooling yourself. Any control files that are opened and
read regularly - i.e. if you're getting at least a few SMTP connections every
minute - will be satisfied from the cache. And qmail's reading of those files
doesn't use a lot of CPU time or other resources.

So you aren't really saving CPU, or anything else for that matter. You've
just introduced complexity, and probably security problems, for no real
benefit.

I *strongly* urge you to profile the performance of vanilla qmail/tcpserver
before you decide to "fix" something and try to make it "look good". I would
bet dollars to doughnuts that you will find you are trying to optimize
something which is only responsible for 0.01% of the program's work in the
first place.

As djb himself says, measure, don't speculate.

Charles
--
--------------------------------------------------------------------------
Charles Cazabon
GPL'ed software available at: http://pyropus.ca/software/
Read http://pyropus.ca/personal/writings/12-steps-to-qmail-list-bliss.html
--------------------------------------------------------------------------
Re: Advice Required - for avoiding conflict betwen qmail-smtpd, rblsmtpd loaded as shared objects in tcpserver [ In reply to ]
mbhangui at gmail
Apr 2, 2017, 8:39 AM
Post #9 of 23 (5879 views)
Permalink
On 2 April 2017 at 20:47, Charles Cazabon
<search-web-for-address@pyropus.ca> wrote:
> Manvendra Bhangui <mbhangui@gmail.com> wrote:
>> On 1 April 2017 at 22:36, Charles Cazabon wrote:
>>
>> > reasonable operating systems and even vaguely-modern hardware. Do you
>> > actually have data showing that this minimal overhead is a bottleneck in
>> > your situation? If not, why are you trying to eliminate it?
>>
>> I do have a situation where I open around 23 control files in the
>> qmail-smtpd process. I want to move this to the main() of the
>> tcpserver process and avoid loading it again and again.
> [...]
>> No I do not have any data. It is definitely not a bottleneck. It's
>> just that the idea of loading the control files just once does look
>> good.
>
> I'm afraid you're fooling yourself. Any control files that are opened and
> read regularly - i.e. if you're getting at least a few SMTP connections every
> minute - will be satisfied from the cache. And qmail's reading of those files
> doesn't use a lot of CPU time or other resources.
>
> So you aren't really saving CPU, or anything else for that matter. You've
> just introduced complexity, and probably security problems, for no real
> benefit.
>
> I *strongly* urge you to profile the performance of vanilla qmail/tcpserver
> before you decide to "fix" something and try to make it "look good". I would
> bet dollars to doughnuts that you will find you are trying to optimize
> something which is only responsible for 0.01% of the program's work in the
> first place.
>
> As djb himself says, measure, don't speculate.

Would want to try this. I have heard about smtp-source and smtp-sink
but never used them. Any recommendations?
Re: Advice Required - for avoiding conflict betwen qmail-smtpd, rblsmtpd loaded as shared objects in tcpserver [ In reply to ]
feh at fehcom
Apr 2, 2017, 8:55 AM
Post #10 of 23 (5879 views)
Permalink
Hi Manvendra,

just to be curious:


> Am 02.04.2017 um 06:48 schrieb Manvendra Bhangui <mbhangui@gmail.com>:
>
>
> I do have a situation where I open around 23 control files in the
> qmail-smtpd process. I want to move this to the main() of the
> tcpserver process and avoid loading it again and again.

What are those 23 control files to be opened (from qmail-smtpd)?

Regards.
--eh.



Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de | PGP Key-Id: EE00CF65

Attached Files:

Re: Advice Required - for avoiding conflict betwen qmail-smtpd, rblsmtpd loaded as shared objects in tcpserver [ In reply to ]
mbhangui at gmail
Apr 2, 2017, 9:04 AM
Post #11 of 23 (5879 views)
Permalink
On 2 April 2017 at 21:25, Erwin Hoffmann <feh@fehcom.de> wrote:
> Hi Manvendra,
>
> just to be curious:
>
>
>> Am 02.04.2017 um 06:48 schrieb Manvendra Bhangui <mbhangui@gmail.com>:
>>
>>
>> I do have a situation where I open around 23 control files in the
>> qmail-smtpd process. I want to move this to the main() of the
>> tcpserver process and avoid loading it again and again.
>
> What are those 23 control files to be opened (from qmail-smtpd)?
>
Just counted. More than 23. Some of these are tiny files.

badmailfrom
badmailpatterns
blackholedsender
blackholedpatterns
blackholercpt
blackholercptpatterns
badrcptto
badrcptpatterns
goodrcptto
goodrcptpatterns
spamignore
spamignorepatterns
nodnschecksok
badip
badhost
badhelo
signkey /* batv */
nosignhosts
signkeystale
accesslist
bodycheck
spfbehavior
spfipv6
tarpitcount
tarpitdelay
maxrecipients
signatures
Re: Advice Required - for avoiding conflict betwen qmail-smtpd, rblsmtpd loaded as shared objects in tcpserver [ In reply to ]
mbhangui at gmail
Apr 2, 2017, 9:22 AM
Post #12 of 23 (5879 views)
Permalink
On 2 April 2017 at 21:34, Manvendra Bhangui <mbhangui@gmail.com> wrote:
> Just counted. More than 23. Some of these are tiny files.
>
> badmailfrom
> badmailpatterns
> blackholedsender
> blackholedpatterns
> blackholercpt
...
I should have put the link to the source code smtpd.c. Here it is
https://sourceforge.net/p/indimail/code/ci/master/tree/qmail-1.03/smtpd.c
Re: Advice Required - for avoiding conflict betwen qmail-smtpd, rblsmtpd loaded as shared objects in tcpserver [ In reply to ]
jens-lists at gpio
Apr 2, 2017, 12:35 PM
Post #13 of 23 (5879 views)
Permalink
Hi Charles.

I do agree with you on testing performance is important, but there are also other things to consider.
This information is just intended to be informal (things to consider).

On Sun, 2 Apr 2017 09:17:16 -0600, Charles Cazabon wrote:
> I'm afraid you're fooling yourself. Any control files that are opened and
> read regularly - i.e. if you're getting at least a few SMTP
> connections every minute - will be satisfied from the cache.

On most linux systems it might, but these days things are different.
You can run qmail under Linux or UNIX, but you might use a system, which does not have much memory to run your qmail.
If that's the case, the file cache might not be very efficient (or it might be disabled).

If you're developing on a system which has all the great features, performance testing might not show the right results in cases where "low-end" systems are used.

If memory is no longer duplicated to a new buffer on each read (from the cache), then it will certainly be a performance boost:
* more memory will be available.
* less time will be spent looking for a free block of memory.

Also, the PowerPC based Macs have some serious problems with locks, mutexes, spinlocks, etc; it may wait forever (I've seen up to 2 minutes) until it can access files (Yes, that's a flaw/bug/error in the system, but it will never be corrected along with thousands of other bugs, since Apple do not support old systems anymore).

I've been thinking about making an qmail-embedded, which use LWIP and no POSIX/Linux/UNIX calls (eg. stripping the operating system away completely); I might not have time for this, though. If I do that, it might be best to base it on s/qmail, as s/qmail much more up-to-date than the good ol' qmail. ;)

Some of these cases might apply to Manvendra's system, some might not.


Love
Jens
RE: Advice Required - for avoiding conflict betwen qmail-smtpd, rblsmtpd loaded as shared objects in tcpserver [ In reply to ]
dashley at gmail
Apr 2, 2017, 5:44 PM
Post #14 of 23 (5879 views)
Permalink
>On most linux systems it might, but these days things are different.
>You can run qmail under Linux or UNIX, but you might use a system, which
does not have much memory to run your qmail.
>If that's the case, the file cache might not be very efficient (or it might
be disabled).
>
>If you're developing on a system which has all the great features,
performance testing might not show the right results in cases where
"low-end" systems are used.

In any software engineering endeavor, one has to make assumptions about the
target platform. Another way to paraphrase the
discussion between Charles and Jens is that qmail likely doesn't have a
statement about what platforms it is intended to support.

I have not worked on *nix server grade system EVER that did not cache disk.
I remember one of the first Linux systems I set up ... I
did a large file copy and noticed that the hard disk activity light did not
show activity. Then the activity occurred about a minute later.
I laughed to myself because I realized what had occurred. This was more
than a decade ago with a system that probably had around
512 MB of RAM.

I think Charles' assumptions are very reasonable.

I use a $250 Lenovo 11e (elementary school laptop) as a Linux server,
because it only consumes about 5.5 watts as measured at the
AC plug. Even on THAT machine (8G of RAM, 1 TB SSD), I expect disk caching
behavior to occur.

Charles' assumptions seem valid to me from any "mainstream" piece of
hardware.

Jens, the hardware and software scenarios you are considering ... wow ... it
is almost like you hacked/rooted your smart coffee maker and
are using it as a qmail server.

Attached Files:

RE: Advice Required - for avoiding conflict betwen qmail-smtpd, rblsmtpd loaded as shared objects in tcpserver [ In reply to ]
jens-lists at gpio
Apr 2, 2017, 6:03 PM
Post #15 of 23 (5879 views)
Permalink
Hi David.

I do think you're right about UNIX systems and caches; most Linux systems also would have caches.


On Sun, 2 Apr 2017 20:44:21 -0400, David T. Ashley wrote:
> Jens, the hardware and software scenarios you are considering ... wow ... it
> is almost like you hacked/rooted your smart coffee maker and
> are using it as a qmail server.

Shhh... I planned on making money on converting coffee makers into mail servers. ;)

To tell the truth, I was thinking about Cortex-M (something like STM32F4) as a miniature mail server.
Sure I could just "port" the stock qmail, but that would only give me IPv4, which means in the near future such a server would already be obsolete.
The STM32F4xx microcontroller is based on ARM Cortex-M4 and runs at 168 MHz or 180 MHz, which is enough for a normal home email server.
It could easily store the received data on a SD card or MicroSD card. No extra memory would be required as the STM32F4 has 192K on-chip RAM (or more, depending on the model).

Sadly, there's a problem with SD cards wearing out, which is one reason I'm not so keen on starting the project.
-But I think it would be cool to be able to purchase a ready-made email server for $20, which you can just hook up and start using.

Note: Some low-speed embedded devices are running Linux, but they have very little RAM, so such devices would most likely not have a file cache (or they would not benefit from it).

Personally I'm still running qmail on my (dying) MacMini (on-board graphics card is already dead so I deleted the driver to get a clean syslog). I've also successfully set up qmail on CubieBoard2 with debian [Armbian] (this works well and seem quicker than the Mac Mini).
CubieBoard2 is like the Raspberry Pi to me it was just more appealing having a Cortex-A7 processor than an ARM11 (at the time of purchase).
If I wanted to purchase a board today, I'd go for the Mqmaker MiQi, Globalscale ExpressoBin or even the Solid-Run MacchiatoBIN board ... but that's off-topic. ;)


Love
Jens
RE: Advice Required - for avoiding conflict betwen qmail-smtpd, rblsmtpd loaded as shared objects in tcpserver [ In reply to ]
dashley at gmail
Apr 2, 2017, 6:28 PM
Post #16 of 23 (5879 views)
Permalink
>I do think you're right about UNIX systems and caches; most Linux systems
also would have caches.
>
>On Sun, 2 Apr 2017 20:44:21 -0400, David T. Ashley wrote:
> Jens, the hardware and software scenarios you are considering ... wow
> ... it is almost like you hacked/rooted your smart coffee maker and
> are using it as a qmail server.
>
>Shhh... I planned on making money on converting coffee makers into mail
servers. ;)
>
>To tell the truth, I was thinking about Cortex-M (something like STM32F4)
as a miniature mail server.
>Sure I could just "port" the stock qmail, but that would only give me IPv4,
which means in the near future such a server would already be obsolete.
>The STM32F4xx microcontroller is based on ARM Cortex-M4 and runs at 168 MHz
or 180 MHz, which is enough for a normal home email server.
>It could easily store the received data on a SD card or MicroSD card. No
extra memory would be required as the STM32F4 has 192K on-chip RAM (or more,
depending on the model).
>
>Sadly, there's a problem with SD cards wearing out, which is one reason I'm
not so keen on starting the project.
>-But I think it would be cool to be able to purchase a ready-made email
server for $20, which you can just hook up and start using.

Hi Jens,

A colleague and I had struggled with the same issue, maybe for some of the
same reasons.

He wanted to use a Raspberry Pi as a home server. There were obvious
hardware and software issues
to be addressed, and we discussed them.

My personal situation is that I had all of these criteria to meet:

a)Had to be noiseless/fanless -- it would sit in my entertainment center,
and I wouldn't want it to
interfere with my video games or Arnold Schwarzenegger movies.

b)Had to be compact.

c)Should run a standard Linix distribution--easy to upgrade.

d)Should support terabytes of storage, if I wish, with no wearout issues.

e)Should not use much power. My target was 15 watts -- I'm glad I got a
solution at 5.5 watts.
This is under $10 a year -- excellent!

f)Shouldn't be too expensive.

g)Should tolerate power loss with no data corruption.

I looked at industrial computer boards, but these were expensive, and still
left the UPS issue unaddressed.

Finally, I settled on a Lenovo 11e. You can pick them up at the Lenovo
outlet store for <$300, easy (just get
a Windows one so you know it has the bay and hardware for a hard drive).

The machine is fanless nearly all of the time. (If I do load the CPU
heavily, the fan does go on, though, and the power
consumption can get as high as 15 watts. But this only occurs when running
maintenance crons. HTTP service
and so on won't do it.)

The UPS problem is solved automatically, as the laptop's battery acts as a
UPS. In fact, I wrote a cron script
to shut it down if the power is off for too long and the battery's charge
falls too far:

http://e3ft.ddns.net/vvcdtapublic/dtapublic/projs/dtats/trunk/projs/20161029
_server_scripts_automaint_cron/power_fail_shutdown?revision=98&view=markup

For the URL above, I will give you one guess about how that is being served
LOL.

The approaches you are contemplating are very clever, but for me getting
essentially a slow PC for 5.5 watts of power consumption works the best.

Best regards, Dave A.

Attached Files:

RE: Advice Required - for avoiding conflict betwen qmail-smtpd, rblsmtpd loaded as shared objects in tcpserver [ In reply to ]
jens-lists at gpio
Apr 2, 2017, 7:17 PM
Post #17 of 23 (5879 views)
Permalink
Hi David.

On Sun, 2 Apr 2017 21:28:47 -0400, David T. Ashley wrote:
> My personal situation is that I had all of these criteria to meet:
>
> a)Had to be noiseless/fanless -- it would sit in my entertainment center,
> and I wouldn't want it to
> interfere with my video games or Arnold Schwarzenegger movies.
>
> b)Had to be compact.
>
> c)Should run a standard Linix distribution--easy to upgrade.
>
> d)Should support terabytes of storage, if I wish, with no wearout issues.
>
> e)Should not use much power. My target was 15 watts -- I'm glad I got a
> solution at 5.5 watts.
> This is under $10 a year -- excellent!
>
> f)Shouldn't be too expensive.

A-F: CubieBoard2/ExpressoBin seem to satisfy these on their own; both have a SATA connector (the ExpressoBin has the fastest SATA).
Price for a 2GB ExpressoBin version is less than $80; a 1GB version is less than $40.

> g)Should tolerate power loss with no data corruption.
>
> I looked at industrial computer boards, but these were expensive, and still
> left the UPS issue unaddressed.

CubieBoard2 uses around 500mA at 5V, a connected 2.5" harddisk would use 500mA at 5V too; a total of 1A at 5V = max. 5W if reading/writing to the harddisk all the time.

You can build your own UPS by creating a Y "split" DC-cable, which has two Schottky-diodes embedded (two SR3100 would be fine).
One male DC-plug go into the CubieBoard2.
One female DC-plug connects to a DC power supply.
One female DC-plug connects to a battery.

One diode point from the battery towards the CubieBoard2.
One diode point from the external PSU towards the CubieBoard2.

Eg. the cathodes are connected to eachother.

A simple comparator circuit (with a shunt-regulator) could be used on the primary side of the battery supply (before the step-down converter) in order to monitor how much power is left.

That makes a *very* cheap UPS. :)
I'm running my CubieBoard2 on a $1 DC-DC step-down converter; which can be connected to a string of 12V lead-acid batteries (eg. charged by solar power).

> Finally, I settled on a Lenovo 11e. You can pick them up at the Lenovo
> outlet store for <$300, easy (just get
> a Windows one so you know it has the bay and hardware for a hard drive).

I actually have a dual-core P4 ThinkCentre (but I don't trust this thing too much and it's drawing way too much power compared to the CubieBoard2).

> The machine is fanless nearly all of the time. (If I do load the CPU
> heavily, the fan does go on, though, and the power
> consumption can get as high as 15 watts. But this only occurs when running
> maintenance crons. HTTP service
> and so on won't do it.)

Not too bad. :)

> The UPS problem is solved automatically, as the laptop's battery acts as a
> UPS. In fact, I wrote a cron script
> to shut it down if the power is off for too long and the battery's charge
> falls too far:
>
> http://e3ft.ddns.net/vvcdtapublic/dtapublic/projs/dtats/trunk/projs/20161029
> _server_scripts_automaint_cron/power_fail_shutdown?revision=98&view=markup

Quite uncomplicated. :)

> For the URL above, I will give you one guess about how that is being served
> LOL.

Must be SVN as I expect that noone uses CVS anymore. -I prefer git myself. ;)
My CubieBoard runs multiple kinds of servers too (apache, git, redis, qmail, dovecot, ssh, nfs, netatalk, squid3, ...).

> The approaches you are contemplating are very clever, but for me getting
> essentially a slow PC for 5.5 watts of power consumption works the best.

Your solution isn't too bad either; I did expect a PC to consume more power.
Note: I've also looked into using TV-boxes (the best candidate is the Beelink-GT1 because Armbian supports building debian for it).
Cheap S905 based TV-boxes could also work (if you look [very] carefully on eBay, you might be able to find one supporting Gbit Ethernet for around $30 - please notice that almost all S905 based boxes only support 100Mbit Ethernet, not Gbit Ethernet - but a few KM8 boxes seem to support Gbit Enet).

I think a STM32F4 qmail server would be able to run at milliwatts - perhaps even microwatts. 8)
(the MCU is able to wake up in 4 clock cycles).

Sadly, a git-server really requires a complete Linux installation due to all the tools git is based upon.


Love
Jens
Re: Advice Required - for avoiding conflict betwen qmail-smtpd, rblsmtpd loaded as shared objects in tcpserver [ In reply to ]
hb-qmail at ml
Apr 3, 2017, 4:22 AM
Post #18 of 23 (5878 views)
Permalink
* Jens Bauer <jens-lists@gpio.dk> [2017-04-02 21:43]:
> On Sun, 2 Apr 2017 09:17:16 -0600, Charles Cazabon wrote:
> > I'm afraid you're fooling yourself. Any control files that are opened and
> > read regularly - i.e. if you're getting at least a few SMTP
> > connections every minute - will be satisfied from the cache.
> On most linux systems it might, but these days things are different.

wrong, that is true for any halfway modern OS.

> You can run qmail under Linux or UNIX, but you might use a system, which does not have much memory to run your qmail.
> If that's the case, the file cache might not be very efficient (or it might be disabled).

then you fix this OS problem at the OS level.

you don't build new sidewalks because somebody's shoes might be worn out.

> If you're developing on a system which has all the great features,
> performance testing might not show the right results in cases where
> "low-end" systems are used.

then test on slow hardware too.

hint: fork is not your problem, nor is reading config files.

> If memory is no longer duplicated to a new buffer on each read (from the cache), then it will certainly be a performance boost:

whether there is duplication or not is OS-dependent. and even if: this
won't be your bottleneck.

> * more memory will be available.

nope. please learn how virtual memory works on prettyy much everything
since at least 4.4BSD.

> * less time will be spent looking for a free block of memory.

between "nope" and "not even measurable".

> Also, the PowerPC based Macs have some serious problems with locks,
> mutexes, spinlocks, etc; it may wait forever (I've seen up to 2
> minutes) until it can access files (Yes, that's a flaw/bug/error in the
> system, but it will never be corrected along with thousands of other
> bugs, since Apple do not support old systems anymore).

so don't run old broken sh*t.
and even more important: don't screw up userland software to work
around old broken obsolete OSes.

Charles is right. You two are on the wrong train.

--
Henning Brauer, hb@bsws.de, henning@openbsd.org
BS Web Services GmbH, AG Hamburg HRB 128289, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, VMs/VPS, Application Hosting
Re: Advice Required - for avoiding conflict betwen qmail-smtpd, rblsmtpd loaded as shared objects in tcpserver [ In reply to ]
mbhangui at gmail
Apr 3, 2017, 6:40 AM
Post #19 of 23 (5878 views)
Permalink
On 31 March 2017 at 22:35, Manvendra Bhangui <mbhangui@gmail.com> wrote:
>
> 1. the entire smtpd code was written as a function smtp_init()
> and compiled as /usr/lib/indimail/plugins/qmail_smtpd.so
> 2. the entire rblsmtpd code was written as a function rblsmtpd()
> and compiled as /usr/lib/indimail/plugins/rblsmtpd.so
> 3. wrote a function load_shared() for tcpserver which is just
> a 40 line function using dlopen(). To avoid messing up
> this email link to this function is here
> https://sourceforge.net/p/indimail/code/ci/master/tree/
> ucspi-tcp-0.88/load_shared.c
>
>
Ever since I asked this question, plenty of water has flown under the
bridge. I have understood the implications of doing what I have done. I
don't disagree with Charles. As an exercise, I will indeed carry out some
testing. But I am still looking for an answer about dlopen() to improve by
own understanding and get some knowledge. I think I can again put the
question in a different way.

If I call dlopen() in tcpserver, how do I make the symbols of tcpserver not
accessible to any function(s) that get loaded by calling dlopen()?

What is happening now is that the symbols of tcpserver are accessible to
the two functions that get loaded by dlopen(). However functions in lib1
are not accessible to functions in lib2 and vice versa.

Note: I am using the flags RTLD_NOW|RTLD_LOCAL|RTLD_DEEPBIND|RTLD_NODELETE
with dlopen().

If there is a way to make this happen, I can make tcpserver immune to
malicious/buggy code loaded by dlopen(). Is there a way?

This discussion has been very good. I have got some new ideas

1. Test my code on a frugal hardware like bananaPI (a Chinese clone of
raspberryPi that I have) and RaspberryPI 3. I already have my code running
on BananaPI and RaspberryPI
2. Try out an idea proposed by David Bell.
Re: Advice Required - for avoiding conflict betwen qmail-smtpd, rblsmtpd loaded as shared objects in tcpserver [ In reply to ]
mbhangui at gmail
Apr 3, 2017, 7:39 AM
Post #20 of 23 (5878 views)
Permalink
On 3 April 2017 at 19:10, Manvendra Bhangui <mbhangui@gmail.com> wrote:
>
> But I am still looking for an answer about dlopen() to improve by own understanding and get some knowledge. I think I can again put the question in a different way.
>
> If I call dlopen() in tcpserver, how do I make the symbols of tcpserver not accessible to any function(s) that get loaded by calling dlopen()?


Eureka!!!. Found it. The answer is in using dlmopen() instead of
dlopen(). What was happening was dlopen() was using the same namespace
as the calling program (in this case tcpserver). I need to use
LM_ID_NEWLM to create a new namespace and load the shared libraries in
the new namespace. Not sure why I missed it out even after reading the
man page for dlopen() n number of times. I just need to test it and
confirm that it works the way man page says it.

The dlmopen() function differs from dlopen() primarily in that it
accepts an additional argument, lmid, that specifies the link-map
list (also referred to as a namespace) in which the shared
object should be loaded. (By comparison, dlopen() adds the
dynamically loaded shared object to the same namespace as the shared
object from which the dlopen() call is made.) The Lmid_t type is
an opaque handle that refers to a namespace.

The lmid argument is either the ID of an existing namespace
(which can be obtained using the dlinfo(3) RTLD_DI_LMID request) or
one of the following special values:

LM_ID_BASE
Load the shared object in the initial namespace (i.e., the
application's namespace).

LM_ID_NEWLM
Create a new namespace and load the shared object in that
namespace. The object must have been correctly linked to reference
all of the other shared objects that it requires, since the new
namespace is initially empty.

Thank you all.

--
Regards Manvendra - http://www.indimail.org
GPG Pub Key
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC7CBC760014D250C
Re: Advice Required - for avoiding conflict betwen qmail-smtpd, rblsmtpd loaded as shared objects in tcpserver [ In reply to ]
hb-qmail at ml
Apr 5, 2017, 5:39 AM
Post #21 of 23 (5877 views)
Permalink
* Manvendra Bhangui <mbhangui@gmail.com> [2017-04-03 16:42]:
> Eureka!!!. Found it. The answer is in using dlmopen() instead of
> dlopen().

nope. dlopen() is POSIX, dlmopen() is proprietary and nonportable.

There is no portable way of loading an object file into the process
and control visibility of its symbols to other parts of the same
process that I am aware of. And really, this is a strong hint that
you're on the wrong track (you are).

--
Henning Brauer, hb@bsws.de, henning@openbsd.org
BS Web Services GmbH, AG Hamburg HRB 128289, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, VMs/VPS, Application Hosting
Re: Advice Required - for avoiding conflict betwen qmail-smtpd, rblsmtpd loaded as shared objects in tcpserver [ In reply to ]
mbhangui at gmail
Apr 5, 2017, 7:16 AM
Post #22 of 23 (5877 views)
Permalink
On 5 April 2017 at 18:09, Henning Brauer <hb-qmail@ml.bsws.de> wrote:
> * Manvendra Bhangui <mbhangui@gmail.com> [2017-04-03 16:42]:
>> Eureka!!!. Found it. The answer is in using dlmopen() instead of
>> dlopen().
>
> nope. dlopen() is POSIX, dlmopen() is proprietary and nonportable.
>

Add to it, that it is buggy. Already discovered issues with glibc
stubs for setgroups(), setgid() and setuid(). At the moment bypassed
the stubs by using syscall() to directly call the real setgroups(),
setgid() and setuid() functions. Yes, but these bugs will meet their
death some day :)

> There is no portable way of loading an object file into the process
> and control visibility of its symbols to other parts of the same
> process that I am aware of. And really, this is a strong hint that
> you're on the wrong track (you are).
>

Have always have been on the wrong track :) but is there any
recommended way of loading shared libraries? Anything you know of,
just point me & I will read it. Have a great day.
Re: Advice Required - for avoiding conflict betwen qmail-smtpd, rblsmtpd loaded as shared objects in tcpserver [ In reply to ]
hb-qmail at ml
Apr 7, 2017, 3:44 AM
Post #23 of 23 (5873 views)
Permalink
* Manvendra Bhangui <mbhangui@gmail.com> [2017-04-05 16:19]:
> Have always have been on the wrong track :) but is there any
> recommended way of loading shared libraries? Anything you know of,
> just point me & I will read it. Have a great day.

the shared library approach is not a smart one to begin with, and
trying to convert existing binaries into shared libraries and then
trying to control symbol visibility within that process is an outright
terrible idea (that won't work for any halfway sane definition of
"work" anyway).

--
Henning Brauer, hb@bsws.de, henning@openbsd.org
BS Web Services GmbH, AG Hamburg HRB 128289, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, VMs/VPS, Application Hosting

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal