Loading ...
Sorry, an error occurred while loading the content.

Postfix SMTP connection cache tagging

Expand Messages
  • Wietse Venema
    Looking at Noel s reply to a connection caching question, I realized (once again) that the cache is shared among all SMTP clients, even across SMTP clients of
    Message 1 of 4 , Mar 22 12:53 PM
    • 0 Attachment
      Looking at Noel's reply to a connection caching question, I realized
      (once again) that the cache is shared among all SMTP clients, even
      across SMTP clients of mail delivery transports.

      That is a good thing from a connection reuse perspective. It can,
      however, have an unexpected result when different SMTP transports
      have different smtp_bind_address settings. This is done, for example,
      to give different mail streams a different client IP address so that
      their reputations are "separated".

      The way that Postfix currently implements connection reuse, it is
      possible that different mail streams become mixed.

      A possible solution is that an SMTP client tags the connection cache
      with smtp_bind_address information (if non-default) so that it can
      be taken into account when searching the connection cache.

      Wietse
    • Ben Rosengart
      ... What about other smtp_* settings affecting one-time-only parts of the protocol, such as smtp_helo_name? We don t RSET and re-HELO after each transaction,
      Message 2 of 4 , Mar 22 1:32 PM
      • 0 Attachment
        On Thu, Mar 22, 2012 at 03:53:23PM -0400, Wietse Venema wrote:
        >
        > That is a good thing from a connection reuse perspective. It can,
        > however, have an unexpected result when different SMTP transports
        > have different smtp_bind_address settings.

        What about other smtp_* settings affecting one-time-only parts of the
        protocol, such as smtp_helo_name? We don't RSET and re-HELO after each
        transaction, do we?

        --
        Ben Rosengart "Like all those possessing a library,
        Sendmail, Inc. Aurelian was aware that he was guilty of
        +1 718 431 3822 not knowing his in its entirety [...]"
        -- Jorge Luis Borges

        NOTICE: If received in error, please destroy and notify sender.
        Sender does not waive confidentiality or privilege, and use is prohibited.
      • Wietse Venema
        ... I think the simplest solution would be to separate the session cache entries from different transports, at least by default. Basically, each transport name
        Message 3 of 4 , Mar 22 2:38 PM
        • 0 Attachment
          Ben Rosengart:
          > On Thu, Mar 22, 2012 at 03:53:23PM -0400, Wietse Venema wrote:
          > >
          > > That is a good thing from a connection reuse perspective. It can,
          > > however, have an unexpected result when different SMTP transports
          > > have different smtp_bind_address settings.
          >
          > What about other smtp_* settings affecting one-time-only parts of the
          > protocol, such as smtp_helo_name? We don't RSET and re-HELO after each
          > transaction, do we?

          I think the simplest solution would be to separate the session cache
          entries from different transports, at least by default.

          Basically, each transport name specifies a default cache name space
          where an SMTP client will store and look up sessions.

          If we want so share cached sessions between different transports,
          then all one has to do is override the default cache name space,
          and specify the same override with all delivery agents that may
          share cached sessions.

          Wietse
        • Wietse Venema
          ... This is not what happens. The SMTP delivery agent prepends its own service name (the first field in master.cf) to the name of every connection cache
          Message 4 of 4 , Apr 1, 2012
          • 0 Attachment
            Wietse Venema:
            > Looking at Noel's reply to a connection caching question, I realized
            > (once again) that the cache is shared among all SMTP clients, even
            > across SMTP clients of mail delivery transports.

            This is not what happens. The SMTP delivery agent prepends its own
            service name (the first field in master.cf) to the name of every
            connection cache entry.

            (This is easily verified by setting "scache -v" in master.cf, and
            by comparing the logging with "default_transport=smtp" with the
            logging of "default_transport=relay").

            There is, therefore, no "leakage" of cached sessions from one
            transport to another transport, and therefore no "violation" of
            sender reputation policies.

            Wietse

            > That is a good thing from a connection reuse perspective. It can,
            > however, have an unexpected result when different SMTP transports
            > have different smtp_bind_address settings. This is done, for example,
            > to give different mail streams a different client IP address so that
            > their reputations are "separated".
            >
            > The way that Postfix currently implements connection reuse, it is
            > possible that different mail streams become mixed.
            >
            > A possible solution is that an SMTP client tags the connection cache
            > with smtp_bind_address information (if non-default) so that it can
            > be taken into account when searching the connection cache.
            >
            > Wietse
            >
          Your message has been successfully submitted and would be delivered to recipients shortly.