[gsoc] dma(8) status update

Max Lindner gisanka at googlemail.com
Sat Aug 9 13:25:28 PDT 2008

2008/8/9 Simon 'corecode' Schubert <corecode at fs.ei.tum.de>:

> Good work!  Could you describe on a high level how you handle .forward and
> smarthost, especially regarding security?

Of course!

. forward:

dma runs as root and splits itself up into 3 branches now:

-the old codebase, which drops privileges to user nobody / group mail
-a process for reading an users .forward (the function
dotforwardhandler), which forks for every file to read and drops
privileges to that user before reading.
-a process for writing an users mailbox/executing the pipe for
delivering the mail (the function write_to_local_user), which forks
for every mail to deliver and drops privileges to that user before
open the file/pipe

The communication between the 3 branches is done via two socketpairs,
one socketpair for each new branch. In order to prevent concurring
communication, it is synchronised with one semaphore each.

The new processes terminate themselves as soon as every mail which was
enqeued was sent out or bounced. This is signaled by another semaphore
which is incremented before delivery starts and decremented after the
mail was successfully sent or written or the bounce was generated and


for implementing the new smarthost delivery, I use the new function
deliver_smarthost. While the function deliver takes one qitem a time,
the deliver_smarthost function takes a queue. This queue is generated
during go_background and is the main queue with having removed the
local receipients.
This queue is given to the deliver_remote function, which sends one
"RCPT TO: xy at foo.bar" for each qitem. Depending on the returning
status code (accept, temporary error, permanent error) the qitem is
copied to one of 3 other queues. These 3 queues are processed again in
deliver_smarthost after completing the deliver_remote function. Sent
qitems are deleted, temporary failed items are tried again and
permanent failed items are bounced.

I hope this helps. Regarding security I tried to run as little code as
possible as root, use privilege separation and tried not to disregard
anything which can lead to a buffer overflow. Do you have additional


More information about the Kernel mailing list