thoughts

linux下qmail的源码 本人加了一些注释

filesystems aren't widely available. Solution: Keep a journal, separate
from the queue, adequate to rebuild the queue (with at worst some
duplicate deliveries). Compress the journal. This would dramatically
reduce total disk I/O.

Bounce aggregation is a dubious feature. Bounce records aren't
crashproof; there can be a huge delay between a failure and a bounce;
the resulting bounce format is unnecessarily complicated. I'm tempted to
scrap the bounce directory and send one bounce for each failing
recipient, with appropriate modifications in the accompanying text.

qmail-stop implementation: setuid to UID_SEND; kill -TERM -1. Or run
qmail-start under an external service controller, such as supervise;
that's why it runs in the foreground.

The readdir() interface hides I/O errors. Lower-level interfaces would
lead me into a thicket of portability problems. I'm really not sure what
to do about this. Of course, a hard I/O error means that mail is toast,
but a soft I/O error shouldn't cause any trouble.

job_open() or pass_dochan() could be paranoid about the same id,channel
already being open; but, since messdone() is so paranoid, the worst
possible effect of a bug along these lines would be double delivery.

Mathematical amusement: The optimal retry schedule is essentially,
though not exactly, independent of the actual distribution of message
delay times. What really matters is how much cost you assign to retries
and to particular increases in latency. qmail's current quadratic retry
schedule says that an hour-long delay in a day-old message is worth the
same as a ten-minute delay in an hour-old message; this doesn't seem so
unreasonable.

Insider information: AOL retries their messages every five minutes for
three days straight. Hmmm.


6. Sending mail through the network (qmail-rspawn, qmail-remote)

Are there any hosts, anywhere, whose mailers are bogged down by huge
messages to multiple recipients at a single host? For typical hosts,
multiple RCPTs per SMTP aren't an ``efficiency feature''; they're a
_slowness_ feature. Separate SMTP transactions have much lower latency.

I've heard three complaints about bandwidth use from masochists sending
messages through a modem through a smarthost to thousands of users---
without sublists! They can get much better performance with QMQP.

In the opposite direction: It's tempting to remove the @host part of the
qmail-remote recip argument. Or at least avoid double-dns_cname.

There are lots of reasons that qmail-rspawn should take a more active
role in qmail-remote's activities. It should call separate programs to
do (1) MX lookups, (2) SMTP connections, (3) QMTP connections. (But this
wouldn't be so important if the DNS library didn't burn so much memory.)

I bounce ambiguous MXs. (An ``ambiguous MX'' is a best-preference MX
record sending me mail for a host that I don't recognize as local.)
Automatically treating ambiguous MXs as local is incompatible with my
design decision to keep local delivery working when the network goes
down. It puts more faith in DNS than DNS deserves. Much better: Have
your MX records generated automatically from control/locals.

If I successfully connect to an MX host but it temporarily refuses to
accept the message, I give up and put the message back into the queue.
But several documents seem to suggest that I should try further MX
records. What are they thinking? My approach deals properly with downed
hosts, hosts that are unreachable through a firewall, and load
balancing; what else do people use multiple MX records for?

Currently qmail-remote sends data in 1024-byte buffers. Perhaps it
should try to take account of the MTU.

Perhaps qmail-remote should allocate a fixed amount of DNS/connect()
time across any number of MXs; this idea is due to Mark Delany.

RFC 821 doesn't say what it means by ``text.'' qmail-remote assumes that
the server's reply text doesn't contain bare LFs.

RFC 821 and RFC 1123 prohibit host names in MAIL FROM and RCPT TO from
being aliases. qmail-remote, like sendmail, rewrites aliases in RCPT;
people who don't list aliases in control/locals or sendmail's Cw are
implicitly relying on this conversion. It is course quite silly for an
internal DNS detail to have such an effect on mail delivery, but that's
how the Internet works. On the other hand, the compatibility arguments
do not apply to MAIL FROM. qmail-remote no longer bothers with CNAME
lookups for the envelope sender host.


7. Delivering mail locally (qmail-lspawn, qmail-local)

qmail-local doesn't support comsat. comsat is a pointless abomination.
Use qbiff if you want that kind of notification.

The getpwnam() interface hides I/O errors. Solution: qmail-pw2u.


8. sendmail V8's new features

sendmail-8.8.0/doc/op/op.me includes a list of big improvements of
sendmail 8.8.0 over sendmail 5.67. Here's how qmail stacks up against
each of those improvements. (Of course, qmail has its own improvements,
but that's not the point of this list.)

Connection caching, MX piggybacking: Nope. (Profile. Don't speculate.)

Response to RCPT command is fast: Yup.

IP addresses show up in Received lines: Yup.

Self domain literal is properly handled: Yup.

Different timeouts for QUIT, RCPT, etc.: No, just a single timeout.

Proper <> handling, route-address pruning: Yes, but not configurable.

ESMTP support: Yup. (Server-side, including PIPELINING.)

8-bit clean: Yup. (Including server-side 8BITMIME support; same as
sendmail with the 8 option.)

Configurable user database: Yup.

BIND support: Yup.

Keyed files: Yes, in fastforward.

931/1413/Ident/TAP: Yup.

Correct 822 address list parsing: Yup. (Note that sendmail still has
some major problems with quoting.)

List-owner handling: Yup.

Dynamic header allocation: Yup.

Minimum number of disk blocks: Yes, via tunefs -m. (Or quotas; the right
setup has qmailq with a small quota, qmails with a larger quota, so that
qmail-send always has room to work.)

Checkpointing: Yes, but not configurable---qmail always checkpoints.

Error message configuration: Nope.

GECOS matching: Not directly, but easy to hook in.

Hop limit configuration: No. (qmail's limit is 100 hops. qmail offers
automatic loop protection much more advanced than hop counting.)

MIME error messages: No. (qmail uses QSBMF error messages, which are
much easier to parse.)

Forward file path: Yes, via /etc/passwd.

Incoming SMTP configuration: Yes, via inetd or tcpserver.

Privacy options: Yes, but they're not options.

Best-MX mangling: Nope. See section 6 for further discussion.

7-bit mangling: Nope. qmail always uses 8 bits.

Support for up to 20 MX records: Yes, and more. qmail has no limits
other than memory.

Correct quoting of name-and-address headers: Yup.

VRFY and EXPN now different: Nope. qmail always hides this information.

Multi-word classes, deferred macro expansion, separate envelope/header
$g processing, separate per-mailer envelope and header processing, new
command line flags, new configuration lines, new mailer flags, new
macros: These are sendmail-specific; they wouldn't even make sense for
qmail. For example, _of course_ qmail handles envelopes and headers
separately; they're almost entirely different objects!


9. Miscellany

sendmail-clone and qsmhook are too bletcherous to be documented. (The
official replacement for qsmhook is preline, together with the
qmail-command environment variables.)

I've considered making install atomic, but this is very difficult to do
right, and pointless if it isn't done right.

RN suggests automatically putting together a reasonable set of lines for
/etc/passwd. I perceive this as getting into the adduser business, which
is worrisome: I'll be lynched the first time I screw up somebody's
passwd file. This should be left to OS-specific installation scripts.

The BSD 4.2 inetd didn't allow a username. I think I can safely forget
about this. (DS notes that the username works under Ultrix even though
it's undocumented.)

I should clean up the bput/put choices.

Some of the stralloc_0()s indicate that certain lower-level routines
should grok stralloc.

qmail assumes that all times are positive; that pid_t, time_t and ino_t
fit into unsigned long; that gid_t fits into int; that the character set
is ASCII; and that all pointers are interchangeable. Do I care?

The bat book justifies sendmail's insane line-splitting mechanism by
pointing out that it might be useful for ``a 40-character braille
print-driving program.'' C'mon, guys, is that your best excuse?

qmail's mascot is a dolphin.