| 1 | $Cambridge: exim/doc/doc-misc/LongTermIssues,v 1.1 2004/10/08 10:38:47 ph10 Exp $ |
| 2 | |
| 3 | Exim Long Term Issues |
| 4 | --------------------- |
| 5 | |
| 6 | I restarted this list from scratch for Exim 4. I amalgamated it with another |
| 7 | list when creating the CVS repository (October 2004). But it still probably |
| 8 | needs a substantial spring clean. Some of it is very old now. |
| 9 | |
| 10 | |
| 11 | AUTOCONF |
| 12 | -------- |
| 13 | |
| 14 | Somebody once tried to \(autoconf)\ Exim, but found it too big a job. I now |
| 15 | have some experience with using \(autoconf)\ for PCRE, and I think maybe some |
| 16 | use could be made of it. I don't, however, believe that \(all)\ Exim build-time |
| 17 | configuration should be done that way. The reason is that, unlike something |
| 18 | like PCRE, there is quite a lot of information that is "user choice". Giving it |
| 19 | all as options to a \(configure)\ command does not seem the best way of doing |
| 20 | things. |
| 21 | |
| 22 | Whenever I build something that needs more than a couple of obvious options to |
| 23 | \(configure)\, I always save them in a file anyway, so I know what I did for |
| 24 | next time. Therefore, I think it is sensible to retain the current Local file |
| 25 | structure for all the user choice configuration. |
| 26 | |
| 27 | However, it might be helpful to use \(autoconf)\ to dig out various bits of |
| 28 | information about the operating system. At present, the \(OS/Makefile-*)\ files |
| 29 | have hard-wired settings, and maybe this information could be figured out by |
| 30 | running \(autoconf)\, which would save having to keep maintaining these files. |
| 31 | |
| 32 | I would arrange things so that \(configure)\ is run automatically the first |
| 33 | time that \(make)\ is run, but it would be possible to run it manually first, |
| 34 | to override defaults. (For example, if you have both \(cc)\ and \(gcc)\ |
| 35 | installed on your system, as I do, you need to be able to specify which to |
| 36 | use.) I will need to do some experiments to see exactly how this would work. |
| 37 | |
| 38 | |
| 39 | EXIMON and other utilities |
| 40 | -------------------------- |
| 41 | |
| 42 | . Consider optionally making it possible to link with something other than |
| 43 | Athena widgets - for example, gtk. Or indeed re-write the whole thing! |
| 44 | |
| 45 | |
| 46 | GENERAL |
| 47 | ------- |
| 48 | |
| 49 | . Convert os.c into a directory of separate functions, with the macro |
| 50 | switches defined elsewhere. Then make it into a library. |
| 51 | |
| 52 | . Use a pointer to an address structure for expanding $domain etc, to make it |
| 53 | easier to save/restore this collection of variables. But note that $domain |
| 54 | and $local_part aren't always in an address. Check out when these are set. |
| 55 | Note also the new $address_data possibility. |
| 56 | |
| 57 | . Spool_in and spool_out - speed up by using a table? |
| 58 | |
| 59 | . Find a more compact way of encoding the options interpretation, and also of |
| 60 | checking for incompatible options. |
| 61 | |
| 62 | . Find a more compact way of passing an open SMTP channel without having |
| 63 | to use options. What about the TLS state information? Could use a pipe to |
| 64 | pass more data. |
| 65 | |
| 66 | . Some people have suggested separately loadable modules. But do all systems |
| 67 | have them? Is this going too far for just a few specialist users? In |
| 68 | particular, people want to be able to replace the logging with his own code. |
| 69 | Can we arrange this without going for the separately loaded modules? (cf the |
| 70 | incoming checking code.) |
| 71 | |
| 72 | . SIGHUP the daemon - don't close the sockets; instead pass a list of them |
| 73 | somewhere for the new daemon to pick up. Iff started by exim or root, of |
| 74 | course. There might be quite a long list of them - argv might not be the best |
| 75 | idea. If this were done, then a non-setuid exim daemon could be SIGHUPped. |
| 76 | |
| 77 | . Parallel deliveries. Currently dead host information doesn't get propagated |
| 78 | between them very well. Is there anyway this could be improved? |
| 79 | |
| 80 | . In some environments the use of gethostbyname() seems to cause problems. |
| 81 | Check out its use, and see if having a "force DNS" option could be helpful. |
| 82 | But people would have to know what they were doing. |
| 83 | |
| 84 | . accept_max_per_host is a slow, linear search. If smtp_accept_max is large, |
| 85 | this can be very slow. Is there some way we can speed this up? Some kind of |
| 86 | index based on the IP address? Remember, this is in the daemon, so it must |
| 87 | not consume store. |
| 88 | |
| 89 | . Change the names of all the pcre_ stuff to, say, PCRE_ so that Exim can be |
| 90 | linked with libraries or whatever that also use an external PCRE library. |
| 91 | |
| 92 | . Look at code in pidentd for running Exim in wait mode from inetd and re-using |
| 93 | the socket. This would allow it to run more tidily as non-root. |
| 94 | |
| 95 | . Think up some scheme for checking for orphan files in the spool directories. |
| 96 | Perhaps -bp should always do it, but it would be nice to have it done |
| 97 | automatically now and again. Maybe we just leave this for a cron job? Perhaps |
| 98 | a new -bx, e.g. -bpck or something. Better, perhaps, is a separate Perl |
| 99 | script. Orphan = a file that is over 24h old (or 1s when test harness) and |
| 100 | either doesn't end in -D or -H, or is a -D without a matching -H (or vice |
| 101 | versa). |
| 102 | |
| 103 | . Make set_process_info buffer bigger, and put the overflowed message at the |
| 104 | end, thereby leaving the start. |
| 105 | |
| 106 | . Swamping with delays in checking for reserved hosts - the connections are |
| 107 | counted in the total allowed. Can we improve on this somehow? Maybe shared |
| 108 | memory can help here. Think about different states and different limits. |
| 109 | |
| 110 | . Lists that must use colons: can we check for other cases, and fix them up |
| 111 | before passing them on? Is it worth it? |
| 112 | |
| 113 | . Linux for S/390 - create configuration? |
| 114 | |
| 115 | . Process receiving error message fails - can we get more info, such as the |
| 116 | stdout/stderr? |
| 117 | |
| 118 | . dbmbuild - if renaming one of .dir/.pag fails, reinstate the other. Should |
| 119 | there be a lock? |
| 120 | |
| 121 | . Write a script to check for format problems in the source - formats that are |
| 122 | not fixed strings and are built from outside code. |
| 123 | |
| 124 | . freeze_tell: Don't if message is a bounce message containing From: the local |
| 125 | machine - even if the bounce comes from another host. |
| 126 | |
| 127 | . Add additional data into the "frozen" log message at end of delivery, e.g. if |
| 128 | remote host was the local host or whatever. At least some cross referencing. |
| 129 | |
| 130 | . Someone had a requirement to install the Exim binary in a different place to |
| 131 | the utilities, etc. Also, for different builds on the same host and |
| 132 | architecture. |
| 133 | |
| 134 | . Include (part of?) the ppid in the message id? Or a random number? |
| 135 | |
| 136 | . Re-implement the code in readconf that reads error names for retry rules. |
| 137 | Make it use a table for most of the error types. Then see if we can usefully |
| 138 | add any additional error types. |
| 139 | |
| 140 | . Should there be "exim -bP acls" etc? It would mean inventing some kind of |
| 141 | "hide" facility within the ACL syntax. |
| 142 | |
| 143 | . VERY LONG TERM: the message ID is too small now, with the recent changes to |
| 144 | cram in the sub-second time. It would be a big project to extend it; Exim |
| 145 | would have to recognize both forms for a while, and become stable, before |
| 146 | generating the new form. Probably a runtime switch needed. The new form needs |
| 147 | at least microsecond time (or more?) and should probably cope with 64-bit |
| 148 | pids, just to be safe (or leave expansion space that could be used for that). |
| 149 | It should also be able to hold big enough things in base 36. |
| 150 | |
| 151 | . Take a look at libexec. |
| 152 | |
| 153 | . Sort out the stcncpy/strlcpy issue once and for all. Time things. |
| 154 | |
| 155 | . Error in transport filter. See test 407. All 3 processes see errors - which |
| 156 | one should be noticed? Transport_filter_temp_errors may be needed. |
| 157 | |
| 158 | . Think about 5xx thresholds -- too many and you're out. What about 4xx? |
| 159 | |
| 160 | . autoreply - should it call /usr/sbin/sendmail? Provide a way of not passing |
| 161 | -C and -D when creating the message ('cause it won't be privileged). |
| 162 | |
| 163 | . Strings containing \000 - anything we can do? |
| 164 | |
| 165 | . OpenSSL - can we pass an opened file for certificate? Repeatedly? |
| 166 | Otherwise pre-initialize while root? There do seem to be functions for |
| 167 | manipulating certificates, but documentation is scarce. Can we just load the |
| 168 | certificate in as root in the server? |
| 169 | |
| 170 | . Consider using poll() to close unwanted fds. Is this efficient? Perhaps it |
| 171 | doesn't matter for the daemon. |
| 172 | |
| 173 | . On a 64-bit system there are some cast warnings for casting addresses to |
| 174 | ints. Either we must find a way of not warning, or we'll have to use unions |
| 175 | to get round it. |
| 176 | |
| 177 | . Run splint on the source? |
| 178 | |
| 179 | . It has been suggested that rejection because not authenticated should use |
| 180 | 530 and not 550, but this is hard to detect because of the way ACLs work. |
| 181 | |
| 182 | . When there is a sender verify failure, $acl_verify_message contains "sender |
| 183 | verify failed", not the details of the failure. Should this change? Some of |
| 184 | the waffly details are added later in smtp_in.c. In the ACL that text is in |
| 185 | sender_verified_failed->user_message. |
| 186 | |
| 187 | . An empty string for a transport filter currently causes an error. Should it |
| 188 | ignore? Tricky because of special expansion rules for commands. |
| 189 | |
| 190 | . GFDL for documentation (www.gnu.org/licenses/fdl.html)? The 1.2 version of |
| 191 | this licence is still quite new (it is dated November 2002) so I think |
| 192 | waiting for reaction/opinion is the best plan. There are Debian concerns |
| 193 | about this licence. At very least, no Invariant Sections and no Cover Texts |
| 194 | can be used. |
| 195 | |
| 196 | . Allow $recipients in other places. Not clear what this value should be if, |
| 197 | say, the system filter has overridden them. Default would be envelope |
| 198 | recipients, as now. |
| 199 | |
| 200 | End |