On 2012-11-29 at 08:03 -0800, Todd Lyons wrote:
> It would appear that unless I remove root squash for my mail
> servers, my only option is to have a cheap daemon running as that
> unprivileged user which will simply listen on a port for a command, do
> the calculation, and return the answer.
Honestly, the daemon approach is what I'd use, because you can then do
things like cache the result for a timeout period of time, so that
multiple mails to the same user don't need to go recalculate. I'd give
it a socket interface, use Perl's ${readsocket} to talk to it, and have
a QUERY and a INCREMENT command, with a shadow_transport on delivery and
the shadow_transport using expansion to talk to readsocket to update it.
Me being me, I'd either have the expanded command be /bin/true and
rewrite Exim to short-circuit execution of /bin/true, or I'd set
allow_commands and try to run a command not in that, so that the attempt
is refused -- some experimentation would confirm this works.
With those two hooks from Exim, you have a free-running caching daemon
which can take approximate hints, and can perhaps be plumbed into the
IMAP server too, and basically maintains statistics. With a little
additional work, you can produce "State of the Storage" statistics on an
embedded HTTP server and use that for producing dashboards.
I've become a firm convert to the Go programming language for systems
programming tasks and think it would be ideal for such a daemon. Worst
case impact: a garbage collection pause in the language adds half a
second to the occasional SMTP transaction.
-Phil
