fdatasync the spool data file

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index a7b8b68c75e2210943418efa9a3e0ea6761807bc..b72819fb43e082127e7de9309694f9a940add64b 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -63,6 +63,10 @@ JH/12 Refuse to accept a line "dot, LF" as end-of-DATA unless operating in
       accept that in (normal) CRLF mode; this has been raised as a possible
       attack scenario (under the name "smtp smuggling").
 
+JH/13 Add an fdatasync call for the received message data file in spool, before
+      loggging reception and sending the SMTP ack.  Previously we only flushed
+      the stdio buffer so there was still the possibility of a disk error.
+
 
 
 Exim version 4.97

diff --git a/src/src/exim.h b/src/src/exim.h
index ccf14f0fd064af946305cfa9f8ad77768e5760a8..699b391653f140866a4c21c2d8509f3aab6c822d 100644 (file)
--- a/src/src/exim.h
+++ b/src/src/exim.h
@@ -569,7 +569,7 @@ requires various things that are set therein. */
 #endif
 
 #ifdef ENABLE_DISABLE_FSYNC
-# define EXIMfsync(f) (disable_fsync? 0 : fsync(f))
+# define EXIMfsync(f) (disable_fsync ? 0 : fsync(f))
 #else
 # define EXIMfsync(f) fsync(f)
 #endif

diff --git a/src/src/receive.c b/src/src/receive.c
index ae70450681baf3b33e5e6906eb3b0366537834fb..63aded09f03662280ff730b8bb9957f5ab8f9c78 100644 (file)
--- a/src/src/receive.c
+++ b/src/src/receive.c
@@ -4052,7 +4052,15 @@ else
 
 receive_messagecount++;
 
-if (fflush(spool_data_file))
+if (  fflush(spool_data_file)
+#if _POSIX_C_SOURCE >= 199309L || _XOPEN_SOURCE >= 500
+# ifdef ENABLE_DISABLE_FSYNC
+   || !disable_fsync && fdatasync(data_fd)
+# else
+   || fdatasync(data_fd)
+# endif
+#endif
+   )
   {
   errmsg = string_sprintf("Spool write error: %s", strerror(errno));
   log_write(0, LOG_MAIN, "%s\n", errmsg);