Ralf Hildebrandt:
> * Yang Zhang <yanghates...@gmail.com>:
>
> > > No. Postfix replies "250 OK: queued as 12345" when the message is QUEUED.
> >
> > Doesn't this contradict your original reply that durability is
> > guaranteed? If there's no fsync, then the message may not have been
> > persisted to non-volatile storage, and will be lost.
>
> After the mail had been written to the queue, fsync() is executed. If
> fsync() succeeded, the reply "250 OK: queued as ....." is sent back to
> the client.
>
> So unless fsync() lies, the mail is safely on the disk.
>
> Then the qmgr decides to e.g. invoke local to perform local delivery.
> local writes the mail into the Maildir, invokes fsync(). If
> fsync() succeeded, the qmgr considers the mail delivered and deletes
> the queuefile.
>
> So unless fsync() lies, the mail is safely on the disk.
>
> Your initial question was:
> "Can postfix be configured to guarantee durable email receipt?
> E.g., can it be sure to fsync the mbox/Maildir file and/or directory
> before it acknowledges successful receipt of an email?"
>
> THAT is not possible, since the process which is ACCEPTING the mail
> (smtpd) is NOT the same process that is writing to a local mailbox
> (local), due due Postfix's non-monolithical design.
It IS possible, and the reasons have nothing to do with monolithic
design.
Internet mail is a store-and-forward system, so EVERY SYSTEM must
ensure that the message is in stable storage, before it can tell
its predecessor to throw away the predecessor's copy of the message.
This principle also applies to Postfix internally as one part of
Postfix gives the message to another part.
Wietse
