On Tue, Aug 07, 2012 at 03:24:37PM +0300, Nikolaos Milas wrote:
> I was wondering whether we could set up this server in a way so it
> can forward (relay) all mail to mail.example.com AND, if (and only
> if) this is temporarily down, then:
>
> 1. Keep incoming mail in queue until it can contact mail.example.com
> again and deliver. (Does this happen by default?)
By default mail delivery will be retried for up to 5 days.
> - AND -
> 2. Relay incoming mail *also* to mail2.example.com (that is, only
> for the period when mail.example.com is down).
This is difficult to automate reliably, what you can do instead
is arrange to be notified that the primary is down and you decide
whether/when to update the transport table to route all mail to
the backup mailhub (make sure the primary stays down and just in
case also 'postfix reload" after the transport change so that
the active queue is reloaded).
# : shutdown switch port of primary ...
# : update the transport table ...
# postmap transport; : unless an SQL or LDAP table, ...
# postfix reload
# postfix flush
The SMTP delivery agent has a very narrow view of the failure of the
primary relay, it switching over when a single message is deferred
would be a really bad idea. Likewise, the queue manager may defer
the destination if the primary takes a couple of minutes to reboot,
but this too would be a bad reason to make a switch.
You need to make a deliberate choice to notify your users and
cut-over to the secondary system.
There are other alternatives that provide storage replication at
either the block, file-system or IMAP layer, allowing multiple
relays to deliver to "the same" highly available mailbox. This
can be a hot-cold or a hot-hot HA solution, and detailes vary
greatly.
--
Viktor.
