On 8/11/2014 1:01 PM, Miles Fidelman wrote: > Hi Folks, > > This is mostly a matter of curiosity - but not entirely (I'm > rethinking the high availability strategy for a small cluster): > > If a machine crashes while postfix is processing a message - but the > disks are not corrupted - what happens to the message being > processed? I.e., what strategy does postix use for moving a message > from "ready to process" to "processing" to "done?" Does the message > get: > - lost > - sent properly > - potentially get sent twice? > > Thanks, > > Miles Fidelman >
As a general rule, everything should "just work" when the system comes back up. - messages in the process of being received from the network will get a timeout. The sending system is responsible to retry. - messages in the active queue in the process of sending will be interrupted. The receiving system should eventually time out and abort the transaction. When the system comes back up, all messages will be sent normally. The recipient should only receive one copy. - messages waiting in the queue will be processed normally when the system comes back up. There is a possible race condition where a message could be sent twice -- a brief period of time between when postfix sends the final "." and the messages is removed from the queue. Other than disk corruption, a message should never be lost. -- Noel Jones
