Noel Jones wrote:
On 8/11/2014 1:01 PM, Miles Fidelman wrote:
Hi Folks,
This is mostly a matter of curiosity - but not entirely (I'm
rethinking the high availability strategy for a small cluster):
If a machine crashes while postfix is processing a message - but the
disks are not corrupted - what happens to the message being
processed? I.e., what strategy does postix use for moving a message
from "ready to process" to "processing" to "done?" Does the message
get:
- lost
- sent properly
- potentially get sent twice?
Thanks,
Miles Fidelman
As a general rule, everything should "just work" when the system
comes back up.
- messages in the process of being received from the network will
get a timeout. The sending system is responsible to retry.
- messages in the active queue in the process of sending will be
interrupted. The receiving system should eventually time out and
abort the transaction. When the system comes back up, all messages
will be sent normally. The recipient should only receive one copy.
- messages waiting in the queue will be processed normally when the
system comes back up.
There is a possible race condition where a message could be sent
twice -- a brief period of time between when postfix sends the final
"." and the messages is removed from the queue. Other than disk
corruption, a message should never be lost.
Viktor and Noel, thanks for your answers to my question, but.... now I'm
more intrigued - a little digging yields this statement:
From
http://www.postfix.org/QSHAPE_README.html#active_queue
"While most Postfix administrators think of the "active" queue
<http://www.postfix.org/QSHAPE_README.html#active_queue> as a directory
on disk, the real "active" queue
<http://www.postfix.org/QSHAPE_README.html#active_queue> is a set of
data structures in the memory of the queue manager process.
Messages in the "maildrop"
<http://www.postfix.org/QSHAPE_README.html#maildrop_queue>, "hold"
<http://www.postfix.org/QSHAPE_README.html#hold_queue>, "incoming"
<http://www.postfix.org/QSHAPE_README.html#incoming_queue> and
"deferred" queues (see below) do not occupy memory; they are safely
stored on disk waiting for their turn to be processed. The envelope
information for messages in the "active" queue
<http://www.postfix.org/QSHAPE_README.html#active_queue> is managed in
memory, allowing the queue manager to do global scheduling, allocating
available delivery agent processes to an appropriate message in the
active queue."
Which suggests that either:
a. messages in the active queue actually get lost in a crash, or,
b. messages in the active queue are ALSO on disk until the end of
processing (which I expect is more likely)
Short of going in and reading the code, can anybody tell me:
i. which of the above is true, and,
ii. if b., where does a message actually "live" as it moves through
postfix's various processing stages
Thanks,
Miles Fidelman
--
In theory, there is no difference between theory and practice.
In practice, there is. .... Yogi Berra
