On 8/11/2014 2:23 PM, Miles Fidelman wrote: > Noel Jones wrote: >> On 8/11/2014 1:01 PM, Miles Fidelman wrote: >>> Hi Folks, >>> >>> This is mostly a matter of curiosity - but not entirely (I'm >>> rethinking the high availability strategy for a small cluster): >>> >>> If a machine crashes while postfix is processing a message - but the >>> disks are not corrupted - what happens to the message being >>> processed? I.e., what strategy does postix use for moving a message >>> from "ready to process" to "processing" to "done?" Does the message >>> get: >>> - lost >>> - sent properly >>> - potentially get sent twice? >>> >>> Thanks, >>> >>> Miles Fidelman >>> >> >> As a general rule, everything should "just work" when the system >> comes back up. >> >> - messages in the process of being received from the network will >> get a timeout. The sending system is responsible to retry. >> >> - messages in the active queue in the process of sending will be >> interrupted. The receiving system should eventually time out and >> abort the transaction. When the system comes back up, all messages >> will be sent normally. The recipient should only receive one copy. >> >> - messages waiting in the queue will be processed normally when the >> system comes back up. >> >> There is a possible race condition where a message could be sent >> twice -- a brief period of time between when postfix sends the final >> "." and the messages is removed from the queue. Other than disk >> corruption, a message should never be lost. >> >> >> >> > > Viktor and Noel, thanks for your answers to my question, but.... now > I'm more intrigued - a little digging yields this statement: > > From > http://www.postfix.org/QSHAPE_README.html#active_queue > > "While most Postfix administrators think of the "active" queue > <http://www.postfix.org/QSHAPE_README.html#active_queue> as a > directory on disk, the real "active" queue > <http://www.postfix.org/QSHAPE_README.html#active_queue> is a set of > data structures in the memory of the queue manager process. > > Messages in the "maildrop" > <http://www.postfix.org/QSHAPE_README.html#maildrop_queue>, "hold" > <http://www.postfix.org/QSHAPE_README.html#hold_queue>, "incoming" > <http://www.postfix.org/QSHAPE_README.html#incoming_queue> and > "deferred" queues (see below) do not occupy memory; they are safely > stored on disk waiting for their turn to be processed. The envelope > information for messages in the "active" queue > <http://www.postfix.org/QSHAPE_README.html#active_queue> is managed > in memory, allowing the queue manager to do global scheduling, > allocating available delivery agent processes to an appropriate > message in the active queue." > > Which suggests that either: > a. messages in the active queue actually get lost in a crash, or, > b. messages in the active queue are ALSO on disk until the end of > processing (which I expect is more likely) > > Short of going in and reading the code, can anybody tell me: > i. which of the above is true, and, > ii. if b., where does a message actually "live" as it moves through > postfix's various processing stages > > Thanks, > > Miles Fidelman > >
Postfix goes to great effort to never lose mail. The messages/files are stored on disk until delivered. The scheduling part of the queue is in memory. This is rebuilt automatically every time postfix is started. -- Noel Jones
