Ralph Seichter:
> In order to keep the window for temporary message rejection as small as
> possible, the LDAP attribute is set immediately before maintenance
> starts, and is removed immediately after maintenance ends. Any caching
> interferes when incoming traffic volume is high, even 30 seconds matter.
Now that you know about the 30s, how would that make a difference?
The safe sequence is to
1) Stop accepting email (reply with 4xx).
2) Update LDAP
3) Wait until caches and queues have drained (al least 30s).
4) Start accepting email.
Wietse
> If messages are not rejected during maintenance, they end up in the
> Postfix queue. However, mail queued for next hop someserver.domain.tld
> will no longer be accepted by that server once maintenance ends. All
> mail, including the messages queued during maintenance, must only be
> sent to otherserver.domain.tld after maintenance finishes. The actual
> value of the new home server can only be determined via LDAP lookups,
> after maintenance finishes.
>
> My first attempt was to solve this with transport lookups, but Viktor
> pointed out that it does not scale well. I am now trying to solve this
> in a manner which does not block any given Postfix process.
>
> -Ralph
>
