Wietse Venema:
> Ralph Seichter:
> > In order to keep the window for temporary message rejection as small as
> > possible, the LDAP attribute is set immediately before maintenance
> > starts, and is removed immediately after maintenance ends. Any caching
> > interferes when incoming traffic volume is high, even 30 seconds matter.
>
> Now that you know about the 30s, how would that make a difference?
> The safe sequence is to
>
> 1) Stop accepting email (reply with 4xx).
>
> 2) Update LDAP
>
> 3) Wait until caches and queues have drained (al least 30s).
>
> 4) Start accepting email.
Actually, drain caches and queues BEFORE updating LDAP, so that
LDAP is not changing while Postfix is still processing email.
Wietse
> > If messages are not rejected during maintenance, they end up in the
> > Postfix queue. However, mail queued for next hop someserver.domain.tld
> > will no longer be accepted by that server once maintenance ends. All
> > mail, including the messages queued during maintenance, must only be
> > sent to otherserver.domain.tld after maintenance finishes. The actual
> > value of the new home server can only be determined via LDAP lookups,
> > after maintenance finishes.
> >
> > My first attempt was to solve this with transport lookups, but Viktor
> > pointed out that it does not scale well. I am now trying to solve this
> > in a manner which does not block any given Postfix process.
> >
> > -Ralph
> >
>
