Yes, you're very right.
The scenario where none of the machines can send mail is (hopefully) remote.
However, I'll have to choose a "most reliable" link and set it's machine
as the last on the strip of fallback relays.
The worst situation will be when that link fails: all emails will
converge to it and wait for the link to come back to life.
I came up with one scenario where the loop problema can be avoided:
To setup TWO machines conected to the most reliable link and put them as
the first and the last machine in the strip.
I can easily create a fifth machine, may be even a virtual one.
Like that : Mach1 --> Mach2 --> Mach3 --> Mach4 --> Mach5 (same link as
Mach1)
Thus, when the problem were raised by the faling link, Mach1 will
forward the pending emails to Mach2 and they could be sent.
And when the problem were raised by the destination server, the email
will travel from Mach1 to Mach5 and waits there for the destination
server to come back operational.
Is there something wrong in this scenario ?
Em 08/11/2010 16:56, Victor Duchovni escreveu:
On Mon, Nov 08, 2010 at 08:43:07PM +0100, Ralf Hildebrandt wrote:
The fallback relays MUST be loop-free. Thus machine4 must NOT forward
back to machine1.
I was assuming that at least one machine CAN send mail :)
Your assumption is unwarranted, and fails to take into account the
possibility of remote failures, that result in mail looping between the
backup machines, while a remote destination is down.
