On 26 Jun 2014, at 18:25, Viktor Dukhovni <[email protected]> wrote:
> On Thu, Jun 26, 2014 at 03:58:40PM +0000, [email protected] wrote: > >> We have been asked to consider using a set of 6 Postfix servers >> to provide a buffer between Exchange and our Compliance Archive >> servers, > > Have seen this done before, Postfix queue between Exchange and downstream > archive. > >> Normally Exchange will route directly to the archive servers, >> but can route via Postfix if required. > > My experience is with a configuration that always queues to Postfix. > The Postfix queue in the middle used suitably HA SAN storage, which > was designed to avoid loss of data should a single server chassis > fail. > >> If all the archive servers are down for a number of days, then the >> Postfix server will buffer the mails from Exchange. > > Why not always send via Postfix? That way you know it works when you > need it. Postfix tries to deliver via the archive when the archive > is up, otherwise queues. If the archive is down for some time, you > can place new and old mail on "hold" until you administratively > re-enable delivery. This is what I would suggest as well, unless there's a very compelling (legal, maybe?) reason not to do so? Requires no intervention on the Exchange side, is always active. Postfix would automatically defer for short amounts of downtime, and retry according your specified retry interval, minimal and maximal backoff time, queue lifetime etc. For longer downtime windows one could script something that walks through the deferred queue, pushes them to the hold queue, changes the transport entry to 'hold:' once a certain treshold is crossed, and so on. Depending on your specific wishes and requirements, this could also automatically 'unfreeze', and start delivering the backlog once the archive servers have been up for a certain amount of time. Basically, as automatic as possible when downtime happens, so it cannot be forgotten, with manual overrides for hold and release if you want to plan that in advance? Might even be able to replace the standard bounce process with something that does the hold action for you, ensuring that nothing ever bounces back to the Exchange boxes. Would need to be investigated though, that, in terms of practicality and reliability. In other words, Postfix should be fine if configured correctly, and on sufficiently performant hardware? What that is depends on the specifics of your situation, of course, uptime requirements, and so on. Devil's in the details :-) Mvg, Joni
