Implementing redundancy at the mailbox level makes sense, because
that is essentially data at rest.
Implementing redundancy by sharing the email queue appears to make
less sense: it looks like making routers redundant by sharing their
packet queues. Both are essentially handling data in flight.
There is a major difference: dropping a queued network packet after
a router crash does not result in loss of data, because the sender
will automatically retransmit until there is a response from the
receiver. Dropping a queued email message has no 'automatic
retransmission' equivalent.
But that is not a problem, because email queues are persistent by
design. To recover, reassign the email queue from the failed MTA
to a working one. For true redundancy, keep your email queues on a
replicated storage system. As long as crashes are rare, the occasional
email queue swap will be manageable.
Wietse
