On Mon, May 15, 2000 at 05:09:46PM +0800, Michael Boman wrote:
> A server goes down that resolvs in global or local downtime (ok, the
> box itself is down, but the mail should been taken care of by another
> server without we need to plug the raid-set into another box). We
> should be able to say: Hmm.. let's check that out after lunch.. or
> if it is in the middle of the night: let's have a look at it tomorrow
> morning.
>
> A single point of failure is not an option.
Two points:
1) Having a backup qmail server as a backup MX will result in being
able to continue delivery of new mail when the primary host goes down.
2) Having the queue of the primary qmail server on an external RAID
will allow you to recover what few messages were in the queue at
the time of failure at your liesure.
A final suggestion:
Since you already need a custom delivery agent to look up information
from LDAP, or whatever you wanted to do, just have that delivery agent
drop a copy of each message in an NFS mounted maildir. Then have
another process from the primary server delete anything in the maildir
older than queuelifetime. That way a primary server crash will leave
a copy of every message which could be in the queue in a maildir.
serialmail will allow the messages to be re-injected into another queue.
Duplication is the price of recovery.
John
