[Mailman-Users] Mailman and fault tolerance
John W. Baxter
jwblist3 at olympus.net
Fri Jun 23 04:20:46 CEST 2006
On 6/22/06 11:11 AM, "Mark Sapiro" <msapiro at value.net> wrote:
> It depends on how the server died and whether Mailman (specifically
> OutgoingRunner) was sent a SIGTERM and given a chance to wrapup.
>
> The outgoing message (containing a recipient list in its metadata) is
> placed in Mailman's 'out' queue where it is picked up by
> OutgoingRunner. At this point it is deleted from the out queue and
> exists only in memory. OutgoingRunner calls the DELIVERY_MODULE
> (normally SMTPDirect) to actually pass the message to the outgoing
> MTA. If the 'plug is pulled' on this process, the current SMTP
> transaction is lost as are the subsequent transactions on behalf of
> 'the rest' of the recipients.
Hmmm. That processing is contrary to the spirit of RFC 822 and 2822, which
require MTAs (which Mailman is not, so it doesn't apply) to always have a
message copy on non-volatile storage (usually disk) until the next step in
the chain has signaled OK going out, and to not signal OK until the message
is in non-volatile storage coming in.
This seems to be a hole which shouldn't and needn't exist.
(That RFC requirement is one of the main reasons that MTA performance is so
often disk limited, not processor limited, although the need for incessant
filtering caused by spammers and virus folks and phishers is changing
that--but even so processors are gaining faster than disks are.)
--John
More information about the Mailman-Users
mailing list