atom feed15 messages in net.sourceforge.lists.courier-usersRe: [courier-users] Multi-site theory...
FromSent OnAttachments
Sander Holthaus - Orange XLAug 22, 2004 11:11 am 
Sam VarshavchikAug 22, 2004 12:07 pm 
Sander Holthaus - Orange XLAug 22, 2004 12:37 pm 
Robert PfisterAug 22, 2004 8:55 pm 
Jerry AmundsonAug 26, 2004 9:03 am 
Ben KennedyAug 26, 2004 2:08 pm 
Sam VarshavchikAug 26, 2004 3:45 pm 
Georg LutzAug 26, 2004 3:48 pm 
Ben KennedyAug 26, 2004 4:31 pm 
Jacob S. BarrettAug 27, 2004 10:38 am 
Jerry AmundsonAug 27, 2004 11:18 am 
Sam VarshavchikAug 27, 2004 3:36 pm 
Jerry AmundsonAug 28, 2004 8:14 am 
Jerry AmundsonAug 28, 2004 9:37 am 
Ben KennedyAug 30, 2004 7:03 am 
Subject:Re: [courier-users] Multi-site theory (sort of long)
From:Ben Kennedy (be@zygoat.ca)
Date:Aug 26, 2004 2:08:20 pm
List:net.sourceforge.lists.courier-users

On 26 8 2004 at 12:00 pm -0400, Jerry Amundson wrote:

This way, if the Internet goes down at either site, only Internet e-mail at that site is affected, whereas, currently, Internet downtime creates many problems (of course).

I am actually working on something similar.

Crazy? Perhaps, but rsync'ing shouldn't cause any problems because of the unique file names, and it's --delete option should preserve the Maildir structure across to the "mirror" server, right?

Yes and no... you'll have to be careful with this such that you don't wipe out good messages on the wrong server.

In principle here is how my in-progress system works:

Two machines are both configured very similarly in terms of courier conf, users and their maildirs. Both serve authoritative DNS as well, and each is listed as MX. One server is designated "primary" and the other "secondary". Each is set up with the domain(s) in esmtpacceptmailfor. The primary has hosteddomains set accordingly and empty esmtproutes, while the secondary has hosteddomains empty and esmtproutes set to shunt all mail to the secondary.

Given the above, all mail ends up on the primary server (though there are two functioning MXes).

A cron job runs on both machines which causes them to speak to each other (via sockets and perl script) on a regular basis, e.g. every couple of minutes. This ensures functional connectivity for both hosts, and also runs an rsync --delete from primary to secondary once in awhile to keep the secondary updated as a mirror.

If it is determined that one machine is down, the operating machine takes on role as "primary" (regardless of its current role) and reconfigures hosteddomains/esmtproutes and thus begins collecting mail locally. Eventually, once the other host comes back online, a bi-directional (non- 'delete') rsync is performed to mirror the maildirs, then both machines resume their de facto configurations.

Using this approach, either machine can fail and no service is lost. The worst to happen is that some mail may be delivered in duplicate (mail deleted during the outage might re-appear, due to the recovery rsync).

Comments on this design are welcome. (FWIW, I am developing this suite of scripts and site management tools for gentoo linux, if anyone is interested.)

-ben