[tech] Sane mail

Grahame Bowland grahame at ucc.gu.uwa.edu.au
Fri Nov 1 19:47:58 WST 2002 

On Fri, Nov 01, 2002 at 04:06:02PM +0800, Nick Bannon wrote:
> On Fri, Nov 01, 2002 at 03:14:10PM +0800, Mark Tearle wrote:
> > No, that's dumb.  mooneye is exposed to the world and not the worlds
> > most reliable machine in any of it's nine lives.  The disk for the
> > mail spool is on morwong, the users are on morwong, Chewbacca's a
> > wookie, it just makes sense for mail to delivered on morwong.
> 
> No, that's a kneejerk. mooneye is already exposed to the world and
> you're still dependent on it to get your mail through in any scenario.
> Currently, you're dependent on morwong as well.

UWA's mail servers will quite happily queue email when there is a 
hard failure, the edge cases created by stale and/or unhappy NFS mounts 
make things difficult and broken.

Delivering between SMTP servers is a known technology and hardly 
error prone.

> FWIW, many (most?) of the users are not on morwong (though I,
> personally, am).
> 
> The point of the standalone mail server is to simplify the system and
> reduce the dependencies. If it works on mooneye it can also work on a
> locked down dedicated box with mirrored disks, firewalled to the hilt,
> and the server never has to touch an mbox format file again.

We're talking about improving the situation, not a mythical everyone-
happy-dancing-in-the-wind senario. We don't have mirrored disks, we 
don't have a locked down dedicated box and I seriously question the 
ability of the UCC to configure a machine in such a state.

Let's look at the failure points for my proposal:

Mooneye is down:
  * now: asclepius queues our mail
  * then: asclepius queues our mail

Morwong is down:
  * now: mooneye listens on port 25, then pauses randomly. Mail is 
    delayed and possibly bounced with fatal errors.
  * then: mooneye queues the email happily

Both mooneye and morwong are down:
  * now: asclepius queues our mail
  * then: asclepius queues our mail

How is the proposed idea a problem? It also has nice load sharing 
properties, and we do hit the "ohmygod morwong is down" thing a fair 
bit.

There is a definite difference between the utopian perfect solution 
and something that makes things significantly better and solves the 
problems you actually have.

I'm not keen on the everyone on IMAP idea beacuse you sacrifice so 
much flexibility. I might be interested in doing it on tartarus because 
we're providing defined services there, but at UCC it's a good idea 
to let people mess about with things and do things the way they want.

Cheers
Grahame

More information about the tech mailing list