Date: Wed, 23 Jul 2003 20:03:27 +0200 From: Brad Knowles <brad.knowles@skynet.be> To: David Schultz <das@FreeBSD.ORG> Cc: FreeBSD Chat Mailing List <freebsd-chat@FreeBSD.ORG> Subject: Re: maildir with softupdates Message-ID: <a0600120abb447b7be0fb@[10.0.1.2]> In-Reply-To: <20030723173242.GC14408@HAL9000.homeunix.com> References: <3F1E6456.9090400@fsn.hu> <20030723173242.GC14408@HAL9000.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 10:32 AM -0700 2003/07/23, David Schultz wrote: >> "ext3 is unsafe for maildir, and with softupdates, so is ffs." >> http://www.irbs.net/internet/postfix/0202/0358.html > > The statement is FUD; this is a topic that mailer people love to > complain about. It's only true if your MTA doesn't call fsync() > when it wants to guarantee that the file it just wrote is on > stable storage. The MTA does not know anything about maildir. This would be a local delivery agent (LDA) issue, not an MTA issue. Moreover, the software not only needs to issue an fsync() on the file, it also needs to issue an fsync() on the directory, in order to have reasonable guarantees that the date has been safely written. My recollection is that, with fsync() on the file and fsync() on the directory, softupdates is actually safe for these kinds of applications (at least, the filesystem won't be left in an inconsistent state), whereas ext3fs or other filesystems might not be. Keep in mind that Kirk McKusick (author of softupdates) and Eric Allman (author of sendmail) have been partners for decades, and I don't think that either would do anything that could cause serious harm to the business done by the other. They've known each other far too long to let anything like that happen. I know that sendmail is safe on softupdates (indeed, softupdates is recommended), but I also recall that some source modifications were required to have it to an fsync() on both the file and the directory, before it was safe. Unfortunately, I don't recall if the fync()-on-file-and-directory trick is enough to make sendmail sufficiently safe on ext3fs. You'd have to ask people who are more knowledgeable with that configuration than I am. In the long run, it all comes down to how much danger you're willing to live with, and how much safety you believe is required before you are in proper compliance with the protocol specifications. If you want to run your e-mail system on a pure RAM disk that has no battery backup or UPS, and you're willing to lose all that e-mail if the power goes out, then you should be able to do that. However, if you have any customers, you should make operational decisions like this known to them, so that they can make their own determination as to whether or not you are conforming to the level of service that they require. For example, if you are a spamhaus, then this sort of thing is probably okay. In fact, you probably want to encourage frequent power outages, so that you can claim that you "delivered" X-billions of e-mail messages per second, where "delivered" in this case means "threw away". With data delivery rates that high, you could charge exorbitant fees for your services. Indeed, in that case I would encourage you to draw as much spam business as possible, because your mode of operation would mean that I would probably get less spam than I do today. This issue no longer has anything to do with -CURRENT, so I am re-directing this to freebsd-chat. -- Brad Knowles, <brad.knowles@skynet.be> "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a0600120abb447b7be0fb>