D. J. Bernstein
Internet mail
qmail
Frequently asked questions

Reliability


What types of filesystems are safe for mail?

Answer: qmail's queue, except for bounce message contents, is crashproof on the BSD FFS and most of its variants.

Do not use async or softupdates filesystems. If you do, and if your system crashes at the wrong moment, you will lose mail. Under Linux, make sure that all mail-handling filesystems are mounted sync. The same comments apply to many other popular MTAs. (However, some MTAs are unreliable no matter what filesystem you use.)

It is safe to put qmail's queue on a noatime filesystem.

You may encounter people who dispute one or more of the above statements. Those people don't know what they're talking about. A rather spectacular example appeared in February 2001, when someone wrote hundreds of lines of text in a dozen messages claiming that my FAQ was ``totally incorrect,'' claiming that the BSD FFS wrote data to disk in the wrong order, claiming that the BSD FFS was not crashproof, and claiming that qmail was not crashproof. He put a tremendous amount of effort into making his claims sound authoritative. ``I think there *might* be a dozen people in the world that understand UFS/FFS better then I do, but none of them have posted to this thread,'' he said. He repeatedly claimed that his assertions were well-known facts that had motivated the design of subsequent filesystems. Eventually, after a discussion with two people who understood FFS better than he did, he withdrew his claims and apologized.


How do I back up and restore the queue disk?

Answer: You can't.

One difficulty is that you can't get a consistent snapshot of the queue while qmail-send is running. Another difficulty is that messages in the queue must have filenames that match their inode numbers.

However, the big problem is that backups---even hourly backups!---are far too unreliable for mail. If your disk dies, there will be very little overlap between the messages saved in the last backup and the messages that were lost.

There are several ways to add real reliability to a mail server. Battery backups will keep your server alive, letting you park the disk to avoid a head crash, when the power goes out. Solid-state disks have their own battery backups. RAID boxes let you replace dead disks without losing any data.

You may encounter people who dispute one or more of the above statements. Those people don't know what they're talking about. For example, in August 2001, someone claimed that my FAQ was obsolete, because modern disks park themselves. In fact, disks park themselves when they are idle. Power outages have a nasty habit of happening when disks are not idle.