[Mailman-Developers] Sender: header in 2.0beta1

[Michael Yount]

On Thu, Mar 23, 2000 at 09:33:10AM +0000, Nigel Metheringham wrote:
> 
> bwarsaw@cnri.reston.va.us said:
> > True.  Such lossage should at least get logged in logs/error, and I
> > haven't in practice seen any problems on Python.Org, but you are right
> > (as others have also pointed out).  Some fallback mechanism should be
> > implemented so that mail doesn't get lost when using SMTPDirect. 
> 
> We have ended up with a nasty loop here - which means that using SMTP 
> injection I can't stop mail handling (or shut down) on a loaded 
> machine.  If I kill the SMTP listener and queue runner, then messages 
> stop being injected into mailman, but any already launched mailman 
> instances will be hit by a brick wall as they try to hand off their 
> messages.
> 
> A little careful tampering with using an inject to queue only (ie no 
> direct injection into mailman) and a separate queue runner would allow 
> this to be sequenced right, as would some nasty hacks allowing 
> differential handling of smtp coming in from remote addresses and 
> localhost... but all of this is nasty hacking to get round the fact 
> that the MTA and mailman are in a deadly embrace and getting them out 
> of it without losing mail is difficult.

This is similar to how Mj2 handles incoming mail.  In queueing mode,
incoming mail is written to a queue directory by the mj_enqueue
script.  mj_enqueue forks an mj_queueserv process (if it isn't already
running) to handle the incoming mail.  mj_queueserv will fork one
or more mj_queuerun processes, which go through each of the queue
directories in turn, locking and processing messages.

When Mj2 attempts to deliver a message to a mailing list, it 
consults the delivery rules for the list in question:  one or
more primary and backup hosts can be specified.  The primary
hosts are used in round-robin fashion.  If an SMTP session with
a primary host fails three times, the backup hosts (localhost
by default) are used.  If the backup hosts fail, the queue
runner aborts, and the message is left in the queue.  The
next queue runner to process a posted message will mark it as having
a duplicate message-id, move the message out of the queue, and notify
the list owner.

We've recently been battling problems when an SMTP session times
out during RCPT TO.  Originally, Mj2 would attempt to deliver again
to the same address (up to 25 times!);  we're testing an alternative
approach, which defers these addresses until the end of the delivery
cycle.  An address that fails twice during RCPT TO simply won't
receive the message.

It appears from SMTPDirect and smtplib that mailman doesn't use 
time limits when issuing SMTP commands.  Perhaps that is a better approach.
Listar and Mj2 use select(). 

Mj2 doesn't have a way to avoid the "deadly embrace," but it would
be fairly easy to modify the queue server to support a "queue but don't process"
mode. 

The Mj2 implementation is far from perfect, but perhaps mailman could
benefit from some of our mistakes.

Michael

> 
> 
> 	Nigel.
> -- 
> [ - Opinions expressed are personal and may not be shared by VData - ]
> [ Nigel Metheringham                  Nigel.Metheringham@VData.co.uk ]
> [ Phone: +44 1423 850000                         Fax +44 1423 858866 ]
>