<html> <head> <title>Postfix Overview - Queue Management</title> </head> <body> <h1><a href="big-picture.html"><img src="small-picture.gif" width="115" height="45"></a> Postfix Overview - Queue Management</h1> <hr> <a href="index.html">Up one level</a> | <a href="motivation.html">Introduction</a> | <a href="goals.html">Goals and features</a> | <a href="architecture.html">Global architecture</a> | Queue Management | <a href="security.html">Security</a> <h2>Postfix mail queues</h2> Postfix has four main queues: <b>maildrop</b>, <b>incoming</b>, <b>active</b> and <b>deferred</b> (click the upper left-hand icon for the big picture). Locally-posted mail is deposited into the <b>maildrop</b>, and is copied to the <b>incoming</b> queue after some cleaning up. The <b>incoming</b> queue is for mail that is still arriving or that the queue manager hasn't looked at yet. The <b>active</b> queue is a limited-size queue for mail that the queue manager has opened for delivery. Mail that can't be delivered goes to the <b>deferred</b> queue, so that it does not get in the way of other deliveries. <p> The queue manager keeps information in memory about the <b>active</b> queue only. The active queue size is limited on purpose: <i>the queue manager should never run out of working memory because of a peak message workload</i>. Whenever there is space in the <b>active</b> queue, the queue manager lets in one message from the <b>incoming</b> queue and one from the <b>deferred</b> queue. This guarantees that new mail will get through even when there is a large backlog. <p> In addition to the queues mentioned above Postfix also maintains two parking spaces. The <b>hold</b> queue is for mail that is frozen in the queue; no delivery attempts are made until someone releases these messages with the <a href="postsuper.1.html">postsuper</a> command. The <b>corrupt</b> directory is for damaged queue files. Rather than discarding these, Postfix leaves them here for human inspection. <h2>No thundering herd</h2> Implementing a high-performance mail system is one thing. However, no-one would be pleased when Postfix connects to their site and overwhelms it with lots of simultaneous deliveries. This is an issue especially when a site has been down and mail is backed up elsewhere in the network. <p> Postfix tries to be a good network neighbor. When delivering mail to a site, Postfix will initially make no more than two simultaneous connections. As long as deliveries succeed, the concurrency slowly increases up to some configurable limit (or until the host or network is unable to handle the load); concurrency is decreased in the face of trouble. For those familiar with TCP/IP implementation details, Postfix implements its own analog of the TCP <i>slow start</i> algorithm <h2>Fairness</h2> Apart from the <i>thundering herd</i> controls, the Postfix delivery strategy is based on <i>round-robin</i> selection. The queue manager sorts message recipients in the active queue by destination, and makes round-robin walks <i>along</i> all destination queues. <p> On the average, Postfix will do simultaneous deliveries to the same domain only when there is not enough work to keep all outbound SMTP channels busy. So, when AOL goes off-line and comes back, it should not stop the system from delivering to other sites. <p> When mail arrives faster than Postfix can deliver it, Postfix will favor new mail over delayed mail. The idea is that new mail should be delivered with as little delay as possible; delayed mail can be delivered while the system would otherwise be idle. <h2>Exponential backoff</h2> Postfix implements per-message exponential backoff. When a message cannot be delivered upon the first attempt, the queue manager gives the queue file a time stamp that is offset into the future by some configurable amount of time. Queue files with future time stamps are normally ignored by the queue manager. <p> Whenever a repeat delivery attempt fails, the queue file time stamp is moved into the future by an amount of time equal to the age of the message. Thus, the time between delivery attempts doubles each time. This strategy effectively implements exponential backoff. <h2>Destination status cache</h2> The Postfix queue manager maintains a limited, short-term list of unreachable destinations. This list helps it to avoid unnecessary delivery attempts, especially with destinations that have a large mail backlog. <hr> <a href="index.html">Up one level</a> | <a href="motivation.html">Introduction</a> | <a href="goals.html">Goals and features</a> | <a href="architecture.html">Global architecture</a> | Queue Management | <a href="security.html">Security</a> </body> </html>