On Wed, May 15, 2013 at 12:54:20PM -0400, Wietse Venema wrote:
> Viktor Dukhovni:
> > Postfix already exerts too little back-pressure when the queue
> > fills,
>
> Agreed.
>
> > ignoring the deferred queue while taking more new mail
> > quickly will eliminate most of that (when the incoming queue is
>
> You are mis-representing.
>
> There is no intent to IGNORE the deferred queue. After all it is
> allowed to occupy 80% of all the delivery agents! The intent is
> to give it only 80% or whatever. As soon as a deferred message
> clears the queue it is replaced with another one.
Yes, but the effect is the same, the input queue continues to drain
quickly with a substantial reduction in the already light back-pressure,
and the deferred queue grows.
This growth without back-pressure is arguably a feature for a backup
MX host with piles of disk that is willing to queue 5 days of mail
for a dead primary, but in most other cases back-pressure is useful,
to avoid making a bad situation worse. (I would add a fallback
queue for a large-capacity backup MX, and disable inflow controls
on the fallback input).
We could also handle deferred processing of dead (or temporarily
down) destinations more efficiently, by using a lower *initial*
destination concurency for deferred mail on a per-destination basis.
Turn the initial concurrency of 5 with a cohort count of 1, sideways
to an initial concurrency of 1 and a cohort limit of 5.
On a per-destination basis, the same five messages fail and throttle
the site, but they do so in series, leaving more room for other
concurrent deliveries. If they don't fail, the concurrency rises.
A destination with some previously deferred mail that is currently
active is treated as though all the mail is high risk, and gets
the adjusted concurrency limits.
--
Viktor.
