[CentOS] Huge mailq

Tue Feb 26 15:34:26 UTC 2008
Benjamin Smith <lists at benjamindsmith.com>

On Monday 25 February 2008, Christopher Chan wrote:
> Hmm...it will still build. To really fix it, you need to do one more step:
> 
> rpm -e --nodeps sendmail
> 
> Now that is a permanent solution.

Like a hand grenade is a "solution". Not likely to help him much, tho. =/ 
Doesn't even begin to address his situation since sendmail wasn't the problem 
to begin with. 

Seems to me that it's a bad idea to use NFS as a mail store. For example, the 
RedHat documentation specifically recommends strongly *against* it. Very 
flatly: 

> Never put the mail spool directory, /var/spool/mail/, on an NFS shared
> volume. 

http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/security-guide/s1-server-mail.html

Also, NFS has various locking problems which prevent its use in a proper mail 
cluster. Read up on sendmail's mbox vs qmail's maildir for more details. Not 
suggesting that you switch to qmail, with it's "recompile the whole !@#! 
thing every time you change a config option" mentality, but it's useful 
information nonetheless, especially when you get into having multiple mail 
receipt hosts. 

The additional complexity of NFS is what seems to have caused this gentleman's 
problem - not only did sendmail itself have to work properly, so did NFS, 
DNS, and the spam filter.  

How to avoid it? Either: 

1) Reduce complexity. (get rid of the need for DNS, NFS, etc. or 

2) "Beef up" the various pieces so they don't fail - make sure you are using 
high quality servers and equipment, or 

3) Increase redundancy, so that no single point of failure exists. 

Why is he depending on a single DNS server? Why is he using NFS, with it's 
implicit single-point-of-failure rather than GlusterFS, which provides 
multiple-primary-host redundancy and automatic failover?  
http://www.gluster.org/

-Ben
-- 
--
Only those who reach toward a goal are likely to achieve it. 

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.