Home Forums OS X Server and Client Discussion Mail 10.3.9 Mail – Hot Copy Backup Via Rsync Advisable?

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • October 19, 2007 at 5:08 pm #370241
    JasonHeiser
    Participant

    I have a 10.3.9 server running mail services, including the MAILTRANSPORT spam/virus filtering apparatus devised by AFP548. Our mail services turn off each morning at 2:30 to rsync the data stores for Postfix and Cyrus to a backup volume. It takes around 45 minutes to complete, which means we’re not receiving e-mail during this time. Other MTAs will just try to deliver mail to us again later. However, we have a bunch of websites that send order acknowledgment e-mails when an order is placed. If our mail services are off, these acknowledgments are lost forever. I’m wondering if I can get away with rsyncing these data stores while mail services are still running. Opinions?

    October 20, 2007 at 3:56 am #370244
    Camelot
    Participant

    The question isn’t really one of backing up, it’s one of restoration.

    If you backup any file that’s in use, the copy will be in, at best, an unknown state. This might mean it works fine. It might need some tweaking to get to work, or it may be completely unusable. There’s no way of predicting which way you’ll fall.

    Now, that said you have to consider several other factors.

    One is the mail activity during the backup window – how many incoming mails are there and, more importantly, how many mailboxes are likely to be changing right as the backup [i]on that file[/i] is taking place?
    Chances are, it’s not that many.

    So for a start, if we assume that there’s an equal 1/3 chance of the ‘fine/needs help/dead’ options for any file, multiplied by the chance that the mailbox is open as the backup kicks in. That number is hard to predict, but let’s say it’s 0.1% which seems reasonable to me (each file should backup pretty quickly and there’s only a problem if it’s backing up [i]right as[/i] a new message comes in).

    That means that there’s a 0.066% of a message in the backup having [i]some[/i] kind of problem, and only a 0.033% chance of it being dead.

    Now, multiply that by the number of backups you actually need to restore from… remember, it doesn’t matter how many backup copied are dead if you never need to restore from them. The backups could all be dead for what difference it makes.
    So, how many of those backup files have you needed to restore? 1 in 1,000? 1 in 10,000?

    So now you’re talking of a 0.00033% chance that a backed up mailbox is unusable. Seems like pretty long odds to me.

    Now, in addition to that you need to factor in how much business is lost/impacted by these rogue emails that get lost compared to how much you’d lose if you lost an individual user’s mailbox.
    For example,if your users are using POP, AND they were sent mails after they left work, AND the mail server crashed AND that user’s mailbox was unrecoverable from backup, what’s the business impact for that user losing any mail from 5pm (or whenever they went home) until the server crashed?

    Of course, you may need to adjust those numbers – you may have a very significant amount of mail coming in during that 45 minute window, you may restore from backup more often than most, and every email may be critical, but the theory is sound – it’s a balance of risk analysis and cost analysis.

  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.