|
OQMGR(8) OQMGR(8)
NAME
oqmgr - old Postfix queue manager
SYNOPSIS
oqmgr [generic Postfix daemon options]
DESCRIPTION
The oqmgr(8) daemon awaits the arrival of incoming mail and arranges
for its delivery via Postfix delivery processes. The actual mail rout-
ing strategy is delegated to the trivial-rewrite(8) daemon. This pro-
gram expects to be run from the master(8) process manager.
Mail addressed to the local double-bounce address is logged and dis-
carded. This stops potential loops caused by undeliverable bounce
notifications.
MAIL QUEUES
The oqmgr(8) daemon maintains the following queues:
incoming
Inbound mail from the network, or mail picked up by the local
pickup(8) agent from the maildrop directory.
active Messages that the queue manager has opened for delivery. Only a
limited number of messages is allowed to enter the active queue
(leaky bucket strategy, for a fixed delivery rate).
deferred
Mail that could not be delivered upon the first attempt. The
queue manager implements exponential backoff by doubling the
time between delivery attempts.
corrupt
Unreadable or damaged queue files are moved here for inspection.
hold Messages that are kept "on hold" are kept here until someone
sets them free.
DELIVERY STATUS REPORTS
The oqmgr(8) daemon keeps an eye on per-message delivery status reports
in the following directories. Each status report file has the same name
as the corresponding message file:
bounce Per-recipient status information about why mail is bounced.
These files are maintained by the bounce(8) daemon.
defer Per-recipient status information about why mail is delayed.
These files are maintained by the defer(8) daemon.
trace Per-recipient status information as requested with the Postfix
"sendmail -v" or "sendmail -bv" command. These files are main-
tained by the trace(8) daemon.
The oqmgr(8) daemon is responsible for asking the bounce(8), defer(8)
or trace(8) daemons to send delivery reports.
STRATEGIES
The queue manager implements a variety of strategies for either opening
queue files (input) or for message delivery (output).
leaky bucket
This strategy limits the number of messages in the active queue
and prevents the queue manager from running out of memory under
heavy load.
fairness
When the active queue has room, the queue manager takes one mes-
sage from the incoming queue and one from the deferred queue.
This prevents a large mail backlog from blocking the delivery of
new mail.
slow start
This strategy eliminates "thundering herd" problems by slowly
adjusting the number of parallel deliveries to the same destina-
tion.
round robin
The queue manager sorts delivery requests by destination.
Round-robin selection prevents one destination from dominating
deliveries to other destinations.
exponential backoff
Mail that cannot be delivered upon the first attempt is
deferred. The time interval between delivery attempts is dou-
bled after each attempt.
destination status cache
The queue manager avoids unnecessary delivery attempts by main-
taining a short-term, in-memory list of unreachable destina-
tions.
TRIGGERS
On an idle system, the queue manager waits for the arrival of trigger
events, or it waits for a timer to go off. A trigger is a one-byte mes-
sage. Depending on the message received, the queue manager performs
one of the following actions (the message is followed by the symbolic
constant used internally by the software):
D (QMGR_REQ_SCAN_DEFERRED)
Start a deferred queue scan. If a deferred queue scan is
already in progress, that scan will be restarted as soon as it
finishes.
I (QMGR_REQ_SCAN_INCOMING)
Start an incoming queue scan. If an incoming queue scan is
already in progress, that scan will be restarted as soon as it
finishes.
A (QMGR_REQ_SCAN_ALL)
Ignore deferred queue file time stamps. The request affects the
next deferred queue scan.
F (QMGR_REQ_FLUSH_DEAD)
Purge all information about dead transports and destinations.
W (TRIGGER_REQ_WAKEUP)
Wakeup call, This is used by the master server to instantiate
servers that should not go away forever. The action is to start
an incoming queue scan.
The oqmgr(8) daemon reads an entire buffer worth of triggers. Multiple
identical trigger requests are collapsed into one, and trigger requests
are sorted so that A and F precede D and I. Thus, in order to force a
deferred queue run, one would request A F D; in order to notify the
queue manager of the arrival of new mail one would request I.
STANDARDS
None. The oqmgr(8) daemon does not interact with the outside world.
SECURITY
The oqmgr(8) daemon is not security sensitive. It reads single-charac-
ter messages from untrusted local users, and thus may be susceptible to
denial of service attacks. The oqmgr(8) daemon does not talk to the
outside world, and it can be run at fixed low privilege in a chrooted
environment.
DIAGNOSTICS
Problems and transactions are logged to the syslog(8) daemon. Cor-
rupted message files are saved to the corrupt queue for further inspec-
tion.
Depending on the setting of the notify_classes parameter, the postmas-
ter is notified of bounces and of other trouble.
BUGS
A single queue manager process has to compete for disk access with mul-
tiple front-end processes such as cleanup(8). A sudden burst of inbound
mail can negatively impact outbound delivery rates.
CONFIGURATION PARAMETERS
Changes to main.cf are not picked up automatically, as oqmgr(8) is a
persistent process. Use the command "postfix reload" after a configura-
tion change.
The text below provides only a parameter summary. See postconf(5) for
more details including examples.
In the text below, transport is the first field in a master.cf entry.
COMPATIBILITY CONTROLS
allow_min_user (no)
Allow a recipient address to have `-' as the first character.
ACTIVE QUEUE CONTROLS
qmgr_clog_warn_time (300s)
The minimal delay between warnings that a specific destination
is clogging up the Postfix active queue.
qmgr_message_active_limit (20000)
The maximal number of messages in the active queue.
qmgr_message_recipient_limit (20000)
The maximal number of recipients held in memory by the Postfix
queue manager, and the maximal size of the size of the short-
term, in-memory "dead" destination status cache.
DELIVERY CONCURRENCY CONTROLS
qmgr_fudge_factor (100)
Obsolete feature: the percentage of delivery resources that a
busy mail system will use up for delivery of a large mailing
list message.
initial_destination_concurrency (5)
The initial per-destination concurrency level for parallel
delivery to the same destination.
default_destination_concurrency_limit (20)
The default maximal number of parallel deliveries to the same
destination.
transport_destination_concurrency_limit
Idem, for delivery via the named message transport.
RECIPIENT SCHEDULING CONTROLS
default_destination_recipient_limit (50)
The default maximal number of recipients per message delivery.
transport_destination_recipient_limit
Idem, for delivery via the named message transport.
OTHER RESOURCE AND RATE CONTROLS
minimal_backoff_time (1000s)
The minimal time between attempts to deliver a deferred message.
maximal_backoff_time (4000s)
The maximal time between attempts to deliver a deferred message.
maximal_queue_lifetime (5d)
The maximal time a message is queued before it is sent back as
undeliverable.
queue_run_delay (1000s)
The time between deferred queue scans by the queue manager.
transport_retry_time (60s)
The time between attempts by the Postfix queue manager to con-
tact a malfunctioning message delivery transport.
Available in Postfix version 2.1 and later:
bounce_queue_lifetime (5d)
The maximal time a bounce message is queued before it is consid-
ered undeliverable.
MISCELLANEOUS CONTROLS
config_directory (see 'postconf -d' output)
The default location of the Postfix main.cf and master.cf con-
figuration files.
daemon_timeout (18000s)
How much time a Postfix daemon process may take to handle a
request before it is terminated by a built-in watchdog timer.
defer_transports (empty)
The names of message delivery transports that should not be
delivered to unless someone issues "sendmail -q" or equivalent.
helpful_warnings (yes)
Log warnings about problematic configuration settings, and pro-
vide helpful suggestions.
ipc_timeout (3600s)
The time limit for sending or receiving information over an
internal communication channel.
process_id (read-only)
The process ID of a Postfix command or daemon process.
process_name (read-only)
The process name of a Postfix command or daemon process.
queue_directory (see 'postconf -d' output)
The location of the Postfix top-level queue directory.
syslog_facility (mail)
The syslog facility of Postfix logging.
syslog_name (postfix)
The mail system name that is prepended to the process name in
syslog records, so that "smtpd" becomes, for example, "post-
fix/smtpd".
FILES
/var/spool/postfix/incoming, incoming queue
/var/spool/postfix/active, active queue
/var/spool/postfix/deferred, deferred queue
/var/spool/postfix/bounce, non-delivery status
/var/spool/postfix/defer, non-delivery status
/var/spool/postfix/trace, delivery status
SEE ALSO
trivial-rewrite(8), address routing
bounce(8), delivery status reports
postconf(5), configuration parameters
master(5), generic daemon options
master(8), process manager
syslogd(8), system logging
README FILES
Use "postconf readme_directory" or "postconf html_directory" to locate
this information.
QSHAPE_README, Postfix queue analysis
LICENSE
The Secure Mailer license must be distributed with this software.
AUTHOR(S)
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
OQMGR(8)
|