[OpenAFS] Mail delivery into OpenAFS

[Russ Allbery]

Nathan Ward <nward@esphion.com> writes:
> On Sun, 06 Jul 2003 18:55:26 -0700, Russ Allbery <rra@stanford.edu> wrote:

>>> Maildir works for me because I patched qmail-local.c to rename if it
>>> can't link. Perhaps I should check if the new filename exists, and if
>>> it does temporarily defer delivery.

>> Oh, if you don't *really* care about safe mail delivery, locking isn't
>> nearly as much of a problem.  :)

> Well sure, at present its not safe. Defering the message for later
> delivery however should be.

There's no way to test first that doesn't involve a race condition.

> Or I could check to see the file exists as the name is generated, if it
> does, regenerate..

Same problem.

> In qmail, filenames are based on delivery time (AFAIK). Down to .00001
> of a second. I'd say its more or less "safe". How about I tack a process
> ID on the end of that too. Happy? :P :)

> Or have I missed something.. ?

Well, you're not actually writing a maildir.  You're writing something
else that doesn't have the proven properties of a maildir.  It sounds like
it might be reasonably safe, but I haven't thought about it very long.

All of the steps in a maildir delivery are there for a reason.  For
example, the reason why link is used instead of rename is because rename
can destroy other mail, whereas link will fail if the name already exists.
It's your mail, so if you can convince yourself that it's safe enough for
you, that's your call.  I tend to avoid trying to make up and prove
properties of locking methods and just use established, well-regarded ones
instead; it saves wear and tear on my brain.

Certainly, if you allocate a unique name for each message, you don't have
to lock.  You can just write the message out under its unique name.  I'm
not very big on trusting unique names when it comes to something as
critical as mail, but I'm paranoid.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>