This morning, things went terribly wrong on gnu.org's primary mail
server. We ran out of resources on the mail server, and fork stopped
working. Messages bounced with permanent fatal errors ("local
delivery failed"), and I'd like to make sure this same situation
doesn't happen again.
All incoming mail for GNU users is processed with spamassassin, using
the following transport:
spamassassin_transport:
driver = pipe
command = /usr/sbin/exim -oMr spam-scanned -bS
use_bsmtp = true
transport_filter = /usr/bin/spamc -u ${lc:$local_part}
current_directory = /tmp
home_directory = /tmp
Mail that went through "spamassassin_transport" bounced with the
following mainlog entry:
2002-08-26 07:15:05 17jHkz-0004mI-00 ** foobar@???
R=spamassassin_router T=spamassassin_transport: Child process of
spamassassin_transport transport returned 2 from command:
/usr/sbin/exim
We lost 344 messages this way (we process about 100,000 messages a
day). I'm operating under the assumption that the spamassassin
processes returned 71 (for can't fork); nothing was done as a result
of this error code, and bad data/no data was passed to the called exim
process.
For this particular transport, it would seem to make sense to be able
to say that all errors are of a temporary nature. Being able to set
"temp_errors = *" (where "*" excludes zero) seems to be a good way to
specify that behavior.
On a related note, does temp_errors have any effect for the the
transport_filter program? If not, maybe there should be a
transport_filter_temp_errors option?