Synchronization of MTA queue directories after a failover
During normal operation, email messages are in one of three states:
- being received or sent by the primary unit
- waiting to be delivered in the mail queue
- stored on the primary unit’s mail data directories (email quarantines, email archives, and email inboxes of server mode)
When normal operation of an active-passive HA group is interrupted and a failover occurs, sending and receiving is interrupted. The delivery attempt fails, and the sender usually retries to send the email message. However, stored messages remain in the primary unit’s mail data directories.
You usually should configure HA to synchronize the stored mail data to prevent loss of email messages, but you usually will not want to regularly synchronize the mail queue. This is because, to prevent loss of email messages in the failed primary unit, FortiMail units in active-passive HA use the following failover mechanism:
- The secondary unit detects the failure of the primary unit, and becomes the new primary unit.
- The former primary unit restarts, detects the new primary unit, and becomes a secondary unit.
- The former primary unit pushes its mail queue to the new primary unit.
This synchronization occurs through the heartbeat link between the primary and secondary units, and prevents duplicate email messages from forming in the primary unit’s mail queue.
- The new primary unit delivers email in its mail queues, including email messages synchronized from the new secondary unit.
As a result, as long as the failed primary unit can restart, no email is lost from the mail queue.
Even if you choose to synchronize the mail queue, because its contents change very rapidly and synchronization is periodic, there is a chance that some email in these directories will not be synchronized at the exact moment a failover occurs.
About logging, alert email and SNMP in HA
To configure logging and alert email, configure the primary unit and enable HA events. When the configuration changes are synchronized to the secondary units, all FortiMail units in the HA group record their own separate log messages and send separate alert email messages. Log data is not synchronized. For details on configuring logging and viewing log messages, see “Logs, reports and alerts” on page 665.
To use SNMP, configure each cluster member separately and enable HA events for the community. If you enable SNMP for all units, they can all send SNMP traps. Additionally, you can use an SNMP server to monitor the primary and secondary units for HA settings, such as the HA configured and effective mode of operation. For details on SNMP, see “Configuring the network interfaces” on page 247.
Getting HA information using SNMP
You can use an SNMP manager to get information about how FortiMail HA is operating. The FortiMail MIB (fortimail.mib) and the FortiMail trap MIB (fortimail.trap.mib) include the HA fields listed in Table .
MIB Field | Description fortimail.mib |
fmlHAEventId | Provides the ID of the most recent HA event. |
fmlHAUnitIp | Provides the IP address of the port1 interface of the FortiMail unit on which an HA event occurred. |
fmlHAEventReason | Provides the description of the reason for the HA event. |
fmlHAMode | Provides the HA configured mode of operation that you configured the FortiMail unit to operate in; one of operation master (primary unit) or slave (secondary unit). |
fmlHAEffectiveMode | Provides the effective HA mode of operation (applies to active-passive HA only), either as the primary unit or as the secondary unit. The effective HA mode of operation matches the configured mode of operation unless a failure has occurred.
fortimail.trap.mib |
fmlTrapHAEvent | Provides the FortiMail HA trap that is sent when an HA event occurs. This trap includes the contents of the fmlSysSerial, |
Table 33:FortiMail MIB fields
fmlHAEventId, fmlHAUnitIp, and fmlHAEventReason MIB fields.