You are viewing a plain text version of this content. The canonical link for it is here.

Posted to server-dev@james.apache.org by "Raphael Ouazana (Jira)" <se...@james.apache.org> on 2020/07/01 09:37:09 UTC

[jira] [Commented] (JAMES-3291) Badly formatted mailqueue causes RabbitMQMailQueue to crash

    [ https://issues.apache.org/jira/browse/JAMES-3291?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17149245#comment-17149245 ] 

Raphael Ouazana commented on JAMES-3291:
----------------------------------------

dead letter seems to be the way to go for me

> Badly formatted mailqueue causes RabbitMQMailQueue to crash
> -----------------------------------------------------------
>
>                 Key: JAMES-3291
>                 URL: https://issues.apache.org/jira/browse/JAMES-3291
>             Project: James Server
>          Issue Type: New Feature
>          Components: Queue, rabbitmq
>    Affects Versions: master, 3.5.0
>            Reporter: Benoit Tellier
>            Priority: Major
>
> ## Reproduction steps: 
> Given a bad payload published on the mailQueue exchange
> Then the dequeuer will crash and stop any following dequeuing processing
> ## Consequences:
> This can be leveraged to knock down mail reception given only the right to publish messages to RabbitMQ.
> This can generate problems to users when upgrading with non-empty mailqueue upon MailReferenceDTO changes
> ## Alternatives
> To not be crashing, we actually need to handle the deserialization exception.
> Dropping the message would be a quick fix, but could result in data loss.
> A better alternative would be to leverage a dead-letter queue in order to enable to not abort processing, while keeping track of the failure, and allowing to resume its processing.
> ## Related issues
> We are considering improving the reliability of the distributed mailqueue component, and allow to drop all RabbitMQ content. To recover from such a situation, non-dequeued emails would be tracked using the Cassandra browsing projection, and requeued in a newly provisionned rabbitMQ.
> Given the ability to re-generate non - dequeued entries, dropping invalid rabbitMQ messages could be acceptable, as the admins will have the right tools to re-generate legitimate traffic.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org