Infrastructure for One Million Email Accounts?

cfsmp3 asks: "I have been asked to define the infrastructure for the email system for a huge company, which fed up of Exchange, wants to replace their entire system with something non-Microsoft. I have done this before, but not for anything of this scale. Suppose you are given a chance to build from scratch an email system that has to support around one million accounts. Some corporate, some personal, some free. POP, IMAP, webmail, etc are requirements. The system must scale perfectly, 99.9% uptime is expected... where would you start?"

qmail

[tadauphoenix]

I've always favored it, and with some scripting/automation, I wouldn't see why you couldn't scale that large with inexpensive hardware.

Highly paid consultants or....Ask Slashdot

[Phoenixhunter]

I have a feeling you're not going to find the answer you're looking for, as the scale you're talking about is indeed beyond the scope of work that most of us work in.

Re:Easy.

[Anonymous Coward]

Assuming you dont mind google scanning your internal email achives looking for interesting business information!

If theyre using exchange

[gad_zuki!]

they're probably using the groupware too. Are they also willing to ditch outlook?

If you're looking for a groupware replacement, then you've got a big job ahead of you. Scalix is a mess, bynari is a hack, etc. When you do get them running things end users end up buying like PDAs and apps that hook into outlook are going to cause more problems.

If its just pop/imap you really can't go wrong. A good webmail option is kinda a catch. Squirrelmail is nice, but compared to OWA its really out of its league.

If your post told us what they were fed up with and how they used their system you'd get some real advice. Expect the usual postfix vs qmail vs sendmail vs whoever mini-flamewars.

Unless It's A Very Old Exchange System...

[zentec]

...they need to think about this very carefully.

I'm sure someone, somewhere within the enterprise is using features of Exchange that they won't get anywhere else. Not to sound like a Microsoft fan-boy sock puppet, but there's some features that Exchange has that people in a business environment just love.

However, since you asked. I'd run Exim or Qmail and Cyrus IMAP.

Re:go to gmail

[Chmarr]

Gmail is beta.

Gmail does not have guaranteed uptime.

You do not pin your companies communications system on something you cannot sign a SLA agreement with.

need I go on? :)

Re:Split up the tasks

[michelcultivo]

And please don't forget to use Maildir for email storage, it's very good for backup and very easy to manage.

Start with universities

[dubl-u]

I'd start seeing what universities near you use. They won't be as big, but a large school should have circa 100k accounts and a lot of the same issues you'll face. They may already describe their infrastructure somewhere on the web. And offering to take two or three of the mail guys out to lunch or dinner will get you a ton of the nitty-gritty details and smart questions to ask yourself (and vendors).

Then once you think you have a solution, budget plenty of time for extensive testing against simulated load. Make sure you simulate failures by, e.g., pulling plugs randomly. Buy the hardware and software *after* you're 100% sure it works, not before. And where possible, roll your solution out gradually, so that small problems don't turn into MCFs.

Re:Let the vendors do the work.

[joe_bruin]

Seriously. If high availability systems is not your company's core competency, call IBM, Red Hat, Sun, Oracle, Novell. Tell them you have a million users. Tell them you have a very fat checkbook and that you want them to provide you with a complete solution. Tell them that nothing but 5 nines of uptime will do.

DO NOT implement a half-assed solution. Unless you really know what you're doing (and if you were, you wouldn't be asking this question), don't assume that a million Linux servers strewn about a million offices and data centers is the best solution, even if it is easiest to set up and administer. Maybe it is, come up with a proposal with hard numbers and see how they compare to the vendors. A million dollars spent on a Sun E10000, and Oracle Grid subscription (scales perfectly, right?), or a million IBM engineers flown into your site when an emergency happens may be worth paying for.

Re:Obviously

[whackco]

Actually, I was going to use "Obviously" as my subject line... so I'll just respond to yours.

I work with Exchange, and think that the chances are better that they just had shitty architecture to begin with. Exchange is a great platform and scales well, so if the original people wouldn't do it, well then f*ck em.

Stilll convinced to migrate? Well, something with multiple datacenters, large scale, compressed SAN backend, and alot of clustering will do it. Shit, you could do the entire thing with MySQL if you REALLY wanted to. Moving the existing data over will be a huge pain no matter what you migrate to though.

My suggestion? Don't just jump off Exchange, do a proper requirements analysis and you might find it is alot cheaper to just redesign the existing architecture.

Re:Here's my plan and it's the best one you'll get

[Reality Master 101]

So how will people get all their mail rather than a twentieth of it? Easy, you set up a round robin DNS on mail.DOMAIN.com.

This is the best advice he'll get? Sheesh.

Think this through -- a lot of e-mail programs check every 20 minutes. Assuming I actually hit any without duplications, I could potentially need 400 minutes or over six hours to get all my mail. Since it's random, it could take days.

And that's just for starters with this lame scheme. If I want to check mail, say, from the field on a dial-up once a day... hopefully you can see how badly this would suck.

What the guy should do is buy an e-mail system that can handle 1,000,000 users and not screw around trying to chewing gum his own solution.

Only 99.9% uptime?

[Radak]

If my email system designer were satisfied with almost nine hours of downtime per year, I'd find a new designer.

Re:Ask Slashdot?

[R3D]

Well, they're currently using Exchange.

Re:Split up the tasks

[Anonymous Coward]

Two ways to end the war: (1) Kill all terrorists. (2) Convert to Islam. Unfortunately, diplomacy is not a part of either

In regards to your sig, you are implying which of the following:

• Terrorists don't attack muslims.
• All terrorists are muslims.
• Those killing terrorists are not muslims.
• Only religious conversion and killing ends war.

It's hard to take advice on sendmail from someone who displays such an obvious lack of deep thought on other issues.

Re:POP?

[QuasiEvil]

If my company would only go BACK to POP3, my life would be so much easier. First, we moved from POP3 to IMAP - no big deal, but I don't care for IMAP and the whole remote folder thing. However, it just required me to modify fetchmail to dump it in the mail spool on my linux box, same as always. Then set Windows box with Eudora to leave mail on my linux box for 2 days. Then, I can use Eudora as I want, mail is stored on my Windows box, and I can read it using pine over SSH for 48 hours. Worked great, did everything I needed for five years.

As of six months ago, we have Exchange/Outlook, and no POP3/IMAP access to the server at all. You're stuck with Outlook or webmail based on how it's configured. After much reconfiguration, I finally got Outlook to behave mostly the way I want - including delivering mail locally rather than leaving it on some server a thousand miles away (literally, not joking here). Now if I didn't hate everything about Outlook...

All I want, and all I've ever wanted, is to be able to grab my messages easily and put them on my machine, not stored on a server somewhere. POP3 is great for that. It does absolutely everything I want and need for mail, and it's dead simple. Even if you don't make it the standard implementation, it'd be nice if admins everywhere left those of us who know what we're doing the option of using it.

Easy

[xihr]

Resign. You're obviously in way over your head if you have to resort to asking Slashdot readers for advice like this.

Re:NO Domino

[Shalda]

Well, on the subject of what not to use, avoid Lotus Domino & Notes as well. Take your favorite horror story involving Exchange and substitute Domino for Exchange and Notes for Outlook and that's what it's like. Only Outlook is a much better mail client.
 
There are dozens of perfectly good mail servers out there. The more features they have the more likely you are to have problems. It's a pretty simple equation.
 
And if all else fails, you can write your own. I've written one, it's not very difficult (hacked it out in C# in a weekend). It's a very simple plain text protocol. But I wouldn't run the company on something I wrote in C# in a weekend. I don't even use it myself anymore. I'm running Exchange now for my personal mail server as that's what we run at work.

Re:Obviously

[HalWasRight]

Obviously school just started.

Outbound queues

[dskoll]

You probably want a FallbackMX host (or a bank of
them) so backed-up outbound queues don't interfere with normal outbound processing.

The FallbackMX hosts can use a file system optimized for directories with lots of files in them (and can of course themselves be tuned as the parent poster suggested.)

See what others are using

[henry.thorpe]

I'd start by seeing what the big ISPs are using.

That's a matter of doing an mx lookup, telneting to one of their gateways on port 25, and seeing if you can infer from their banners what mail system that they are running (for the inbound smtp gateways, anyway-- since there's nothing to prevent them from layering different products). Look to mailing list archives for messages sent from the various domains, and see what the headers tell you about their outbound mail path.

Example: Inbound Comcast HSI:

$ dig comcast.net mx ;; ANSWER SECTION:
comcast.net. 250 IN MX 5 gateway-r.comcast.net.
comcast.net. 250 IN MX 5 gateway-r.comcast.net.

$ nc -vv smtp.comcast.net 25
Connection to smtp.comcast.net 25 port [tcp/smtp] succeeded!
220 comcast.net - Maillennium ESMTP/MULTIBOX sccrmhc14 #274

So, they use something claiming to be 'Maillennium'.

If you do this for AOL, you'll see some weird-looking, probably custom AOL gateway. Earthlink says something like:
'ESMTP EarthLink SMTP Server', AT&T WorldNet is also Maillennium, Verizon.net declares 'MailPass SMTP server v1.2.0', and so on.

If you really wish to probe to see if this is opensource-ish stuff with obfuscated banners, you can try fingerprinting them using smtpscan http://www.greyhats.org/outils/smtpscan/> to find out that it's really just Postfix or Sendmail hiding behind that custom 220 banner. Actually, it's the smtpscan fingerprint file is an interesting read all by itself...

Re:Still Have to Engineer it

[QuasiEvil]

I'd strongly consider exim and maybe postfix if you're not looking to go with good ol' sendmail. That's the voice of a five year qmail user talking.

I currently run qmail in a small production environment, handling about 20k messages a day. It's small, but enough to point out the cracks.

qmail does many things well, but it also is a product of DJB-bizarroworld. The worst of the offenses, in my book, is that due to his security model, the smtp receiver will accept messages to any recipient, not just valid ones. Then, if it can't figure out what to do with it, it generates a bounce message - which usually bounces. This can kill a machine and a network connection during a dictionary spammer attack. Implementing SMTP-AUTH with qmail is a royal, gigantic, immense, overwhelming pain in the ass. It took me several hours to get it all patched together and working.

Want any of the above to work? Patch. Want a blacklist of users that shouldn't get mail? Patch. Want SPF support? Patch. Want the non-POSIX use of errno to be fixed? Patch. Usually, the patches don't go together smoothly, so you wind up spending hours figuring out the rejected chunks and how to properly patch them together. And this is a modern MTA?

While I've patched qmail to deal with a host of issues, there's no reason a modern MTA should need to be patched for most these. The rcpt authentication thing is just downright dumb, and smtp-auth is reasonably widely supported with the ESMTP standard.

I'm testing exim right now, and I'm pretty happy with it. It's fairly light, does everything I want and need, and isn't the configuration quagmire of sendmail. As soon as I rebuild the mail server, I'm switching the production environment away from qmail.

If you're a hard-core qmail adherent, that's great. It's fast and reasonably easy to configure in its basic form. However, I prefer something that's more standards-compliant and feature-rich right out of the tarball.

My advice to anybody considering qmail for the first time is to try it, but consider other popular MTAs like exim and postfix as well, including the 800lb. gorilla, sendmail. It's a pain, but get the O'Reilly book and you can do positively anything (and I do mean anything) you want with it.

Re:POP?

[lukewarmfusion]

I was curious about that, too...

Wal-mart has an estimated 1.6 million employees. (source [wikipedia.org])

General Motors, by contrast, has approximately 360,000 employees.

The post says "around one million accounts" which is very different from one million employees. I have over ten email accounts that I actively use for receiving mail and four to six for sending.

An ISP could easily have millions of accounts. But since he said "huge" company, they were using Exchange, and because he's asking Slashdot my guess is that he's not at an ISP. Instead, I'd guess he's at a medium-sized company that might offer email accounts to its customers or at a large company that also contains many subsidiaries (but wants one email domain for all of those).

Re:Still Have to Engineer it

[bani]

if you need another reason not to use qmail, this is a good one [nyud.net].

Re:Qmail!!

[Pharmboy]

A single server? For one million users?

Insert "imagine a beowolf of those" joke here, except it isn't a joke.

I think you might be underestimating the requirements for this large a project that "must scale perfectly". The "99.9% uptime is expected" requirement alone requires multiple internet connections, a large cluster of front end servers, and redundent database servers, preferably located in different states. (ie: "What do you mean our only server is in New Orleans?")

I don't think the average Dell dual Xeon box is up to the task for this large a project...

Re:Obviously

[killjoe]

grep searches the files really fast.

Re:Simplicity is key.

[PapaZit]

All of the paren't suggestions are decent, but there are a few alternatives that may make sense:

-Cyrus IMAP, while a monster to build and configure, can handle a pretty heavy load, and the latest versions can handle a lot of load-balancing internally.

-Exim's nice. I'm a Postfix man, myself. Sendmail is king, though. I'm not going to claim to like it, but it's up to the task, and there's something to be said with using a standard tool.

-While things like MD4 are okay for hashing, they're kind of CPU-intensive. Consider something like "second and third letter of username" that takes less CPU time. The right answer here depends a lot on the relative speed of CPU versus disk. If you can get dedicated hardware to do this (rare, but it exists), use whatever hashing the hardware supports.

-Consider some sort of cache (maybe even separate machines) between incoming SMTP and SpamAssassin/ClamAV. When the 2am spam run hits, your incoming SMTP machines can become overloaded. The downside: deciding what to do with mail that's not rejected the moment it's received.

-Set up a "mail machine" configuration with whatever OS and tools you use, and make it possible to create a disk image quickly. You're going to need a lot of hardware, which means that you'll have enough random failures to make building machines by hand impractical. This also means "have at least one extra built machine/disk array/etc. powered-on and waiting at all times" for those 4am hardware failures.

-You may find that things like NFS just aren't fast enough. Be ready to look at SAN or shared "direct-looking" storage. The tough part: this is hard to discover during testing. It may be overkill, but don't lock it out as a possibility.

-I/O is king. CPU speed won't matter as much as bus speed, disk speed, and memory speed. This is why a lot of companies use banks of big proprietary unix machines for their mail, even if they use commodity PCs elsewhere.

-I don't trust hardware load balancers. Sometimes they're necessary (and they do make life better when they work), but they're a big single point of failure. Consider other ways to split the load, or at least ways to work around the load balancer if it should fail. The Cyrus aggregator can handle some of this.

Re:Easy

[Anonymous Coward]

Why is this marked as funny? It should be marked as informative.

Unless the person wanted to start an Exchange flame war with his post, he clearly has no idea how to design an enterprise email infrastucture.

All the technology in the world can't help you if you don't understand what you are doing and based on his broad sweeping question, it would be easy to assume that he doesn't.

If he is the amateur email administrator that he has made himself out to be, no amount or advice or technology can help him.

If he can't design the email infrastructure he definitely won't be able to properly implement and manage it either.

Better leave this kind of work to the professionals.

Re:Obviously

[Not The Real Me]

What does Hotmail run these days?

I am under the impression that if Hotmail were running clusters of Exchange servers Microsoft would be quite vocal in the enterprise scalability of Exchange.

Re:Obviously

[jerkychew]

Since you've taken things off topic, I'll grab the wheel and pull it right off a cliff.

The reason Exchange uses a database can be summed up in three words: Single Instance Store.

Say you send one 1MB Word document to 100 of your colleagues. In a relational database-based, Single Instance Store-driven mail server, that document takes up exactly 1MB on the server. If somebody in the organization forwards the Word doc to the remaining 900 people in your organization, how much space does it take on the server? 1MB.

Send a 1MB document to 1000 users on a flat, mbox-style mail server, and how much space is taken up on the server? 1000MB.

I see your point about some things, sure. Being able to jump in and restore a mailbox from tape by just dumping a folder somewhere is nice, but it just doesn't scale in terms of storage the way a db-driven mail system does.

Don't flame me as an MS advocate. There are times when an SIS-based email system is good, and there are times when a flat email system is good. I've run Exchange environments for 500+ people, and I've run Linux-based mail systems for 1000+ people. I'm just saying that your particular argument is one-sided and flawed.

Re:Obviously

[AnyoneEB]

Or you could just use a filesystem that supports hard-linking files (see: man ln [google.com]), so you do not have to worry about that even when using a filesystem for this purpose. Since such a file is read-only, it could just be linked to all of those people's mail boxes. If you do not know what a hard link is, it is basically the same thing you are describing, except done in the filesystem and handled transparently by the kernel. Basically, every "file" you see in an Ext 2/3 filesystem is really just a pointer to where the file is stored, and any actual file can have as many as these links as you want. When there are no remaining links to a file, it is allowed to be deleted.

Re:Obviously

[doshell]

Say you send one 1MB Word document to 100 of your colleagues. In a relational database-based, Single Instance Store-driven mail server, that document takes up exactly 1MB on the server. If somebody in the organization forwards the Word doc to the remaining 900 people in your organization, how much space does it take on the server? 1MB. Send a 1MB document to 1000 users on a flat, mbox-style mail server, and how much space is taken up on the server? 1000MB.

Speaking of which, is there any filesystem around that "automagically" detects redundancy and avoids storing the same data twice (i.e. two files with the same content end up being stored only once)? (I don't mean hardlinks. Suppose I download some file for the second time without knowing the first instance exists). I suspect this would add a lot of overhead to the filesystem driver, but it'd certainly be a cool feature.

Re:Simplicity is key.

[thogard]

Current mailserver system I designed and built is hosting 80,000 email accounts, and will scale out to a million quite cheaply by just adding more machines.
80,000 is trivial. I was running a 12 node system with 87,000 users 12 years ago on hardware that was slower than a play station.

The complexity of going from 100,000 to 1,000,000 isn't just 10 times harder, you start to get into that area where sigma 4 system works with few problems with 100k but dies horribly with 1000k users. There is a line where instead of one machine being broken is unusual, you get this situation where at least one machine is always broken and it will often be broken in a way that is hard to diagnose.

You are wrong in every way.

[Some Random Username]

There is absolutely no reason at all to leave 80% free space, 15% is more than enough to ensure you don't have fragmentation problems (I am assuming you are using a reasonable filesystem of course).

Second, people with rediculously frequent mail check times are not any more of a problem. Modern operating systems use file system caches. You do not have to touch the disk subsystem in any way, frequently accessed data will be in RAM.

And finally, a database has alot of extra overhead, and there is alot of deletes going on. Sure, such a select statement would work, but reading the files in one directory is an order of magnitude faster. And the deletes will really hammer your database. FFS+softupdates makes file deletion extremely fast. A relational database is not the answer for everything, stop trying to pretend it is. Use the right tool for the job, and for storing files, a filesystem is the right tool. Its not relational data, it doesn't need to be queried in arbitrary, complex ways, so it doesn't belong in a relational database.

Re:POP?

[Anonymous Coward]

what is so bad about POP3

Having never been near a computer, I have no idea. If I had to guess, I'd suppose that with a million users, 100,000 of them will have to be constantly reminded to delete their mail off the servers. 25,000 of them won't EVER delete their mail no matter what you do, and 5,000 will bitch and whine when you cap their fucking mailboxes. One of them will be the CEO, and he'll berate you in front of his smarmy suspender-wearing jerkoff golf buddies because you're a dumb hick that can't fit a terabyte of mp3s and porn (most of it redundant for chrissakes) into only 500 gigs of disk. You will also get to deal with countless issues involving different email clients. You would give almost anything to have a massive natural disaster wipe everything out so you didn't have to go to work tomorrow, but there's the wife and kids, so y'know, there it is.

Re:Obviously

[Aceto3for5]

Amen to that. I support a base that is one of the last holdouts against NMCI. (IBM was involved in the biddg process originally, and once they saw the scale of the project laughed and walked away.)As it is, we pay millions a year towards NMCI for the limited email-only version, which no one uses because it never works. Now that its going come full bloom, the talk of the town here is that we will end up with two networks, two jacks at each desk, one NMCI and one functional. Talk about wasting tax money!

The biggest infrastructure problem plauging EDS right now is constructing a building large enough to hold all the money they are bilking out of us.

Re:Obviously

[Anonymous Coward]

NMCI Blows goats. I could take $6B to give the military shitty service too. I have ~200 users and we get as much space as we need. Up to 20GB. The navy already had an experienced cadre of admins, but took all of the power to fix things from the people in an organization, and gave it to people half a world away. If it is not in the SLA, they won't fix it.

Re:13 Million mail infrastructure

[louissypher]

I built and admin mail for around 100k users. Their is no f'ing way that you can run 13 million accounts on 10 machines. One webmail server for 13 million people?

Re:Qmail!!

[nagizli]

While debating how much time the downtime takes, which is completely worthless, I'd rather you skim through the specs of FreeBSD & Qmail if they exist. I'd also look for companies which provide installation and support of FreeBSD and consult them on subject of how much this installation could cost or something. I'd also look for successful projects with Qmail & FreeBSD.

I'd take into consideration the fact that UNIX-based solutions are far more lightweight than ones of MicroSoft so you have no idea of what you're talking about unless you managed one yourself. Before debating on how long 0.01% downtime is, I'd rather you consider other numbers which are of much more importance to you now.

Quick setup

[mseeger]

Hi,

my recommendations:

• Calculate with about 20-30 man days for the initial design. You'll need some software development for about 30-50 man days, 100 man days for setup, testing and fine tuning. Figures may wary upon skill and LWF. Time for integration into your backup service is not included.
• Use a directory service with replication mechanism (preferred LDAP, we've done it with MySQL too). Every system except the load balancers will get a replica.
• The user data is stored on machines with Cyrus . Depending on machine size, user profile, mbox size etc. you take between 5.000 and 50.000 users per system.
• The directory service knows which user is on which system. Prepare a script to move users from one server to another (including the mbox).
• Incoming IMAP connects go through a loadbalancer to frontend systems with the perdition proxy. Those will relay thre requests according to the directory to the responsible IMAP server.
• Incoming HTTP requests will go through the loadbalance to an Apache with Squirrel on the frontend systems. Those will convert the requests into IMAP requests and connect to the local perdition.
• Generate a web frontend for the user to setup auto reply, vacation and anti-spam settings.
• From those settings you can create SIEVE scripts for the user.
• Incoming and outgoing SMTP traffic is handled by systems with sendmail. Local delivery is handled by LMTP connects directly to the IMAP servers (cyrus can handle LMTP).
• Antivirus and Antispam is handled through the milter interface and appropiate plugins. Plan for individual settings per user (can be generated from the data in the directory server).
• Loadbalancing SMTP us trivial.
• Add monitoring (e.g. Nagios), Backup and Restore (last one most important, nobody wants backup, all everyone wants is restore).
• If desired, use a cluster file system for those IMAP servers to have even more redundancy.
• Make sure you have access to the internal DNS of your company. If you can setup "mail.acmecompany.com" to point to several ips (depending on location) this may ease your job lot. If you cannot, this may be hard (and expensive) for your load balancers.
• You can scale everything horizontal in this concept. Choking point may be the load balancers.
• You can distribute the system easily onto several locations. Distribution over several continents is only recommended if you can either manage the DNS or the mail agent settings per continent.

Please forgive me, if i'm not completely correct. I'm only the sales rep ;-). But we've done it several times for ISPs. OSS software usually does the biggest part of the work. Usually some components (depending on existing contracts and knowledge) are commercial software (e.g. anti virus, load balancers, cluster file system). Typical operating systems are Solaris or Linux.

With backup support you should be able to setup such a system in 6 to 12 months (the later more realistic for big companies).

Most probably users will complain about the lacking calendar.

Most troublesome will be the migration phase (hope you realized i didn't mention it above). This depends so much on your current scenario that it is very difficult to give a general advice.

> where would you start?

Contacting me ;-). Perhaps get a budget first. As i said, i'm sales....

Regards, Martin

Stop right now

[biglig2]

What you have here is an opportunity for a tremendous open source win against exchange, and you are about to stuff it up because you do not have a clue how to do it.

So, what you do right now is you go find someone who does know how to do it. And by that I mean someone who can demonstrate they know how. Which does not equate to having a low slashdot id; it equates to having done real projects of this scale.

So, how do you start? You ring IBM and get them to come in and talk to you. You ring Red Hat. You ring Accenture.

If you want impartial advice from someone who isn't a vendor (which is a good idea), then you go find some companies that has a million seat open source e-mail deployment in place and you see if you can get their messaging admin to talk to you.

Over here

[guruevi]

We do it with a bunch of Postfix servers and MySQL. The MySQL is going to be clustered soon but currently runs separate on each server. Each server has MySQL and Postfix and generates statistics. Currently the most heavily loaded machine (10000 mail accounts) eats about 1-5% of CPU (Single Xeon with 3x72G SCSI RAID5). We estimated you can push about 100000 accounts/server given enough disk space (we are planning to put it on Apple SAN-solution) and separating the MySQL database. There are about 10 mails/sec. passing through the server (IN/OUT). An environment with 1000-2000 exchange e-mailaccounts takes up 2 dual proc. servers for the frontend and 2 single proc. servers for the backend (storage) needs migrated to a 70000$ storage solution because the current gives not enough throughput. The problem is that each times a secretary opens a calendar (eg. to schedule an appointment with the managment) all those mailboxes, schedules, calendars, notes are opened, searched through and synced (takes about 2000MB of datatransfer in a few seconds) while the IMAP protocol doesn't do that and provides the same functionalities.

What a shame.

[jotaeleemeese]

Somebody that obviosuly has never been trusted with a challenge on his job.

Sad.

Re:Obviously

[QuietLagoon]

Moving the existing data over will be a huge pain no matter what you migrate to though.

Yup, that's a big problem with Microsoft Exchange's proprietary datastore.

Like the roach motel, data goes in, but you can't get it out.

Re:You are wrong in every way.

[greenhide]

In a related vein:

I'm a lowly web programmer, not nearly as brilliant in the programming field as these other geniuses here, but I find it interesting that almost all web programming books tell you that if you can move processing into the database query instead of running it in the machine code, that it'll be faster.

This is so rarely the case. Unless you have a very powerful database server, odds are good that quite a lot of the various aggregate functions you might want to run will go much, much faster if you simple do a simple select in the database and then loop through the processing in the web app code. Not sure why this is true but it is.

A month or two ago I heard a great quote on Cartalk that I think should be plastered to every programmer, scientist, and engineer's bulletin board:

"Reality often astonishes theory."

In all honesty, though, I think that a database *would* be up to the task, even for 1M+ users. Consider Amazon, which probably gets several thousand simultaneous hits each second. And each page they pull up involves much more complex data searches than a simple mailbox.

I'd say the key concerns here aren't surrounding efficiency of processing. Mail servers, no matter how configured, are relatively low on the scale of computational complexity. It's more a size issue than anything else. The main problem will be determining how to store the data in a way that is safe, secure, fast, and reliable. Because the data needs to be redundant and widely dispersed (as in the New Orleans example someone pointed out above), it may be that a database, while not the fastest tool, may be the best tool for the problem.

I'll admit; I know nothing about how one would go about making identical file systems available simultaneously on many distant servers. But I'm guessing once you start doing that, you're starting to increase the complexity for the system in any case.

Well

[Shads]

In my opinion you're going to need a cluster of servers or at least round robin'd mx records for the servers. I personally think sendmail scales the best of the mta packages and offers the best set of features and ease of maintenance, although alot of people would argue it's intrinsicly insecure... I've never had problems, but I kept our mail servers up to date. I would seperate the smtp machines the outside world uses to deliver mail to your space from the servers used by users of your service to deliver mail. I would also move delivery services (imap, pop, webmail) to their own machines instead of having them on the smtp machine and you would probally be best to use a nas for the actual storage medium. This is actually a really interesting project. Good luck and let us know how it turns out :)

Re:Some info on how it works

[TheLink]

"Ironically, Microsoft is developing WinFS which is supposed to be able to automatically hardlink files transparently, thus the filesystem will automatically support Instance Store for every application. This is actually a pretty neat feature!"

Not if you really want a copy.

For most normal users, disk space isn't a big problem. If it is, duplicate files aren't usually the cause of the problem.

When I make a copy of a file, I don't want the O/S to just add a link to the same file.

I want a frigging copy.

If there's a bad sector or something goes wrong the chances are higher that I can recover the data if I have a _real_ copy.

I use a file system for storing data. If disk storage was such a big problem, Google etc wouldn't be giving out GBs to users for _free_.

I/O is a bigger problem. Disks store a lot more nowadays, but are not that much faster.

Re:Obviously

[Tuna_Shooter]

One BIG issue between what people are running now and what they will HAVE to run soon is the little item of SOX compliancy. Be VERY careful that your little million user mail system is compliant or the implementation costs will double. Believe me i do this for a living and just saw one of our financial clients get stung big time.

Re:You are wrong in every way.

[BorisAmmerlaan]

A friend did this:

for i in `seq -w 1 1000000`; do mkdir $i; done

So you took the nearest LART and Enlightened him.

Seriously, though - is there ever a reason to stick 1,000,000 objects into one container without any regard whatsoever to the type of objects or container? (Ignorance doesn't count.)

Re:Obviously

[lgw]

Veritas and Legato couldn't bend over enough for a million users.

I'm pretty sure that both Veritas and Legato can scale to a million exchange mailboxes, but as it happens Wallmart used Tivoli (which should scale that large as well, given its mainframe background). It's strange that they didn't have Exchange backups with a high-end backup product in place corporately - but I know next to nothing about Tivoli. Was Wallmart just being cheap?

Re:Obviously

[bluGill]

No they cannot. Microsoft does not want you backing up mailboxes. You backup mailstores, which are several (hundred - however many will fit on a single disk partition) mailboxes. This works great for disaster recovery, you restore the failed disk.

It is worthless for a single user who just deleted some important message. You end up building a new exchange server, and then restoring the entire mailstore, than going into that box and grabbing the one message. Veritas (I presume Legato as well) has an option to go in an grab each message from the mailbox one at a time. However this is slow - 1/5th the speed of a normal backup.

I work for, a company that competes with Veritas and Legato (though we try for much smaller accounts, big enterprizes need things we don't provide). We do Exchange backup, and are pretty sure that Veritas is doing it exactly like us. I strongly doubt anyone can scale mailbox level backup to millions of users.

Re:~ 320K accounts

[bittmann]

320,000 accounts on a single iSeries? Child's play. I doubt that IBM is only on "one box" though, given the wide-ranging network that Big Blue maintains.

1 million total users at 99.9% uptime as per the original request? Not exactly "child's play", but honestly, not much harder

Domino on iSeries does seem to be a reasonable option for a deployment of this size, especially given the rather generous uptime allocation that is being offered..."3 nines" being EXTREMELY generous for an iSeries shop (you'd even be able to schedule monthly downtme on purpose and still meet this uptime goal.)

I do note that IBM has benchmarked Domino on a 16-way Power5-based iseries at a 33ms response time for 175,000 concurrent users (details here: http://www-03.ibm.com/servers/eserver/iseries/domi no/scalerecord.html [ibm.com])...and given the limited usage pattern of POP3 (yuck!), a properly-deployed solution should be able to meet the published needs with just one server. AND provide backup. AND enable the user to restore an individual mail store, mail box, or object on-demand. If high-availability or higher performance is necessary, 2 servers could be deployed in several different configurations (mirrors, clusters, HA failover, etc.).

And if the moans of "Outlook-only users" get to be too much of a problem, IBM offers a "connector" that can offer MAPI access to Domino's mail store.

Hell yes, I'm an iSeries fanboy. Those machines have proven themselves to be reliable, capable, economical systems over the long haul. Now, while (due to price) I wouldn't suggest deploying an iSeries to be a simple file, print, web, or small-database server, true...but when you need to move freight and *lots* of it, but you don't want to spend hours every week in operating and administering the system, it's hard to beat the venerable System/38 ne AS/400 ne iSeries systems.