[cyberpunk]

That's all fine, but then you're one hardware failure away from not being able to receive email.

I'm working on a guide on how to setup a replicated fault tolerant email cluster (galera/dsync) here [1] -- feedback appreciated.

This costs far more than something like fastmail, however. Depending on your situation you might value cost over peace of mind.

1: https://medium.com/@cyberpunk_networks/nsa-proof-your-email-...

[zimpenfish]

> galera

Unfortunately, with Galera, you're not even a hardware failure away from losing / corrupting email.

https://aphyr.com/posts/327-jepsen-mariadb-galera-cluster

> Unfortunately, even in totally healthy clusters, with no node failures or network failures, Galera Cluster does not satisfy its claims of Snapshot Isolation.

[cyberpunk]

In this scenario the galera DB is only hosting virtual aliases/account info etc -- it's essentially read-only unless I'm adding accounts so the fail cases are less severe than if I was constantly writing data.

I'll add a section on recovery, but even with a few hundred thousand email inboxes my database size is likely to be under 100mb and backing that up will cause no issues in live since I'm only doing SELECT 99.99% of the time; each of my nodes dumps the db into /var somewhere every hour.