Aller au contenu principal

Delivery Failure

This document describes the behaviour of mxengine in case it fails to deliver an email message and the steps it takes to reply to the sender with Bounce message.

mxengine tries to deliver a message repeatedly until configured conditions have been reached at which point the message is considered undeliverable. Then a bounce reply message is sent to the original sender of the email.

Delivery Attempts

Two ENV variables specify how many retries and how often these retries for delivery shall be attempted.

OUTBOUND_MAX_MESSAGE_RETRIES="10"

OUTBOUND_MAX_MESSAGE_RETRIES specifies the max number of delivery attempts that will be tried before a message is considered undeliverable.

NACK_WAIT_RETRY="1m"

NACK_WAIT_RETRY specifies the duration between retry attempts. It uses the Golang string format for time.Duration like 1s (1 second) or 10m (10 minutes).

By using these two variables you can control how long a message stays in the queue and how many attempts for delivery are attempted.

Example

If OUTBOUND_MAX_MESSAGE_RETRIES="10" and NACK_WAIT_RETRY="10m" then a message will stay in the queue for approximately 10 retries * 10 minutes = ~100 minutes before it is considered undeliverable (failed).

Failed Delivery and Bounce reply

When a message fails to be delivered within the specified conditions described above, the service will do the following steps to give the sender of the email Bounce reply message.

  1. Create new Bounce email with template and appropriate Subject and contents.
  2. Send the email back to the original sender of the message. Envelope sender must be <> (MAIL FROM <>) to avoid bounce loop
  3. Use Return-Path header as recipient for the Bounce email, in case it's present in the original email message. If it's not, then use the original sender email as Bounce recipient.
  4. Remove message metadata from DB table messages and delete raw payload from S3 storage.
  5. Records for message delivery status in DB table message_status will not be erased.

Additional logic is implemented to handle delivery failure notifications from other services like Seal or OCM. In case other services fail to deliver the message, they will notify mxengine on the /v1/message/status endpoint by setting status = failed and the mxengine will handle the creation of a Bounce reply similar to the way described above.