Postfix high availability keeps SMTP intake available during node outages and maintenance by moving a single service endpoint between cluster members. A floating IP keeps inbound routing stable so clients do not track individual node addresses.
In a Pacemaker cluster managed through pcs, Postfix is registered as a systemd resource and paired with a floating IP resource that provides the SMTP entrypoint. Grouping the resources enforces order so the IP comes up before Postfix starts and drops only after the service stops.
Failover does not merge mail queues. Each node keeps its own queue under /var/spool/postfix, so messages queued on a failed node wait until that node returns unless storage is shared or replicated. Keep configuration, TLS keys, and maps synchronized across nodes, and expect in-flight SMTP sessions to reset during failover.
$ sudo pcs status Cluster name: clustername Cluster Summary: * Stack: corosync (Pacemaker is running) * Current DC: node-01 (version 2.1.6-6fdc9deea29) - partition with quorum * Last updated: Thu Jan 1 04:43:27 2026 on node-01 * Last change: Thu Jan 1 04:43:25 2026 by root via cibadmin on node-01 * 3 nodes configured * 0 resource instances configured Node List: * Online: [ node-01 node-02 node-03 ] Full List of Resources: * No resources Daemon Status: corosync: active/enabled pacemaker: active/enabled pcsd: active/enabled
$ systemctl list-unit-files --type=service | grep -E '^postfix\.service' postfix.service enabled enabled
$ sudo systemctl stop postfix
Stopping Postfix interrupts SMTP intake until the clustered resource is started.
$ sudo systemctl disable postfix Synchronizing state of postfix.service with SysV service script with /usr/lib/systemd/systemd-sysv-install. Executing: /usr/lib/systemd/systemd-sysv-install disable postfix Removed "/etc/systemd/system/multi-user.target.wants/postfix.service". Synchronizing state of postfix.service with SysV service script with /usr/lib/systemd/systemd-sysv-install. Executing: /usr/lib/systemd/systemd-sysv-install disable postfix Removed "/etc/systemd/system/multi-user.target.wants/postfix.service". Synchronizing state of postfix.service with SysV service script with /usr/lib/systemd/systemd-sysv-install. Executing: /usr/lib/systemd/systemd-sysv-install disable postfix Removed "/etc/systemd/system/multi-user.target.wants/postfix.service".
Pacemaker starts the unit during failover, so disabling prevents an unmanaged auto-start at boot.
$ sudo pcs resource create smtp_ip ocf:heartbeat:IPaddr2 ip=192.0.2.25 cidr_netmask=24 op monitor interval=30s
$ sudo pcs resource create smtp_service systemd:postfix op monitor interval=30s
Related: How to create a Pacemaker resource
$ sudo pcs resource group add smtp-stack smtp_ip smtp_service
$ sudo pcs status resources
* Resource Group: smtp-stack:
* smtp_ip (ocf:heartbeat:IPaddr2): Started node-01
* smtp_service (systemd:postfix): Started node-01
$ ip -4 address show | grep -F '192.0.2.25/24'
inet 192.0.2.25/24 brd 192.0.2.255 scope global secondary eth0
$ sudo ss -lntp | grep ':25 '
LISTEN 0 100 0.0.0.0:25 0.0.0.0:* users:(("master",pid=2314,fd=13))
LISTEN 0 100 [::]:25 [::]:* users:(("master",pid=2314,fd=14))
A restricted inet_interfaces setting can bind Postfix to a specific address instead of 0.0.0.0.
Failover tests can reset in-flight SMTP sessions and delay mail delivery.