[TriLUG] OT: Backup MX providers?
Alan Porter
porter at trilug.org
Mon Feb 6 20:30:49 EST 2012
A lot of folks will tell you that a secondary MX is more
trouble than it is worth.
If you don't set the secondary up to accept/reject using
the same rules as the primary, then it just becomes a
spam magnet.
For example, if your secondary just receives and forwards
ALL email for your domain, then spammers will send lots of
stuff to addresses that don't exist (like bogus at example.com)
through the secondary. It will blindly accept it, queueing
it up for transfer to the primary. When the primary receives
the message, it will know that the user does not exist, but
by that time, it's too late to do the proper thing, which is
to reject the email and close the connection. The sender
will show that email as "delivered", the spammer will mark
that address as "OK", and they move on.
With a secondary MX, you end up having "special" rules to
handle secondary-to-primary email. You want to discard the
messages, not reject them as they're being presented by the
secondary. Otherwise, they will sit in a queue on the
secondary forever.
The "proper" way to set up a secondary is to have it use the
same rules and the same database of users or mailboxes. Some
people implement this using a periodic report or rsync that
copies a list of valid users from the primary to the secondary.
Since LEGITIMATE email senders will resend after a little
while, the benefit of the secondary MX is pretty low.
This is why TriLUG has a single MX.
Alan (who set up postfix on pilot in 2009)
More information about the TriLUG
mailing list