On Wed, Apr 04, 2001 at 11:17:16PM +1200, Juha Saarinen wrote:
> :: I also agree with that. If you only own one machine, then you are indeed
> :: better off with one MX because you control the access policy.
>
> So there's no practical way to implement access controls on a back-up MX, if
> you see what I mean?
What Philip, and the others who have contributed to this thread are saying is
that there is little point in a backup MX if you don't control it. Only if
you control it are you able to make decisions about what to accept and what to
deny.
Leaving it up to your ISP is all well and good inasmuch as you'll still get
mail from hosts that wouldn't otherwise have queued it locally for that long, if
you primary MX is down for any substantial length of time; but you'll almost
certainly end up with a load of spam that your primary MX would have rejected,
*had it not come from your backup MX* [1].
While we're on the subject of backup MXs, it's probably worth stating the obvious
and saying that having a backup MX on the same subnet as your primary MX is not
ideal, for the same reasons as having all DNS servers on the same subnet is not
ideal (as per Microsoft's c?ck-up earlier this year). In case of a network failure
neither host will be accessible. Having backup MXs on the same subnet does cover
you for 'configuration errors' which happen from time to time, however! :).
I hope that's of some use,
Ollie
[1] I expect that your primary MX is accepting all mail from your ISP's backup
MX at present?
--
Oliver Cook Systems Administrator, ClaraNET
ollie@??? 020 7903 3000 ext. 291