[ On Wednesday, April 4, 2001 at 21:34:06 (+0200), Phil Pennock wrote: ]
> Subject: Re: [Exim] Backup MX and host_reject issue
>
> Define "worth receiving mail from", please.
It says literally what it means. Any mailer not reliable or correct
enough to properly re-try any failed connection to a sole MX host, and
especially one which might actually lose said message(s), is not worth
interoperating with and probably shouldn't be used by anyone you care
about regardless of their personal circumstances.
> I have family in several different countries, using various ISPs of
> varying qualities. Most of my relatives are not heavy users, so ISP
> cost is an issue.
I can well appreciate that. However it should not have any bearing on
this issue (unless perhaps you and your relatives are super-heros of
some sort and for inexplicable reasons you've chosen something as
unpredictable as e-mail as your preferred way to summon each other to
help out in literal life-and-death situations! ;-).
> I simply don't trust many of the MTAs out there in the wild. Especially
> the ones running on Windows. Whilst I don't agree with breaking
> standards to support broken systems, using the standards in a way which
> creates a set-up which is more resilient to broken head-of-junk systems
> is, well, part of that whole interoperability thing.
Well, if that's your only worry then you've got nothing to worry about.
If your correspondents just happen to try sending you a message at
exactly the same moment that you've taken your mailer down for a
microsecond or two and they get a bounce I'm sure they can figure out
how to re-send it (or even to send a new, but similar, message! :-).
On the other hand if your mailer regularly isn't on the air for
significant periods of time then you probably shouldn't point your
primary MX record at it in the first place. If you know you're taking
your mailer down for any significant period of time you can even
temporarily change your DNS to add a secondary MX....
But then we're not talking about real-time fire detection and supression
systems on spacecraft, or submarines, or in hospitals, here -- it's just
e-mail!
> I do not directly control my backup MX. A trusted friend does. He
> reads exim-users and his box is in a different country with connectivity
> via completely different suppliers. We simply did a mutual swap of
> backup MXes.
If you did not have sufficient control over your backup MX then would
you use it? I seriously doubt it!
> If my machine goes down and dies, I'm prepared to accept that some spam
> is the price I pay. Whilst I loath spam, I'd rather receive a little as
> a consequence of an error on my part than lose mail from family. Though
> some of that's worse than spam ...
You have strange priorites. E-mail's not something that will get
permanently lost in this scenario. You might *delay* it unnecessarily
for some minor period of time, but if it were to actually get lost then
your correspondents are definitely in need of a new service provider
anyway!
> > You really do not want it.
>
> You don't. Others might. It's a big world and different people need
> different things. As long as what they need doesn't negatively impact
> upon you, it's not really an issue.
Nobody running a basic mailer with adequate inherent capacity for their
normally expected traffic flow, and on a permanent IP connection,
*needs* a secondary MX. They never did, and they don't today, and they
won't tomorrow.
Anyone in such a situation who wants to have any degree of control over
what connections their server accepts and does not have some sufficient
degree of control over their secondary MX hosts really, Really, REALLY
does not ever want any secondary MX.
In general it's just totally silly to even think about having more than
one stand-alone MX for the majority of domains on the Internet, no
matter how far and wide your correspondents are spread, or how
un-reliable or non-conforming their local service provider's outgoing
e-mail servers might be.
Indeed for any normally full-time connected mail server the only thing a
secondary MX will do (even when it is under your full control) is hide
messages in its queue away from view of both the sender and the
recipient. Even though you may have control of that queue you have to
be very careful to know how to control it and to actually exercise your
control over it in an appropriate way so that it doesn't just become
another place where mail gets delayed. Even still there's no way for
the sender or recipient to find any messages it holds until it gets
around to successfully sending them on to their final destination. Why
add an extra hop?
(Note that I've been carefully saying "secondary MX" everywhere. Having
one or more fully peered mail server(s) that can both do final delivery
to a mailbox server is a totally different scenario.)
--
Greg A. Woods
+1 416 218-0098 VE3TCP <gwoods@???> <robohack!woods>
Planix, Inc. <woods@???>; Secrets of the Weird <woods@???>