The fact that the secondary MX can not validate local users will be
worst than it appears. I have a friend who is set as my seconday MX. My
primary can validate local users for my domain, his secondary can't
(it's just storing and forwarding). As far as we can tell, a lot of
spammers go directly to his box, and ignore mine (even though it's set
with a higher priority). I presume they do this because they know there
is a good chance local users will not be able to be validated at receipt
time.
The net result is that a lot of bogus mail which would get refused
outright (if my mail server was the only one, or if his could also
validate my local users), instead gets queued by his system, which then
attempts to forward (unsuccessfully) to mine... A lot more resources are
consumed in the process, and spammers continue to consider those
addresses valid, since they don't get an immediate refusal.
Aside from the issue of whether the secondary MX can validate loc
Jeff Lasman wrote:
>This is a philosophical question, I suppose, rather than a how-to
>question...
>
>Several of our clients have inquired as to our plans to offer secondary
>mx.
>
>I've been "almost ready" to offer it for several months, but I keep
>getting caught up in the issue of handling nonexistent addresses, not
>blocking spam, etc.
>
>I'm a traditionalist, so if we offer it, we'll offer it as strictly
>store and forward, and won't attempt to store local lists of users,
>spam-preferences, etc.
>
>And what I'm thinking is that if we offer it as a strictly store and
>forward service, we end up with way too much spam on our servers and we
>do clients a disservice because they can't bounce spam on "rctp to".
>
>And then I consider that secondary MX is an emergency-response service
>and most of us would accept the unblocking of our email to get it at
>all.
>
>What do you think? (If you think this is offtopic for exim-users, I
>apologize, but personally I think the best place to discuss this is a
>list for mailserver admins, as it impacts running mailservers; if you
>do think it offtopic and can suggest a better list for it, please do.)
>You may reply offlist, as I am filtering out on the subject matter so
>I'll read replies in a timely manner. I'll be happy to post a summary
>later if some useful response develops.
>
>Thanks.
>
>Jeff
>--
>Jeff Lasman, nobaloney.net, P. O. Box 52672, Riverside, CA 92517 US
>Professional Internet Services & Support / Consulting / Colocation
>Our blists address used on lists is for list email only
>Phone +1 909 324-9706, or see: "http://www.nobaloney.net/contactus.html"
>
>