Author: Dominik Ruf Date: To: exim-users Subject: Re: [Exim] secondary MX in a world of spammers
* Jeff Lasman <blists@???> [2003-11-12 17:03]: > This is a philosophical question, I suppose, rather than a how-to
> question...
>
> Several of our clients have inquired as to our plans to offer secondary
> mx.
>
> I've been "almost ready" to offer it for several months, but I keep
> getting caught up in the issue of handling nonexistent addresses, not
> blocking spam, etc.
Yes, this will put quite some load onto your mail-queue with
undeliverable and frozen messages.
> I'm a traditionalist, so if we offer it, we'll offer it as strictly
> store and forward, and won't attempt to store local lists of users,
> spam-preferences, etc.
Please don't do this. Maybe Exim's rcpt-callout with defer_ok
could do a bit to work around some problems.
But in these days with forged sender-envelopes in both spams
and worms, you'll end up mailbombing innocent users with your
bounces. This is really annoying.
> And what I'm thinking is that if we offer it as a strictly store and
> forward service, we end up with way too much spam on our servers and we
> do clients a disservice because they can't bounce spam on "rctp to".
Not only that: As said above, you'll also negativly affect third
parties.
> And then I consider that secondary MX is an emergency-response service
> and most of us would accept the unblocking of our email to get it at
> all.
>
> What do you think?
I'd think that for the emergency case if the primary MX is down,
it would be quite the same to have 2 (or even more) MX with the
same priority.
If you really have to do it this way, maybe the idea of some people
from de.alt.sysadmin.recovery could be of interest:
IOW: Let the third MX be the same as the primary.
This way, the spammers really will send most mail to the
primary because they choose the one with the lowest priority. ;-)
Personally, I live well without a Backup MX and let these mails
in the queues of the sending-mtas in case my server is down. It's
not that important because at this time it only handles my own
mails. :)