On Sun, 2004-05-16 at 15:45 -0400, Stephen Gran wrote:
> On Sun, May 16, 2004 at 09:39:32PM +0200, Raymond Dijkxhoorn said:
> > Hi!
> >
> > What if your primary is unreachable for the sending host due to
> > routing issues? You wanna drop those also ? I mean, its not ALL spam
> > thats going to higher priority MXes...
>
> Not drop - defer. If I can reach the primary, and they can't, then
> there is probably some transient routing problems between the two hosts.
It's not necessarily transient. A lot of machines have permanent
problems reaching hosts such as zeniiib.uk.linux.org with a .255 in the
last octet of the IP address. And most of the Internet seems incapable
of reaching the primary MX host for infradead.org too. :)
I prefer a policy of accepting mail at the backup _if_ we know the
primary would accept it. If you can _reach_ the primary, that's easy --
you make sure you have the same content checks, and you can either do
recipient verification callouts or replicate the user database.
While you can't reach the primary, you either replicate the user
database, accept everything, or defer all but recipient addresses which
are already in your callout cache. It'd be nice to have a longer cache
expiry timeout for these addresses, in fact.
> A decent MTA on the sending end should hold the mail for at least a day
> or two in the event of primary being unreachable and secondary issuing a
> 4xx.
Yeah. That's why you have MX backup though.
--
dwmw2