Auteur: Peter Bowyer Date: À: exim users Sujet: Re: [exim] Is a secondary MX worth the effort?
On 08/11/2007, Ken Price <kprice@???> wrote: > >> > One of the things I've considered for #2 is having a secondary MX
> >> > which is configured to give back a 4xx for everything.
> >>
> >
> > We have this kind of setup for about a year now and never experienced
> > any problems. As many spam-senders tend to use the backup-MX for spam
> > delivery, our 4xx-MTA catches a lot of spam. If you "tail -f" the
> > logs, you only see suspicious hosts connecting. It also decreased the
> > load on the primary servers.
> >
>
> I understand the value in this setup as a SPAM honeypot, but the
> question I suppose I still need answered: Is there [technically] any
> availability benefit provided by a second MX of this nature versus the
> self-retry feature most mail servers utilize? Won't a 4xx message
> result in the same behavior as if I can't connect to a primary? With
> both messages getting deferred for retry?
The only real difference is that if you have a secondary MX, then the
mail is queued somewhere you control - so if you need to do some
emergency surgery, like stopping the queues, writing all the mail to a
file, sending it somewhere it wouldn't normally go, the you can do all
that.
If you don't have the secondary MX, you're reliant on the retry
functionality of many other parties - which may well be fine in the
usual case.
In our case we have multiple edge MTAs which are all effectively
primary MXs - they all do the same job at any rate, and can all
deliver to all the dowstream mailbox servers. There's no specific
'secondary' role, although the MX records for various domains favour
one edge MTA over another in some cases.