On Tue, Nov 09, 2004 at 02:14:15PM +0000, John Goerzen wrote: > I'm looking at redoing my mail setup due primarily to spam filtering. > Over at http://www.tldp.org/HOWTO/Spam-Filtering-for-MX/multimx.html, > they are suggesting not to use redundant mail servers unless needed > for load balancing.
good advice. backup MX is obsolete these days, very few people need it (most of those who *think* they do are just running on ancient & obsolete gossip/"common sense" from the days when backup MXes were useful). almost all mail these days is delivered by SMTP, and all real SMTP servers(*) will retry delivery. this works perfectly well without a backup MX, and in fact works BETTER without a backup MX. (*) viruses and spamware are not real SMTP servers, so they won't retry. they also don't send bounces, so when you 5xx reject them during the SMTP session you don't generate backscatter. > The last time I set up a major mail server, which was indeed a few > years ago, common sense was to always have a backup MX. But then that > was before the days where joejobs, spam/viruses with forged headers, > etc. were popular and troublesome. if you do have a backup MX, then you need to have the same anti-spam & anti-virus rules as on your primary server AND (most important!) it needs to have a list of valid recipients, so that it can 5xx reject mail for unknown users rather than accept and bounce them (known as "backscatter"). in postfix terms, the valid recipients list is known as a "relay_recipient_table". it needs to be populated with all valid addresses (accounts & aliases) in the domain being relayed. dunno what it's called in sendmail or exim, or even if it exists in them. btw, backscatter also causes problems for you and your server. many of the spam/virus bounces are from undeliverable return addresses, so they end up clogging your mail queue for days and slowing the entire system down. > Now, I'm not really an ISP (this was the closest list I could find > for this topic), but I do host a number of mid-size mailing lists > and also receive a good deal of mail myself. I'm wondering what your > thoughts might be on no longer having a backup MX outside my direct > administrative control (or even one that is within my administrative > control). having a backup MX that you don't control is a very bad idea. if you don't control it, you can't maintain a list of valid recipients on it, so you will be generating vast quantities of backscatter to innocent third-parties whose email address has been forged by spammers or viruses. if you have one, get rid of it ASAP. craig -- craig sanders <[EMAIL PROTECTED]> (part time cyborg) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
