On Wed, 1 Mar 2006 18:49:44 -0800, Claus Assmann wrote: >On Wed, Mar 01, 2006, Chris wrote: > >> I want to set up a backup mx server to field incoming mail when my >> primary mail server goes down. I understand how to do this from a DNS >> standpoint, but what I don't know is what should be in my >> sendmail.mc/sendmail.cf file for this. > >> Is there anything special I need to do for this? Anyone know any good >> documentation? > >You need to allow relaying to the main server, see cf/README. > >PS: from the sendmail X README: > >Note about Backup MX Servers > >It is not a good idea to run a backup MX server B for a host A that >has stronger anti-spam measures; if mails are sent to A via B, then >B may accept them for delivery, but A may reject them and hence B >has to sent bounces, which, in case of spam, are most likely to >forged addresses, hence those bounces will only cause additional >problems. The opposite case (B has stronger anti-spam measures than >A) can cause the rejection of mail that A actually wanted to receive. >Hence B and A should have the same anti-spam measures; i.e., a >system that acts as backup MX server for another one should perform >the same anti-spam checks as the main MX server(s). > >
AND most importantly: BOTH servers MUST reject mail that is addressed to a non-existant recipient at the RCPT TO: phase. The very worst idea you can have about a secondary MX is that it doesn't need to know anything about the delivery domain other than the domain name itself. As a result spammers target secondaries strongly in preference to primaries. As a project I listed a secondary for a server I support using an alias on the same machine. All of the mail sent to the secondary address (unless I missed one or two) was spam. Only about 60% directed to the primary was spam. These days OpenBSD spamd does wonders and we don't use a secondary at all. Primary down = sender retries in a little while. Down means adsl out or power down longer than UPS reserve or hardware crash. I've not seen any of those last 24 hours and the common retry limit is in excess of 3 days. >From the land "down under": Australia. Do we look <umop apisdn> from up over? Do NOT CC me - I am subscribed to the list. Replies to the sender address will fail except from the list-server.
