Paul Cocker wrote:
This server is only the secondary mail server for incoming mail, so it
won't be bouncing anything just passing it onto the primary server which
does perform valid recipient checks.
and the primary will bounce! This is backscatter.
Recipient validation must be performed at the "edge", when the client is
not one of your servers. This way, mail to invalid recipients is
rejected and it is that client responsibility to handle the error. if
you don't, then one of your servers will send a bounce. and since spam
uses forged senders, the bounce will go to an innocent that never sent
you mail. People are sick of bounce storms, and you may get
blocklisted.if this happens, I wish good luck getting out of the many
private BLs.
I don't see any point doing it here
too as it just means more hits against the AD servers for no greater
effect, unless I needed to lessen the load on the primary MX server
which I don't.
then don't use a secondary MX. Many spammers target secondary MXes,
because they are generally less protected against spam (Whether your is
or not doesn't matter).
That this wasn't evident might suggest I've configured it incorrectly to
act as a secondary MX server.
It doesn't matter if it is a secondary or if it is a "gateway". Invalid
recipients must be rejected, not bounced. Once mail is accepted by one
of your servers, it is too late.
