The primary passes to an internal mail server, but performs recipient validation before doing so. This is why I don't believe it's worth doing on the secondary because it means genuine recipients will be checked with the internal server twice (should they be received by the secondary, not primary MX).
Apologies if my terminology is off here. I always think of MX servers as gateways, though I realise in some companies the gateway server and the internal mail server will be one and the same. From reading further into your response, perhaps I misunderstanding MX records. So far as I know, if the secondary MX server receives the e-mail, it shouldn't pass it inside but rather should pass it to the primary MX server, which should be the single point of contact with the internal mail server. Is this incorrect? Paul Cocker -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of mouss Sent: 07 October 2008 20:01 Cc: postfix-users@postfix.org Subject: [SPAM?] Re: My first config - unable to telnet to port 25, virtual.db missing Importance: Low Paul Cocker wrote: > This server is only the secondary mail server for incoming mail, so it > won't be bouncing anything just passing it onto the primary server > which does perform valid recipient checks. and the primary will bounce! This is backscatter. Recipient validation must be performed at the "edge", when the client is not one of your servers. This way, mail to invalid recipients is rejected and it is that client responsibility to handle the error. if you don't, then one of your servers will send a bounce. and since spam uses forged senders, the bounce will go to an innocent that never sent you mail. People are sick of bounce storms, and you may get blocklisted.if this happens, I wish good luck getting out of the many private BLs. > I don't see any point doing it here > too as it just means more hits against the AD servers for no greater > effect, unless I needed to lessen the load on the primary MX server > which I don't. > then don't use a secondary MX. Many spammers target secondary MXes, because they are generally less protected against spam (Whether your is or not doesn't matter). > That this wasn't evident might suggest I've configured it incorrectly > to act as a secondary MX server. > It doesn't matter if it is a secondary or if it is a "gateway". Invalid recipients must be rejected, not bounced. Once mail is accepted by one of your servers, it is too late. TNT Post is the trading name for TNT Post UK Ltd (company number: 04417047), TNT Post (Doordrop Media) Ltd (00613278), TNT Post Scotland Ltd (05695897), TNT Post North Ltd (05701709), TNT Post South West Ltd (05983401), TNT Post Midlands Limited (6458167)and TNT Post London Limited (6493826). Emma's Diary and Lifecycle are trading names for Lifecycle Marketing (Mother and Baby) Ltd (02556692). All companies are registered in England and Wales; registered address: 1 Globeside Business Park, Fieldhouse Lane, Marlow, Buckinghamshire, SL7 1HY.
