also sprach Noel Jones <njo...@megan.vbhcs.org> [2011.08.10.0120 +0200]: > > 10 primary-0.mx 20 secondary.mx 30 primary-1.mx > > > > In this scenario, what will the spammers hit? > > All of them. What is your intent here?
My intent is to combine postscreen, using the dual-MX approach outlined by Wietse, with a physically-separate-MX-backup, but without a shared database for the postscreen whitelist. My theory was that spammers would try the lowest priority MX first (primary-1.mx), in this case the second IP on the main MX. Here, postscreen basically fends them off, because no host can achieve whitelisting here. Real hosts talk to primary-0.mx and get whitelisted. And if primary-0.mx and primary-1.mx go offline, then secondary.mx with priority 20 is still available to cache incoming mail, and can even run postscreen (but without the benefits of using 2 MX records). I should just try it out, but I wanted to see if anyone had experience already before tipping my toe into the water. Cheers, -- martin | http://madduck.net/ | http://two.sentenc.es/ "work consists of whatever a body is obliged to do. play consists of whatever a body is not obliged to do." -- mark twain spamtraps: madduck.bo...@madduck.net
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
