> Am 09.07.2013 23:56, schrieb Jan P. Kessler: >> > How can I configure my primary server to accept connections/mail from >> the >> > secondary server but still refuse connections/mail from all other >> cable >> > connections. >> >> I use TLS client certificates for these purposes* >> >> http://www.postfix.org/TLS_README.html >> >> * Not for backup to primary mx, but whenever I 'own' both sides of the >> connection and one is behind a dynamic ip (soho server sends outgoing >> mail via company relay, ...). > > Please note that having a public MX behind a dynamic ip address may lead > to situations where someone else gets your mail! > > I'm just thinking about setting up a honeypot postfix on my cable line > at home ;). > >
This is something I hadn't considered at all. In order for me to better understand the consequences of my actions are you able to explain to me why that is the case, and what situation would need to arise for that to happen. Or simply point me to the appropriate articles so I can read and investigate this. It is looking more and more like I should be leasing another VPS server to host my backup DNS and MX. Regards Fred
