On 2/04/23 09:03, Jaroslaw Rafa via Postfix-users wrote:
Dnia 1.04.2023 o godz. 13:04:30 Peter via Postfix-users pisze:
Secondary, or backup MXes are almost never recommended in the modern
internet and tend to be a relic of the 1990s dialup internet.
[...]
None of this is what you are considering. If you still want to
implement a secondary MX then it must have all of the same anti-spam
measures as the primary server, be just as well maintained, and
requires a lot of work to get right, all of this for a server which
will likely see little or no legitimate email traffic. My opinion
is you are better served spending your time and efforts on the
primary server.
If I remember correctly, someone mentioned NoListing recently on that list.
For this, you *need* a secondary MX, and it is actually your main mail
server - the primary MX never accepts mail...
This is actually something that postscreen can do as well, given two IP
addresses on the same server, after-220 tests, and mail exchanger policy
tests as described in postscreen(8) the first connection would run the
littany of postscreen tests then return a deferral (450) status.
Assuming that the tests have passed the server will be whitelisted for
the second connection which will then work to either MX, so basically:
* A connection must be made to the primary MX first, which is then deferred.
* A connection can then be made to any MX provided that the postscreen
tests have passed in the first connection.
* Any attempt to connect to the secondary MX before the primary is
discarded.
This allows the best of all worlds without actually configuring a second
server, and postfix has this capability out of the box.
Peter
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
