<SNIP>
> I've used a different approach,
> IN MX 10 primary.domain.com (4 machines)
> IN MX 20 primary1.domain.com (2 of those 4)
> IN MX 30 primary1.domain.com (the other 2 of those 4)
> IN MX 20 backup.domain.com
> IN MX 30 primary.domain.com
> Seems to force most of the spam through the primary. Very little goes
> through the backup now. To make matters simpler, we have changed all of
> our backups to relay all mail through the primaries.
> Gary Wayne Smith
Okay, so you want the spam directed to the highest MX-number to arrive at
you primary mailserver. That way the spam-checks like originating IP can
still be done in the MTA because it's not relayed by a backup-mailserver.
But because of the uptime of my 1st and 2nd mailservers and because of the
robustness of the mail-protocol I've set the highest MX-number to a
'dummy' server so that mail is blocked if they only try that MX-number
(must be a spammer then). That way this kind of spam doesn't arrive at
all.
It's a matter of taste..
Menno
