On Tue, Dec 2, 2008 at 12:02, Aaron Wolfe <[EMAIL PROTECTED]> wrote: > You could try to use > callouts to the primary to establish whether a user account is valid > before accepting the message, but then you arent much of a backup when > the primary goes down.
Unless you're caching the results of those callouts, both for the above purpose and to reduce the number of callouts being performed. That does mean that people who rarely receive email will be more likely to have mail rejected by the backup-MX when the primary is down, but hopefully said backup-MX would issue a 4xx error for unresolved users, instead of an 5xx error, when the primary is down. That's essentially what my MX servers do: 1) recipient is in the Cache: accept the message and act accordingly. 2) recipient is not in the Cache, and the Primary is up: 2a) If the primary validates the recipient, add the recipient to the cache and retain their entry in the cache for 6 hours; accept the message and act accordingly 2b) If the primary rejects the recipient, issue a 5xx error to the submitting SMTP agent. 3) recipient is not in the Cache, and the Primary is down: issue a 4xx error to the submitting SMTP agent. And, we aren't configured in a way such that mail only hits our MX servers when the Primary (our IMAP/Lists server) is down. Mail always goes the MX servers first, when coming from the internet/non-local-senders. So the idea that the MX server would receive email while the Primary is up is perfectly valid for our environment.
