The usual justification for a secondary MX is when the MX servers have
some sort of special access to the ultimate recipients -- non-SMTP mail
delivery, firewalls that they are privileged to pass, etc.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
They're also mighty handy when dealing with planned, extended outages, such as moving to a new {building, ISP, etc.} or, say, losing power to the {only IX for Moscow, northeastern U.S.}, etc. It's much easier to configure your backup MXen to not toss messages or send warning emails after 4h than it is to politely ask all sending SMTP servers to do the same.
-Dave
David Andersen wrote:
<snip>
It's much easier to configure your backup MXen to not toss messages or send warning emails after 4h than it is to politely ask all sending SMTP servers to do the same.
-Dave
Apparently this has boiled down to
- Some people feel perfectly comfortable trusting the sender's queuing (witness graylisting's popularity)
- Some people feel more secure managing the queued mail. This is also nicer to the sender's queues.
- Secondary MX's should make every possible effort not to add to spam blowblack -- popular mechanisms include smtp call aheads, LDAP, virtusertable maps and so on. If this is impossible serious thought should be given to the need for the MX in the first place.
- Secondary MX's should take care not to be an end run against any anti abuse systems deployed by the primary MX path.
- Typically similar effort that goes into enabling a secondary MX to perform recipient verification needs to be done anyway when having more than one primary MX for simple load balancing reasons. So not having "secondaries" at that point does not make much sense.
- Building a setup depending on a failure mode for productive purposes is not wise.
IOW, depending on collecting mal-clients for blacklisting who connect to your secondary when you believe that they shouldnt is potentialy problematic.
So is designing a setup where you rely on failure of the primary MX reachability so that the secondary MX with better conectivity than the sender can simply relay it based on MX records.