Differences between version 16 and predecessor to the previous major change of SMTPBestPractices.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
Newer page: | version 16 | Last edited on Thursday, June 16, 2005 10:33:28 am | by DanielLawson | Revert |
Older page: | version 15 | Last edited on Wednesday, December 15, 2004 10:08:24 pm | by DanielLawson | Revert |
@@ -19,10 +19,16 @@
!!! Secondary <tt>MX</tt>s
Secondary <tt>MX</tt>s have fallen out of favour in recent years as the InterNet is more reliable and there are techniques for keeping your primary up (such as load balancing [NAT]s). Having a secondary <tt>MX</tt> is good if your connectivity is unreliable but a pain otherwise.
-Be aware
that spammers regularly send to secondary <tt>MX</tt>s directly to avoid aggressive [RBL] checks on the primary MailServer. This can be exploited by
having a secondary <tt>MX</tt> that always returns a 400 series code
(temporary failure
), or is __stricter__ with its [RBL] checks
. Another trick
is to list your primary <tt>MX</tt> again as the highest number <tt>MX</tt> so
that spammers hit that one first
.
+Remember
that not
having a secondary <tt>MX</tt> doesn't mean you'll instantly lose mail if your primary is down! The sending MTA will queue the mail for some period
(typically 4 hours the first time
), then try again. It'll keep doing this for quite some time before finally giving up
. The only downside here
is that mail will be delayed
.
+!! Spam and Secondary <tt>MX</tt>s
+Be aware that spammers regularly send to secondary <tt>MX</tt>s directly to avoid aggressive [RBL] checks on the primary MailServer. This can be exploited by having a secondary <tt>MX</tt> that always returns a 400 series code (temporary failure), or is __stricter__ with its [RBL] checks.
+
+One suggested trick is to list your primary <tt>MX</tt> again as the highest number <tt>MX</tt>, so that spammers hit that one first. There is some evidence that spammers aren't actually grabbing the highest <tt>MX</tt> possible, but either blindly picking the second one, or sorting the MX list and removing dupes. Perhaps setting your primary as the first two <tt>MX</tt>s and then your secondary as the third might work. Your mileage may vary.
+
+!! Reliability and Secondary <tt>MX</tt>s
Regularly check that your backup <tt>MX</tt> still correctly relays. You won't notice a backup <tt>MX</tt> rejecting mail until the first time your primary goes down and all your mail is immediately bounced rather than retried later.
!!! Administrative mail accounts