Re: Value of backup MX

To: John Goerzen <jgoerzen@complete.org>
Cc: debian-isp@lists.debian.org
Subject: Re: Value of backup MX
From: Craig Sanders <cas@taz.net.au>
Date: Wed, 10 Nov 2004 09:24:11 +1100
Message-id: <[🔎] 20041109222411.GA4592@taz.net.au>
In-reply-to: <[🔎] slrncp1k5n.khi.jgoerzen@christoph.complete.org>
References: <[🔎] slrncp1k5n.khi.jgoerzen@christoph.complete.org>

On Tue, Nov 09, 2004 at 02:14:15PM +0000, John Goerzen wrote:
> I'm looking at redoing my mail setup due primarily to spam filtering.
> Over at http://www.tldp.org/HOWTO/Spam-Filtering-for-MX/multimx.html,
> they are suggesting not to use redundant mail servers unless needed
> for load balancing.

good advice.

backup MX is obsolete these days, very few people need it (most of
those who *think* they do are just running on ancient & obsolete
gossip/"common sense" from the days when backup MXes were useful).
almost all mail these days is delivered by SMTP, and all real SMTP
servers(*) will retry delivery. this works perfectly well without a
backup MX, and in fact works BETTER without a backup MX.

(*) viruses and spamware are not real SMTP servers, so they won't retry.  they
also don't send bounces, so when you 5xx reject them during the SMTP session
you don't generate backscatter.

> The last time I set up a major mail server, which was indeed a few
> years ago, common sense was to always have a backup MX. But then that
> was before the days where joejobs, spam/viruses with forged headers,
> etc. were popular and troublesome.

if you do have a backup MX, then you need to have the same anti-spam
& anti-virus rules as on your primary server AND (most important!) it
needs to have a list of valid recipients, so that it can 5xx reject
mail for unknown users rather than accept and bounce them (known as
"backscatter").

in postfix terms, the valid recipients list is known as a
"relay_recipient_table". it needs to be populated with all valid
addresses (accounts & aliases) in the domain being relayed. dunno what
it's called in sendmail or exim, or even if it exists in them.

btw, backscatter also causes problems for you and your server.  many of the
spam/virus bounces are from undeliverable return addresses, so they end up
clogging your mail queue for days and slowing the entire system down.

> Now, I'm not really an ISP (this was the closest list I could find
> for this topic), but I do host a number of mid-size mailing lists
> and also receive a good deal of mail myself. I'm wondering what your
> thoughts might be on no longer having a backup MX outside my direct
> administrative control (or even one that is within my administrative
> control).

having a backup MX that you don't control is a very bad idea.

if you don't control it, you can't maintain a list of valid recipients
on it, so you will be generating vast quantities of backscatter to
innocent third-parties whose email address has been forged by spammers
or viruses.

if you have one, get rid of it ASAP.

craig

-- 
craig sanders <cas@taz.net.au>           (part time cyborg)

Reply to:

Follow-Ups:
- Re: Value of backup MX
  - From: Robert Brockway <rbrockway@opentrend.net>
- Re: Value of backup MX
  - From: Robert Brockway <rbrockway@opentrend.net>

References:
- Value of backup MX
  - From: John Goerzen <jgoerzen@complete.org>

Prev by Date: Re: Limiting User Commands
Next by Date: Re: Value of backup MX
Previous by thread: Re: Value of backup MX
Next by thread: Re: Value of backup MX
Index(es):
- Date
- Thread