Re: Bug#207300: tmda: Challenge-response is fundamentally broken

[Florian Weimer <fw@deneb.enyo.de>]

John Goerzen <jgoerzen@complete.org> writes:

> Sometimes, there is no choice.  That could be the case if, for instance, you
> are backup MX for a server that is down.  You have accepted the message from
> the original sender already -- possibly hours ago.  The primary server comes
> back up and rejects the message.  You have no choice but to generate a
> bounce mail to the original sender.

That's why it's better to get rid of generic MX secondaries (IOW
secondaries which are not under you administrative control).  The
effect you describe hampers effective anti-spam measures, too.  For
example, you might want to defer a message from a sender whose
temporarily domain doesn't have any MX (or A) record.  If you do this,
significant numbers of messages will pile up in the queues of your
secondary MXes, and their operators won't be happy about that.