Re: Value of backup MX

To: debian-isp@lists.debian.org
Subject: Re: Value of backup MX
From: Robert Brockway <rbrockway@opentrend.net>
Date: Wed, 10 Nov 2004 14:10:18 -0500 (EST)
Message-id: <[🔎] Pine.LNX.4.58.0411101401460.3324@zen.opentrend.net>
In-reply-to: <[🔎] 20041109222411.GA4592@taz.net.au>
References: <[🔎] slrncp1k5n.khi.jgoerzen@christoph.complete.org> <[🔎] 20041109222411.GA4592@taz.net.au>

On Wed, 10 Nov 2004, Craig Sanders wrote:

> backup MX is obsolete these days, very few people need it (most of

This does seem to be a prevailing opinion but I think backup MXs are
valuable now for the same reason they always were - outages happen.  We
have no way of knowing how long a remote MTA will continue attempting to
resend, even if it is following the rules of SMTP.  I do not want to lose
mail because a remote admin can't afford to hold mail for very long
(assuming a major issue like a hardware fault).

I do fully support the idea of the backup MXs having the same anti-spam
capabilities as the primary (rsync over ssh can do wonders)

Peered MXs (eg, 2 x MX 10) and dynamic backups which don't just queue mail
but continue to deliver when the primary is down are even better.

> those who *think* they do are just running on ancient & obsolete
> gossip/"common sense" from the days when backup MXes were useful).
> almost all mail these days is delivered by SMTP, and all real SMTP

MXs are hardly useful for mail that is not travelling over SMTP :)

> servers(*) will retry delivery. this works perfectly well without a
> backup MX, and in fact works BETTER without a backup MX.

How does it work _better_ without a backup MX?

> if you do have a backup MX, then you need to have the same anti-spam
> & anti-virus rules as on your primary server AND (most important!) it

I agree with this (as noted above)

> needs to have a list of valid recipients, so that it can 5xx reject
> mail for unknown users rather than accept and bounce them (known as

I disagree with this.  I'd sooner not have a backup than use this
strategy.  Sounds like a good way to lose new customers.

> btw, backscatter also causes problems for you and your server.  many of the
> spam/virus bounces are from undeliverable return addresses, so they end up
> clogging your mail queue for days and slowing the entire system down.

Only if the queue is really huge, honestly.

> having a backup MX that you don't control is a very bad idea.

Yes.  Spam aside you are placing much trust in the admins of the backup
MX if you do this.

> if you have one, get rid of it ASAP.

One opinion :)  I happen to have a different opinion.

Rob

-- 
Robert Brockway B.Sc.
Senior Technical Consultant, OpenTrend Solutions Ltd.
Phone: 416-669-3073, Email: rbrockway@opentrend.net, http://www.opentrend.net
OpenTrend Solutions: Reliable, secure solutions to real world problems.

Reply to:

Follow-Ups:
- Re: Value of backup MX
  - From: Craig Sanders <cas@taz.net.au>

References:
- Value of backup MX
  - From: John Goerzen <jgoerzen@complete.org>
- Re: Value of backup MX
  - From: Craig Sanders <cas@taz.net.au>

Prev by Date: This Is a Test Mail
Next by Date: Re: Value of backup MX
Previous by thread: Re: Value of backup MX
Next by thread: Re: Value of backup MX
Index(es):
- Date
- Thread