On Wed, 25 Nov 2009, Tony Nelson wrote:
My advice is not to have a "secondary" MX, as it is just going to be the main target of spammers, as secondary MX servers usually don't receive the care given to primary MX servers. It might well cause a lot of backscatter spam, as spam accepted during the SMTP transaction will be rejected later, when your primary MX gets it, by sending a bounce message to some innocent party.
This is the reason that it is now necessary to verify the delivery address during the initial SMTP transaction. It is backup MXs not doing this that causes backscatter spam. The OP mentioned that he needed to do this and was hoping for a way around it.
To the OP: No there is no way around this requirement thanks to the spammers. You may want to verify users via LDAP on each MX.
Rob -- I tried to change the world but they had a no-return policy http://www.practicalsysadmin.com