SUMMARY ------- I want to thank everyone for their responses. While everyone's situation will be different, I think this sums up the answer to my own question:
Yes. A secondary MX is worth the added maintenance and configuration headache if the costs of doing so make sense. Obviously various risk management and business requirements are factored into that equation which only you [or your business] can answer. All things being equal, however, the ability to take control away from the sending mail server and place it in your hands is worth the effort. Now there were implementation questions/opinions posed by several responders which I feel should be commented on. I'll assume that everyone knows not to setup a "dumb" secondary MX which doesn't do any validation and encourages backscatter/UCE of it's own. So, either a "smart" secondary or a deferring 4xx secondary? Sticking to the nature of this post, a defer-only 4xx secondary is just about useless. Sure, you can use it in a SPAM honeypot fashion to help reduce load on your primary, but I see *ZERO* value when the primary is down. An intelligent secondary is the only way to go if you determine a secondary MX is required. In my situation, I have a pre-configured "Disaster Recovery" server which already has a real-time, fully replicated [via VPN] copy of my production MySQL server - so I already have all the domain/user data I need to do email validation. It's practically sitting idle and would make a wonderful secondary MX. Since Exim is already configured on that box to take over primary MTA responsibilities, I'll be using Postfix instead of going through the hassle of running multiple Exim instances, but all MX functionality will be identical. Thanks again to everyone!! -Ken > In a world where most MTA's will retry a message up to 5-7 days, is a > secondary MX worth the added maintenance and configuration headache? > > I have a primary datacenter in Atlanta where I have a small load > balanced cluster of MTA's. I also have a disaster recovery site > located in Dallas which can be used should Georgia fall into the > Atlantic. Theoretically, a cheap secondary MX located in - say > Seattle - would ensure that any email sent during major outages which > are less than catastrophic (5 minutes - 5 days) would be spooled and > delivered once the primary comes back up. I say "less than > catastrophic" meaning that my data center and core infrastructure > still exist, but maybe all my hard drives in all my mail servers > decide to spontaneously fail. > > I understand that all anti-spam measures (spamassassin, greylisting, > etc) would have to be duplicated on the secondary MX to keep it from > becoming a SPAM relay for my domains. > > I find myself completely torn. Can anyone give me their reasons for > using a secondary ... or not using? > > Oh, btw. This is a small hosting provider setup with ~2000 domains > and ~100,000 msgs/day. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
