On Mar 3, 2007, at 2:53 AM, Andrew Lentvorski wrote:
Recently I readded greylisting to my mail server. It seems to *really* make a difference. However ...Should I turn off my secondary MX? I'm probably causing them quite a bit of grief by having greylisting.How many folks here running mail servers are actually using secondary MX's anymore? Is there really any point anymore?
If you're going to be using greylisting, you really should tie it to all your MXs for it to be truly effective.
UCSD discovered the hard way about greylisting and multiple MXs, and ended up using a greylisting service with postfix that tied all its data through a central (replicated) database, so that all the MXs would have consistent information. This prevents bypassing the greylisting via a secondary MX, and also prevents double-whammy greylisting when a server steps through the MXs because all of them are greylisting in turn. (When you run about 6 incoming MXs, that can lead to several hours of mail delay).
I'll parrot what Tracy said about definitely yes having a backup MX. A proper mail server should simply queue messages when your MX is unavailable, and periodically retry, typically for up to 5 days. I've seen a lot of people set the limit much lower (2 days or less), especially in very-high-volume mailing list servers. And we've all suffered through stupid outages that resulted in bounced mail for no good reason, which tells me there are a lot of poorly configured mail servers out there.
Gregory -- Gregory K. Ruiz-Ade <[EMAIL PROTECTED]> OpenPGP Key ID: EAF4844B keyserver: pgpkeys.mit.edu
PGP.sig
Description: This is a digitally signed message part
-- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
