On 12 Jan 2019, at 6:09, Nick Howitt wrote:
I have a mail server and two backup MX servers and most of the mail is arriving via one of the backup servers.
Your first step should be to seriously interrogate that architectural choice.
When variable-priority MXs were devised, the Internet was very different and general experiences with cross-domain email were very different. It made sense to have distant backup MXs, even if they were run by other people. Also, spam wasn't a thing.
Today there are very few mail systems can gain anything discernible from having multiple MXs that are not under common administrative control and consciously configured to operate together as equals or with varied priorities. As you have discovered, having secondary MXs which you do not control causes hard problems with spam. In addition to the fact that spammers have learned to hit the backup MXs first, you are presented with the problem of very likely causing backscatter and/or silently dropping mail.
-- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Available For Hire: https://linkedin.com/in/billcole
