Cosme Faria Corrêa wrote: > I do not agree. > I think it is not a good idea to allow my client see a warning about my > server unavailability. > > The MX bkp server just cache your e-mails while you are off-line. > It is not routine, it is for a emergency. > > The relay is closed and it send just for your MX "master", when > available. > > Is there any problem here? If I'm understanding you correctly, you're not describing the ways that MX servers are normally set up. If you *can* get one like that, it answers most of the objections. The difference is in the "The relay is closed" bit: do I understand that when your main server is up, the backup MX won't accept any e-mail for your domain even if e-mail is sent directly to it? Presumably it has periodic checks (or checks when an SMTP connection is made) to see if the main MX server is live? Most backup MXes don't do this. They are set so that they will always accept e-mail for you, and forward it when they can. If your server has been sitting there for months without a glitch, they won't know this: they'll still accept the mail and forward it to you, even though the sender should have sent it to your main MX. "Normal" MTAs [1] avoid the backup MX and use the main one by looking at the DNS records. But this relies on the sending MTAs being well-behaved. Spammers, by definition, will be badly behaved if it suits their purposes. And this is the problem: by the time any MX has accepted e-mail for you, you've lost the chance to do a whole set of anti-spam checks. If you control the backup MX, you can set it to do the same checks as your main MX. If you don't, then your backup MX is a highway around your anti-spam defences. And spammers know this. Their tools know this. One of the latest and greatest anti-spam tools is greylisting. This only works by looking for one of the differences between legitimate MTAs and spam-spewers. And it needs to be able to talk directly to the sending MTA to make this work. So it needs to be on *all* your MXes. You know (or should do) the MTA on your backup MX is a "good" MTA that does re-trying properly. You gain nothing by greylisting your backup MX: you need the greylisting *on* the backup MX. Hope this helps, James. [1] Message Transfer Agent: a program that transfers e-mails between machines on the way from sender to recipient. http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-email-types.html -- E-mail address: james | We still have enough spare cardboard sitting around @westexe.demon.co.uk | to send a bus by Parcelforce, although not enough | wrapping to be sure they wouldn't deliver it broken | into two pieces. -- Alan Cox