Matthew Miller wrote: | On Tue, May 17, 2005 at 08:43:58AM +0100, Paul Howarth wrote: | |>I think that what he meant was not outbound SMTP, but that if a sole MX |>goes down for more than a few hours, anyone trying to send mail to the |>domain(s) served by this server would get "Warning: Message Delayed" |>type messages from their own SMTP relays, and it was this that he wanted |>to avoid, as it might lead his own clients (people, not MUAs) to think |>that his service was unreliable when they discovered this. | | | In which case a second mail server with a lower MX priority is a great | solution, given the caveat that it needs to be decently maintained and so | on.
Where "decently maintained" includes "has list of valid users on system" and equal or more strict anti-spam defences than the "main" mail server, as these are necessary to minimise backscatter generation and spam injection through the backup.
I agree with the "don't bother with backup server" idea, but maybe something that would make everyone happy is the MX TTL set to a couple of minutes, and a backup server that is only placed into the DNS record as the MX, *and only accepts incoming port 25* when the primary is down. ~ When the primary is back up again the backup machine is removed from the DNS record and rejects incoming port 25.
Trouble is, sometimes lack of availability of a mail server is due to network issues rather than the server itself being down, so "when the primary is down" may only be true from a limited set of places on the Net. If you're going to have a backup server, it may as well be up all the time. But I wouldn't (and don't) have one.
Paul.
