On Jul 5, 2005, at 11:28 PM, Steven M. Bellovin wrote:
In message <Pine.WNT.4.63.0507052219510.5600@jvc>, Todd Vierling writes:
The default recommendation I give anyone these days is to use no secondaries, and let the sender's mail server queue it up, as that's the fastest implementation path. As a second stage, and only if the expertise and time is available, then a backup MX with some sort of recipient validation at SMTP time can be implemented.
The usual justification for a secondary MX is when the MX servers have some sort of special access to the ultimate recipients -- non-SMTP mail delivery, firewalls that they are privileged to pass, etc.
They're also mighty handy when dealing with planned, extended outages, such as moving to a new {building, ISP, etc.} or, say, losing power to the {only IX for Moscow, northeastern U.S.}, etc. It's much easier to configure your backup MXen to not toss messages or send warning emails after 4h than it is to politely ask all sending SMTP servers to do the same. -Dave