Re: OT? /dev/null 5.1.1 email

[Joe Maimon <jmaimon () ttec com>]

David Andersen wrote:
> On Jul 5, 2005, at 11:28 PM, Steven M. Bellovin wrote:
>
> >
<snip>
>  It's much easier to 
> configure your backup MXen to not toss messages or send warning emails 
> after 4h than it is to politely ask all sending SMTP servers to do the 
> same.
>
>   -Dave
Apparently this has boiled down to

- Some people feel perfectly comfortable trusting the sender's queuing 
(witness graylisting's popularity)

- Some people feel more secure managing the queued mail. This is also 
nicer to the sender's queues.

- Secondary MX's should make every possible effort not to add to spam 
blowblack -- popular mechanisms include smtp call aheads, LDAP, 
virtusertable maps and so on. If this is impossible serious thought 
should be given to the need for the MX in the first place.

- Secondary MX's should take care not to be an end run against any anti 
abuse systems deployed by the primary MX path.

- Typically similar effort that goes into enabling a secondary MX to 
perform recipient verification needs to be done anyway when having more 
than one primary MX for simple load balancing reasons. So not having 
"secondaries" at that point does not make much sense.

- Building a setup depending on a failure mode for productive purposes 
is not wise.

IOW, depending on collecting mal-clients for blacklisting who connect to 
your secondary when you believe that they shouldnt is potentialy 
problematic.

So is designing a setup where you rely on failure of the primary MX 
reachability so that the secondary MX with better conectivity than the 
sender can simply relay it based on MX records.