On 8/29/07, Don Stokes
I've always advised that if a secondary MX host isn't going to do anything useful with incoming mail other than re-queue it for delivery, then just don't bother.
-- don
I'd have to wholeheartedly agree with that. Back when I did run a secondary, it had to do even more strict spam filtering than the primary mail server, as we'd often see spammers sending mail to the secondary mail server only, so they obviously think this is a great attack vector. Usually mail coming in from a secondary wouldn't be scrutinised anywhere near as much as mail coming from an external mail source. It does seem reasonably pointless to have two MX records pointing to the same IP address, and with the reliability of mail servers these days (due to clustering, load balancing etc) it's not really anywhere near as much of an issue as it once was. However, as we all know, things break, so perhaps the reasoning is that they could switch the secondary to a different IP address at any point (the TTL is reasonably low on the MX records, 1800 seconds by the looks) and have minimal disruption when things return to normal.. Cheers, Blair