SLUG Mailing List Archives
Re: [SLUG] Secondary MXes [Was: Virus scanning bounce strategy]
- To: Jeff Waugh <jdub@xxxxxxxxxxxxxx>
- Subject: Re: [SLUG] Secondary MXes [Was: Virus scanning bounce strategy]
- From: Glen Turner <glen.turner@xxxxxxxxxxxxx>
- Date: Sun, 01 Feb 2004 18:01:11 +1030
- Cc: Sydney Linux User Group <slug@xxxxxxxxxxx>
- Organization: Australian Academic and Research Network
On Sun, 2004-02-01 at 16:00, Jeff Waugh wrote:
> 2) If your primary mail server goes down often enough or long enough that
> you think you need a secondary MX, you really need to fix your primary,
> build a cluster or outsource.
Why? You simply need to configure the secondary MX correctly,
so that it does the same level of virus, spam and attachment
checking as your main MX. This essentially means a machine
under your control, but located at a co-lo site.
Cluster systems, although seemingly attractive, suck badly
when the nodes are separated enough not to fall victim to
the same network outage (eg, on differing Tier 1 ISPs).
To your list I'd also add
- run authenticated SMTP and reject unauthenticated messages
claiming to be from your domain.
> 4) It is one million times  more important to have stable DNS than it
> is to have a secondary MX. If your DNS server goes down, you're toast.
This is worth outsourcing. Look for an ISP which offers
a anycast DNS secondary service. It's too hard for enterprises
to build an equivalent service.
Glen Turner Tel: (08) 8303 3936 or +61 8 8303 3936
Network Engineer Email: glen.turner@xxxxxxxxxxxxx
Australian Academic & Research Network www.aarnet.edu.au