primary / backup mail server

[Vu Pham]

Bill Campbell wrote:
[...]
>>
>> 2. Some emails were trying to contact the backup mail server instead of 
>> the primary one.
>>
>> For the emails of the second case, why did they try the backup mail 
>> server ? Both the primary and backup are in the same network, same 
>> communication link from the ISP.
> 
> Spammers will often try higher distance MX servers in hopes that they have
> less stringent anti-spam filters than the primary's.  If we're going to
> configure more than one secondary MX, we put them in at the same distance
> as there's no reason to have messages passed between non-delivery MX
> servers.  We make sure that the secondaries have the same anti-spam
> configuration as the primaries.
> 
> Having the secondary MX server on the same network is probably not a Good
> Idea(tm) as it doesn't address the problem of a network/router failure.  If
> one is going to have any secondary servers, it's best that they be
> geographically separated, and that you have some control on the expire time
> in case of extended outages (some of the primaries we backup were down for
> a week last December due to a power outage so I had to tweak things here to
> keep messages around longer).
> 
>> Does it mean the link was overloaded so the remote mail servers have to 
>> try the backup one ?
> 
> That's the theory, but, as I said above, spammers often will try backup MX
> servers in hopes of getting through them.  I see connection attempts to MX
> addresses that we haven't used in 10 years or more (not to mention
> thousands of spam sent to subdomains of ours that were last used when we
> provided dialup uucp connections to various organizations here in the
> Seattle area.
> 


Bill, thanks a lot for the explanation. Interesting to know the spammers 
trying to get to the backup servers.

In my case, the spammers do not know that the backup server is in fact a 
test server, and it has more spam tests than the primary one :))


Vu