On 23 Feb 2013, at 17:57, Evert Mouw <post(_at_)evert(_dot_)net> wrote:
# Reject messages on backup mail exchangers when primary MX is online
Been there, done that. I implemented it using Sendmail 8.13 and a socket map
(the code for which I regrettably can't find at the moment, but it would be a
day's work to recreate it anyway).
My conclusion was (I don't do it anymore, now that I use Postfix) that it has
its uses, but only if transparency is more important to the backup MX operator
than anything else. Others have explained how reachability problems will cause
unexpected/unintended behaviour, and they're right, but as an informal method
it helped me out quite enormously. (In fact, the whole machine was activated
by the presence of its hostname in an MX target; anybody could request backup
mail service by just setting it up as their secondary, and it would just do the
right thing. They also assumed responsibility for ensuring that the global
view of DNS, as seen by that machine, did not include stale entries that might
cause the MX to reject.)
The big thing to watch out for is not to disrupt clients too badly. You want
to arrange for probes of each MX is best-preference-first order to occur as
swiftly as possible, and you always want to give the benefit of the doubt
whenever you suspect you might be dealing with a network problem (DNS transient
fail, the greeting is not read back from the machine, etc). If you hang up the
clients too long, you will do much more harm than good, and if you can't accept
that certain sites will experience prolonged periods during which you, or the
primary MX through you, are unavailable, then you absolutely shouldn't do it.
During my four or so years of this (which saved one small site several weeks
worth of mail), I've only ever experienced one problematic mailer (Yahoo's, I
think it was) who persistently tried and retried the secondary and was informed
that "450 4.5.0 <user(_at_)example(_dot_)com>… Not while <hostname-of-primary>
is up." If you want to improve, you should start with some s!
ort of grace failover for multiple failed attempts.
Cheers,
Sabahattin
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp