Word of advice … with a few exceptions, there is absolutely no need for most organizations to implement backup MX’s. In fact, if they are not setup and managed very carefully, they can cause significant harm to an organization.
In the past week I’ve had two people on my mailing lists get their subscriptions suspended because their companies backup MX’s were not configured properly.
For those who don’t know, a “Backup MX” is a mail server that can accept mail delivery if the primary mail server is not available. A domain’s DNS records have “MX” records that list the mail servers in order of priority. Sending mail servers will try to connect to the first receiving mail server on the MX list, if that connection fails, it will try the next, etc.
Why are they not needed and, more importantly, why can they cause harm?
- Not needed
- Most sending mail server will try to deliver mail for a few days (generally around 5). Even if your mail server is down for a whole weekend, the sending server will continue delivery attempts.
- Unless your organization is expecting a massive amount of email (and I’m talking about thousands of mail deliveries per second, the kind a major national ISP might get), most mail servers are more than capable of handling the load … and the extra work involved in maintaining the additional servers probably isn’t worth it.
- Why harmful
- If not configured properly, mail delivered to the backup MX might not be accepted … thus causing non-delivery errors. This is what happened to the subscribers to my lists. Their primary MX was accepting mail, but the backup MX wasn’t. The rejection messages were being processed by the list software and their subscriptions were suspended
- Backup MX’s are often not as spam & virus resistant as primary MX’s. For this reason, spammers and virus writers often target backup MX’s instead of primary MX’s.
In the end … backup MX’s do have their uses … but only if implemented where absolutely needed and managed very carefully.
Oh, and by the way, if you are having problems sending mail from a different system than your primary mail server … it’s not because you need a backup MX. It’s probably because the other system needs to have a reverse IP name setup in DNS. Many mail servers are configured to reject mail sent from systems that do not have reverse IP dns entries setup.
[tags]SMTP, mail, email, Mail Servers, MX records, DNS[/tags]
What do you think of a technique called Nolisting, which fights spam by specifying a primary MX that is always unavailable. The page referenced here is an extensive FAQ and how-to guide that addressed this…
http://www.joreybump.com/code/howto/nolisting.html
Don’t know for sure … some spammers specifically target backup MX’s because they are less protected than primaries.
Check out http://en.wikipedia.org/wiki/MX_record#MX_priority for info.