[Greylist-users] question about multiple mx

[Franck Arnaud]

Ricardo Kirkner:

> I need to have those relays as a backup measure.

Do you? What is the benefit? If your backups are just relaying
to the master, it's completely pointless, because the original 
senders can do that (retry) very well -- as we all know because 
we use that feature in greylisting! Close down your relays 
and the backup feature remains intact, distributed over 
all incoming email senders. Why do you want to do something 
the world is already happily doing for you?

By adding a backup relay you increase the potential of 
failure in several ways:

* the relay can eat/lose messages silently
* any bounces that are delayed by the relaying move from 
  being SMTP bounces to email bounces which is bad as 
  it can generate harmful bounce traffic. SMTP 
  bounces are more robust as you're usually talking 
  directly to the virus/spammer who is not going to 
  forward the bounce to a from address they forged 
  themselves for instance.
* the relay can be abused by spammers as you have 
  already discovered.

If you want a really effective and useful backup, you 
should rather have one MX entry with backup SMTP servers 
that can take over the master. When the master fails, 
you change the MX entry or the IP of the mail server 
to be the new one, or put the new server on the same IP.

I note some large ISPs have a single MX, maybe for 
this reason.
 
> BTW, if I don't whitelist those relays, it is only a matter of time for
> them to get whitelisted automatically, since they will retry until the
> greylisting filter lets them through, so not whitelisting my relays is
> not a solution here.

The problem is covered in the whitelisting paper and the 
clean solutions is that if you do have relays, they 
must share the same greylisting database (or equivalently 
be proxies rather than relays, relaying each SMTP command 
and reply from the master).