Am 07.08.2012 22:03, schrieb tobi: > > Am 07.08.2012 20:04, schrieb Stan Hoeppner: >> The first thing you need to do is define for us what "protect >> backup-mx servers" means. What, exactly, do you want to protect >> them from? >> > > Sorry if my intention was only clear to myself ;-) > I want to prevent clients from connecting my backup-mx as long as the > main-mx is up and running. Like spammers sometimes try by connecting > directly to a backup-mx instead trying main-mx first.
be carfeul with such things that you primary MX is up from the connection of your backup-MX means virtually nothing because this does not mean it is also from the route the delivering MTA takes i have a practical example where i would 100% say it is impossible if someone tells me the same: * Class C IP-Range * two IP-Addresses on the same server * one customer with a website on both ip-addresses * customer has one www-domain and another domain with ip-based SSL host our ISP had terrible routing problems from and to all sort of networks over some hours caused by a dying core-router my customer was sitting in his office on the same machine and was able to connect to 91.118.73.6 without any problem while he could not connect to 91.118.73.7 from the same machine while other customers could even not connect to 91.118.73.6 so we had * the same client * the same network hardware on the client side * the same ISP on the client side * the same ISp on oour side * the same route * the same network hardware on our side * even the same physical server on our side * after ISP has solved his troubles all went to normal operations so nobody can explain me how this was possible but this shows me that make the decision "my primary MX is up" is finally danherous and says virtually nothing if he is up for any incoming connect from somewhere else and if the primary MX is down from the delivering MTA he is absolutely right to try the backup-MX!
signature.asc
Description: OpenPGP digital signature
