Daniel Miller:
> This question is actually two questions - neither of which are
> Postfix-specific but email-generic - but this list is the best resource
> I have to ask such questions.
>
> First - I've been contributing to "Project Tarbaby", which means I have
> a pair of secondary MX records below my primary which accept anything
> they get - and those get used to build DNS blacklists. Properly
> configured hosts talk to my primary server without issue. The only
> question here is - does anyone have an objection to what I'm doing with
> this?
This is unsafe, because the connection to the primary MX may fail
for all kinds of reasons, including a temporary network outage
somewhere far away on the Internet.
> Is the method for working with primary vs secondary MX records clear -
> at least clear enough that my tarpit setup should work? Or is there
> enough of a grey area that this setup is doomed to failure regardless?
Tricks with MX-priority spamtraps share the problem that they make
assumptions about the behavior of all legitimate MTAs.
For a related approach, see, for example, "nolisting".
Wietse
