On 12/01/2019 15:52, Nick Howitt wrote: > > > On 12/01/2019 14:47, John Fawcett wrote: >> restrictions only for inbound email on port 25 they may block some badly >> configured servers, but I don't think its a big issue. YMMV. I'd >> configure the backup server as far as possible with the same >> restrictions used on the main server to block email incoming into the >> backup server. > Unfortunately I don't have access to the MX Backup service. It is > provided by my DNS provider.
I know it sounds a bit drastic, but you might want to think about whether you need a backup server you don't control. A better choice if you can't control your own backup server is to have none. The amount of email you would lose for small outages on the main server without a secondary MX should be close to zero. With a backup server that cannot reject mail for unknown users, you will probably be generating backscatter when your main server rejects email being handed off from the backup to your main server. John
