If you have backup MX handled by someone else who doesn't use tarproxy then the secondary MX may be a major source of spam.
s/may/will be/
Backup MX could be a good way to offload per-domain spam as often backup MX host don't have valid-user information - nearly as good as open relays. Of course much of the spam may not reach the target, but that is the same as ever, it allows the spammer to quickly spam and depart.
Indeed, dumping spam on secondary MXes is a standard technique.
Lesson: Run the same configuration on primary and secondary (and tertiary, etc...) MXes, or don't bother running it at all.
Backup MX should generally be whitelisted by tarproxy or de-listed as MX, there's no point in advertising as backup MX and then applying communications sanctions against it, thus loosing all the mail it aggregated.
Don't white-list the secondary MX. That's exactly what the spammers want you to do. Either don't use it as a secondary, or make sure it's running the same configuration.
-- Brad Knowles, <[EMAIL PROTECTED]>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
