Can a backup mx server be configured to reject email submissions if it can connect to the primary mx?

I know that one technique spammers may use is to send spam to a secondary mail server, since those servers tend to be less powerful and may not have all the spam filtering that the primary has.

Can I set up my backup mail servers to reject any incoming mail if the primary server is still up and accessible? I imagine secondary servers doing a quick ping to the primary as soon as an smtp session is begun on the secondary (even before a helo/ehlo), and rejecting if the primary responds. If the primary is still online, there should be no valid reason to be sending any email to a lower-priority mailserver.

Is this possible with postfix? Are there pitfalls I'm not seeing to this approach?


Solution 1:

That would be highly inadvisable, or, to put it simply, just plain wrong. Just because the secondary server can connect to the primary doesn't mean one or more legitimate SMTP clients can connect to the primary.

Multiple MX servers are primarily designed to handle routing and connectivity issues (and the weighting parameter is there to help hint at the preferred server(s), i.e. the one(s) which will do final local delivery). The SMTP protocol itself is designed to handle short outages (up to a few days) without any loss of email. Do not use multiple MX servers to try to deal with server outages, or even necessarily last-mile connectivity outages.

These days you would do better just to put your primary at a reliable well-connected colo/cloud provider and get rid of any and all other MX servers.

If you really have to handle a lot of incoming connections, more than one server you can afford to provision can handle, then use multiple servers and add multiple A records to the MX hostname, one for each parallel MX host. (In the past, and probably still today, multiple A records for the MX target get more even distribution than multiple equal-weight MX records for different target hosts.) However any configuration of multiple hosts increases your costs, your maintenance headaches, and your security risks.

Summary: Do not advertise additional MX records if normally those additional MX servers will reject all connections. The result will be an invitation to loosing mail on several fronts.