On Fri, 2015-02-13 at 11:04 -0600, Les Mikesell wrote:
I'd recommend not having a secondary MX at all unless it is equipped to reject invalid users and spam in all the same ways as your primary. Otherwise it accept junk that your primary rejects and then you are obligated to send a bounce message which is always a bad thing - you want the authoritative receiver to reject at the smtp level instead of accepting at all. There's a whole category of spam where the real target is the apparent sender where a bounce will go. Also anything sending valid mail should be prepared to queue and retry on temporary failures just as well as your own secondary would.
On some domains I have 3 MXs - primary, secondary and tertiary - all share exactly the same coding, configuration and reporting. Absolutely no sense is weakening security for any MX although some spammers think the highest numbered MX is the weakest !