On 9/06/20 2:56 pm, Jon LaBadie wrote:
I hit another limitation. My backup MX handler is a 3rd party who will not use greylisting. Thus all the 1st timers I rejected just delivered to my alternate MX address and were not blocked at all.
Don't use a backup MX, they are a relic of the 90s when mail servers were often times not always online. a sending mail server will generally retry the message for up to five days if your MTA is down so backup MXes are really not necessary.
As you have discovered, if you do decide to use a backup MX it really needs to have exactly the same anti-spam protections as the primary MX, but most backup MXes don't and spammers know this. In fact many spammers will ignore the primary MX all together and push out SPAM directly to the backup MX.
Peter