On Fri, Feb 13, 2015 at 11:39 AM, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote: > >> Otherwise it accept junk that your primary rejects > > Not exactly. If greylisting on primary is set, but on backup MX is not, > still what is killed by greylisting by primary MX, almost never will come > through backup MX. This is due to the same reason why greylisting is > efficient: it trows off all that doesn't behave as mail server (thus never > comes for re-delivery, and definitely doesn't try backup MX which real > servers always do even before attempt of re-delivery). I'm not convinced. Spam is big business and trying a 2nd MX is cheap. > Still, it is good > to have the same greylisting on backup MX. And all other blows and > whistles. Greylisting would be kind of hard to do right. You'd have to keep the known-good senders in sync across the receivers. But my bigger worry would be a dictionary-type attack on user names as recipients if you don't have access to the real user list on the secondary. Aside from the blowback of the bounces, if you've ever accepted an address it is likely to get on lists of known-good spam and cause extra traffic forever after. -- Les Mikesell lesmikesell at gmail.com