On Tue, 26 Jan 2016, Niall O'Reilly wrote:
On Fri, 15 Jan 2016 07:33:10 +0000, Paul Goyette wrote:Actually, I have a good reason for using a backup-MX - the primary mail server is only reachable via IPv6. It is "hidden" behind an IPv4-only NAT box. Connectivity between the primary and backup MX machines is via an openvpn tunnel, running IPv6-over-IPv4 (the IPv6 address range is globally visibile and routable).Do you actually need an MTA on the backup server? This could run a proxy/port-forwarder/load-balancer service to redirect the SMTP session to the primary, leaving you with just one MTA to manage.
Sounds like a lot more complication than running a second MTA. It's hard enough figuring out how to configure an MTA, but then having to configure (and debug) another service is more work than I'm willing to endure.
In any case, I've got it working sufficiently well. There are only a very few messages sent from the backup server to in-domain addressees, and I'm willing to let these messages be processed by dspam once they're relayed to the primary server, treating them the same as messages which originate outside of my domain.
+------------------+--------------------------+------------------------+ | Paul Goyette | PGP Key fingerprint: | E-mail addresses: | | (Retired) | FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com | | Kernel Developer | 0786 F758 55DE 53BA 7731 | pgoyette at netbsd.org | +------------------+--------------------------+------------------------+