I wrote:
3. One of your MXes (the third-priority one, opera.rednote.net) doesn't accept mail to your postmaster or abuse addresses. Example using postmaster:
In the middle 1990s, I had an epiphany about backup MX service. It sucks and is a bad idea on balance -- and particularly backup MX service on a machine of which you are not the administrator. 1. Spammers long ago figured out that they should drop off spam for domain example.com on the _highest_ (lowest priority) MX for example.com. Usually, the priority 30 MX host has looser (or at least different) antispam heuristics than does priority 10 MX host. Having dropped off that mail, the spammer's job is done, and now your backup MX host's antispam measures are at war with your primary MX host's antispam measures, as host priority 30 struggles to redeliver spam to host priority 10. Essentially, the former host has become collateral damage as an SMTP relay. In extreme cases, you may end up teergrubing or greylisting your relay. 2. Inevitably, you find out at the worst possible time, e.g., your unplanned downtime, that your buddy who provides backup MX for you dropped your domain from his MTA configuraiton and forgot to tell you, or has adopted some pathological practice like challenge-response or worse. Or, of course, less disasterously but annoyingly, your backup MX whimsically decided to ignore RFCs (such as accepting mail for postmaster and abuse). After contemplating these sad facts ~20 years ago, I dropped all backup MX (except for hosts I administer and on which I enforce the same antispam regime as on other hosts). This means I have an incentive to bring downed SMTP service back online before hardfail timeouts, but that's really not difficult even if your NOC took a meteor hit. It's what failover measures are for.