Quoting Jason White (jason@jasonjgw.net):
In general, though, I would advise anyone contemplating a similar arrangement to consider Rick's suggestion and the issues raised in this thread.
It's worth knowing what exactly happens when all of one's domain's MXes are unreachable for mail delivery. The situation's both more and less bad than you might expect. That's in contrast to losing all authoritative nameservice for a domain, which is immediately and severely bad. All the SMTP hosts that have outbound mail queued up for your domain will keep trying. The _customary_ timeout period for permanent delivery failure (55x reject), established by Sendmail's default, is five days -- and I vaguely recall that most Unixey MTAs such as Exim4 at least approximately follow suit (4 days in Exim4's case). This doesn't prevent local admins from overriding the MTA's retry timeout, of course. That de-facto customary expectation is, naturally enough, not universally respected. Courier-MTA defaults to seven days; MS-Exchange Server defaults to two days. And so on. My rule of thumb is that you'll have negligible problems and no mail loss whatsoever if you are able to deploy at least one replacement receiving MTA somewhere in the world, and point your DNS at it, within a day or two of downtime. But it turns out there's one annoyance I hadn't anticipated, that's a consequence of 99% of Internet users' refusal to even try to read automatic notices correctly: I refer to DSNs. Another customary expectation established by Sendmail is that Delivery Status Notifications should start being issued to sender after outbound mail has been undeliverable for _four hours_. Naturally, this MTA default can be locally altered and is nowhere near universally followed by other MTA software packages -- but, to a first approximation, people trying to reach your domain will start getting 4xx (temporary failure) DSN advisories saying something like: 451 Please try again later foo@bar.com... Deferred: 451 Please try again later Warning: message still undelivered after 4 hours Will keep trying until message is 5 days old And do they bloody well bother to _read+ what it says? No, of course they don't. You'll start getting telephone calls and alternate-delivery messages complaining about your domain 'bouncing' the sender's mail. To many such people, any notice of delivery problems is a 'bounce', and understanding what they say is Somebody Else's Problem. -- Cheers, Rick Moen Never ask a sysadmin "What's up?" rick@linuxmafia.com McQ! (4x80)