A long time ago, in a couple of wardrobes far far away, my friend and I decided that we would buy a domain and manage the e-mail for it ourselves.
This was good and worked well, the primary MX ran exim with spamassassin and clamav and rejected messages as they arrived, allowing for them to be rejected/bounced rather than just sorted.
The backup MX ran sendmail because the admin was too stuborn to change, and this also ran clamav, but the spam checking was done on a per-user basis to allow for checking of false positives. This was also good.
Some time later, the two servers joined together on the same physical lan and each was assigned an IP from the available netblock. This was good.
Until sometime shortly after we noticed that the backup MX was being used to talk to the primary MX to send spam (a fairly common occurence).
And now here is the problem,
The backup MX accepts the message, virus scans it and then sends it to the primary MX. The primary MX virus scans it, runs spamassassin on it and then (occasionally) rejects it during the initial transfer of the message. The secondary MX then attempts to bounce the message back to the original sender (which as we all know is most likely to be fake). This is bad.
Now the backup MX's postmaster is getting 'unable to send' reports daily as false bounces are tried to be sent.
SpamMTA -> Backup -> Primary --550--> Backup --*BOUNCE*-\
is something along the lines of how it goes now.
While i know it is possible to turn off bouncing all together this is not what I want. What I am after is a solution which will blackhole the rejects from the primary on the secondary. Either by the backup keeping its incomming connection open while it tries to relay it to the primary, or by just dropping the message in to /dev/null