Having previously raised a question here and also raised a ticket with SM concerning various issues with our backup server after it was moved behind a firewall, I managed to resolve this myself by realizing that the issue of mail being stuck in the queue was due to the need to use internal IP addresses for communications between the two servers both behind the same firewall. This topic has been covered elsewhere.
However, having made that change one issue remained - also an issue that has been mentioned in these threads - that of the dreaded 'No Such User here' issue which effectively means that customers were having emails bounced because sending mail servers don't always stick to the rules and send mail to whatever MX record that suits at the time.
Anyway, what I believe we all need from a backup server is that, at the very least, it will authenticate incoming mail in two ways; 1) ensure that if you claim to be firstname.lastname@example.org you are authenticated as such against the MAIN mail server 2) Someone trying to send mail to email@example.com, having authenticated, has that email (with optional spam checking and greylisting) sent through to the main server where it can be further spam checked etc.and delivered.
The problem I had with this was that the ONLY way I can get the mail to authenticate and send through is by making this server an open relay first. Any other setting than allowing relay to 'Anyone' creates a 'No Such User Here' scenario.
Sooo. How do you achieve the correct passing through of email AND not have you mail server become an open relay.
At the moment in the Protocol Settings for SMTP IN I have 'Allow Relay For Authenticated Users' checked and also 'Enable domain's SMTP auth setting for local deliveries' as well as Relay to Anyone :-( Nothing else is checked.
In addition, I use the Smart Gateway option because when the backup server was not working for us I thought that is what would fix it. Not sure if we need this and what the real purpose is, as we worked without it for years quite happily.
Bottom line is this:
Can someone confirm whether we have configured our Backup server (which is really secondary MX due to many mail servers not sticking to the rules) correctly so that it sends through email only to accounts on the main server and will queue email when main server is down (the only reason we really need one) and block everything else. I believe this is happening at the moment but I would like to hear from others and experts who can confirm this is the optimum way.