We had one production email server and last weekend we created two more email servers (identical zimbra) and set up MX records with our ISP with our ISP. So its like this now:
zimbra1.example.com -> MX - 10
zimbra2.example.com -> MX - 20
zimbra3.example.com -> MX - 30
Now, I know that higher the MX value, more probability for spammers to connect. Within a few hours our zimbra2 and zimbra3 started to block thousands of spam emails. The amount of spam handled in zimbra1 drastically reduced.
But because zimbra1 is our main server for authentication and SMTP, the deferred mails have increased higher. Several email messages are lying in the queue for a very long time. Error messages include "Mail transport not avaialble", "Delivery temporarily suspended" etc. Although, legitimate emails are indeed going out.
Another thing is zimbra2 and zimbra3 are relaying messages by default to zimbra1 and outside relaying to other domains is denied by default. In zimbra1's queue I see several emails with sender "mailer-daemon" and recipients are spam addresses! These emails are not going out because of obvious errors - mx servers not available, connection timed out etc.
Is there anything I am missing to understand here? Because, I have never seen these many emails lying in queue before.