My organization has two separate T1 IP pipes provided by different ISP's, each configured to move traffic upstream and downstream. Each also has a public MX record in DNS: MX 1 value = 10, MX 2 value = 20. Each MX has also been listed to perform reverse DNS to avoid bouncebacks.
The idea is, if one pipe or ISP fails, the other picks up the slack, and mail still flows in both directions.
We use one robust, non-clustered Exchange 2003 Server to perform both front-end mail functions and to host mailboxes. This machine has dual identical NICs which are assigned consecutive internal class C addresses (192.168.0.5 and 192.168.0.6).
The internal addresses are NAT'ed in firewall (SonicWall Pro3060) to their public MX's. The firewall has been further configured to fail IP pipe 1 over to IP pipe 2.
The question is: What hazards am I inviting by configuring in this manner? Is pointing multiple public mail records at one front-end/back-end Exchange server a security threat? Am I overlooking some obvious no-no?
I should also note that I don't know if this topology will work in practice, because I haven't physically plugged into NIC 2 yet.