in update-exim4.conf.conf

dc_relay_domains='@mx_secondary'

in CONFDIR/virtual a file (or directory) per domain named after the domain and in main/01_exim4-config_listmacrosdefs

-domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS
+domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS : dsearch;CONFDIR/secondary

To avoid spam processing and back-scatter the secondary mx may reject mails (temporary error) as long as the primary mail server is online. Add the following to acl/30_exim4-config_check_rcpt (right after the CHECK_RCPT_LOCAL_ACL_FILE for example):

  ## CALLOUT FOR SECONDARY MX
  ## http://blog.aptivate.org/en/blog/2009/01/28/backup-mail-exchangers/
  # if we know that the primary MX rejects this address, we should too
  deny
    domains = dsearch;MAILCONF/secondary
    ! verify = recipient/callout=30s,defer_ok
    message = Rejected by primary MX

  # detect whether the callout is failing, without causing it to
  # defer the message. only a warn verb can do this.
  warn
    domains = dsearch;MAILCONF/secondary
    set acl_m_callout_deferred = true
    verify = recipient/callout=30s
    set acl_m_callout_deferred = false

  # if the callout did not fail, and the primary mail server is not
  # refusing  mail for this address, then it's accepting it, so tell
  # our client to try again later
  defer
    domains = dsearch;MAILCONF/secondary
    ! condition = $acl_m_callout_deferred
    message = The primary MX is working, please use it

  # callout is failing, main server must be failing,
  # accept everything
  accept
    domains = dsearch;MAILCONF/secondary
    message = Accepting mail on behalf of primary MX
  ## END CALLOUT FOR SECONDARY