Re: [Exim] When the lowest numbered MX is firewalled.

Top Page
Delete this message
Reply to this message
Author: JB
Date:  
To: ph10
CC: exim-users
Subject: Re: [Exim] When the lowest numbered MX is firewalled.
Philip,

I totally disagree. People have been using this kind
of mail delivery for ages and it's also perfectly
"legal" and correct to do so.. it may add a very small
increase in work for the sending MTA but why should
the receiver of the email ever care about this??

Wouldn't it just be as simple as adding the line:

relay_domains_include_local_mx

into your recv.mail.com Exim configuration file? Then
if the sending MTA tries to send to your primary MX
and this fails then it will send it to your second
pref MX. This will then accept the mail and try to
forward it to your first pref MX and as this is
allowed through your firewall to send it on. Now the
the job is done and who was hurt?

It can also add greater resilience and flexibility in
adding and removing servers as you can add multiple A
records relating to the server recv.mail.com.

Just because the above configuration may be classed as
"annoying" doesn't make it wrong!

-
J.


> On 30 Aug 2001, Thorkild Stray wrote:
>
> > adm.mail.com          MX      5 gw.mail.com
> > adm.mail.com          MX      10 recv.mail.com

> >
> > gw.mail.com does not allow connections directly to

itself, it is
> > firewalled. To send mail, one must send it to

recv.mail.com, which is
> > allowed to connect to the gw directly.
>
> DON'T DO THIS! Sorry for shouting, but this is

something that is
> *really* annoying. It means that every MTA in the

world that is trying
> to send to you is going to try gw.mail.com first,

and waste time and
> resources timing out, before it tries the second MX.
>
> > The problem is when this has been going on for a

while. Then the
> > "gw.mail.com" machine is blacklisted in Exim and

it is bounced with:
>
> Quite right. Sorry to be hard here, but I think this

is your problem,
> not Exim's problem.
>
> There should never be an MX in the publicly-visible

DNS for an MTA that
> cannot be accessed by everybody.
>
>
> -- 
> Philip Hazel            University of Cambridge

Computing Service,
> ph10@???      Cambridge, England. Phone:

+44 1223 334714.
>
>
> --
> ## List details at

http://www.exim.org/mailman/listinfo/exim-users Exim
details at http://www.exim.org/ ##

__________________________________________________
Do You Yahoo!?
Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger
http://im.yahoo.com