Autor: Michael J. Tubby B.Sc. \(Hons\) G8TIC Datum: To: Randy Banks, exim-users Betreff: Re: [Exim] exim 3.33 not trying multiple MX records (?)
----- Original Message -----
From: "Randy Banks" <randy@???>
To: <exim-users@???>
Sent: Tuesday, November 13, 2001 5:01 PM
Subject: [Exim] exim 3.33 not trying multiple MX records (?)
> All -
>
> Many apologies for troubling you, but we have a problem which has come
> up only since our recent upgrade from version 2.05 to 3.33. In
> particular:
>
> I am trying to mail to a user in domain foo.bar which has three MX
> records, e.g. ...
>
> host foo.bar ... MX=0
> host back.up1 ... MX=10
> host back.up2 ... MX=20
>
> ... none of which are broken.
>
> In order to deliver mail to user@???, exim first tries to connect
> to foo.bar but is blocked with an error 520 "Connection not authorised
> from this address." Exim does not then proceed to connect to back.up1
> or back.up2, but gives up the ghost and returns an failed message
> report back to the sender.
>
Yes, because its a permenant error, ie. a 5xx error.
> No such problems were reported prior to our upgrade, and our (fairly
> simple) configuration file was only minimally changed by the convert4r3
> script. I have RTFM, RTVFB (very fine book) amd searched the archives
> to no avail. I have also tried explicitly setting hosts_max_try = 5,
> also to no avail.
>
> Any and all assistance would be welcome; further details can be
> supplied on request.
>
> Many TIA for your help and many apologies in advance if I've missed
> something blatantly obvious.
>
I beleive the problem is that your top MX is broken since it it returning
a 5xx class error code which is permenant, hence Exim doesn't bother
to try the rest of the MX chain.
You should look at the design/configuration of your network and decide
why you advertise an MX host that you refuse connections to!
If, as I suspect, its because you have some multi-homed machines and
want certain connections only on certain interfaces then you probably
have a different problem - that you are using a single DNS server to
represent both the "inside" and the "outside" of your network that has
different requirements/interfaces that should be advertised. If this is the
case then you should consider running two DNS servers - a public one
which only advertises publically available interfaces and a private one
which advertises the internal (and possibly external) interfaces.
Mike
> randy
>
> ----------------------
> Randy Banks (randy@???)
> ISER, University of Essex
> Colchester, Essex, UK CO4 3SQ
> tel: +44 (0)1206 873 067; fax: +44 (0)1206 873 151
>