Re: [Exim] how to configure HELO/EHLO and DNS for multi-home…

Top Page
Delete this message
Reply to this message
Author: Exim Users Mailing List
Date:  
To: Andrew - Supernews
CC: Exim Users Mailing List
Old-Topics: Re: [Exim] sender verify vs. broken mailer configs, again.
Subject: Re: [Exim] how to configure HELO/EHLO and DNS for multi-homed hosts
[ On , June 27, 2003 at 11:24:04 (+0100), Andrew - Supernews wrote: ]
> Subject: Re: [Exim] sender verify vs. broken mailer configs, again.
>
> trinity.supernews.net (which HELOs as trinity.supernews.net, because
> that is its principal hostname) is on two networks for the purposes of
> redundancy; it has two IPs, 216.168.1.22 and 216.168.2.22. Which one
> gets used for an outgoing connection depends on whether the network
> happens to be broken at the time and if so, in what way. (generally
> it's 216.168.1.22 that gets used.)


You don't seem to understand the meaning of "principal host domain name"
as it is interpreted for RFC 1123 Section 5.2.5. This is odd because
that very same section gives you this definition in these plain words:

    The HELO receiver MAY verify that the HELO parameter really
    corresponds to the IP address of the sender.


I.e. the principal host domain name that "MUST" be used when an SMTP
client identifies itself with a HELO/EHLO command is one which the
receiving-SMTP can resolve to an A record which matches the client
connection source address.

Note that a host domain name may resolve to multiple A records but it is
only necessary that one of them match. Indeed this is the way you must
configure your DNS if you are using a multi-homed host (i.e. a host
which might originate connections from multiple source addresses).

> Now, the rDNS for those two IPs is different so that they can be
> distinguished where necessary (it is quite normal practice to
> distinguish the rDNS names for multiple interfaces on a host):
>
> 216.168.1.22 is trinity.ranger.supernews.net
> 216.168.2.22 is trinity.delta.supernews.net


This is all fine and good. However should you choose to do the right
thing and define a third name that your mailer can use regardless of
which source address is assigned to its connection then you'll need to
add two more PTRs, one for each address, each of which point to the new
third name. Let us say, for example, the new third name you choose is
"smtpout.supernews.net" then you would add these records to your DNS:

    smtpout.supernews.net        A    216.168.1.22
    smtpout.supernews.net        A    216.168.2.22


    22.1.168.216.in-addr.arpa       PTR     smtpout.supernews.net
    22.2.168.216.in-addr.arpa       PTR     smtpout.supernews.net


You would then configure your mailer to use the principal name
"smtpout.supernews.net" for all HELO commands.

Then all would be correct and complete, both for Reverse DNS and for SMTP.

This is the way the DNS was designed to be used for multi-homed hosts.

--
                                Greg A. Woods


+1 416 218-0098;            <g.a.woods@???>;           <woods@???>
Planix, Inc. <woods@???>; VE3TCP; Secrets of the Weird <woods@???>