Hi,
we use relay_domains_include_local_mx setting in 3.35 exim to allow some
special routings. Yesterday, I installed dnscache from Bernstein on
these mx hosts.
Suddenly, some domains got 'relaying to ... prohibited by administrator'
from time to time.
After some investigation, I found that exim handles DNS round robins not
properly, when A records for mx hosts have to be expanded seperatly.
In contrast to dnscache, bind delivers all information in one answer to
an MX request and everything works fine, while dnscache only gives MX
names and exim has to resolve them thereafter. In this situation, the
DNS round robin of the first MX resolves properly but the second MX only
results in the first IP address when checking whether the target domain
is allowed for relaying. All other IP addresses of this host name lead
to 'relaying prohibited' errors. Possibly this bug is already fixed in
V4. I didn't check the changelogs for that as this are quite a few.
DNS:
domain1 IN MX mx1
IN MX mx2
mx1 IN A ip1.1
IN A ip1.2
...
mx2 IN A ip2.1
IN A ip2.2
...
Resolving MX for domain1 when checking, wether relaying is allowed,
on mx2 with ip ip2.2 or higer leads to
DNS lookup of domain1 (MX) succeeded
DNS lookup of mx1 (A) succeeded
DNS lookup of mx2 (A) succeeded
host_find_bydns yield = HOST_FOUND (2); returned hosts:
mx1 ip1.1 10 1002
mx1 ip1.2 10 1006
mx1 ...
mx2 ip2.1 10 1033
SMTP>> 550 relaying to <info@domain1> prohibited by administrator
As workaround for us
hosts_treat_as_local = "mx1:mx2"
works fine.
Best regards
Peter
--
Peter Lemke mailto:lemke@schlund.de
Systemadministration
1&1 Internet AG http://www.einsundeins.com
Schlund+Partner AG http://www.schlund.de
Fon: +49-721-91374-50 Fax: +49-721-91374-225