[Exim] dnscache and relay_domains_include_local_mx errors

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Peter Lemke
日付:  
To: exim-users
題目: [Exim] dnscache and relay_domains_include_local_mx errors
Hi,

we use relay_domains_include_local_mx setting in 3.35 exim to allow some
special routings. Yesterday, I installed dnscache from Bernstein on
these mx hosts.

Suddenly, some domains got 'relaying to ... prohibited by administrator'
from time to time.

After some investigation, I found that exim handles DNS round robins not
properly, when A records for mx hosts have to be expanded seperatly.

In contrast to dnscache, bind delivers all information in one answer to
an MX request and everything works fine, while dnscache only gives MX
names and exim has to resolve them thereafter. In this situation, the
DNS round robin of the first MX resolves properly but the second MX only
results in the first IP address when checking whether the target domain
is allowed for relaying. All other IP addresses of this host name lead
to 'relaying prohibited' errors. Possibly this bug is already fixed in
V4. I didn't check the changelogs for that as this are quite a few.


DNS:

domain1 IN MX mx1
    IN MX mx2


mx1    IN A ip1.1
    IN A ip1.2
    ...
mx2    IN A ip2.1
    IN A ip2.2
        ...


Resolving MX for domain1 when checking, wether relaying is allowed,
on mx2 with ip ip2.2 or higer leads to

DNS lookup of domain1 (MX) succeeded
DNS lookup of mx1 (A) succeeded
DNS lookup of mx2 (A) succeeded
host_find_bydns yield = HOST_FOUND (2); returned hosts:
mx1 ip1.1 10 1002
mx1 ip1.2 10 1006
mx1 ...
mx2 ip2.1 10 1033
SMTP>> 550 relaying to <info@domain1> prohibited by administrator


As workaround for us

hosts_treat_as_local = "mx1:mx2"

works fine.


Best regards

Peter


--
Peter Lemke                     mailto:lemke@schlund.de
Systemadministration
1&1 Internet AG                 http://www.einsundeins.com
Schlund+Partner AG              http://www.schlund.de
Fon: +49-721-91374-50           Fax: +49-721-91374-225