On Sep 05, Johann Spies wrote:
> A bit of background is necessary before I an ask the question:
>
> We have three exim servers which function as email gateways for our
> campus: maties1 (exim 4.05), maties2 (exim 4.05) and maties3 (exim
> 4.10). They are part of mail.sun.ac.za. At the moment they handle up
> to 200000 emails per day.
>
> We experience some problems with some (4 or 5) mail servers which refuse
> maties3 access. In at least one case communication with the system
> administrator on the other side confirmed that Firewall-1 was blocking
> maties3. We could so far not determine why. I suspect that in the
> other cases the cause might also be a firewall.
>
> Now my question: Is there a safe way to relay all mail to the affected
> domains from maties3 to either maties1 or maties2 to deliver it
> without the risk of creating an open relay?
If the servers you can't reach just timeout (so the mail is deferred rather
than bounced) you could use the fallback_hosts option on the smtp transport,
listing maties1 and/or maties2 (You could do this for just the domains you
know about, or all domains). Something like this:
smtp_with_fallback:
driver = smtp
fallback_hosts = maties1 : maties2
hosts_randomize
Or you could create a separate router for these domains on maties3, using
manualroute ro route them to maties1/2. Something like this:
route_awkward_domains:
driver = manualroute
domains = <domain list>
route_list = * maties1:maties2
transport = remote_smtp
hosts_randomize
If you just let all the maties servers relay mail from each other by
listing their addresses in your hostlist to relay (I think the default config
uses a hostlist called relay_hosts in the ACL) you shouldn't have any open
relay problems.
--
| Mark Hynes mark.hynes@??? |
| Service Developer http://www.uk.easynet.net/ |
| Easynet Ltd -- a part of Easynet Group plc |
