RE: [Exim] MX record problem

Top Page
Delete this message
Reply to this message
Author: Robert MacPhail
Date:  
To: Tim Jackson, exim-users
Subject: RE: [Exim] MX record problem
Great, it worked. Thanks a lot for your time.

-Rob

-----Original Message-----
From: Tim Jackson [mailto:tim@timj.co.uk]
Sent: Thursday, June 10, 2004 4:19 PM
To: Robert MacPhail
Subject: Re: [Exim] MX record problem


Hi Robert, on Thu, 10 Jun 2004 14:34:21 -0400 you wrote:

> Ohh, ok. The domain is pwgsc.gc.ca. I am also not receiving mail.


It'd be better if you kept replies on-list unless you specifically want to
keep this confidential (and if you do, please mention it), then others can
help/learn.

> dnslookup router called for robert.macphail@???
> domain = pwgsc.gc.ca


Right, so the problem isn't actually with all external domains, or even
with an "external" domain at all - it's the domain of the organisation you
work for/with, which you omitted to mention! Even though you havn't got
pwgsc.gc.ca in your local_domains list, it isn't coincidence that this is
the (only) domain you're having problems with.

Here's the key:

> DNS lookup of pwgsc.gc.ca (MX) succeeded
> 10.20.19.137 in "0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :172.16.0.0/12 :
> 10.0.0.0/8 : 169.254.0.0/16"? yes (matched "10.0.0.0/8") ignored host
> mh-ncr-010.ncr.pwgsc.gc.ca [10.20.19.137]



OK, what this means is that Exim looked up the MX records for pwgsc.gc.ca
and found as the first host "mh-ncr-010.ncr.pwgsc.gc.ca", which has an IP
address of 10.20.19.137. You have (as per default) an ignore_target_hosts
option in your Exim config which includes the address range 10.0.0.0/8.
What this means is that Exim ignores any hosts with IP addresses in that
range. This is correct, because 10.0.0.0/8 is a reserved range for
internal IP addresses and therefore on the public Internet, they are not
routeable. A similar thing happened with the second MX host:

> 10.20.19.166 in "0.0.0.0 :
> 127.0.0.0/8 : 192.168.0.0/16 :172.16.0.0/12 : 10.0.0.0/8 :
> 169.254.0.0/16"? yes (matched "10.0.0.0/8") ignored host
> mh-ncr-011.ncr.pwgsc.gc.ca [10.20.19.166]


The second host was mh-ncr-011.ncr.pwgsc.gc.ca with an IP address of
10.20.19.166, again in the reserved internal 10.0.0.0/8 range.

Consquently, Exim (rightly) says that "all relevant MX records point to
non-existent hosts" as it is ignoring the two hosts which do exist as they
have "invalid" IP addresses.

In reality, nothing is actually wrong: what's happened is that you have a
"split horizon" DNS setup, which means because you are within the
pwgsc.gc.ca network, the DNS lookups for your own domain return different
things to what outsiders get. In this case, the records for that domain
are set to point to *internal* IP addresses. Compare what you are getting
as the MX results:

mh-ncr-010.ncr.pwgsc.gc.ca : 10.20.19.137
mh-ncr-011.ncr.pwgsc.gc.ca : 10.20.19.166

with what I am getting, as an outsider:

# host -tmx pwgsc.gc.ca
pwgsc.gc.ca mail is handled by 5 v-humpty.pwgsc.gc.ca.
pwgsc.gc.ca mail is handled by 5 v-orr.pwgsc.gc.ca.

v-humpty.pwgsc.gc.ca has address 198.103.167.52

v-orr.pwgsc.gc.ca has address 198.103.167.51


So, all you need to do is remove "10.0.0.0/8" from your
ignore_target_hosts list, because in your case this range *is* valid.

(What you have to bear in mind is that Exim is configured by default in an
appropriate way for a public server, not one on an intranet like yours
is).


Hope that helps,


Tim