At 10:41 am +0100 2004/11/21, Stefan Brohs wrote:
>Thanks, that helps a lot in the first throw ;-)
>
>But - without reading the source code in depth - I guess it should
>be possible (and political more correct) to exim to connect to the
>IP address of the remote host instead of using the IP address of the
>forwarding router/firewall? Both addresses should be present, but
>maybe I'm wrong...
exim does connect to the ident port of the connecting host and,
unless you have a very strange router (that does reverse nat),
incoming connections should appear to originate from the incoming
host address and *not* from the router address. Rereading your
original post I think I understand that does indeed exim receive the
connection from the real external host address, so this is a normal
configuration. If not reconfigure your router!
Now, forget about rfc1413_query_timeout = 0s and instead allow
outgoing telnet connections on port 113 so that exim can resolve
ident calls (or timeout if the peer firewall is misconfigured). Also,
since you do not listen on ident on the exim internal server, either
forward 113 to your exim server or just reset incoming tcp to port
113 on the external firewall, so that peer hosts will not hang onto
that when you send out.
In short:
f
i
-----> 113 r reset tcp*
e Internal network
w
113 <----- a allow
l
l
* If your firewall does not let you set a reset tcp rule, then
forward the traffic internally and let the internal host do that.
Giuliano