Re: [exim] Compliance of firewalled outbound mail host

Jason L Tibbitts III wrote:
> I was asked why I can't route all outgoing mail through a server that
> doesn't have any Internet-facing ports open. It would connect outward
> to deliver mail and would of course have proper rDNS with MX records.
>
> Obviously rfc1413/ident wouldn't work, which I don't see is a major
> issue. I'm not sure what hosts that do callouts would do. Would they
> do callouts to the MX hosts or would they try to talk back back to the
> sending host? My reading of 39.31 in the Exim spec leads me to
> understand that Exim will try to talk to the same IP that connected to
> it, which would lead to breakage in this case. Is my understanding
> correct?
>
> - J<
>

If exim is configured to do callouts it does so by using the address provided
in the MAIL FROM: command. It is trying to make sure that there is someone,
somwhere, who will accept a bounce message if it arises.
By default, callouts are not enabled. A quick check is done to make sure the
domain exists, but that's about all (OK, so there's lots more.. but it's not
relevant).

If callout is enabled, Exim will look up the MX host for the domain provided
on MAIL FROM: and do a callout to that computer. This does not have to be the
same as the host that is connecting - it doesn't call back the IP connecting,
just the MX hosts in order.

Hope this helps,

Ted.