[exim] how to smtp bet 2 NAT'd LAN hosts when RFC 3330 exclu…

トップ ページ
このメッセージを削除
このメッセージに返信
著者: OpenMacNews
日付:  
To: exim-users
題目: [exim] how to smtp bet 2 NAT'd LAN hosts when RFC 3330 exclusions are in place?
hi all,


i've 2 mail servers on the same MAT'd LAN:

primary domain       listener IP     machine LAN name
_________________    ____________    ____________________
mail.domain1.com      10.0.0.1       box1.mydomain.com
mail.domain2.com      10.0.0.2       box2.mydomain.com


each server delivers mail for its resident, "local domains" w/ :

    localuser:
        driver                  = accept
        domains                 = +local_domains
        transport               = dovecot_lda


    dovecot_lda:
        driver                  = pipe
        command                 = /.../deliver \
                                  -c /.../dovecot-deliver.conf \
                                  -d $local_part@$domain
        message_prefix          = ""
        message_suffix          = ""
        delivery_date_add
        envelope_to_add
        return_path_add
        log_output
        user                    = blahblah


it works fine.


all mail from each server to external hossts uses the typical dnslookup + smtp:

    dnslookup:
        driver                  = dnslookup
        domains                 = !+local_domains
        ignore_target_hosts     = +rfc3330_hosts
        same_domain_copy_routing
        no_more
        cannot_route_message    = Invalid domain part in email address
        transport               = remote_smtp



    remote_smtp:
        driver                  = smtp
        hosts_avoid_tls         = :
        hosts_require_tls       = :
        tls_require_ciphers     = ALL:!SSLv2:!aNULL:!NULL:!EXPORT:!DES:!LOW:@STRENGTH



also OK for sending to external MX's.

but, NOTE that i've added the 'ignore_target_hosts' exclusion to the dnslookup,
avoding delivery to the typical RFC3330 hosts:

    hostlist rfc3330_hosts       = 0.0.0.0/8      :\
                                   10.0.0.0/8     :\
                                   127.0.0.0/8    :\
                                   169.254.0.0/16 :\
                                   172.16.0.0/12  :\
                                   192.0.2.0/24   :\
                                   192.168.0.0/16 :\
                                   198.18.0.0/15  :\
                                   224.0.0.0/3



this -- seemingly -- prevents the delivery from 'mail.domain1.com' to
'mail.domain2.com' using the dnslookup router.

what's the cleanest way to deal with this? i'm flailing around with
manualroutes, 'hardwiring' my lan into rfc3330_hosts, etc etc., but honestly am
a bit confused as to the 'right' approach ...

any suggestions/pointers would be appreciated at this hour ... or any other ! =)

cheers,

richard