hi,
i've started to setup a dual-exim ("edge" + "core") setup
my primary goals are:
(1) use "edge" exim to filter/reject non-legit mail @ SMTP connect
(2) minimize traffic to & between edge/core exim
(3) minimize CPU/RAM util by "edge"
(4) enusre proper response notification to original sender in smtp
chat from BOTH edge/core servers
(5) single-source smtp AUTH (dovecot) and account data
so far, i'm good with (1),(2), (3) & half of (5).
my question HERE is:
re: (4), how do I _correctly_ send content scaning rejects/notices
from "core" exim back to the original sender, NOT just back to the
"edge" exim?
to date, i've done all this in one exim server, and haven't worried
about the sequence of the transaction -- simply because i didn't have
to. now that i'm splitting tasks, that's chaged ...
my 1st thought is that since, at AV/AS content scanning, the message
is received and we're past SMTP transaction, the REJECT needs be a
mail message back to sender. but i'm not clear about the 'right'
response.
it had been suggested on this list that CALLOUTS be used. tbh, i'm
simply comfused as to what/where/how.
any/all guidance would be much appreciated!
i'll start with providing the following summmary detail -- happy to
provide anything else; just not sure what all matters, yet.
thanks!
the config is:
[NET]
|
|
-----------------------
[ROUTER/FIREWALL] "edge"
ext IP: 1.2.3.4
int IP: 127.0.0.1
10.0.0.1
10.0.0.50
freebsd 6.2R/p5 + pf
exim 4.67, from ports
-----------------------
|
|
-----------------------
[MAIL-/FILE-SERVER] "core"
IP: 127.0.0.1
10.0.0.51
osx 10.4.9
exim 4.67, from src
clamav-dev, from src
spamassassin-dev, from src
dovecot 1.0-trunk, from src
-----------------------
pf is configured to:
redirect (NAT) inbound to 1.2.3.4 port 25 -> 10.0.0.50 port 25
"edge" exim is configured:
listening on
127.0.0.1, 10.0.0.50
as a sendmail replacement for local delivery
for inbound relaying
NO outbound relaying
with active filtering in ACLs,
acl_smtp_connect
acl_smtp_helo
acl_smtp_mail
acl_smtp_mime
acl_smtp_rcpt
with NO content scanning (AS/AV)
routers for:
local_delivery
remote_smtp
"core" exim is configured:
listening on
127.0.0.1, 10.0.0.51
as a sendmail replacement for local delivery
for inbound relaying
for outbound relaying (from LAN MUAs etc)
with 'just' content scanning/filtering (AS/AV) in data ACL
routers for:
local_delivery
remote_smtp
lmtp_delivery (to dovecot)
shared auth with dovecot
