Re: [exim] Using hubbed router without the smarthost

Top Page
Delete this message
Reply to this message
Author: W B Hacker
Date:  
To: exim users
Subject: Re: [exim] Using hubbed router without the smarthost
Bo Granlund wrote:
> Hi,
>
> I'm in the process of replacing a server running Postfix with Exim, due to  
> obvious reasons. Now I have in principle the following configuration:
> - smtp-in machine accepts in connections to port 25, runs greylistd, and
>   then forwards the messages forward to a machine. I'm not 100% sure how
>   this was accomplished, and the machine is not in my appartment at the
>   moment, but it was the hubbed.hosts or hubbed_hosts for the hubbed
>   router definition. Anyways, the file has a number of domains, and a 
>   smtp server for each domain to send the mail to. This machine cannot
>   connect to port 25 outside on the internet.
> - mailserver is a machine running Exim, that receives in practice all the
>   hubbed mail from the smtp-in machine, for all domains. This machine
>   delivers the mail to the local machine.
> - smtp-out is a machine running Exim, which can make connections outbound
>   to port 25, so it can send mail to the outside world.
> So, my dilemma is this, which I would really appreciate an answer for, how
> can I convince the smtp-in machine to send the hubbed router stuff _first_,     
> and if something goes wrong, a bounce is sent back to the sender via the
> smtp-out machine, which acts as a smart host for smtp-in and mailserver?
> I think that if I do use the smarthost feature without the hubbed router,
> I will end up in a situation, where the mail starts to just circulate
> between the smtp-in and smtp-out machines, because smtp-in is MX for the
> domains, and smtp-out will obviously send there the mail without thinking
> anything about it.

>
> So, is it possible to force Exim to first act on the hubbed router, and
> deliver mail straight to a given smtp server, with a direct connection
> to the port 25, and then if the hubbed router fails, it resorts back to
> using smtp-out as the smart host for sending mail? If this is possible,
> how would I go ahead and configure it?
>
> I'm new to this list, and I'm really sorry if I asked a FAQ, but google
> hasn't told me essentially nothing for 2 hours.
>
> Thank you,
> Bo Granlund
>


What Exim tries first is easily set with the sequential order of its
router-transport sets. 'conditonals can be created that alter that
normal order.

But...

From what you have furnished, it looks as if you have the sort of
'legacy' setup that is no longer even Best Current Practice for
Postfix-as-it-has-become - let alone Exim. That could be why you've
found so little like it.

If you have fewer than several tens of thousands of messages per day, it
might be more productive to analyze what you have available in the way
of public-facing IP, control over DNS entries (especially MX and PTR RR)
internal LAN nneds, firewalls, et al in the environment, and look for a
new, simpler, one or two box solution.

I.E. - what do you actually need to accomplish, not how to duplicate &
modify that rig.

I'd do it with one Exim box, possibly a twin in load-balanced
hot-standby. Others might use a single Exim primary with an Exim
fallback MX - both near-as-dammit identically configured, and with
access to the same userbase info.

If a separation between incoming and outgoing MTA is desired, Exim can
even do that on a single box - separate distrbution (or the same effect)
included.

And if this design IS driven by massive load, then several boxes
splitting the load in a pool, rather than passing it around, 'Tinker to
Evers to Chance', may still be better.

Any of the simpler approaches makes it dead-easy to keep any rejection
and delivery failure notification 'in session' so you run less risk of
generating post-session bounces to possibly forged sources.

Doing ANY filtering 'post-smtp-session' is less efficient, as you have
to take the message on-board before you analyze it, wasting time,
storage space, machine cycles, and bandwidth as well as risking bounces
to the wrong parties.

JM2CW, but I'd suggest that with modern hardware, a clean start will
serve you better and take better advantage of Exim's in-session
filtering strengths.

Bill