Re: [exim] Magical manualroute processing

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMWayne Cuddy at <-
Mlee at ->
Delete this message
Reply to this message
Author: Wayne Cuddy
Date:  
To: exim-users
Subject: Re: [exim] Magical manualroute processing
Dan,

Here is the routers section from my config, let me know if there is any
other info I can provide. This definitely seems to have something to do
with EXIM retrying messages to the wrong ports. After examining the
configurations on the internal MTAs I found that some of them were
configured to accept anything:( so the messages that I thought were
lost were really just accepted by the incorrect server. This leads me
to believe I need a separate IP on the firewall for each domain to which
I deliver... and the firewall guy, who is not me, is going to be a ball
buster.

Thanks,
Wayne

---
begin routers

local_aliases:
driver = redirect
allow_fail
allow_defer
domains = +local_domains
data = ${lookup{$local_part}dbmnz{ALIASES_DBMNZ}}
user = nobody
file_transport = address_file
pipe_transport = address_pipe

nonlocal_aliases:
driver = redirect
allow_fail
allow_defer
domains = ! +local_domains
data = ${lookup{$local_part@$domain}dbmnz{ALIASES_DBMNZ}}
user = nobody
file_transport = address_file
pipe_transport = address_pipe

smarthost:
driver = manualroute
domains = ${lookup{$domain}partial-dbmnz*{ROUTE_DATA_DBMNZ}{$domain}}
transport = remote_smtp
route_data = ${lookup{$domain}partial-dbmnz*{ROUTE_DATA_DBMNZ}}
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
host_find_failed = freeze
hosts_randomize

dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
mx_fail_domains = *
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more

userforward:
driver = redirect
check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
file = $home/.forward
# allow_filter
no_verify
no_expn
check_ancestor
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply


On Wed, Nov 26, 2008 at 07:40:19AM -0800, Dan_Mitton@??? wrote:
> Wayne,
>
> Can you please post what your router configuration looks like?
>
>
> 
> Sent by:        exim-users-bounces@???
> To:     exim-users@???
> cc:      (bcc: Dan Mitton/YD/RWDOE)
> Subject:        [exim] Magical manualroute processing
> LSN: Not Relevant
> User Filed as: Not a Record

>
>
> I have multiple MTAs behind a firewall. I have EXIM 4.63 on a Debian
> Linux system in a DMZ in front of the firewall. The firewall has
> specific ports which are NAT'ed to internal MTAs for unique domains.
>
> So if the firewalls interface is: 10.0.0.1 it will NAT connections like
> so:
> 
> Relayed Domains                          DMZ Interface    Internal MTAs
> dom1.com                                 10.0.0.1:1025 => 11.0.0.1:25
> dom2.com                                 10.0.0.1:1026 => 12.0.0.1:25

>
> I'm using the manualroute router, called "smarthost", in conjunction
> with a DBM file to map the relayed domains to the firewall ports. What I
> have found is that messages destined for one domain get delivered via an
> incorrect port to the wrong server, this usually winds up with a "relay
> denied" result causing the message to dropped. Sometime messages don't
> get delivered at all. I recently added a fake domain "eximfakedom.com"
> to the route_data file pointing at a port that is not listening. EXIM
> initially determines that the connection is refused, shortly thereafter
> it states that the message is completed... how can this be? See the log
> output below, I know for a fact nothing is listening on port 4000.
>
> Does it have anything to do with the '*' character after the port on the
> 4th line? Also it seems that EXIM only keep retry information associated
> with a hostname:IP address pair, is there any way to include the port
> number?
>
> 2008-11-26 02:53:48 1L5AXA-0007nD-3l <= my@???
> H=http-3.qs-va.orbcomm.net [10.203.5.26] P=smtp S=229
> 2008-11-26 02:53:48 1L5AXA-0007nD-3l 10.203.5.28 [10.203.5.28]:4000
> Connection refused
> 2008-11-26 02:53:48 1L5AXA-0007nD-3l == testuser@???
> R=smarthost T=remote_smtp defer (111): Connection refused
> 2008-11-26 02:53:48 1L5AXA-0007nD-3l => testuser@???
> R=smarthost T=remote_smtp S=239 H=10.203.5.28 [10.203.5.28]:4000* DT=0s
> 2008-11-26 02:53:48 1L5AXA-0007nD-3l Completed
>
> Any an all help is greatly appreciated!
>
> Thanks,
> Wayne
>
> --
> ## List details at http://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>
>
>

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Condition problem. SOLVED[exim] exim4 and bcc on Debian Etch->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)