Re: [exim] Unroutable address?

Top Page
Delete this message
Reply to this message
Author: Robert Lister
Date:  
To: Léon Dignòn
CC: exim-users
Subject: Re: [exim] Unroutable address?
On Fri, Oct 14 at 12:30:21 PM, Léon Dignòn wrote:
> Dear subscribers,
>
> I installed exim4 on Debian 6 and used dpkg-reconfigure to choose the
> configuration "internet site; mail is send and received directly usind
> SMTP". Although my server has the hostname mydomain.com, it is not the
> primary mail server for @mydomain.com. Unfortunately my server acts as
> the final destination for @mydomain.com. Thus sending an email to
> something@???, where something is not a user on my server,
> will not work because of an unrouteable address. Instead my mail
> server should look for the mx entries via DNS.


I probably cannot tell you exactly how to do this with the Debian
specific configuration, but I can give you some hints how to do this
with exim's standard configuration format.

If I understand correctly, you want to accept messages for mydomain.com,
and if this mailbox does not exist on your host, forward it to the real
mail server for the domain, which will hopefully know about that user.

(What you will have to be careful with here is the possibility of mail
loops where the real server sends it to you, and you don't know either,
and send it back to him!)

What you need is a router config that only accepts messages if the
mailbox exists, and if not, passes it on to another router that knows
how to deliver it.

Debian does things by scattering the config about in various
directories, and then including all the fragments of config when it
builds the exim conf file. I just use the regular /etc/exim4/exim4.conf
file, which, if it exists, the debian-exim conf will use instead.
(My exim.conf already existed on a non-debian machine before I moved
to using Debian!)

You may have to read up on how to add routers in the correct order in
the Debian way of doing things - I think you have to add the routers in
a sequenced order in /etc/exim4/conf.d/router or some such, and then
rebuild the conf. (execute update-exim4.conf)

Anyway!


ROUTERS section:

(Note that order IS important. Put other stuff such as any
/etc/aliases lookups before this!)

# This router matches LOCAL user mailboxes.
# It only delivers here if the user has a mailbox on this host.
# Otherwise, messages will get delivered to the mail server where the
# user's actual mailbox lives.

# (This checks for a mailbox file that exists /var/mail/<youruser>, but
# you could check for some other file, for example.

localuser:
driver = accept
check_local_user

domains = mydomain.com

# (or some variable containing domains: example
# domains = +local_domains

require_files = /var/mail/${local_part}
transport = local_delivery

# If you want to route to a specific host that may not be in the
# MX records, (for example we are the MX record but we want to
# forward mail not for me to another machine...)
# (Otherwise exim will complain that it is the lowest MX but
# we haven't accepted the mail!

smartroute:
  driver = manualroute
  transport = remote_smtp
  # regular exim.conf uses qualify_domain, yours may be different...
  domains = ${qualify_domain}
  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
  route_list = "mydomain.com         otherserver.mydomain.com  bydns"
  no_more



# Otherwise you can deliver in the usual way (remove ! +local_domains
# and replace with *


# deliver everything else via MX lookup:
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more



What I also do BEFORE localuser: is this:


not_local:
driver = redirect
domains = EQUIVALENT_DOMAINS
data = ${local_part}@${qualify_domain}
no_verify


(At the top of my exim.conf I set up this variable EQUIVALENT_DOMAINS)

EQUIVALENT_DOMAINS = localhost:localhost.localdomain:machine:machine.mydomain.com

What this does is to reformat:

"fred@machine"
"fred@???"

to

"fred@???"

So that a local delivery does not occur on this machine but it gets sent
to the right place. (fred@??? is equivalent to
fred@???)


If you ARE going to be in the MX list for the domain, then I would
investigate proper ACL checking for RCPT TO:<> so that you reject at
SMTP time, any invalid recipients, combined with (recipient) callout
checking to the real host (or some other method of verifying users exist)
so that you do not end up accepting spam on your secondary MX that you
cannot then deliver, and end up "bouncing" backscatter to a bogus address
or an innocent party when your real mail host bounces the message.

Unfortunately spammers target secondary MX boxes, and so I stopped
bothering with two live MXs some time ago as unless the secondary
MX can also verify the mailboxes, it just clogs up with
undeliverable messages. (My current MX records list two, but I only have
the secondary there for emergencies!)

google for something like:

exim callout recipient secondary MX

I guess it looks something like:
http://davidoffdotnet.net/?p=8

(*Sender* callouts are considered a bad idea by many these days, as it
means you make a connection to some innocent server to verify spam!)

But, I have another config where the secondary MX does *recipient*
callout verification to their own mail server internally.)

Hope this is of some use!


Rob



-- 
Robert Lister  - email/sip:  robl@???      -    http://www.lentil.org
                                                       tel: 020 7043 7996