On 2012-09-04 at 17:19 +0200, Robert Walker wrote:
> Good Day,
Wotcher.
> I am trying to setup routing for only outbound emails for a single
> domain on a shared hosting environment using exim for emails
> (obviously).
>
> The emails are to be filtered through a service called/with mimecast
> and I have managed to have the inbound emails filtered to their
> servers and then sent to the hosting server without any problems
> however I have tried the configuration I quoted below from the cpanel
> forums which created an infinite loop between mimecast and the hosting
> server causing the emails to be rejected and the outbound emails still
> was not sent via the mimecast service.
I'm going to rephrase things a little, to try to make the problem
clearer.
So the fundamental point here is that Internet email federation works by
defaulting delivery to go to the hosts pointed at in DNS; any time those
hosts _then_ pass responsibility off to some other servers, those
receiving servers need to be configured to make sure that the mails are
*not* routed, by _them_, with DNS. You pass out of what "automatically
works".
In Exim terminology, such domains are normally "local_domains".
As I understand the problem here, _outbound_ mails from those servers,
authoritative for the looping domain, are to be sent via the same proxy
service. Presumably this does not _also_ apply to the domain which is
looping. If it does, then you're saying that the mails need to go out
of a machine Foo, be filtered, come back into Foo, and then be treated
differently. For that setup (which feels precarious), you'd probably
want to tag the messages with an $acl_m_<somename> variable in an ACL
and then use that as a "condition" in the routing rules.
I'll continue as though that loop is not needed.
So:
(1) Make the looping domain be in +local_domains, so it's not routed
off-machine; handle it locally.
(2) The "hosts_treat_as_local" is really for something like a hostname
mapping to a VIP on a load-balancer under your control, but could
also be used here, if you want to add an extra layer of protection.
Since you (presumably) control the DNS for your domain, you know
which hostnames will occur in the MX records, so a comment in the
zonefile noting to update this option when changing those records
might keep things from decaying. Or, just skip this. It's really
more of a "paranoia check", rather than being necessary for a
working configuration.
(3) Use a smarthost configuration for outbound mail, where the domain
does _not_ match +local_domains, rather than MX delivery. The
filtering service is assumed to be doing the MX lookups for you.
> I have also tried the following 2 pieces of code that have failed to
> have the outbound mail sent to the mimecast server to be sent out:
>
> [code]smart_route:
> driver = manualroute
> domains = !+local_domains
> transport = remote_smtp
> route_data = ${lookup{$domain}lsearch{/etc/staticroutes}}[/code]
This should work; remember that Routers are tried in order, so if
there's a previous Router which handles the address, this one might not
be called. Use "exim -bt foo@???" at the command-line to
interrogate Exim about how it intends to route the message; you can add
"-d" if you want some debugging output to explain _why_. For even more
information, "-d+route" or "-d+route+expand" or "-d+route+dns" might
help for adding even more copious amounts of text to track down what's
happening.
If I've misunderstood, please explain again, differently?
Thanks,
-Phil