Hello Phil,
Thank you for the feedback.
I am quite new to exim and the configuration thereof but from what I read it
seems that you have managed to get the gist of what needs to happen which is
that mimecast should handle sending and receiving of the emails and the
server where the domain is hosted and the dns kept should store the emails
to be downloaded and should pass outbound emails to mimecast for sending.
That being said I am guessing that point (3) is what I need to be looking at
as the domain has been setup on the hosting server to handle mail locally so
that it is not looped back to mimecast once mimecast hands off the inbound
mail.
So my question now is how do I go about the smarthost configuration since I
thought I was doing it with the 3 separate routers that I supplied in my
previous email which were either causing the emails to loop between the 2
servers for inbound and/or not routing the outbound through mimecast.
Your assistance with this is appreciated.
Sincerely,
- Robert Walker
On 2012-09-04 at 17:19 +0200, Robert Walker wrote:
> Good Day,
Wotcher.
> I am trying to setup routing for only outbound emails for a single
> domain on a shared hosting environment using exim for emails
> (obviously).
>
> The emails are to be filtered through a service called/with mimecast
> and I have managed to have the inbound emails filtered to their
> servers and then sent to the hosting server without any problems
> however I have tried the configuration I quoted below from the cpanel
> forums which created an infinite loop between mimecast and the hosting
> server causing the emails to be rejected and the outbound emails still
> was not sent via the mimecast service.
I'm going to rephrase things a little, to try to make the problem clearer.
So the fundamental point here is that Internet email federation works by
defaulting delivery to go to the hosts pointed at in DNS; any time those
hosts _then_ pass responsibility off to some other servers, those receiving
servers need to be configured to make sure that the mails are
*not* routed, by _them_, with DNS. You pass out of what "automatically
works".
In Exim terminology, such domains are normally "local_domains".
As I understand the problem here, _outbound_ mails from those servers,
authoritative for the looping domain, are to be sent via the same proxy
service. Presumably this does not _also_ apply to the domain which is
looping. If it does, then you're saying that the mails need to go out of a
machine Foo, be filtered, come back into Foo, and then be treated
differently. For that setup (which feels precarious), you'd probably want
to tag the messages with an $acl_m_<somename> variable in an ACL and then
use that as a "condition" in the routing rules.
I'll continue as though that loop is not needed.
So:
(1) Make the looping domain be in +local_domains, so it's not routed
off-machine; handle it locally.
(2) The "hosts_treat_as_local" is really for something like a hostname
mapping to a VIP on a load-balancer under your control, but could
also be used here, if you want to add an extra layer of protection.
Since you (presumably) control the DNS for your domain, you know
which hostnames will occur in the MX records, so a comment in the
zonefile noting to update this option when changing those records
might keep things from decaying. Or, just skip this. It's really
more of a "paranoia check", rather than being necessary for a
working configuration.
(3) Use a smarthost configuration for outbound mail, where the domain
does _not_ match +local_domains, rather than MX delivery. The
filtering service is assumed to be doing the MX lookups for you.
> I have also tried the following 2 pieces of code that have failed to
> have the outbound mail sent to the mimecast server to be sent out:
>
> [code]smart_route:
> driver = manualroute
> domains = !+local_domains
> transport = remote_smtp
> route_data = ${lookup{$domain}lsearch{/etc/staticroutes}}[/code]
This should work; remember that Routers are tried in order, so if there's a
previous Router which handles the address, this one might not be called.
Use "exim -bt foo@???" at the command-line to interrogate Exim about
how it intends to route the message; you can add "-d" if you want some
debugging output to explain _why_. For even more information, "-d+route" or
"-d+route+expand" or "-d+route+dns" might help for adding even more copious
amounts of text to track down what's happening.
If I've misunderstood, please explain again, differently?
Thanks,
-Phil