I am having trouble figuring out how to properly set up my exim server so
that it relays mail from internal servers. I have 3 servers with private
IP addresses and one server that has a private IP and public IP. I want to
use the server with the public IP to relay email for the other 3 servers
that only have private IPs. Please note that I substituted my domain with
example.com for this writeup.
The hosts are fictitiously setup like this:
host1.example.com - 192.168.5.2
host2.example.com - 192.168.5.3
host3.example.com - 192.168.5.4
relay.example.com - 192.168.5.5 (Internal) and 222.222.22.22 (Public)
On relay.example.com I set it up to listen on the private IP and send mail
through the public IP, by using this setup in exim.conf on the relay server:
local_interfaces = 127.0.0.1 : 192.168.5.5
and
remote_smtp:
driver = smtp
interface = 222.222.22.22
To allow my internal servers to connect and relay through relay.example.com,
I have configured it the relay server's exim.conf with:
hostlist relay_from_hosts = 127.0.0.1 : 192.168.5.0/24
>From what I understand this makes it so my server will only accept mail
from itself and the IP addresses on my internal network.
The problem is that when I setup it up like this, any email relayed from
the internal server fails with Sender Verify enabled, which is configured
on the relay server with:
require verify = sender
When I look in the log file I see entries like:
2013-10-22 11:03:44 H=host1 (host1.example.com) [192.168.5.2] sender verify
fail for <apache@???>: Unrouteable address
2013-10-22 11:03:44 H=host1 (host1.example.com) [192.168.5.2] F=<
apache@???> rejected RCPT <test@???>: Sender verify
failed
If I enable debugging in Exim, it shows:
8571 dnslookup router called for apache@???
8571 domain = host1.example.com
8571 DNS lookup of host1.example.com (MX) gave HOST_NOT_FOUND
8571 returning DNS_NOMATCH
8571 dnslookup router declined for apache@???
So I assume the sender verify is seeing if there are legitimate MX records
for the host1.example.com subdomain instead of example.com? Unfortunately,
as these are internal hostnames there are no mx records associated with
them.
If I use rewrite rules to convert all incoming email to strip the hostname,
then it works as its querying the MX for the main domain, which does have
valid MX records:
*@*.example.com $1@???
This method is causing issues, though, as I would prefer my failed mail to
bounce back to the original host if possible. I tried to get it to deliver
bounce backs locally on the relay server, but it was not reading the
aliases and making mailboxes for nonexistent users. I used this custom
router to achieve this:
custom_local_delivery:
driver = accept
domains = example.com
local_parts = apache : root : postmaster : mailer-daemon
transport = local_delivery
cannot_route_message = Unknown user
no_more
So with my setup and how I am restricting relaying from only specific IP
addresses, do I even need send verify on? Or is there a better way I
should be setting this up?
Any help/advice would be greatly appreciated.
Ting