Re: [exim] Exim accepts mail for domains it's supposed to ac…

Top Page
Delete this message
Reply to this message
Author: Marc Haber
Date:  
To: exim-users
Subject: Re: [exim] Exim accepts mail for domains it's supposed to accept mail for, until we add a load balancer.
On Fri, 26 Jun 2015 11:14:40 -0700, Ernie Dunbar
<maillist@???> wrote:
>This whole segment of the ACL configuration is the default configuration
>that comes with Debian, and if these messages come in from a different
>IP address, mail delivery works just fine.


Is there something in the fine logs?

Let me re-phrase this: You have a Debian exim running as a MX server
which accepts mail from the Internet and which works fine if the MX
record points to your exim host itself. Your list of local_domains in
/etc/exim4/local_domains is in fine working order.

Then, you just let the MX record point to your load balancer, and the
exim suddenly begins to reject all messages with a "relay not
permitted" error?

I haven't done serious eximing in the the last few years, but there
used to be a config option that made exim relay automatically to any
target domain where the MX record of the domain points to an IP
address bound to the host that runs exim. I have always thought that
doing so would be a bad idea so I have never actually set this option,
and I believe that it has gone away with exim3, but the behavior you
report does fit this option. Alas, I'm gettig old and do not remember
the name. This is really embarrassing.

To explain Jeremy's comment: When your exim is accepting a message, it
does so because some ACL statement in your config file between the
lines saying "acl_check_rcpt:" and "message = relay not permitted"
tells it to accept the message. In the default config, this is only
the case if:

- the message was not received via IP
- the message is addressed to postmaster at a local domain
- the message is delivered from an IP address that your exim is
configured to relay for
- the sender authenticated before delivering the message

I cannot think of a setup that would fail in the way you're reporting,
this is really interesting.

If you want help on this mailing list, I'm afraid that you'll need to
post at least the part of your configuration between the lines saying
"acl_check_rcpt:" and "message = relay not permitted". As an exception
to my usual rule, you can also reply to me in private and I'll try
helping.

On the other hand: Why are you using a load balancer in the first
place? SMTP does have its own mechanisms to spread load between
systems that work quite well. A load balancer on the receiving end of
an MX record is really only necessary in exceptional setups, such as
when there is a vast number of MX hosts (more then twenty, thirty, I'd
say) behind the domains in question.

My educated guess is that you have somehow configured exim to accept
mail for any domain that has its MX record pointing to the host that
runs exim, which is not recommended, and this of course jumps in your
face claws forward when you point the MX away from the host running
exim.

Greetings
Marc
-- 
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber         |   " Questions are the         | Mailadresse im Header
Mannheim, Germany  |     Beginning of Wisdom "     | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834