On Wed, 23 Dec 2015 01:17:47 +0000, Chris Knadle
<Chris.Knadle@???> wrote:
>Please understand that I don't suggest reading Chapter 3 lightly. If you're
>going to be administering Exim, you owe it to /yourself/ to read that
>chapter to get the basic understanding of how Exim works. I'm telling you
>this because /I/ didn't understand Exim configuration until I read that
>chapter, and after doing so a lot more of Exim's config makes sense.
To make things a bit more clear: I started using Exim in 1998. And I
still make it a habit of reading chapter 3 at least once a year, from
beginning to end. And I still learn something new from chapter 3.
Every single time.
>More specifically, the ipv4_only router you had shown:
>
> ipv4_only:
> driver = dnslookup
> domains = +ipv4_force_domains
> transport = ipv4_smtp
> ignore_target_hosts = <; 0::0/0|
>
>/ignores/ all IPv6 addresses. Therefore if the DNS MX record lookup on a
>domain your mail server is sending mail to returns no IPv4 addresses, the
>router is thus skipped and the next one is tried. /Assuming/ the ipv4_only
>router was in the configuration /before/ the dnslookup router, the dnslookup
>router would be the router most likely to match. If the ipv4_only router
>were /after/ the dnslookup router in the config, then the dnslookup router
>would match first and get used, then the mail would go out via IPv6 and get
>rejected.
I would prefer to at least try delivering a message via IPv6 if there
is no other way to try. Even if this fails, having tried is better
than not having tried at all.
>> Good. I'm confident enough in what should happen that I'm going to try to
>> implement it.
>> I'm getting ready to leave for the holidays so after the first of the year I'll
>> be able to test it.
>> I'll be able to report back if it works or doesn't. If it works this is pretty
>> simple and I may suggest that it be added to the basic Debian configuration.
>
>That likely won't be needed. Remember: the problem you're having with
>sending via IPv6 is lack of rDNS (reverse DNS, i.e. lack of PTR DNS record
>on the IPv6 IP). Lack of rDNS is a known issue for mail servers.
And a common issue for ISPs who don't understand how the Internet
works. Caused by people who went too far in fighting spam and are
fighting e-mail instead.
>You could suggest it to the maintainers of exim4 in Debian with a 'wishlist'
>bug and including a patch if you'd like -- they'll likely appreciate the
>thought and effort, but I expect they'll let you know they don't intend to
>include the patch because it's a niche issue that would normally be handled
>by getting the ISP to insert a PTR record for the IP.
I would take such a patch, since it's such a common issue. I would
also suggest adding this to the upstream default config.
>>> I think in my case none of the variables in the .ifdefs are defined, though
>>> I've added another option to avoid the SSL/TLS POODLE attack:
>>>
>>> remote_smtp:
>>> debug_print = "T: remote_smtp for $local_part@$domain"
>>> driver = smtp
>>> # Avoid SSLv3 due to POODLE attack
>>> #http://www.gossamer-threads.com/lists/exim/users/100539
>>> tls_require_ciphers = NORMAL:!VERS-SSL3.0
>>> <list of .ifdefs after this>
>>
>> I believe some of them do get defined based on the questions you answer during
>> the configurations but it's no altogether clear to me what the answers to those
>> questions do.
>
>I don't think these particular options are affected by the debconf
>questions.
They are not. They are bracketed in .ifdefs so that they can be set
from a different file without making relevant changes in the actual
file coming from the package to allow for easier updates.
Unfortunately, exim errors out on "option = MACRO" when MACRO is
undefined, so the .ifdef brackets are needed. Ugly, but needed.
>(You can see these questions again at any time by running
>'dpkg-reconfigure exim4-config' as root.) The debconf questions instead
>write to /etc/exim4/update-exim4.conf.conf and the variables set there get
>pulled into the main configuration via exim4.conf.template or the split
>configuration files (depending if you're using the split config or not).
there are also fine man pages in the package, such as man
update-exim4.conf and man update-exim4.conf.conf.
Greetings
Marc
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834
