Autor: Sabahattin Gucukoglu Data: Para: exim-users Assunto: Re: [exim] Receive Mail From a Secondary-MX Proxy
On 29 Aug 2021, at 13:50, Andrew C Aitchison <andrew@???> wrote: > On Wed, 25 Aug 2021, Sabahattin Gucukoglu via Exim-users wrote:
>> What about if I extent this setup so that my mailer machine only
>> makes outbound connections to the proxy host—can I still receive
>> inbound mail, through a forwarded port perhaps? SSH seems like the
>> obvious answer, but then I’d lose sender information, yes? I could
>> use an inner VPN, perhaps. But something that only carries
>> application-layer traffic would be nicer. Exim supports SOCKS, but
>> not the bind method—perhaps that would be useful.
>
> Sounds as though ETRN might be what you want.
> The "real" server connects to the secondary with SMTP, gives the command
> "ETRN" and the secondary then sends any waiting email down the connection.
>
> I've never tried this so can't say much about the pitfalls or other details
> but it appears to have been designed for dial-up mail servers.
Unfortunately ETRN is just a “remote queue start”, i.e. triggering a queue run, so the server connects back. The follow-on solution was “Authenticated TURN”, which is the traditional TURN with authentication first, i.e. does as you describe. Exim’s support for ETRN is powerful, and in combination with “batched SMTP” makes it quite possible to put together a solution for intermittent hosts, but I’m looking for a solution that simply makes the client host accessible as a server; the secondary can do a traditional backup MX role when the client isn’t connected or is down, but when it’s up, it should be reachable from the public Internet. It is also preferable that I not store a spool on a public computer, though that’s probably taking paranoia a bit far.
I think running the proxy protocol over SSH should work. I’m also looking at Postfix’s support for this using its “XCLIENT” command.