Re: [exim] Proxy smtp connections to multiple Exim servers b…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Jeremy Harris
Datum:  
To: exim-users
Betreff: Re: [exim] Proxy smtp connections to multiple Exim servers behind proxy
On 15/04/2023 23:31, Sebastian Arcus via Exim-users wrote:
>> you might be able to use cutthrough delivery from the front-end to the
>> real server, which might allow you to reject rather than bounce some of the time; it might even help with your SPF dilemma ?
>
> That was my intention - so that the back-end machines can verify if the recipient exists. Are you saying that when using cutthrough delivery, this doesn't add an extra header to the email message - so this way it wouldn't mess up the SPF checks on the back-end machine


No. A Received: header is always added, cutthrough or store-and-forward.

> (I was assuming that the front-end machine would add another header to the incoming email, which would make it appear to be one of the sending servers - which I then assumed would fail the SPF checks on the back-end machines)


(The original) SA presumably relies on Received: headers to get the sending IP; there's
no setting in the API being used to call it.

The RSPAMD variant call does, however - so if there were enough call for it
a feature could be added to Exim to set that from the config; that in turn
could use on the backend Exim info added to the message by private agreement with the
frontend (eg. an A-R header).

OR:
you could use the SA feadture "ignore_received_spf_header", do the SPF checks on the
frontend, and add that header to transfer the info

you could use the rspamd feature https://www.rspamd.com/doc/modules/external_relay.html

OR:
you could just run SA on the frontend

--
Cheers,
Jeremy