[Vmail-discuss] Exim as Secondary MX (Solution that Worked)
Jose de Paula Eufrasio Junior
jjunior at pib.com.br
13 Jun 2003 08:17:27 -0300
--=-QQBCsfqmc2/S9qKvqPQT
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
On Fri, 2003-06-13 at 06:29, ODHIAMBO Washington wrote:
> * Jose de Paula Eufrasio Junior <jjunior@pib.com.br> [20030611 18:50]: wr=
ote:
> > On Wed, 2003-06-11 at 12:37, Pat Crean wrote:
> > > On Wednesday 11 June 2003 11:04, Jose de Paula Eufrasio Junior wrote:
> > > > Hello.
> > > >
> > > > I was thinking in changing some MX here to use the vmail machine as
> > > > secondary.
> > > >
> > > > What should I do? Just put the domains that I want in the relay_dom=
ains
> > > > and not in the localdomains?
> > > >
> > > > Any help is welcome ! :)
> > > >
> > > > []s
> > > > coredump
> > >=20
> > >=20
> > > The easiest way to handle it is to set "relay_domains_include_local_m=
x =3D yes". =20
> > > That way you just have to create a low priority mx record pointing to=
your=20
> > > vmail machine and everything else happens automagically. You do open=
=20
> > > yourself up to a potential spam attack in that a spammer could,=20
> > > theoretically, set up a dns server containing an mx record pointing t=
o you=20
> > > and then use you as an open relay. Not too big a problem, though as =
most=20
> > > spammers aren't going to go to that extreme when there are so many op=
en=20
> > > relays available in china....
> >=20
> > Sorry, I don't made myself clear enough. It's not a secondary MX. It's =
a
> > relay. That's the full history:
> >=20
> > We have one First Class server, and it's SMTP server suc*s, no AV, bad
> > spam prevention, a whole list of problems.
> >=20
> > To remedy that, we're trying to pass the mails (smtp) by the vmail
> > machine, where exim + vmail + amavis will do the cleaning...
> >=20
> > so, what I need is that the vmail machine receives the mail for the
> > first class machine and redirect them, after all routing thru exim, to
> > the final smtp.
> >=20
> > The First Class is a separate domain, and the vmail machine handles
> > multople domains too (of course).
> >=20
> > I think that now I pictured the scneario right :)
>=20
>=20
> So the vmail machine must be PRIMARY. The highest priority mx for the dom=
ains
> must point to it. Use Stephen Marley's suggestion after doing that, so th=
at
> the vmail machine allows relaying for those domains, while also scanning =
the
> mails.
I did this, and implemented the manualroute as suggested by Stephen, but
I had to rewrite the router (the one he sent to me was complaining about
a missing "domainlist" driver. That's the one that worked:
--------
mx_secundario:
driver =3D manualroute
transport =3D remote_smtp
domains =3D +relay_to_domains
route_list =3D \
*domain.xxx.xx mx.domain.xxx.xx
verify =3D false
---------
The +relay_to_domains is a list with domain.xxx.xx in it, as I have to
permit relaying to it in the ACL.
and I used route_list because it's a small list, but to larger sites
it's better to use route_data and a lsearch{} as exemplified in the Exim
Specification (manualroute section).
I put this after the amavis router, and before the dnslookup router.
Works just fine, now all email is routed clean of virus and with the ACL
and sender/receiver callout checks from exim (that keeps a LOT of SPAM
away).=20
Guy, what a program (Exim).
thanks a lot by the help
[]s
core
--=20
Jos=E9 de Paula Eufr=E1sio J=FAnior
Analista de Sistema | CPD
ProInternet do Brasil
--=-QQBCsfqmc2/S9qKvqPQT
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQA+6bLHuux+hAffZfsRAknvAJ9UPTFjUkZq/If2QBD53TrlvgLsRQCeKT6K
PGQ//0lsVdg29m3Xd8seHrc=
=Fhhk
-----END PGP SIGNATURE-----
--=-QQBCsfqmc2/S9qKvqPQT--