[Vmail-discuss] Exim as Secondary MX (Solution that Worked)

[Jose de Paula Eufrasio Junior]

--=-QQBCsfqmc2/S9qKvqPQT
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On Fri, 2003-06-13 at 06:29, ODHIAMBO Washington wrote:
> * Jose de Paula Eufrasio Junior <jjunior@pib.com.br> [20030611 18:50]: wr=
ote:
> > On Wed, 2003-06-11 at 12:37, Pat Crean wrote:
> > > On Wednesday 11 June 2003 11:04, Jose de Paula Eufrasio Junior wrote:
> > > > Hello.
> > > >
> > > > I was thinking in changing some MX here to use the vmail machine as
> > > > secondary.
> > > >
> > > > What should I do? Just put the domains that I want in the relay_dom=
ains
> > > > and not in the localdomains?
> > > >
> > > > Any help is welcome ! :)
> > > >
> > > > []s
> > > > coredump
> > >=20
> > >=20
> > > The easiest way to handle it is to set "relay_domains_include_local_m=
x =3D yes". =20
> > > That way you just have to create a low priority mx record pointing to=
 your=20
> > > vmail machine and everything else happens automagically.  You do open=
=20
> > > yourself up to a potential spam attack in that a spammer could,=20
> > > theoretically, set up a dns server containing an mx record pointing t=
o you=20
> > > and then use you as an open relay.  Not too big a problem, though as =
most=20
> > > spammers aren't going to go to that extreme when there are so many op=
en=20
> > > relays available in china....
> >=20
> > Sorry, I don't made myself clear enough. It's not a secondary MX. It's =
a
> > relay. That's the full history:
> >=20
> > We have one First Class server, and it's SMTP server suc*s, no AV, bad
> > spam prevention, a whole list of problems.
> >=20
> > To remedy that, we're trying to pass the mails (smtp) by the vmail
> > machine, where exim + vmail + amavis will do the cleaning...
> >=20
> > so, what I need is that the vmail machine receives the mail for the
> > first class machine and redirect them, after all routing thru exim, to
> > the final smtp.
> >=20
> > The First Class is a separate domain, and the vmail machine handles
> > multople domains too (of course).
> >=20
> > I think that now I pictured the scneario right :)
>=20
>=20
> So the vmail machine must be PRIMARY. The highest priority mx for the dom=
ains
> must point to it. Use Stephen Marley's suggestion after doing that, so th=
at
> the vmail machine allows relaying for those domains, while also scanning =
the
> mails.

I did this, and implemented the manualroute as suggested by Stephen, but
I had to rewrite the router (the one he sent to me was complaining about
a missing "domainlist" driver. That's the one that worked:

--------
mx_secundario:
  driver =3D manualroute
  transport =3D remote_smtp
  domains =3D +relay_to_domains
  route_list =3D \
      *domain.xxx.xx  mx.domain.xxx.xx
  verify =3D false
---------

The +relay_to_domains is a list with domain.xxx.xx in it, as I have to
permit relaying to it in the ACL.

and I used route_list because it's a small list, but to larger sites
it's better to use route_data and a lsearch{} as exemplified in the Exim
Specification (manualroute section).

I put this after the amavis router, and before the dnslookup router.

Works just fine, now all email is routed clean of virus and with the ACL
and sender/receiver callout checks from exim (that keeps a LOT of SPAM
away).=20

Guy, what a program (Exim).

thanks a lot by the help

[]s
core
--=20
Jos=E9 de Paula Eufr=E1sio J=FAnior
Analista de Sistema | CPD
ProInternet do Brasil

--=-QQBCsfqmc2/S9qKvqPQT
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQA+6bLHuux+hAffZfsRAknvAJ9UPTFjUkZq/If2QBD53TrlvgLsRQCeKT6K
PGQ//0lsVdg29m3Xd8seHrc=
=Fhhk
-----END PGP SIGNATURE-----

--=-QQBCsfqmc2/S9qKvqPQT--