Dan,
Here is the routers section from my config, let me know if there is any
other info I can provide. This definitely seems to have something to do
with EXIM retrying messages to the wrong ports. After examining the
configurations on the internal MTAs I found that some of them were
configured to accept anything:( so the messages that I thought were
lost were really just accepted by the incorrect server. This leads me
to believe I need a separate IP on the firewall for each domain to which
I deliver... and the firewall guy, who is not me, is going to be a ball
buster.
Thanks,
Wayne
---
begin routers
local_aliases:
driver = redirect
allow_fail
allow_defer
domains = +local_domains
data = ${lookup{$local_part}dbmnz{ALIASES_DBMNZ}}
user = nobody
file_transport = address_file
pipe_transport = address_pipe
nonlocal_aliases:
driver = redirect
allow_fail
allow_defer
domains = ! +local_domains
data = [EMAIL PROTECTED]
user = nobody
file_transport = address_file
pipe_transport = address_pipe
smarthost:
driver = manualroute
domains = ${lookup{$domain}partial-dbmnz*{ROUTE_DATA_DBMNZ}{$domain}}
transport = remote_smtp
route_data = ${lookup{$domain}partial-dbmnz*{ROUTE_DATA_DBMNZ}}
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
host_find_failed = freeze
hosts_randomize
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
mx_fail_domains = *
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
userforward:
driver = redirect
check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
file = $home/.forward
# allow_filter
no_verify
no_expn
check_ancestor
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
On Wed, Nov 26, 2008 at 07:40:19AM -0800, [EMAIL PROTECTED] wrote:
> Wayne,
>
> Can you please post what your router configuration looks like?
>
>
>
> Sent by: [EMAIL PROTECTED]
> To: [email protected]
> cc: (bcc: Dan Mitton/YD/RWDOE)
> Subject: [exim] Magical manualroute processing
> LSN: Not Relevant
> User Filed as: Not a Record
>
>
> I have multiple MTAs behind a firewall. I have EXIM 4.63 on a Debian
> Linux system in a DMZ in front of the firewall. The firewall has
> specific ports which are NAT'ed to internal MTAs for unique domains.
>
> So if the firewalls interface is: 10.0.0.1 it will NAT connections like
> so:
>
> Relayed Domains DMZ Interface Internal MTAs
> dom1.com 10.0.0.1:1025 => 11.0.0.1:25
> dom2.com 10.0.0.1:1026 => 12.0.0.1:25
>
> I'm using the manualroute router, called "smarthost", in conjunction
> with a DBM file to map the relayed domains to the firewall ports. What I
> have found is that messages destined for one domain get delivered via an
> incorrect port to the wrong server, this usually winds up with a "relay
> denied" result causing the message to dropped. Sometime messages don't
> get delivered at all. I recently added a fake domain "eximfakedom.com"
> to the route_data file pointing at a port that is not listening. EXIM
> initially determines that the connection is refused, shortly thereafter
> it states that the message is completed... how can this be? See the log
> output below, I know for a fact nothing is listening on port 4000.
>
> Does it have anything to do with the '*' character after the port on the
> 4th line? Also it seems that EXIM only keep retry information associated
> with a hostname:IP address pair, is there any way to include the port
> number?
>
> 2008-11-26 02:53:48 1L5AXA-0007nD-3l <= [EMAIL PROTECTED]
> H=http-3.qs-va.orbcomm.net [10.203.5.26] P=smtp S=229
> 2008-11-26 02:53:48 1L5AXA-0007nD-3l 10.203.5.28 [10.203.5.28]:4000
> Connection refused
> 2008-11-26 02:53:48 1L5AXA-0007nD-3l == [EMAIL PROTECTED]
> R=smarthost T=remote_smtp defer (111): Connection refused
> 2008-11-26 02:53:48 1L5AXA-0007nD-3l => [EMAIL PROTECTED]
> R=smarthost T=remote_smtp S=239 H=10.203.5.28 [10.203.5.28]:4000* DT=0s
> 2008-11-26 02:53:48 1L5AXA-0007nD-3l Completed
>
> Any an all help is greatly appreciated!
>
> Thanks,
> Wayne
>
> --
> ## List details at http://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>
>
>
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
