Hi , I have question about best way to set multiple EXIm servers behind F5.
*EXIM Setup:* - 4 EXIM 4.80.1 servers. - All mail relay clients are redhat linux , I use mailx command for testing relay from clients specified in "hostlist" on exim.conf - Have valid cert installed on each server on each server and defined in tls_certificate , tls_privateke - When I test I use command below: >>mailx -s "Test mail" -S "smtp=exim1.domain.com" -S smtp-use-starttls -S nss-config-dir="/etc/pki/nssdb/" [email protected] < /root/eximtest - I created F5 VIP eximvip.domain.com that round robin to the 4 EXIM servers behind , installed cert for eximvip.domain.com on f5. q1: What is the best way to have this setup working ( F5 VIP on front end with 4 exim server behind). My mailx command connects to eximvip.domain.com but gets back any on of the 4 exim servers ( exim1, exim2,exim3,exim4). It errors out because of cert mismatch between what mailx tries to connect to "exmivip" against what it gets back ( exim1, exim2,exim3,exim4). q2: I am not clear on which ports are being used with client TLS. Is it 25 or 587 or 465. q3: Is starttls on client the recommended way from client side or there is better way to secure communication between mail relay clients and EXIM servers. Your feedback is highly appreciated. Tom Command used with F5 VIP >>mailx -s "Test mail" -S "smtp=eximvip.domain.com" -S smtp-use-starttls -S nss-config-dir="/etc/pki/nssdb/" [email protected] < /root/eximtest snippet from error 250-exim2.domain.com Hello qa.domain.com [10.20.30.40] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-STARTTLS 250 HELP >>> STARTTLS 220 TLS go ahead Comparing DNS name: "eximvip.domain.com" Continue (y/n)? "/root/dead.letter" 11/375 . . . message not sent -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
