Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. exim>
  3. users
Behaviour I would not expect on callout
xander at harkness
Jul 4, 2002, 7:32 AM
Post #1 of 5 (607 views)
Permalink
I have call out set on a mail server that handles a small amount of mail
and it works in a method that I would not expect.

I am using the server to relay mail and it is set to do a callout on all
incoming mail.

I have a rewrite rule in a host that sends mail to me.

The rewrite rule is:

root@wks.harkness.co.uk root-wks@harkness.co.uk


The server it is trying to relay through does a callout to the adsl line
that wks.harkness.co.uk is connecting from (where all incoming ports are
firewalled), rather than trying to do a callout to the mx record that
would serve harkness.co.uk. It obviously fails and rejects the mail.

Am I missing something or is it designed like this. How would I enable
an mx look up rather than sending host?

Kind regards
Xander
Re: Behaviour I would not expect on callout [ In reply to ]
ph10 at cus
Jul 4, 2002, 8:05 AM
Post #2 of 5 (601 views)
Permalink
On Thu, 4 Jul 2002, Xander D Harkness wrote:

> I have a rewrite rule in a host that sends mail to me.
>
> The rewrite rule is:
>
> root@wks.harkness.co.uk root-wks@harkness.co.uk
>
> The server it is trying to relay through does a callout to the adsl line
> that wks.harkness.co.uk is connecting from (where all incoming ports are
> firewalled), rather than trying to do a callout to the mx record that
> would serve harkness.co.uk. It obviously fails and rejects the mail.

The ACL is run before the address is rewritten by normal rewriting
rules. Consequently, it is verifying root@wks.harkness.co.uk, not
root-wks@harkness.co.uk. I presume that wks.harkness.co.uk routes to
that ADSL line.

> Am I missing something or is it designed like this. How would I enable
> an mx look up rather than sending host?

You have a choice!

1. Use SMTP-time rewriting. That gets done as soon as the SMTP command
is received, before the ACL is run. Add an S flag to your rule. If you
want the same rule for headers, etc, add other flags as well, because S
on its own suppresses the other flags.

2. Set up a router, with verify_only if necessary, that routes
wks.harkness.co.uk appropriately.


Hmm. Looking at the DNS, I find

wks.harkness.co.uk. MX 10 relay1.harkness.co.uk.

so maybe my assumptions above are wrong. What is supposed to happen is
that the callout is done to the same host, and using the same interface,
that a message sent to that address would use. What output do you get
for

exim -bvs root@wks.harkness.co.uk

? That should tell you how it routed it. (Add -d for debugging info.)

--
Philip Hazel University of Cambridge Computing Service,
ph10@cus.cam.ac.uk Cambridge, England. Phone: +44 1223 334714.
Re: Behaviour I would not expect on callout [ In reply to ]
xander at harkness
Jul 4, 2002, 8:58 AM
Post #3 of 5 (606 views)
Permalink
Philip Hazel wrote:

>On Thu, 4 Jul 2002, Xander D Harkness wrote:
>
>
>
>>I have a rewrite rule in a host that sends mail to me.
>>
>>The rewrite rule is:
>>
>>root@wks.harkness.co.uk root-wks@harkness.co.uk
>>
>>The server it is trying to relay through does a callout to the adsl line
>>that wks.harkness.co.uk is connecting from (where all incoming ports are
>>firewalled), rather than trying to do a callout to the mx record that
>>would serve harkness.co.uk. It obviously fails and rejects the mail.
>>
>>
>
>The ACL is run before the address is rewritten by normal rewriting
>rules. Consequently, it is verifying root@wks.harkness.co.uk, not
>root-wks@harkness.co.uk. I presume that wks.harkness.co.uk routes to
>that ADSL line.
>
>
My apologies, I do not think I was clear. The re-writing is done on
wks.harkness.co.uk. The sender and header lines
are rewritten before being sent to the relay box. It is the relay box
relay2.harkness.co.uk that is doing a callout to
wks.harkness.co.uk. having received a mail from wks-root@harkness.co.uk.

It should not be looking for wks.harkness.co.uk and the adsl line is not
in any mx anywhere so I am guessing that
it is trying the incoming IP if it cannot find the domain under dns/mx.


>_exim -bvs root@wks.harkness.co.uk_
>
>? That should tell you how it routed it. (Add -d for debugging info.)
>
>
That was helpful as it advised that relay2.harkness.co.uk could not
resolve mx for wks.harkness.co.uk

....and now after struggling with it for a couple of hours I cannot get
it to repeat the error!

Kind regards
Xander

>
>
Re: Behaviour I would not expect on callout [ In reply to ]
djc at microwave
Jul 4, 2002, 2:43 PM
Post #4 of 5 (603 views)
Permalink
On Thu, 4 Jul 2002, Philip Hazel wrote:

> On Thu, 4 Jul 2002, Xander D Harkness wrote:
>
> > I have a rewrite rule in a host that sends mail to me.
> >
> > The rewrite rule is:
> >
> > root@wks.harkness.co.uk root-wks@harkness.co.uk
> >
> > The server it is trying to relay through does a callout to the adsl line
> > that wks.harkness.co.uk is connecting from (where all incoming ports are
> > firewalled), rather than trying to do a callout to the mx record that
> > would serve harkness.co.uk. It obviously fails and rejects the mail.
>
> The ACL is run before the address is rewritten by normal rewriting
> rules. Consequently, it is verifying root@wks.harkness.co.uk, not
> root-wks@harkness.co.uk. I presume that wks.harkness.co.uk routes to
> that ADSL line.
>
> > Am I missing something or is it designed like this. How would I enable
> > an mx look up rather than sending host?
>
> You have a choice!

I'm confused - I was under the impression that exim would always use do
MX processing on the address it was verifying, and not specifically make
calls back to the sender-smtp (unless the MX processing directed it
there)

>
> 1. Use SMTP-time rewriting. That gets done as soon as the SMTP command
> is received, before the ACL is run. Add an S flag to your rule. If you
> want the same rule for headers, etc, add other flags as well, because S
> on its own suppresses the other flags.
>
> 2. Set up a router, with verify_only if necessary, that routes
> wks.harkness.co.uk appropriately.
>
>
> Hmm. Looking at the DNS, I find
>
> wks.harkness.co.uk. MX 10 relay1.harkness.co.uk.
>
> so maybe my assumptions above are wrong. What is supposed to happen is
> that the callout is done to the same host, and using the same interface,
> that a message sent to that address would use. What output do you get
> for
>
> exim -bvs root@wks.harkness.co.uk
>
> ? That should tell you how it routed it. (Add -d for debugging info.)
>
> --
> Philip Hazel University of Cambridge Computing Service,
> ph10@cus.cam.ac.uk Cambridge, England. Phone: +44 1223 334714.
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
>
Re: Behaviour I would not expect on callout [ In reply to ]
ph10 at cus
Jul 7, 2002, 1:02 PM
Post #5 of 5 (601 views)
Permalink
On Thu, 4 Jul 2002, Dave C. wrote:

> I'm confused - I was under the impression that exim would always use do
> MX processing on the address it was verifying, and not specifically make
> calls back to the sender-smtp (unless the MX processing directed it
> there)

Correct. Well, almost. Exim routes the address it is verifying (this
_may_ involve MX processing, but it depends on your configuration). It
then makes callouts (if so configured) to the hosts to which the address
routes, if there are any. These may or may not include the sending host.

--
Philip Hazel University of Cambridge Computing Service,
ph10@cus.cam.ac.uk Cambridge, England. Phone: +44 1223 334714.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal