[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: firewall and zmailer forwarder problem
I am going thru my mailbox for various Zmailer topics to make a condensed
release as soon as possible -- preferrably last summer, but ...
Following is speculation on how to possibly do this. I didn't actually
code and test this...
> We have the following setup here and I need some help..
> Internet <-> Firewall <-> mailhost.aec.ca
> (pandora) (sol)
> sol (the mailhost) is running zmailer and can route all mail internally
> without any problems.. (expect our msmail gateway had some initial problems..)
> However when someone sends mail to an outside host, I get the following:
> SMTP: Connecting to host: ita.lgc.com
> getmxrr(ita.lgc.com) rc=0, mxh.host=lgc.lgc.com (host=ita.lgc.com)
> 500 (connect to lgc.lgc.com [188.8.131.52]: Network is unreachable)
> smtp ita.lgc.com email@example.com 803: deferred 500 (connect to lgc.lgc.com [184.108.40.206]: Network is unreachable)
> How can I tell zmailer to send to pandora first, as this is the machine that
> must actually send the file to the internet.
> I have SMARTHOST set to pandora.aec.ca in zmailer.conf, but that does not seem to work..
> Any ideas?
There is missing a way (aside of DNS "world-hack") to define
"*.my.domain" are in my local DNS handling, the rest shall go
Umm.. A double-tier hack would be to define a static route:
and define then a rule for it into the $MAILSHARE/cf/rrouter.cf's
router_spec() which does:
sift "$address" in
tmp=$(smtp_neighbour "\2" "$address" $A) &&
# Tough, failed..
return ((($UNRESOLVABLEACTION "$address" $A)))
That way the local addresses can be resolved via DNS and the rest will
be thrown to the $SMARTHOST..
There is a complication, though.. Earlier on the rrouter.cf there is
a usage of $protocols -value, which is used to select used protocols.
As it happens, that same value is used for their initialization, and
thus in the system $MAILSHARE/router.cf there needs to be explicite:
AFTER the current "method initializer".
(And the protocols entry is to be: protocols='routes')
> Is it also possible to setup pandora.aec.ca to act as a passthrough mailhost?
> Anymail being sent to it will connect to mailhost.aec.ca for mail in aec.ca,
> try MX records for all other mail, if the MX fails, send to a smarter site
> to handle the message.
On the pandora:
$MAILSHARE/db/routes: .aec.ca smtp!mailhost.aec.ca
(Inbound is easy, outbound isn't..)
Currently the DEFERRED/HOLD processing may fail on your wish
to use some external system as a fallback when lookups fail.
( -> message goes to hold-queue )
I don't see any easy way out of it, and only the truly unknown
addresses (foobar@foobar) would go to the SMARTHOST in the first
I would not let that happen, so IMO if the pandora has global
connectivity, it is better to be the smart-host itself. Thus
a mis-addressed piece of potentially sensitive email would not
go to some outside system.
/Matti Aarnio <firstname.lastname@example.org> <email@example.com>