On Sun, Mar 09, 2003 at 09:03:03AM -0500, Hal Klingsporn wrote: | Mail to/from users on the local net are handled by a mail (exim) server | inside the firewall. This works very well. The only issue is getting | machine generated mail from the fw to the internal mail server. | Disabling local delivery (local to the firewall) forces exim on the | firewall to look for the appropriate mail server. After reading this a couple of times, I now understand your topology and the problem you are having. First, the term "the firewall" generally refers to the netfilter rules active in the kernel. Here you are not dealing with a firewall, but rather a /machine/ which happens to be responsible for the firewall separating your LAN from the Internet. For those who don't get it yet, here's the situation : ------ ------------ ---------- |Inet|----| gateway |-----| mail | ------ |(firewall)| | server | | machine | | machine| ------------ ---------- The network has a single public IP address which the MX record for the domain refers to. The gateway forwards incoming TCP connections on port 25 to the mail server machine where mail is handled as desired. The gateway system could generate mail (eg from cron), and Hal wants to receive it in the same manner he receives other mail, on the mail server machine. Here's where the problem begins. First of all, exim on the gateway machine knows it is not "example.com". So to make the delivery, it does an MX lookup for "example.com" and determines that the IP address of the machine responsible for example.com mail is its own IP address. In a normal setup that would result in a mail loop with exim connecting to itself for delivery. Hence the sanity check to avoid doing that. The misconfiguration is in exim. There are two solutions that come to mind : 1) set up a DNS server on your LAN so that when the gateway machine asks who the MX for the domain is it is told to use the internal machine 2) change exim's router so it bypasses the MX lookup using a manually configured route instead Vineet provided the router configuration for solution #2 in one of his messages. HTH, -D -- There are 10 types of people in the world: those who understand binary, and those who do not. http://dman.ddts.net/~dman/
Attachment:
pgphxyGdLced8.pgp
Description: PGP signature