[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [exim4] mixed up about terminology

On 10/6/2014 2:41 PM, Joe wrote:
> On Mon, 06 Oct 2014 14:06:57 -0400
> Jerry Stuckle <jstuckle@attglobal.net> wrote:
> 
> 
>>
>> That's true - but he has ONLY ONE MTA ON HIS NETWORK.  So there are no
>> other hosts to relay for.
> 
> You only need one Internet-facing MTA. It's normal for Windows hosts
> not to have an MTA at all, and it's common for MTAs on Linux hosts to
> deal only with system mail. My Linux MUAs all use the network
> smarthost, not the local machine MTA. This is absolutely necessary,
> since I send mail direct and don't use an external smarthost, but even
> if I did use a further smarthost, I want my own to log everything in
> and out of the network. My firewall expressly forbids the forwarding of
> port 25 either to or from the network hosts, everything in my network
> relays through exim4.
>>
>> dc_relay_nets is NOT there to relay for MUAs.  The MUA just connects
>> to the MTA and passes the traffic.
>>
> 
> You seem to have this idea that MUAs don't connect to MTAs by SMTP.
> That may be the case if they are both running on the same host, but
> with, as far as I know, the sole exception of of Outlook/Exchange using
> MAPI, all MUAs connect to MTAs on other hosts by SMTP. Even fetchmail
> connects to the MTA on its own host by SMTP. And if the mail is
> accepted, but doesn't have a local mailbox, it is *relayed* to the SMTP
> server which does contain its destination mailbox.
>

No, I never said MUAs don't connect via SMTP.  However, MUAs in a
properly configured system work differently than when an MTA connects to
another MTA.  For instance, MUAs typically connect on port 587 (at least
that is the recommendation), while MTAs always use port 25.
Additionally, MUAs should always be validated with signon/password, to
prevent the server from becoming an open relay.

But that does NOT make the MTA the MUA is connecting to a "relay".  At
least not according to SMTP definitions.  And dc_relay_nets is NOT
required for an MUA to connect to an MTA, if the two are properly
configured.

dc_relay_nets is used mostly by large companies with their own internal
MTA and one outside-facing MTA.  It prevents the administrator of the
outside-facing MTA from having to keep track of every internal MTA on a
potentially world-wide internal network.

> And trust me, if I don't have my networks specified in dc_relay_nets,
> the mail goes nowhere. When I started to connect in from outside using
> a routed VPN, I needed to add the VPN network block to dc_relay_nets,
> and it took me a little while to realise what the problem was.
> 
> Observation trumps theory every time.
> 

That's very interesting - because I don't have any networks specified in
any dc_relay_nets - yet my email goes out (and comes in) just fine.

Jerry
Reply to: