Exim: How to hide the connection of one server and several domains
Customers asked me to add more domains to their Exim mail server, but on the condition that no link was found between their main domain and each next domain.
Naturally, the reverse entry in DNS does not change for each domain personally. I found the only way to require additional ISPs from the provider. (Ay-yay-yay! How bad! I know, in such a difficult time, such sloppiness!). But the provider, as it turned out, easily added another network, no problem.
Addresses received, you can proceed.
')
What do you need? Create PTR records for each IP address. It's clear. The network is not served by me, so the provider sent a request. Naturally, it was necessary for each pair of ip-domain to create a dissimilar domain so that when searching there was no noticeable tendency or handwriting of one admin.
Created a pair of PTR records:
Exim has the smtp_active_hostname parameter, which is used in many places in the config file. In particular, in Received: headers.
To determine this parameter in accordance with the ip-domain pair, I created this structure in the Exim config:
The hostname_incoming_ip file looks like this:
Thus, the value of smtp_active_hostname in Exim became mail.domain1.ru, if the value of the received_ip_address variable was 10.2.3.4, if the address was not mentioned in the file, then the value of the variable smtp_active_hostname became equal to primary_hostname.
To send an outgoing letter, you need to specify the correct src-ip, which would be associated with its domain in DNS, as well as indicate a suitable HELO (EHLO).
I did it all in the remote_smtp transport like this:
In DNS I entered the corresponding MX records for each new domain.
Received the following: incoming mail comes on MX-s as it should be. Remote admin logs sees what MX delivered the letter. For each of my domains - different. Fine! Outgoing mail from the local network goes away using its external IP address and specifying the appropriate HELO (EHLO) value and with the appropriate values for the domain in the Received: header.
I think it would be good to finish the following: issue a simple connection to smtp_banner for port 25 of each of my IP addresses and not receive mail for a domain that is not tied to the address to which the connection came. Then there would be a complete openwork! Well, until the hands do not reach.
This is how flexible and convenient Exim can be.
Naturally, the reverse entry in DNS does not change for each domain personally. I found the only way to require additional ISPs from the provider. (Ay-yay-yay! How bad! I know, in such a difficult time, such sloppiness!). But the provider, as it turned out, easily added another network, no problem.
Addresses received, you can proceed.
')
What do you need? Create PTR records for each IP address. It's clear. The network is not served by me, so the provider sent a request. Naturally, it was necessary for each pair of ip-domain to create a dissimilar domain so that when searching there was no noticeable tendency or handwriting of one admin.
Created a pair of PTR records:
10.2.3.4 mail.domain1.ru
10.2.3.5 mx.domain2.ruExim has the smtp_active_hostname parameter, which is used in many places in the config file. In particular, in Received: headers.
To determine this parameter in accordance with the ip-domain pair, I created this structure in the Exim config:
...
smtp_active_hostname = ${lookup{$received_ip_address}\
nwildlsearch{EXIM_DIR/hostname_incoming_ip}{$value}{$primary_hostname}}
...
The hostname_incoming_ip file looks like this:
# cat hostname_incoming_ip
10.2.3.4 mail.domain1.ru
10.2.3.5 mx.domain2.ru
Thus, the value of smtp_active_hostname in Exim became mail.domain1.ru, if the value of the received_ip_address variable was 10.2.3.4, if the address was not mentioned in the file, then the value of the variable smtp_active_hostname became equal to primary_hostname.
To send an outgoing letter, you need to specify the correct src-ip, which would be associated with its domain in DNS, as well as indicate a suitable HELO (EHLO).
I did it all in the remote_smtp transport like this:
remote_smtp:
driver = smtp
helo_data = ${lookup{$sender_address_domain}\
nwildlsearch{EXIM_DIR/helo_data}{$value}{$primary_hostname}}
interface = ${lookup{$sender_address_domain}\
nwildlsearch{EXIM_DIR/outgoing_ip}{$value}{EXIM_OUTGOING_IP}}
In DNS I entered the corresponding MX records for each new domain.
Received the following: incoming mail comes on MX-s as it should be. Remote admin logs sees what MX delivered the letter. For each of my domains - different. Fine! Outgoing mail from the local network goes away using its external IP address and specifying the appropriate HELO (EHLO) value and with the appropriate values for the domain in the Received: header.
I think it would be good to finish the following: issue a simple connection to smtp_banner for port 25 of each of my IP addresses and not receive mail for a domain that is not tied to the address to which the connection came. Then there would be a complete openwork! Well, until the hands do not reach.
This is how flexible and convenient Exim can be.
Source: https://habr.com/ru/post/125407/
All Articles