[Pkg-exim4-users] Exim4 with local network as well as smarthost (longish post)

Dave Witbrodt dawitbro at sbcglobal.net
Wed Mar 11 01:50:28 UTC 2009 

ael wrote:
> The standard debian exim configurations do not seem to cater
> for a small local network behind a NAT router.

   That is true.  The Debian exim4 maintainers have tried to create a 
default configuration which can be tweaked by those debconf questions to 
fit the needs of the vast majority of people.

   For you and I, we are not the vast majority.  I have very similar 
needs to what you are describing, and received few responses on this 
list when I asked very similar questions in January.  I was advised to 
go to the mailing lists maintained by the upstream Exim developers.


> Most mail needs to go to an (isp) smarthost with FROM headers
> rewritten. But local mail within the network needs to be delivered
> directly with headers unchanged.

   I accomplished this, but had to rewrite some of the Exim rules in 
order to do it.

   I have 3 machines in my home network.  Here is a quick diagram:

ISP  <-->  gateway/router____ desktop
                      \  \____ fileserver
                       \______ webserver

This is a temporary setup, and will later become:

ISP <--> webserver <--> gateway/router <--> desktop <--> fileserver


   I wanted to get ready for the future setup by configuring "desktop" 
and "fileserver" to use "webserver" as their smarthost (in the first 
diagram).  I wanted any message sent _from_ a local machine _to_ a local 
machine to be correctly routed by the smarthost back to the LAN, with no 
headers rewritten.  I also needed any message sent (from any machine) 
outside the home network to have their headers rewritten.
   The current set of debconf questions do not allow for such a setup, 
since 99+% of users will either be using a single machine or will not 
have such picky needs for their home network email arrangement.  Adding 
such configuration options would require some significant changes to the 
current Debian exim4 configuration files, and additional debconf 
questions.  The Debian exim4 maintainers are adamant that their are 
already too many debconf questions, and they will resist (or, more 
likely, reject) any requests for additional support for rare cases like 
ours.

   If you feel my situation is similar enough to yours, I would be happy 
to share the changes I made to get local emails to pass through 
"webserver" unmodified, but external emails having their headers 
rewritten so that the reply address is the correct email address of my 
ISP account.


> This already presents a problem to exim4 because, as I understand it,
> envelope rewriting can only be done globally.

   Actually, exim4 is VERY configurable.  Your complaint is not against 
exim4, but against the default configuration provided by the Debian Exim 
maintainers.
   In my case, I decided to keep as much as possible from the 
configuration provided by the Debian team because (1) I have never 
configured Exim from scratch and (2) I have little desire to become an 
expert Exim configurer just to set up a little 3-machine home network!

   Please don't blame the Debian team for their choices in preparing the 
default configuration.  What they have done is almost miraculous:  with 
a few short questions, they have made it possible for the overwhelming 
majority of people to use Exim without having to write an Exim 
configuration from scratch.  That was their goal, and they have 
succeeded.  It leaves people like us being forced to read all (or most) 
of the documentation trying to figure out how to get what we want, but 
you cannot expect them to handle every conceivable usage of Exim!


> My local network is small and no single machine is necessarily
> running at all times. Thus a dedicated local network mail machine
> is not an option. Instead each machine runs its own copy of exim4
> and accepts email directly from its local peers.

   That makes sense.  I _do_ leave one machine on all of the time, but I 
built it from scratch to use very low power components.  That is 
"webserver" (see above), and since it will be running 24/7/365, I expect 
parts to fail, so I designed it to be extremely easy to service, both in 
terms of hardware and software.
   If you're not going to be using your machines constantly, then it may 
make more sense to shut them down -- especially if you will not be 
needing them for days at a time.


> The local hosts each have the local network hostnames in /etc/hosts:
> these are not registered dns names and are aliases as usual for
> reserved 10.0.0.*, 192.168.*.* or 172.16.*.* IP4 addresses.

   I also am not running DNS on the home network, though I may 
eventually do so.  (Just for the experience, more than anything.)  At 
the moment, I also rely on /etc/hosts, and that was part of the 
rewriting I had to do in order to prevent header rewrites when sending 
to home network destinations.


> I describe my configuration below for two reasons:

   To be honest, I haven't worked on this since January.  I cannot 
recall from memory what my changes were, but you seem to have taken a 
much different approach from what I did.
   As I mentioned before, if you think my situation is similar enough to 
your own, I'll be glad to go back over the notes I took and share the 
details of my own setup.  We may both end up headed for the upstream 
mailing list to further tweak our setups for what we really want, 
though.  For now, my setup is working, but I still have questions about 
whether I did it right, or whether there are better ways to do the same 
thing.


Dave W.

More information about the Pkg-exim4-users mailing list