I inherited a web site that's apparently using Exim as its MTA. Let's say that we can access the site at:
The users who work at Example Corp. noticed that they did not receive email when the PHP web application attempted to send mail to addresses like:
jane.doe@example.com
support@example.com
etc.
The Question
The SPF records seem to work best when the server sends mail from a hostname of example.com. However, we cannot email anyone at example.com when we have that as the hostname.
I changed the hostname on the server, but now it doesn't work with the existing SPF records (details below).
I think I need advice on configuring either the hostname or Exim.
Background
Email sent to external addresses at GMail, Yahoo, Mailinator, etc. went through just fine. I use Mailinator for testing emails because you can email any address without having to create a full account. I ran tests using syntax like this.
This test would succeed.
echo "This is message body." | mail -s "SMTP Test 1" -r "from_address@example.com" to_address@mailinator.com
This test would fail.
echo "This is message body." | mail -s "SMTP Test 1" -r "from_address@example.com" to_address@example.com
Some simple routing tests can be done by using the address testing option. This test would succeed.
exim -bt to_address@mailinator.com
to_address@mailinator.com
router = dnslookup, transport = remote_smtp
host mail.mailinator.com [2600:3c03::f03c:91ff:fe50:caa7] MX=10
host mail.mailinator.com [23.239.11.30] MX=10
This test would fail.
exim -bt support@example.com
support@example.com is undeliverable
This post was helpful and pointed me in the direction of the hostname setting.
http://jblevins.org/log/hostname
I realized that the public DNS had an entry called "store.example.com" that pointed to the correct IP address. I entered that as the hostname.
sudo hostname store.example.com
Ensure store.example.com is inside the network file. This should ensure the hostname sticks after reboot.
sudo nano /etc/sysconfig/network
sudo service exim restart
The problem is that now Google complains about the lack of an SPF record.
Received-Spf: none (google.com: user@store.example.com does not designate permitted sender hosts) client-ip=xxx.xxx.xxx.xxx;
I realize I could create an SPF record, but it would be simpler to use the existing one for example.com. When that was the hostname, the header in GMail said:
Received-Spf: pass (google.com: domain of user@example.com designates xxx.xxx.xxx.xxx as permitted sender) client-ip=xxx.xxx.xxx.xxx;
Server Environment
CentOS release 6.6
ls /etc/alternatives/ -l | grep mta
lrwxrwxrwx. 1 root root 23 Feb 23 09:28 mta -> /usr/sbin/sendmail.exim
lrwxrwxrwx. 1 root root 19 Feb 23 09:28 mta-mailq -> /usr/bin/mailq.exim
lrwxrwxrwx. 1 root root 29 Feb 23 09:28 mta-mailqman -> /usr/share/man/man8/exim.8.gz
lrwxrwxrwx. 1 root root 24 Feb 23 09:28 mta-newaliases -> /usr/bin/newaliases.exim
lrwxrwxrwx. 1 root root 15 Feb 23 09:28 mta-pam -> /etc/pam.d/exim
lrwxrwxrwx. 1 root root 19 Feb 23 09:28 mta-rmail -> /usr/bin/rmail.exim
lrwxrwxrwx. 1 root root 19 Feb 23 09:28 mta-rsmtp -> /usr/bin/rsmtp.exim
lrwxrwxrwx. 1 root root 18 Feb 23 09:28 mta-runq -> /usr/bin/runq.exim
lrwxrwxrwx. 1 root root 22 Feb 23 09:28 mta-sendmail -> /usr/lib/sendmail.exim
exim -bV
Exim version 4.72 #1 built 10-Oct-2014 09:23:33
Copyright (c) University of Cambridge, 1995 - 2007
Berkeley DB: Berkeley DB 4.7.25: (September 9, 2013)
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc TCPwrappers OpenSSL Content_Scanning DKIM Old_Demime
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch ldap ldapdn ldapm nis nis0 nisplus passwd sqlite
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
OpenSSL compile-time version: OpenSSL 1.0.1e-fips 11 Feb 2013
OpenSSL runtime version: OpenSSL 1.0.1e-fips 11 Feb 2013
Configuration file is /etc/exim/exim.conf
Best Answer
I'm guessing that mail for example.com needs to be forwarded to the "real" mail server for that domain, or perhaps all mail should be forwarded to a "smart host".
I don't know how the default exim package for Centos is configured (if there is such a thing)... You should make the config available somewhere so I can say exactly what needs to be changed. Basically:
ensure example.com is not listed in local_domains (check the
dnslookup
router, or at least one of the first routers in the config (routers are processed in order, the first one to match wins).Search for
smarthost
to see if there is a config for that; you need to put the real mail server's address in there somehow.You can also put this as the first router:
smarthost: driver = manualroute domains = * transport = remote_smtp route_data = real.mailserver.example.com
See exim.org for a decription of the default config file.