Smtproutes
From Qmailtoaster
smtproutes
This option can be very useful when sending email to flaky or large domains. As an example, we send a lot of email to sympatico.ca users, and they are always making changes to their DNS, which sometimes cause CNAME lookup failure errors on our mail server. To get around this, I did a 'dig' of their domain for MX records, and got this:
ANSWER SECTION: sympatico.ca. 59 IN MX 5 toip4.bellnexxia.net. sympatico.ca. 59 IN MX 5 toip5.bellnexxia.net. sympatico.ca. 59 IN MX 5 toip6.bellnexxia.net. sympatico.ca. 59 IN MX 5 toip7.bellnexxia.net. sympatico.ca. 59 IN MX 5 toip1.bellnexxia.net. sympatico.ca. 59 IN MX 5 toip2.bellnexxia.net. sympatico.ca. 59 IN MX 5 toip3.bellnexxia.net.
Which as you can see is a dirty lookup since their email get's redirected to a different domain name, which in turn can cause CNAME lookup failures. No problem. I chose one of their mail servers by random (ping it's name to get the IP address), and added the following to my /var/qmail/control/smtproutes file to FORCE all emails to user@sympatico.ca to go to that particular IP address:
sympatico.ca:209.226.175.87
Some pitfalls to note on this: you will no longer be using DNS to find the mail server for users at that domain name. If the server you choose is down, email will not get delivered since it will no longer try and move to the next MX record in DNS. Be careful with this. If they decide to change mail servers (to different IP addresses), email will no longer get delivered to this domain until you change the IP address used in the smptroutes file.
Note, the qmail-remote-auth patch has been applied to the toaster, so you may specify a username and password in the smtproutes entry:
desinationdomain.com:relay.server.com username password
man qmail-remote excerpt:
Artificial SMTP routes. Each route has the form domain:relay, without any extra spaces. If domain matches host, qmail-remote will connect to relay, as if host had relay as its only MX. (It will also avoid doing any CNAME lookups on recip.) host may include a colon and a port number to use instead of the normal SMTP port, 25:
inside.af.mil:firewall.af.mil:26
relay may be empty; this tells qmail-remote to look up MX records as usual. port value of 465 (depreciated smtps port) causes TLS session to be started. smtproutes may include wildcards:
.af.mil: :heaven.af.mil
Here any address ending with .af.mil (but not af.mil itself) is routed by its MX records; any other address is artificially routed to heaven.af.mil.
The qmail system does not protect you if you create an artificial mail loop between machines. However, you are always safe using smtproutes if you do not accept mail from the network.