From: Victor Duchovni on
On Mon, Jul 19, 2010 at 11:34:11PM +0200, mouss wrote:

> if the exchange box wants joe(a)example.com, you can add
> smtp_generic_maops entries to rewrite the address back:
> joe(a)exchange.example.com joe(a)example.com
> (This only works if the transport to exchange is "smtp", as the prefix
> of smtp_generic_maps suggests!).

More precisely, it only works if the delivery agent is smtp(8), the
transport name can be "smtp", "relay", "my-exchange-transport", ...
anything that uses the smtp(8) delivery agent.

> This approach is better than per user transports, because transport_maps
> imply performance overhead

Per-user transport lookups are OK per-se, but typically these imply
accessing a remote directory (SQL, LDAP, ...), and it is use of
remote data sources for transport lookups (not whether the lookup
key is a user or a domain) that is often not a good idea.

--
Viktor.

From: Simone Caruso on
Il 19/07/2010 23:22, Jonathan Tripathy ha scritto:
>
> On 19/07/10 22:18, Simone Caruso wrote:
>> Il 19/07/2010 22:56, Jonathan Tripathy ha scritto:
>>> Hi Everyone,
>>>
>>> My question isn't directly a Postfix issue, however postfix will be a
>>> fundamental element, and any advice would be appreciated.
>>>
>>> I need to set up an infrastructure which uses a mixture of Linux, and
>>> Windows (exchange server).
>>>
>>> Basically, for a single domain, I wish got some users to have accounts
>>> on a Linux mail server (Something similar to
>>> http://workaround.org/ispmail/lenny), and some to have accounts on an
>>> Exchange server. The level of interaction between the 2 machines should
>>> be such that users on each machine can send email to the users on the
>>> other (As well as external mx servers of course).
>>>
>>> The users who have their account on the Linux server, will access their
>>> email via IMAP (and send via SMTP). The users of have their account on
>>> the exchange server will access their email via "Outlook Anywhere" -
>>> this is where Exchange encapsulates RPC inside HTTPS packets, and runs
>>> the connection on a single port (443).
>>>
>>> My current train on through is this: Have all incoming email terminate
>>> on the Linux (Postfix) box. For users who have their account on the
>>> Linux box itself, this will automatically work. For users who have their
>>> account on the exchange server, I can use Postfix Virtual Aliases to
>>> "forward" the mail to the account on the exchange box. The exchange box
>>> would have to be set up with accounts that are non-accessible from
>>> outside (e.g. user1(a)domain.local). Regarding access from outside, I'm
>>> thinking of just placing the 2 servers in a DMZ, and using a single
>>> static IP address, port forward 25 (SMTP), 110 (IMAP) to the Linux box
>>> and and 443 (Outlook Anywhere) to the exchange box.
>>>
>>> Does this sound like an acceptable solution?
>>>
>>> Thanks
>> You can setup an user database (ldap, sql) and select a different
>> mailbox transport on domain or user basis.. you can use imap proxies
>> as well.
>
> Hmm interesting, so you are saying that I could have a Postfix "front
> end" (which handles incoming mail from third parties only) which
> forwards mail to the correct server based on user? So 3 servers in total
> then?
>
> That's incoming mail from third parties sorted, but what about sending
> mail? I'd just forward a port to the Linux Mail Server (not the
> frontend) and get users to send mail through that? (This would be for
> users who have their account on the Linux Mail Server. The exchange box
> does everything on a single port)
u can use ldap maps on active directory

--
Simone Caruso
IT Consultant
+39 349 65 90 805
p.iva: 03045250838
From: mouss on
Jonathan Tripathy a �crit :
> [snip]
>>>
>>> Does this sound like an acceptable solution?
>>>
>>>
>> yes. it is.
>>
>> for delivery, you can use virtual aliases:
>> joe(a)example.com joe(a)exchange.example.com
>>
>> if the exchange box wants joe(a)example.com, you can add
>> smtp_generic_maops entries to rewrite the address back:
>> joe(a)exchange.example.com joe(a)example.com
>> (This only works if the transport to exchange is "smtp", as the prefix
>> of smtp_generic_maps suggests!).
>>
>>
>> This approach is better than per user transports, because transport_maps
>> imply performance overhead (and also: transport_maps are global inside
>> a postfix instance, so you have less flexibility).
>>
>>
>
> Hi mouss,
>
> Thanks for that
>

see also Viktor mail for more accurate information.

> Can you please explain why I would need to use smtp_generic_maps? I'm
> not entirely sure of the use of it in this context.
>

you only need that if your exchange is configured to receive mail for
joe(a)example.com and not for joe(a)exchange.example.com.

if you configure exchange to accept mail for joe(a)exchange.example.com
and make it consider this the same thing as joe(a)example.com, then you
don't need smtp_generic_maps.


if on the other hand your exchange (or whatever internal server) only
wants joe(a)example.com, then postfix gives you the opportunity to rewrite
the addresses at delivery time (after virtual_alias_maps are expanded).
This is an exceptionally nice feature in postfix. it means you can do
rewrite at input (virtual_alias_maps) then at output
(smtp_generic_maps). This somewhat resembles NAT in packet filters that
allow you to do NAT at input (map destination IP address) and at output
(map source IP address) for a single IP packet.

From: Jonathan Tripathy on

>> Can you please explain why I would need to use smtp_generic_maps? I'm
>> not entirely sure of the use of it in this context.
>>
>>
> you only need that if your exchange is configured to receive mail for
> joe(a)example.com and not for joe(a)exchange.example.com.
>
> if you configure exchange to accept mail for joe(a)exchange.example.com
> and make it consider this the same thing as joe(a)example.com, then you
> don't need smtp_generic_maps.
>
>
> if on the other hand your exchange (or whatever internal server) only
> wants joe(a)example.com, then postfix gives you the opportunity to rewrite
> the addresses at delivery time (after virtual_alias_maps are expanded).
> This is an exceptionally nice feature in postfix. it means you can do
> rewrite at input (virtual_alias_maps) then at output
> (smtp_generic_maps). This somewhat resembles NAT in packet filters that
> allow you to do NAT at input (map destination IP address) and at output
> (map source IP address) for a single IP packet.
>
>
>

Now that's a cool feature!

However, I think I'll stick with giving the exchange server an
"internal" domain, like "exchange.local", as this is what I'm familiar
with and I have already got this setup to work. Things get messy as
Exchange needs active directory as well.

Now, all I need now is some nice "central" address book that works
across both Thunderbird (for the Linux mail server users) and Outlook..

From: mouss on
Jonathan Tripathy a �crit :
> [snip]
>>
>>
>
> Now that's a cool feature!
>
> However, I think I'll stick with giving the exchange server an
> "internal" domain, like "exchange.local", as this is what I'm familiar
> with and I have already got this setup to work.

if you can, avoid ".local". This is not a reserved suffix. instead, use
a subdomain of yours.

> Things get messy as Exchange needs active directory as well.
>
> Now, all I need now is some nice "central" address book that works
> across both Thunderbird (for the Linux mail server users) and Outlook..

hmm. TB supports AD (via LDAP), doesn't it?