[POSTFIX] Configuring Smarthost just for 1 domain

12 posts / 0 new
Last post
#1 Sat, 01/22/2011 - 10:12
virtualmachine

[POSTFIX] Configuring Smarthost just for 1 domain

Hello, One of my clients wants to setup the following:

Exchange Server <- Mail In- and Outbound -> The Hosting Server <-> The Rest of the world.

This Setup is necessary, because they are on a dial-up line And basically My Server (where Other Domains are hosted as well, and which should not be affected) should act as a smarthost (In- and Outbound Relay).

How would I configure my Postfix to make something like this possible?

Thanks for your advisories!

Sat, 01/22/2011 - 10:35
andreychek

Howdy,

Using your Virtualmin server as an outbound smarthost shouldn't be a problem... for that, you'd just need to configure Exchange to relay emails through your server, and you'd need a username and password to use to authenticate with.

For incoming email -- one possibility is that the Postfix transport maps may do what you're after. You can read about what those do and how to configure them here:

http://www.postfix.org/transport.5.html

Virtualmin has a place where you can set those up by going into Webmin -> Servers -> Postfix -> Transport Maps.

Alternatively, you could always just setup individual accounts on your Virtualmin server for that particular domain, and have each forward their incoming emails to the Exchange server (perhaps using it's IP address).

I've also seen some folks deliver their email on the Virtualmin server, but setup a POP3/IMAP polling daemon on Exchange to pull the email down every N minutes.

Just some thoughts -- I hope one of those will do what you're after :-)

-Eric

Sat, 01/22/2011 - 13:43
virtualmachine

Thanks for your thoughts, Eric!

How would I accomplish the Exchange Server requiring only one pair of user/password for sending Mail for the various Users?

Sat, 01/22/2011 - 13:51
andreychek

Howdy,

How would I accomplish the Exchange Server requiring only one pair of user/password for sending Mail for the various Users?

Well, I'm not familiar with Exchange setup, so I don't know the specifics... but I know that with other MTA's, when you setup a smarthost, you can specify an optional username and password to use for sending all outgoing messages.

I suspect Exchange would have something similar... a way of specifying a username and password for the smarthost configuration. It may be in an Advanced tab or similar, but I suspect the option is there somewhere :-)

-Eric

Tue, 01/25/2011 - 04:56 (Reply to #4)
virtualmachine

I didnt mean the Exchange setup... I am focussed on the Postfix part.

How would I, on the VMin/Postfix site allow one Login to be authorative for receiving and sending?

Via Aliases?

Tue, 01/25/2011 - 09:13
andreychek

Howdy,

Well, sending messages would be the easy part. You'd just need to create an email account from within Virtualmin. Once you have an email account, anyone with the username and password for that account can relay any messages through it (regardless of what their email address is).

How to handle receiving messages would vary, depending on how you're planning to set things up. If you're planning to setup a number of accounts on your Virtualmin server -- well, you wouldn't have to do much there, just create the accounts and set each up to forward to your Exchange server.

Does that answer your question?

-Eric

Tue, 02/08/2011 - 11:13
virtualmachine

Hi andreycheck,

what do you mean by "forward them to your Exchange server"? The Exchange Server doesnt have a domain name because it is inside another infrastructure to which i have to establish the connection through their public IP-Adress. That would be the easy part... But what about the outbound mail coming from the Exchange? How is authentication handled? Does Exchange transmitt a user/password combo, so it could be resolved to my vmin users?

I previously had an eye on transport maps and it does (I think) what would do the inbound trick for me. On the other hand: I would get rid of spam filtering for that, because it is normally handled through procmail.

Any ideas?

Tue, 02/08/2011 - 11:21
andreychek

what do you mean by "forward them to your Exchange server"? The Exchange Server doesnt have a domain name because it is inside another infrastructure to which i have to establish the connection through their public IP-Adress.

That's no problem -- you can just forward the emails to your Exchange server's public IP address (or at least, an IP address that can be forwarded internally to your Exchange server)... you don't have to use a domain name.

Or if that won't work, that's when you can just setup Exchange to poll accounts on the Virtualmin server to check for new mails, rather than forwarding them in.

But what about the outbound mail coming from the Exchange? How is authentication handled? Does Exchange transmitt a user/password combo, so it could be resolved to my vmin users?

I'm not familiar with the specifics of Exchange, but most MTA's can utilize a username and password when sending mail via a SmartHost. You'd just have to find where that's configured in Exchange :-)

-Eric

Tue, 02/08/2011 - 11:33
virtualmachine

Okay, I think I am closer now...

Can you please give me an answer on how mail is handled internally on the vmin-side?

I have to give the login credentials of ONE (no matter what?) virtualmin email-user to the Exchange Admin and this specific user will be allowed to send emails for all the adresses in that domain?

//EDIT: I re-readed a previous message concerning one user an password combo.. I appreciate your help very much!

Another thing buggn me is, how i would forward the mails to the exchange in detail; if I define an entry in the transport map and the host is unreachable (due to a reconnect issue or whatever; is mail hold on and forwarded, once the server is back?

Tue, 02/08/2011 - 11:40
andreychek

I have to give the login credentials of ONE (no matter what?)

I suspect my attempts at explaining this haven't been clear; I'll try to word it a different way.

The answer is that it doesn't matter :-)

So long as the connecting MTA (in your case, Exchange) supplies a valid username and password, that connection may send an email on behalf of any user.

Somewhere in the email headers, it'll likely be logged what username was used; but the From address on the email won't change.

Most MTA's can only have one username and password for a SmartHost.

But that doesn't matter, the SmartHost's username and password requirement is just to verify that the connecting MTA is allowed to relay mail. It can, at that point, relay mail for anyone.

My recommendation is to just pick a user on your server that you want them to authenticate with for outgoing emails -- and use that one user for outgoing SMTP authentication for all outgoing email that's going through the SmartHost.

Does that answer your question?

-Eric

Tue, 02/08/2011 - 17:21
andreychek

Another thing buggn me is, how i would forward the mails to the exchange in detail; if I define an entry in the transport map and the host is unreachable (due to a reconnect issue or whatever; is mail hold on and forwarded, once the server is back?

That's the harder of the two parts of all this :-)

There are several ways of going about making this work.

I'm sure you can use transport maps for all that, though I haven't done much work with transport maps, so I'm not entirely sure how to go about configuring it :-) But, configured correctly, that should work.

Another way would be to create all your email accounts in Virtualmin, and then edit each one, and configure it to forward messages to your Exchange server (using it's IP address).

Either of those solutions should handle retries if your Exchange server were to be unavailable for some time.

Only the second solution would perform spam and virus scanning before it gets to your Exchange server. If you use the transport maps, the email would get to your Exchange server, but it wouldn't be scanned first.

-Eric

Wed, 02/16/2011 - 18:06
virtualmachine

Could you explain "Another way would be to create all your email accounts in Virtualmin, and then edit each one, and configure it to forward messages to your Exchange server (using it's IP address)."

According to the online help, it is only possible to fill in emailadresses, and not ips.

I got another issue here... It seems as if postfix is disregarding my transport map...

Its content is: example.com smtp:[IPADRESS]

But everything for domain example.com is still delivered locally after receipt.

Whats going wrong?