From: Victor Duchovni (Victor.DuchovniMorganStanley.com)
Date: Fri Nov 11 2005 - 11:29:10 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Nov 11, 2005 at 08:53:25AM +0100, Bob Alexander wrote:

> 1) All 50.000 need to have a namecompany.com email and the SMTP should
> be able to route the 20.000 which have exchange to the exchange server
> while the rest on a new "MDA" (was thinking about dovecot/openwebmail).
> Any ideas on the best way to do this ? Maybe an LDAP backend which
> replicates the MS Active Directory users and adds the new ones plus a
> flag in the schema saying where their mail should go ?

There are three mechanisms for delivering users in a single domain to
different destinations:

1. Rewriting logical envelope recipient mailbox addresses (userexample.com)
   to physical mailbox address (usermailhub-N.example.com) via virtual(5)
   (aka virtual_alias_maps)

2. Per-user transport tables that route each user an appropriate
   transport:nexthop without rewriting the envelope recipient address.

3. Passing all mail for the domain to the local(8) transport and
   using aliases(5) to direct any non-local recipients elsewhere.

For large sites, the above list is in order of preference, if at all
possible avoid 2 and 3 and implement 1.

Furthermore, if at all possible, configure the domain as a
virtual_alias_domain (see ADDRESS_CLASS_README), and for each physical
mailbox server make sure that in an addition to the Joe.Userexample.com
primary email address, the server also accepts a physical address:
joeuserservername.example.com.

With MS Exchange this is typically accomplished via the proxyAddresses LDAP
attribute:

    sAMAccountName: joeuser
    mail: Joe.Userexample.com
    cn: User, Joe
    proxyAddresses: SMTP:Joe.Userexample.com
    proxyAddresses: smtp:joeuserexchange.example.com

You don't need to replicate AD into a non-AD LDAP server, if query
load is an issue, set up an AD replica server that is dedicated to
non Outlook/Exchange clients, so that external load does not impact
Outlook client performance.

The Postfix virtual map is simple in this case:

    domain = example.com
    query_filter = proxyAddresses=smtp:%s
    result_attribute = samAMAccountName
    result_format = %sexchange.example.com

The Exchange primary domain should ideally be exchange.example.com,
not example.com.

Implement a non-AD LDAP server for non-Exchange users, or shoe-horn the
virtual rewriting for non-Exchange users into AD.

Good luck. Be prepared to read a lot, and actually understand the system
you will deploy in detail. Play with it in the lab, ...

The initial learning curve is steep, but you will not end up with a black
box system managed via cargo-cult recipes. Rather you will manage a system
you understand!

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majordomopostfix.org?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]