|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Alexey Lobanov (A.Lobanov
cro-rct.ru)
Date: Mon Feb 11 2008 - 13:32:50 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Werner.
I run similar configurations for many years. The only difference is
replicated LDAP database instead of Postgres, because the same LDAP is
used by Samba file services.
All sites are configured for same single mail domain and are declared as
MX records for this domain. The maximal priority is assigned to the
biggest site, where majority of workers reside - to minimize unnecessary
inter-site traffic.
Actially, every Postfix works as a quite simple forwarder with
*identical* rules:
ldapforward_domain = example.ru
# NB: this "example.ru" *is not* listed in "mydestination"!
ldapforward_query_filter =
(&(|(mail=%s)(mailAlternateAddress=%s)(mailAlternateAddress=%u)(uid=%u))(|(AccountStatus=active)(accountStatus=shared)))
ldapforward_result_attribute = mailForwardingAddress
ldapforward_bind = no
"mailForwardingAddress" is just a personal email address in *internal*
domain pointing to the "home" server of an user. I must use internal
domain and internal IP-address space (via VPN) because not all sites
have external IP-addresses, but it is not essential.
A more important trick is LMTP local/final delivery instead of SMTP, it
is defined in "transport" table for all internal domains. Mail to
<mailForwardingAddress> is sent not to other Postfix but directly to
Cyrus IMAP (or other LMTP-capable MDA) at the destination server.
However, it is not essential too, it is also an optimization trick. The
scheme works same if every Postfix knows also an unique internal domain
name as "mydestination" and knows a local delivery transport.
Anyway, a message injected (from local workstation or from Internet - no
difference) to any Postfix server is always forwarded to the home server
of the addressee in one LMTP or SMTP hop. If any site is offline for any
reason, all other ones stay operational and may receive mail from
Internet normally. User migration is trivial.
The LDAP schema is known as "qmail.schema".
BTW, the next part of this setup is the Cyrus IMAP cluster, aka
"murder". An user connects to a nearest IMAP server and sees his Inbox
and all available shared folders from all branches in same list.
Alexey
11.02.2008 21:32, Werner vd Merwe пишет:
> What I would love to be able to do, is that Cape Town remains the
> primary MX for the domain, but intelligently routes specified users to
> the branch where they work, and inversely, deliver mail for local users
> to local and mail for other branches to them.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]