From: Alexey Lobanov (A.Lobanovcro-rct.ru)
Date: Wed Feb 13 2008 - 01:41:31 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Werner.

12.02.2008 23:29, Werner vd Merwe пишет:

> Hi Alexey,
>
> Thank you very much for the response - I must admit though that I am
> fairly new to Postfix and have never worked with LDAP before, so the
> commands are all a bit foreign to me.

I am not sure that you really need LDAP because your current SQL setup
may and should do exactly same. LDAP is just a more standard option in a
corporate environment because very many other applications are able to
use same database directly. I.e, an "addressbook" in a MUAs, Samba
fileshare and MS-Windows domain controller, etc.

>
> If I understand you correctly, you assign each user that is at a
> remote branch with an alternate email address,

Correct. I store this address in LDAP, you can do same in SQL. This
address purely internal, it is neither used by humans nor visible to
humans, it is not used in any MUA settings.

> and specify the
> postfix server for that domain in transport?

Either Postfix (via SMTP) or an intelligent mail storage system (via
LMTP). It depends upon the mail storage system. I really hope that you
do not use POP3 downloads to workstation in a corporate environment :-)

>
> What happens at the remote side though, do you have to do the inverse
> that side, and map all users in the primary site to an alternate
> e-mail address?

Actually, there is no any "primary site" in this system. All Postfix
configurations are identical except unique "myhostname" and
"mydestination" names.

The delivery is really two-stage. At the first stage the original
<John.Doeexample,com> is not treated as locally destinated but is
translated to <john02specificserver.example.com> and routed to the
specificserver.example.com (which can be same machine). At the second
stage <john02specificserver.example.com> is treated as local
(mydestination) and is delivered to the local mailbox. The second stage
can be done by Postfix or by any LMTP-capable storage system with same
success.

As to the "inverse". Yes, it is also feasible to use an independent
Postfix feature, "sender_canonical_maps", to rewrite non-uniform sender
addresses (mailAlternateAddress in Qmail schema) to the
corporate-standard canonical "mail". However, it is not really necessary
at the beginning, when you deploy the system and can set correct domain
and local parts in all individual MUA settings. The real need in
sender_canonical_maps appears at the maintenance stage, when you have to
change the corporate mail domain or your management orders mandatory
"John.Doeexample.com" instead of <jonny02example.com> for all staff.

>
> Apologies if I misunderstood.
>
> I must say that your setup sounds very nifty! Well done.

It seems to be a quite natural use of the Postfix lookup tables.

Alexey

>
> Thank you in advance Werner
>
>
> -----Original Message----- From: Alexey Lobanov
> [mailto:A.Lobanovcro-rct.ru] Sent: 11 February 2008 09:33 PM To:
> Werner vd Merwe; postfix-userspostfix.org Subject: Re: Muliple Site
> single domain
>
> Hi Werner.
>
> I run similar configurations for many years. The only difference is
> replicated LDAP database instead of Postgres, because the same LDAP
> is used by Samba file services.
>
> All sites are configured for same single mail domain and are declared
> as MX records for this domain. The maximal priority is assigned to
> the biggest site, where majority of workers reside - to minimize
> unnecessary inter-site traffic.
>
> Actially, every Postfix works as a quite simple forwarder with
> *identical* rules:
>
> ldapforward_domain = example.ru
>
> # NB: this "example.ru" *is not* listed in "mydestination"!
>
> ldapforward_query_filter =
> (&(|(mail=%s)(mailAlternateAddress=%s)(mailAlternateAddress=%u)(uid=%u))(|(AccountStatus=active)(accountStatus=shared)))
> ldapforward_result_attribute = mailForwardingAddress
> ldapforward_bind = no
>
> "mailForwardingAddress" is just a personal email address in
> *internal* domain pointing to the "home" server of an user. I must
> use internal domain and internal IP-address space (via VPN) because
> not all sites have external IP-addresses, but it is not essential.
>
> A more important trick is LMTP local/final delivery instead of SMTP,
> it is defined in "transport" table for all internal domains. Mail to
> <mailForwardingAddress> is sent not to other Postfix but directly to
> Cyrus IMAP (or other LMTP-capable MDA) at the destination server.
> However, it is not essential too, it is also an optimization trick.
> The scheme works same if every Postfix knows also an unique internal
> domain name as "mydestination" and knows a local delivery transport.
>
> Anyway, a message injected (from local workstation or from Internet -
> no difference) to any Postfix server is always forwarded to the home
> server of the addressee in one LMTP or SMTP hop. If any site is
> offline for any reason, all other ones stay operational and may
> receive mail from Internet normally. User migration is trivial.
>
> The LDAP schema is known as "qmail.schema".
>
> BTW, the next part of this setup is the Cyrus IMAP cluster, aka
> "murder". An user connects to a nearest IMAP server and sees his
> Inbox and all available shared folders from all branches in same
> list.
>
> Alexey
>
> 11.02.2008 21:32, Werner vd Merwe пишет:
>
>> What I would love to be able to do, is that Cape Town remains the
>> primary MX for the domain, but intelligently routes specified users
>> to the branch where they work, and inversely, deliver mail for
>> local users to local and mail for other branches to them.
>
>
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]