One Domain, Two Email Systems
OZ
GroupWise 8). There is no software written by either MS or Novell that
will link the two systems (existing software only supports Exch 2003
and older). It is not an option for me to consolidate all users into
one system at this time.
I'm wanting to use mydomain.gov for all users on both systems without
using sub-domains. I can't do a "forward undeliverable" from one
system to another because the IP will be blacklisted for sending NDRs
(Non Delivery Receipt). Is there a way to set up Sendmail (I have some
Linux experience) or another SMTP server as our main SMTP/MX to query
the two systems' SMTP (or LDAP, etc.) and route email to the
appropriate SMTP (either Exch or GW)? I would even consider creating
static SMTP routing tables with email addresses if that's possible.
I know this is possible with third party proprietary software like
Postini, etc. so I'm hoping there is a similar Linux/GPL software
solution that exists.
Thank you,
OZ
ynotssor
news:af4e51cf-5c08-4a89...@x6g2000vbg.googlegroups.com...
> I have one domain (mydomain.gov) and two email systems (MSExch 2007 &
> GroupWise 8).
You're in the wrong newsgroup ... this one deals with "sendmail".
Try comp.mail.misc instead. You're off-topic here.
Grant Taylor
> (Non Delivery Receipt). Is there a way to set up Sendmail (I have
> some Linux experience) or another SMTP server as our main SMTP/MX to
> query the two systems' SMTP (or LDAP, etc.) and route email to the
> appropriate SMTP (either Exch or GW)?
I believe "LDAP Routing" with Sendmail will do exactly what you are
wanting to do.
It is my (mis)understanding that "LDAP Routing" will cause Sendmail to
query an LDAP to 1) see if a recipient email address is valid and 2) see
what back end MX server the account is to be delivered to.
I don't know if you will be able to configure an LDAP query to check two
different directories (probably with different structure) or not. You
may have to create a 3rd directory (OpenLDAP or the likes should
suffice) that presents consistent information for Sendmail to query.
The thing that I'm not sure how to handle is having the Exchange system
route non-local GroupWise recipients to GroupWise and vice versa that
are in the local domain. I'm thinking that you may have to create
aliases in each directory that delivers to the other system. I.e. an
Exchange non-local user would have an alias of us...@domain.tld ->
us...@gw.domain.tld and vice versa.
/If/ you could get Exchange and / or GroupWise to query LDAP for the
proper MX server things might be easier, but I don't know if this could
be done, or what type of directory structure you would have to present
to each.
In the end I think you can accomplish what you are wanting to do.
However I think there are going to be a few bumps along the way and
possibly some deep pot holes before you get to the finish line.
Grant. . . .
Andrzej Adam Filip
> I have one domain (mydomain.gov) and two email systems (MSExch 2007 &
> GroupWise 8). There is no software written by either MS or Novell that
> will link the two systems (existing software only supports Exch 2003
> and older). It is not an option for me to consolidate all users into
> one system at this time.
>
> I'm wanting to use mydomain.gov for all users on both systems without
> using sub-domains.
Have you considered using sendmail for "masquerading" the sub-domains?
"The world" would see one email domain but "internal servers" would use
separate subdomains thanks to "sendmail gateway".
> I can't do a "forward undeliverable" from one system to another
> because the IP will be blacklisted for sending NDRs (Non Delivery
> Receipt). Is there a way to set up Sendmail (I have some Linux
> experience) or another SMTP server as our main SMTP/MX to query the
> two systems' SMTP (or LDAP, etc.) and route email to the appropriate
> SMTP (either Exch or GW)?
Sendmail can use LDAP queries or custom milter for "via SMTP checks"
(e.g. milter-ahead http://www.snertsoft.com/solutions.php ).
Using more than one internal server would most likely mean need for
"some adaptations" of out-of-the-box solutions.
> I would even consider creating static SMTP routing tables with email
> addresses if that's possible.
>
> I know this is possible with third party proprietary software like
> Postini, etc. so I'm hoping there is a similar Linux/GPL software
> solution that exists.
AFAIK there is no (widely known) out-of-the-box solution but it should
be possible to "bundle" a few solutions with some "custom glue".
[ I would bet 1-3 working days for an expert ]
--
[pl>en Andrew] Andrzej Adam Filip : an...@onet.eu : Andrze...@gmail.com
Open-Sendmail: http://open-sendmail.sourceforge.net/
There is a natural hootchy-kootchy to a goldfish.
-- Walt Disney
Grant Taylor
> Have you considered using sendmail for "masquerading" the
> sub-domains? "The world" would see one email domain but "internal
> servers" would use separate subdomains thanks to "sendmail gateway".
This would certainly avoid the problem that I was speaking of where the
Exchange and GroupWise system both thought that the domain was local to
them, as it would not be for either of them. However the OP did say
"... without using sub-domains ...".
> Sendmail can use LDAP queries or custom milter for "via SMTP checks"
> (e.g. milter-ahead http://www.snertsoft.com/solutions.php ).
Will milter-ahead be able to determine which back end system to send
messages to? Or does it simply check multiple systems to see if the
recipient is valid? Also how does milter-ahead work if the first system
it contacts return a 5xy permanent error? Will milter-ahead move on and
ask the subsequent back end systems or will it return the 5xy error that
it initially received?
I personally have not used milter-ahead but I do use milter-sender
(http://www.snertsoft.com/sendmail/milter-ahead/), also from SnertSoft.
I am extremely happy with milter-sender, but I don't believe that it
(what I believe to be a superset of milter-ahead) will do what you are
saying that milter-ahead will do. (I am also extremely happy with
milter-sender.)
> Using more than one internal server would most likely mean need for
> "some adaptations" of out-of-the-box solutions.
With separate domains, this should be a trivial configuration. However
using a single domain will require some special work on the back end
systems end. I believe that "LDAP Routing" will take care of things on
Sendmail's end with out a problem.
> AFAIK there is no (widely known) out-of-the-box solution but it
> should be possible to "bundle" a few solutions with some "custom
> glue". [ I would bet 1-3 working days for an expert ]
Unless I am misunderstanding things (which is entirely possible) I think
"LDAP Routing" will allow Sendmail to do exactly what the OP is wanting
to do. The problem I see is on the back end servers.
Grant. . . .
Andrzej Adam Filip
> On 05/13/09 04:14, Andrzej Adam Filip wrote:
>> Have you considered using sendmail for "masquerading" the
>> sub-domains? "The world" would see one email domain but "internal
>> servers" would use separate subdomains thanks to "sendmail gateway".
>
> This would certainly avoid the problem that I was speaking of where
> the Exchange and GroupWise system both thought that the domain was
> local to them, as it would not be for either of them. However the OP
> did say "... without using sub-domains ...".
Sometimes getting less but at much lower "cost" makes perfect sense.
I do prefer to mention "less than (initially) required solutions" that
I think may be "cost effective" or *at least* worth to consider/exclude.
It is for "educated buyer" to choose the best gain/pain point for him/her :-)
>> Sendmail can use LDAP queries or custom milter for "via SMTP checks"
>> (e.g. milter-ahead http://www.snertsoft.com/solutions.php ).
>
> Will milter-ahead be able to determine which back end system to send
> messages to? Or does it simply check multiple systems to see if the
> recipient is valid? Also how does milter-ahead work if the first
> system it contacts return a 5xy permanent error? Will milter-ahead
> move on and ask the subsequent back end systems or will it return the
> 5xy error that it initially received?
>
> I personally have not used milter-ahead but I do use milter-sender
> (http://www.snertsoft.com/sendmail/milter-ahead/), also from
> SnertSoft. I am extremely happy with milter-sender, but I don't
> believe that it (what I believe to be a superset of milter-ahead) will
> do what you are saying that milter-ahead will do. (I am also
> extremely happy with milter-sender.)
I do not know how milter-ahead is designed.
I have merely used it as example what has been already implemented.
Admins/programmers may use Net::SMTP perl package from inside of
MIMEDefang filtering script in perl to get even much more complicated
functionality.
>> Using more than one internal server would most likely mean need for
>> "some adaptations" of out-of-the-box solutions.
>
> With separate domains, this should be a trivial configuration.
> However using a single domain will require some special work on the
> back end systems end. I believe that "LDAP Routing" will take care of
> things on Sendmail's end with out a problem.
>
>> AFAIK there is no (widely known) out-of-the-box solution but it
>> should be possible to "bundle" a few solutions with some "custom
>> glue". [ I would bet 1-3 working days for an expert ]
>
> Unless I am misunderstanding things (which is entirely possible) I
> think "LDAP Routing" will allow Sendmail to do exactly what the OP is
> wanting to do. The problem I see is on the back end servers.
"Untwisted" LDAP routing would require
* periodic export of address books of both internal servers and merging
them into format sendmail likes
+ it would hide scheduled and unscheduled maintenance]
+ LDAP routing can be used with standard maps (hash/dbm) instead of
LDAP queries
OR
* using sequence map to "chain together" two LDAP queries
--
[pl>en Andrew] Andrzej Adam Filip : an...@onet.eu : Andrze...@gmail.com
If you keep your mind sufficiently open,
people will throw a lot of rubbish into it.
-- William Orton
Grant Taylor
> Sometimes getting less but at much lower "cost" makes perfect sense.
True. less and / or cost can both be a measure of complexity too.
Parsimony comes to mind.
...
Is it even possible for a Milter to change where Sendmail will send a
message to? Can this be done with out altering the sender or recipient?
...
Generating a single directory could be entertaining. I don't know
enough about LDAP to know if it is possible or not, but I think there
are ways to present one structure while in actuality it is really
proxied to another back end structure.
> + it would hide scheduled and unscheduled maintenance]
*nod*
> + LDAP routing can be used with standard maps (hash/dbm) instead of
> LDAP queries
Very true.
> * using sequence map to "chain together" two LDAP queries
I'd query the directory with the most users first and then falling back
to the directory with fewer users.
Grant. . . .
Andrzej Adam Filip
> On 05/13/09 11:20, Andrzej Adam Filip wrote:
>> Sometimes getting less but at much lower "cost" makes perfect sense.
>
> True. less and / or cost can both be a measure of complexity
> too. Parsimony comes to mind.
> ...
> Is it even possible for a Milter to change where Sendmail will send a
> message to? Can this be done with out altering the sender or
> recipient?
In the worst case scenario I would use "socket map".
Socket map protocol is supported by MIMEDefang.
=> MIMEdefang filtering script in perl can do it with little support via
sendmail.cf [e.g. with "LDAP routing" queries redirected to socket map]
> Generating a single directory could be entertaining. I don't know
> enough about LDAP to know if it is possible or not, but I think there
> are ways to present one structure while in actuality it is really
> proxied to another back end structure.
>
>> + it would hide scheduled and unscheduled maintenance]
>
> *nod*
>
>> + LDAP routing can be used with standard maps (hash/dbm) instead of
>> LDAP queries
>
> Very true.
I felt obliged to mention it because many newcomers do not dare to think
about "LDAP routing" without LDAP :-)
>> * using sequence map to "chain together" two LDAP queries
>
> I'd query the directory with the most users first and then falling
> back to the directory with fewer users.
--
[pl>en Andrew] Andrzej Adam Filip : an...@onet.eu : Andrze...@gmail.com
"An entire fraternity of strapping Wall-Street-bound youth. Hell - this
is going to be a blood bath!"
-- Post Bros. Comics
D. Stussy
news:gudlmf$cfl$1...@tncsrv01.tnetconsulting.net...
> On 5/12/2009 11:10 PM, OZ wrote:
> > (Non Delivery Receipt). Is there a way to set up Sendmail (I have
> > some Linux experience) or another SMTP server as our main SMTP/MX to
> > query the two systems' SMTP (or LDAP, etc.) and route email to the
> > appropriate SMTP (either Exch or GW)?
>
> I believe "LDAP Routing" with Sendmail will do exactly what you are
> wanting to do.
1) I concur with LDAP.
2) Did you see the "ExtendedErrorDrop" proposal, which would address your
backscatter issue.
3) Unless you're wanting to change to sendmail, I note that what you're
using now on both servers isn't sendmail, so your original question may be
off-topic here and perhaps better asked on "comp.mail.misc."
Grant Taylor
> In the worst case scenario I would use "socket map".
Ok. Does that mean that the milter protocol does not have this ability?
(I'm trying to find out for my personal education.)
> Socket map protocol is supported by MIMEDefang.
Good to know.
> => MIMEdefang filtering script in perl can do it with little support
> via sendmail.cf [e.g. with "LDAP routing" queries redirected to
> socket map]
Interesting.
> I felt obliged to mention it because many newcomers do not dare to
> think about "LDAP routing" without LDAP :-)
Very true.
Grant. . . .
Andrzej Adam Filip
> On 5/13/2009 4:51 PM, Andrzej Adam Filip wrote:
>> In the worst case scenario I would use "socket map".
>
> Ok. Does that mean that the milter protocol does not have this
> ability? (I'm trying to find out for my personal education.)
AFAIR no but I am not milter wizard.
[Milter can remove and add recipients so it can rename/rewrite recipients
but custom routing of unrewritten recipient is another story.]
One simple fix would be to extend milter protocol to allow setting
milter some macros in sendmail.cf *BUT* milter is no longer "sendmail
only" thing (remember postfix) so choosing "very sendmail centric"
extensions is no longer "good idea" IMHO.
>> Socket map protocol is supported by MIMEDefang.
>
> Good to know.
>
>> => MIMEdefang filtering script in perl can do it with little support
>> via sendmail.cf [e.g. with "LDAP routing" queries redirected to
>> socket map]
>
> Interesting.
>
>> I felt obliged to mention it because many newcomers do not dare to
>> think about "LDAP routing" without LDAP :-)
>
> Very true.
--
[pl>en Andrew] Andrzej Adam Filip : an...@onet.eu : Andrze...@gmail.com
Open-Sendmail: http://open-sendmail.sourceforge.net/
Wishing without work is like fishing without bait.
-- Frank Tyger
ska
> the two systems' SMTP (or LDAP, etc.) and route email to the
> appropriate SMTP (either Exch or GW)? I would even consider creating
> static SMTP routing tables with email addresses if that's possible.
Well, others already suggested to use sendmail to masquerade sub-
domains per backend server, which is the clean solution, IMO too.
For some very wide spread organisation I did something like this:
LOCAL_RULE_0
R$+ < @ $+ > $*[TAB]$: < $(access REROUTE:$1@$2 $: $) > <$1> <$2> <$3>
[TAB]Check if to reroute address to different host; default to <>
R<$+> <$+> <$+> <$*>[TAB]$#esmtp $@ $1 $: $2<@$3>$4[TAB]Reroute to
different host
R<> <$+> <$+> <$*>[TAB]$1 <@$2> $3[TAB]Restore old line for system
rules
The /etc/mail/access need to contains entries like:
# Attention: trailing dot in LHS
REROUTE:«addr».[TAB]«SMTP-host»
This technique is hinted in README.cf sec. "TWEAKING RULESETS"
LOCAL_RULE_0
R$+ <@ host.dom.ain.> $#uucp $@ cnmat $: $1 < @ host.dom.ain.>
ska
> OZ wrote:
> > the two systems' SMTP (or LDAP, etc.) and route email to the
> > appropriate SMTP (either Exch or GW)? I would even consider creating
> > static SMTP routing tables with email addresses if that's possible.
>
> Well, others already suggested to use sendmail to masquerade sub-
> domains per backend server, which is the clean solution, IMO too.
>
> For some very wide spread organisation I did something like this:
>
> LOCAL_RULE_0
> R$+ < @ $+ > $*[TAB]$: < $(access REROUTE:$1@$2 $: $) > <$1> <$2> <$3>
> [TAB]Check if to reroute address to different host; default to <>
> R<$+> <$+> <$+> <$*>[TAB]$#esmtp $@ $1 $: $2<@$3>$4[TAB]Reroute to
> different host
> R<> <$+> <$+> <$*>[TAB]$1 <@$2> $3[TAB]Restore old line for system
> rules
>
> The /etc/mail/access need to contains entries like:
>
> # Attention: trailing dot in LHS
> REROUTE:«addr».[TAB]«SMTP-host»
Forgot to mention: you have to populate /etc/mail/access (or any other
map you want to use) with the address -> destination pairs of all but
one server and you can use (this) one server as "fallback" server
configured via mailertable.
In order to avoid backscatter you should add all and any addresses
into the map and reject all other addresses.
ska
Hef
> "OZ" <workb...@gmail.com> wrote in message
Thank you all for your ideas. You've given me great things to look at.
I have no experience with Sendmail so it's time to build a server and
test! :)
I will also post this in comp.mail.misc. I figured this was a place to
start since part of my question was if Sendmail could perform this
task.
Thanks again,
OZ