Single domain with multiple postfix servers
in [Postfix]
|
From: Andrew Nady on 25 Jan 2010 23:54 Hi all, Is it possible to provide email service with postfix for a single domain that spans on multiple mailservers? At location A I have 300 users and at location B 400 users. (Total 700 users) These locations are geographically in different countries. The users are AD based and each location has a postfix mail-gateway that performs an ldap query. How could I deliver email or probe location A or B for existence of user_foo(a)domain.com? Thanks, -- Andrew Nady
From: Victor Duchovni on 26 Jan 2010 00:06 On Mon, Jan 25, 2010 at 11:54:37PM -0500, Andrew Nady wrote: > Is it possible to provide email service with postfix for a single > domain that spans on multiple mailservers? Yes. If you choose a single Internet-facing domain for geographically diverse organization, you must arrange for internal forwarding of email to the right destination. A user's public email address is then different from the internal mailbox address, and your internal mail systems forward mail as necessary from one internal cluster of mail servers to another, possibly on a different continent. > At location A I have 300 users and at location B 400 users. (Total > 700 users) > These locations are geographically in different countries. > The users are AD based and each location has a postfix mail-gateway that performs an ldap query. > How could I deliver email or probe location A or B for existence > of user_foo(a)domain.com? You implement the external domain as a virtual alias domain, and rewrite recipient addresses to underlying mailbox domains that are only known internally. userA(a)example.com userA(a)A.example.com userB(a)example.com userB(a)B.example.com The mail servers at sites "A" and "B" must recognize both "userA(a)example.com" and "userA(a)A.example.com" as being address of the same user. Each site delivers its own users locally, but forwards mail to the remote site (perhaps via secure-channel TLS, or a VPN, ...) when the recipient's mailbox domain is remote. Mail user agents, directory services, ... are configured to only work with "example.com" and are unaware of what the mail servers are doing behind the scenes. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the "Reply-To" header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: <mailto:majordomo(a)postfix.org?body=unsubscribe%20postfix-users> If my response solves your problem, the best way to thank me is to not send an "it worked, thanks" follow-up. If you must respond, please put "It worked, thanks" in the "Subject" so I can delete these quickly.
From: Andrew Nady on 26 Jan 2010 12:44 Thanks for the info, let me give you a more detailed scenario. The mailgateways (postfix ldap) on both sides do OU based verification against MS AD, so the serveron Canada side will query the ou=Canada,dc=domain,dc=local and the server on the US side will query to ou=States,dc=domain,dc=local These two server work well on each side. I was thinking that if there could be one server that sits in a colo location that in some ways could test for existence of an email account on gw-canada.domain.com and also gw-states.domain.com On January 26, 2010 00:06:57 Victor Duchovni wrote: > On Mon, Jan 25, 2010 at 11:54:37PM -0500, Andrew Nady wrote: > > > Is it possible to provide email service with postfix for a single > > domain that spans on multiple mailservers? > > Yes. If you choose a single Internet-facing domain for geographically > diverse organization, you must arrange for internal forwarding of email > to the right destination. A user's public email address is then different > from the internal mailbox address, and your internal mail systems forward > mail as necessary from one internal cluster of mail servers to another, > possibly on a different continent. > > > At location A I have 300 users and at location B 400 users. (Total > > 700 users) > These locations are geographically in different countries. > > The users are AD based and each location has a postfix mail-gateway that performs an ldap query. > > How could I deliver email or probe location A or B for existence > > of user_foo(a)domain.com? > > You implement the external domain as a virtual alias domain, and rewrite > recipient addresses to underlying mailbox domains that are only known > internally. > > userA(a)example.com userA(a)A.example.com > userB(a)example.com userB(a)B.example.com > > The mail servers at sites "A" and "B" must recognize both "userA(a)example.com" > and "userA(a)A.example.com" as being address of the same user. Each site > delivers its own users locally, but forwards mail to the remote site > (perhaps via secure-channel TLS, or a VPN, ...) when the recipient's mailbox > domain is remote. > > Mail user agents, directory services, ... are configured to only work > with "example.com" and are unaware of what the mail servers are doing > behind the scenes. > -- Andrew Nady. Primary Support Systems Canada Inc. 820 Flint road, North York, ON M3J 2J5 p: 416-736-4888 f: 416-736-4890
From: Victor Duchovni on 26 Jan 2010 13:53 On Tue, Jan 26, 2010 at 12:44:07PM -0500, Andrew Nady wrote: > Thanks for the info, let me give you a more detailed scenario. > > The mailgateways (postfix ldap) on both sides do OU based verification against MS AD, > so the serveron Canada side will query the ou=Canada,dc=domain,dc=local > and the server on the US side will query to ou=States,dc=domain,dc=local > These two server work well on each side. > I was thinking that if there could be one server that sits in a colo location that in some ways > could test for existence of an email account on gw-canada.domain.com and also gw-states.domain.com http://www.postfix.org/VIRTUAL_README.html http://www.postfix.org/ADDRESS_REWRITING_README.html http://www.postfix.org/LDAP_README.html http://www.postfix.org/ldap_table.5.html http://www.postfix.org/transport.5.html -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the "Reply-To" header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: <mailto:majordomo(a)postfix.org?body=unsubscribe%20postfix-users> If my response solves your problem, the best way to thank me is to not send an "it worked, thanks" follow-up. If you must respond, please put "It worked, thanks" in the "Subject" so I can delete these quickly.
|
Pages: 1 Prev: Cost based routing Next: Does anyone know of a list of whitelisted domains? |