1 Topic by Peter2121

  • Peter2121
  • Member
  • Offline
  • Registered: 2015-12-02
  • Posts: 46

Topic: Split domain?

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.4
- Linux/BSD distribution name and version: Debian 8
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): NGINX
- Manage mail accounts with iRedAdmin-Pro? NO
- Related log if you're reporting an issue:
====

I'm trying to implement a config that permits to split my email server in two parts.
I want to store all mailboxes on one server but some mailboxes on another server. All mailboxes are from the same domain.
I have no problems to configure mtaTransport to redirect mails of some users to the second server from the first on (frontal). I can create all users on the second server and redirect the mails to the first one, using the same attribute mtaTransport.
My question is - can I use any postfix map file on the second server to redirect the mails to the first one without creating all users on the second server? So, globally I want to use a catch-all approach, but do not send catch-all mails to an external address, just redirect them to another mail server of the same domain, using SMTP.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,793

Re: Split domain?

You MAY need to create a new Postfix LDAP query BEFORE Postfix performs catch-all query, this way you can handle the redirection.

NOTE: i didn't test it yet, so it may not actually work, or need some more tweaks.

3 Reply by Peter2121

  • Peter2121
  • Member
  • Offline
  • Registered: 2015-12-02
  • Posts: 46

Re: Split domain?

ZhangHuangbin wrote:

You MAY need to create a new Postfix LDAP query BEFORE Postfix performs catch-all query, this way you can handle the redirection.

NOTE: i didn't test it yet, so it may not actually work, or need some more tweaks.

That's what I tried wink
Could not find a way to activate a correct transport though...

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,793

Re: Split domain?

Check /etc/postfix/ldap/transport_maps_user.cf as reference.

5 Reply by Peter2121

  • Peter2121
  • Member
  • Offline
  • Registered: 2015-12-02
  • Posts: 46

Re: Split domain?

Finally, I share my solution.

The main problem of split-domain install is that Postfix refuses all mails for a local domain if the destination e-mail address is not in his virtual mailbox table: 

User unknown in virtual mailbox table

So, to get my mails accepted by the second server's postfix, I configured virtual_address_maps.cf on the second server to request the LDAP of the main server (fortunately, the two servers are able to communicate directly). I changed the 

result_attribute = mailForwardingAddress

to 

result_attribute = mail

in this file, so when the second postfix searches for an alias in the first LDAP - it gets just the same address as the initial destination.

Finally, to redirect the mails correctly to the first server, I configured LDAP attribute of local users on second server as

mtaTransport=dovecot

and the same attribute of the domain record on second server as

mtaTransport=smtp:[mailhost1.domain.local]:25

where mailhost1.domain.local is the address of the main server.

So, when the second postfix receives a mail for a mailbox on the first server - it validates the destination as an alias, using the first server's LDAP, then sends it to the first server, using domain transport map.

On the first server I just need to create a mailbox and configure the LDAP attribute of this mailbox:

mtaTransport=smtp:[mailhost2.domain.local]:25

where mailhost2.domain.local is the address of the second server.

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,793

Re: Split domain?

*) Could you please show your modifications with more details? what files did you modify?
*) Do you have same mail accounts on both servers (with different "mtaTransport")?

7 Reply by Peter2121

  • Peter2121
  • Member
  • Offline
  • Registered: 2015-12-02
  • Posts: 46

Re: Split domain?

ZhangHuangbin wrote:

*) Could you please show your modifications with more details? what files did you modify?

The only file modified is virtual_address_maps.cf on the second server.
I modified:
*) result_attribute = mailForwardingAddress
to
result_attribute = mail
*) destination LDAP server (and bind parameters) to the LDAP server of the first (principal) iRedMail server.

ZhangHuangbin wrote:

*) Do you have same mail accounts on both servers (with different "mtaTransport")?

No, all accounts are present on the first server only, with different "mtaTransport": blank for local accounts (so, the domain-level transport "dovecot" is used) and "smtp:[mailhost2.domain.local]:25" for remote accounts. On the second server only local accounts are created, with "dovecot" as "mtaTransport". Contrariwise, the domain "mtaTransport" is set to "smtp:[mailhost1.domain.local]:25" on the second server, to send all mails to the first server by default.

8 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,793

Re: Split domain?

With all mail accounts on first server, you don't need to modify any postfix config file. Just set the per-user transport to 'smtp:[mailhost2.domain.local]:25' for the users on second server.

9 Reply by Peter2121

  • Peter2121
  • Member
  • Offline
  • Registered: 2015-12-02
  • Posts: 46

Re: Split domain?

ZhangHuangbin wrote:

With all mail accounts on first server, you don't need to modify any postfix config file. Just set the per-user transport to 'smtp:[mailhost2.domain.local]:25' for the users on second server.

Peter2121 wrote:

The main problem of split-domain install is that Postfix refuses all mails for a local domain if the destination e-mail address is not in his virtual mailbox table

So the users of the second mail server cannot send mails to users of the first mail server wink

10 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,793

Re: Split domain?

Seems i misunderstood. sorry.

If you're running OpenLDAP with replication (either one-way replication or master-master), you can try this without modifying any iRedMail config file:

*) on both servers, make sure Dovecot has lmtp service running, and listen on necessary network interfaces. Default network port is 24. iRedMail configures Dovecot to listen lmtp service on address '127.0.0.1', you may need to change this.
*) With openldap replication enabled: change per-user transport for users should be hosted on first server to 'lmtp:[first_server_ip_or_hostname]:24'. Change per-user transport for users should be hosted on first server to 'lmtp:[second_server_ip_or_hostname]:24'.

This way all emails should be delivered to correct destination server.

11 Reply by Peter2121

  • Peter2121
  • Member
  • Offline
  • Registered: 2015-12-02
  • Posts: 46

Re: Split domain?

ZhangHuangbin wrote:

Seems i misunderstood. sorry.

If you're running OpenLDAP with replication (either one-way replication or master-master), you can try this without modifying any iRedMail config file:

*) on both servers, make sure Dovecot has lmtp service running, and listen on necessary network interfaces. Default network port is 24. iRedMail configures Dovecot to listen lmtp service on address '127.0.0.1', you may need to change this.
*) With openldap replication enabled: change per-user transport for users should be hosted on first server to 'lmtp:[first_server_ip_or_hostname]:24'. Change per-user transport for users should be hosted on first server to 'lmtp:[second_server_ip_or_hostname]:24'.

This way all emails should be delivered to correct destination server.

Thank you, it's really interesting approach. I did not think about lmtp. Anyway, it is impossible for me to use this method.
In my case, I have no replication between the LDAP servers as the passwords of users of second server must be separated from the first server. It was the aim of the operation - manage some accounts separately from the main server.