Another, maybe simpler, way to do it would be using LDAP mail routing. I've no idea if postfix can do this. That way, all the information needed for mail delivery is centralized in one place, and you don't need to keep information on what email addresses exist and what mailboxes they correspond to on both internal and external server.
postfix can do ldap, mysql and pgsql. I, for one, install postfix 2.2 over RHEL's postfix package and disable all updates for postfix.
Basically, you'd use LDAP to store information where the hack user's mailbox is. You would set mailHost attribute to point to your internal email server. You would not set mailRoutingAddress attribute. This would cause your external mail server to forward all email for existing email addresses to internal host. Your internal host will figure out that mailHost points to itself, and deliver email to the mailbox. So you don't need to rewrite email addresses like when using virtusertables. There's a lot of options when configuring LDAP routing, so if you go that way, best is to first read and fully understand documentation. Or you'll get unexpected results and will be generally dissapointed.
postfix is a bit more involved. You have to use the right maps...like the mx postfix should use relay_domains and relay_recipient_maps if there is no address rewriting and the mail store postfix needs to use virtual_mailbox_domains and virtual_mailbox_maps (or maybe not needed...since the mx postfix should have ensured the recipient exists) if you are interested in ditching sendmail.
Now, the remaining problem is, what to do for people who want to access their email from outside. You probably don't want to allow direct POP3/IMAP connections from outside to your internal mail server. You may consider here several options. Webmail would be very nice approach in many cases. If you have lots of roaming laptop users that insist on using their favorite email client from home or when on road, you might consider setting VPN for them. It kind of adds to the complexity. Especially if you don't need VPN for other stuff. On the other hand, if you already have VPN, than you have the solution for accessing email from outside, right? Another solution might be setting IMAP proxy in the DMZ. But it is almost as allowing direct connections from the outside. So I'd leave it as last resort.
Hence my question why did he want to move his emails which would have been followed by questions about whether he needs to grant access from outside to the mail store or not.
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
