Sharing a domain with Exchange

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Sharing a domain with Exchange

John Anderson

Greetings,


My first post to a mailing list, I am sure this is a simple thing that I am overlooking, but even a two week old case with RHEL and I am not hitting on the answer. Please help if you can/want.


Situation:

Single postfix server and an exchange 2013 server. The company is wanting to keep the same domain across both systems. I am using ldap lookups for virtual domains, this is working great. Internet bound email is also working great. I attempted using an ldap transport lookup keying off a group (the idea is a user not in the group relay to the exchange FE for internal routing). Output of telnet gives me:

Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 nmnpfx01.chickasaw.com ESMTP Postfix
helo localhost
250 nmnpfx01.chickasaw.com
mail from:<[hidden email]>
250 2.1.0 Ok
rcpt to:<[hidden email]>
450 4.1.1 <[hidden email]>: Recipient address rejected: User unknown in virtual mailbox table
quit

### postconf -n ###
[johnanderson@nmnpfx01 ~]$ postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
fallback_transport = smtp:[relay.chickasaw.com]:25
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
local_recipient_maps =
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
myhostname = nmnpfx01.chickasaw.com
mynetworks = all
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
relay_domains = chickasaw.com
relayhost = [relay.chickasaw.com]
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
soft_bounce = yes
transport_maps = ldap:/etc/postfix/ldap_transport.cf
unknown_local_recipient_reject_code = 550
virtual_gid_maps = static:1001
virtual_mailbox_base = /home/vmail/
virtual_mailbox_domains = chickasaw.com
virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf
virtual_uid_maps = static:1001

### ldap-users.cf ###
## LDAP LOOKUP FILE
## CREATED 4-10-2017
...omitted
result_format = %d/%u/Maildir/
...omitted
###

### ldap_transport ###
## LDAP Remote Exchange LOOKUP FILE
## CREATED 4-10-2017
...omitted
result_format =%s relay:[relay.chickasaw.com]:25
...omitted

###
postmap here works if the user is NOT a member of the above group.
[hidden email] relay:[relay.chickasaw.com]:25




What we want is for co-existence with exchange, i just dont know what i am missing. I have searched for similar situations and havent found one that had enough detail to help me see what I am missing. Any pointers, tips, or help will be greatly appreciated! 

 


Thanks in advance!



John Anderson, Security and Server Engineer
Chickasaw Nation Industries 

Direct (405) 253-8253 [hidden email]

Connect with us: 
www.chickasaw.com | Facebook | LinkedIn
 
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager immediately. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Chickasaw Nation Industries, Inc. and any of its subsidiaries. Recipient should check this email and any attachments for the presence of viruses. Chickasaw Nation Industries, Inc. and its subsidiaries accept no liability for any damage caused by any virus transmitted by this email.
Reply | Threaded
Open this post in threaded view
|

Re: Sharing a domain with Exchange

Viktor Dukhovni

> On May 5, 2017, at 5:21 PM, John Anderson <[hidden email]> wrote:
>
> My first post to a mailing list, I am sure this is a simple thing that I am overlooking, but even a two week old case with RHEL and I am not hitting on the answer. Please help if you can/want.
>
> Situation:
> Single postfix server and an exchange 2013 server. The company is wanting to keep the same domain across both systems. I am using ldap lookups for virtual domains, this is working great. Internet bound email is also working great. I attempted using an ldap transport lookup keying off a group (the idea is a user not in the group relay to the exchange FE for internal routing).

The only sane way to share a single virtual domain across two mail stores is
to use virtual_alias_maps to rewrite envelope recipient addresses from the
share domain to two distinct domains one per mail store.

Ideally both mail stores support internal names for each recipient:

        # External form         Internal Form
        [hidden email] [hidden email]
        [hidden email] [hidden email]

Each of the mail stores would recognize the internal address
form as a valid address for the user whose "public" address
lies in the shared domain namespace.

Exchange supports this easily via multi-valued proxyAddresses:

        ; A mailbox-enabled user
        mail: [hidden email]
        proxyAddresses: smtp:[hidden email]
        proxyAddresses: smtp:[hidden email]
        mailRoutingAddress: [hidden email]

        ; A non-mailbox-enabled user
        mail: [hidden email]
        proxyAddresses: smtp:[hidden email]
        proxyAddresses: smtp:[hidden email]
        mailRoutingAddress: [hidden email]
        targetAddress: smtp:[hidden email]

The "mailRoutingAddress" attribute may need to be added
to the Active Directory schema.  You can use any name that
works for you, but the idea is that Postfix will query LDAP
for "proxyAddresses -> mailRoutingAddress" mappings as its
LDAP-based virtual alias table.

You make the primary domain of Exchange be "store1.example.com"
(for which it is then fully authoritative).  The users whose
mail is not stored in Exchange get contact objects that route
to "[hidden email]".

Your Postfix transport table is then trivial, all the magic is
in the virtual alias table.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: Sharing a domain with Exchange

John Anderson
Viktor,

Thanks so much! I will digest and rework! Thanks again!!

Sent from my iPhone

> On May 5, 2017, at 7:23 PM, Viktor Dukhovni <[hidden email]> wrote:
>
>
>> On May 5, 2017, at 5:21 PM, John Anderson <[hidden email]> wrote:
>>
>> My first post to a mailing list, I am sure this is a simple thing that I am overlooking, but even a two week old case with RHEL and I am not hitting on the answer. Please help if you can/want.
>>
>> Situation:
>> Single postfix server and an exchange 2013 server. The company is wanting to keep the same domain across both systems. I am using ldap lookups for virtual domains, this is working great. Internet bound email is also working great. I attempted using an ldap transport lookup keying off a group (the idea is a user not in the group relay to the exchange FE for internal routing).
>
> The only sane way to share a single virtual domain across two mail stores is
> to use virtual_alias_maps to rewrite envelope recipient addresses from the
> share domain to two distinct domains one per mail store.
>
> Ideally both mail stores support internal names for each recipient:
>
>    # External form         Internal Form
>    [hidden email]    [hidden email]
>    [hidden email]    [hidden email]
>
> Each of the mail stores would recognize the internal address
> form as a valid address for the user whose "public" address
> lies in the shared domain namespace.
>
> Exchange supports this easily via multi-valued proxyAddresses:
>
>    ; A mailbox-enabled user
>    mail: [hidden email]
>    proxyAddresses: smtp:[hidden email]
>    proxyAddresses: smtp:[hidden email]
>    mailRoutingAddress: [hidden email]
>
>    ; A non-mailbox-enabled user
>    mail: [hidden email]
>    proxyAddresses: smtp:[hidden email]
>    proxyAddresses: smtp:[hidden email]
>    mailRoutingAddress: [hidden email]
>    targetAddress: smtp:[hidden email]
>
> The "mailRoutingAddress" attribute may need to be added
> to the Active Directory schema.  You can use any name that
> works for you, but the idea is that Postfix will query LDAP
> for "proxyAddresses -> mailRoutingAddress" mappings as its
> LDAP-based virtual alias table.
>
> You make the primary domain of Exchange be "store1.example.com"
> (for which it is then fully authoritative).  The users whose
> mail is not stored in Exchange get contact objects that route
> to "[hidden email]".
>
> Your Postfix transport table is then trivial, all the magic is
> in the virtual alias table.
>
> --
>    Viktor.
>
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager immediately. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Chickasaw Nation Industries, Inc. and any of its subsidiaries. Recipient should check this email and any attachments for the presence of viruses. Chickasaw Nation Industries, Inc. and its subsidiaries accept no liability for any damage caused by any virus transmitted by this email.