Using a mail gateway

[Sneeper]

We have a mail gateway (let's call it hermes) that runs spam virus scanning software. It also runs mailman for mailing lists and has some local mailboxes (it is using sendmail and procmail). However, we want the majority of users to use our scalix server (let's call it Iris).

So we have one toplevel domain (call it foobar.org) which we want all users and mailing lists using for email addresses. E.g. support@foobar.org, andy@foobar.org, etc. The MX record for foobar.org points to the gateway, which takes the mail, scans it, and then it either delivers it or forwards it on via the aliases file (e.g. andy:andy@iris.foobar.org).

So here is my problem:
on the scalix side, if I tell it that it is 'iris.foobar.org' , then all the users show up in the directory as @iris.foobar.org. This isn't ideal since we want their emails to reflect @foobar.org. However, if we tell Scalix that all the users are @foobar.org, then it doesn't seem to forward the messages that aren't destinated for it through the gateway (like those mailing lists and users that live on the mail gateway).

Here is my question:
Is there some way that scalix defaults so all users are @foobar.org for their email address, yet still sends any messages that aren't local scalix users through the mail gateway (hermes) for processing?

Any help would be appreciate it. Let me know if that didn't make any sense. :)

--Sneeper

[ScalixSupport]

The trick is to have sendmail configured properly.

Scalix doesn't "own" a domain. If there is a match in the SYSTEM directory, it will accept the message otherwise it will pass the message on to sendmail. This is a logical description rather than the actual process but it serves the purpose.

Once the message is picked up by sendmail, the standard sendmail configuration comes into place.

What would normally happen is that a DNS lookup will take place on the domain. If it's the same domain as for the Scalix addresses, chances are that sendmail will detect a routing loop and complain.

What you could do is to create a mailertable entry in /etc/mail/mailertable which looks like this:

Code: Select all

domain.com<TAB>esmtp:[other.server.com]

where <TAB> is an actual Tab character.

This tells sendmail that if a message is addressed to someone@domain.com, it should use the ESMTP mailer to send it to other.server.com. The [ ] characters prevent any kind of MX lookup taking place on domain.com. This makes sure that the message will be delivered to that server.

The warning here is that other.server.com should be the final destination of domain.com messages otherwise there may be a routing loop at this point.

To rebuild the mailertable index, run the commands:

Code: Select all

cd /etc/mail
make mailertable.db

You will then need to restart sendmail for the change to be picked up:

Code: Select all

/etc/init.d/sendmail restart

Cheers

Dave

[Sneeper]

Thanks for the reply. I could not get this to work.

I made the change to the mailertable and remade mailsertable.db.
foobar.org esmtp:[mail.foobar.org]

where mail.foorbar.org is our mailgateway.
make mailertable.db

this worked without error. I checked to make sure the sendmail.cf does have that feature turned on and it does. I restarted sendmail.

I then went into the SAC, clicked on Settings, clicked on my mail node, and changed the default domain from iris.foobar.org to foobar.org. I then went the users and changed their internet address from @iris.foobar.org to @foobar.org.

under this condition, sending OUT mail seemed to work.. i could send email to blah@foobar.org where blah was a user only on the mailgate. However, I could no longer recieve messages. Emails messages to andy@foobar.org got forwarded to andy@iris.foobar.org but Scalix would not deliver it to the andy user.. maybe because the andy user's email address was andy@foobar.org and not andy@iris.foobar.org? Under this scenario, do all users need to have an internet address of user@foobar.org AND an alias of user@iris.foobar.org?

Because I could no longer get mail I tried to undo all my changes.. changing the user email address back to @iris.foobar.org proved problematic.. SAC had changed that field into a pulldown box and I could no longer edit it, even though I could change the default domain back to iris.foobar.org . I had to use ommodu to change it back. Also, another oddity -- when I had changed the default domain to foobar.org , when I created new users, they still defauled to iris.foobar.org. Is there some other setting I was missing?

Again, thanks for the response.. I'm not sure what I'm doing wrong in this scenario. Your help is much appreciated.

--Andy

[ScalixSupport]

Hi Andy,

Under this scenario, do all users need to have an internet address of user@foobar.org AND an alias of user@iris.foobar.org?

Yes.

I'm not sure what version you're on. If you are now on 10 you can change your dropdown list through the SAC but the easiest way is to edit

/etc/opt/scalix/caa/scalix.res/config/ubermanager.properties

and change this line to

ubermanager.console.localDomains=foobar.com,iris.foobar.com

The first value will be the reply address then when you add another email address for a user you'll have the second address in the drop down box.

Regards,
Don

[Sneeper]

Thanks for the response.

So I'm a little furher along. I can now receive email. But a few things:

Even changing the /etc/opt/scalix/caa/scalix.res/config/ubermanager.properties like you said, in the SAC the pulldown menu for "Add Address" only has foobar.org, it does not have the iris.foobar.org as an option. I tried restarting Scalix but that did not help. I'm using Scalix 10 if that helps.

I was able to add an alias manually using ommodu:

Code: Select all

ommodu andy -a "andy-iris/IA=andy@iris.foobar.org"
basic [root@iris config]$ omshowu andy
Authentication ID: andy
User Name : Andy Moran /CN=Andy Moran
MailNode : iris,wildbrain
Internet Address : "Andy Moran" <andy@foobar.org>
System Login : andy
Password : unset
Admin Capabilities : NO
Mailbox Admin Capabilities : NO
Language : C
Virtual Vault : Enabled (default)
Aliases :
        andy-iris /CN=andy-iris/INTERNET-ADDR=andy@iris.foobar.org
Mail Account: Unlocked
Last Signon : 02.17.06 11:56:08
Receipt of mail : ENABLED
Service level : 0
Excluded from Tidying : NO
User Class : Limited


However, this means this alias shows up on the System Directory when people look in their address books. The entire point of thi sis that users should just use the @foobar.org and not have to see the @iris.foobar.org anywhere. Am I going about this the wrong way?

Another confusing thing is the SAC's "Add Email Addresses" line doesn't seem to add aliases, but instead changes the "Internet Address" field in omshowu. Maybe this is what I need to be using instead of aliases, but I can't seem to use it as the pulldown box only lets me select the foobar.org domain (as mentioned above), and not the iris.foobar.org domain.

Thanks for your continuing help into this issue.

[florian]

Hm.

The SAC thing works for me, the line in your ubermanager.properties should read:

Code: Select all

ubermanager.console.localDomains=scalix.com,scalix.de

Do not forget to restart Tomcat after the change. On RedHat, you can do this by typing

Code: Select all

service scalix-tomcat restart

If you want to add multiple Internet Addresses, you should in fact use multiple values for the directory attribute IA. The command to do that looks like this:

Code: Select all

ommodu -n "George Bush" -m 'IA="George Bush" <george.bush@whitehouse.gov>=w@whitehouse.gov'

The first IA value will be the one that is used for sending email, hence the Friendly name part added to it. Note that this wil overwrite all existing addresses for the user, therefore when adding you'll need to respecify ALL addresses again.

The alias feature is rarely used - it provides a full alias - as you say, including a secondary first and given name pair in the address book. We mostly use it for people changing their name after marriage so that they can still be available under their old name. However, the same effect can be achieved by creating a Distribution List under the name with just one member, therefore the use of the Alias feature is deprecated (see the man page) and not available through Scalix Admin Console.

Hope this helps,
Florian.

[Sneeper]

Thanks Florian.

Using multiple values for the directory attribute IA worked great. And I got the ubermanager properties thing to work this time. Not sure what happened last time, but this time it sticks and I can pick both the foobar.org and the iris.foobar.org address when adding addresses.

Thanks for all your help guys! :D