Scalix Forums

Hey help me plan this thing please.

We want to have some users to send emails over internet and the rest should not be able to send mails over internet there should be able to send mails only within domain.

These 2nd set of users should not be able to access there email accounts from outside the office, but the 1st set of users should be able to access it. And all the users should be able to contact each other.

How should I implement the Scalix server now.

What idea i had was to have 2 Scalix servers, One will be in network, so that the 2nd set of users shouldn't be able to send mails outside the local domain and can't even view their emails from outside the office. Other machine will be on internet connected with MX record of the website, so that 1st set of users can send/receive emails from internet as well as from server thats in network. Both machines will be in network and the internet machine will be NAT to internet through Router.

Anyone, any other Idea apart from this?

I have no idea how you will segregate users so they cannot access mail over the internet, unless you disable SWA completely for the user. Your idea is probably the best for that. You can also consider HTTP Basic Auth or similar if you wish.

However, you can edit the smtpd.cfg to block mail to certain users (so they don't get incoming mail) and use a Service Router rule to prevent them from sending mail out. Put them on a specific Service Level, disallow any sending from that SL except to predefined domains and attach it to the two internet routes on the server. Check the Admin Guide for more details on how to set this up.

Valerion wrote:I have no idea how you will segregate users so they cannot access mail over the internet, unless you disable SWA completely for the user. Your idea is probably the best for that. You can also consider HTTP Basic Auth or similar if you wish.

However, you can edit the smtpd.cfg to block mail to certain users (so they don't get incoming mail) and use a Service Router rule to prevent them from sending mail out. Put them on a specific Service Level, disallow any sending from that SL except to predefined domains and attach it to the two internet routes on the server. Check the Admin Guide for more details on how to set this up.

If i add anything to smtpd.cfg that becomes global rule so for all users its restricting. For e.g if i add disallow mails from yahoo domain then it will be activated for all users not for specific set of users.

I was referring to addresses on your server. E.g. you have an address valerion@domain.com that should not get incoming email. You can then block delivery to that address from anywhere in your smtpd.cfg.

okay got it. But still if I block SWA for some users then they can use IMAP or POP and i Can't block pop or IMAP because other users(internet users) will be accessing emails through outlook or thunderbird.

True yes. Scalix was unfortunately not designed for this kind of segregation. You may need to run two servers and have the firewall mediate access to the machine. That's about the only solution I can think of right now.

Now then i have to go back to the same old post now cuz currently i cannot send emails from one Scalix server to another scalix server. ( If you can please give me quick steps on howto configure might be I missed something.And does internal DNS play important role in it?

Internal DNS is very critical, this MUST be set up correctly.

Say you serve the following

Server A: domain1.com, IP = 1.1.1.1
Server B: domain2.com. IP = 2.2.2.2

ServerA would then need a mailertable entry that reads:



It will also need a local-host-names that contains
domain1.com

On Server B you will put the following:

local-host-names
domain2.com

mailertable

Okay thanks I will try it out and let you know.

Yo! its working now, im very happy. thanks alot valerion. i followed the above steps and everything worked there was no issues of dns (thank god).

one quick thing, If i remove the Gateway of ServerB then i can't send message to ServerA. I want ServerB to be active only in Domain and send message to ServerA which will be active in domain and over internet. So to accomplish this I have to remove the gateway from ServerB or is there any other way?.

I am not sure I understand you correctly. You want all emails going out from Server B to go to the internet via Server A? If so, you need to configure Server B to use Server A as a smarthost (search for that here). Server B then doesn't need an internet connection, though it must still be able to look up DNS, as it uses that to detemine many things. If you have an internal DNS server that will resolve internet addresses you can simply use that.