LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 06-16-2007, 01:51 AM   #1
Wolfy
Member
 
Registered: Jun 2004
Location: WA
Distribution: Slackware 11 Kernel 2.6.20.7-SMP
Posts: 144

Rep: Reputation: 15
Sendmail to relay domain specific mail to internal MS Exchange 2003???


Live long and Prosper :-)

I could use a little help with this if anybody has any ideas?
Here is the paticulars.
Dynamic IP from ISP.
Two seperate domains being pointed at same IP (via Dynamic DNS).
Router opened ports for 110, 25, and 143 pointing to internal
Slackware 11 sendmail-8.13 server (10.x.x.3) which is myfirst.domain.com.
Sendmail configured to send outgoing mail via SmartHost to authenticate to ISP mail server for delivery (check,working).

Now It's getting confusing.

Second server at (10.x.x.1) running MS Win 2003 and Exchange 2003 is mysecond.domain.net.
Both Servers have two network cards and all clients reside behind them on network (192.x.x.x) FYI just in case.
Currently I have Sendmail able to send out mail for Exchange 2003 via /etc/mail/access with the entry of its IP "10.x.x.1 RELAY" and the router's internal IP "10.x.x.x OK".

The problem is I can't seem to get incoming mail for mysecond.domain.net to reach the Exchange server.
**EDIT**
I can receive mail for myfirst.domain.com no problem.
**END**
I've tried to add an entry in mailertable "mysecond.domain.net ESMTP:[10.x.x.1]" (no luck, AUTH=client error)
I've tried to add an entry in access "mysecond.domain.net RELAY" (no luck, loops)
I've tried to create a relay-domains file and add "mysecond.domain.net" (no luck, relaying denied)
As for access and mailertable I recreated the .db file each time and restarted sendmail. I did not however create a .db file for the relay-domains file, I did not find any docs to suggest I needed to. I did not add the feature for relay-domains to the sendmail.mc file, I don't know if that's required to use that function or not?

Firewall on the Slackware box is also open for ports 110, 25, & 143. Also inetd.conf has been edited to allow pop3 and imap and restarted.

ISA 2004 Firewall on the Exchange box is also open and listening on the same ports as above.

If someone could at least get me started down the right path I'd appreciate it. I know I'm missing something maybe I'm thinking to hard.

Any suggestions would be helpful,
Thanks.
I can provide any excerpts from logs or files if needed.

Last edited by Wolfy; 06-16-2007 at 01:54 AM.
 
Old 06-17-2007, 02:06 PM   #2
MensaWater
Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 5,943
Blog Entries: 5

Rep: Reputation: 753Reputation: 753Reputation: 753Reputation: 753Reputation: 753Reputation: 753Reputation: 753
Just to be sure I'm reading it right:
1) All incoming mail comes to a single sendmail server
2) You want that single sendmail server to relay some domains to your Exchange server.

This sounds similar to what I did with "smarttables" though in that I was getting all the outbound mail on a single sendmail server and relaying out one domain through another sendmail server and another domain out through our Exchange server. Also my primary was an HP-UX rather than Linux server though the second sendmail server was Linux.

If my read above is right I think "smarttables" will work for you but just wanted to note the difference in what I had used it for.

Doing a Google search for smarttables should give you details on setting it up (I'd give you what I did but HP-UX Sendmail is a little customized so might lead you astray). You will need to update your sendmail.mc/sendmail.cf to use smarttables after creating the files.

I'm thinking if you are using the inbound as the local host for the addresses not sent to the Exchange you can probably just include only the domains you want going to Exchange in the smarttable (i.e I don't think you need to add the domains that you want to stay on the Sendmail server itself rather than being relayed.)
 
Old 06-17-2007, 02:49 PM   #3
Wolfy
Member
 
Registered: Jun 2004
Location: WA
Distribution: Slackware 11 Kernel 2.6.20.7-SMP
Posts: 144

Original Poster
Rep: Reputation: 15
Thanks for the reply and the suggestion,
Yes you have it correct.
All mail comes in and OUT of the sendmail server.
Only two domains, one stays on the sendmail server the other relays to Exchange server.
I'm trying to configure DNS right now to bypass sendmail entirely.
If that does not work I'll be checking into "smarttables".
Thanks again for your reply,
I appreciate the help.
 
Old 06-17-2007, 02:57 PM   #4
MensaWater
Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 5,943
Blog Entries: 5

Rep: Reputation: 753Reputation: 753Reputation: 753Reputation: 753Reputation: 753Reputation: 753Reputation: 753
To configure DNS you'd have to create separate MX records for each domain to go to different external IP addresses. That is what we do but if you only have one outside IP from ISP you won't be able to do that. The MX record in DNS is the one people request for your domain. Although you can have separate MX records having them both resolve to a single server means whatever answers port 25 (smtp) on that server (presumably sendmail) will answer it regardless of domain .

You'll have to go the smarttable route if you don't have two different external IPs to use for MX record for the two different domains.
 
Old 06-22-2007, 10:23 PM   #5
Wolfy
Member
 
Registered: Jun 2004
Location: WA
Distribution: Slackware 11 Kernel 2.6.20.7-SMP
Posts: 144

Original Poster
Rep: Reputation: 15
Solution for relaying second domain to Exchange via Sendmail & Bind.

Well I figured it out.
So I thought I'd share what I did to make it work.

First of all you'll need to have a few things compiled/installed to do this.
I'm also partial to Slackware but some of this will work on other Distro's.

Throughout this howto I'll be telling you how and where to make changes,
It's up to you to make backup copies of the originals before you modify them.

1.) Bind/DNS - technically a caching-only server will do.
( Personally I setup an authoritive one.)

2.) Sendmail with sasl support compiled in.
I won't go into the procedure, Siege X has done a great job of that. Here's the link:

http://www.linuxquestions.org/questi...=sendmail+sasl

3.) Dyndns account if you have a dynamic IP from your ISP.

optional) spamassassin and or clamav.

For the purpose of this mini-howto I'm going to assume you already have a working install of MS Windows server with Exchange.

This might seem quick and dirty, if you need more info let me know.
Okay lets get this show on the road.

add both domain names to /etc/mail/local-host-names
This is so Sendmail knows it's supposed to accept mail from these domains.
per my example above:
Code:
# local host names
#
myfirst.domain.com
mysecond.domain.net

Next you'll need to add some things to /etc/mail/access
#Local relaying
#
localhost               RELAY
127.0.0.1               RELAY

#Relay Exchange ( outbound )
#
10.x.x.1                RELAY

#Relay Exchange ( inbound )
#
To:mysecond.domain.net  RELAY
Remember to run makemap on all files you modify that have corresponding .db's.
( i.e.
Code:
makemap hash /etc/mail/access.db < /etc/mail/access
this will generate a new access.db for sendmail )
Also when you make changes to any .db files you'll need to restart sendmail,
Code:
/etc/rc.d/rc.sendmail restart
BUT, we have more to do so we'll save that for the end.

Next we are going to add some entry's to /etc/mail/virtusertable
Code:
# User addresses
#
user1@mysecond.domain.net             user1@mail.mysecond.domain.net
user2@mysecond.domain.net             user2@mail.mysecond.domain.net
You will need to add all users that plan on using the exchange server for mail.
"remake the .db"
for this to work you'll need to make sure sendmail has the virtusertable feature
which is default.
Code:
FEATURE(`virtusertable', `hash /etc/mail/virtusertable')dnl
Now we are done with our modifications to sendmail files.
I am assuming you added sasl support and made any other mods for using smart_host.

Let's finish up the Linux box with some mods to bind.

you will need to make zone files for each of your domains and tell bind about them.
Code:
;mysecond.domain.net
;
$TTL 259200
@    IN    SOA    mysecond.domain.net. hostmaster.mysecond.domain.net. (
          2007062201 ; serial, date plus ID#
          28800 ; Refresh
          7200 ; Retry
          604800 ; Expire
          86400) ; Minimum

      NS    ns1.myfirst.domain.com.
      MX    10 mail

mysecond.domain.net.com. A 10.x.x.1

mail A 10.x.x.1

mailer A 10.x.x.3

router A 10.x.x.0
this zone file is for the Exchange box, the mailer is the sendmail box.
of course use your own IP's.

You will need also a reverse lookup zone.
Code:
$TTL 259200
@     IN     SOA    myfirst.domain.com. hostmaster.myfirst.domain.com. (
            2007062201 ; serial, date plus ID#
            28800 ; Refresh
            7200 ; Retry
            604800 ; Expire
            86400) ; Minimum

       NS     ns1.myfirst.domain.com.

3       PTR    myfirst.domain.com.
1       PTR    mysecond.domain.net.
0       PTR    router.myfirst.domain.com.
naming of these files is up to you really, but here is some suggestions.

"mysecond-domain.zone"
"10-x-x.zone"

these file will go into the /var/named/caching-example directory if your using that setup
or you can put them in their own dir. if you wish just make sure you get right when you put it in /etc/named.conf
Code:
zone "x.x.10.in-addr.arpa" {
     type master;
     notify no;
     file "10-x-x.zone";
     allow-update { none; };
     allow-query { any; };
};

zone "mysecond.domain.net" {
     type master;
     notify no;
     file "mysecond-domain.zone";
     allow-update { none; };
     allow-query { any; };
};

include "/etc/rndc.key";
note that the first three sets on the IP are reversed for that zone.
( i.e. 123.456.78.xxx becomes 78.456.123.in-addr.arpa )

That's it.
Restart bind =
Code:
/etc/rc.d/rc.bind restart
Then restart sendmail =
Code:
/etc/rc.d/rc.sendmail restart
Let's move on to the Exchange box.

Go to your active directory users and computers.
Expand your local network and select users.
Then right click domain users and select properties.
Then select the members tab.
Double click on each user in turn and add under the E-mail addresses the new address of
Code:
user1@mail.mysecond.domain.net
finally go to your smtp virtual server
and add relay permission for the sendmail box, advanced dns options for the IP of the sendmail box, and authentication of TLS.

Your done!!!
Exchange now will send and receive through the sendmail box.

Final note:
If your running firewalls any where in the network path that email will travel you will need ports opened.
Security is for another discussion, this will make it work though.

Last edited by Wolfy; 06-22-2007 at 10:42 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Using Sendmail to relay all mail to my Exchange Server TimothyBoggess Linux - Newbie 7 05-01-2007 03:32 AM
Sendmail as SmartHost to route MS exchange 2003 Internal mail cksoo Linux - Enterprise 4 01-15-2007 10:34 AM
howto relay sendmail with exchange 2003 ioio Linux - General 1 10-25-2006 11:03 PM
sendmail to relay smtp to exchange inaki Linux - Software 1 04-02-2006 08:36 AM
sendmail configure relay for specific e-mail addresses LeovanBussel Linux - Newbie 1 07-29-2003 03:08 AM


All times are GMT -5. The time now is 10:04 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration