Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
My company, like many others, is looking to cut costs. One of the places we are looking at is software licensing. Right now our entire organization is running on Exchange with two servers, one edge and one client access. Our domain currently consist of ~300 AD users, however ~250 of those users are field workers and are only on the domain for email address purposes. We would like to remove them from the domain without disrupting the configuration of our current email servers. I have read many posts on the concept of integrating Linux and Exchange, but they all seem to want to use Linux as a gateway and Exchange as a client access, but we essentially want to do the exact opposite.
Here is the concept we have come up with so far. First, we would configure the email accounts for our field users on the Linux box and give them instructions to connect to that box directly. All of our office users would be configured on the domain and given instructions for connecting to the Exchange Server. We would give the people on the Linux box an internal email address of firstname.lastname@example.org and then configure a contact on the Exchange box that would forward all mail for email@example.com to firstname.lastname@example.org.
Here are the issues that I am trying to overcome. First, when jdoe sends an email, it needs to look to the world as though it came from email@example.com; if the reply to address is firstname.lastname@example.org it won't work. Second, we would like for the people on the Linux box to have access to the Global Address List in Exchange so they can look up addresses for users in Exchange. We do NOT need AD authentication on the server, as the entire point of this exercise is to get rid of the user license for the field employees, which means they won't have an actual AD account to authenticate with.
Any suggestions anyone can make on how to best accomplish this, especially if you know of any good walk-throughs online for it, would be highly appreciated.
Sounds like a lot of effort to do half a job just to save a few Exchange CAL's, it would be a lot simpler to replace the email system for everybody - I think having a half and half solution will also be a pain to support. There are plenty of groupware options out there that are worth investigating.
Unfortunately, it isn't a few Exchange CALs, it is 250 Exchange CALs, so the cost savings are quite significant. Also, I unfortunately don't get to decide, I just have to do. Our Executives want to maintain Exchange capabilities, but I am hoping that this will be the first move toward demonstrating to them that the capabilities they want can be gotten from other sources. Any suggestions that can be offered would be appreciated.
An exchange CAL is still less than an MS Office license from memory .. have they thought of switching to Libre Office ? I still don't understand why people pay for MS Office when the bulk of users only use the basic functions.
(not that this really relates to your original question)
My suggestion is that it's going to be messy, so build a test environment and start playing around.
What version of Exchange did you say you are running? They didn't start using the terms "client access server" and "edge" until 2007. So, you want to cut back to one Exchange server, right? Both the Exchange server and the sendmail box must be available to Internet clients, it sounds like (I'm making a lot of assumptions here). Some clients will be IMAP clients and others WebDAV/OWA.
If you are actually running Exchange 2003, it's not a good idea to have both front end and back end functionality on the same server, and to make that available to the Internet. If you are running a newer version, it's best to have an edge subscription published to the Hub Transport, but there we go with two server licenses, at least (never mind separating CAS and Mailbox roles).
Are you thinking about having the field people hit the sendmail/postfix/qmail box with IMAP? If so, will it be on an internal segment or on a DMZ? Are your Exchange clients mobile at all? You could configure everybody to hit the Exchange box with RPC over HTTP ("Outlook Anywhere" it's called now).
You might think about having both internal and external SMTP messages relay through the Linux box, for "compliance", for address-mangling, and so that you can firewall outbound SMTP connections from workstations. If you have an internal server that sends SMTP alerts, just smart-host it through the sendmail box. For outgoing, use genericstable to rewrite the email@example.com to firstname.lastname@example.org. Other MTAs can do this, as well; I'm using sendmail as an example because that's what I know best.
You could also compile sendmail with Cyrus SASL support, install slapd, and have the field people with IMAP mailboxes look up Exchange recipients in LDAP. You might then run a script through cron to update the recipients list on the Linux box.
Agentbuzz, thanks for your suggestions, they are really helpful.
We are running Exchange 2003, but I used the 2007 terminology so that the purpose of the servers would be clear. MS may not have labeled them that way in 2003, but it seemed the best description to use.
We are still in the process of mapping things out, but the plan at the moment was to leave the Exchange servers in the configurations they have and set up contacts in AD for the field people. That would make sure that the field people show up in the GAL and everyone can search it for addresses.
We only have RPC over HTTPS turned on right now and don't support IMAP or POP, but with the Linux box we would probably support IMAP connections. I'm not sure that we've decided whether to put it in a DMZ or on the internal network, but I think I'm leaning towards a DMZ connection for it.
I was unaware of genericstable, but on cursory glance it seems to be the magic bullet that I was really looking for. I think we can handle the mail shuffling, but being able to make sure that the "internal" addresses for our field personnel didn't show up on an email to the outside world was a bit of a hurdle that I wasn't sure how to get past.
Again, thanks for all the great suggestions. Hopefully I can prove to my boss that Exchange isn't the only way to go when setting up an internal email system and we can just move everyone to the Linux box and be done with it.