sendmail relaying exchange

d@em0n · 09-09-2003, 02:00 AM

I'm using a redhat with senmail for corporate mail at the moment and now I need to setup an internal, protected exchange 2000 server for the domain.

Basically I need that all mail sent to exchange smtp to be forwarded through senmail box and 2nd all mail received from outside by the sendmail box to be relayed to the exchange box instantly.

Documentation is good if you know some links, but I REALLY need to know this :

1. While testing is it possible to relay to just a few users/mailboxes and not all?
2. If I relay all mail and some users set up on sendmail don't have a correspondent, yet, in exchange, will sendmail generate errors or just be smart and keep the mails on itself(this for users not migrated yet)?

the domain is setup up like this example.domain.com

and the linux box is set up in linuxbox.domain.com

They will both use pubic adresses. I need to use sendmail as a filter

I need your advice,

Thanks

Medievalist · 09-09-2003, 10:24 AM

(opinion)
Wow, sounds like a really horrible idea. I was a beta tester for Exchange once upon a time, so I'm not just blindly slamming Microsoft here. But Exchange is the Microsoft "crack sample" - oh, look, just try it a few times, it will make you feel so much better about yourself!
Once a corporation takes that hit off the crack pipe, it will never get free without pain and suffering. The ROI on Exchange is usually negative, too - the per-seat costs are higher than the collaborative features can compensate for, especially when browser-based collaborative software is freely available.
(/opinion)

Your questions:

1. While testing is it possible to relay to just a few users/mailboxes and not all?

Yes, using virtusertable or aliases or individual .forward files. See your sendmail documentation before you choose, but probably virtusertables are what you want.

2. If I relay all mail and some users set up on sendmail don't have a correspondent, yet, in exchange, will sendmail generate errors or just be smart and keep the mails on itself(this for users not migrated yet)?

If you relay *all* mail, then sendmail will not be checking for user accounts anywhere. If you use a virtusertable or something of that sort, anything you haven't explicitly relayed will be checked against the local user database and delivered locally if the user exists.

Sticky Toejam · 09-10-2003, 11:51 PM

Here's another way of doing this:

1. Create an MX and A record for your unix box
2a. Create _only_ an MX record for your internal box.
2b. Create a second MX record pointing to your unix box
3. On your unix box put the internal box IP address in /etc/hosts or in an internal DNS setup (same unix box if using split DNS).
4. Put "internal.box.name" in /etc/mail/relay-domains

What happens is this:

1. A (say) AOL user attempts to send mail to USER@BOX.DOMAIN.
2. AOL's DNS servers look up the MX record and finds that INTERNAL.BOX.DOMAIN is the first MX record. But there is no "A" record for INTERNAL.DOMAIN.BOX.
3. AOL's mail program then goes to the second MX record for "BOX.DOMAIN" - this is unix.box.domain which does have an A record.
4. Mail hits unix.box.domain. Since INTERNAL.box.domain is in /etc/mail/relay-domains sendmail knows to relay it to that box. Sendmail then uses either /etc/hosts or an internal DNS record to get the RFC1918 IP address.
5. Mail goes from unix box to INTERNAL.BOX.DOMAIN.

The good part - no muss, no fuss with /etc/mail/relay, access, alias or virtusertables. You can also use various DNSBLs to filter out spam, use SpamAssassian to tag spam, etc. Your internal box is also protected from various port scanners, spammers, etc.

Bad part - you generate slightly more dns traffic by having to look up two MX records. Some windows-based MTAs are too stupid to know how to look up more than one MX record. But in doing this for 22 sites (a school system) for 5 years I've only found one mail package which could not handle this setup.