Red Hat Linux e-mail forwarding... help?

wedge1988

Hi everybody,

Im in need of some quite urgent help,

Where i work, we have a Red Hat Linux box which is connected to to internet. This is a server that is managed by an external company, they are in charge of traffic restrictions etc, but i can phone them to change them, no problem.

I have 2 domains in our organisation, both trust each other fully with fully transitive trusting. Both domains have an exchange server, exchange server 2003 std on domain a and exchange server 2007 std on domain b.

Our internet server works by forwarding all mail to our exchange server on domain a. Appartently, a FQDN name must be added to the linux box which should point to the exchange server on either domain. they can create one no problem.

So i phoned up one of the guys that look after our "SA" box (our red hat linux box) and he said that it is not possible to configure the red hat linux server to ALSO send mail to exchange 2007 on domain b.

Is it me or is he just trying to avoid some work? Can sombody here that knows about linux tell me anything that would help me? maybe some instructions on how to carry this out?

thanks, i need this mail server...

Daniel333

Taking a shot in the dark at this...

I don't see how this single box can send to two different domains on it's own.

It would seem there is only going to be one MX record (although you can have backups) for your network on the Internet, so a single server/cluster would receive the incoming messages.

I think you would need to establish a couple routing groups and establish a connector between them in order to ensure emails are able to be received by both domains.

darkerosxx

So if I can translate...you need:

The RHEL box to transfer mail incoming from the internet to not just Exch2003 in domain A, but also to Exch2007 in domain B. However, in order to also include domain B's Exch2007, you need another FQDN registered at the RHEL box's IP.

I'm no expert on this, but if they're two different domains, I don't see how it can't forward to two different IP's after it receives it.

wedge1988

both domains are on the same physical network and subnet as the linux server, so it only has to route the mail to each servers ip address. the FQDN is for external users to access the box. It doesnt bother me if both domains use the same e-mail address (user@exchange.com) but they can make me another address such as user@exchange2.com on the linux box.

the one mail server uses the one address the other vice versa. the mail is forwarded via FQDN or by ip address.

surely all they have to do is create another "MX" record with the other address in it, then when an e-mail arrives it knows where to send the thing.

darkerosxx

Edit again:

So they're using the RHEL server as a firewall. Just tell them you're setting up two exchange servers and need two MX records created at X/Y IP's for the server, if they're handling your DNS, and that they need to forward that traffic properly through the server.

wedge1988

Exactly, thats what its doing. it is also our internet box so it is used for accessing websites etc.

Yes it is our firewall box controlled externally.

Edit:

So, just to clarify, it is defiantely possible? i thought exactly what you said originally.

However, the internet box does not have DNS enabled.

darkerosxx

wedge1988 wrote:

both domains are on the same physical network and subnet as the linux server, so it only has to route the mail to each servers ip address. the FQDN is for external users to access the box. It doesnt bother me if both domains use the same e-mail address (user@exchange.com) but they can make me another address such as user@exchange2.com on the linux box.

the one mail server uses the one address the other vice versa. the mail is forwarded via FQDN or by ip address.

surely all they have to do is create another "MX" record with the other address in it, then when an e-mail arrives it knows where to send the thing.

You are correct. Unless there's something you're missing or not explaining, that is doable, and if they're charging you for the RHEL "firewall" box, then they should do it.

wedge1988

thats my point, there just lazy. and i dont think im missing on anything, i might not know linux at all but i understand infrastructures and topologies.

sprkymrk

So the Red Hat box is a firewall/gateway, and I guess it is running something like "sendmail" to act as a mail relay? If they are using it in such a configuration, I think all they need to do is edit a config file /etc/mail/access to tell it to relay for both domains/servers:

exchange.com RELAY
exchange2.com RELAY

Then the MX records are what tell it the IP addresses of the servers it needs to send the mail to.

However, if they are using a custom application or firewall feaure and not sendmail, then I wouldn't know what it is or isn't capable of doing.

Daniel333

Not certain if both domains are sharing the same external IP address or what here. But if so basically a core firewall generally shouldn't be analyzing SMTP traffic, just passing it along to the server that will do the relaying.

IIS and I believe SendMail can be configured as a poor mans SMTP traffic cop, we do that at work for our two domains. So I am certain they can do it on your firewall, just not sure if it's a best practice, and if the resources are available.

Anyhow, we're all thinking out load here. Let us know how it works out?

bensen

go to the vim /etc/mail/virtusertable. add the names of the users in domain a to one side and the domain b to the other side like this

kk@yahoo.com kk@hotmail.com

john@xxx.com john@yydjhdh.net

this is called masquerading. if i understand ur question.

it should work.

RussS

More information needed.

My quick assessment is that the Linux box is running as a SMTP server and passes the emails off to the exchange machine? If that is so, bensen pretty much is on the mark. It really depends on what flavour system you are using on the border machine.
Several of my clients have setups where we route through a *nix box and forward on to various aliases. I.E. joep@abc.com might have his email forwarded to his home email address and also to his blackberry. To do that we would create a record in the Aliases file.

joep: joep, joep@yowhoo.com, joep@vodafone.yep.com

That would allow a copy to go to each location. If there is an Exchange box in the domain we would have a pointer in the *nix box that would deliver the abc.com email to the appropriate place.

wedge1988

thanks for the replies all, theyre all gonna help me get this issue solved. I am sure that the guy that looks after the box said there was a config file that needed to be updated, if thats the case, then "sprkymrk" is right on the mark which i suspect sprkymrk is.

I did phone them the other day (after this post) and he did say that it was possible, just that it would apparently slow something down? is im correct relaying all mail to both servers would send all traffic, then each server would just drop mail it doesnt own.

Currently, DNS is disabled on the linux box, but i can get that activated for the MX records, then just update DHCP to not distribute the linux box as a DNS server.

There is an admin panel which can be accessed and updated, it is a simple text file list with an alias and e-mail address to the FQDN address set up for mail forwarding. Id just assume id add to this list with the new addresses, when i need to add an address for forwarding.

I definately will let you all know how it turns out; im just as anxious to get this resolved as you all are. im sorry i can't give much more information that this, because i have absolubtly no clue how the infrastructure is set up beyond my own network. What i can tell you is that the broadband box gets its connection from a firewall box, which is connected to a CSU/DSU box which is linked to another building elsewhere, which gets its connection from another building over 12 miles away (its a county infrastructure) so its a complicated setup, but i only have control over everything on the buildinbg i work at, besides the internet connection lol.

Here is what i know:

We have 2 exchange servers

exchange server 2003 is on domain A

exchange server 2007 is on domain B

domain A has a public FQDN (should make no difference because the broadband server should forward requests)

domain B has a .local FQDN (should make no difference because the broadband server should forward requests)

the broadband server is controlled totally externally, i have no control over it other than to update filter lists and e-mail addresses.


-> ill post back soon.

rossonieri#1

hi wedge,

If i'm not mistaken - your future topology looks like an anti-spam implementation. If that was true - then i guess that is doable - but need some supervision on these area :
- replacing your 2 domain MX record to that linux box
- mail relay from the linux box to both exchange domain -> just like sprkymrk said
- SMTP connector (smart host) from both Exchange server on domain A+B to the linux box - so your exchange server can send email using that linux box - its a must (although some say its optional).

HTH.

wedge1988

Hey all,

so i finally decided to give up with this scenario, apparently it can be done but it requires some extensive user administration, and the fact that ill have to create two account for one user and then theyll have 2-email addresses.

Theyre such a pain in the a** to deal with, but were tied to them

anyways, ill probably end up merging the two domains in a few months time so it shouldnt be a problem then!