OT Routing problem MS sendmail and exchange {Scanned by HJMS}
Furnish, Trever G
TGFurnish at HERFF-JONES.COM
Tue Oct 14 17:07:02 IST 2003
> Mailscanner servr has 10 MX (mailgateway)
> Sendmail server no MX (pop/IMAP)
> Exchange server no MX
Ah, so you have three servers, not two, and you already have this much
working:
MS -> ex -> sm
... so if ex doesn't have the user, then it passes it along to sm.
And the only problem you're having is that sm refuses to pass messages back
to ex when a user doesn't exist? Well there may be other ways to address
this but the simplest (at least to my knowledge) is still to assign a
subdomain to your ex system and then forward mail there using virtusertable.
In other words, imagine assigning mail.foo.com to ex, and assigning an
@mail.foo.com address to each mailbox located on ex. Then on the sm server,
all you need is a list of the local users. Such a list is easily produced
in an automated fashion (cut -f1 -d: /etc/passwd | sed -e 's/$/@foo.com/',
for example). Your virtusertable would look something like this:
localuser1 at foo.com localuser1
localuser2 at foo.com localuser2
localuser3 at foo.com localuser3
@foo.com %1 at mail.foo.com
Given such a set-up, any mail hitting the sm server bound for localuser1,
localuser2, or localuser3 would get delivered locally, but any other mail
for foo.com would get re-written and delivered to the same user
@mail.foo.com (your ex box).
I'm not a sendmail guru by any means, but I have done the type of transition
you're describing many times using this method. More information about the
virtusertable can be found here:
http://www.sendmail.org/m4/features.html#virtusertable
> Maintaining the alias file on the Sendmail can work but then
> I will have to
> add aliases there for every new user I get on the Exchange
> (users that are
> totally new) and change it for users i migrate.
> This is a bit too much administation from my point of view
> and also it has
> the potential of getting really messy. Who is where and what
> aliases and so
> forth...
> We are understaffed and under funded so an email admin is not really
> possible :-(
I can sympathize with you, but I guess I just consider this the cost of
doing a migration. I'm also assuming that this is just a temporary
situation - that after you complete your migration, the sendmail system will
disappear and there will no longer be a need for administration of it.
The little command-line I listed for producing a list of local users above
could pretty easily be scripted up to produce your virtuser table. It only
relies on your removing user accounts when you transfer a user from sm to
ex. If you aren't going to remove the user accounts when you move them,
then you could simply maintain a list of moved users on the sm server and
use that to filter the password file as part of producing virtusertable.
For example, given a file /etc/moved_users with usernames one per line of
the moved users, the following perl script will produce a virtusertable file
on stdout.
# --------------- start of script ---------------
# Store me as /usr/local/bin/makevirtusertable.pl
$old_domain="foo.com";
$new_domain="mail.foo.com";
%local=();
%moved=();
unless (open(PASSWD, "/etc/passwd")) {
die "Unable to read /etc/passwd: $!\n";
}
unless (open(MOVED, "/etc/moved_users")) {
die "Unable to read /etc/moved_users: $!\n";
}
while ($line=<PASSWD>) {
($uname, undef)=split(':', $line, 2);
$local{$uname}=1;
}
while ($uname=<MOVED>) {
chomp $uname;
$moved{$uname}=1;
}
foreach $uname (sort keys %local) {
unless (exists $moved{$uname}){
print "$uname\@$old_domain\t$uname\n";
}
}
print "\@$old_domain %1\@$new_domain\n";
# --------------- end of script ---------------
Assuming this is the only thing that will be in your virtusertable file, you
could just wrap that script a simple shell script and then put the shell
script in crontab to run every 5 minutes. The shell script should just dump
the perl script's output into your virtusertable file and run make within
the directory that contains it. Then all you have to do is maintain one
list of moved users on the sendmail server, and that list contains only the
uname of the user's account.
An example shell script would be:
#----------- start of shell script ------------
#!/bin/sh
perlscript="/usr/local/bin/makevirtusertable.pl"
$perlscript >/etc/mail/virtusertable
(cd /etc/mail && make)
#----------- end of shell script --------------
Hope it helps,
Trever
> -----Original Message-----
> From: Carl Boberg [mailto:carl.boberg at NRM.SE]
> Sent: Tuesday, October 14, 2003 9:35 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: OT Routing problem MS sendmail and exchange {Scanned by
> HJMS}
>
>
> Hi,
>
> Thank you very much for your reply. Just to clarify some:
>
> Mailscanner servr has 10 MX (mailgateway)
>
> Sendmail server no MX (pop/IMAP)
> Exchange server no MX
>
> Exhange recives all mail comming in from the MailScanner and if the
> user at domain.com does not resolve it will forward it to the
> Sendmail server.
> As it will with all email it cant resolve.
> When a user on the Sendmail server want to email a user on
> the Exchange
> server the Sednmail just says 550 user unknown.
>
> Maintaining the alias file on the Sendmail can work but then
> I will have to
> add aliases there for every new user I get on the Exchange
> (users that are
> totally new) and change it for users i migrate.
> This is a bit too much administation from my point of view
> and also it has
> the potential of getting really messy. Who is where and what
> aliases and so
> forth...
> We are understaffed and under funded so an email admin is not really
> possible :-(
>
> Any more suggestions are very welcome.
>
> Best regards
> --------------------------------
> Carl Boberg
> System & Network Administrator
> Swedish Museum of Naturalhistory
> Frescativägen 40
> 104 05 Stockholm
> Sweden
> Tel nr: 08-5195 5116
> Mobile: 0701-82 4055
> E-mail: carl.boberg at nrm.se
> --------------------------------
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of Furnish, Trever G
> Sent: den 14 oktober 2003 16:00
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: OT Routing problem MS sendmail and exchange {Scanned by
> HJMS}
>
>
> So during your transition process you are trying to host the
> same domain on
> two servers, each of which only has some of the valid users
> for that domain?
> That won't work -- or at least it's a very odd way of doing things.
>
> And maintaining a list of which users have been moved and
> which ones haven't
> is "too much administration"? If maintaining a list of users
> is too much
> work for you, then hire an email administrator and stop
> trying to do it
> yourself. Successfully migrating from one mail system to another is a
> process that should be undertaken by someone willing to be
> extremely careful
> and extremely thorough.
>
> But in the spirit of being helpful, I'll offer this
> suggestion: give your
> exchange server its own subdomain and use sendmail's virtusertable to
> forward mail to the users migrated to exchange.
>
> In greater detail:
>
> Let's imagine that your original domain is foo.com, and that
> your sendmail
> server is sm.foo.com and your exchange server is ex.foo.com.
>
> You originally had MX records that looked like this:
> foo.com. IN MX 10 sm.foo.com.
>
> Given that starting point, what you should have done was to assign a
> subdomain to the exchange server before moving your users there. For
> example, you could assign mail.foo.com to the exchange server:
> mail.foo.com. IN MX 10 ex.foo.com.
>
> Then, when you create a mailbox on the exchange server, you
> assign BOTH the
> user's original @foo.com address AND a new @mail.foo.com
> address. Exchange
> will happily accept multiple smtp addresses for the same
> mailbox. Be sure
> that you set the @foo.com address as the mailbox's primary address -
> otherwise when the user sends email it will go out as
> something else. For
> example, Joe Shmoe's new mailbox on the exchange server would
> have two smtp
> addresses (as well as all the other addresses exchange creates):
> joe.shmoe at foo.com <-- set as primary
> joe.shmoe at mail.foo.com
>
> Now, on your sendmail system all you have to do is forward
> users as you move
> them. You can do this with aliases or with the virtuser
> table, whichever is
> appropriate for your set-up. If you're using aliases, then
> on the sendmail
> server you would have an alias of:
> joe.shmoe: joe.shmoe at mail.foo.com
>
> After moving a user mailbox you should forward and clear the
> user mail spool
> on the sendmail server - then you will be able to spot any
> email still being
> delivered to the user's spool. If there is still mail
> flowing into the
> spool of a forwarded user, then he has an address that you
> have missed -
> just forward that one as well.
>
> When you have moved *all* users off of the sendmail server,
> then you can
> take foo.com out of the sendmail server's list of local domain names
> (/etc/mail/local-host-names or /etc/mail/sendmail.cw) and add
> a RELAY line
> to the sendmail access file for the domain (assuming you
> still want to use
> the sendmail server as a relay for it). Then you also need
> to update DNS to
> direct email to the exchange server directly, so you might
> end up with:
> foo.com. IN MX 10 sm.foo.com.
> foo.com. IN MX 5 ex.foo.com.
>
> If you intend to use the sendmail system as a mailscanner
> gateway for the
> exchange server, then you also need to prevent email from
> flowing directly
> to the exchange server without first hitting the sendmail
> server. If your
> exchange server is on windows server 2003 you can probably just reject
> connections to port 25 from everything EXCEPT sm.foo.com. If
> you have an
> earlier version of windows then you probably want to use sendmail's
> mailertable or smarthost feature instead.
>
> HTH,
> Trever
>
>
> > -----Original Message-----
> > From: Carl Boberg [mailto:carl.boberg at NRM.SE]
> > Sent: Tuesday, October 14, 2003 8:32 AM
> > To: MAILSCANNER at JISCMAIL.AC.UK
> > Subject: OT Routing problem MS sendmail and exchange
> {Scanned by HJMS}
> >
> >
> > Hi,
> > I have been looking everywhere fo a solution to this.
> >
> > Using Malscanner a mailgateway (lowest MX)
> >
> > In the DMZ i have a sendmail sever my users connetct to for
> > POP/IMAP/SMTP
> >
> > I now have a new Exchange server and new users on this one
> > and migrating old
> > users
> > slowly from the sendmail to the exchange.
> >
> > MS smtpGW scans all mail comming in an the sends all mail to the new
> > Exchange server.
> > All email the exchange server cant resolve it sends to the
> > old sendmail
> > server (even @domain.com addresses)
> > But the sendmail will only deliver @domain.com if there exist
> > a local user.
> >
> > I need to figure out how to make sendmail deliver local
> > addresses and those
> > @domain.com adresses it doesnt have localy sould be sent to
> > the exchange
> > server?
> >
> > How to solve when a local domain (@domain.com) address has
> > been moved???
> >
> > I could maintain the aliasses file on the old server but that
> > is way too
> > much administration.
> >
> > Also can I make the Mailscanner Mailgateway relay mail to
> my internal
> > mailservers on a trial error basis?
> > Incomming mail to @domain.com first try
> internalmailserver1.domain.com
> > if NDR (non delivery reply) then try internalmailserver2.domain.com
> >
> >
> > Sorry if im unclear or messy in my description.
> > Thanks for any help in advance.
> >
> > Bets regards
> > --------------------------------
> > Carl Boberg
> > System & Network Administrator
> > Swedish Museum of Naturalhistory
> > Frescativägen 40
> > 104 05 Stockholm
> > Sweden
> > Tel nr: 08-5195 5116
> > Mobile: 0701-82 4055
> > E-mail: carl.boberg at nrm.se
> > --------------------------------
> >
>
More information about the MailScanner
mailing list