<HTML><HEAD><TITLE>Re: OT Routing problem MS sendmail and exchange
{Scanned by HJMS}</TITLE></HEAD>
<BODY>
<DIV id=idOWAReplyText38314 dir=ltr>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2>Thanks everyone who
gave me suggestions on how to solve this!</FONT></DIV>
<DIV dir=ltr>Im am very greatful.</DIV>
<DIV dir=ltr>Ended up using LUSER_HOST value for sendmail. Works great for
now but as has been pointed out Im keeping a watch out for mail loops.
Hanvent seen any yet :-)</DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr>/ Carl</DIV></DIV>
<DIV dir=ltr><BR>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Furnish, Trever G<BR><B>Sent:</B>
Tue 2003-10-14 18:07<BR><B>To:</B>
MAILSCANNER@JISCMAIL.AC.UK<BR><B>Subject:</B> Re: OT Routing problem MS
sendmail and exchange {Scanned by HJMS}<BR></FONT><BR></DIV>
<DIV>
<P><FONT size=2>> Mailscanner servr has 10 MX (mailgateway)<BR>>
Sendmail server no MX (pop/IMAP)<BR>> Exchange server no
MX<BR><BR>Ah, so you have three servers, not two, and you already have
this much<BR>working:<BR>MS -> ex -> sm<BR><BR>... so if ex doesn't
have the user, then it passes it along to sm.<BR><BR>And the only problem
you're having is that sm refuses to pass messages back<BR>to ex when a
user doesn't exist? Well there may be other ways to address<BR>this
but the simplest (at least to my knowledge) is still to assign
a<BR>subdomain to your ex system and then forward mail there using
virtusertable.<BR><BR>In other words, imagine assigning mail.foo.com to
ex, and assigning an<BR>@mail.foo.com address to each mailbox located on
ex. Then on the sm server,<BR>all you need is a list of the local
users. Such a list is easily produced<BR>in an automated fashion
(cut -f1 -d: /etc/passwd | sed -e 's/$/@foo.com/',<BR>for example).
Your virtusertable would look something like
this:<BR><BR>localuser1@foo.com
localuser1<BR>localuser2@foo.com
localuser2<BR>localuser3@foo.com
localuser3<BR>@foo.com
%1@mail.foo.com<BR><BR>Given such a set-up, any mail hitting the sm server
bound for localuser1,<BR>localuser2, or localuser3 would get delivered
locally, but any other mail<BR>for foo.com would get re-written and
delivered to the same user<BR>@mail.foo.com (your ex box).<BR><BR>I'm not
a sendmail guru by any means, but I have done the type of
transition<BR>you're describing many times using this method. More
information about the<BR>virtusertable can be found here:<BR><A
href="http://www.sendmail.org/m4/features.html#virtusertable"
target=_blank>http://www.sendmail.org/m4/features.html#virtusertable</A><B
R><BR>> Maintaining the alias file on the Sendmail can work but
then<BR>> I will have to<BR>> add aliases there for every new user I
get on the Exchange<BR>> (users that are<BR>> totally new) and
change it for users i migrate.<BR>> This is a bit too much
administation from my point of view<BR>> and also it has<BR>> the
potential of getting really messy. Who is where and what<BR>> aliases
and so<BR>> forth...<BR>> We are understaffed and under funded so an
email admin is not really<BR>> possible :-(<BR><BR>I can sympathize
with you, but I guess I just consider this the cost of<BR>doing a
migration. I'm also assuming that this is just a
temporary<BR>situation - that after you complete your migration, the
sendmail system will<BR>disappear and there will no longer be a need for
administration of it.<BR><BR>The little command-line I listed for
producing a list of local users above<BR>could pretty easily be scripted
up to produce your virtuser table. It only<BR>relies on your
removing user accounts when you transfer a user from sm to<BR>ex. If
you aren't going to remove the user accounts when you move them,<BR>then
you could simply maintain a list of moved users on the sm server
and<BR>use that to filter the password file as part of producing
virtusertable.<BR><BR>For example, given a file /etc/moved_users with
usernames one per line of<BR>the moved users, the following perl script
will produce a virtusertable file<BR>on stdout.<BR><BR># ---------------
start of script ---------------<BR># Store me as
/usr/local/bin/makevirtusertable.pl<BR><BR>$old_domain="foo.com";<BR>$new_
domain="mail.foo.com";<BR>%local=();<BR>%moved=();<BR>unless (open(PASSWD,
"/etc/passwd")) {<BR> die
"Unable to read /etc/passwd: $!\n";<BR>}<BR><BR>unless (open(MOVED,
"/etc/moved_users")) {<BR> die
"Unable to read /etc/moved_users: $!\n";<BR>}<BR><BR>while
($line=<PASSWD>) {<BR>
($uname, undef)=split(':', $line,
2);<BR>
$local{$uname}=1;<BR>}<BR><BR>while ($uname=<MOVED>)
{<BR> chomp
$uname;<BR>
$moved{$uname}=1;<BR>}<BR><BR>foreach $uname (sort keys %local)
{<BR> unless (exists
$moved{$uname}){<BR>
print
"$uname\@$old_domain\t$uname\n";<BR> &n
bsp; }<BR>}<BR><BR>print "\@$old_domain
%1\@$new_domain\n";<BR># --------------- end of
script ---------------<BR><BR>Assuming this is the only thing that will be
in your virtusertable file, you<BR>could just wrap that script a simple
shell script and then put the shell<BR>script in crontab to run every 5
minutes. The shell script should just dump<BR>the perl script's
output into your virtusertable file and run make within<BR>the directory
that contains it. Then all you have to do is maintain one<BR>list of
moved users on the sendmail server, and that list contains only
the<BR>uname of the user's account.<BR><BR>An example shell script would
be:<BR><BR>#----------- start of shell
script ------------<BR>#!/bin/sh<BR>perlscript="/usr/local/bin/makevirtuse
rtable.pl"<BR>$perlscript >/etc/mail/virtusertable<BR>(cd /etc/mail
&& make)<BR>#----------- end of shell
script --------------<BR><BR>Hope it
helps,<BR>Trever<BR><BR><BR>> -----Original Message-----<BR>> From:
Carl Boberg [<A href="mailto:carl.boberg@NRM.SE"
target=_blank>mailto:carl.boberg@NRM.SE</A>]<BR>> Sent: Tuesday,
October 14, 2003 9:35 AM<BR>> To: MAILSCANNER@JISCMAIL.AC.UK<BR>>
Subject: Re: OT Routing problem MS sendmail and exchange {Scanned
by<BR>> HJMS}<BR>><BR>><BR>> Hi,<BR>><BR>> Thank you
very much for your reply. Just to clarify some:<BR>><BR>>
Mailscanner servr has 10 MX (mailgateway)<BR>><BR>> Sendmail
server no MX (pop/IMAP)<BR>> Exchange server no
MX<BR>><BR>> Exhange recives all mail comming in from the
MailScanner and if the<BR>> user@domain.com does not resolve it will
forward it to the<BR>> Sendmail server.<BR>> As it will with all
email it cant resolve.<BR>> When a user on the Sendmail server want to
email a user on<BR>> the Exchange<BR>> server the Sednmail just says
550 user unknown.<BR>><BR>> Maintaining the alias file on the
Sendmail can work but then<BR>> I will have to<BR>> add aliases
there for every new user I get on the Exchange<BR>> (users that
are<BR>> totally new) and change it for users i migrate.<BR>> This
is a bit too much administation from my point of view<BR>> and also it
has<BR>> the potential of getting really messy. Who is where and
what<BR>> aliases and so<BR>> forth...<BR>> We are understaffed
and under funded so an email admin is not really<BR>> possible
:-(<BR>><BR>> Any more suggestions are very welcome.<BR>><BR>>
Best regards<BR>> --------------------------------<BR>> Carl
Boberg<BR>> System & Network Administrator<BR>> Swedish Museum
of Naturalhistory<BR>> Frescativägen 40<BR>> 104 05
Stockholm<BR>> Sweden<BR>> Tel nr: 08-5195 5116<BR>> Mobile:
0701-82 4055<BR>> E-mail:
carl.boberg@nrm.se<BR>> --------------------------------<BR>><BR>>
; -----Original Message-----<BR>> From: MailScanner mailing list [<A
href="mailto:MAILSCANNER@JISCMAIL.AC.UK"
target=_blank>mailto:MAILSCANNER@JISCMAIL.AC.UK</A>]On<BR>> Behalf Of
Furnish, Trever G<BR>> Sent: den 14 oktober 2003 16:00<BR>> To:
MAILSCANNER@JISCMAIL.AC.UK<BR>> Subject: Re: OT Routing problem MS
sendmail and exchange {Scanned by<BR>> HJMS}<BR>><BR>><BR>> So
during your transition process you are trying to host the<BR>> same
domain on<BR>> two servers, each of which only has some of the valid
users<BR>> for that domain?<BR>> That won't work -- or at least it's
a very odd way of doing things.<BR>><BR>> And maintaining a list of
which users have been moved and<BR>> which ones haven't<BR>> is "too
much administration"? If maintaining a list of users<BR>> is too
much<BR>> work for you, then hire an email administrator and
stop<BR>> trying to do it<BR>> yourself. Successfully
migrating from one mail system to another is a<BR>> process that should
be undertaken by someone willing to be<BR>> extremely careful<BR>>
and extremely thorough.<BR>><BR>> But in the spirit of being
helpful, I'll offer this<BR>> suggestion: give your<BR>> exchange
server its own subdomain and use sendmail's virtusertable to<BR>>
forward mail to the users migrated to exchange.<BR>><BR>> In greater
detail:<BR>><BR>> Let's imagine that your original domain is
foo.com, and that<BR>> your sendmail<BR>> server is sm.foo.com and
your exchange server is ex.foo.com.<BR>><BR>> You originally had MX
records that looked like this:<BR>>
foo.com. IN MX 10
sm.foo.com.<BR>><BR>> Given that starting point, what you should
have done was to assign a<BR>> subdomain to the exchange server before
moving your users there. For<BR>> example, you could assign
mail.foo.com to the exchange server:<BR>> mail.foo.com. IN
MX 10 ex.foo.com.<BR>><BR>> Then, when you create a
mailbox on the exchange server, you<BR>> assign BOTH the<BR>> user's
original @foo.com address AND a new @mail.foo.com<BR>> address.
Exchange<BR>> will happily accept multiple smtp addresses for the
same<BR>> mailbox. Be sure<BR>> that you set the @foo.com
address as the mailbox's primary address -<BR>> otherwise when the user
sends email it will go out as<BR>> something else. For<BR>>
example, Joe Shmoe's new mailbox on the exchange server would<BR>> have
two smtp<BR>> addresses (as well as all the other addresses exchange
creates):<BR>> joe.shmoe@foo.com <-- set as
primary<BR>> joe.shmoe@mail.foo.com<BR>><BR>> Now, on your
sendmail system all you have to do is forward<BR>> users as you
move<BR>> them. You can do this with aliases or with the
virtuser<BR>> table, whichever is<BR>> appropriate for your
set-up. If you're using aliases, then<BR>> on the
sendmail<BR>> server you would have an alias of:<BR>>
joe.shmoe:
joe.shmoe@mail.foo.com<BR>><BR>> After moving a user mailbox you
should forward and clear the<BR>> user mail spool<BR>> on the
sendmail server - then you will be able to spot any<BR>> email still
being<BR>> delivered to the user's spool. If there is still
mail<BR>> flowing into the<BR>> spool of a forwarded user, then he
has an address that you<BR>> have missed -<BR>> just forward that
one as well.<BR>><BR>> When you have moved *all* users off of the
sendmail server,<BR>> then you can<BR>> take foo.com out of the
sendmail server's list of local domain names<BR>>
(/etc/mail/local-host-names or /etc/mail/sendmail.cw) and add<BR>> a
RELAY line<BR>> to the sendmail access file for the domain (assuming
you<BR>> still want to use<BR>> the sendmail server as a relay for
it). Then you also need<BR>> to update DNS to<BR>> direct
email to the exchange server directly, so you might<BR>> end up
with:<BR>> foo.com. IN
MX 10 sm.foo.com.<BR>>
foo.com. IN MX 5
ex.foo.com.<BR>><BR>> If you intend to use the sendmail system as a
mailscanner<BR>> gateway for the<BR>> exchange server, then you also
need to prevent email from<BR>> flowing directly<BR>> to the
exchange server without first hitting the sendmail<BR>> server.
If your<BR>> exchange server is on windows server 2003 you can probably
just reject<BR>> connections to port 25 from everything EXCEPT
sm.foo.com. If<BR>> you have an<BR>> earlier version of
windows then you probably want to use sendmail's<BR>> mailertable or
smarthost feature instead.<BR>><BR>> HTH,<BR>>
Trever<BR>><BR>><BR>> > -----Original Message-----<BR>>
> From: Carl Boberg [<A href="mailto:carl.boberg@NRM.SE"
target=_blank>mailto:carl.boberg@NRM.SE</A>]<BR>> > Sent: Tuesday,
October 14, 2003 8:32 AM<BR>> > To:
MAILSCANNER@JISCMAIL.AC.UK<BR>> > Subject: OT Routing problem MS
sendmail and exchange<BR>> {Scanned by HJMS}<BR>> ><BR>>
><BR>> > Hi,<BR>> > I have been looking everywhere fo a
solution to this.<BR>> ><BR>> > Using Malscanner a mailgateway
(lowest MX)<BR>> ><BR>> > In the DMZ i have a sendmail sever
my users connetct to for<BR>> > POP/IMAP/SMTP<BR>> ><BR>>
> I now have a new Exchange server and new users on this one<BR>>
> and migrating old<BR>> > users<BR>> > slowly from the
sendmail to the exchange.<BR>> ><BR>> > MS smtpGW scans all
mail comming in an the sends all mail to the new<BR>> > Exchange
server.<BR>> > All email the exchange server cant resolve it sends
to the<BR>> > old sendmail<BR>> > server (even @domain.com
addresses)<BR>> > But the sendmail will only deliver @domain.com if
there exist<BR>> > a local user.<BR>> ><BR>> > I need to
figure out how to make sendmail deliver local<BR>> > addresses and
those<BR>> > @domain.com adresses it doesnt have localy sould be
sent to<BR>> > the exchange<BR>> > server?<BR>>
><BR>> > How to solve when a local domain (@domain.com) address
has<BR>> > been moved???<BR>> ><BR>> > I could maintain
the aliasses file on the old server but that<BR>> > is way
too<BR>> > much administration.<BR>> ><BR>> > Also can I
make the Mailscanner Mailgateway relay mail to<BR>> my internal<BR>>
> mailservers on a trial error basis?<BR>> > Incomming mail to
@domain.com first try<BR>> internalmailserver1.domain.com<BR>> >
if NDR (non delivery reply) then try
internalmailserver2.domain.com<BR>> ><BR>> ><BR>> >
Sorry if im unclear or messy in my description.<BR>> > Thanks for
any help in advance.<BR>> ><BR>> > Bets regards<BR>>
> --------------------------------<BR>> > Carl Boberg<BR>>
> System & Network Administrator<BR>> > Swedish Museum of
Naturalhistory<BR>> > Frescativägen 40<BR>> > 104 05
Stockholm<BR>> > Sweden<BR>> > Tel nr: 08-5195 5116<BR>>
> Mobile: 0701-82 4055<BR>> > E-mail: carl.boberg@nrm.se<BR>>
> --------------------------------<BR>>
><BR>><BR></FONT></P></DIV></BODY></HTML>
<HTML>###########################################<br><br>This message has
been scanned by F-Secure Anti-Virus for Microsoft Exchange.<br>For more
information, connect to http://www.F-Secure.com/</HTML>