Topic: SME as "internal" smathost mail server

[Knuddi]

I have three branches in my company each located in their own country. The brances are all connected via VPN to the main office. All incomming emails are entering into the main office (xyz.com) and are on a per users basis autoforwarded to the branch mail server (SME as well). The branches have their own domain such as xzy.dk and zyx.se.

What I would like to acheive is that all the branches use the main branch office for outgoing messages as well and kind of use the main office mail server as a smart host or "Internet provides mail server" in SME language. Since the branch domains are not local the the main office mail server it doesn't want to be a smarthost and if I change /var/qmail/control/rcpthosts to accept email from these then it stores locally (all branch users are known in the main office).

How do I do this?

[Knuddi]

And it should also be noticed that on the main mail server I have modified /var/qmail/control/smtproutes to route email to the branch server via a specific IP address that are by the way local IP addresses (xyz.dk:192.168.22.33).

[crazybob]

Knuddi,

   I have no ideas about what you are trying, but have a couple of quick questions about your VPN.

Are you using OpenVPN? If so are you using server to server and if you are could you share a sample of the client script for your SME servers?

Thanks

Bob

[Knuddi]

Crazybob,

I was looking for help and not to give

Anyways, its quite simply and Yes I naturally use OpenVPN, and almost the same as for client-server setup. Simply install all the same modules on the client as on the server. Only create keys on the server though.

In the server.conf file remove the two lines:

auth-user-pass-verify ./validate.sh via-env
client-disconnect ./logoff.sh

and in the client.conf file remove:
auth-user-pass

and place the client keys in the /etc/openvpn directory instead of c:/program files/openvpn/config.

The only tricky part might then be to get the route tables configured correctly in both ends so that all users on the client net can see resources on the server side network.

[crazybob]

Knuddi,

  Thanks for the info.

Bob

[smeghead]

.. would backup MX by domain work here (there is a contrib around to do this).

Set the main office to either primary of secondary (depending on your requirements) for receipt of email and set ISP mail server to point to main office (smarthost) mail server.

This also give some redundancy as the backup MX is presumably on a different class C.

PS - had to come up with something here just as a small token for all your sterling script work

[Knuddi]

Using MX for this will not work as I want to ensure all email are going through my secure channels.

It actually turned out to be easy.... I just had to add the branch local IP range as a local network for the rules to be configured correctly. Now all my incomming as well as outgoing email is going through my main server and I am able to distribute incomming mail to appropriate branch servers.

[mrjhb3]

Knuddi,

Can you further explain/clear up for me, your setup a little bit more?  You have 3 offices connected together via VPN.  How are you autoforwarding the e-mail to the correct branch office?  Do you have all of your users defined on the main branch server, then simply setup their e-mail to forward to a specified email address? Branch offices are setup to send outgoing mail to the main office?  If so, did you have to make any other modifications for the main server to accept the mail from the branch servers, other than putting them in the local networks?  Finally, did you have to add the other two domains to your etc/hosts file in the main branch so that it would know how to resolve the branches, then the smtproutes so it would know where to send the data?

I hope I'm kind of close.

Thanks,

JB

[Knuddi]

All users are defined in main office and mail from main office to branches are forwarded or a per user basis to a new address jkn@main.com -> jkn@branch.com. In order to ensure this is done via VPN link and not over internet i have added a line to smtproutes:
branch.com:[192.168.x.y]
Where the IP address is the branch mail server. The same goes for brach offices where smtproutes is set as:
main.com:[192.168.z.q]

Also for branch office I configure to use delegate mail server which is the IP of main.com mail server.

No changes needed for /etc/hosts

[mrjhb3]

Thanks for that Jesper.

JB

[kruhm]

lol -ask a question and still gives help. way to go!

What I would like to acheive is that all the branches use the main branch office for outgoing messages...

Email clients at your branch offices should be able to use the the main office as outgoing. Just make sure the branch offices are in the LOCAL NETWORKS of your main office. You may have to use the ip address for outgoing.

As for the whole server at the main smarthosting for the branches...hmmmm...

[Knuddi]

Well if I let them use the main branch server thay will see long response time for sending emails. The now send and receive via their local server and this local server uses the main branch for outgoint emails. Its the way it should work and it does