Topic: Deliver email for one domain to an internal or external mail server [SOLVED]

[Allan Pritchard]

Hi All

I hope someone can give some advice before I waste too much time for nothing.

I have two servers here, one runs as an email server for our volunteer Search and Rescue group and has 5 domains. I would like to move two of these domains onto another server as they are my personal domains using the "Deliver email for one domain to an internal or external mail server" from the documentation. But i'd like to know if I can still have imap access to the second server which will be internal. I travel a lot and I want to make sure that I can still access my emails remotely. We currently use imaps with port 993 directed to the main server, will imaps access also follow to the other server with the other 2 domains or is there another process I have to consider such as opening additional ports?

Cheers
Allan Pritchard

[janet]

Allan Pritchard

Have you ever read the FAQ, please do, as there are MANY answers there.
https://wiki.contribs.org/SME_Server:Documentation:FAQ:Section04#Internal_or_External_Mail_Servers
IMAP access will still be available to the server(s), but mail for the redirected domains will not be there as it will be delegated to the nominated internal or external mail server.

[mmccarn]

 If you use a laptop that travels on and off of the LAN you need:

* A different port when accessing email remotely
* A domain name that resolves to your WAN IP when off-site and to the LAN IP of the secondary server when you're on the LAN
==> The corollary to this is that the secondary server must allow IMAPS and SMTPS access on the new port number (unless you want to reconfigure your email client whenever you come to or leave the office...)

In this example I'll use port 1993 for custom IMAPS and 1465 for custom SMTPS.

So - a complete solution:
- Your LAN DNS must point to the secondary server when you access it by name
- Internet DNS must point to the WAN IP of your office when accessed by name (presumably this already works...)
- Your secondary server must respond on ports 1993 for IMAPS and 1465 for SMTPS (so that you can send/receive email when you're in the office)
- Your firewall or primary SME must forward traffic for ports 1993 and 1465 to the secondary server

Assuming both servers are SME servers, you would create port forwarding rules in server manager on each host.

On the secondary host, port 1993 would redirect to port 993 on localhost, port 1465 would redirect to port 465 on localhost.

On the first host, port 1993 would redirect to either 993 or 1993 on the secondary server; likewise for 1465.

On your LAN DNS (presumably your first SME) you need an entry that points to the LAN IP of the secondary server by name.

[edit]
Make sure when you're done that you can send email *from* the domains that are still on the first server *to* the domains that move to the second server.  There should be no problem, but you wouldn't want to find out days or weeks later that there is one...

[Allan Pritchard]

Thanks, I'll tackle this over the weekend. I would have missed the step of making the secondary SME respond on port 1993 and 1465 so it works in office as well. Thanks again

Cheers
Allan

[Allan Pritchard]

After I bit of mucking around separating some users I now have a primary server which holds two domains with external imap access, everything seems to be working fine.

and I have secondary email server for the volunteer rescue group with their two domains all working and tested.

There is only one issue I cannot solve as yet. The secondary server acts as a forwarder, ie. each member/user has their email address user@chchsar.org.nz which then forwards to their chosen personal email address, gmail, yahoo, private etc etc, no emails are stored on the server. This has worked well for years as we have groups for committe@chchsar etc etc. and its easy to administer.

The issue is I cannot get the secondary server (@chchsar.org.nz) to forward my (or my partners) emails back to my selected email address (@riverretreat.kiwi.nz)  which is the primary server on the same internal network. I get the following

deferral: Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)

Everyone elses emails are working fine and being forwarded to their personal email address. 

The full error log is here

2016-08-20 08:54:42.515509500 new msg 1706352
2016-08-20 08:54:42.515512500 info msg 1706352: bytes 3162 from <allan@apdesign.co.nz> qp 4896 uid 400
2016-08-20 08:54:42.627657500 starting delivery 374: msg 1706352 to local margie.sharkey@chchsar.chchsar.org.nz
2016-08-20 08:54:42.627659500 status: local 2/20 remote 0/20
2016-08-20 08:54:42.627674500 delivery 373: success: forward:_qp_4896/did_0+0+1/
2016-08-20 08:54:42.627808500 status: local 1/20 remote 0/20
2016-08-20 08:54:42.627810500 end msg 1706381
2016-08-20 08:54:42.740726500 new msg 1706381
2016-08-20 08:54:42.740729500 info msg 1706381: bytes 3285 from <allan@apdesign.co.nz> qp 4900 uid 5013
2016-08-20 08:54:42.852861500 starting delivery 375: msg 1706381 to remote margie@riverretreat.kiwi.nz
2016-08-20 08:54:42.852864500 status: local 1/20 remote 1/20
2016-08-20 08:54:42.852865500 delivery 374: success: did_0+1+1/qp_4900/
2016-08-20 08:54:42.852880500 status: local 0/20 remote 1/20
2016-08-20 08:54:42.853008500 end msg 1706352
2016-08-20 08:54:42.923542500 delivery 375: deferral: Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/

Does anyone have any thoughts to try?

[mmccarn]

Try to find out where the secondary server thinks it needs to deliver the email going to the domains on the primary server.

That is - at a shell prompt on the secondary server, do an MX lookup for the primary domains.

It's likely that you'll get the WAN ip of the primary server, when you need to make it be the LAN address.

If that's the case, the first thing I'd try would be to set the 'corporate dns' on the second server to be the primary server, then try again.

If that doesn't work, you could define the primary domains on the secondary server, then configure the secondary server to use the primary as the 'internal' mail server for those domains...

Or you could use a custom smtproutes template fragment for qmail (I think) to tell qmail where to deliver email for those domains.

[Allan Pritchard]

Hi

Adding the DNS of the primary server into the secondary server solved the issue. Such a simple solution.

I'm glad it work as I've never done custom templates

Thanks for your help.

Cheers
Allan

[ReetP]

Can you please add 'solved' to the subject if it works.

B. Rgds
John