Topic: SME9 in LAN1 sendmail over VPN to SME9 in LAN2 and vize versa ?

[fpausp]

We have branches in two cities, on both sides we use sme9 and fetch our mails from foreign domains via our ISP...

We use OpenVPN to connect each LAN (SITE to SITE VPN) to be able to secure exchange data...

We also like to do this with our internal Mails over the VPN and not over the ISP, how must we configure the two servers ?

[Jean-Philippe Pialasse]

let'S say you have the domain mycompany.com

configure sme1 to use site1.mycompany.com
configure sme2 to use site2.mycompany.com  (adapt with whatever you want)

configure in domain for each sme the domain of the other SME making it pointing localy to the ip of the other SME.
et voila


you are able to send email from site1 to lionel in site2 sending lionel@site2.mycompany.com

if you want people from both site to receive emails with @mycompany.com. Then you will have to configure the account of all users on one of the SME (let'S say site1) and select forward to username@site2.mycompany.com.

you might be able to do this also with pseudonyms ( to check).

[fpausp]

@ configure in domain for each sme the domain of the other SME making it pointing localy to the ip of the other SME. et voila

do you mean we should be able to resolve the hostname/domainname of the other side (/etc/hosts) ?

[fpausp]

I found this in the Wiki:


Forward all email for the specified domain to the IP address a.b.c.d. a.b.c.d can be either local or remote. By default, the recipient address will be verified as valid on a.b.c.d before SME accepts the inbound message.

Code: [Select]

db domains setprop test.com MailServer a.b.c.d

or use FQDN in place of a.b.c.d eg

db domains setprop test.com MailServer aspmx.l.google.com


Do you know this command, is it the right one ?

[Jean-Philippe Pialasse]

I found this in the Wiki:


Forward all email for the specified domain to the IP address a.b.c.d. a.b.c.d can be either local or remote. By default, the recipient address will be verified as valid on a.b.c.d before SME accepts the inbound message.

Code: [Select]

db domains setprop test.com MailServer a.b.c.d

or use FQDN in place of a.b.c.d eg

db domains setprop test.com MailServer aspmx.l.google.com


Do you know this command, is it the right one ?

as is this is not what you need.

this will send all your  email to the server you enter here.

@ configure in domain for each sme the domain of the other SME making it pointing localy to the ip of the other SME. et voila

do you mean we should be able to resolve the hostname/domainname of the other side (/etc/hosts) ?

yes, this is part of the purpose of a vpn

[mmccarn]

Some other methods...

1. Using IP routing rules
I think you could do this using 'local networks' without reconfiguring dns or creating any new domains.

* On each SME, use "nslookup -type=mx <the domain hosted on the other sme>" to get the IP address(es) that your SME will be attempting to deliver the mail to

* Use the 'local networks' tab in server-manager to route traffic for the resulting IP (or IPs) to the VPN (or LAN?) IP of the other SME server.

2. Using custom templates for qmail "smtproutes"
You can tell qmail to deliver email for each domain to the other server.  You'll find (a little) more info in this old forum post:
https://forums.contribs.org/index.php?topic=24643.0

"smtproutes" is one of the files that is affected if you create a domain and set "DelegateMailServer" for the domain, but you could create a custom fragment with the routing info you want:

Code: [Select]

mkdir -p /etc/e-smith/templates-custom/var/qmail/control/smtproutes/
cd /etc/e-smith/templates-custom/var/qmail/control/smtproutes/
echo 'OtherDomain:OtherMailServerVPNIPAddress' >> 30CustomSMTPROUTES
signal-event email-update
(replace "OtherDomain" and "OtherMailServerVPNIPAddress" on each system with the appropriate values for the other system; revert changes by deleting the "30CustomSMTPROUTES" file and re-running signal-event email-update)

3. Using the "smarthost" setting on each system
Set each system to use the *other* system (by VPN or LAN IP) as its email smarthost. 
Pro: all traffic between hosts goes over the VPN
Con: all email to outside users goes over the VPN first, then goes "out" to the rest of the ethernet...

[fpausp]

OK...

In the meantime I got it working... I had to configure a virtual domain (other side) and than I used the "db domains setprop..." comands.

Additionly I tried it without a vpn, just directly to the external ip of the other server but I had to open port 25.
Is it possible to use a more secure port other than 25 and how must I configure that ?