> It is not clear to me how you configured your DNS servers.
>
> If you have SRV1 dealing with all email for pb.xxx.com and SRV2
> dealing with all email for pb2.xxx.com, email will be forwarded
> according to your settings.
My two servers (SVR1/old and SVR2/new) are part of an internal network.
SVR2 relays to SVR1 which then relays to our corporate MX server for
external mails.
Internet <--> Corporate MX <--> SVR1 <--> SVR2
@pb.xxx.com
@pb.xx.com/@pb2.xx.com
Suffice to say that mails from the outside addressed to pb.xxx.com gets
relayed to SVR1.
Both SVR1 and SVR2 are intended to serve pb.xxx.com. SVR1 has all the mail
accounts but just forwards mails (using .qmail) for the migrated accounts
to SVR2 as @pb2.xxx.com. This part is already working.
Anyway, my pending concern is how to setup SVR2 (qmail-ldap) so that mails
from it addressed to pb.xxx.com is delivered locally (i.e. do not have to
be relayed to SVR1) if the addressed mail account has a
mailAlternateAddress pb2.xxx.com in LDAP.
>> 4. Would want that emails from the new server that is addressed to the
>> migrated accounts (addressed to @pb.xxx.com but mail account has
>> mailAlternateAddress @pb2.xxx.com in LDAP) be delivered locally.
Currently,
>> these emails are still relayed to old server (the SMTP gateway) which
then
>> returns/forwards it back as @pb2.xxx.com.
> At this stage, you need to stop trying to explain what you have
> tried and show us your configurations:
Here are my config files:
1. qmail-ldap configuration
$ /var/qmail/bin/qmail-showctl
qmail home directory: /var/qmail.
user-ext delimiter: -.
paternalism (in decimal): 2.
silent concurrency limit: 500.
subdirectory split: 23.
user ids: 1005, 1006, 1007, 0, 1008, 1009, 1010, 1011.
group ids: 1005, 1006.
me: My name is pb.xxx.com
ldapserver: My ldap server is localhost
badmailfrom: (Default.) Any MAIL FROM is allowed.
badmailfrom-unknown: (Default.) Any MAIL FROM from hosts without PTR is
allowed.
badrcptto: (Default.) Any RCPT TO is allowed.
bouncefrom: (Default.) Bounce user name is MAILER-DAEMON.
bouncehost: (Default.) Bounce host name is pb.xxx.com
bouncemaxbytes: (Default.) Bounce data limit is 0 bytes.
concurrencylocal: (Default.) Local concurrency is 10.
concurrencyremote: (Default.) Remote concurrency is 20.
custombouncetext:
For more information write to mail administrator.
databytes: (Default.) SMTP DATA limit is 0 bytes.
defaultdomain: Default domain name is pb2.xxx.com
defaulthost: (Default.) Default host name is pb.xxx.com
dirmaker: Program to create homedirs /var/qmail/bin/dirmaker.sh.
doublebouncehost: (Default.) 2B recipient host: pb.xxx.com
doublebounceto: (Default.) 2B recipient user: postmaster.
envnoathost: (Default.) Presumed domain name is pb.xxx.com
goodmailaddr: (Default.) No good mail addresses.
helohost: (Default.) SMTP client HELO host name is pb.xxx.com
idhost: (Default.) Message-ID host name is pb.xxx.com
localiphost: (Default.) Local IP address becomes pb.xxx.com
locals:
Messages for pb2.xxx.com are delivered locally.
me: My name is pb.xxx.com.
outgoingip: Bind qmail-remote to 0.0.0.0.
pbscachesize: (Default.) PBS cachesize is 1048576 bytes.
pbsenv: (Default.) No environment variables will be passed.
pbsip: (Default.) Bind PBS daemon to 0.0.0.0.
pbsport: (Default.) PBS deamon listens on port 2821.
pbssecret: (Default.) PBS shared secret is undefined! Uh-oh.
pbsservers: (Default.) No PBS servers.
pbstimeout: (Default.) PBS entries will be valid for 600 seconds.
percenthack: (Default.) The percent hack is not allowed.
plusdomain: Plus domain name is pb2.xxx.com.
qmqpcip: (Default.) Bind qmail-qmqpc to 0.0.0.0.
qmqpservers: (Default.) No QMQP servers.
queuelifetime: (Default.) Message lifetime in the queue is 604800 seconds.
quotawarning:
Disk quota has been reached. Archive old messages in order to receive
incoming mail.
rbllist:
rcpthosts:
SMTP clients may send messages to recipients at pb.xxx.com.
SMTP clients may send messages to recipients at .com.
SMTP clients may send messages to recipients at .net.
SMTP clients may send messages to recipients at .org.
SMTP clients may send messages to recipients at .edu.
SMTP clients may send messages to recipients at .ph.
SMTP clients may send messages to recipients at .es.
SMTP clients may send messages to recipients at .hk.
SMTP clients may send messages to recipients at .sg.
SMTP clients may send messages to recipients at .tw.
SMTP clients may send messages to recipients at .au.
SMTP clients may send messages to recipients at .ca.
SMTP clients may send messages to recipients at .uk.
SMTP clients may send messages to recipients at .us.
SMTP clients may send messages to recipients at .bs.
...
morercpthosts: (Default.) No effect.
morercpthosts.cdb: (Default.) No effect.
relaymailfrom: (Default.) Relaymailfrom not enabled.
smtpgreeting: (Default.) SMTP greeting: 220 pb.xxx.com.
smtproutes:
SMTP route: :[<ip-of-SVR1>]
timeoutconnect: (Default.) SMTP client connection timeout is 60 seconds.
timeoutremote: (Default.) SMTP client data timeout is 1200 seconds.
timeoutsmtpd: (Default.) SMTP server data timeout is 1200 seconds.
virtualdomains: (Default.) No virtual domains.
Now the qmail-ldap specific files:
ldapbasedn: LDAP basedn: dc=pb,dc=local.
ldapserver:
localhost
ldaplogin: LDAP login: cn=Manager,dc=pb,dc=local.
ldappassword: LDAP password: <password>.
ldaptimeout: LDAP server timeout is 30 seconds.
ldapuid: Default UID is 11184.
ldapgid: Default GID is 2110.
ldapobjectclass: The objectclass to limit ldap filter is qmailUser.
ldapmessagestore: Prefix for non absolute paths is /var/qmail/maildirs/.
ldapdefaultdotmode: Default dot mode for ldap users is ldapwithprog.
defaultquotasize: Mailbox size quota is 10000000 bytes (0 is unlimited).
defaultquotacount: Mailbox count quota is 10000 messages (0 is unlimited).
ldaplocaldelivery: Local passwd lookup is 1 (1 = on, 0 = off).
ldaprebind: (Default.) Ldap rebinding is 0 (1 = on, 0 = off).
ldapcluster: Clustering is 0 (1 = on, 0 = off).
ldapclusterhosts: (Default.) Messages for me are not redirected.
qmail-pop3d.rules: I have no idea what this file does.
ldapdefaultdotmode.bak: I have no idea what this file does.
simcontrol: I have no idea what this file does.
defaultdelivery.Maildir: I have no idea what this file does.
qmail-qmqpd.rules: I have no idea what this file does.
simcontrol.cdb: I have no idea what this file does.
qmail-imapd.rules: I have no idea what this file does.
defaultdelivery: I have no idea what this file does.
localdelivery: I have no idea what this file does.
qmail-smtpd.rules: I have no idea what this file does.
signatures: I have no idea what this file does.
Makefile: I have no idea what this file does.
2. Contents of /etc/courier/authldaprc (less comments "#" and blank lines)
LDAP_URI ldap://SVR2.pb.local
LDAP_PROTOCOL_VERSION 3
LDAP_BASEDN dc=pb,dc=local
LDAP_BINDDN cn=Manager,dc=pb,dc=local
LDAP_BINDPW <password>
LDAP_TIMEOUT 5
LDAP_AUTHBIND 1
LDAP_MAIL mail
LDAP_DOMAIN pb2.xxx.com
LDAP_GLOB_UID vmail
LDAP_GLOB_GID vmail
LDAP_HOMEDIR homeDirectory
LDAP_MAILDIR mailMessageStore
LDAP_DEFAULTDELIVERY defaultDelivery
LDAP_CLEARPW clearPassword
LDAP_CRYPTPW userPassword
LDAP_AUXOPTIONS mailhost=mailhost
LDAP_DEREF never
LDAP_TLS 0
3. A sample LDAP entry:
$ ldapsearch -x mail=bre...@pb..xxx.com
# extended LDIF
#
# LDAPv3
# base <dc=pb,dc=local> (default) with scope subtree
# filter: mail=bre...@pb.xxx.com
# requesting: ALL
#
# breyes, users, pb.local
dn: cn=breyes,ou=users,dc=pb,dc=local
cn: breyes
ou: users
sn: breyes
objectClass: top
objectClass: person
objectClass: inetOrgPerson
objectClass: qmailUser
mailQuotaSize: 0
mailQuotaCount: 0
uid: breyes
accountStatus: active
mailHost: SVR2.pb.local
qmailUID: 11184
qmailGID: 2110
homeDirectory: /var/qmail/maildirs/breyes/
mailMessageStore: /var/qmail/maildirs/breyes/Maildir/
mail: bre...@pb.xxx.com
mailAlternateAddress: bre...@pb2.xxx.com
deliveryProgramPath: /usr/local/bin/maildrop
deliveryMode: nolocal
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
4. Result of authtests:
--> authtest to mail attribute succeeds
$ authtest bre...@pb.xxx.com
Authentication succeeded.
Authenticated: bre...@pb..xxx.com (uid 11184, gid 2110)
Home Directory: /var/qmail/maildirs/breyes/
Maildir: /var/qmail/maildirs/breyes/Maildir/
Quota: (none)
Encrypted Password: {MD5}X03MO1qnZdYdgyfeuILPmQ==
Cleartext Password: (none)
Options: mailhost=SVR2.pb.local
--> authtest to mailAlternateAddress attribute fails
$ authtest bre...@pb2.xxx.com
Authentication FAILED: Operation not permitted
Thanks a lot for the assist.
