Re: Sharing a domain with Exchange

Fri, 05 May 2017 17:24:12 -0700 

> On May 5, 2017, at 5:21 PM, John Anderson <john.ander...@chickasaw.com> wrote:
> 
> My first post to a mailing list, I am sure this is a simple thing that I am 
> overlooking, but even a two week old case with RHEL and I am not hitting on 
> the answer. Please help if you can/want.
> 
> Situation:
> Single postfix server and an exchange 2013 server. The company is wanting to 
> keep the same domain across both systems. I am using ldap lookups for virtual 
> domains, this is working great. Internet bound email is also working great. I 
> attempted using an ldap transport lookup keying off a group (the idea is a 
> user not in the group relay to the exchange FE for internal routing). 

The only sane way to share a single virtual domain across two mail stores is
to use virtual_alias_maps to rewrite envelope recipient addresses from the
share domain to two distinct domains one per mail store.

Ideally both mail stores support internal names for each recipient:

        # External form         Internal Form
        us...@example.com       us...@store1.example.com
        us...@example.com       us...@store2.example.com

Each of the mail stores would recognize the internal address
form as a valid address for the user whose "public" address
lies in the shared domain namespace.

Exchange supports this easily via multi-valued proxyAddresses:

        ; A mailbox-enabled user
        mail: us...@example.com
        proxyAddresses: smtp:us...@example.com
        proxyAddresses: smtp:us...@store1.example.com
        mailRoutingAddress: us...@store1.example.com

        ; A non-mailbox-enabled user
        mail: us...@example.com
        proxyAddresses: smtp:us...@example.com
        proxyAddresses: smtp:us...@store2.example.com
        mailRoutingAddress: us...@store2.example.com
        targetAddress: smtp:us...@store2.example.com

The "mailRoutingAddress" attribute may need to be added
to the Active Directory schema.  You can use any name that
works for you, but the idea is that Postfix will query LDAP
for "proxyAddresses -> mailRoutingAddress" mappings as its
LDAP-based virtual alias table.

You make the primary domain of Exchange be "store1.example.com"
(for which it is then fully authoritative).  The users whose
mail is not stored in Exchange get contact objects that route
to "us...@store2.example.com".

Your Postfix transport table is then trivial, all the magic is
in the virtual alias table.

-- 
        Viktor.

Reply via email to