> On Feb 6, 2018, at 9:05 AM, Franta Noska <frano...@stavebninyberanek.cz>
> wrote:
>
> - mailserver will be the target for two domains (old surviving and current
> new)
>
> - users, their aliases and mail groups are in remote LDAP DB with schema
> /objects/values as:
>
> USERS:
> dn: cn=username, ou=rank, o=myorg
> cn: username
> objectClass: Person
> gidNumber: uNNN
> uidNumber: gNNN
> userPassword: (somehow hashed, only bind verification)
> homeDirectory: /Home/$rank/$username
> mailActive: 0/1
> mail: user1@NewDomain
> mail: user2@OldDomain (not all users have old address]
> uid: username
> groupMembership: group DN (can be multiple times for different groups)
I would recommend against an LDAP schema with a multi-valued "mail"
attribute. This attribute is generally used to hold the user's
*primary* email address (e.g. used for canonicalization) and should
be single valued. You should store all the user's addresses (possibly
including a second copy of "mail" for simplicity of queries) as:
mail: user1@NewDomain
mailAlternateAddress: user1@NewDomain
mailAlternateAddress: user1@OldDomain
> Users can have a mail alias with LDAP in form:
> ----------------------------------------------
> dn: cn=alias, ou=Alias, o=myorg
> objectClass: aliasObject
> cn: alias
> aliasedObjectName: user object DN
A much simpler and cleaner form of aliasing, when
the target is just a single user is to add more
"mailAlternateAddress" values to the user object,
rather than create separate alias objects.
Avoid the above.
> and finally there can be mail groups defined as:
> ------------------------------------------------
> dn: cn=groupname, ou=Groups, o=myorg
> cn: groupname
> mailActive: 0/1 (meaning same as for users)
> objectClass: groupOfNames
> member: user DN
> ....
This is fine, but I would give mail groups an email address:
mail: groupname@someDomain
with the group defined in that particular domain, and
not just implicitly all local domains. That way also,
not all unix groups are necessarily email groups.
> And my idea is:
> - postfix MTA (v3.2.4) with some milters (milters not essential)
> - dovecot (v2.3.0) IMAP server and LMTP deliver (with Sieve)
> - postfix, dovecot, user's mail folders on one machine (Centos 7 Linux)
>
> What will be the most appropriate layout for this scenario?
As much as possible avoid local aliases(5) and use virtul(5)
aliases instead. Specifically, when an alias expands to
other email addresses, make it a virtual alias. Use local
aliases(5) just for things that expand to "|pipes",
"/files" and ":include:/paths".
> - local users or virtual users?
> (I think best will be when all mail directory tree will be owned
> by one user account (vmail in lot howtos), but it's really best?)
I'd go with virtual users generally, unless some users really
want control via .forward files. You can use virtual aliases
to rewrite some mailboxes into a local domain.
> - mail folders should be in form '/someTopDir/$username/.mail/' ?
> (because isn't possible have domain part, as the user can have two
> mail addresses in different domains)
If a mailbox has a primary domain, you could still use that.
--
Viktor.
