I feel like I should be able to figure this out, but I just can't get
my head wrapped around enough of the system to get going and if I
screw it up I'm an open relay. If I could just bounce my ideas off of
the list and perhaps get a couple of nudges in the right direction, I
would really appreciate it.
We want a couple of front-end servers accepting mail, scanning it and
passing it on to the appropriate backend server. We have two storage
servers: the WU-IMAP server that we're migrating away from and the
Cyrus server that we're going to. There's also a mailing list server
and a couple of others that can be ignored because they act just like
the list server. Users and aliases are in LDAP; a simple text file
dictates which users are still on the legacy server (although I could
stick that in LDAP as well). I can configure the backend servers
without problems; it's the front end servers I'm stuck on.
So if I understand things, I can leave acl_check_rcpt pretty much
alone: just set relay_from_hosts and relay_do_domains properly. Am I
then safe from relaying if I don't break this?
Then to routers. dnslookup to handle outgoing mail, but it's not as
simple as "domains = ! +local_domains" because each of
relay_to_domains needs special handling. Can I just add
"+relay_to_domains" to the end so only truly remote hosts are handled
by this router?
Then the alias router which does an LDAP lookup. Simple enough.
Then the forward router, although these machines shouldn't be able to
see home directories so I either have to stick it in LDAP or figure
something else out. For users migrated to the Cyrus server, I think
Cyrus can just handle this itself.
There are no local users, so no localuser router.
Then I basically need a manualroute router for each back end server.
The list server and other specific ones come first, but since these
user lists aren't in LDAP I need to do an SMTP call-forward to see if
the address is valid there. (Otherwise I can't bounce at SMTP time,
right?) But I can't figure out how do to this in a router.
The other servers should be easy: the legacy server requires that the
user be in LDAP and the user exist in the "legacy" file. The Cyrus
backend server just requires that the user be in LDAP. Everything
else should bounce.
After I write it out like that, it seems pretty simple. Am I on the
right track here? Any suggestions are appreciated.
- J<
--
Jason L Tibbitts III - tibbs@??? - 713/743-3486 - 660PGH - 94 PC800
System Manager: University of Houston Department of Mathematics
And with death The knowledge comes It was the life all along We'd been afraid of