Solved

SMTP relay server on Solaris 9 setup.............

Posted on 2004-09-14
9
1,623 Views
Last Modified: 2013-12-21
I am looking to setup an SMTP relay server within a Solaris 9 box.

The setup is as follows,

The smtp relay server will sit within a DMZ zone and will receive all the company email traffic.

If the email is addressed for jim@company.com then it will be forwarded on by the relay server, through the firewall and on to the company lotus notes server, which in turn will forward the mail to the recipient.

However, if the email comes in with the address john@application.company.com, then this will be forwarded through the firewall, onto a solaris 9 system which will then place it in the relevent users mailbox on that system.

It also must work the other way. The Solaris server must be able to send emails to the relay server, then it must be able to distinguish decide what type of email should go where. i.e. if the email is from user@application.company.com, then it will be forwarded onto a secure network gateway. If it is a normal mail (jim@company.com) then this must be forwarded out onto the internet as normal.

A lotus notes domino server on an intel machine was mentioned to act as a relay server, but if sendmail can provide the same function then it would be preferable to use it.

Any help at all would be greatly appreciated

Cheers.
0
Comment
Question by:Grass-hopper
  • 5
  • 4
9 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 250 total points
ID: 12053700
This isn't very difficult to do. If there's only a single domain involved (company.com) you could use aliases records for each account, like:

user1@company.com:                        user1@notes.company.com
...
user1@application.company.com:  user1@sol9.company.com
...

If there's more than one domain involved you'd need to use virtusertable records, like:

user1@company.com                        user1@notes.company.com
...
user1@application.company.com  user1@sol9.company.com
...

In either case the MX records for the domain would point to the relay box and it would need local-host-name like:

relay.company.com
application.company.com
company.com

And it will be necessary to use a "define(`LUSER_RELAY', `relay.company.com')" in the sendmail.mc on the internal Solaris 9 box to cause it to relay all mail that looks like a local address but doesn't correspond to a local accout to the relay server. And you'd need to do the logical equivalent of that on the Notes server.
0
 

Author Comment

by:Grass-hopper
ID: 12062365
ok, I'm just learning sendmail so go easy on me...........

I think I understand the concept of adding the domains etc, however there is aproblem there as we currently do not have dns rolled out within our network. We have a DNS server available and running, but there are no domains setup within it. The primary lotus notes server within the corperate network (not the dmz) is not using DNS. The current setup is that all mail directed towards our company comes to a gateway which in turn relays all the mail to the notes server.

However, the relay server and the solaris 9 system will both use DNS and will come under a newly created domain.

Will the lotus notes server have to use DNS for this to be implimented?

Also, where would you put the setting to forward any mails from the relay server to a specific gateway if they have a certain email adress - i.e. user1@application.company.com would go to one gateway's and user1@company.com would go to another?
0
 
LVL 40

Expert Comment

by:jlevie
ID: 12066213
It doesn't matter whether DNS is being used by the protected network. From the relay server's view all that matters is that the server be able to equate the hostname in the target of the alias or virtusertable record with an IP. That can be done in the hosts file of the relay servers. You will have to configure the internal email servers to accept mail addressed to ath hostname.

The alias or virtusertable maps that I described above handle the routing. The left hand side (LHS) is the address of mail as it received by the relay server. The right hand side (RHS) is where the mail be forwarded to.
0
 

Author Comment

by:Grass-hopper
ID: 12074472
OK, so within the virtusertable can I just put the name of the server on the right hand side then if it is declared within the /etc/hosts?

for example,

@company.com                     lotusnoteserver
user1@application.com           solaris9box (this is for any incoming mail from secure gateway to be forwarded on to only a specific user setup within the solaris 9 box)
@application.company.com     securegateway

Also, where would you put the entry for ANY mails coming from the lotusnotes server - destined for external addresses - to go through a specific gateway?

Is this some sort of filter required?

Cheers.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:Grass-hopper
ID: 12074552
sorry,

second line in example should be

user1@application.company.com                     solaris9box

Cheers.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 12074681
Notice that my examples had a username on the right hand side. Using that form will require you to enumerate each user in the virtusertable. However you can do:

@comany.com                              %1@lotusnotesserver
@application.company.com      %1@securegateway

No special rule is needed to handle outgoing email sent by notes through the relay.
0
 

Author Comment

by:Grass-hopper
ID: 12075133
the relay server is receiving the mail from the solaris9 system ( i can see the traffic between the two by using snoop on the relay server), but by the looks of it - is just sending it back to the solaris9 system.

I tried to send a test message from the solaris9box addressed to myemail@company.com (not actually sending to myemail@company.com - just substituted address for security purposes)

Root on the solaris9box then gets a mail with following error message..............

550 5.1.2 <myemail@company.com>... Host unknown (Name server: mycompany.com: host not found)


Final-Recipient: RFC822; myemail@company.com
Action: failed
Status: 5.1.2
Remote-MTA: DNS; company.com
Diagnostic-Code: SMTP; 550 Host unknown
Last-Attempt-Date: Thu, 16 Sep 2004 15:20:59 +0100 (WEST)

my /etc/mail/virtusertable looks as follows:

@company.com                          %1@lotusnotesserver

I also ran the the following command after editing the virtusertable:

makemap hash /etc/mail/virtusertable < /etc/mail/virtusertable

and also restarted sendmail.

Still no joy.

Any ideas?
0
 
LVL 40

Expert Comment

by:jlevie
ID: 12076164
What you are seeing on the solaris9 box is a natural result of trying to use Domain Based addressing on a machine that's not configured to be a member of a Domain Based environment. You addressed the message to user@company.com.  The solaris9 box doesn't know that it is a part of that domain, since its hostname doesn't contain the domain information. Accordingly Sendmail tried to find the MX record for the domain by a DNS lookup, but that failed (Name server: mycompany.com: host not found). So it can't fingure out what to do with the message.

I'd solve the problem rather than trying to treat the symptoms. That would mean fixing the machine configuration so that it has a Fully Qualified Domain Name (FQDN). A side affect of that is that it could break existing applications and they'd need "adjusting". But eventually you'll need to fight that battle anyway.

With the solaris9 box reconfigured to be solaris9.company.com you can use an LUSER_RELAY definition in its Sendmail config and it'll know what to do with the mail.
0
 

Author Comment

by:Grass-hopper
ID: 12082408
Ahh, I see.

This will need to be looked at with the infrastructure team then to see about reviewing the DNS setup.

Everything else up to that point is working so you have answered my original question, hence points awarded.

Thanks for all your help.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
removing nim resources 5 48
Unix / Linux grid computing 5 147
Unix Question 19 45
How to make a Bash alias that takes parameters 5 31
A metadevice consists of one or more devices (slices). It can be expanded by adding slices. Then, it can be grown to fill a larger space while the file system is in use. However, not all UNIX file systems (UFS) can be expanded this way. The conca…
I promised to write further about my project, and here I am.  First, I needed to setup the Primary Server.  You can read how in this article: Setup FreeBSD Server with full HDD encryption (http://www.experts-exchange.com/OS/Unix/BSD/FreeBSD/A_3660-S…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now