Sunday, January 22, 2012

SMTP NAT with Sendmail

This post is closely related to my previous one. Big difference is that in this case company we bought had Lotus Notes based email system that had to be kept running concurrently with new common email platform for several months. Well, actually it is still running to some extent over 4 years later but that's another story.



Because our in-house Lotus Notes knowledge was non-existent and company bought had let their support agreement expire no one dared to touch Notes side. Requirements had to be fulfilled some other way.

What we deciced to do is install new virtual machine running Linux with Sendmail. MX settings for Internet facing DNS zone of company bought were changed to route all inbound email to this new server. For inbound mails Sendmail would then translate recipient address *@somecompany.com to *@ourcompany.com and route them to our existing email system. For outbound mails sent from old Lotus Notes same Sendmail translates sender address *@somecompany.com to *@ourcompany.com. We ended up changing SMTP smarthost on Lotus Notes side (only Notes change made). You could also easily hack some DNAT rule in your firewall to force any outbound SMTP connections from Notes to go to your Sendmail instead.

Don't forget antispam and antivirus filtering either. One option is to pass all inbound mails thru your existing filtering setup and then divert somecompany.com to Sendmail instead of sending them directly to Lotus Notes or Exchange.

First list of changes required in /etc/mail/sendmail.mc. These are against Centos 5. You should be able to use these as-is by just swapping your own Intranet MX and domain names.
-dnl define(`SMART_HOST', `smtp.your.provider')dnl
+define(`SMART_HOST', `intranet-mx.ourcompany.com')dnl

-DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
+dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
+DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl

-dnl MASQUERADE_AS(`mydomain.com')dnl
+MASQUERADE_AS(`ourcompany.com')dnl

-dnl FEATURE(masquerade_envelope)dnl
+FEATURE(masquerade_envelope)dnl

-dnl FEATURE(masquerade_entire_domain)dnl
+FEATURE(masquerade_entire_domain)dnl

-dnl MASQUERADE_DOMAIN(localhost)dnl
+MASQUERADE_DOMAIN(somecompany.com)dnl

+FEATURE(`genericstable')dnl
+GENERICS_DOMAIN_FILE(`/etc/mail/generics-domains')dnl
+FEATURE(`allmasquerade')

+LOCAL_CONFIG
+F{VirtHost}/etc/mail/virtual-domains

Then we have to also edit bunch of other Sendmail config files.
/etc/mail/access:
192.168 RELAY

/etc/mail/generics-domains
somecompany.com

/etc/mail/genericstable
@somecompany.com %1@ourcompany.com

/etc/mail/mailertable
ourcompany.com esmtp:[exchange01.ourcompany.com]

/etc/mail/virtual-domains
somecompany.com

/etc/mail/virtusertable
@somecompany.com %1@ourcompany.com

Remember to run "make" in /etc/mail/ and restart sendmail service so changes you made take effect.

You might have noticed that we completely skipped part of how to send copies of emails to users still on Lotus Notes? We ended up doing that via Exchange. So all user accounts we created for users coming from company bought were initially set with sending copy of all inbound mail to old Lotus Notes address.

Also before anyone asks why we simply didn't add somecompany.com addresses as secondaries on Exchange side reason was politics. Department that was responsible for Exchange servers decided in their ultimate wisdom that since somecompany.com domain was to be phased out within next year it should not be added to Exchange configuration for migration period. Therefore we had to come up with something else. As we were going to need SMTP NAT for outgoing emails coming from Lotus Notes anyway this was easy solution.

No comments:

Post a Comment

Got something to say?!