I have a need for Postfix to change the destination address of a
message.

For example, I have mail accounts on different network boxes (e.g.
box1.mydomain.com, box2.mydomain.com). I will be getting messages
addressed to user@mydomain, but the message needs to get routed to
box1.mydomain.com. The destination of where "user" lives in stored in
an LDAP database.

Is there a way for Postfix to get this information from the LDAP
database, and rewrite the address so that the message gets delivered to
the correct host?

I don't want to highjack this thread, but I have a similar quandary in
regards to Exchange servers. We have 9 Exch servers, and for both
historical and practical reasons (not wanting to support 2 extra Exch
bridgehead boxes), we would like Postfix to deliver to users homed on
each server individually.

Naturally, all the users have the same @example.com address. Their
accounts are located on exch1.domain.example.com,
exch2.domain.example.com etc. The Postfix server will be living in the
example.com TLD. The user accounts do NOT include an SMTP address of
the form "user@exch1.domain.example.com".

I have no problems with extracting all the users' SMTP addresses, their
usernames and their home MDB servers from the AD via Perl and SCPing it
to the Postfix server in whatever format and number of maps that would
be appropriate.

I am guessing that it's a combination of virtual mailbox domains and
transport maps, but I don't know how to glue it together, if indeed,
it's possible. Multiple non-exchange servers in other subdomains are
similarly affected.

Other than LDAP lookups, I assume it's a similar problem to the
original post. If not, my apologies, and I'll start a new thread.

dsw4@lucent.com wrote:
> I have a need for Postfix to change the destination address of a
> message.
>
> For example, I have mail accounts on different network boxes (
> box1.mydomain.com, box2.mydomain.com). I will be getting messages
> addressed to user@mydomain, but the message needs to get routed to
> box1.mydomain.com. The destination of where "user" lives in stored in
> an LDAP database.
>
> Is there a way for Postfix to get this information from the LDAP
> database, and rewrite the address so that the message gets delivered to
> the correct host?
>

Yes.

It's done by adding an LDAP query to the virtual_alias_maps in main.cf,
such as:

virtual_alias_maps = ldap:$config_directory/ldap.cf

The left hand side of the table is usually the "mail" attribute in the
LDAP database:

query_filter = (mail=%s)

The right hand side of the table is whatever LDAP attribute holds the
email address you want it to go to, such as mailroutingaddress


result_attribute = mailroutingaddress

--
Greg

Trix wrote:
> I don't want to highjack this thread, but I have a similar quandary in
> regards to Exchange servers. We have 9 Exch servers, and for both
> historical and practical reasons (not wanting to support 2 extra Exch
> bridgehead boxes), we would like Postfix to deliver to users homed on
> each server individually.
>
> Naturally, all the users have the same @example.com address. Their
> accounts are located on exch1.domain.example.com,
> exch2.domain.example.com etc. The Postfix server will be living in the
> example.com TLD. The user accounts do NOT include an SMTP address of
> the form "user@exch1.domain.example.com".
>
> I have no problems with extracting all the users' SMTP addresses, their
> usernames and their home MDB servers from the AD via Perl and SCPing it
> to the Postfix server in whatever format and number of maps that would
> be appropriate.
>
> I am guessing that it's a combination of virtual mailbox domains and
> transport maps, but I don't know how to glue it together, if indeed,
> it's possible. Multiple non-exchange servers in other subdomains are
> similarly affected.
>
> Other than LDAP lookups, I assume it's a similar problem to the
> original post. If not, my apologies, and I'll start a new thread.

Your scenario sounds similar to the original posting.

The easiest thing from an ongoing maintenance standpoint is to have the
email address info located in the LDAP directory. Typically the external
email address (user@example.com) is in the "mail" attribute, and
the hidden internal routing (user@exch1.example.com) is in the
"mailRoutingAddress" attribute.

Postfix is then configured to perform an LDAP query ala virtual_alias_maps.

It could also be done using a "transport" map. The left hand side is the
external mail address, and the righthand side is an LDAP attribute pointing
to the exchange server to send it to.

--
Greg

Thanks for your response, Greg.

Unfortunately, Active Directory does not contain a
"RoutingAddress"-type attribute, only the user's HomeMTA (and their
username is not part of that attribute, it's a separate one). We really
do not want to have to customise the AD to add an additional attribute
of the form "u...@exch1.example.com" (with thousands of users and
dozens of mailbox moves a week, it'd be a nightmare to administer).

This is the problem with Exchange in that users belong to the Exchange
Organisation (or AD) and not to a specific server as a local user.

I was hoping that with transport maps we could specify a
"next-hop"-type thing where u...@example.com somehow automagically
knows its mail needs to be delivered to exch1 without having to provide
a fully qualified u...@exch1 address. Well, it was a nice idea while it
lasted. :-)

Trix wrote:

> I was hoping that with transport maps we could specify a
> "next-hop"-type thing where u...@example.com somehow automagically
> knows its mail needs to be delivered to exch1 without having to provide
> a fully qualified u...@exch1 address. Well, it was a nice idea while it
> lasted. :-)

You can do that. The question is how much effort you want to put into it.

You can build and maintain a manual list of users in the transport file, such as:

user1@example.com smtp:[exch1.example.com]
user2@example.com smtp:[exch2.example.com]

What some large companies have done for this same situation, is to deploy an
enterprise directory, and populate it with attributes from the AD, plus
any new attributes they require, such as mailRoutingAddress or mailHost.

It's also pretty easy to build a simple OpenLDAP database, and have Postfix query it,
versus using a transport file.

It all just depends on how you want to do it.

--
Greg

That's fantastic! I hadn't seen an example of putting individual
recipients into the transport map.

Populating our own OpenLDAP database from the AD dump is a great idea
too, since, as you say, we can then construct our own
mailRoutingAddress or mailHost. I gather that queries to any database
take a performance hit compared to looking up a hash table - how would
they compare over several thousand entries (but less than 10,000)?

If the performance would be similar, or better, then OpenLDAP might be
the way to go (it'll also be easier to maintain redundancy for two
gateway servers).