> Another, maybe simpler, way to do it would be using LDAP mail routing. > I've no idea if postfix can do this. That way, all the information > needed for mail delivery is centralized in one place, and you don't need > to keep information on what email addresses exist and what mailboxes > they correspond to on both internal and external server. postfix can do ldap, mysql and pgsql. I, for one, install postfix 2.2 over RHEL's postfix package and disable all updates for postfix. > > Basically, you'd use LDAP to store information where the hack user's > mailbox is. You would set mailHost attribute to point to your internal > email server. You would not set mailRoutingAddress attribute. This > would cause your external mail server to forward all email for existing > email addresses to internal host. Your internal host will figure out > that mailHost points to itself, and deliver email to the mailbox. So > you don't need to rewrite email addresses like when using > virtusertables. There's a lot of options when configuring LDAP routing, > so if you go that way, best is to first read and fully understand > documentation. Or you'll get unexpected results and will be generally > dissapointed. postfix is a bit more involved. You have to use the right maps...like the mx postfix should use relay_domains and relay_recipient_maps if there is no address rewriting and the mail store postfix needs to use virtual_mailbox_domains and virtual_mailbox_maps (or maybe not needed...since the mx postfix should have ensured the recipient exists) if you are interested in ditching sendmail. > > Now, the remaining problem is, what to do for people who want to access > their email from outside. You probably don't want to allow direct > POP3/IMAP connections from outside to your internal mail server. You > may consider here several options. Webmail would be very nice approach > in many cases. If you have lots of roaming laptop users that insist on > using their favorite email client from home or when on road, you might > consider setting VPN for them. It kind of adds to the complexity. > Especially if you don't need VPN for other stuff. On the other hand, if > you already have VPN, than you have the solution for accessing email > from outside, right? Another solution might be setting IMAP proxy in > the DMZ. But it is almost as allowing direct connections from the > outside. So I'd leave it as last resort. Hence my question why did he want to move his emails which would have been followed by questions about whether he needs to grant access from outside to the mail store or not.