Tuesday, May 1, 2012

Postfix and Exchange Intergration

A client of mine decided to use Postfix as a SmartHost for Exchange 2010.  This Exchange environment is to be setup as a multi-tenant Exchange environment and as a result the Postfix servers need to understand which SMTP domain namespaces are authoritative within the Exchange environment.  As a result we needed to configure the Linux Postfix server to query Active Directory to determine a list of "Accepted Domains" within Exchange 2010 which are located under the following location within the Active Directory schema.

CN=Accepted Domains,CN=Transport Settings,CN=TSTHOSTING,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=local

The linux distribution used for this config is Ubuntu.

Software packages required:
  • postfix
  • postfix-ldap
  • ldap-utils
  • libldap-2.4-2
apt-get install postfix-ldap will automatically install all required packages.

A seperate configuration file was put together called ad_relay_domains.cf which we placed under /etc/postfix/ad_relay_domains.cf

server_host = 192.168.1.2
server_port = 389
version = 3
bind = yes
start_tls = no
bind_dn = Administrator
bind_pw = MyPassw0rd (__mailto:MyPassw0rd)
search_base = cn=Accepted Domains,cn=Transport Settings,cn=TSTHOSTING,cn=Microsoft Exchange,cn=Services,cn=Configuration,dc=domain,dc=local
scope = sub
query_filter = (msExchAcceptedDomainName=%s)
result_attribute= msExchAcceptedDomainName

  • Server_Host enter the IP address of an AD Domain Controller
  • Server_Port needs to be the standard port for LDAP
  • version must be 3
  • Bind, yes we are creating an LDAP bind.
  • Start_TLS, we are not using a digital certificate on Active Directory (pretty standard).  TLS is more common with AD LDS/ADAM Instances as they are not protected using Kerberos v5.
  • bind_dn enter the user account you wish to bind to Active Directory with.
  • bind_pw is the password that goes with the user account specified under bind_dn.  You must enter it in "password (__mailto:password)" format.
  • search_base is the location in Active Directory where Exchange 2010 stores its accepted domains.
  • scope specifies all sub objects
  • query_filter is the attribute on the accepted domain objects we wish to query.
  • result_attribute is the attribute we are interested in the query result.
This file that contains the above config /etc/postfix/ad_relay_domains.cf must be called from the main Postfix configuration file main.cf.  To call the config we simply need to enter the following symtax into the main.cf file:

relay_domains = _ldap:/etc/postfix/ad_relay_domains.cf

Credits for this solution go to Daniel Borg.

2 comments:

  1. Clint,

    I'm in a situation whereby my company (@domain1.com) has just purchased another company (@domain2.com). domain1 uses Exchange and domain2 uses Postfix. We want to give all domain2 employees a domain1 email address and discontinue using domain2 address, yet keep the Postfix server to host that company's mail.

    Essentially, everyone at both companies will have a domain1 email account, yet the mail database for domain1 needs to be Exchange and the mail database for domain2 needs to be Postfix.

    Is there a way to look at inbound emails and relay them to the appropriate server? How do I ensure outbound mail from the domain2 employees use domain1.com?

    Many thanks.

    ReplyDelete
  2. You want SMTP Namespace Sharing. Check out:

    http://blog.mimecast.com/2011/06/guest-post-migrating-between-email-servers-smtp-namespace-sharing/

    ReplyDelete