郵件伺服器更改網域名稱,如何讓寄到舊有Mail Address的郵件relay到新的Mail Address

使用 Postfix Address Rewriting 的功能,可以幫助我們達成任務

情況概述:
因公司有意將公司所註冊的網域更名,所以公司用的郵件地址也要跟著變動。公司目前的郵件伺服器為Exchange2000,可能會再購買Exchange2010來作為新網域的郵件伺服器。這時有個問題就因此產生,寄到舊MailAddress的郵件該如何送到新的郵件伺服器呢?如何才能在這新舊網域交替之際不會有郵件訊息遣漏掉呢?

想法:
使用一台Postfix郵件伺服器來當作Mail Gateway,接收舊郵件地址的Mail並利用Postfix Address Rewriting 的功能,修改郵件的標頭資訊將舊網域的MailAddress改為新網域的MailAddress,最後在Relay到新的網域的郵件主機。

架構說明:

舊有架構
1. 外部DNS指定舊網域的信件由SPAM收下
2. SPAM過濾完垃報郵件後,送至郵件備份的GateWay
3. 備份完郵件後,最後送至Exchange2000使用者的MailBox供使用者使用存取

新的架構
I.新網域
1. 外部DNS指定新網域的信件由SPAM收下
2. SPAM過濾完垃圾郵件後,送至郵件備份的GateWay做郵件備份
3. 備份完郵件後,最後送至Exchange2010使用者的MailBox供使用者使用存取
II.舊網域
1. 外部DNS指定舊網域的信件由Postfix收下
2. Postfix利用Rewriting Address的功能,將舊網域的位址轉為新網域的位址並將rewriting address後的郵件relay至SPAM進行垃圾的過濾
3. SPAM過濾完垃報郵件後,送至郵件備份的GateWay做郵件備份
4. 備份完郵件後,最後送至Exchange2010使用者的MailBox供使用者使用存取

實作:
前提:有一台postfix的伺服器並已經設定可以利用舊有網域的AD做帳號認証的動作,且可以收下舊網域的電子郵件。

啟用canonical_map用來rewrit address

/etc/postfix/main.cf: #修改postfix的設定檔加入下面這一行設定
canonical_maps = hash:/etc/postfix/canonical
修改完後記得postfix restart

/etc/postfix/canonical: #修改rewrite address規則定義的檔案
#用空格或tab隔開前者為原來的address,後者為欲更改的address
wietse Wietse.Venema #對帳號做改寫的動作
@old.domain.com @new.domain.com #或是針對域名做改寫的動作
wietse@old.domain.com wietse.venema@new.domain.com #針對完整的mailaddress做改寫的動作
設定完成後用postmap /etc/postfix/canonical使設定生效
#在postfix上也要確定可以由nameserver查詢到新舊兩個網域名

測試:
postfix的伺服器上測試
mail sc.yang@toyoink-ct.com.tw
subject:test
test
.
查看郵件記錄檔
Mar 8 16:53:51 mail3 sendmail[3125]: p288rpVL003125: from=root, size=52, class=0, nrcpts=1, msgid=, relay=root@localhost
Mar 8 16:53:51 mail3 postfix/smtpd[3126]: connect from centos2.toyoink-ct.com.tw[127.0.0.1]
Mar 8 16:53:51 mail3 postfix/smtpd[3126]: D22AD27E73D: client=centos2.toyoink-ct.com.tw[127.0.0.1]
Mar 8 16:53:51 mail3 postfix/cleanup[3129]: D22AD27E73D: message-id=
Mar 8 16:53:51 mail3 postfix/qmgr[2466]: D22AD27E73D: from=, size=597, nrcpt=1 (queue active)
Mar 8 16:53:51 mail3 sendmail[3125]: p288rpVL003125: to=sc.yang@toyoink-ct.com.tw, ctladdr=root (0/0), delay=00:00:00, xdela
y=00:00:00, mailer=relay, pri=30052, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (Ok: queued as D22AD27E73D)
Mar 8 16:53:51 mail3 postfix/smtpd[3126]: disconnect from centos2.toyoink-ct.com.tw[127.0.0.1]
Mar 8 16:53:53 mail3 postfix/smtp[3130]: D22AD27E73D: to=, orig_to=, relay=toyoink-chemical.com.tw[192.168.0.117]:25, delay=1.2, delays=0.08/0/0.01/1.1, dsn=2.6.0, status=sent (250 2.6.0 [InternalId=1] Queued mail for delivery)
Mar 8 16:53:53 mail3 postfix/qmgr[2466]: D22AD27E73D: removed

如果有出現這樣的訊息表示成功了。

附註:
測試時為內部網路測試,所以沒有經過SPAM做過濾的動作,直接將postfix收到舊網域的郵件給relay至新的網域去。

如果直接relay至exchange2010的話,可能出現帳號認証的錯誤。然後,就將我們由postfix relay的信件給退信。
訊息如下:
Mar 8 16:40:45 mail3 postfix/smtp[3089]: 0B67C27E73D: to=, orig_to=, relay=toyoink-chemical.com.tw[192.168.0.117]:25, delay=5.1, delays=0.06/0/0.05/5, dsn=5.7.1, status=bounced (host toyoin
k-chemical.com.tw[192.168.0.117] said: 530 5.7.1 Client was not authenticated (in reply to MAIL FROM command))

如何解決relay至exchange拒收的問題呢?
可以參考以下這篇回應
After some in-depth googling, I found that there is no easy/possible way to do this from the linux side.

I then start reading on the specific error:
530 5.7.1 Client was not authenticated (in reply to MAIL FROM command)

This is an error that postfix receives from MS Exchange and logs to /var/log/maillog. Here’s the fix:

1) Login to the Exchange Server.

2) Open EMC (Exchange Management Console) > Server configuration > Hub Transport > SERVER NAME.

3) In the panel below, right-click in the free space and select: New Receive Connector. Then follow the wizard:

NAME: give any appropriate name
ClearOS

Select the intended use for this Receive Connector:
Internal

Click Next

Click the Add button: enter an IP Address
192.168.0.2
(if a mask ends up in the window, select and delete it)

Click Next

At the end of the wizard, click the Finish button.

You should see the new (ClearOS) Receive Connector in the bottom window now.

4) Double-click on it > Permission Groups tab:
Check the box for Anonymous users; Apply and OK.

5) Send some more messages from an external source (gmail, yahoo, whatever) and tail -f /var/log/maillog.

You will see the error (530 5.7.1 Client was not authenticated) is no longer logged and mail ends up in the users inbox.

Exchange 2007 will now accept mail from the postfix mail cleaner.

exchange2010設定方法:

參考來源:
postfix心得Postfix Address RewritingClient was not authenticated in reply to MAIL FROM

發表迴響

在下方填入你的資料或按右方圖示以社群網站登入:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / 變更 )

Twitter picture

You are commenting using your Twitter account. Log Out / 變更 )

Facebook照片

You are commenting using your Facebook account. Log Out / 變更 )

Google+ photo

You are commenting using your Google+ account. Log Out / 變更 )

連結到 %s