[Dovecot] Can Dovecot do this...

Tue Mar 30 20:50:42 EEST 2010

I need some experienced Dovecot and email administrators to give me
some feed back on a project which has been assigned to me.

First some background.  What exists now at our college:

Three email gateway systems that route email between the Internet and
one of the student email system, the staff email system, or the email
list server system. The gateway systems do not route email from an
external system to another external system. The MTA on each gateway is
Postfix. The MTA of the student email system is Luminis. The MUA of
the student email system is a web interface to Luminis. The MTA of the
staff email system is Exchange. There are two staff MUA. One is
Outlook. The other is Outlook Web Access.

Within our network we have a system (separate from above) that is a
LDAP server used for implementing single sign on to many college
systems including the student and staff email systems. At this time
SASL is not used in any way. There is no authentication of the
movement of email. Authentication is only for using a MUA.

It is now proposed that certain staff members should be allowed to be
at some remote location and compose an email which will be sent to
SOMETHING at our college which will then cause two things to happen.

First, the From: information and Reply-To: information will be
re-written from what ever they may be to become that person's college
email address.

Second, the email will then be routed to an intended recipient be it
within our community or outside of our community.

For examples, if the college president were with a member of the state
legislature trying to get information for the state governor, she
could send an email via her personal phone system to a college
financial person who would never see her personal address. Upon
receiving a reply, she then could send the state governor an email and
it would appear to the governor as if it came from her college
account.

I have been told by my management other colleges are doing this with
Postfix and SASL. I posted a question about this to a Postfix list and
I was told Dovecot was the best SASL to use for implementing this.

So, the project as it has been described to me is this:

We will make no changes to the three gateway systems. We will add a
new gateway system to enable this. This new system will challenge all
email being sent to it. It will collect the college account-name and
the password which will then be used to see if there is a matching
account in the LDAP system. If there is not then the email transfer
conversation will quit. If there is a matching account then the header
rewrites will occur and the email will be routed.

There are many things I do not understand:

Is if this senario is possible?

Would postfix on the new system do the address re-writes or would
Dovecot do it?

What would store the information necessary for the reply routing?

What would happen in one internal address to many external address
situations?

If the project was simplified by removing the ability to reply to an email;
so it was only a way to route external to external with rewrite is is then
possible?

So, I would like some comment on if this is a common or know practice
and if Dovecot is used in those situations (if any).

Thank you.

-- 
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106