I need some experienced Dovecot and email administrators to give me some feed back on a project which has been assigned to me.
First some background. What exists now at our college:
Three email gateway systems that route email between the Internet and one of the student email system, the staff email system, or the email list server system. The gateway systems do not route email from an external system to another external system. The MTA on each gateway is Postfix. The MTA of the student email system is Luminis. The MUA of the student email system is a web interface to Luminis. The MTA of the staff email system is Exchange. There are two staff MUA. One is Outlook. The other is Outlook Web Access.
Within our network we have a system (separate from above) that is a LDAP server used for implementing single sign on to many college systems including the student and staff email systems. At this time SASL is not used in any way. There is no authentication of the movement of email. Authentication is only for using a MUA.
It is now proposed that certain staff members should be allowed to be at some remote location and compose an email which will be sent to SOMETHING at our college which will then cause two things to happen.
First, the From: information and Reply-To: information will be re-written from what ever they may be to become that person's college email address.
Second, the email will then be routed to an intended recipient be it within our community or outside of our community.
For examples, if the college president were with a member of the state legislature trying to get information for the state governor, she could send an email via her personal phone system to a college financial person who would never see her personal address. Upon receiving a reply, she then could send the state governor an email and it would appear to the governor as if it came from her college account.
I have been told by my management other colleges are doing this with Postfix and SASL. I posted a question about this to a Postfix list and I was told Dovecot was the best SASL to use for implementing this.
So, the project as it has been described to me is this:
We will make no changes to the three gateway systems. We will add a new gateway system to enable this. This new system will challenge all email being sent to it. It will collect the college account-name and the password which will then be used to see if there is a matching account in the LDAP system. If there is not then the email transfer conversation will quit. If there is a matching account then the header rewrites will occur and the email will be routed.
There are many things I do not understand:
Is if this senario is possible?
Would postfix on the new system do the address re-writes or would Dovecot do it?
What would store the information necessary for the reply routing?
What would happen in one internal address to many external address situations?
If the project was simplified by removing the ability to reply to an email; so it was only a way to route external to external with rewrite is is then possible?
So, I would like some comment on if this is a common or know practice and if Dovecot is used in those situations (if any).
Thank you.
-- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106