I have only one IP address and want to proxy two serpate organisatione with Nethserver behind a frontend Nethserver. It works for Web, Nextcloud with the reverse proxy and it seems it is possible to forward Email to SMTP backend servers. But how to forward IMAP to the backend servers, so that members of each organisation can access the emails with IMAP?
It seems dovecot supports this type of configuration.
https://doc.dovecot.org/configuration_manual/authentication/proxies/
Hi Carsten!
This IS possible, SSL has it’s caveats but usable…
But you’ll need to heavily customize the templates, I assume!
Start with:
mkdir -p /etc/e-smith/templates-custom/etc/dovecot/dovecot.conf/
cp -r /etc/e-smith/templates/etc/dovecot/dovecot.conf/* /etc/e-smith/templates-custom/etc/dovecot/dovecot.conf/
Adapt as needed, then expand the template and restart dovecot.
expand-template /etc/dovecot/dovecot.conf
systemctl restart dovecot
check with
systemctl status dovecot
If possible, use a VM environment for testing first, at least until you have the basics together.
Clients like Thunderbird will have less issues, I assume the biggest challenge will be mobile phones! Test well!
I have done this, but without the external IMAP / SMTP access - that wasn’t required by my client.
Outgoing was set using smarthost on the internal NethServers, and a dedicated smtp-clientname user for each NethServer “Backend” behind the “Mailrelay” NethServer.
Tip: Have a user maillog on the Frontend, with automatic BCC enabled - at least for starting, until you’re sure no mails get lost! If legal and client wants it, (and you have space) you can keep that for protocoll / archiving reasons…
My 2 cents
Andy
What did you configure in dovecot, when you didn’t need external IMAP access?
The SMTP forward is working out of the box from the GUI, isn’t it?
Hi
In my case it was two companies sharing the same Internet. The Firewall was an OPNsense, the other (smaller) company used OPT1, the main company used LAN.
The smaller company rented rooms from the bigger company. They only had 4 users and did not require external access for mail except Webmail (Roundcube).
Both companies had their own NethServer.
Only the larger company used external IMAP mail, so all IMAP ports were forwarded to the main companies NethServer.
The smaller company only used IMAP internally, and their Nethserver used the main NethServer as Smarthost (Worked out of the box on Neth). I did have to set firewall rules to allow SMTP from one net to the other, create an smtp-companyb user on the main NethServer. Some external DNS entries were needed additionally. (SPF, DKIM Dmarc…) Another thing: In each NethServer, the “other” network was placed in “trusted networks”.
To be honest, the smaller company didn’t want to spend money on a second static IP or their own Internet connection - and didn’t really want to pay for my work either… (They did, but grudgingly and very late!).
My 2 cents
Andy
Dovecot on both NethServers needed NO extra configuration…