Have you looked at using Sophos UTM to interface between your ISP and the ClearOS box?

It supports multiple domains and can set up profiles to direct web and mail traffic to different (virtual) servers.

The home version is free

Thank you guys....

this is a similar setup
i will try to make a diagram of the setup, mean while this is the setup that I whant to deploy:
http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,398/

Philippe Eveleigh wrote:

This really depends on the client email you use. I use Squirrelmail and Sogo and I can send on behalf of any domain name I want (My Sogo required LDAP structure changes)

Granted, although COS 6.5 by default doesn't allow this. Reading the documentation it would appear that this was possible in COS5, but removed from COS6. I could be wrong though.
I've certainly used the Destination domain section to pick up email from a .org domain as well as our default .org.uk domain. All replies go out from the .org.uk domain.

[quote]then you can do what Nick suggested. example.org is down as the parent, and example.org.uk and example.org.fr etc. are added to the 'Destination Domains'.

Yes but

the 'Mail forwarding' section would do what gerardoandrade wants

How do you do this ?[/quote]
Haven't actually tried it, but the forwarding section asks for a mail domain and a destination host .. I read this to means (interpreting the user manual) that you can define a local IP to redirect traffic for a particular email domain - and given it appears to have capability for multiple entries, it suggests you can send example.org to one machine and example.org.uk to a second.

I don't think ClearOS Professional will solve controlling of users, if by controlling users it means having an independent set of users for each email domain. It will only let you replicate the directory between master and slave to my understanding - its the same directory, the same name space, etc...

This would let you host an email domain on the master and a different one on the server, but its still a single directory, so the users would be shared...

Not sure if having an email server for each domain on different COS systems (one on master, one on slave) but sharing the directory would solve the issue. The email would be distributed to the correct email for the domain (setting up as you suggest), but you'd still be able to send email to user1@domain1.com and user1@domain2.com - they'd BOTH be valid - though sending to domain1.com vs domain2.com WOULD cause them to be in different mailboxes. Things like Zarafa though would most likely just point against the domain of the master (or the first COS system that handles the mail and forwards to the second).

Technically, with OpenLDAP one can configure separate directories on each system, and allow one system to search the directory of the other, in addition to its own. That said, I doubt the ClearOS webconfig would like this very much... Probably depends on which app was used. I'd refer to this capability as Federation. There are multiple ways to do this, but again, don't know about how ClearOS would handle it.

ie: being able to have user1@domain1.com and user2@domain2.com going to the correct email servers, not allowing user1@domain2.com and user2@domain1.com to be valid for email (unless specifically configured), and having separate LDAP directories for domain1.com and domain2.com, but allowing some users from domain1.com to be able to login to domain2.com and vice versa (given appropriate settings to allow this access) for certain tasks so as not have to create users in all domains with separate passwords, etc.

Longer term I'll most likely try to tackle this issue as I'll have similar needs in the future. The first step is figuring out how to get the OpenLDAP configuration correct (which probably should be relatively easy, I've already investigated it, and it does not sound hard). The much more difficult issue would be how to get WebConfig to handle it correctly - which undoubtedly is much more difficult, and would be a lot more development touching a lot of components I'd bet. Probably doable though by playing around with the LDAP search space for each app selectively - wouldn't doubt it would break something else though.

Somewhat related to my comments on "Zombie" mode (in the Directory forum here) where one system has no directory but points to another. But doing a Federated group of directories would be much more involved.

BTW - the term "Federation" has a LOT of different meanings, not sure I'm using the same definition Microsoft uses for Active Directory, etc. Basically the idea of federation as I use it means that two different directories can be used by two different groups (or even companies) and managed by those individual groups and companies, but then users from one can be granted access to certain services in another through a "trust" relationship (one side agrees to "trust" certain users from another restricted to certain functionality). Pretty common at the corporate enterprise level - both between companies and even within large organization.

If you just want to receive from multiple email domains and are happy to respond from (for eample) user@example.org when the email was received from example.org.uk,

This really depends on the client email you use. I use Squirrelmail and Sogo and I can send on behalf of any domain name I want (My Sogo required LDAP structure changes)

then you can do what Nick suggested. example.org is down as the parent, and example.org.uk and example.org.fr etc. are added to the 'Destination Domains'.

Yes but

the 'Mail forwarding' section would do what gerardoandrade wants

How do you do this ?

If you just want to receive from multiple email domains and are happy to respond from (for eample) user@example.org when the email was received from example.org.uk, then you can do what Nick suggested. example.org is down as the parent, and example.org.uk and example.org.fr etc. are added to the 'Destination Domains'.
Alternatively it would seem that the 'Mail forwarding' section would do what gerardoandrade wants .. although it appears he'd need to set up an intermediate mail gateway between his existing server and his proposed new servers as well.

... and forwards the mail for the other two domains to the other two instances of ClearOS ..... if I've understood the docs correctly.

Wouldn't that not create an infinite loop ??? the mail would always be sent back to the first COS instance since all three WAN domain MX records would point to one hostname. I am not certain if it is possible to reconfigure your internal DNS to ignore the WAN MX records and forward the mail to specific LAN servers?

I have configured my COS server for Multiple Mail Domains and the DNS MX records for all my domains to point to one hostname i.e. one mail server to receive all the emails and that works well but not certain if this is what gerardoandrade wants ??

Philippe Eveleigh wrote:

Hopefully I am understanding the question correctly...

mx records are associated with hostname. I believe you are going to need to purchase a few public ip's.

The way I am suggesting only uses one public IP. All mx records point to the single IP. The Linksys forwards all mail to one instance of ClearOS. That instance of ClearOS processes mail for one domain and forwards the mail for the other two domains to the other two instances of ClearOS ..... if I've understood the docs correctly.

The problem I have is how to control the users on three different ClearOS instances on the same LAN. Presumably ClearOS Pro as that can replicate LDAP but then you get the same issue that user1@domain1.com will be the same person as user1@domain2.com. If that is the case why not just handle all three domains on a single server?

Hopefully I am understanding the question correctly...

mx records are associated with hostname. I believe you are going to need to purchase a few public ip's.

Now for the difficult part:

all routing and dns are bing handled by a linksys router.

The configuration of the linksys router to configure all the above wan ip's to be properly routed ??? Maybe more information on the router ??

A COS gateway would be configured by using the 1 to 1 NAT or DMZ Firewall configuration

I am not too knowledgeable on mail and only answered because no one else did. Did you follow my link about mail forwarding? I am not sure how you could then effectively manage your users.

Thanks Nick Howitt,

The problem is that ClearOS won't support Virtual Mail Domains (see link below), and i read some where that the solutions was to create a Virtual ClearOs Machine per eMail Domain but how will i re-direct traffic to each Virtual Email server?
for example there will be the following incoming email traffic looking for this domains:
support@domain1.com
sales@domain2.com
otherdomail@domain3.com
how will i redirect the traffic to each Virtual Machine?


Thanks!

http://www.clearfoundation.com/docs/articles/support_for_multiple_mail_domains_in_clearos

Have you seen this document? I think the Destination Domains section is relevant if you want to keep all domains on a single server. I believe the restriction here is that if you receive mail as user@domain.1 you will also receive mail as user@domain.2.

The Mail Forwarding section allows you to have one external e-mail point but could feed mail through to different servers. The problem I see here is that each server has a different LDAP/user database so you are going to have fun trying to set up your users.