I wish to host some managed email servers for some customers. Each customer will have their own email server which will be an all-in-one virtual machine running postfix, dovecot and some webmail suite.
Even though each customer will have their own server, I do not wish to give each email server it's own public facing IP. I wish to avail the use of proxy servers so all customers use the same public IP. As for the "smtp-in" from the public internet, this isn't a problem as I can set up many mx servers (using postfix) which will store-and-forward the mail to the correct server (using transport maps). As for the IMAP access from the customer, I was thinking of using perdition which is an IMAP proxy - I believe that this will suit my needs.
I am confused however on what to use for the "smtp-out" proxy. The customers will have to authenticate with their receptive email server, however they will have to go via a proxy of some sort as they won't have direct access to their server instance. It probably can't be a store-and-forward proxy either.
Does anyone have any idea on what I could use here?
Many Thanks
I could see a few options.
For mail read ( imap ), and write ( smtp ) force them to use a web front end. You can then either use something like squirrelmail, or round cube. Have that server talk imap and smtp to their server. Their server would then either go out a NAT connection, or relay through a server with public access.
Skip this multiple vm, ( one for each customer ). Dovecot, and Postfix on linux can be setup to use a mysql backend, so users authenticate with their email address and password.
If you require their mail to be stored in imap on different systems, then still use dovecot/postfix, but have one smtp server that knows which server to send their email to, but if its outbound to the internet, they still authenticate against the mysql db table. http://johnny.chadda.se/article/mail-server-howto-postfix-and-dovecot-with-mysql-and-tlsssl-postgrey-and-dspam/ covers the setup of postfix and dovecot using mysql.
Why do they have to authenticate with their own server? Give them each a user and pass for authenticating against the Postfix server doing the proxy and let that act as the outbound relay?