# MTA on an external vserver, users in an internal samba AD



## zirias@ (Jun 8, 2019)

Hi all,

I'm looking for ideas how to solve the following:

In my private network at home (connected via dial-up DSL, which should be always up, but I don't consider this 100% reliable), I'm running a samba ADDC managing all my user accounts, which runs in my trusted internal network segment. All non-Windows clients use winbind for authentication (pam and nss).

For email, I'm running an MTA on a virtual server outside my network. This is a Debian installation, because the hoster only works with Linux  -- anyways, right now, it has an old OpenLDAP with my users that was replicated from my internal directory (through an OpenVPN tunnel), but this doesn't work any more since I'm using a samba version with integrated directory.

What I want is the MTA to know all my users, so it can verify recipients even when it can't connect to my internal network. On the other hand, I want this external host to have as little access to my internal network as possible, and I want it to have just the information it needs, for security reasons. A VPN connection directly wiring the external machine into my trusted network would circumvent my firewall...

The current setup uses dovecot for local delivery and to manage sieve filters, so any user receiving mail also needs a home directory on the external machine, and I also need a way to authenticate for IMAP and SMTP.

Any suggestions what I could try?


----------

