I'm a network edition customer, and have a theoretical question regarding email server setups. I'm looking for some knowledge as to the best way to set things up in this scenario. Hoping someone on the forums can help me or at lease get me headed in the right direction.
I have two servers set up as such (names and IP's changed to protect the innocent).
Both have public IP addresses. No NAT needed or in the mix. I have complete control of the DNS for these servers.
mail2.foo.com and public IP 220.127.116.11 (production email)
mail.foo.com and public 18.104.22.168 (relay server)
mail.foo.com is being used to relay mail for a select set of our customer base to the outside world. We require authorization, and set up a unique user for them to use for relay. In the "outgoing server" setting's in their email clients (outlook, IE, tbird, etc), they enter "mail.foo.com" and also enter the auth settings. All works just fine.
mail2.foo.com is the production server for our organization, and handles all mail (pop, imap, smtp on port 587 with auth). All works just fine.
The problem is this: If a relay customer - who's outgoing server settings are set to mail.foo.com - sends an email to my domain email address - email@example.com for example - the message is bounced back to the sender.
This is because the firstname.lastname@example.org user account does not exist on the relay server, so it is bounced back to the sender. The mail user account exists on mail2.foo.com.
Are there any suggestions out there that would help me solving this dilemma.
One that comes to mind.
I could relay from my production server, but I don't want to take up the user seats for relay customers.
To solve this, I could open relay for the customer's unique IP addresses, thus not needing auth, but we would like to have auth in place due to spamming concerns.
Perhaps I could forward all messages received to the relay server with auth on to the producition server using the Relay MTA for external delivery? Thoughts.
Thank you in advance for any enlightenment.