As long as these remote users need to be in the same domain name for email as the main office, I don't think Apple's own mail server is going to be able to do what you want. This is the sort of thing MS Exchange historically is better at. I am not however suggesting you go that route.
You could however look at Kerio Connect. This can run on various server operating systems including Mac OS X, and can also link to Open Directory for authenticating users (or use its own standalone system). In your case the main benefit of Kerio is that is does have a feature added last year called a 'dsitributed domain'. This allows you to have servers at multiple sites all running the same email domain name. I would also say that Kerio has far better support for iOS devices than Apple's own server (ironic as that sounds) as Kerio uses the same ActiveSync technology as used by MS Exchange.
Have considered Kerio Connect, but believe we should be able to achieve the same with postfix - certainly the author of postfix says so:
Sure. The idea is to use location-independent email addresses (email@example.com) for the
The mail domain is distributed across multiple physical servers,
some of which may also be primary MX for the distributed domain.
Each mail server forwards mail to the "right" physical server
using a shared alias database.
myorigin = $mydomain
mydestination = $myhostname $mydomain localhost.$mydomain localhost
virtual_alias_maps = some replicated database (i.e. OpenDirectory in our case)
In the replicated database:
#lookup value lookup result
The replicated database has one record for all recipients including
root, postmaster, and so on. Replication can be done with rsync,
LDAP, *SQL, and so on.
To receive some email addresses on the server itself, see:
In addition, each mail server needs to have a local database table
for its own users. Those users can be the UNIX system password file,
a Postfix virtual alias domain, or a Postfix virtual mailbox domain.
I believe I can use Inspector to create virtual_alias_maps entries for every user to specify its local address.
What I'm wondering about is the local users on each server - how exactly does postfix and LDAP integrate?
I've asked a similar question here (but it was relating to a different question): https://discussions.apple.com/message/16160751#16160751
I believe the relevant line in /etc/postfix/main.cf / postconf -n is:
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
I'm not sure what the proxy:unix:password.byname part means, but $alias_maps is defined below:
alias_maps = hash:/etc/aliases,hash:/var/mailman/data/aliases
/etc/aliases has all the postmaster, abuse, etc. entries - none of the actual users' accounts.
/var/mailman/data/aliases has all the entries for the mailing lists - none of the actual users' accounts.
This leaves me with either:
local_recipient_maps not being the correct setting
The part I don't understand: proxy:unix:passwd.byname being the list of actual mail users
How exactly does this work, because I'd have to modify this so that only some users are considered local users whilst other users' traffic is forwarded to other servers?
The underlying email server software on Mac OS X is standard widely used and respected open-source software like as you mention postfix, and also dovecot, amavis, spamassassin, etc.
The problem is that Apple only give basic access to their capabilities and for anything more you have to dig in to the configuration files and do it all by hand. Even email groups is poorly handled by Apple.
I find Kerio Connect far less painful to deal with. I would in your case consider having a central Open Directory master, and each office to have an Open Directory replica. Each account would then work at each office (for Open Directory), and Kerio would authenticate users via Open Directory.
There is a free evaluation version of Kerio Connect.
PS. As I mentioned, Kerio will definitely make life easier for iOS devices, you even get remote wipe.