Topic: SME 5.6 filter mail for exchange.

[SSBN]

Is this at all possible. I would like to set an sme box up before my exchange server. I would like to have the SME box receive the email pass it through spam filters and then forward it to the proper users in exchange. Can this be accomplished and if so have any of you tried it. If so can you give me sum info how you did it.

[Klaus Eckert]

there is already a thread about this topic.

have a look at the tread "group email address" in this part of the forum.

cheers klaus

[Gary]

Why dont you just buy Mail Essentials for Exchange and keep it all on the same box?

[Schotty]

Most probably because he like many other companys are looking for ways to get rid of exchange? I know 2 companys who are getting rid of it...

[ryan]

ssbn,

I have been filtering exchange mail with SME for 7 months now.  Simply change your mx record to point to your SME server (which must be the same domain as exchange) and set your delgate email server IP address in server manager.

Looking at the logs, I get over 1000 blocked spams per day.  About a dozen or so get though every day, so the filter rate is very good.  If you have a backup mx server, you will have to set up an sme to protect it as well, as many spammers simply send email to the backup mx server knowing it is less likely to be protected.  

My exchange had just a host record (not mx) on the internet for pop3 clients to access and the damn spammers found it and started sending spam to the host record IP instead of the mx record for my domain.  They really want you to get your daily spam!  No more internet IP address for my exchange....pop3 is now portforwarded from SME.  

ryan

[Tim Litwiller]

Ryan, Tell us more about your setup.   How do you have spamassassin or what ever you use setup to scan before it delivers thru the the internal server?

[ryan]

I installed e-smith-mailfront-1.0.0-02rbl.noarch.rpm.  Search for it and you should be able to download it.  

This installs a modified version of mailfront that allows you to list the rbl blacklists you want to use in /service/~smtpfront-qmail/rblsmtpd.conf.  I would read up on the use of rblsmtpd for the correct syntax.  This is an easy task compaired to doing this on a 5.1.2 server.

If you can't find the rpm, let me know and I will post my ftp site.

ryan

[Tim Litwiller]

ok,  that is one of the first things I install on a new sme setup.  But most places still need spamassassin to catch all/97%+ the spam and I have been looking for a way to process it globally without having a .procmail file for each user so this customer can continue to use thier exchange server they like so well.

[SSBN]

So Ryan all I have t do is install sme5.6 all updates, spamassison and e-smith-mailfront-1.0.0-02rbl.noarch.rpm. Then set my firewall to forward incoming email ports to my sme then set the sme to delegate email to the ip of my exchange. I then set spamassison to add spam to the header of all spam. I have don all this except add the mailfrot rpm and it isn’t picking up any spam. Do I just have to add the mailfront rpm to get this working or is there more I have to do.

[Tim Litwiller]

no, that won't do it.

at www.pagefault.org there are instructions for setting up amavis-ng and clamav to scan email for virus  follow those instructions - then replace when you have that working.

copy /usr/bin/qmail-queue.amavis to /usr/bin/qmail-queue.amavis.orig
make a new file /usr/bin/qmail-queue.amavis with

#!/bin/sh
spamc | /usr/bin/qmail-queue.amavis.orig

give it the same permissions and user and group as /usr/bin/qmail-queue.amavis.orig

then it runs thru spamassassin and the virus scanner before forwarding on to the next server.

the downside of this is now we have no logging of what spamassassin did to make our statistics page from.

[ryan]

ssbn,

Mailfront with rbl support requires that you edit the \service\smtpfront-qmail.  This is where you add blacklists.  Do a search on google for the mailfront site which gives examples of how to use this file.  

Understand you can't mix mailfront /rbl and any program that "processes" email for spam on the server.  All emails that get blocked by the rblsmtpd deamon will not get passed to qmail.  Besides, if you are forwarding email to a delegate server, this might impact how qmail processes email (which may affect spamassason)   All email that gets through the rblsmtpd deamon will be forwarded.  No user accounts need to exist on the SME server.

Hope that helps.

ryan

[SSBN]

Tim Litwill will you setup let me use spamassassin option of adding spam to the header of the email so the clients using outlook can set up a rule to move email with spam in the header to a junk folder.

Ryan are you elaborating on Tim's setup or is that a different way of doing it.

Thanks for all the help you guys.

[Tim Litwiller]

SSBN:    Like Ryan says - the rblsmtp blocks email from getting into your server so you can't process those messages - think of it as a very high score in spamassassin - that gets dropped rather than processed.

Thoe messages that get passed the rblsmtp could still be processed by spamassassin - the only two things different in the way I mentioned other than the procmail local delivery is:
1 spamassassin doesn't know who the recipient is
2 no logging of the processes happens.


Your question of the header,  you still use the same spamassassin configuration files in /etc/mail/spamassassin/ so the same setting still apply.

[SSBN]

Ok I am starting to understand. Thanks Tim and ryan for taking the time to explain it to me. I am still new all things considered to modifying Linux. I will give all this try and se how it works.

My only concern is will I be able to have any type of white list. From what you tell me no I can’t because the black list drops the email before it hit’s spam assassin. So if I wanted to allow email from hotmail I would be out of luck if I do it this way correct.

Second from what I understand email that is dropped because it is on a black list is gone. So there is no way to have it sent to a junk email folder or anything like that.

Thanks for taking the time to answer my questions.

[ryan]

ssbn,

I right now I am using 9 blacklists (2 of those just block all email from china & korea).  The other 7 don't block anything from hotmail or yahoo.  You must add the blacklists of your choice to the /service/smptfront-qmail file.  You can go with extremely aggressive lists, or not so aggressive.  You must do your research to pick the right blacklists for your situation.  I have had to remove an extreme list due to earthlink servers getting listed.  

A note.....I was using spews.orsirusoft.com blacklist...it is very effective, but recently osirusoft was Dos attacked...very bad attack.  It took the osirusoft domain completely offline.  They are getting healed, but you might do some dns / nslookup testing to verify the response times.  When they where under attack, my mail servers "paused" a long time trying to check each message against osiruosft.  This pause caused many email servers sending email to give up and time out on the delivery.  I guess osirusoft was effective if someone wanted to hurt them bad.    Techically this could happen to other blacklist domains.

good luck

ryan