Tim Litwiller wrote:
>
> SSBN wrote:
> >
> > SME 5.6 Exchange front end.
> >
> > In my quest to getting my sme server to filter spam for my
> > exchange server here is whit I have bin told to do. I haven’t
> > bin able to get it working yet but I think I know where I
> > went wrong. But could Tim Litwiller and Ryan fill in the
> > blanks for me.
> >
> > 1: First set up a SME 5.6 server with all the updates as per
> > the updates how to.
> >
> > 2: Download and move to an i-bay
> > e-smith-mailfront-1.0.0-02rbl.noarch.rpm
> >
> > Log into the shell and navigate to the dir with mailfront.
> > Type in rpm –Uvh e-smith-mailfront-1.0.0-02rbl.noarch.rpm
> > Restart the server (I am not sour if this is exactly how it
> > should be installed. Can you guys confirm?)
> >
> > 3: You can now go to the
> > /service/~smtpfront-qmail/rblsmtpd.conf. and add black lists
> > of your choice. Any blacklisted email will be dropped and
> lost.
> >
>
> Should be ok - I only use spamcops blacklist
>
> > (Just wondering is there anywhere in these steps an
> > signal-event post-update should be run)
> >
> I don't remember
ryan: no restart or reboot necessary, changes are immediate.
>
> > 4: Next go to other email options and set the delegate email
> > server to the ip of your exchange server.
> >
> > Blacklisted email will now be dropped based on the blacklists
> > you pick.
> >
> >
>
> Yes, that should take care of the worst of the spam
ryan: SME domain must be exact domain for internet mail service on exchange.
>
> > Going a bit further.
> >
> > From whit I understand you can take this a step further and
> > use spam assassin with this setup.
> > (Do I need to have install the modified mailfront for this to
> > work?)
> >
> Did you install the spamassassin listed at contribs.org?
ryan: spamassassin will be bored with very little to do if your blacklists are working. KISS: keep it simple stupid is the rule I follow. Try the blacklists, use spamassassin only if you need it.
>
> > 1:Go to at
www.pagefault.org there are instructions for
> > setting up amavis-ng and clamav to scan email for virus
> > follow those instructions - then replace when you have that
> > working
> > copy /usr/bin/qmail-queue.amavis to
> > /usr/bin/qmail-queue.amavis.orig
> > make a new file /usr/bin/qmail-queue.amavis with
> >
>
> amavis replaces the origianl qmail-queue with it's own perl
> script that scans for virus and then passes the mail thru to
> the original qmail-queue - here we add another layer that
> scans for spam and then passes to amavis who them scns for
> virus and passes back to original qmail-queue
>
>
> > #!/bin/sh
> > spamc | /usr/bin/qmail-queue.amavis.orig
>
> also chmod u+x /usr/bin/qmail-queue.amavis to make it
> executable
ryan: never used antivirus on linux...using mcafee on exchange server and all clients.
>
>
> > (I am not sure what this is doing. Could you explain in more
> > detail? I am not real good with Linux commands yet)
> > give it the same permissions and user and group as
> > /usr/bin/qmail-queue.amavis.orig
> >
ryan: you can only practice. practice on a test box. have likely had to start over on a test box dozens of times...crashing/breaking it is a learning experience. Fixing it is an even better learning experience.
> > 2:Now you should be able to use the features of spam
> assassin.
> >
> > Can you guys take a look at this and correct me where I am
> > wrong or way off. Thanks for all your time.
ryan: right now I use 7 blacklists plus 3 non traditional that block subnets from china, korea, and hongkong.
You can verify your blacklists are working by viewing the log in server manager. Look at "smptfront-qmail/current". The lines with 'rblsmtpd' are blocked messages. This will show you emails that got in and those that got blocked. I tend to use a key word 'rblsmtpd' to filter and show just the blocked emails.
Keep in mind if you have a backup mx DNS record, spammers will try your backup server. If it is not spam protected, you will get the spam. Also, don't have your exchange server on the internet as a host address....spammers hit me once through a host record, not an MX record. They are clever and persistent!
If you need to access exchange from the internet for pop or imap, use portforwarding from a firewall. If you use full exchange 5.5 services (global book, shared calendar, etc) over the internet, a firewall will kill these services. Exchange server 2003 has full exchange services available through port 80, but you need to use the Outlook 2003 client for it to work. Exch. 2000 can use full services with portforwarding if you open several ports. I read that the new Exch 2003 server allows the use of blacklists, so SME won't need to guard it...but remember it is microsoft and a risk to be left on the internet in my opinion. My firewalls continue to get dozens of hits per day with code red and the M$ sql attack. Better play it safe and keep up the linux firewalls.
ryan