CentOS - Apr 2009 - company exchange server & exim best practices.

Hi all,

I hope this isn't too OT, but since I use a CentOS5.2 + Exim mail
server (which is hosted in one of our data centres) I don't think it
should be.

On of our clients use an MS Exchange 2003 SBS server, with exchange
for their internal email. We provide them with a domain, ADSL (which
uses dynamic DNS) and POP3 email. They don't have an spam filter
program on the exchange server itself due to costs, so I have setup
each user on the Exim server, which runs ASSPX for anti-virus / spam
filter / etc. Then I setup the SBS 2003 server to pull the email via
POP3, but this doesn't seem to work too well, cause the exchange
server doesn't always download the POP3 email, and then the users
often sit without email until I go there to manually download the mail
again.

I have tried changing the MX record to point to their DynDNS address,
and it works well, but then they get a lot of spam. And the cost of a
server-side spam solution is just too expensive, and they also pay for
the bandwidth uses when spam comes in. So, I moved their MX record
back to the Linux server. But now I sit with the problem of the POP3
connector failing from time to time.

So, I would like to know, is there a way to "push" (not forward) mail
from the Linux server, after it has arrived and spam been blocked, to
another domain, but with the same email address? i.e. the domain in
question is attorneys.co.za and I've setup attorneys.dyndns.net as the
dynamic domain, but the exchange serves email for attorneys.co.za
Forwarding email doesn't work, since there's no such user as
bob at attorneys.dyndns.net, but rather bob at attorneys.co.za.

-- 

Kind Regards
Rudi Ahlers

Hi,

my solution to this kind of problem is the following :
Set up a relay mailserver (in my case Postfix) which accepts mail (and
has the MX record for the domain) for the domain but has no mailboxes.
Postfix takes care of spamblocking (dnsbl and spamfilter ). In Postfix I
use a transport table to relay the mail to the Exchange/Whatever
mailserver, that can also be on a nonstandard port (in my case port
2525).
Delivering to a dyndns host is really easy, Dyndns uses a short ttl for
the hostname (something like 3 minutes ?). I set up a nameserver record
which let a 'fixed' name (like mail.domain.nl) point to the dyndns name
using CNAME.
mail.domain.nl. IN CNAME mailhost.dyndns.org

Sending the mail to the dyndns hostname directly without the nameserver
trick is also possible. 

Using a non-standard port is to bypass SMTP limits from the provider and
to make (almost) sure your mail doesn't get delivered to a mailserver of
someone else ;)

	Regards,

	Michel


On Fri, 2009-04-03 at 09:40 +0200, Rudi Ahlers wrote:
> Hi all,
> 
> I hope this isn't too OT, but since I use a CentOS5.2 + Exim mail
> server (which is hosted in one of our data centres) I don't think it
> should be.
> 
> On of our clients use an MS Exchange 2003 SBS server, with exchange
> for their internal email. We provide them with a domain, ADSL (which
> uses dynamic DNS) and POP3 email. They don't have an spam filter
> program on the exchange server itself due to costs, so I have setup
> each user on the Exim server, which runs ASSPX for anti-virus / spam
> filter / etc. Then I setup the SBS 2003 server to pull the email via
> POP3, but this doesn't seem to work too well, cause the exchange
> server doesn't always download the POP3 email, and then the users
> often sit without email until I go there to manually download the mail
> again.
> 
> I have tried changing the MX record to point to their DynDNS address,
> and it works well, but then they get a lot of spam. And the cost of a
> server-side spam solution is just too expensive, and they also pay for
> the bandwidth uses when spam comes in. So, I moved their MX record
> back to the Linux server. But now I sit with the problem of the POP3
> connector failing from time to time.
> 
> So, I would like to know, is there a way to "push" (not forward)
mail
> from the Linux server, after it has arrived and spam been blocked, to
> another domain, but with the same email address? i.e. the domain in
> question is attorneys.co.za and I've setup attorneys.dyndns.net as the
> dynamic domain, but the exchange serves email for attorneys.co.za
> Forwarding email doesn't work, since there's no such user as
> bob at attorneys.dyndns.net, but rather bob at attorneys.co.za.
>

on 4-3-2009 12:40 AM Rudi Ahlers spake the following:
> Hi all,
> 
> I hope this isn't too OT, but since I use a CentOS5.2 + Exim mail
> server (which is hosted in one of our data centres) I don't think it
> should be.
> 
> On of our clients use an MS Exchange 2003 SBS server, with exchange
> for their internal email. We provide them with a domain, ADSL (which
> uses dynamic DNS) and POP3 email. They don't have an spam filter
> program on the exchange server itself due to costs, so I have setup
> each user on the Exim server, which runs ASSPX for anti-virus / spam
> filter / etc. Then I setup the SBS 2003 server to pull the email via
> POP3, but this doesn't seem to work too well, cause the exchange
> server doesn't always download the POP3 email, and then the users
> often sit without email until I go there to manually download the mail
> again.
> 
> I have tried changing the MX record to point to their DynDNS address,
> and it works well, but then they get a lot of spam. And the cost of a
> server-side spam solution is just too expensive, and they also pay for
> the bandwidth uses when spam comes in. So, I moved their MX record
> back to the Linux server. But now I sit with the problem of the POP3
> connector failing from time to time.
> 
> So, I would like to know, is there a way to "push" (not forward)
mail
> from the Linux server, after it has arrived and spam been blocked, to
> another domain, but with the same email address? i.e. the domain in
> question is attorneys.co.za and I've setup attorneys.dyndns.net as the
> dynamic domain, but the exchange serves email for attorneys.co.za
> Forwarding email doesn't work, since there's no such user as
> bob at attorneys.dyndns.net, but rather bob-cXiXO26w8qUnikiFv2/1gg at
public.gmane.org
> 
I use MailScanner. It can be set up on your gateway, integrates with exim very
well, and can virus scan as well as spam scan.

www.mailscanner.info
and for howtos

http://wiki.mailscanner.info/doku.php?id=&idx=documentation:configuration:mta:exim


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.centos.org/pipermail/centos/attachments/20090403/335e17d0/attachment-0002.sig>