Question : New Mail Server Config - Linux, Sendmail, SpamAssasin, MailScanner => exchange

Hello - I have an MS Exchange server, and i'm interested in moving from our current spam software to something which is better intergrated and requires little in the way of manual interaction...

I'd like to have a mail server where all the mail comes and if the address is not valid within exchange, i'd like to turn it away with a message to the sender saying unknown if you have any problems please contact (and our phone number). I'd then like to have it so that spam, and virus infected emails are also declined and an email sent to the sender saying sorry... I'd like outgoing mail to go through a virus scan... and if the message is found to be carrying a virus, i'd like it bounced back to the sender with a message saying to call the technical support team.

What is the best way to go about setting this all up in terms of OS etc... we have a Cpanel / WHM 10 licence running on a red hat 9 server we do not use (if that is any help) - i'd like to get it all up and running by september.

Many thanks

UKKrew.

Answer : New Mail Server Config - Linux, Sendmail, SpamAssasin, MailScanner => exchange

Hmmm....

Yes, you can do this on the RH server. The tools would be sendmail and MIMEDefang, or at least those are the tools I know will do this. I'm sure others will work, but I'll concentrate on what I know.

Personally, I wouldn't use RH, I'd use SUSE (SLES), or perhaps for you in the UK, Mandrake, but in any event, set up the base Linux server. Include the GCC compiler and headers needed for development. Patch the RH up to the latest patches. Omit whatever the included MTA (sendmail, postfix, Qmail, whatever) might be, you're going to build your own (if you want, ignore me on that and go with RPMs - I build my own because it makes it much easier to control the config). Do include Berkely DB v4.5x (or later) and a modern Perl (v5.6 or later), or build them yourself from source.

Get sendmail (http://www.sendmail.org), follow the docs, build it. In Linux (I know this is true of SUSE, not sure of RH) you need to make sure you include the Linux pthreads (lpthreads) support in the site.config.m4 file before you build. I would also disable IPv6 and IP Source Routing support in the same file (assuming you don't use IPv6 on your network). MILTER support, which you need for MIMEDefang, is enabled by default in modern (v8.13.x) versions of sendmail. Install it.

In the sendmailmc, be sure to include the "mailertable", "access map" and "aliases" features. If you want to rewrite the "From" addresses of outbound E-Mail, then add "genericstable" support. Also be sure to enable "blacklist recipient". "mailertable" allows you to selectively route mail to hosts based on destination Domain name. See --> http://www.experts-exchange.com/Networking/Email_Groupware/Sendmail/Q_21322113.html for more ideas on how to configure sendmail.

Once sendmail is up and running and working the way you want, get MIMEDefang (http://www.mimedefang.org) and build and install it. Add the "INPUT_MAIL_FILTER" line to the sendmail.mc, as described in the MIMEDefang docs, bring up MIMEDefang, and then restart sendmail. In your MIMEDefang filter file (mimedefang-filter) add the "filter_recipient" function and call the "md_check_against_smtp_server" function to have MIMEDefang query your M$ box for the validity of the recipient address. Reject/accept as appropriate (note that you must run MIMEDefang with the "-r" parameter to gain this functionality). You can do a LOT more than this, including automating stripping "dangerous to Windoze" attachments (e.g. .EXE, .SCR, .PIF and the rest of the litany of Windoze malware), before the E-Mail even gets near that vulnerable M$ box.

Beyond whatever you might pay for whichever Linux distro you use, this is all freeware. Your only other cost is the hardware, and Linux uses a fraction of the hardware that the average M$ product sucks down. You could switch to just about any other E-Mail system and cut your E-Mail system costs in half. Add an AV scanner, like ClamAV (http://www.clamav.net) and you can also be scanning E-Mail before it reaches the M$ box.

And yes, having it running before September is easily doable.

Random Solutions

VLAN Setup with 2 Subnets and 1 DHCP Server

Can't install software after connecting to domain

View formula: Attachment names, only possible per document or possible per field?

graph32.ocx will not register on Vista 64-bit machine

Cannot install Linksys wireless-G notebook adapter on Windows 2000

Xbox 360 with TVersity

Windows 2003 PPTP VPN keeps disconnecting

setting up a LAMP web server

Dameware wireless trouble