Internet -> Mailscanner -> Exchange 2000

[Samuel Luxford-Watts]

I have just setup something similar here - tho at the moment postfix/MS is
acting as a pure mail filter. I have not yet setup user export from our
exchange (5.5sp3) to the postfix/MS and setup postfix to only accept emails
to valid users - not too sure how to do that, so I guess I have a lot more
reading up to do!

Anyway - basically this kind of setup seems to work very well, and isnt a
lot harder to setup than some commercial mail sweepers :-) So give it a
whirl!

Sam

-----Original Message-----
From: Peter Peters [mailto:P.G.M.Peters at UTWENTE.NL]
Sent: 08 August 2003 09:03
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: Internet -> Mailscanner -> Exchange 2000


On Thu, 7 Aug 2003 22:39:35 -0400, you wrote:

>        I searched through the archives, but didn't find anythig
>relevant.  I am looking forward to use Mailscanner in front of my
>Exchange 2000 server (by the way, it could be any SMTP server).  I read
>the docs, but in all cases, it talks about mailscanner being installed
>on the machine where the actual mailboxes are.  What I want to do is
>filter out spam and viruses (although I have symantec AV for exchange)
>with mailscanner, in the DMZ, and then send the filtered messages to my
>Exchange 2000 server.  Right now, my Exchange 2000 server receives mail
>directly from the internet and I don't really like that.  I would, at
>least, want to have a mail relay in my DMZ (so that I wouldn't care too
>much if it's compromised, since there is a firewall between it and my
>LAN), that sends the messages to my internal Exchange server.  Of
>course, since MailScanner can filter spam and viruses, I would like to
>implement that as well.

We are running this kind of configuration. But what we also do is have all
excisting e-mail addresses in the virtusertable of our sendmail frontend. So
nobody can shoot in 1 million addresses leaving you with the bounces of
allmost the same number.

We use a dummy-domain to handle renaming of the exchange server. So the
entries in virtusertable are like:

@utwente.nl: error:nouser No such user
postmaster at utwente.nl: admin at exchange-dummy.utwente.nl
abuse at utwente.nl: admin at exchange-dummy.utwente.nl
p.g.m.peters at utwente.nl: my-mailbox at some-other.system.utwente.nl

And in mailertable we define the forwarding of exchange-dummy.utwente.nl
domain to the exchange server. This way you can also define e-mail addresses
that should get forwarded to other mailboxes. And you can keep internal
lists from getting spam when some spammer uses a dictionary attack.

--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit
Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ

--------------
Winckworth Sherwood Solicitors and Parliamentary Agents
DX 148400 WESTMINSTER 5 : 35 Great Peter Street, London SW1P 3LR
Telephone 020 7593 5000 Fax 020 7593 5099

Do something amazing!
The firm is supporting a charitable bike ride through Vietnam and needs your help. For further information please visit www.vietnambikeride.org <http://www.vietnambikeride.org>

-Confidentiality-
This email message and any attachments are confidential; they may be subject to legal professional privilege and are intended for the named recipient only. If you are not the named recipient, please return the message and enclosures immediately and delete them from your system.

-Caution-
Before advice received only by email (whether by attachment or otherwise) may be relied on, the authenticity of the communication must be verified by means independent of email.

-Regulation-
The firm is regulated by the Law Society.

-Partners-
A list of partners is available for inspection at each office of the firm and on the firm's website at www.winckworths.co.uk <http://www.winckworths.co.uk>