The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Possible? (Exchange smart host/relay with spam filter)

Discussion in 'E-mail Discussions' started by sdixon2006, Jul 26, 2009.

  1. sdixon2006

    sdixon2006 Registered

    Joined:
    Jul 26, 2009
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    51
    Greetings,

    Please forgive me if this has been asked already, but I did look around first and couldn't find what I was looking for.

    Current:
    -cPanel server (current build as of today, CentOS)
    -default exim configuration
    -several dozen domains being hosted locally

    Goal(s):
    1-want to configure cPanel/Exim to relay outgoing mail for specific clients running internal Exchange 2003 and/or 2007 servers

    2-accept incomming mail for same set of clients (in addition to my existing domains) and provide sanitation (via spamassassin, rbl's, etc) and forward the result to the client exchange servers for final delivery

    3-(optional) if possible, add some form of basic authentication between the client exchange server and my cPanel server (to prevent domain or account spoofing), at least for outgoing messages. Just checking if the users account exists would be sufficient.

    4-these clients may or may not have their web site hosted on my server (I don't want it be a requirement)

    I will have full access to both the exchange servers and (most) DNS zone records so making those changes won't be too hard.

    Has anyone attempted this and is there any documentation for doing this?

    Basically I'm trying to resolve some common client problems in one shot:
    -mail santiation service (filter out spam) for exchange users
    -limited mail relay service (solve problems with reverse lookups on dynamic IP's or poorly constructed networks, missing PTR records, etc), where the ISP's relay servers don't work well
    -limited mail redundancy (buffer mail delivery for server maintenance)
     
    #1 sdixon2006, Jul 26, 2009
  2. amaltemara

    amaltemara Member

    Joined:
    Dec 7, 2007
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    51
    I am looking for the same config

    I would like the same type of setup.

    Does anyone have an idea how to set this up?
     
    #2 amaltemara, Aug 1, 2009
  3. nickp666

    nickp666 Well-Known Member

    Joined:
    Jan 28, 2005
    Messages:
    770
    Likes Received:
    2
    Trophy Points:
    168
    Location:
    /dev/null
    I set up a similar configuration for my employer

    You need:

    • MailScanner (Configserver do this cheaply and well)
    • Exim configuration changes - nickpack.com - Using Exim as a smarthost
    • Either a mail account for each exchange server or global allow their IP (For outbound relay)
    • Some extra exim ACL's for verifying the existance of the exchange users (to prevent backscatter)

    You basically configure mailscanner to scan inbound and outbound mail, set up the staticroute driver for exim, then add your relay to hosts for each domain to the config file for the staticroute driver.

    Add your own acl's to exim to verify the exchange recipients and reject messages at SMTP time if the recipient doesnt exist, but with defer=ok in the acl conditions to allow for the exchange servers being down (this means that all mail for the domain in question will queue if the exchange server is down - this leads to a tiny bit of backscatter in some instances, but I havent found a more reliable way of doing it yet). - there is an example of remote recipient verification in the exim faq somewhere - dont have it to hand
     
    #3 nickp666, Aug 26, 2009
    Last edited: Aug 26, 2009
  4. Serra

    Serra Well-Known Member

    Joined:
    Oct 27, 2005
    Messages:
    235
    Likes Received:
    9
    Trophy Points:
    168
    Location:
    Florida
    I do this same thing for several clients, but a bit differently than it seems others do it.

    What I want is for cpanel to be a spam scanner for a domain, but for the client to be fully Exchange, with no settings on the cpanel server.

    Here is how to do it. It doesn't matter if the domain is hosting web on the cpanel server or not, basically it works either way.


    Setup a static route for the domain


    For accounts that have remote DNS:
    /etc/staticroutes
    domain.com: mailad.domain.com

    For accounts that are using a static IP:
    /etc/staticroutes
    domain.com: 00.00.00.00

    Add the domain to /etc/secondarymx

    Reinit mailscanner to add spam scanning (or wait over night)
    /usr/mscpanel/mscpanel.pl -i


    It is best to add the Exchange server to the whitelists in the Exim configuration so that no mail is blocked.

    If you are having problems with mail being spam scanned when it is totally internal, then add a whitelist entry to your spam rules like this:


    whitelist_from_rcvd *@domain.com 00-00-00-00.where.fdn.com

    where "00-00-00-00.where.fdn.com" is the fdn that shows up in mailscanner when the mail is sent.

    Once everything is setup, just point the mail to the cPanel server and it will forward it to Exchange.

    You can setup OWA by using a subdomain, such as exchange.domain.com and forward it that to the https://00.00.00.00/exchange address you would access OWA by.
     
    #4 Serra, Aug 31, 2009
    Last edited: Aug 31, 2009
  5. hostmedic

    hostmedic Well-Known Member

    Joined:
    Apr 30, 2003
    Messages:
    544
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Washington Court House, Ohio, United States
    cPanel Access Level:
    DataCenter Provider
    #5 hostmedic, Sep 2, 2009
(You must log in or sign up to post here.)
Loading...
Similar Threads - Possible (Exchange smart
  1. VMunich

    Is it possible to whitelist command/programs to be used by shell_exec?

    VMunich, Jul 3, 2017, in forum: Security
    Replies:
    4
    Views:
    114
    quizknows
    Jul 4, 2017
  2. Dave__W

    Global Wildcard Email Filter Possible?

    Dave__W, Jun 29, 2017, in forum: E-mail Discussions
    Replies:
    4
    Views:
    146
    Dave__W
    Jun 29, 2017
  3. Killy123

    Is it possible to add redirect to domain with cPanel API?

    Killy123, Jun 15, 2017, in forum: cPanel Developers
    Replies:
    4
    Views:
    194
    cPanelMichael
    Jul 20, 2017
  4. Luca Sartori

    Use WHM as nameserver, risk and possible issue

    Luca Sartori, May 31, 2017, in forum: Bind / DNS / Nameserver Issues
    Replies:
    5
    Views:
    212
    cPanelMichael
    Jun 5, 2017
  5. Soeren E

    Possible to disable the mails boxtrapper sends?

    Soeren E, May 29, 2017, in forum: E-mail Discussions
    Replies:
    2
    Views:
    143
    cPanelMichael
    May 30, 2017

Share This Page