Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Possible? (Exchange smart host/relay with spam filter)

Discussion in 'E-mail Discussion' started by sdixon2006, Jul 26, 2009.

  1. sdixon2006

    sdixon2006 Registered

    Joined:
    Jul 26, 2009
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    51
    Greetings,

    Please forgive me if this has been asked already, but I did look around first and couldn't find what I was looking for.

    Current:
    -cPanel server (current build as of today, CentOS)
    -default exim configuration
    -several dozen domains being hosted locally

    Goal(s):
    1-want to configure cPanel/Exim to relay outgoing mail for specific clients running internal Exchange 2003 and/or 2007 servers

    2-accept incomming mail for same set of clients (in addition to my existing domains) and provide sanitation (via spamassassin, rbl's, etc) and forward the result to the client exchange servers for final delivery

    3-(optional) if possible, add some form of basic authentication between the client exchange server and my cPanel server (to prevent domain or account spoofing), at least for outgoing messages. Just checking if the users account exists would be sufficient.

    4-these clients may or may not have their web site hosted on my server (I don't want it be a requirement)

    I will have full access to both the exchange servers and (most) DNS zone records so making those changes won't be too hard.

    Has anyone attempted this and is there any documentation for doing this?

    Basically I'm trying to resolve some common client problems in one shot:
    -mail santiation service (filter out spam) for exchange users
    -limited mail relay service (solve problems with reverse lookups on dynamic IP's or poorly constructed networks, missing PTR records, etc), where the ISP's relay servers don't work well
    -limited mail redundancy (buffer mail delivery for server maintenance)
     
    #1 sdixon2006, Jul 26, 2009
  2. amaltemara

    amaltemara Member

    Joined:
    Dec 7, 2007
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    51
    I am looking for the same config

    I would like the same type of setup.

    Does anyone have an idea how to set this up?
     
    #2 amaltemara, Aug 1, 2009
  3. nickp666

    nickp666 Well-Known Member

    Joined:
    Jan 28, 2005
    Messages:
    769
    Likes Received:
    2
    Trophy Points:
    168
    Location:
    /dev/null
    I set up a similar configuration for my employer

    You need:

    • MailScanner (Configserver do this cheaply and well)
    • Exim configuration changes - nickpack.com - Using Exim as a smarthost
    • Either a mail account for each exchange server or global allow their IP (For outbound relay)
    • Some extra exim ACL's for verifying the existance of the exchange users (to prevent backscatter)

    You basically configure mailscanner to scan inbound and outbound mail, set up the staticroute driver for exim, then add your relay to hosts for each domain to the config file for the staticroute driver.

    Add your own acl's to exim to verify the exchange recipients and reject messages at SMTP time if the recipient doesnt exist, but with defer=ok in the acl conditions to allow for the exchange servers being down (this means that all mail for the domain in question will queue if the exchange server is down - this leads to a tiny bit of backscatter in some instances, but I havent found a more reliable way of doing it yet). - there is an example of remote recipient verification in the exim faq somewhere - dont have it to hand
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 nickp666, Aug 26, 2009
    Last edited: Aug 26, 2009
  4. Serra

    Serra Well-Known Member

    Joined:
    Oct 27, 2005
    Messages:
    258
    Likes Received:
    17
    Trophy Points:
    168
    Location:
    Florida
    I do this same thing for several clients, but a bit differently than it seems others do it.

    What I want is for cpanel to be a spam scanner for a domain, but for the client to be fully Exchange, with no settings on the cpanel server.

    Here is how to do it. It doesn't matter if the domain is hosting web on the cpanel server or not, basically it works either way.


    Setup a static route for the domain


    For accounts that have remote DNS:
    /etc/staticroutes
    domain.com: mailad.domain.com

    For accounts that are using a static IP:
    /etc/staticroutes
    domain.com: 00.00.00.00

    Add the domain to /etc/secondarymx

    Reinit mailscanner to add spam scanning (or wait over night)
    /usr/mscpanel/mscpanel.pl -i


    It is best to add the Exchange server to the whitelists in the Exim configuration so that no mail is blocked.

    If you are having problems with mail being spam scanned when it is totally internal, then add a whitelist entry to your spam rules like this:


    whitelist_from_rcvd *@domain.com 00-00-00-00.where.fdn.com

    where "00-00-00-00.where.fdn.com" is the fdn that shows up in mailscanner when the mail is sent.

    Once everything is setup, just point the mail to the cPanel server and it will forward it to Exchange.

    You can setup OWA by using a subdomain, such as exchange.domain.com and forward it that to the https://00.00.00.00/exchange address you would access OWA by.
     
    #4 Serra, Aug 31, 2009
    Last edited: Aug 31, 2009
  5. hostmedic

    hostmedic Well-Known Member

    Joined:
    Apr 30, 2003
    Messages:
    544
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Washington Court House, Ohio, United States
    cPanel Access Level:
    DataCenter Provider
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #5 hostmedic, Sep 2, 2009
(You must log in or sign up to post here.)
Loading...
Similar Threads - Possible (Exchange smart
  1. Kent Brockman

    How can I rename package names in the safest possible way?

    Kent Brockman, Jul 24, 2018, in forum: General Discussion
    Replies:
    1
    Views:
    73
    cPanelLauren
    Jul 25, 2018
  2. sebosiris

    SOLVED PHP FPM - impossible to validate new configuration

    sebosiris, Jun 5, 2018, in forum: EasyApache
    Replies:
    6
    Views:
    160
    cPanelMichael
    Jun 8, 2018
  3. David_spm

    Possible to install CSF via WHM GUI?

    David_spm, May 29, 2018, in forum: Security
    Replies:
    2
    Views:
    123
    David_spm
    May 30, 2018
  4. Rogeriogr1

    Is it possible to install cPanel 68?

    Rogeriogr1, May 16, 2018, in forum: General Discussion
    Replies:
    3
    Views:
    102
    cPanelLauren
    May 17, 2018
  5. enivid enivid

    Possible to use SSL email?

    enivid enivid, May 7, 2018, in forum: E-mail Discussion
    Replies:
    1
    Views:
    86
    cPanelMichael
    May 7, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice