Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Possible? (Exchange smart host/relay with spam filter)

Discussion in 'E-mail Discussions' started by sdixon2006, Jul 26, 2009.

  1. sdixon2006

    sdixon2006 Registered

    Joined:
    Jul 26, 2009
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    51
    Greetings,

    Please forgive me if this has been asked already, but I did look around first and couldn't find what I was looking for.

    Current:
    -cPanel server (current build as of today, CentOS)
    -default exim configuration
    -several dozen domains being hosted locally

    Goal(s):
    1-want to configure cPanel/Exim to relay outgoing mail for specific clients running internal Exchange 2003 and/or 2007 servers

    2-accept incomming mail for same set of clients (in addition to my existing domains) and provide sanitation (via spamassassin, rbl's, etc) and forward the result to the client exchange servers for final delivery

    3-(optional) if possible, add some form of basic authentication between the client exchange server and my cPanel server (to prevent domain or account spoofing), at least for outgoing messages. Just checking if the users account exists would be sufficient.

    4-these clients may or may not have their web site hosted on my server (I don't want it be a requirement)

    I will have full access to both the exchange servers and (most) DNS zone records so making those changes won't be too hard.

    Has anyone attempted this and is there any documentation for doing this?

    Basically I'm trying to resolve some common client problems in one shot:
    -mail santiation service (filter out spam) for exchange users
    -limited mail relay service (solve problems with reverse lookups on dynamic IP's or poorly constructed networks, missing PTR records, etc), where the ISP's relay servers don't work well
    -limited mail redundancy (buffer mail delivery for server maintenance)
     
    #1 sdixon2006, Jul 26, 2009
  2. amaltemara

    amaltemara Member

    Joined:
    Dec 7, 2007
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    51
    I am looking for the same config

    I would like the same type of setup.

    Does anyone have an idea how to set this up?
     
    #2 amaltemara, Aug 1, 2009
  3. nickp666

    nickp666 Well-Known Member

    Joined:
    Jan 28, 2005
    Messages:
    770
    Likes Received:
    2
    Trophy Points:
    168
    Location:
    /dev/null
    I set up a similar configuration for my employer

    You need:

    • MailScanner (Configserver do this cheaply and well)
    • Exim configuration changes - nickpack.com - Using Exim as a smarthost
    • Either a mail account for each exchange server or global allow their IP (For outbound relay)
    • Some extra exim ACL's for verifying the existance of the exchange users (to prevent backscatter)

    You basically configure mailscanner to scan inbound and outbound mail, set up the staticroute driver for exim, then add your relay to hosts for each domain to the config file for the staticroute driver.

    Add your own acl's to exim to verify the exchange recipients and reject messages at SMTP time if the recipient doesnt exist, but with defer=ok in the acl conditions to allow for the exchange servers being down (this means that all mail for the domain in question will queue if the exchange server is down - this leads to a tiny bit of backscatter in some instances, but I havent found a more reliable way of doing it yet). - there is an example of remote recipient verification in the exim faq somewhere - dont have it to hand
     
    #3 nickp666, Aug 26, 2009
    Last edited: Aug 26, 2009
  4. Serra

    Serra Well-Known Member

    Joined:
    Oct 27, 2005
    Messages:
    241
    Likes Received:
    12
    Trophy Points:
    168
    Location:
    Florida
    I do this same thing for several clients, but a bit differently than it seems others do it.

    What I want is for cpanel to be a spam scanner for a domain, but for the client to be fully Exchange, with no settings on the cpanel server.

    Here is how to do it. It doesn't matter if the domain is hosting web on the cpanel server or not, basically it works either way.


    Setup a static route for the domain


    For accounts that have remote DNS:
    /etc/staticroutes
    domain.com: mailad.domain.com

    For accounts that are using a static IP:
    /etc/staticroutes
    domain.com: 00.00.00.00

    Add the domain to /etc/secondarymx

    Reinit mailscanner to add spam scanning (or wait over night)
    /usr/mscpanel/mscpanel.pl -i


    It is best to add the Exchange server to the whitelists in the Exim configuration so that no mail is blocked.

    If you are having problems with mail being spam scanned when it is totally internal, then add a whitelist entry to your spam rules like this:


    whitelist_from_rcvd *@domain.com 00-00-00-00.where.fdn.com

    where "00-00-00-00.where.fdn.com" is the fdn that shows up in mailscanner when the mail is sent.

    Once everything is setup, just point the mail to the cPanel server and it will forward it to Exchange.

    You can setup OWA by using a subdomain, such as exchange.domain.com and forward it that to the https://00.00.00.00/exchange address you would access OWA by.
     
    #4 Serra, Aug 31, 2009
    Last edited: Aug 31, 2009
  5. hostmedic

    hostmedic Well-Known Member

    Joined:
    Apr 30, 2003
    Messages:
    544
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Washington Court House, Ohio, United States
    cPanel Access Level:
    DataCenter Provider
    #5 hostmedic, Sep 2, 2009
(You must log in or sign up to post here.)
Loading...
Similar Threads - Possible (Exchange smart
  1. sushlik

    Wildcard SSL via AutoSSL possible?

    sushlik, Feb 10, 2018, in forum: Security
    Replies:
    1
    Views:
    402
    cPanelMichael
    Feb 14, 2018
  2. Trane Francks

    WHM 56.0.52 to 68.0.28 - EA3 to EA4 directly possible

    Trane Francks, Feb 3, 2018, in forum: EasyApache
    Replies:
    2
    Views:
    166
    cPanelMichael
    Feb 13, 2018
  3. electric

    Possible to disable AutoSSL notifications to account owner?

    electric, Jan 11, 2018, in forum: Security
    Replies:
    1
    Views:
    320
    Infopro
    Jan 11, 2018
  4. Mohamed Hamza

    Is it possible to run make apache listen on loopback 127.0.0.1?

    Mohamed Hamza, Nov 25, 2017, in forum: Workarounds and Optimization
    Replies:
    3
    Views:
    289
    cPanelMichael
    Nov 28, 2017
  5. Sametto Chan

    Possible cPanel self eats CPU to RAM?

    Sametto Chan, Nov 18, 2017, in forum: General Discussion
    Replies:
    4
    Views:
    195
    Sametto Chan
    Nov 20, 2017

Share This Page