Topic: How to drop unknown users during the SMTP conversation

[newhopenet]

I am using SME as a 'email proxy' -- using the delegate function, it processes mail and sends it on to my Exchange (ugghh!) server.

I have only 15 users, and that list almost never changes.  I'm looking for a simple (noobie) way to reject mail early in the SMTP Conversation (not accepting it into the server) for any incoming mail that is not addressed to one of my 15 valid users.

I was able to do this in earlier versions of SME using a contrib by Dungog, which will not be updated to v.7 compatibility.

In another thread, someone said something about using a custom template to do this.  I've searched and searched, but can't seem to find any 'entry-level' info on custom templates.  If this approach may work, could someone point me in the right direction for more information on the basics of custom templates?  Or, does anyone have any better solution?

[RayG]

We created accounts for each user on the SME box and then set their email to forward to the exchange server.

[newhopenet]

OK, that's easy enough -- but will that be all I need to do?  Will it automatically start rejecting connections with bad email addresses at that point?  Just because I setup our users on SME?

[RayG]

That seems to be the case. I get "550" connection rejects for bad usernames and "552" (if I remember correctly) rejects for spam over the reject threshold. I don't recall what the reject code was for virus infected emails but I believe it was different from spams.

This is all assuming your set up in server/gateway mode and email is coming in on the WAN which is a different subnet from your LAN.

[gordonr]

I am using SME as a 'email proxy' -- using the delegate function, it processes mail and sends it on to my Exchange (ugghh!) server.

I have only 15 users, and that list almost never changes.  I'm looking for a simple (noobie) way to reject mail early in the SMTP Conversation (not accepting it into the server) for any incoming mail that is not addressed to one of my 15 valid users.

SME 7.1 does this automatically - you don't even need to tell it about the 15 users. All you need to do is this:

- Configure the domain of the Exchange server into the SME Server
- Configure the address of the Exchange server as the "Address of the internal mail server"
- Configure the Exchange server to reject mail for unknown users

The check_smtp_forward plugin is automatically enabled when you configure an internal mail server. Here's the plugin doco:

=head1 NAME

check_smtp_forward

=head1 DESCRIPTION

This plugin checks whether SMTP forwarding would be allowed for this
recipient by connecting to the internal mail server.

If the internal mail server rejects the mail, we DENY it.
If the internal mail server would accept the mail, we DECLINE.
If the internal mail server cannot be contacted, we DENYSOFT.

=head1 CONFIG

Reads smtproutes to determine where to send mail for various domains.
Ignores any default smtproutes entries as they are for upstream mail
servers (e.g. ISP).

=head1 AUTHOR

Copyright 2006 Gordon Rowell <gordonr@gormand.com.au>

So, if the Exchange server will accept the mail, the SME Server continues with the mail processing and does things like virus and spam scanning. If the mail passes all of the tests, the SME Server will queue it and forward it to the Exchange server.

I know I wrote it, but I think this is kinda cool

[gordonr]

We created accounts for each user on the SME box and then set their email to forward to the exchange server.

You don't even need to do that with SME 7.1

The spam will be tagged with X-Spam-Status and can be filtered on the Exchange server. Last time I looked, Outlook Express couldn't filter on X-Spam-Status, so you might have to enable Spam Subject munging if you must use OE. Outlook (not OE), Thunderbird and pretty much every other common mail client can do header filtering.

Subject munging is a really bad idea and should be avoided whenever possible. If not done carefully you end up with multiple SPAM tags in the Subject line. False positives are also a problem as people grab them out of their junkmail folder and reply to them, perpetuating the munged subject, and probably falling foul of spam filters at other sites.

Finally, it breaks emerging anti-spam measures such as DomainKeys as the message is tampered with in-flight in a header that should be left alone from sender to recipient.

[gordonr]

I'm going to move this to SME Server 7.X as no contrib is required here.

[newhopenet]

You guys are awesome.  Thanks for walking me through that -- I should have looked carefully at the mail logs, as I can clearly see the check_smtp_forward plugin working -- asking the exchange server whether it will accept mail from each incoming email and rejecting it if it will not.  That is one fantastic plugin.  Thanks to the contributor of the plugin, and thanks to the forum for putting up a noobie.