Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: Denbert on May 05, 2009, 12:05:13 PM
-
Hi,
I'm having a SBS 2003 R2 server, and my ISP hosts mails, which are pulled via POP connector and distributed to users by Exchange.
More and more mail servers checks MX records against SMTP server IP and therefore my SBS 2003 server can't mail to some recipients.
I was wondering if i could use SME 7.4 as a "smapsnake" in front of this SBS 2003 server, as I don't want SMTP traffic directly to the SBS 2003 R2 server.
I would then set SBS 2003 to forward mails to SME 7.4, but can SME 7.4 handles mails by forwarding them to SBS 2003 or do I need to make users etc. etc.?
like this:
Internet -> Sonicwall -> portforward port 25 to SME 7.4 -> forward clean mails to SBS 2003
Can it be done?
I have this senario with setup after this howto http://www.howtoforge.com/the-perfect-spamsnake-ubuntu-8.04 - but a diskcrash this morning has wiped my spamsnake.
Therefore I'm looking for a fast easy solution, and SME 7.4 seams like a fast easy solution.
-
You can absolutely run this scenario - I do the same and filter spam and virus with the SME server before it goes into the SBS. There is not need to add users on the SME server as well.
All you need is to create the appropriate domain(s) on the SME server, port forward port 25 to SME, and then configure SME to forward mail to the SBS. The last is done via the server manager -> E-mail and set "Address of internal mail server" to the IP address of your SBS.
Since you are not using the SME for anything else then close all other services down (IMAP, POP3, FTP, etc. ) for enhanced security. Maybe also place it in the DMZ.
Then you are done and free of a lot of spam (well if you enable the spam filter). Obviously I would advocate for installing sme-unjunkmgr (http://wiki.contribs.org/Sme-unjunkmgr) just to see how many emails are being filtered.
-
Thanks Jesper :)
Do you use the SME as SMTP for SBS?
-
No, actually emails going out are sent directly from SBS and not via SME
-
I've two setup like this...
One where the sme server is in the DMZ behind an IPCop firewall which delivers email to the SBS via a DMZ pinhole and one where the sme is the gateway.
Delivery is:-
Inward:
sme --> sbs
Outward:
sbs --> sme --> ISP's SMTP servers
To stop mail being bounced you may want to look at pointing your domain's mail settings to your sme server or arranging with your domain host to use their SMTP server for outgoing mail. You may already have SMTP with your domain hosting package. SME server can also do SMTP authentication on the way out as well.
Hope this helps
Norrie
-
Good Day.
I have setup as above, and have a number of questions...
1. Where do I see the log files for the mail coming in, is it ../qpsmtpd/current or ../qmail/current?
2. I get the following error in the log files " delivery 10: deferral: Connected_to_192.168.0.4_but_sender_was_rejected./Remote_host_said:_454_5.7.3_Client_does_not_have_permission_to_submit_mail_to_this_server./
", anybody know what this means, I assume it is from the Exchange box?
Regards
Shawn
-
The log file for mails coming is the /var/log/qpsmtpd/current and when they have been scanned to are sent to qmail (/var/log/qmail/current).
Your problem in #2 below is properly related to the fact that the SME server is located on a net (IP subnet) which is not considered local to the SBS?
-
2. I get the following error in the log files " delivery 10: deferral: Connected_to_192.168.0.4_but_sender_was_rejected./Remote_host_said:_454_5.7.3_Client_does_not_have_permission_to_submit_mail_to_this_server./
", anybody know what this means,
192.168.0.4 (your M$ Exchange server) is saying:
Client [i.e. your SME server] does not have permission to submit mail to this server.
Could that be any clearer?
Your mail is still waiting on your SME server, which will try again periodically.
-
Thanks Charlie -- "Crystal Clear"
-
You can absolutely run this scenario - I do the same and filter spam and virus with the SME server before it goes into the SBS. There is not need to add users on the SME server as well.
All you need is to create the appropriate domain(s) on the SME server, port forward port 25 to SME, and then configure SME to forward mail to the SBS. The last is done via the server manager -> E-mail and set "Address of internal mail server" to the IP address of your SBS.
Since you are not using the SME for anything else then close all other services down (IMAP, POP3, FTP, etc. ) for enhanced security. Maybe also place it in the DMZ.
Then you are done and free of a lot of spam (well if you enable the spam filter). Obviously I would advocate for installing sme-unjunkmgr (http://wiki.contribs.org/Sme-unjunkmgr) just to see how many emails are being filtered.
But will the nifty release-service in unjunkmgr work when you havent got any users configured ?
I mean, beeing able to unlearn spam is important if you are using Bayesian , as sme-unjunkmgr states.
Kenn
-
No, it will not as the SME server doesn't store any messages. The only "feature" of the unjunkmgr that you can get benefit from is the stats.
Wonder whether the SpamAssassin Coach could be used in this installation?!
https://sourceforge.net/projects/soc2006spamd/
-
Denbert
I have two setups as you propose. One sits behind an IPCop box which forwards Port 25 to the SME and another which sit behind a Sonic Wall like appliance (I forget the name of it right now. It is horrible though) which also forwards port 25 to the SME.
In both instances SBS handles mail delivery. One directly and the other hands it on to the ISP. (SME is not involved in mail delivery)
MSE/ SBS could also hand the mail on to SME for delivery but I didnt consider that necessary.
Both work perfectly. Detailed instructions on the setup are in the Howto's section in the email document. Setup takes about 2 minutes if you know your way round SME a little bit. I have Knuddi's unjunk manager on both but it is only useful for the stats in this enviroment. (In different enviroments, it is brilliant)
This is the only way I would ever run an Exchange Server again. (If I really must run Exchange). It improved the performance of the SBS2003 server for MSSQL untold just by removing the multitudes of SPAM messages that thrashed around inside it, eating resources, for days on end. GO FOR IT, you wont regret it.