> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Monday, July 07, 2003 10:13 PM > To: [EMAIL PROTECTED] > Subject: [SAtalk] How to do? Linux/Spam Assasin running as a gateway > spam filter f or another mail server. > > > Hi All, > I've got spam assassin working like a dream on our small sendmail box. > works like a bought one. what i want to do is setup a > gateway arrangment > for an Exchange Server (everyone shudders, i know). > > like so: > > Internet -> Linux Sendmail with SpamAssasin -> Exchange Server > > has anybody attempted such a thing? i've been searching > google for quite a > while and not found any howtos... on the sendmail box i'm > attempting: > > 1. that i don't need to create accounts for everyone on the exchange > server? > 2. that it sholdn't deliver to the linux box at all, but > simply scan and > forward. > 3. no mail will be deleted, but will simply have the spam > score in the > message header and the Spam in the subject line. then the > users of the > exchange server will be able to filter based on Spam Score or > the subject > line or whatever. > 4. I don't need to scan outgoing mail but i guess that > wouldn't hurt as > well. > >
I do exactly what you want to do. I couldn't find anything either, so I had to wing it with great help from this list. Here is my rundown. I have SA setup as gateway. It is listed as my mail server in DNS. I have aliases for every user setup to forward to [EMAIL PROTECTED] via a procmail script and it works great! I had to put internal.mymailserver.com in the SA machines host file so it knew where to find it. (I'm not running DNS on the gateway.) Example of one alias: user: "| /usr/bin/procmail /etc/procmailrcs/user.rc " example of user.rc file: :0fw | spamc -f -u general :0: * ^X-Spam-Level: \*\*\*\*\*\*\* ! [EMAIL PROTECTED] :0 ! [EMAIL PROTECTED] I had to go into each users exchange account and give them another email address of user.internal.mymaildomain.com as well. Had I setup the exchange server from scratch I could have solved this. But no biggy. Takes 2 seconds now to do for a new user. Now internal.mymailserver.com is behind the firewall. SA gateway is in DMZ. So this is why my setup is a little different. If you were less worried about security you could place your exchange server in the DMZ as a secondary mail server. However spammers often go right to the secondaries now. :( I absolutely LOVE my current setup. I can give people internal email only. I can make multiple aliases on the gateway and not have to mess with exchange server. You can see that I don't delete any emails, HOWEVER I do forward any spam scoring over a 7 to an exchange account called spam. I think I have had 2 FPs since Feb, and they were my fault ;) If the alias doesn't exhist, it is simply denied at the gateway. Outgoing emails are not scanned. There are a few downfalls to my setup. Some would not be a problem if your exchange server was not behind a firewall and internal. I try to secure the hell out of everything. 1) Notice I use the single user of general. I 'could' setup different users rules like sales, accounting, blah blah... but I only use one general setup of rules and such. Since I'm the only one admining them anyway. 2) Because there is no real DNS entry for internal.mymailserver.com I always get a "May be forged" rule hit. So I had to 0 that out. No biggy. 3) If the alias does exhist, well then the email is considered delivered. then forwarded to internal user. THis has one drawback, the forwarding is done by the spamd user. So what is odd is that when a return recipet request is made from the outside it gets delieverd to the spamd user, not the original sender. So no receipts come out of my company. That is something I can live with, maybe you can't. I simply had those forwarded to my account, and I delete once a week. HTH. I wrote it on the fly quickly, but this should give you an idea of how I did it. I have heard many use potfix and mimedefang. I liked the procmail method, because it allows me some flexability in what I can do per user. I'm hoping to add some more features to the procmail scripts, but haven't had the time. Chris Santerre System Admin "You should never, never doubt what nobody is sure about."- Willy Wonka ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
