PDA

View Full Version : Filtering emails using Spamassassin and Clamav for Exchange 2000 Server


Rocky
5th October 2005, 17:40
I need help to configure a linux distro, preferrably Mandriva, to filter emails and then forward them to my Exchange 2000 Server. Any other distro's would be fine also. I've heard about Spamassassin and Clamav and thought that I should use them. Any suggestions? :confused:

falko
5th October 2005, 18:22
I need help to configure a linux distro, preferrably Mandriva, to filter emails and then forward them to my Exchange 2000 Server. Any other distro's would be fine also. I've heard about Spamassassin and Clamav and thought that I should use them. Any suggestions? :confused:

I've just finished writing a tutorial that could be good for you: :D
http://www.howtoforge.com/virtual_postfix_mysql_quota_courier

But it's based on Debian, not Mandriva. But should not be difficult to switch over to Debian. :)

Rocky
5th October 2005, 20:32
I'll give your tutorial a try.

Rocky
6th October 2005, 18:12
Ok, so I've followed your tutorial thoroughly and had success. Now if I wanted to catch all mails going to domainA, and send them to smtp.domainA.com, what scenerio would i have to use? Would it be a transport: domainA.com --> smtp:mail.domainA.tld?

Also, If I wanted to catch emails going to domainB, for specific users, and send them to domainA, would I have to use the forwardings example below?
user@domainB.com --> user@domainA.tld. You have .tld in your examples, do I have to create the destination as user@domainA.tld? I'm a bit confuse as to why .com is not used.

falko
6th October 2005, 19:43
Ok, so I've followed your tutorial thoroughly and had success. Now if I wanted to catch all mails going to domainA, and send them to smtp.domainA.com, what scenerio would i have to use? Would it be a transport: domainA.com --> smtp:mail.domainA.tld?

Yes! :)

Also, If I wanted to catch emails going to domainB, for specific users, and send them to domainA, would I have to use the forwardings example below?
user@domainB.com --> user@domainA.tld.

Yes.
You have .tld in your examples, do I have to create the destination as user@domainA.tld? I'm a bit confuse as to why .com is not used.
.tld is just a placeholder for .com, .net, .org, .de, ...

Rocky
6th October 2005, 19:57
Well that explains a lot and thank you very much for all of your tutorials. I'm just waiting for DNS entries to update in order to check my new mail system and I wll post the results. :)

Rocky
6th October 2005, 21:51
I think I have an issue with my setup. I have a domain, called mcrirents.com, and created the host and mx records for DNS. I've logged into phpmyadmin and created the domain --> mcrirents.com, user --> malli@mcrirents.com and forwardings --> malli@mcirents.com to malli@computerrents.com.
When I send out a mail from comcast, gmail or hotmail, it seems like its going through, but I dont receive the mail at my computerrens accound. I've checked all the setting in phpmyadmin and everything looks correct.
Am I doing something wrong.
Also, should I be able to pop3 into malli@mcrirents.com because when I try to do it, it tells me that the password is incorrect.
:confused:

falko
7th October 2005, 04:32
I think I have an issue with my setup. I have a domain, called mcrirents.com, and created the host and mx records for DNS. I've logged into phpmyadmin and created the domain --> mcrirents.com, user --> malli@mcrirents.com and forwardings --> malli@mcirents.com to malli@computerrents.com.
When I send out a mail from comcast, gmail or hotmail, it seems like its going through, but I dont receive the mail at my computerrens accound. I've checked all the setting in phpmyadmin and everything looks correct.
Am I doing something wrong.
Also, should I be able to pop3 into malli@mcrirents.com because when I try to do it, it tells me that the password is incorrect.
:confused:

Can you have a look at the mail log /var/log/mail.log? What's in there when you send a mail to malli@computerrents.com?

Does POP3 tell you that your password is incorrect, or does it tell you that the Maildir for that email address doesn't exist?

Rocky
7th October 2005, 16:29
Below is what my mail.log file looks like as of Oct 7, 05 at 8:37am


Oct 7 08:37:10 mail postfix/smtpd[4721]: connect from localhost.localdomain[127.0.0.1]
Oct 7 08:42:17 mail postfix/smtpd[4721]: timeout after EHLO from localhost.localdomain[127.0.0.1]
Oct 7 08:42:17 mail postfix/smtpd[4721]: disconnect from localhost.localdomain[127.0.0.1]
Oct 7 08:44:52 mail postfix/smtpd[4732]: connect from localhost.localdomain[127.0.0.1]
Oct 7 08:45:55 mail postfix/smtpd[4732]: D4FAFD033F: client=localhost.localdomain[127.0.0.1]
Oct 7 08:46:53 mail postfix/cleanup[4739]: D4FAFD033F: message-id=<20051007134529.D4FAFD033F@mail.mcrirents.com>
Oct 7 08:46:53 mail postfix/qmgr[3444]: D4FAFD033F: from=<malli@mcrirents.com>, size=385, nrcpt=1 (queue active)
Oct 7 08:46:53 mail postfix/smtp[4740]: fatal: valid hostname or network address required in SMTP server description: {127.0.
0.1}:10024
Oct 7 08:46:54 mail postfix/qmgr[3444]: warning: premature end-of-input on private/amavis socket while reading input attribut
e name
Oct 7 08:46:54 mail postfix/qmgr[3444]: warning: private/amavis socket: malformed response
Oct 7 08:46:54 mail postfix/qmgr[3444]: warning: transport amavis failure -- see a previous warning/fatal/panic logfile recor
d for the problem description
Oct 7 08:46:54 mail postfix/master[3442]: warning: process /usr/lib/postfix/smtp pid 4740 exit status 1
Oct 7 08:46:54 mail postfix/master[3442]: warning: /usr/lib/postfix/smtp: bad command startup -- throttling
Oct 7 08:47:04 mail postfix/smtpd[4732]: disconnect from localhost.localdomain[127.0.0.1]
Oct 7 08:48:01 mail postfix/pickup[4664]: 3DECCD0341: uid=0 from=<root>
Oct 7 08:48:01 mail postfix/cleanup[4739]: 3DECCD0341: message-id=<20051007134800.3DECCD0341@mail.mcrirents.com>
Oct 7 08:48:01 mail postfix/qmgr[3444]: 3DECCD0341: from=<root@mail.mcrirents.com>, size=581, nrcpt=7 (queue active)
Oct 7 08:48:01 mail postfix/smtp[4774]: fatal: valid hostname or network address required in SMTP server description: {127.0.
0.1}:10024
Oct 7 08:48:02 mail postfix/qmgr[3444]: warning: premature end-of-input on private/amavis socket while reading input attribut
e name
Oct 7 08:48:02 mail postfix/qmgr[3444]: warning: private/amavis socket: malformed response
Oct 7 08:48:02 mail postfix/qmgr[3444]: warning: transport amavis failure -- see a previous warning/fatal/panic logfile recor
d for the problem description
Oct 7 08:48:02 mail postfix/master[3442]: warning: process /usr/lib/postfix/smtp pid 4774 exit status 1
Oct 7 08:48:02 mail postfix/master[3442]: warning: /usr/lib/postfix/smtp: bad command startup -- throttling
Oct 7 08:50:50 mail postfix/pickup[4782]: AAE16D0345: uid=0 from=<root>
Oct 7 08:50:50 mail postfix/cleanup[4783]: AAE16D0345: message-id=<20051007135050.AAE16D0345@mail.mcrirents.com>
Oct 7 08:50:50 mail postfix/qmgr[3444]: AAE16D0345: from=<root@mail.mcrirents.com>, size=744, nrcpt=1 (queue active)
Oct 7 08:50:50 mail postfix/smtp[4785]: fatal: valid hostname or network address required in SMTP server description: {127.0.
0.1}:10024
Oct 7 08:50:51 mail postfix/qmgr[3444]: warning: premature end-of-input on private/amavis socket while reading input attribut
e name
Oct 7 08:50:51 mail postfix/qmgr[3444]: warning: private/amavis socket: malformed response
Oct 7 08:50:51 mail postfix/qmgr[3444]: warning: transport amavis failure -- see a previous warning/fatal/panic logfile recor
d for the problem description
Oct 7 08:50:51 mail postfix/master[3442]: warning: process /usr/lib/postfix/smtp pid 4785 exit status 1
Oct 7 08:50:51 mail postfix/master[3442]: warning: /usr/lib/postfix/smtp: bad command startup -- throttling
Oct 7 08:53:25 mail postfix/qmgr[3444]: DD45CD02DE: from=<root@mail.mcrirents.com>, size=781, nrcpt=1 (queue active)
Oct 7 08:53:25 mail postfix/qmgr[3444]: A4E55D02E1: from=<root@mail.mcrirents.com>, size=806, nrcpt=1 (queue active)
Oct 7 08:53:25 mail postfix/qmgr[3444]: A8349D0324: from=<roc1479@hotmail.com>, size=1067, nrcpt=1 (queue active)
Oct 7 08:53:25 mail postfix/qmgr[3444]: A8349D0324: from=<roc1479@hotmail.com>, size=1067, nrcpt=1 (queue active)
Oct 7 08:53:25 mail postfix/qmgr[3444]: B3C26D02DD: from=<root@mail.mcrirents.com>, size=781, nrcpt=1 (queue active)
Oct 7 08:53:25 mail postfix/qmgr[3444]: BBC66D0235: from=<nobody@mail.mcrirents.com>, size=785, nrcpt=1 (queue active)
Oct 7 08:53:25 mail postfix/qmgr[3444]: 80FBED0234: from=<nobody@mail.mcrirents.com>, size=785, nrcpt=1 (queue active)
Oct 7 08:53:25 mail postfix/qmgr[3444]: 22F20D033C: from=<root@mail.mcrirents.com>, size=482, nrcpt=1 (queue active)
Oct 7 08:53:25 mail postfix/smtp[4787]: fatal: valid hostname or network address required in SMTP server description: {127.0.
0.1}:10024
Oct 7 08:53:25 mail postfix/smtp[4786]: fatal: valid hostname or network address required in SMTP server description: {127.0.
0.1}:10024
Oct 7 08:53:26 mail postfix/qmgr[3444]: warning: premature end-of-input on private/amavis socket while reading input attribut
e name
Oct 7 08:53:26 mail postfix/qmgr[3444]: warning: private/amavis socket: malformed response
Oct 7 08:53:26 mail postfix/qmgr[3444]: warning: transport amavis failure -- see a previous warning/fatal/panic logfile recor
d for the problem description
Oct 7 08:53:26 mail postfix/master[3442]: warning: process /usr/lib/postfix/smtp pid 4786 exit status 1
Oct 7 08:53:26 mail postfix/master[3442]: warning: /usr/lib/postfix/smtp: bad command startup -- throttling
Oct 7 08:53:26 mail postfix/master[3442]: warning: process /usr/lib/postfix/smtp pid 4787 exit status 1
Oct 7 08:53:26 mail postfix/qmgr[3444]: A8349D0324: to=<malli@mcrirents.com>, relay=none, delay=65724, status=deferred (deliv
ery temporarily suspended: unknown mail transport error)
Oct 7 08:53:26 mail postfix/qmgr[3444]: B3C26D02DD: to=<root@mail.mcrirents.com>, orig_to=<root>, relay=none, delay=85724, st
atus=deferred (delivery temporarily suspended: unknown mail transport error)
Oct 7 08:53:26 mail postfix/qmgr[3444]: BBC66D0235: to=<root@mail.mcrirents.com>, orig_to=<root>, relay=none, delay=72737, st
atus=deferred (delivery temporarily suspended: unknown mail transport error)
Oct 7 08:53:26 mail postfix/qmgr[3444]: 80FBED0234: to=<root@mail.mcrirents.com>, orig_to=<root>, relay=none, delay=72737, st
atus=deferred (delivery temporarily suspended: unknown mail transport error)
Oct 7 08:53:26 mail postfix/qmgr[3444]: 22F20D033C: to=<postmaster@isp.tld>, relay=none, delay=32004, status=deferred (delive
ry temporarily suspended: unknown mail transport error)
Oct 7 08:53:26 mail postfix/qmgr[3444]: warning: premature end-of-input on private/amavis socket while reading input attribut
e name
Oct 7 08:53:26 mail postfix/qmgr[3444]: warning: private/amavis socket: malformed response
Oct 7 08:53:26 mail postfix/qmgr[3444]: warning: transport amavis failure -- see a previous warning/fatal/panic logfile recor
d for the problem description


When I try to do pop3, it tells me that the password is incorrent.

falko
7th October 2005, 16:44
Oct 7 08:53:25 mail postfix/smtp[4786]: fatal: valid hostname or network address required in SMTP server description: {127.0.
0.1}:10024

I quote from http://www.howtoforge.com/virtual_postfix_mysql_quota_courier_p2: :D

Next we do some Postfix configuration. Go sure that you replace server1.example.com with a valid FQDN, otherwise your Postfix might not work properly!

Put a valid address into /etc/postfix/main.cf and restart Postfix.

Rocky
7th October 2005, 17:01
Below is what my main.cf looks like.

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

myhostname = mail.mcrirents.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mail.mcrirents.com, localhost, localhost.localdomain
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_use_tlc = yes
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is over quota."
virtual_overquota_bounce = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtu
al_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relo
cated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
content_filter = amavis:{127.0.0.1}:10024
receive_override_options = no_address_mappings
~

I had my host create the DNS entries for me. They created the host and mx records as follows:
mail.mcrirents.com -->> 141.150.xx.xxx
10 mail.mcrirents.com

Do I need to create any other hosts? :confused:

falko
7th October 2005, 17:23
When did they create the DNS records? It might take up to 72 hours until all name servers know about the new entries.

Rocky
7th October 2005, 17:33
About 3 days now.

I have configure Debian with private settings:

Ip: 192.168.0.xxx
Netmask: 255.255.255.0
Gateway: 192.168.0.x
Dns: 192.168.0.xx

I'm Natting through the router and have 141.150.xx.xxx going to 192.168.0.xxx. I've opened ports 80, 25 and 110 on this ip. Is this correct?

Also, when setting up the network, I gave Debian a hostname of mail.mcrirents.com. I also have the same host name in the postfix configuration. Is that correct?

falko
7th October 2005, 23:47
I'm Natting through the router and have 141.150.xx.xxx going to 192.168.0.xxx. I've opened ports 80, 25 and 110 on this ip. Is this correct?
Yes.

Also, when setting up the network, I gave Debian a hostname of mail.mcrirents.com. I also have the same host name in the postfix configuration. Is that correct?

Yes.

I think the problem is the DNS server you're using on your Debian box (192.168.0.xx). Can you try and put other nameservers into /etc/resolv.conf? E.g. 193.174.32.18 and 145.253.2.11.

Rocky
8th October 2005, 06:42
Well Falko, I have some good news. After doing a complete re-installation and using your guide, paying very close attention, I was able to sucessfully set up the Debain Sarge Postfix mail system.
I am now able to pop3 into my account with success. The emails are scanned for spam, as well as viruses, before they are received. However, I have one little issue. When I try to send emails out of the pop account, it gives me the following error:

The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was 'malli@computerrents.com'. Subject 'test', Account: 'mail.mcrirents.com', Server: 'mail.mcrirents.com', Protocol: SMTP, Server Response: '554 <malli@computerrents.com>: Relay access denied', Port: 25, Secure(SSL): No, Server Error: 554, Error Number: 0x800CCC79

I had my isp(Verizon) create a PTR record for me today assuming that is the problem. Also, I didn't put any public DNS into the resolve.cf file. Do you think I should? If so, should I use my ISP's DNS servers?

This is how I have it set up using the phpmyadmin interface:
domain --> mcrirents.com
user --> malli@mcrirents.com

falko
8th October 2005, 12:43
The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was 'malli@computerrents.com'. Subject 'test', Account: 'mail.mcrirents.com', Server: 'mail.mcrirents.com', Protocol: SMTP, Server Response: '554 <malli@computerrents.com>: Relay access denied', Port: 25, Secure(SSL): No, Server Error: 554, Error Number: 0x800CCC79

You have to activate something like "Server needs authentication" in your email client for that account!

Also, I didn't put any public DNS into the resolve.cf file. Do you think I should? If so, should I use my ISP's DNS servers?

Yes, use public DNS servers. You can use your ISP's DNS servers or any others (e.g. the ones from my post above).

Rocky
10th October 2005, 15:00
Ok Falko, I have success. I had a mistake in one of the configuration files. So now that I can send and receive mails, I have a few questions.
Would I be able to train spamassassin? If I needed to allow certain mails that are being blocked as spam, how would I do that?
Also, are file attachments allowed to pass through or are certain exts blocked? How would I be able to allow/disallow them?
And last, is there an interface that I could use to access mails through the web? If yes, can you walk me through setting it up?

I really do appreciate the help and I must add that this tutorial was one of the easiest for me to use so far. :)

Thanks Falko!!

falko
10th October 2005, 17:57
Would I be able to train spamassassin?

Yes, there's a program called sa-learn that you can run per cron job. See man sa-learn to find out how to use it.

If I needed to allow certain mails that are being blocked as spam, how would I do that?
You can create a whitelist. Have a look at the original file /etc/amavis/amavisd.conf, I think it is described there.

Also, are file attachments allowed to pass through or are certain exts blocked? How would I be able to allow/disallow them?

Have a look at the Anomy-Sanitizer: http://mailtools.anomy.net/

And last, is there an interface that I could use to access mails through the web?

There are 3 good ones I know of: Squirrelmail (http://www.squirrelmail.org/), Uebimiau (http://www.uebimiau.org/) and Horde/IMP (http://www.horde.org/imp/).

povilas
11th August 2006, 15:42
Below is what my mail.log file looks like as of Oct 7, 05 at 8:37am

Oct 7 08:50:50 mail postfix/smtp[4785]: fatal: valid hostname or network address required in SMTP server description: {127.0.
0.1}:10024


had the same problem.

check
hostname -f

and in case add by
hostname -F /etc/hostname

Also, you should properly configure your dns server.

Contivity
11th March 2008, 09:27
I'm wondering if it's possible to create virtual maps so that people inside the Exchange environment can use it to. For example I have domain.com and I want sales@domain.com to go to john@domain.com, doe@domain.com, and jane@domain.com.

I have successfully create a virtual map to map these users and external email addresses can send to sales@domain.com and get forwarded to these 3 people. However if john@domain.com sends to sales@domain.com, it gets NDR saying that sales@domain.com is not accessible.

How can I force Exchange (I'm on Exchange 2003) to send the e-mails to the postfix server under the following condition:
1. No contacts needs to be created on Exchange server pointing to alternate domain name that points to the postfix server
2. MAPI connection still used instead of SMTP
3. No distribution group needs to be created on the Exchange server making redundant entry of the virtual map

In other words is it possible to force a transport from the MAPI connection to send everything to postfix if no local user is available? if yes, how?