Mandriva 2005 Postfix Anti-Spam, Anti-Virus Relay Server for Exchange Server 2000/2003

THE DEFINITIVE GUIDE TO SETTING UP A LINUX RELAY SERVER FOR MICROSOFT EXCHANGE SERVER 2000/2003

There are a couple of linux how-tos floating on the Internet that deal with this very subject. As a matter of fact, those guides are what inspired to write this one. In the spirit of keeping it simple, let me recommend the Mandrake or as it’s currently known Mandriva Linux distro. This guide has been written with this distro in mind.

What you will need:

  1. Mandriva Linux Limited Edition 2005 (I’m sure this will work on Mandrake 10.1 or even older versions. I just haven’t tested it on anything earlier)
  2. A box with a DVD-ROM for the DVD version of Mandriva LE 2005 or CD-ROM for the CD version of Mandriva LE 2005. (The system specs do not have to be very high. It’s basically going to be a mail server. Depending on the amount of mail you expect, size the machine accordingly. I installed it on an IBM eServer with a single Xeon CPU, Hardware RAID1 and 512MB of RAM. I know it’s overkill for this application, but the server choice wasn’t my call).
  3. A Ms Exchange 2000/2003 box that you want to protect. You don't know how to setup an Exchange server you say? Well then, check out my super dooper "Down and Dirty Guide to setting up Exchange 2000/2003" at this address: http://forums.theonpc.com/viewtopic.php?t=15
  4. A live working Internet connection (Preferrably broadband).

STEP 1: Install Mandriva LE 2005 Install Mandriva LE 2005 with the following minimum packages:

  • Mail server (Postfix)
  • SSH server

STEP 2: Remove Installation Media/Update Mandriva Sources:

It’s important to remove the installation DVD or CD-ROM as the media of choice for your Linux installation and instead use on-line media anytime we want to install or update anything on this installation. The procedures below will help you accomplish this:

a) Create a script file under /root called update.sh or whatever you want. I usually name them by distro. For example, for 2005 LE, I name it "update.2005.sh". Open up a ssh (putty) windows to your server. It's a lot easier doing it though putty than trying to type the sources in a console window manually. In a putty window it's just a matter of copy and paste. In the putty windows type the following:

vi update.2005.sh

Enter the following lines:

urpmi.removemedia -a

urpmi --auto-select --auto

b) Goto http://easyurpmi.zarb.org and select your distro and then click on the "Proceed to STEP 2 button. Then, under "2) Select a mirror for each source" section under Core Distribution, check off the following: "Source contrib", "Source main", "Source updates" as a bare minimum. Then click on the Proceed to STEP 3 button. This will generate a list of mirrors. Select them and copy the entire list. Go back to your putty window, click the "i" key to put the editor in insert mode and paste what you just copied from your browser in your putty window between the lines you type earlier. So, your screen should look similar to this:

urpmi.removemedia -a

urpmi.addmedia --update updates ftp://ftp.clinet.fi/pub/mirrors/Mandrake-linux/official/updates/LE2005/main_updates/ with media_info/hdlist.cz

urpmi.addmedia main ftp://ftp.clinet.fi/pub/mirrors/Mandrake-linux/official/2005/i586/media/main with media_info/hdlist.cz

urpmi.addmedia contrib ftp://ftp.clinet.fi/pub/mirrors/Mandrake-linux/official/2005/i586/media/contrib with media_info/hdlist.cz

urpmi --auto-select --auto

Of course, don't copy my sources which are most likely outdated. c) Save your script and make it executable. Type the following in your putty window: Presss the "ESC" key to take the editor out of insert mode. Then press "SHIFT ZZ" to save your file.

chmod 755 update.2005.sh

c) You are ready to go. Type the following in your putty window and watch it go. Once completed, your sources are updated and your installation media has been removed.

./update.2005.sh

Share this page:

5 Comment(s)

Add comment

Comments

From: Anonymous at: 2006-07-07 20:50:43

This is an excelent guide step by step to build a mail gateway with
antivirus and antispam funcionalities. I've used it to build a mail
gateway to help to us domino's server to process email. I've build it
with Mandriva 2006 and there's not problem, all works fine. As I didn't
have Exchange, I had to look for information to build the file of valid
recipients manually.

Omar Rojas García

omarrojasg (at) gmail.com 

 

 

From: Anonymous at: 2010-01-13 18:34:59

Superb blog post. I thought your blog post is extremely fascinating. Thanks!

From: Anonymous at: 2006-06-29 15:59:46

Postfix can directly query Active directory and the setup is much simpler.  In addition, your postfix setup is now always up-to-date on active users.  In main.cf add:

relay_recipient_maps = ldap:/etc/postfix/ldap.cf

in ldap.cf:

server_host = ldap://dc1.example.com:389
search_base = cn=Users,dc=example,dc=com
timeout = 5
bind = yes
version = 3
bind_dn = ADuser@example.com
bind_pw = ADusersPW
query_filter = (proxyAddresses=smtp:%s)
result_attribute = extensionAttribute1
domain = hash:/etc/postfix/transport

in transport:

example.com smtp:exchange.example.com:25

Lastly in the Active Domain user management you need to put "OK" (no quotes) in the extensionAtribute1 for each user you wish to allow to receive external email.  This is required because Postfix looks for OK in the lookup response, anything else is a negative response.

Enjoy,

Woody (woody at linif dot org)

From: at: 2007-11-29 20:13:13

imap2mbox.exe --config="c:\imap2mbox\ham.cfg" --path="Pubic Folders/" --folder="HAM/" --server=YourExchangeServer --delete --username="YOURDOMAIN/username" --mbox="c:\imap2mbox\ham.mbox" --pass=yourpassword


 Watch out for the "Pubic" folders ;-)


 Also the username/password should be a user that has read/right to "all" in those folders or this will not work. Off of the top of my head, I think the role is "Publisher" for the folder. (I'm not near exchange at the moment).


 One other thing, someone previously posted a way of doing this ldap: style. Worked beutifuly for me, this should be added as an alternate. Maybe with an explanation of advantages and disadvantages. This walk through work great with debian, most of the stuff is very apt-get'able. Only a few configs were different, not much though.


 Thank you very much for your work.


 


dan 

From: Pawel at: 2010-02-16 12:07:49

Great tutorial! Thanks!