Hi, You're unlikely to get more complete notes from me - we have sufficient procedures for restoring our systems from backups and rebuilding from scratch and have other priorities at the moment I'm afraid.
We used this setup across a number of busy on site Exchange servers - I think the thing I missed out of the notes was the /etc/staticroutes file. This originated from someone else's way of routing messages using cPanel but I modified it several years back: http://forums.cpanel.net/f43/exim-smart-relay-verification-123501.html#post538101 There is even a discussion in the archives for this lists going back a few months where I worked on getting the setup to cooperate with Microsoft's hosted Exchange. Be aware that hosted Exchange will not authenticate its outbound connections, you have to make a unique setup to accept mail from their IPs. None of it seems messy to me and we can knock up a brand new mail relay instance within half an hour using those notes. We do have two ASSP instances and a separate MySQL box plus a load of configuration synchronisation scripts to automate things for us though. Once ASSP is in place you need to turn off spam filtering in Exchange otherwise you'll get people confused as to where spam goes. All the best, Colin Waring On 24/09/2014 09:58, Pontus Hellgren wrote: > Hi again! > > Thanks Colin, it's quick notes, but I get the ideea, I will surely get back > to them when they are more complete. (since I have no time to laborate and > test stuff before they work) > I would love, if possible, more complete notes before I jump on and try your > setup. (maybe in a later scenario) > Keep me updated! > > And, we would/will/are hosting it ourselfs. > > The scenario for me is this: MS will(have) stopped supporting their product > forefront which is used in another solution(hosted Exchange with multiple > domains and servers) and I'm now evaluating what to replace forefront with. > ASSP runs well in the much simpler solution (not running exchange, and with > some tweaks) and we love it. > Running ASSP in front of Exchange seems messy and seems bound to create > trouble... or not! > Problem is, it's a live environment so lots of changes needed(over all) are > not welcome at the moment, I guess! > > Thanks for all input and suggestions! > > Regards, > Pontus > > > -----Original Message----- > From: Colin [mailto:[email protected]] > Sent: den 23 september 2014 14:13 > To: [email protected] > Subject: Re: [Assp-test] Running ASSP with MS Exchange? > > How are you intending to run ASSP? > > Will it be hosted or on premises? > > We have a hosted solution where we run ASSP on a Ubuntu box with an Exim > MTA. It sits in place like a normal relay without any special connectors or > rules as follows: > > Internet -> ASSP -> Exim -> Exchange on premises Exchange on premises -> > ASSP -> Exim -> Internet > > The Exchange box is completely firewalled off from the rest of the world and > receives only TLS encrypted mail on port 25 from our ASSP IP. > Exim is configured to do user validation and authentication. It calls > forward to the Exchange box to validate the receipient before accepting it. > Having Exim do authentication means that we can set our ASSP hostname as a > simple outbound smart host with username/password authentication over a TLS > connection again on port 25. > > One of the big advantages of Exim is that when the Exchange box or Internet > goes down it will queue mail for the host. You can use a queue viewer to > check your mail for anything important or even set an Exim filter that sends > a copy of your mail to a backup address for the duration of an outage - we > had this yesterday when the whole area around our office had a power cut for > most of the day. > > I've been meaning to put some of our info back to the list to help others > out for a while. We have a lot of other edits, for example our Exim auth is > synced from our hosting platform as is the localdomains files. You can find > a copy of my setup notes here: > http://www.dolphinict.co.uk/Ubuntu-ASSP.txt I hope people find them useful. > You will need to understand Linux to use them and you will need to do > additional configuration to get things working, my config is mostly for the > back end of the system and I haven't included any notes on configuring ASSP > itself past the init script. > > All the best, > Colin Waring. > >> -----Original Message----- >> From: Pontus Hellgren [mailto:[email protected]] >> Sent: September 22, 2014 02:50 >> To: 'ASSP development mailing list' >> Subject: [Assp-test] Running ASSP with MS Exchange? >> >> This is a request for information about how to run ASSP with Exchange and > no error report. >> Please redirect this if there is another list for it! >> >> * Any caveats to avoid? (what not to do or what to actually do to not >> get in trouble with MS Exchange) >> * Any "new" links with setup information for ASSP running in front of >> MS Exchange >> * Any useful information. >> >> I ask since I have been asked to do a testrun for a case, but I have > limited time so I do not wanna do one or manny trail and error runs. >> Thanks in advance, >> Pontus >> >> >> >> ---------------------------------------------------------------------- >> -------- Meet PCI DSS 3.0 Compliance Requirements with EventLog >> Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI >> DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download >> White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with >> EventLog Analyzer >> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg. >> clktrk _______________________________________________ >> Assp-test mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/assp-test >> >> ---------------------------------------------------------------------- >> -------- Meet PCI DSS 3.0 Compliance Requirements with EventLog >> Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI >> DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download >> White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with >> EventLog Analyzer >> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg. >> clktrk _______________________________________________ >> Assp-test mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/assp-test > > ---------------------------------------------------------------------------- > -- > Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI > DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you > Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI > DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer > http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk > _______________________________________________ > Assp-test mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > ------------------------------------------------------------------------------ > Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer > Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports > Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper > Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer > http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk > _______________________________________________ > Assp-test mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/assp-test ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
