Dear Allori Lorenzo,
Dear OpenProtect Experts,
you said you are not supporting the server but i only need to know what i need to install before installing your software.
Tell me if i'm right:
Linux Box with 2 ethernets that forwards everithing:
(internet) ----- eth0 [LinuxBOx] eth1 -------(Exchange Server)
That should work.
Linux Box with:
- sendmail (default installation) or qmail (default installation) or postfix (default installation)
- I think i will use qmail
The following is a small howto on installing openprotect on a postfix relay to exchange server.
First, configure postfix as shown below.
Second, configure exchange to use postfix SMTP for outgoing mails and disable receiving mails directly from the internet.
Third, test the setup for both incoming and outgoing mails.
Fourth, install openprotect on the postfix relay server.
Postfix Configuration ------------------------------
myorigin - domain mail from this machine appears to come from.
postconf -e "myorigin = domain1.com" Obviously, in the above, and all the following commands, replace example parameters, like "domain1.com", with your own specific values.
myhostname - the fully-qualified domain name ("FQDN") of the machine running
the Postfix system.postconf -e "myhostname = mail.domain1.com"
mydestination - specifies for which domains this machine will accept mail (from the outside, i.e., from the Internet). List here ONLY domains for which you are responsible for accepting mail. Separate them with commas.
postconf -e "mydestination = domain1.com, domain2.com" ...don't forget to change to your value(s)!!
mynetworks - the machines I trust, and will relay mail for, to any destination. Generally, this is set to my LAN, or just one, or a few trusted internal mail servers. This is an important one to get right, or else you can become an "open relay". In other words, your box could accept and forward mail to domains for which it has no business doing so. Being an "open relay" is a serious issue, and can cause you to get "blacklisted" by various Internet anti-spam lists, among other problems.
postconf -e "mynetworks = x.x.x.x/32"
(where x.x.x.x is the IP address of a specific machine)
If you will be dealing with multiple internal mail servers, and/or want to allow several machines and/or subnets to relay through this server (careful!!), just add them to this parameter in CIDR format, like this:
Alternate to the last command: postconf -e "mynetworks = 172.20.32.5/32, 10.0.0.0/16, 172.20.16.0/8"
(the above will allow the machine 172.20.32.5, and any machines that have an IP address starting with 10.0, or 172.20.16, to relay smtp mail through this box)
biff - we won't use biff notifications (don't ask)
postconf -e "biff = no"
smtpd_banner - what this server calls itself, when talking with other mail servers (keep identification info to a minimum, but conform to RFCs.). If you want to respect other mail servers that require a valid reverse-lookup address for all connecting mail servers, use a hostname that has a reverse lookup on the Net!
postconf -e "smtpd_banner = mail.domain1.com"
message_size_limit - maximum size email that postfix will let in the "front door"
postconf -e "message_size_limit = 1000000000"
(The above allows emails up to 1GB)
local_transport - give an error message for local delivery attempts.
postconf -e "local_transport = no local mail delivery"
local_recipient_maps - don't try to determine valid email recipients
In our situation, the postfix server will have no idea if we have a [EMAIL PROTECTED] or a [EMAIL PROTECTED], etc. It doesn't have any such lists to check against! We could fix this, but it is far easier to just ignore this problem. If mail comes in to a recipient that I don't have, postfix will process it and transport it on to the internal mail server, which will promptly reject it and will attempt to do the NDR (non-delivery report) to the stated sender email address. There are other potential solutions here, but I will only cover this simple configuration, which works fine. So we'll just set this value to nothing: postconf -e "local_recipient_maps = "
transport_maps - tells postfix where to look for a transport file. That tells it where to forward valid mail for our internal domains. Our file will be /etc/postfix/transport. (No, postfix admins, we won't use the "relay_domains" parameter for this - see the problem described at http://www.postfix.org/faq.html#firewall if you need details. Also the section just above in that web page discusses using a transport table.)
postconf -e "transport_maps = hash:/etc/postfix/transport"
/etc/postfix/transport - now we'll leave the main.cf file for a bit and go to the file we just mentioned above: the "transport" file, which is what postfix will check for redirection or relaying of mail addressed to particular domains. In our case, all inbound mail will be relayed on to other mail servers: vi /etc/postfix/transport (and edit file as per below:) Read the text in this doc as you please, to understand better, then scroll down to the bottom of the file (actually doesn't make any difference WHERE in the file you do this): add 1 new line for each domain for which you will be handling mail, similar to the example below (but of course replace domain#.com with your domain(s) and x.x.x.x and y.y.y.y with the IP address of the mail server(s) that are the final destination(s) for their respective domains) - like this (remember, use the key "i" to begin inserting in vi):
domain1.com smtp:[x.x.x.x]
domain2.com smtp:[y.y.y.y]
(DO include the brackets on these lines!) *These lines tell postfix to transport any mail addressed to recipients in domain#.com to the mail servers at the IP address(es) specified (i.e. your internal mail server(s), using the smtp protocol. The format is exacting, get every symbol correct and leave some white space between the domains and the "smtp" part.
*Note: any time you make a change to this file, you must create a special version of it for postfix to read, by running the postmap command (postfix doesn't actually read the text version we work in, it makes another, faster file for its use):
postmap /etc/postfix/transport
Restart postfix using,
/etc/init.d/postfix restart
Exchange 2000 configuration ------------------------------------------
The above setup scans all incoming mails. To scan outgoing mails, i.e
Internet -> postfix relay with openprotect -> MS Exchange
To scan outgoing mails, i.e. MS Exchange -> postfix relay -> Internet, do the following:
1) Using the Exchange System Manager, drill down to your outgoing server's SMTP Protocol. Right Click on the Default SMTP Virtual Server and select Properties.
2) On the Delivery tab, click on Advanced Delivery, and enter your outgoing SMTP(postfix) relay server for your mail account.
3) If you are running an internal Exchange server with Outlook clients, you not only have to SmartHost your Virtual Servers, but also your Exchange Internet Mail Service Connector. Bring up the properties, and enter your SMTP Smart Host in the "Forward all mail through this connector to the following smart hosts" text box.
Nothing else before installing openprotect?
The above setting doesn't need anything else besides a postfix installation and other software like gcc, perl etc needed for openprotect installation.
Thank you very much!
Lorenzo Allori
Systems Administrator
Office: +393491924516
Mobile: +393398612411
The Medici Archive Project
<[EMAIL PROTECTED]>
cheers, Karthikeyan, S. -- S.Karthikeyan | Ph: +91 (0) 44 52166646 Fax: +91 (0) 44 52079957 Opencomputing Technologies | http://opencompt.com Server Side E-Mail Protection.
