Spam Filtering with Exchange??

[green sun]

Ok, here's the setup we have:

Single MS Exchange server connected through firewall to internet for mail.

We are getting *hammered* by span (sent to emails on our server), and I have been asked to help come up with a solution. Now, this place has been a total MS shop, and this is the first time I have been approached to put in a Linux solution into our core systems. Its a big chance to show off Linux's cost savings, but Im a little unsure about the best way to set it up.

Anyone have any ideas of what software I should be looking into? We will *not* be moving from Exchange, so this box would have to sit inbetween the firewall & the Exchange server & filter incoming mails & drop if they are spam (off of one of the free lists), or forward onto Exchange if it is ok.

Ideas?

Thanks,
~gs

[Alowishus]

Drop a box running Postfix as a gateway on your DMZ. You can configure Postfix to enforce a selection of anti-spam criteria (checking HELO, reverse domain lookup, blacklists, etc) before even accepting mail. If you want to go further, you can hook up Amavis-new + SpamAssassin as a Postfix content_filter to catch viruses and at least mark spam, if not discard it altogether.

Set your incoming firewall rules for port 25 to send everything to the Postfix box, and then let it relay everything that it approves through to Exchange. If you want to get fancy, tell Exchange's Internet Mail Service to send all outbound mail through Postfix as well. This would allow you to scan outbound for virus if you like, and you'll be able to pull daily mail statistics from Postfix's logs. Run the 'pflogsum' script in cron and have it mail your manager, and he'll feel all warm and fuzzy. That report is something Exchange could never produce

We use this setup in a 250 person company, and it runs fabulously, and on minimal hardware (500MHz box). An added benefit is that mail gets queued in Postfix when Exchange decides it needs to be rebooted.

[green sun]

This sounds exactly like what I was looking for. Is postfix easiest to use with this? Anyone have good links for docs on setting up postfix as a relay? Is it easy?

[taskara]

this is linux - nothing's easy first time round
_________________
Kororaa install method - have Gentoo up and running quickly and easily, fully automated with an installer!

[kashani]

http://advosys.ca/papers/postfix-filtering.html

Had it up and running in about 30 minutes unsing the above, same sort of situation.

kashani
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape.

[taskara]

that was sarcasm.. but good to know..
_________________
Kororaa install method - have Gentoo up and running quickly and easily, fully automated with an installer!

[green sun]

Well, yes & no...
Actually, running MS is much easier the *first* time around... trust me, the shop here runs on the theory of "If I can't do it with a wizard, I don't need to do it" (actual quote!!)

However, with Linux, its all learning curve. Learn it the first time, and you spend more time in the future figuring out how to extend it. With MS, you spend most time afterwards figuring out exactly how its working at a basic level Very little work is done (at least in the 4 or 5 MS shops I've worked with) trying to get MS to work with you... you end up working how MS wants you to.

[taskara]

but can a linux server do everything that a MS server can ?

I believe a linux server can do 90% of the things an MS server can do, and do it better!

Things a server in a corporate environment needs to be able to do:

mail (IMAP ?) [something vs Exchange ?]
internet router / firewall
DNS
instant messaging
dhcp
GUI remote access
dial in with modem
calander sharing
file sharing
print sharing
terminal server
web / http
backup
log onto domain if windows clients (samba ok)
antivirus

any others you can think of, and what of these can a linux server do?

The only concern I have from the above list is calander sharing, tho I think that can be done via web interface - would be nice if it could be intergrated into Evolution...

thoughts?
_________________
Kororaa install method - have Gentoo up and running quickly and easily, fully automated with an installer!

[kashani]

[taskara]

[kashani]

Let me give a bit of back ground.

I saw a system that could not handle 3-8 Mb/s of mail traffic running sendmail and 4 Ultra2 from 96-99. Horrible admins and I was not one of them.

Worked on a qmail system, 20 E420's, 10 TB backend, 3-5 million users and very few problems. 99-01

Ran and installed Postfix, Courier IMAP, spam assassin systems for myself, friends, and a few clients. Also use it at the hosting company I work at. 02-03

Generally speaking Postfix gets the job done, the config is straightforward, and it's still in active development. That's really my main problem with qmail. Having to install patches to get what should be basic functionality earns you no friends in my book. I haven't conviced work to switch to gentoo yet.

If you want good enough, flexibility, ease of use, and simplicity Postfix is my recommendation. If you're sending 2-3 million messages via an opt in spam list (my latest project) I'd use qmail.

If we're still talking about replacing Exchange the thing to remember is it's not about the email. No, don't even think it. It's about syncing, contact lists, mail lists, and the 900 other things people use Exchange/Outlook for.

Lots of people run systems that have qmail, Postfix, etc fronting for Exchange, Lotus somewhat, and several groupware installs. Using a Linux MTA for preprocessing makes for simplier upgrades and extends the limited horsepower of a calneder system which is too busy doing everything, but sending mail.

kashani
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape.

[taskara]

mmmm.. thanks for all that, that's awesome.

I'll begin to have a play around and see what I can get my hands dirty with.

I agree with you on the "replacing exchange" front - that exchange isn't about the email, it's about shared calendars and etc..
_________________
Kororaa install method - have Gentoo up and running quickly and easily, fully automated with an installer!

[green sun]

Personally, I am *not* looking to move away from Exchange. It may be lacking in certain areas (the whole public folder thing), but for scheduling/email/calendar in the corporate world, its tough to beat Exchange.

MS has even dropped the ball in several ways with Outlook/Exchange (for example, not integrating MS Project tightly with it.. that would be killer for project managers). Its too bad Linux/OSS doesnt offer something comparable, but this would be a considerable task. I'm happy filtering mail through postfix & letting Exchange do its thing.

For our shop its a great way to introduce Linux into the mix. My higher-ups have been afraid of Linux just because its not MS.. having it do *difficult* jobs like this will be a big plus.

BTW, kashani, I will bring up that it will make upgrading Exchange easier. Thats a great point!! It will help us keep a "virgin" Exchange install... thanks!

[kashani]

[green sun]

This started as a SPAM filtering exercise, but it really has become a job to open up our shop to Linux. We have a Dell PowerEdge, massively expensive box that runs Exchange, and everyone is afraid to touch it Hopefully I'll be able to add some nice functionality, and leave Exchange to move data around.

A few questions:
1. What platform? I'm currently running OpenBSD on some (private) servers, and while its "secure", I'm wondering if a carefully compiled Gentoo wouldn't be faster?
2. If Gentoo, any suggestions for USE flags? Remember, Im looking at this as a mail gateway that will run Postfix & some spam filtering initially.
3. General hardware recommendations? Ie, don't worry about HD space, but use lots of memory, etc...

[kashani]

This sort of depends on how much email you send and receive. For your standard 100 person office a PIII, 1 GB RAM, and a reseasonably fast drive should cover it. The spam filtering will increase load more then normal, but handling office mail isn't a high end application. If you're larger I'd try the workstation and maybe move to a cheap 1U server with more RAM and maybe some SCSI drives after you see how it performs. It'll also be easy to get someone to sign off on the cash for a real server after they get used to seeing no spam.

*nix wise it really doesn't matter. As long as you can install Perl and your MTA easily, go with what you know.

kashani
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape.