Configuring SA as frontend to Exchange

[Henry Kwan <sp...@designmedia.com>]

Hi,

Have been running SA on CentOS for a few years now and everything has been
working great.  But the powers that be want to move to Exchange so I am trying
to plan a SA frontend that feeds the Exchange server.

As I was thinking over how SA works now and how it might work in the my future
setup, I was wondering how you would feed unmarked spam to the SA frontend? 
Since email is passed through to Exchange, it isn't stored on the SA server
anymore like it is now.  Or would I be limited to just having SA autolearn?

Also, if anyone has some good links to setting up a SA frontend to Exchange,
that would be much appreciated.

Thanks!

Re: Configuring SA as frontend to Exchange

[Matt Helm <co...@gmail.com>]

> I was wondering how you would feed unmarked spam to the SA frontend?
> Since email is passed through to Exchange, it isn't stored on the SA server
> anymore like it is now.

We do this. I have set up a public folder in Exchange named SPAM. The users
self police their emails and drop any unmarked spam emails there. Periodically,
I FTP over the emails to the SA server and run learn on them. At some
point I will
automate that to run twice a day.

Re: Configuring SA as frontend to Exchange

[Jonathan Armitage <jo...@hepworthband.co.uk>]

Henry Kwan wrote:
> Hi,
> 
> Have been running SA on CentOS for a few years now and everything has been
> working great.  But the powers that be want to move to Exchange so I am trying
> to plan a SA frontend that feeds the Exchange server.
> 
> As I was thinking over how SA works now and how it might work in the my future
> setup, I was wondering how you would feed unmarked spam to the SA frontend? 
> Since email is passed through to Exchange, it isn't stored on the SA server
> anymore like it is now.  Or would I be limited to just having SA autolearn?
> 

Henry,

I think this is a fairly common configuration.

You don't say which MTA you are using, but we do this with Exim running 
on Solaris.

It is quite trivial to configure Exim to forward mail for our domains to 
the Exchange server and send outgoing mail, well, outwards. Exim can 
also be configured/compiled to call SpamAssassin and then flag or reject 
the email depending on the SA score. You can also add ClamAV (or any 
other virus or spam checker) to this mix.

I am sure similar things are possible with your favourite MTA.

Jon Armitage
Systems Administrator
365 Media Group

Re: Configuring SA as frontend to Exchange

[Robert Schetterer <ro...@schetterer.org>]

Henry Kwan schrieb:
> Hi,
> 
> Have been running SA on CentOS for a few years now and everything has been
> working great.  But the powers that be want to move to Exchange so I am trying
> to plan a SA frontend that feeds the Exchange server.
> 
> As I was thinking over how SA works now and how it might work in the my future
> setup, I was wondering how you would feed unmarked spam to the SA frontend? 
> Since email is passed through to Exchange, it isn't stored on the SA server
> anymore like it is now.  Or would I be limited to just having SA autolearn?
> 
> Also, if anyone has some good links to setting up a SA frontend to Exchange,
> that would be much appreciated.
> 
> Thanks!
> 
> 
Hi , i had configured serveral relays
with postfix for exchange works
like charme
i use spampd on this relays
the most importend thing at a relay is
bringing the valid smtp adresses from exchange
to postfix so that postfix can reject with no relay user to
attacks, you can do this by adresse table ( may edit it with webmin if 
you need a gui )
or let ask postfix via ldap to the active dir , or dump addresses out of 
exchange active dir copy it to access table to postfix via ssh by cron.
The config for a relay before exchange is nearly the same as for a back 
mx server , look at postfix docs, use a transport table
to forward to exchanges ip , and configure exchange
to relay out over postfix , do this with sasl auth only for your domains
cause exchange changes the mail from by forwards and this might
give you trouble at other servers which make checks about dns mx entires.
You might use selective greylisting , policyd-weight, dkim signing , spf 
libs on postfix too, and for sure clamav milter.
This may result in nearly 99 % spam free mailboxes in exchange.

-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria

Re: Configuring SA as frontend to Exchange

[chan khon-yap <ck...@mail9.no-ip.org>]

I found the following links serve rather well for my needs (SA + Exchange +
Postfix):

http://www200.pair.com/mecham/spam/spamfilter20061118.html
http://www-personal.umich.edu/~malth/gaptuning/postfix/


Regards,
Khon Yap

Re: Configuring SA as frontend to Exchange

[Henry Kwan <sp...@designmedia.com>]

Vidar Tyldum Hansen <vidar <at> tyldum.com> writes:
 
> I'm just doing a rough summary of my process on 2007:
>  - Use LDAP to check the recipients against Exchange/AD
>     (remember the proxyAddress attribute)
>  - On the SA-machine I use Postfix and header_checks after the message
>     is scanned by amavisd-new to map the amavisd-new-headers to the
>     SCL-headers Exchange recognizes. (Hint: 'prepend')
>  - Define the SA-machine as an internal server (so it trusts the
>     SCL-headers)
>  - Enable Junk-folder for the users via OWA
> (http://gsexdev.blogspot.com/2007/07/turning-on-filter-junk-email-in.html)
>  - Define a receive-connector for the SA-machine
>     (allow anonymous access, retrict to SA-machine only)
>  - Install the antispam agents on the Exchange server
>     (http://support.microsoft.com/kb/555924)
>  - Define spam thresholds for Exchange
>     (http://technet.microsoft.com/en-us/library/bb123559.aspx)
> 

Wow.

Thanks to all the responses.  It sounds like it shouldn't be any problems
switching over but I guess as with all things, the devil is in the details.  So
once the hardware arrives, I'll start tackling the setup and I'm sure I'll have
a bunch of new questions at that time.

Thanks again.

Re: Configuring SA as frontend to Exchange

[Vidar Tyldum Hansen <vi...@tyldum.com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Henry Kwan:
> Hi,
> 
> Have been running SA on CentOS for a few years now and everything has been
> working great.  But the powers that be want to move to Exchange so I am trying
> to plan a SA frontend that feeds the Exchange server.

Been there!

> As I was thinking over how SA works now and how it might work in the my future
> setup, I was wondering how you would feed unmarked spam to the SA frontend? 
> Since email is passed through to Exchange, it isn't stored on the SA server
> anymore like it is now.  Or would I be limited to just having SA autolearn?

Thought quickly over this and figured IMAP-support on the Exchange might
give me the necessary interface to do this. However, I started out with
autolearning and the results were just fantastic so I didn't give it
more thought.

> Also, if anyone has some good links to setting up a SA frontend to Exchange,
> that would be much appreciated.

I don't have any links, but I could summarize what I did to make this
work (got it running with 2 clients at the moment, one with Exchange
2007 and one with Exchange 2003).

My goal was to have SA fully integrated with Exchange so that the
junk-folder was put to good use. I hate spending time looking for
'missing' emails that actually never was sent.

I'm just doing a rough summary of my process on 2007:
 - Use LDAP to check the recipients against Exchange/AD
    (remember the proxyAddress attribute)
 - On the SA-machine I use Postfix and header_checks after the message
    is scanned by amavisd-new to map the amavisd-new-headers to the
    SCL-headers Exchange recognizes. (Hint: 'prepend')
 - Define the SA-machine as an internal server (so it trusts the
    SCL-headers)
 - Enable Junk-folder for the users via OWA
(http://gsexdev.blogspot.com/2007/07/turning-on-filter-junk-email-in.html)
 - Define a receive-connector for the SA-machine
    (allow anonymous access, retrict to SA-machine only)
 - Install the antispam agents on the Exchange server
    (http://support.microsoft.com/kb/555924)
 - Define spam thresholds for Exchange
    (http://technet.microsoft.com/en-us/library/bb123559.aspx)

Some work must go into the thought of translating SA scores to
SCL-levels and if you wish to have a cutoff level.

My only grief is that some users doesn't seem to grasp the idea of a
junk folder and constantly complain about spam in it. One user even made
up a summary of all the dirty words contained in these spams and asked
me to block them. Duh.

Bet there are plenty of ways to do this, but I found this approach gave
me a fully integrated solution.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFH/lCqsJJnSzEQqpgRAq3FAJ9Gx7qQTA1i9751XgibyEONJcek2gCfdBKS
tWhrgLWkZ2GqaiPcjci2OUQ=
=wAkk
-----END PGP SIGNATURE-----

RE: Configuring SA as frontend to Exchange

[Jeff Moss <jm...@Huffmancorp.com>]

I've done this a few times and it works really well.  I use Linux,
Postfix,
SpamAssassin, ClamAV, and a super lightweight cut down version of the
now-dead
Amavisd-lite.

I use this system as an inbound email relay on, or outside, the
corporate
firewall boundary and put Exchange inside.  That way if the relay system
comes under attack Exchange still works correctly inside the firewall. I
configure the firewall to only allow my outside email relay to send
inbound
traffic to the Exchange server.

In order to avoid accepting email for users I don't have I've got a
script
that reaches into the Active Directory through LDAP and gets a list of
legal
email recipients every day.  I found the script on the net somewhere but
I had to tweak the output a little to make Postfix happy.

  Jeff Moss

 

-----Original Message-----
From: Henry Kwan [mailto:spam@designmedia.com] 
Sent: Wednesday, April 09, 2008 2:24 PM
To: users@spamassassin.apache.org
Subject: Configuring SA as frontend to Exchange


Hi,

Have been running SA on CentOS for a few years now and everything has
been
working great.  But the powers that be want to move to Exchange so I am
trying
to plan a SA frontend that feeds the Exchange server.

As I was thinking over how SA works now and how it might work in the my
future
setup, I was wondering how you would feed unmarked spam to the SA
frontend? 
Since email is passed through to Exchange, it isn't stored on the SA
server
anymore like it is now.  Or would I be limited to just having SA
autolearn?

Also, if anyone has some good links to setting up a SA frontend to
Exchange,
that would be much appreciated.

Thanks!