IT Consulting Los Angeles Woodland Hills Tech Support Small Business Computer Networking Server Setup Microsoft Certified Partner California Company Network
Click here to Check for Security Risks


 
FOR MORE INFORMATION
EMAIL US AT
OR CALL US AT (818) 789-0088
Exchange Spam Filter Creation Scripts
Chris Willis, Director of Technology and Services, Castellan
Download the filter creation script files

Purpose
To create a high-quality SPAM filter for a Microsoft Exchange server. I have seen many docs regarding the integration of spamassassin with exchange. However, none of them met my requirements of simplicity & stability. Thus, I went the linux route, and developed a method that allows me to create a Linux Spam Filter in a few minutes of my time. Since Redhat has been the #1 linux distro for years, I based my work on their Fedora Core 3 product. This is the same production install we do for clients, and is running stable for all of them.

This method is reasonably secure. The box only has port 25 touching the internet. The firewall on the box only allows SSH and SMTP inbound to the box at all, so I wouldn't worry much about the box in general. If you are super-duper-paranoid, try out this OpenBSD howto instead of mine.

If you are running Exchange 2003, then you can install the Intelligent Message Filter into Exchange. This is the Microsoft free spam filter. It isn't very good, BUT it works great when combined with SpamAssassin.

I have not included any anti-virus filtering - all of my clients are required to run a commercial, enterprise antivirus solution that includes an Exchange plugin - we won't take responsibility for a network without enterprise AV (usually Symantec or TrendMicro) product installed.

Here is a before & after diagram showing a typical small business network with the spam filter installed. Click images to enlarge them.



Requirements
  • a Microsoft Exchange Server, preferably running DNS also
  • a computer that you can dedicate to running Linux - at least a PII 400mhz+, 1024mb RAM, 10gb HD. A refurbished Dell Dimension from the Dell Outlet (Celeron 2.4ghz, 40gb HD, 1024mb RAM) can be had for $500, and will do the job quite nicely. A gig of RAM is realllyyyy important, since Spamassassin will run very slow with 512mb or less of RAM
  • Putty, to be installed on the exchange server
  • Wget, to be copied to the \windows directory of the Exchange server
General Outline & Methodology used by the scripts
  • first, we create a DNS zone called email.relay on our active directory DNS server, usually running on the Exchange box as well. This zone exists to provide name resolution that is independent of all other name resolution. We will be putting 2 host records in it - one for our exchange server, and one for the linux box. We will also create an MX record pointing to the linux box, called linux.email.relay. This is done by a VBScript.
  • next, we will create 2 contacts in AD called spam and nospam. These 2 contacts point to email accounts on the actual linux box itself, called spam@email.relay and nospam@email.relay. This is done with a VBScript also
  • Fedora uses a program called YUM to download & install software & updates. We need to setup YUM properly, using a config file called yum.conf. A batch file using wget and plink/pscp (2 programs installed when you install putty) will setup YUM for us.
  • Now that YUM is configured, we need to configure the email program on the linux box. We will be using Postfix, which is included in the Fedora distribution. Postfix is very secure and easy to configure (well, easier than sendmail and qmail). We will be using a batch file that calls a VBscript and both pscp/plink. The batch file will modify 3 postfix config files, then copy them to the server. It will also restart postfix & spamassassin
  • Once the email program is configured, we need to setup spamassassin. The spamassassin config file is copied over to the linux box. Next, we have to install 3 programs that will do a lookup on every incoming email - DCC, razor and pyzor. Spamassassin will use these 3 programs, plus a bunch of RBL lookups, and its own internal rules. This combination makes Spamassassin one of the best in the industry. We have a batch file which does all of these things.
  • A batch file will now run that sets postfix and spamassassin to start at bootup. A small but rather important point, I guess :)
  • Now we will create 2 local users called SPAM and NOSPAM. We also create a mailbox for each user. Any mail in these mailboxes will be processed by spamassassin, so that it can learn what YOU think is either spam or ham.
  • Our last task involves setting up some CRON jobs. CRON is a process that runs scheduled tasks. We need to setup 3 tasks. The first task tells spamassassin to process the user SPAM mailbox, and add it to its database of spam. The 2nd task tells spamassassin to process the user NOSPAM's mailbox, and add it to its database of ham (email you actually WANTED). The final task is a weekly reboot, Sunday at Midnight. Spamassassin is a memory hog, and I find that rebooting the box weekly keeps it running neatly, and a general system refresh is never a bad thing.
Steps for a Typical Install
  1. install Fedora on your computer. I have some from one of my installs included in the zip above. You need to make sure to install the following software packages:
    postfix
    spamassassin
    system-switch-mail
  2. extract the filter.zip file into c:\software\spam_filter on your exchange server.
  3. edit zones.txt, making sure to only edit the lines that I say you can edit
  4. edit transport.txt. This file contains the list of domains you accept email for on your exchange server - typically one or two domains, but it could be 2 dozen
  5. edit password.txt. This file has the root password for your linux server (change the password once setup is complete). MAKE SURE TO hit return (and ONLY one return) after typing in the password - this is very important - if you edit the file in notepad, and you can hit the down-arrow key more than one time, you have too many {return}s in your text file - this will mess up the batch file in step 9
  6. edit main_cf.txt. This file has the configs for the SMTP server (called Postfix) on our linux box. You need to edit lines 3,4, and 7. Line 3 contains the same entries as your transport.txt file (just the names, not the IP addresses). Line 4 contains any IP addresses or subnets that you will allow to use the server as a RELAY. Line 7 should have the internet DNS name for your email domain. To find this, type in your domain name into the MX lookup at Teds Webtools. This will tell you the internet FQDN (fully qualified domain name) for your email server.
  7. run the following commands (substitute the IP of your linux box for the IP below) from a command line on your exchange server. This will allow you to initialize 2 command line programs that come with putty - pscp and plink. You need to initialize the programs so they have the ssh key of your linux box in their cache.
    C:\Program Files\PuTTY>plink root@192.168.1.250 echo hello,world
    C:\Program Files\PuTTY>pscp c:\software\spam_filter\zones.txt root@192.168.1.250:/root/zones.txt
  8. log onto your server (using putty), and run this command: system-switch-mail - it will present you with a screen to choose which SMTP server (sendmail or postfix) you want to use - choose Postfix, hit TAB to get to the OK button, and hit enter.



  9. run the master.bat file from c:\software\spam_filter. Pass it a command line paramter - the IP address of your linux box.
    C:\software\spam_filter>master.bat 192.168.1.9
    It should connect to the linux box and setup postfix & spamassassin to relay mail to your exchange server. It will also create an OU called emailrelay, and 2 contacts in that new OU. Those 2 contacts should show up in your exchange GAL after a few minutes. It will also create a DNS zone called email.relay, with DNS information for the linux box to use. Test by manually inserting an email into the linux box. Use PUTTY to connect to the linux box. Then type in the following command:

    telnet localhost 25

    After typing in that command, cut n paste the following into your putty session (use shift-ins to insert text into putty). Substitute your hotmail address for the one below. Substitute the email address for the administrator account (all windows active directory domains have an administrator account) for the one you see below.
    helo hotmail.com
    mail from:j12345@hotmail.com
    rcpt to:administrator@castellan.net
    data
    this is test #1
    .
    quit

    Your output should look very similar to this - if so, you will also have an email in the administrators box that has a bunch of SPAM headers in it. That means that the linux box is forwarding email for your domain to the exchange server.


To Do

You probably want to open putty and run the command yum update, which will update you server with the latest versions of the software on it - yum seems to be pretty stable with updating the box. Also, change your password for the root account to something complex. You can do this with the command passwd from a putty SSH prompt.

2003 Server - Alerts - Business Answers - Anti Virus / Backup - Bigger - Computer Associates - Clients - Contact Us / Free Consultation - Dell - Desktop Support - Enterprise - Exchange Server - How To - HP - Microsoft Gold Certified Partner - Networking Solutions - Linux Firewall - Microsoft - Mission - MRTG - Networking - Tech News - Equipment Leasing - Philosophy - Security - Small Business - Spam Filtering - Symantec - Testimonials - Web Design - Windows Server - SpywareToolkit - Sitemap

Design and Contents Copyright © 2016 Castellan, Inc. All rights reserved.

Website Design by AVETAR Interactive

Microsoft Certified Partner in Los Angeles - San Fernando Valley Microsoft Certified Partner - Microsoft Business Solution Partner