| Exchange
Spam Filter Creation Scripts
Chris Willis, Director
of Technology and Services, Castellan
Download the filter creation
script files
Purpose
To create a high-quality SPAM filter for a Microsoft Exchange
server. I have seen many docs regarding the integration
of spamassassin with exchange. However, none of them
met my requirements of simplicity & stability. Thus,
I went the linux route, and developed a method that allows
me to create a Linux Spam Filter in a few minutes of my time.
Since Redhat has been the #1 linux distro for years, I based
my work on their Fedora Core 3 product. This is the same production
install we do for clients, and is running stable for all of
them.
This method is reasonably secure. The box only has port
25 touching the internet. The firewall on the box only
allows SSH and SMTP inbound to the box at all, so I wouldn't
worry much about the box in general. If you are super-duper-paranoid,
try out this OpenBSD howto instead
of mine.
If you are running Exchange 2003, then you can install the
Intelligent
Message Filter into Exchange. This is the Microsoft
free spam filter. It isn't very good, BUT it works great
when combined with SpamAssassin.
I have not included any anti-virus filtering - all of my
clients are required to run a commercial, enterprise antivirus
solution that includes an Exchange plugin - we won't take
responsibility for a network without enterprise AV (usually
Symantec or TrendMicro) product installed.
Here is a before & after diagram showing a typical small
business network with the spam filter installed. Click
images to enlarge them.
Requirements
- a Microsoft Exchange Server, preferably running DNS also
- a computer that you can dedicate to running Linux - at
least a PII 400mhz+, 1024mb RAM, 10gb HD. A refurbished
Dell Dimesion from the Dell Outlet (Celeron 2.4ghz, 40gb
HD, 1024mb RAM) can be had for $500, and will do the job
quite nicely. A gig of RAM is realllyyyy important, since
Spamassassin will run very slow with 512mb or less of RAM
- Putty,
to be installed on the exchange server
- Wget,
to be copied to the \windows directory of the Exchange server
General
Outline & Methodology used by the scripts
- first, we create a DNS zone called email.relay on our
active directory DNS server, usually running on the Exchange
box as well. This zone exists to provide name resolution
that is independant of all other name resolution.
We will be putting 2 host records in it - one for our exchange
server, and one for the linux box. We will also create
an MX record pointing to the linux box, called linux.email.relay.
This is done by a VBScript.
- next, we will create 2 contacts in AD called spam and
nospam. These 2 contacts point to email accounts on
the actual linux box itself, called spam@email.relay and
nospam@email.relay. This is done with a VBScript also
- Fedora uses a program called YUM to download & install
software & updates. We need to setup YUM properly,
using a config file called yum.conf. A batch file
using wget and plink/pscp (2 programs installed when you
install putty) will setup YUM for us.
- Now that YUM is configured, we need to configure the email
program on the linux box. We will be using Postfix, which is included in the Fedora distribution.
Postfix is very secure and easy to configure (well, easier
than sendmail and qmail). We will be using a batch
file that calls a VBscript and both pscp/plink. The
batch file will modify 3 postfix config files, then copy
them to the server. It will also restart postfix &
spamassassin
- Once the email program is configured, we need to setup
spamassassin. The spamassassin config file is copied
over to the linux box. Next, we have to install 3
programs that will do a lookup on every incoming email -
DCC, razor and pyzor. Spamassassin will use these
3 programs, plus a bunch of RBL lookups, and its own internal
rules. This combination makes Spamassassin one of
the best in the industry. We have a batch file which
does all of these things.
- A batch file will now run that sets postfix and spamassassin
to start at bootup. A small but rather important point,
I guess :)
- Now we will create 2 local users called SPAM and NOSPAM.
We also create a mailbox for each user. Any mail in
these mailboxes will be processed by spamassassin, so that
it can learn what YOU think is either spam or ham.
- Our last task involves setting up some CRON jobs.
CRON is a process that runs scheduled tasks. We need
to setup 3 tasks. The first task tells spamassassin
to process the user SPAM mailbox, and add it to its database
of spam. The 2nd task tells spamassassin to process
the user NOSPAM's mailbox, and add it to its database of
ham (email you actually WANTED). The final task is
a weekly reboot, Sunday at Midnight. Spamassassin
is a memory hog, and I find that rebooting the box weekly
keeps it running neatly, and a general system refresh is
never a bad thing.
Steps
for a Typical Install
- install Fedora on your computer. I have some from one of my installs included in the zip above.
You need to make sure to install the following software
packages:
postfix
spamassassin
system-switch-mail
- extract the filter.zip file into c:\software\spam_filter
on your exchange server.
- edit zones.txt, making sure to only edit the lines that
I say you can edit
- edit transport.txt. This file contains the list
of domains you accept email for on your exchange server
- typically one or two domains, but it could be 2 dozen
- edit password.txt. This file has the root password
for your linux server (change the password once setup is
complete). MAKE SURE TO hit return (and ONLY one return)
after typing in the password - this is very important -
if you edit the file in notepad, and you can hit the down-arrow
key more than one time, you have too many {return}s in your
text file - this will mess up the batch file in step 9
- edit main_cf.txt. This file has the configs for
the SMTP server (called Postfix) on our linux box.
You need to edit lines 3,4, and 7. Line 3 contains
the same entries as your transport.txt file (just the names,
not the IP addresses). Line 4 contains any IP addresses
or subnets that you will allow to use the server as a RELAY.
Line 7 should have the internet DNS name for your email
domain. To find this, type in your domain name into
the MX lookup at Teds
Webtools. This will tell you the internet FQDN
(fully qualified domain name) for your email server.
- run the following commands (substitute the IP of your
linux box for the IP below) from a command line on your
exchange server. This will allow you to initialize
2 command line programs that come with putty - pscp and
plink. You need to initialize the programs so they
have the ssh key of your linux box in their cache.
C:\Program Files\PuTTY>plink
root@192.168.1.250 echo hello,world
C:\Program Files\PuTTY>pscp
c:\software\spam_filter\zones.txt root@192.168.1.250:/root/zones.txt
- log onto your server (using putty), and run this command:
system-switch-mail - it will present you
with a screen to choose which SMTP server (sendmail or postfix)
you want to use - choose Postfix, hit TAB to get to the
OK button, and hit enter.
- run the master.bat file from c:\software\spam_filter.
Pass it a command line paramter - the IP address of your
linux box.
C:\software\spam_filter>master.bat
192.168.1.9
It should connect to the linux box and setup postfix &
spamassassin to relay mail to your exchange server.
It will also create an OU called emailrelay, and 2 contacts
in that new OU. Those 2 contacts should show up in
your exchange GAL after a few minutes. It will also
create a DNS zone called email.relay, with DNS information
for the linux box to use. Test by manually inserting
an email into the linux box. Use PUTTY to connect
to the linux box. Then type in the following command:
telnet localhost 25
After typing in that command, cut n paste the following into
your putty session (use shift-ins to insert text into putty).
Substitute your hotmail address for the one below. Substitute
the email address for the administrator account (all windows
active directory domains have an administrator account) for
the one you see below.
helo hotmail.com
mail from:j12345@hotmail.com
rcpt to:administrator@castellan.net
data
this is test #1
.
quit
Your output should look very similar to this - if so, you
will also have an email in the administrators box that has
a bunch of SPAM headers in it. That means that the linux
box is forwarding email for your domain to the exchange server.
To
Do
You probably want to open putty and run the command yum update, which will update you server
with the latest versions of the software on it - yum seems
to be pretty stable with updating the box. Also, change
your password for the root account to something complex.
You can do this with the command passwd
from a putty SSH prompt.
|
