Relay Exchange thru Plesk/QMAIL

Finally some good tech info:

We host lots of websites and frequently host for small companies that would like to use their internal exchange server to send mail. Since we have lots of spam filtering and protection on our webservers, it seems only logical to relay through the webserver where you can use free Linux tools vs expensive Microsoft software. From a security perspective, it only requires that your exchange server only have to talk to one other server via e-mail as well and helps lock down your internal network environment.

All of our servers use Plesk/Qmail, so if your using something different this may not help you.

The steps:

On the Linux webserver:

First make sure all of the proper DNS info is in place for the domain. You want to set up the domain so that your linux box has the MX record pointed at it.

Also make sure that the mail service is turned OFF in the Plesk control panel for the domain.

Update your servers mail whitelist to include the IP address of the exchange server. Note: I don't think you can make dynamic addresses work, so they at least have to have a static IP.

Next, shell into the webserver:

1) update /var/qmail/control/smtproutes to properly reflect the correct mail host for the domain
the entry in the file should look something like: xyzdomain.com:##.##.##.##:
2) update /var/qmail/control/morercpthosts putting in the proper domain name
3) rebuild morercpthosts using /var/qmail/bin/qm-newmrh
4) If you have not already done so, log into plesk control panel , then SERVER > MAIL > WHITELIST, add in the ip of the sending mailserver
5) add IP to any other whitelists, like spamdyke, etc
6) restart QMAIL (service qmail restart)

7) On windows 2k7 or 2K3 open Exchange Management Console
8) Navigate to Organization > Hub Transport > Send Connectors
9) Setup a new send connector, alter existing, key parameter is the next step
10)Under "Network" tab, select route through the following smart hosts (authentication = none or externally secured)
11) save restart the MTA Transport hub

You may further want to specify that any mail communication to the W2K3 or W2K7 domain ONLY comes from your plesk server, this keeps spammers from bombing an otherwise unprotected e-mail server.

This is a nice way to centralize spam protection, av protection etc to your plesk server. I find it is much less expensive and easier to deal with spam in this way.

posted by Matt @ 12:25 PM