ASSP Advanced Workflow
- recommended for installations with considerable number of users - necessary for MS Exchange, FirstClass, Domino
Internet -> ASSP -> SMTP Relay Server -> MTA -> User
User -> MTA -> ASSP -> SMTP Relay Server -> Internet
inbound traffic coming from the Internet is proxied by ASSP toward the additional local SMTP Relay Server which in turn routes the emails to the internal mailserver; this also has an advantage; if you have more than a single "internal" mailserver (e.g. different mailservers for different domains) such a setup will take care of routing the incoming emails to the correct mailserver; outbound traffic is routed by the mailserver(s) toward the ASSP listen port ( or [ #Example with different IPs and relayPort/relayHost: ]relay port) and ASSP then proxies such emails to the SMTP Relay Server for outbound delivery If you use the listen port, the IPs of the MTA(s) must be in the "Accept All Mail( acceptAllMail)". setting If you use the relay port (Section relaying) ASSP knows you are relaying.
Example with same IP and different ports
ASSP is on IP 22.214.171.124 SMTP Relay is on IP 126.96.36.199 MailServer routet outgoing mails to 188.8.131.52:225
SMTP Listen Port (listenPort) : 184.108.40.206:25 Second SMTP Listen Port (listenPort2) : 225 SMTP Destination (smtpDestination) : 220.127.116.11:125
Example with different IPs and relayPort/relayHost
ASSP is on IP 18.104.22.168 SMTP Relay is on IP 22.214.171.124 MailServer is routing outgoing mails to 126.96.36.199:25
SMTP Listen Port (listenPort) : 25 SMTP Destination (smtpDestination) : 188.8.131.52:25 Relay Host (relayHost): 184.108.40.206:25 Relay Port (relayPort): 125
Internet->ASSP[smtpDestination:220.127.116.11:25]->SMTP Relay Server->MTA/MS Exchange
User->MTA/MS Exchange->[relayPort:225]ASSP[relayHost:18.104.22.168:25]->SMTP Relay Server->Internet
How to Configure Send Connectors for ASSP on Exchange 2007 single box
Well, we found one answer to make Exchange 2007 work with ASSP on a single sever, although it would not be advised on a server running more than 50k messages per day. You'll need at least 2 IP addresses, but 3 would be easier. It requires Exchange 2007, an additional MTA Relay Server (we used MailEnable Standard, I'm sure you could use many others), and ASSP.
BTW, we did this on a live Exchange box while it was running. So long as you leave the original ports (25 In and 25 Out, and the OWA and/or internal usage ports as well) alone and create new ones as you go, you can let it process mail while working the rest out. Once you're ready to go simply activate the new ports, then deactivate the original ports, your users will never see a glitch in service.
I'm using IP's 192.168.0.1, 192.168.0.2, and 192.168.0.3 as examples (YMMV) of the three IP assigned to one NIC. Assign all three to the same NIC, or use multiple NICs in the box (your preference). Also, I assume that your firewall is currently sending port 25 connections to 192.168.0.3:25:
DNS Changes: 1) Add the host names to your domain for the three IP's, such as RELA01, ASSP01, and EXCH01 and assign the three IP addresses respectively. As described below, RELA01 is the MTA, ASSP01 is obvious, as is EXCH01. 2) Using the DNS registered names instead of IP addresses allows for ease of a server move, or failover server, in the future without the need for reconfiguration of ASSP.
Setup Perl/ASSP/ClamAV: 1) Install Perl, ASSP and ClamAV as described (check the Wiki for directions), and assign ASSP to listen on IP 192.168.0.2:25 and relay to 192.168.0.3:125 (in Network Setup). Make sure ASSP is calling itself assp01.YourDomain.com in the SERVER SETUP > My Name area of the ASSP Admin panel.
Setup your MTA relay: 1) Install the MTA of your choice (we used the free ME Standard Edition) and assigned it to 192.168.0.1 listening on port 125. 2) DO NOT configure the MTA to be a smarthost for your exchange server. 3) Setup for allowing relay from trusted IP's (127.0.0.1, 192.168.0.1, 2, and 3). 4) Turn OFF all of the un-necessary features per the OEM's directions. It is not going to recieve email from the outside world, so make sure the inbound is bound to IP 192.168.0.1 ONLY and insure your firewall directs to 192.168.0.2 ONLY. 5) Install whatever Anti-Virus solution you choose on the MTA per the OEM's instructions. 6) MAke sure the MTA is calling itself rela01.YourDomain.com
Setup Exchange 2007 1) Install Exchange2k7 per M$'s instructions and best practices (sic) on 22.214.171.124 and change the incoming port (at the HUB Transport) to 125 from the standard admin interface. 2) Create an additional incoming (i.e. "ASSP Inbound"on port 125) and outgoing connectors (i.e. "ASSP Outbound" in the Admin interface of Exchange. The outbound will default to port 25 but we will change that in the next step. 3) Change the outbound port to 325 via the Console interface using the Set-SendConnector command.  Micro$oft doesn't make the command clear so it should look like this; Set-SendConnector -identity "ASSP Outbound" -port 325. 4) In the Admin interface, set the outbound port to transfer to a smarthost on 192.168.0.2 (ASSP) and check the box for use of remote server DNS on the smarthost. 5) Make sure Exchange is calling itslef exch01.YourDomain.com.
In ASSP Admin panel, make the following changes; In NETWORK SETUP 1) Insure the SMTP LISTEN PORT is 192.168.0.2:25 2) Insure the SMTP DESTINATION is 192.168.0.3:125 In RELAYING 3) Insure the RELAY PORT is 192.168.0.3:325 4) Insure the RELAY HOST is 192.168.0.2:125
INCOMING MAIL Internet to Firewall on 25 ==> Firewall passes to ASSP on 192.168.0.2 Port 25 ==> relays to Exchange listening on 192.168.0.3 port 125
OUTBOUND MAIL Exchange from 192.168.0.3 port 325 smarthosts ==> ASSP listening on 192.168.0.2 port 325 and relays ==> to MTA on listening on 192.168.0.1 port 125 ==> MTA transmits to the internet.
ASSP Reporting 1) In order for the ASSPSPAM / ASSPNOTSPAM etc. email reporting to function, you must add all of the addresses in the EMAIL INTERFACE section of ASSP to Active Directory as CONTACTS, otherwise the Exchange server will reject the spam/ham reports as non-existing email accounts. Adding the email addresses to CONTACTS causes Exchange to think the accounts are not local, and Exchange attempt to send the email to the internet. ASSP will capture it from there and make the appropriate list changes.
Firewall Settings - Final 1) Change your firewall to direct port 25 connections to the ASSP IP at 192.168.0.2.
Exchange Settings - Final 1) Disable outbound connector on port 25 in ADMIN interface.
Configuring ASSP for Exchange 2000 single server implementation
While it will work its not really necessary to have a second separate SMPT server. You can add a new SMTP Virtual server under Exchange admin. Incoming: Internet->ASSP(25)->Default Virtual SMTP Server(225) Outgoing: Default Virtual SMTP Server(225)->ASSP(25)->ASSP Relay SMTP Virtual Server(125)->Internet
Incoming Internet->ASSP->Default SMTP Virtual Server
Outgoing Default Virtual Server->ASSP->Relay SMTP Virtual Server->Internet
Overview: This explains how to setup ASSP on an Exchange 2000 server in a single server implementation. This implementation utilizes 2 SMTP virtual servers setup in Exchange 2000. Step 1: Assign 3 IP addresses to your Exchange server (I'm assuming you know how to do this). In this example we will be using the following addresses: 10.5.200.2 This is the inside address that ASSP listens on. It is also the address that the firewall routes SMTP to and the address of the Default SMTP Virtual Server. 10.5.200.3 This is the address of the SMTP Virtual Server used by ASSP to route mail to the internet 10.5.200.4 This is the address ASSP uses to accept connections from your exchange server. This will be your smart host.
Step 2: We will need to modify the Default SMTP Virtual Server and create a new virtual server. These servers will operate on ports other than the default 25. In this example we will be using 125 & 225. ASSP should not be running. If it is stop it.
Open Exchange System Manager and expand the Servers node. Then expand the server node you are going to work on. Expand the Protocols node and click on SMTP. In the result pane, right click on the Default SMTP Virtual Server and select Properties.
In the IP address drop down, select the original IP address for your server. In our example this is 10.5.200.2.
Click the Advanced button, then click the IP address in the list and click Edit. Change the port to 125. Click OK, then Apply and OK.
Now, right click in the white space in the result pane and select New SMTP Virtual Server.
In the Name Field give this server a name. I used "ASSP Relay Host" click next. Now select an IP address from the drop down list. In our example we'll use 10.5.200.3. Click finished. (you will see a question mark on the new server)
Now right click on the new virtual server and choose Properties. Click Advanced and change the port to 225. Click Ok and OK.
Right click on both Virtual servers and stop them. This will prevent them from colliding with ASSP if there is an interface:port conflict.
Step 3: Install ASSP if you have not already done so.
Start ASSP from the command line. (we will start the service later). perl assp.pl
Open the Configuration web page. http://localhost:55555
Click "Show Advanced Configuration Options, scroll to the bottom and click Apply Changes.
Now, in the SMTP Destination enter the IP:port of your Default SMTP Virtual Server. In our example. 10.5.200.2:125
Click As a Service if it's not already checked.
Change the Listen Port to the IP:port that incoming SMTP connection will be made on. Example. 10.5.200.2:25
Enter an alternate if you like. Remember to change your password.
Under Relaying make these changes.
Add your local subnet to the Accept All Mail field. Example: 10.5. Enter your local Domains
In Relay Host enter your ASSP Relay Virtual Server. Example 10.5.200.3:225 In Relay Port enter the 3rd address we created on port 25. Example 10.5.200.4:25
Configure all other parameters as you see fit and click "apply changes".
Shut down ASSP.
Start the ASSP Service.
Step 4: In your local DNS (local not public) enter a host name for your Relay Port IP address. I called mine smarthost. As of Service Pack 3 Exchange will no longer allow you to enter an IP address for the smart host.
In Exchange System Manager right click on the Default Virtual Server and choose properties. Click the Delivery tab, and then click the Advanced button. In the Smart Host field enter the FQDN of your smart host virtual server created above. Example: smarthost.domain.com
Click OK, Click OK.
Start both Virtual SMTP servers.
If any of the servers fail to start you have an address:port conflict somewhere. Most likely ASSP is colliding with one of your virtual servers.
This configuration should work fine for small to mid size organizations. Larger organizations should separate these services on different boxes. I've followed your instructions to the T but mail is still going out through the Default SMTP Virtual Server. I came to that conclusion by looking at the Queues under the Default SMTP Virtual server. With the configurations you outlined, shouldn't mail flow out through the ASSP Relay Host/Virtual Server? eric.mallo