Exchange_2007
Intro
Well, we found one answer to make Exchange 2007 work with ASSP on a single sever, although it would not be advised on a server running more than 50k messages per day. You'll need at least 2 IP addresses, but 3 would be easier. It requires Exchange 2007, an additional MTA Relay Server (we used MailEnable Standard, I'm sure you could use many others), and ASSP.
BTW, we did this on a live Exchange box while it was running. So long as you leave the original ports (25 In and 25 Out, and the OWA and/or internal usage ports as well) alone and create new ones as you go, you can let it process mail while working the rest out. Once you're ready to go simply activate the new ports, then deactivate the original ports, your users will never see a glitch in service.
I'm using IP's 192.168.0.1, 192.168.0.2, and 192.168.0.3 as examples (YMMV) of the three IP assigned to one NIC. Assign all three to the same NIC, or use multiple NICs in the box (your preference). Also, I assume that your firewall is currently sending port 25 connections to 192.168.0.3:25:
DNS Changes:
1) Add the host names to your domain for the three IP's, such as RELA01, ASSP01, and EXCH01 and assign the three IP addresses respectively. As described below, RELA01 is the MTA, ASSP01 is obvious, as is EXCH01. 2) Using the DNS registered names instead of IP addresses allows for ease of a server move, or failover server, in the future without the need for reconfiguration of ASSP.
Setup Perl/ASSP/ClamAV:
1) Install Perl, ASSP and ClamAV as described (check the Wiki for directions), and assign ASSP to listen on IP 192.168.0.2:25 and relay to 192.168.0.3:125 (in Network Setup). Make sure ASSP is calling itself assp01.YourDomain.com in the SERVER SETUP > My Name area of the ASSP Admin panel.
Setup your MTA relay:
1) Install the MTA of your choice (we used the free ME Standard Edition) and assigned it to 192.168.0.1 listening on port 125. 2) DO NOT configure the MTA to be a smarthost for your exchange server. 3) Setup for allowing relay from trusted IP's (127.0.0.1, 192.168.0.1, 2, and 3). 4) Turn OFF all of the un-necessary features per the OEM's directions. It is not going to recieve email from the outside world, so make sure the inbound is bound to IP 192.168.0.1 ONLY and insure your firewall directs to 192.168.0.2 ONLY. 5) Install whatever Anti-Virus solution you choose on the MTA per the OEM's instructions. 6) MAke sure the MTA is calling itself rela01.YourDomain.com
Setup Exchange 2007
1) Install Exchange2k7 per M$'s instructions and best practices (sic) on 192.169.0.3 and change the incoming port (at the HUB Transport) to 125 from the standard admin interface. 2) Create an additional incoming (i.e. "ASSP Inbound"on port 125) and outgoing connectors (i.e. "ASSP Outbound" in the Admin interface of Exchange. The outbound will default to port 25 but we will change that in the next step. 3) Change the outbound port to 325 via the Console interface using the Set-SendConnector command. [ [http://technet.microsoft.com/en-us/l...XCHG.80).aspx... Micro$oft doesn't make the command clear so it should look like this; Set-SendConnector -identity "ASSP Outbound" -port 325. 4) In the Admin interface, set the outbound port to transfer to a smarthost on 192.168.0.2 (ASSP) and check the box for use of remote server DNS on the smarthost. 5) Make sure Exchange is calling itslef exch01.YourDomain.com.
In ASSP Admin panel, make the following changes; In NETWORK SETUP 1) Insure the SMTP LISTEN PORT is 192.168.0.2:25 2) Insure the SMTP DESTINATION is 192.168.0.3:125 In RELAYING 3) Insure the RELAY PORT is 192.168.0.3:325 4) Insure the RELAY HOST is 192.168.0.2:125
INCOMING MAIL Internet to Firewall on 25 ==> Firewall passes to ASSP on 192.168.0.2 Port 25 ==> relays to Exchange listening on 192.168.0.3 port 125
OUTBOUND MAIL Exchange from 192.168.0.3 port 325 smarthosts ==> ASSP listening on 192.168.0.2 port 325 and relays ==> to MTA on listening on 192.168.0.1 port 125 ==> MTA transmits to the internet.
ASSP Reporting 1) In order for the ASSPSPAM / ASSPNOTSPAM etc. email reporting to function, you must add all of the addresses in the EMAIL INTERFACE section of ASSP to Active Directory as CONTACTS, otherwise the Exchange server will reject the spam/ham reports as non-existing email accounts. Adding the email addresses to CONTACTS causes Exchange to think the accounts are not local, and Exchange attempt to send the email to the internet. ASSP will capture it from there and make the appropriate list changes.
Firewall Settings - Final 1) Change your firewall to direct port 25 connections to the ASSP IP at 192.168.0.2.
Exchange Settings - Final 1) Disable outbound connector on port 25 in ADMIN interface.
