Mailing List Archive

Andy Thomas wrote:

>This is a multi-part message in MIME format.
>--
>[ Picked text/plain from multipart/alternative ]
>I am very interested in learning the best case practices of putting and EXIM
>mail server in front of a M$ exchange server to serve as a intermediary to
>do for Exchange what it cannot do for itself...
>
>Issues of Specific Interest are:
>
>REVERSE DNS LOOKUP
>RBL , ORBS, CHECKING
>pluses are SPAM BLOCKING (SPAM ASSASIN like TOOLS) and ANTI-VIRUS Tools
>
>Most of our M$ exchange sites are installed as follows...
>
>192.168.1.1 is the Internet Router (Linux Redhat 7.2 using Iptables for
>firewall) We plan to install EXIM 3.x on these boxes to server as
>go-betweens....
>
>the Internal Exchange Servers are 192.168.1.5 on all LANS... (both Exchange
>5.5 and 2000)
>
>I would like to hear some comments or suggestions or reference sites to
>making this a reality.
>
>
>
Hi Andy:

There's lots of ways you can do this with exim. IIRC (I haven't run
exchange in ~4 years, but I've worked with exchange admins in the
meantime) there's no 'fetchmail' option to exchange.

What I've done successfully is to setup a double-DNS section.
Publically, you have

IN MX 5 exim.yourhost.com.
IN MX 10 exchange.yourhost.com.

(the reason exchange is on there is for failover-- the exchange machine
will receive mail if exim ever goes down, just that spam/virus/etc will
get through-- your risk, of course)

Then, you make your intranet DNS servers route mail like this:

IN MX 5 exchange.yourhost.com.
IN MX 10 exim.yourhost.com.

That way, incoming mails will hit the exim host first, then will route
to the exchange host.

Again, you can (and I recommend) do this without exposing the exchange
boxes to the internet-- if you put the exim boxes in your DMZ, you can
have your exchange boxes on your intranet.

You could also make an exim server with courier-imap, ldap, and some
shared calendaring software and get rid of exchange altogether :>

-g

On Tue, 23 Jul 2002, Glen Mehn wrote:

> Andy Thomas wrote:
>
> >This is a multi-part message in MIME format.
> >--
> >[ Picked text/plain from multipart/alternative ]
> >I am very interested in learning the best case practices of putting and EXIM
> >mail server in front of a M$ exchange server to serve as a intermediary to
> >do for Exchange what it cannot do for itself...
> >
> >Issues of Specific Interest are:
> >
> >REVERSE DNS LOOKUP
> >RBL , ORBS, CHECKING
> >pluses are SPAM BLOCKING (SPAM ASSASIN like TOOLS) and ANTI-VIRUS Tools
> >
> >Most of our M$ exchange sites are installed as follows...
> >
> >192.168.1.1 is the Internet Router (Linux Redhat 7.2 using Iptables for
> >firewall) We plan to install EXIM 3.x on these boxes to server as
> >go-betweens....
> >
> >the Internal Exchange Servers are 192.168.1.5 on all LANS... (both Exchange
> >5.5 and 2000)
> >
> >I would like to hear some comments or suggestions or reference sites to
> >making this a reality.
> >
> >
> >
> Hi Andy:
>
> There's lots of ways you can do this with exim. IIRC (I haven't run
> exchange in ~4 years, but I've worked with exchange admins in the
> meantime) there's no 'fetchmail' option to exchange.

the way fetchmail works sucks anyway, but so does exchange.. Ugh..

> What I've done successfully is to setup a double-DNS section.
> Publically, you have
>
> IN MX 5 exim.yourhost.com.
> IN MX 10 exchange.yourhost.com.
>
> (the reason exchange is on there is for failover-- the exchange machine
> will receive mail if exim ever goes down, just that spam/virus/etc will
> get through-- your risk, of course)
>
> Then, you make your intranet DNS servers route mail like this:
>
> IN MX 5 exchange.yourhost.com.
> IN MX 10 exim.yourhost.com.


Ugh. My god why? Just use a domainlist(exim3) or manualroute(exim4)
router to tell the exim box where to deliver mail.. You shouldnt list
internal servers in a public DNS at all.

>
> That way, incoming mails will hit the exim host first, then will route
> to the exchange host.
>
> Again, you can (and I recommend) do this without exposing the exchange
> boxes to the internet-- if you put the exim boxes in your DMZ, you can
> have your exchange boxes on your intranet.
>
> You could also make an exim server with courier-imap, ldap, and some
> shared calendaring software and get rid of exchange altogether :>
>
> -g
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
>

Dave C. wrote:

>>What I've done successfully is to setup a double-DNS section.
>>Publically, you have
>>
>> IN MX 5 exim.yourhost.com.
>> IN MX 10 exchange.yourhost.com.
>>
>>(the reason exchange is on there is for failover-- the exchange machine
>>will receive mail if exim ever goes down, just that spam/virus/etc will
>>get through-- your risk, of course)
>>
>>Then, you make your intranet DNS servers route mail like this:
>>
>> IN MX 5 exchange.yourhost.com.
>> IN MX 10 exim.yourhost.com.
>
>
>
> Ugh. My god why? Just use a domainlist(exim3) or manualroute(exim4)
> router to tell the exim box where to deliver mail.. You shouldnt list
> internal servers in a public DNS at all.

The reason(s) for the exchange server are outlined below-- in case exim
goes down, etc.

This also allows you to use exim as your smtp server, splitting the load.

I realise this is a bit of a hack, but in the past, it's worked well
when I used mails for mon, et al, and had them routed to different
processes-- it was easy, quick, and it worked. Although,
domainlist/manualroute is a better option.

>>That way, incoming mails will hit the exim host first, then will route
>>to the exchange host.
>>
>>Again, you can (and I recommend) do this without exposing the exchange
>>boxes to the internet-- if you put the exim boxes in your DMZ, you can
>>have your exchange boxes on your intranet.
>>
>>You could also make an exim server with courier-imap, ldap, and some
>>shared calendaring software and get rid of exchange altogether :>
>>
>>-g
>>
>>
>>--
>>
>>## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>>
>>
>
>
>
>
>


--
Glen Mehn
glen at burningman dot com at zerowaitstate dot com at doofdoof dot com
"If u ever devour the universe, remember to spit the dragon back out.xx."
-swan

On Tue, 23 Jul 2002, Glen Mehn wrote:

> The reason(s) for the exchange server are outlined below-- in case exim
> goes down, etc.

exim doesn't "go down". it's "stopped" or it's "running".

ok, that's a bit of slippery. exim did "went down", once for me and
once for a friend, in the last three years or so. the situation wasn't
reproducible and never happened again (knock-knock).


--
[-]