On Mon, 2006-01-30 at 09:34 +0100, Benoit Panizzon wrote:
Isn't there any way to make exchange reject unknown users during smtp handshake like all other MTA do?
Well.. I had a similar host running exchange 2k. It was getting around 28000 spam messages delivered a day, due to the above handling of email and accepting all mail per default. (On an adsl line. mind you) Additionaly the bounces clogged up its mail queue...
So my solution to the problem was as follows:
- install second server infront of the machine - install postfix on it - added greylisting, rbls, spamassassin, razor checks - get this perl magic script to fetch all valid accounts from active directory on the exchange server. - configure the exchange server to accept mail only from trusted host (e.g. the postfix machine) - add a user with send as anybody user privlidges - configure the domains in the transport.db of postfix with destination to the exchange server. - configure smart-host toward the exchange server with the user added above. - forwarded the smtp port of the exchange to an ip address without mx record and let users send mail via smtp-auth.
This has been working for 3/4 of a year by now.
If you need a more detailed description, please contact me.
- Folken