[Last Call] Learn how to a build a cloud-first strategyRegister Now


Email anti smap box setup

Posted on 2005-05-05
Medium Priority
Last Modified: 2008-01-09
I have a little spam problem on my small domain, and I need something that will help me sort that out. Problem is that I DONT really want to make a change to the e-mail server, witch is running on windows 2000 server, and I cant afford the solutions that I find on the web.

I do have a old desk top PC that is sitting arround, that I can use to mirror the server if I need to re do the mail server, but I'm trying to avoid that. Is there anything I can do using NAT or anything else on my PIX box?

Any sugestions ?
Question by:crackerjack22
1 Comment

Accepted Solution

LordRipper earned 1300 total points
ID: 13933921
You dont need to redo your windows server, but since you have a pc that you can use to impliment a solution, and you are willing to change your pix config, here is a idea.
say your mail server is ip = x.x.x.m
1) Get Can-It ( there is a free version of this excelent product, only restriction is that it only scans 50 mail adresses on the free version. It's clever, learns, uses all kinds of methods, and is easy to administer) http://www.roaringpenguin.com/
2) set up linux on the pc that you have "standing arround" ( and sendmail)
3) assign a ip to it ( lets cal it x.x.x.l )
4) set up canit ( you'll need the sendmail installed)
5) config canit to except incoming on port A ( port 25 would be a good idea... keep it simple stupid ;-)
6) change the PIX to forward your incoming mail port, that is maped to your mail server, to divert to your canit box .. this should be done in one of two ways depending on your current config:
If you map all ports on of you mail servers outside IP to the inside IP ( and this is a bad idea, better to just map the ports you need, more secure)
Then add a map line BEFORE that assignment like
ip nat inside source static tcp mail.server.outside.ip 25 x.x.x.l 25 extendable
OR if you do only map the ports you need, change the line that reads
ip nat inside source static tcp mail.server.outside.ip 25 x.x.x.m 25 extendable
to read
ip nat inside source static tcp mail.server.outside.ip 25 x.x.x.l 25 extendable
Do this ONLY with the incomeing mail ! DO not assing port 110 ( pop, cause your mail server is still where your external clients will want to fetch mail if you have any)
So now all incomeing mail gets sent to canit.
7) set up canit to send fitered mail to your mail server ( on it's INTENRNAL "lan" IP, not the internet ip !)
Now  internet mail (dirty) -> PIX -> Canit -> Clean mail 2 server

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction How to create multiboot configuration with XP\Vista and Windows 7 on it? And most important question - how to do this correctly so not to have any kind of nightmares we get when system gets screwed? First of all one should realize t…
As the title indicates, I have done this before. It chills me everytime I update the OS on my phone, (http://www.experts-exchange.com/articles/18084/Upgrading-to-Android-5-0-Lollipop.html) because one time I did this and I essentially had a bricked …
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question