Email anti smap box setup

Posted on 2005-05-05
Last Modified: 2008-01-09
I have a little spam problem on my small domain, and I need something that will help me sort that out. Problem is that I DONT really want to make a change to the e-mail server, witch is running on windows 2000 server, and I cant afford the solutions that I find on the web.

I do have a old desk top PC that is sitting arround, that I can use to mirror the server if I need to re do the mail server, but I'm trying to avoid that. Is there anything I can do using NAT or anything else on my PIX box?

Any sugestions ?
Question by:crackerjack22
    1 Comment
    LVL 5

    Accepted Solution

    You dont need to redo your windows server, but since you have a pc that you can use to impliment a solution, and you are willing to change your pix config, here is a idea.
    say your mail server is ip = x.x.x.m
    1) Get Can-It ( there is a free version of this excelent product, only restriction is that it only scans 50 mail adresses on the free version. It's clever, learns, uses all kinds of methods, and is easy to administer)
    2) set up linux on the pc that you have "standing arround" ( and sendmail)
    3) assign a ip to it ( lets cal it x.x.x.l )
    4) set up canit ( you'll need the sendmail installed)
    5) config canit to except incoming on port A ( port 25 would be a good idea... keep it simple stupid ;-)
    6) change the PIX to forward your incoming mail port, that is maped to your mail server, to divert to your canit box .. this should be done in one of two ways depending on your current config:
    If you map all ports on of you mail servers outside IP to the inside IP ( and this is a bad idea, better to just map the ports you need, more secure)
    Then add a map line BEFORE that assignment like
    ip nat inside source static tcp mail.server.outside.ip 25 x.x.x.l 25 extendable
    OR if you do only map the ports you need, change the line that reads
    ip nat inside source static tcp mail.server.outside.ip 25 x.x.x.m 25 extendable
    to read
    ip nat inside source static tcp mail.server.outside.ip 25 x.x.x.l 25 extendable
    Do this ONLY with the incomeing mail ! DO not assing port 110 ( pop, cause your mail server is still where your external clients will want to fetch mail if you have any)
    So now all incomeing mail gets sent to canit.
    7) set up canit to send fitered mail to your mail server ( on it's INTENRNAL "lan" IP, not the internet ip !)
    Now  internet mail (dirty) -> PIX -> Canit -> Clean mail 2 server

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension ( This reminded me of questions tha…
    I use more than 1 computer in my office for various reasons. Multiple keyboards and mice take up more than just extra space, they make working a little more complicated. Using one mouse and keyboard for all of my computers makes life easier. This co…
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    794 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now