Link to home
Create AccountLog in
Avatar of SSAKUSEISHA
SSAKUSEISHAFlag for Japan

asked on

How to make a SMTP lab using MS Exchange 2003 and an Ubuntu smarthost for antivirus and antispam running in Amazon's EC2 infrastructure?

I am trying to create a proof of concept lab that uses Microsoft Exchange 2003 (SP2) as the mail server, DynDns hosting the A and MX record, and an Ubuntu (Lucid) smarthost hosted in Amazon’s EC2 infrastructure for open-source antivirus and antispam.

I tried following the instructions at these sites but was not successful:

http://asav.samhart.com/
http://flurdy.com/docs/postfix/#config-simple-mta (only the Postfix and SpamAssasin portions)

I have attached a Visio diagram illustrating a high level view of my plan.

Here are things that I already “know”:

1. There are hosted services that do the same thing such as Postini and MessageLabs.
2. That I could put the smarthost in a DMZ on my network.
3. There are preconfigured virtual appliances such as ESVA.
4. I could use the preconfigured ESVA virtual appliance and import it into EC2.

What I have accomplished:

1. Can send and receive email to/from external domains using the Exchange server and DynDns hosting the MX record but without using a smarthost.
2. Can start up Amazon AMIs and install Postfix, SpamAssasin, and ClamAV.
3. Was able to get a connection from my Exchange server to the test EC2 smarthost but received non-delivered messages and saw messages in the /etc/var/mail.log stating that I have no permission to relay. I don’t have these specific logs anymore because I have terminated the instance and will start from scratch.

I don’t need anything complicated – I just need to know how to get the basic infrastructure up and running so I can expand from there. I will probably be able to figure it out eventually but I am a bit pressed for time which is why I am posting here…

Thanks as always!
 User generated image
ASKER CERTIFIED SOLUTION
Avatar of ManicD
ManicD
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
SOLUTION
Avatar of Shalom Carmel
Shalom Carmel
Flag of Israel image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Avatar of SSAKUSEISHA

ASKER

@ManicD - Thank you for the suggestion but I want to use this proof of concept design. Also, I understand that there are how-to guides at HowToForge but I did not find anything directly related to what I am doing. Unfortunately, I need a bit of "hand-holding" for this. However, using one of the guides, I was able to make some progress but ran into another roadblock in which I will describe below.

@shalomc - Thank you for your information.

Update:
I used a Fedora instance and was able to get Postfix running as a gateway and successfully send and received some emails. However, apparently Amazon EC2 IP addresses are considered "Dynamic" and as such are listed on PBL (Public Block Lists) such as SpamHaus. Here are a few examples of the type of undeliverable notifications that I received:

Test send to Hotmail Email Account:
<email address>: host mx1.hotmail.com[x.x.x.x] said: 550 DY-001
(BAY0-MC1-F12) Unfortunately, messages from x.x.x.x weren't sent.
Please contact your Internet service provider. You can tell them that
Hotmail does not relay dynamically-assigned IP ranges.

Test send to Corporate Email Account:
<email address>: host clusterX.us.messagelabs.com[x.x.x.x]
said: 553-mail rejected because your IP is in the PBL.
See 553 http://www.spamhaus.org/pbl
(in reply to RCPT TO command)

I also received an email from Amazon WebServices stating that I had reached my limit of email messages out of SMTP. I'm not sure what the limit is but I sent less than 10 total. Anyway, the email provided a link to an online request form that will allow one to have those limitations removed - I have provided an image of what the email looks like in case anyone is curious.

After doing a bit of research, it appears that if email services will be required for one's EC2 system, an Elastic IP (EIP) address is recommended with a reverse DNS Record configured. This will need to be requested to Amazon and according to Amazon, it could take up to 1 week before anti-SPAM organizations will white-list yuor EIP. Note that when you purchase an EIP, you are charged when NOT using it for the purpose of thwarting IP address hoarders.

No cost for Elastic IP addresses while in use

    $0.01 per non-attached Elastic IP address per complete hour
    $0.00 per Elastic IP address remap – first 100 remaps / month
    $0.10 per Elastic IP address remap – additional remap / month over 100

Most of this information can be found at:

http://aws.amazon.com/ec2/#pricing

Note that the forms for requesting email large quantities of email from you account is found at the bottom of the above mentiond link in the "Detailed Description - Using Amazon EC2 to Run Instances" section.

Anyway, I don't need or want to pay for an EIP at the moment but I did fill out the online request form for permission to send out more messages. I will post more updates as I make more progress.

 User generated image
please test your server for both SMTP relaying and backscatter, these may be the cause of your email limitation warning....
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Thank you again for your help.