I'm completely new to linux, but I managed to setup Debian (not as hard as it once was). I want to put that box on the DMZ and have all mail come into the firewall (Red Hat,iptables) forward to the Debian box.. spam/virus scan.. then forward back to the firewall which will route it to the internal Exchange box.

Vice versa too, I would like the exchange SMTP t forward messages to the Firewall, which will forward to Debian, virus/spam scan, change the header to not say Exchange, and add a disclaimer, then forward to its destination.

Like I said, I'm new to linux, but I've seen some of the crazy apps out there so I know this has to be possible.

Please let me know

And thanks in advance for any help

Jason

I have a similar setup at this end. I frontend an Exchange server with a postfix MTA sitting in a DMZ. All inbound e-mail is received by postfix, scanned by Spamassassin, then relayed to the Exchange server. Virus scanning is done on the Exchange server. Outbound e-mail is virus scanned by Exchange server, then relayed to the postfix server for final delivery. Note: Outbound e-mail is not scanned by Spamassassin.

With the above in mind, I can give you a couple of pointers to configuration issues that will need to be addressed.

1) To relay inbound e-mail to your Exhange server...

If your using sendmail, look at the "mailertable" feature.
If your using postfix, look at the "transport" feature.

2) Configure MTA in DMZ to verify mailbox/user exists on Exchange prior to relaying to Exchange server.

The way I implemented the above was to configure postfix to issue an LDAP query against the Exchange server to verify the user/mailbox is valid prior to relaying. Without doing so, bogus recipients for your domain would be relayed to Exchange server and then bounced back to what is usually a forged sender address. If interested, I can post examples of how I implemented LDAP using postfix, but I know sendmail can be configured to do the same thing.

3) E-mail filtering

E-mail filtering can be implemented in many ways with either MTA. Since my postfix MTA only calls Spamassassin, I chose to implement SA filtering using postfix's built-in hooks. But there are some good third party apps available for free that will handle both virus and spam filtering by your MTA. I can think of a couple that I have used in the past. amavis-new and mime-defang

As for changing the e-mail header or adding a disclaimer... can't help you there, but if I remember correctly, mime-defang may have the capability to remove headers.
Good Luck!

Thanks for the reply. Sounds almost identical to the setup I'm looking for. So you used postfix. What ports do u have open going from the dmz to the intranet for LDAP to work?

Also, once I start diving into it next week, I'll definately need details... since this is my first time really using linux.

Again, thanks for the reply

"""2) Configure MTA in DMZ to verify mailbox/user exists on Exchange prior to relaying to Exchange server.

The way I implemented the above was to configure postfix to issue an LDAP query against the Exchange server to verify the user/mailbox is valid prior to relaying. Without doing so, bogus recipients for your domain would be relayed to Exchange server and then bounced back to what is usually a forged sender address. If interested, I can post examples of how I implemented LDAP using postfix, but I know sendmail can be configured to do the same thing."""

I'm interested. Do tell.

Thanks.