EFA, Exchange 2010 and CBL Blacklist

General eFa discussion
Post Reply
fil.capo
Posts: 4
Joined: 23 Sep 2014 14:49

EFA, Exchange 2010 and CBL Blacklist

Post by fil.capo »

Hi All,
I'm testing EFA between Internet and internal Exchange 2010.
The configuration is:
Ingoing emails: Internet (port 25) -> EFA -> Exchange 2010 -> Users Clients
Outgoing emails: Users Clients -> Exchange 2010 -> Internet

The EFA server is configured to accept all e-mail for our domains, even those recognized as spam and deliver them, marked, to the Exchange 2010 server.
This is to enable the delivery of e-mails identified as spam to the Junk folder for each user.

The problem is that the day after activating this configuration, our public IP address has been blacklisted in cbl.abuseat.org.

The cause seems to be an infection with the Cutwail spambot, it seems strange however, that in the weeks before I had no problems.

It's possible that some configuration problems can cause this type of problem?

For example, in my case the e-mails are accepted by the EFA without checking if the user exists in the domain, then Exchange (without going through EFA) may reject the message because the user does not exist. This behavior of accepting and then send back an e-mail from the system can be considered abnormal?

It 's normal to configure the system so that the E-Mail from Exchange do not go in EFA?

Any advice is welcome, I would try to understand the problem before try again, because to delete the IP from the Blacklist takes a few hours in which our emails are no longer being accepted.

Many thanks to all
Best Regards
Fil
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: EFA, Exchange 2010 and CBL Blacklist

Post by shawniverson »

Hmm..

Rejected emails will cause problems. For instance, if a spammer forges the From Address, sends to your EFA, then on to Exchange, and then Exchange rejects message, the reject would go back to the forged address.

http://www.dontbouncespam.org/

I would strongly advise to 1) build a relay recipient list for postfix and/or 2) turn off the Exchange rejection behavior
fil.capo
Posts: 4
Joined: 23 Sep 2014 14:49

Re: EFA, Exchange 2010 and CBL Blacklist

Post by fil.capo »

Hello shawniverson,
I suspected that this might be the problem.
Thanks for the link!
Now I have implemented the relay recipient list in postfix, to do this I tried the script in perl which is discussed in the forum but something did not work and I had the error LDAP_ENCODING_ERROR. So I created the list using ldapsearch with awk. And scheduled to run every hour.
(If anyone is interested I could post the script I used)

For two days now no blacklist, I hope the problem is solved.

Thank you very much for the help!

Best Regards
Fil
buzzzo
Posts: 94
Joined: 03 Feb 2014 09:09

Re: EFA, Exchange 2010 and CBL Blacklist

Post by buzzzo »

hi fil.capo

Yes your script could be very useful.
I've tried to use the perl script to fetch rcpts from active dir without luck.
fil.capo
Posts: 4
Joined: 23 Sep 2014 14:49

Re: EFA, Exchange 2010 and CBL Blacklist

Post by fil.capo »

hi buzzzo,
this is the script I'm using.

Code: Select all

ldapsearch -D "CN=YourLdapUser,DC=example,DC=com" -w YourPassword -p 389 -h YourServer -b "DC=example,DC=com" -s sub "(proxyAddresses=*)" sn cn proxyAddresses | awk -F: 'tolower($2)~/smtp/ {if($3!~/@example\.local/) print $3 " OK";}'>/etc/postfix/relay_recipients
Basically it gets with ldapsearch all entities with proxyAddresses defined, then format it removing proxyAddresses and smtp and adding OK so each line is:

Code: Select all

user1@example.com OK
user2@example.com OK
user3@example.com OK
I used the part if($3!~/@example\.local/) to remove all local defined e-mails user@example.local, maybe it's not necessary but I've added it to have a clean list without unnecessary local users e-mails.

Just for information YourLdapUser part, should contain full path to the user if there are groups, for example:

Code: Select all

CN=YourLdapUser,OU=users,OU=systemusers,OU=mygroup,DC=example,DC=com
This is working in my environment, I hope it will be useful to you.

Best Regards
Fil
User avatar
mcgearytech
Posts: 9
Joined: 08 Sep 2014 17:01

Re: EFA, Exchange 2010 and CBL Blacklist

Post by mcgearytech »

I would strongly recomend routing your outbound email through EFA as exchange tends to create a tremendous amount of backscatter. as previous post said and backscatter will land you on a cbl real fast. also your sending server name may not match your mx record in this setup and can also cause black listing. If you want spam messages in your users junk mail folder with the default config I made a how to document that will get you there in a couple minutes.
http://www.mcgearytech.com/efa-project- ... il-folder/
If you really want to use exchange to send directly to the internet you need to stop the backscatter here is a link that should help
http://alanhardisty.wordpress.com/2010/ ... d-domains/
Post Reply