efa-project.org

Hi All,
I'm testing EFA between Internet and internal Exchange 2010.
The configuration is:
Ingoing emails: Internet (port 25) -> EFA -> Exchange 2010 -> Users Clients
Outgoing emails: Users Clients -> Exchange 2010 -> Internet

The EFA server is configured to accept all e-mail for our domains, even those recognized as spam and deliver them, marked, to the Exchange 2010 server.
This is to enable the delivery of e-mails identified as spam to the Junk folder for each user.

The problem is that the day after activating this configuration, our public IP address has been blacklisted in cbl.abuseat.org.

The cause seems to be an infection with the Cutwail spambot, it seems strange however, that in the weeks before I had no problems.

It's possible that some configuration problems can cause this type of problem?

For example, in my case the e-mails are accepted by the EFA without checking if the user exists in the domain, then Exchange (without going through EFA) may reject the message because the user does not exist. This behavior of accepting and then send back an e-mail from the system can be considered abnormal?

It 's normal to configure the system so that the E-Mail from Exchange do not go in EFA?

Any advice is welcome, I would try to understand the problem before try again, because to delete the IP from the Blacklist takes a few hours in which our emails are no longer being accepted.

Many thanks to all
Best Regards
Fil

Hmm..

Rejected emails will cause problems. For instance, if a spammer forges the From Address, sends to your EFA, then on to Exchange, and then Exchange rejects message, the reject would go back to the forged address.

http://www.dontbouncespam.org/

I would strongly advise to 1) build a relay recipient list for postfix and/or 2) turn off the Exchange rejection behavior

Hello shawniverson,
I suspected that this might be the problem.
Thanks for the link!
Now I have implemented the relay recipient list in postfix, to do this I tried the script in perl which is discussed in the forum but something did not work and I had the error LDAP_ENCODING_ERROR. So I created the list using ldapsearch with awk. And scheduled to run every hour.
(If anyone is interested I could post the script I used)

For two days now no blacklist, I hope the problem is solved.

Thank you very much for the help!

Best Regards
Fil

hi fil.capo

Yes your script could be very useful.
I've tried to use the perl script to fetch rcpts from active dir without luck.

hi buzzzo,
this is the script I'm using.
Basically it gets with ldapsearch all entities with proxyAddresses defined, then format it removing proxyAddresses and smtp and adding OK so each line is: I used the part if($3!~/@example\.local/) to remove all local defined e-mails user@example.local, maybe it's not necessary but I've added it to have a clean list without unnecessary local users e-mails.

Just for information YourLdapUser part, should contain full path to the user if there are groups, for example:
This is working in my environment, I hope it will be useful to you.

Best Regards
Fil

I would strongly recomend routing your outbound email through EFA as exchange tends to create a tremendous amount of backscatter. as previous post said and backscatter will land you on a cbl real fast. also your sending server name may not match your mx record in this setup and can also cause black listing. If you want spam messages in your users junk mail folder with the default config I made a how to document that will get you there in a couple minutes.
http://www.mcgearytech.com/efa-project- ... il-folder/
If you really want to use exchange to send directly to the internet you need to stop the backscatter here is a link that should help
http://alanhardisty.wordpress.com/2010/ ... d-domains/