Mail Server Settings¶
Follow the instructions at Installation till the 6. Change the listen IP:Port of your existing mail server.
To do 6. Change the listen IP:Port of your existing mail server and 7. Configure OpenProtect as your smarthost for outgoing mails for a particular MTA, see the instructions below.
We have instructions for the following MTA as of now:
1. Sendmail¶
Change the listen IP:Port¶
Edit the sendmail.mc file, usually at /etc/mail/sendmail.mc
Suppose your MX IP is 1.2.3.4 and sendmail listens at port 25
Change your current DAEMON_OPTIONS line from:
DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp, Addr=1.2.3.4')dnl
to:
DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=10025, Addr=127.0.0.1')dnl
Now, run:
/etc/init.d/sendmail restart
or whatever is your distro’s restart command. If sendmail still listens on port 25 of your MX IP, you need to run:
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
for the cf file to be updated manually. Now restart sendmail again.
Now sendmail will listen on 127.0.0.1:10025 and OpenProtect will receive mails from external domains at the MX and relay the filtered mails to your sendmail via 127.0.0.1:10025
Set a smarthost¶
Similarly, add a line to the sendmail.mc file like:
define(`SMART_HOST',`1.2.3.4')dnl
where 1.2.3.4 is the MX IP where OpenProtect is currently listening
Now, rebuild the sendmail.cf file from the mc file if necessary and then restart sendmail.
Sendmail will send outgoing mails to external domains via OpenProtect, where the mails are filterd for viruses, phishing attacks etc and then delivered to the MX of the recipient domains.
2. Postfix¶
Change the listen IP:Port¶
We change the IP first. Edit the /etc/postfix/main.cf file and add or change the setting if it already exists:
inet_interfaces = 127.0.0.1
Now we change the port to 10025. Edit the file /etc/postfix/master.cf file and add or change the line if it already exists:
10025 inet n - n - - smtpd
Now run /etc/init.d/postfix restart or the equivalent for your distro.
Now postfix will listen on 127.0.0.1:10025 and OpenProtect will receive mails from external domains at the MX and relay the filtered mails to your postfix via 127.0.0.1:10025
Set a smarthost¶
Edit /etc/postfix/main.cf and add the line:
relayhost = 1.2.3.4
where 1.2.3.4 is the MX IP where OpenProtect is listening.
Postfix will send outgoing mails to external domains via OpenProtect, where the mails are filterd for viruses, phishing attacks etc and then delivered to the MX of the recipient domains.
3. qmail¶
Change the listen IP:Port¶
Change the listen interface of qmail-smtp in its run file for daemontools. qmail-smtp is usually invoked by tcpserver in the run file. Change the IP address and port in that file. The run file for qmail-smtp is usually at /service/qmail-smtpd/run.
Suppose your MX IP is 1.2.3.4 and tcpserver qmail-smtp listens at port 25, your run file will look something like below:
/usr/bin/tcpserver -c 50 -H -R -v -l mail.domain.com \ -u $QMAILDUID -g $NOFILESGID 1.2.3.4 25 \ /var/qmail/bin/qmail-smtpd
Change the above to:
/usr/bin/tcpserver -c 50 -H -R -v -l mail.domain.com \ -u $QMAILDUID -g $NOFILESGID 127.0.0.1 10025 \ /var/qmail/bin/qmail-smtpd
Now restart qmail, this is generally done using svc -du /service/qmail-smtpd or the equivalent for your distro.
Now qmail will listen on 127.0.0.1:10025 and OpenProtect will receive mails from external domains at the MX and relay the filtered mails to your qmail via 127.0.0.1:10025
Set a smarthost¶
Create a new file /var/qmail/control/smtproutes and add the line:
:1.2.3.4
where 1.2.3.4 is the MX IP where OpenProtect is listening.
Now qmail will send outgoing mails to external domains via OpenProtect, where the mails are filterd for viruses, phishing attacks etc and then delivered to the MX of the recipient domains.
4. Exim¶
Change the listen IP:Port¶
Change the listen interface of Exim in its configuration file /etc/exim4/exim4.conf. Run exim -bV in the command line if you want to know location of this configuration file.
Change the local_interfaces setting line as below:
local_interfaces = 127.0.0.1.10025
Now restart Exim, this is generally done using /etc/init.d/exim4 restart or the equivalent for your distro.
Now Exim will listen on 127.0.0.1:10025 and OpenProtect will receive mails from external domains at the MX and relay the filtered mails to your Exim via 127.0.0.1:10025
Set a smarthost¶
In the Exim configuration file, in the routers section marked by begin routers, there would be a remote domain router with a setting driver = dnslookup
Since Exim is going to forward all outgoing mails to OpenProtect, we have to change that router entry completely, for eg, if the router is called remote_domains, then the entry would look like:
remote_domains: driver = dnslookup domains = ! +local_domains transport = remote_smtpChange it to something like below:
remote_domains: driver = manualroute route_list = * 1.2.3.4 domains = ! +local_domains transport = remote_smtpwhere 1.2.3.4 is the MX IP where OpenProtect is listening. Note that in the remote domain router, we have changed the driver to manualroute and added a route_list.
Now exim will send all outgoing mails to external domains via OpenProtect, where the mails are filterd for viruses, phishing attacks etc and then delivered to the MX of the recipient domains.
5. MS Exchange 2010¶
Change the listen IP:Port¶
MS Exchange could use the MX IP, port 25 to authenticate local users as well. So disabling this port could confuse your users who are using this port to authenticate and send their mails.
Suppose your current MX is 1.2.3.4 and Exchange is listening on 1.2.3.4:25 and your users are sending mails via 1.2.3.4:25 using SMTP Authentication. We can’t change Exchange to a new IP, since it’ll break the configuration for a lot of your users, who’ll then need to change their SMTP server IP or hostname in Outlook.
Instead of changing Exchange’s listen IP or port, set your MX for your domain(s) to a new IP, say 1.2.3.5 and run OpenProtect at 1.2.3.5:25 instead.
Now OpenProtect will receive mails from external domains at the new MX IP 1.2.3.5 and relay the filtered mails to your Exchange via the old MX IP 1.2.3.4
For exchange to accept mails from OpenProtect on 1.2.3.5, add 1.2.3.5 to a new receive connector in Exchange. To do that, run:
New-ReceiveConnector -Name "domain.com Receive Connector for OpenProtect" -Usage Internet -RemoteIpRange 1.2.3.5-1.2.3.5
Note the IP 1.2.3.5 in the above command, which is the new MX IP where OpenProtect listens. Now, with this receive connector, exchange would accept mails from OpenProtect via SMTP from the new MX 1.2.3.5. See Exchange 2010 Docs for more information on receive connectors.
Set a smarthost¶
- Open Exchange 2010 management console
- Click Organization Configuration -> Hub Transport
- Select Send Connectors in the Hub Transport in the 2nd pane
- Now, click New Send Connector in the Actions pane at the far right
- Enter a descriptive name like OpenProtect smarthost in the Name field
- Select Custom in the intended use dropdown and click Next
- Now click Add in the SMTP Send Connector
- Enter * in the address, tick the Include all subdomains and Cost 1 and click ok
- Select Route mail through the following smart hosts and enter the new MX IP where OpenProtect runs. In our example, the new MX IP 1.2.3.5.
- Select None in the Configure smart host authentication settings since we’ve instructed OpenProtect to allow outgoing mails from Exchange 2010 at 11. Add trusted Relay hosts by adding Exchange 2010’s IP address to the list of trusted relayhosts in OpenProtect.
- Once you click Finish, the Send Connectors pane should show the new smarthost name and status Enabled.
If you want instructions for any other MTA of your choice, or find any errors or corrections, let us know here.
