How I setup my domains

Users tips and ideas

Moderators: FlorianB, Pascal, bourgeois, mentor

clickx3
Posts: 53
Joined: Sun Jun 03, 2007 9:13 pm
Location: Portland, OR
Contact:

How I setup my domains

Postby clickx3 » Sun Jun 03, 2007 9:41 pm

Hi
I had a hard time finding out how to setup a domain in the directions for my type of setup. This is probably the most common setup, and I thought many people could benefit from it and save a lot of time. I have a windows 2003 server with Exchange 2003 SP2.
After Adding the domain here are my settings

Domain Name: yourpublicdomainname.com

Destination Server: 192.168.1.2 (This is a false IP but it is the right idea because both my spam filter and my email server are behind the same firewall. If your email server is outside the firewall then use the public IP)

Leave unchecked Use MX Record, SMTP and LDAP callout. (IF all your domains are going back to the same LDAP server, which mine are not, then you could check LDAP call out and go to the Configuration-SMTP-LDAP area to just input this info once and then check the LDAP call out box on all new domains.)

Action on Spam set to Quarantine. Otherwise why have a SPAM filter?

Check AV content protection and leave the rest of this area to defaults.

The User Authentication area is where we all get stuck. Here is what I did and if you have a similar setup just mimic this information:

Connection: LDAP/ActiveDirectory
Server: 192.168.1.2 / 389 (Same as my Exchange server but yours may be on a different server. If you use SBS it's the same as the Exchange server)

Use SSL: Leave unchecked

Protocol Version 3

BaseDN dc=domain,dc=local (This is if your internal domain for active directory is domain.local. Don't use the public domain name, unless your active directory is also the same as your public domain. If that's the case then you have other problems. If you have a longer domain such as portland.domain.local then you add the third dc in as well. Just don't include the host name aka the name of the server itself.)

User attribute: SamAccountName (Type this exactly like you see it here)

bind user: domain\administrator (This is the netbios name of your domain if your domain was domain.local. If you have renamed your administrator account change this line to match)

Password: Put in the administrator password here

Username format: Username
Address Method: LDAP lookup

Leave the rest as the defaults shown.

Whitelists, warn lists and grey lists are up to you and your company policy. I have no opinion on this, but no matter what you check it won't affect the ability of the filter to work.

Bob McMillen
alltech1.com
olivier
Posts: 1348
Joined: Thu Jan 01, 1970 1:00 am
Contact:

Re: How I setup my domains

Postby olivier » Sun Jun 03, 2007 10:12 pm

Thank for your exemple.

clickx3 wrote:Leave unchecked Use MX Record, SMTP and LDAP callout. (IF all your domains are going back to the same LDAP server, which mine are not, then you could check LDAP call out and go to the Configuration-SMTP-LDAP area to just input this info once and then check the LDAP call out box on all new domains.)

enabling SMTP callout is a good idea because it prevent mails for bad recipient to being processed. Unfortunately this is not possible with MS Exchange because it doesn't refuse properly bad address at SMTP time by default.
I just posted a procedure to activate that on Exchange 2003. Use it and then enable SMTP callout on the MailCleaner to allow MailCleaner to refuse bad recipients.
http://forum.mailcleaner.org/viewtopic.php?t=548
This is highly recommended.
(activating it without applying the procedure won't break anything, so there is no danger).

clickx3 wrote:Action on Spam set to Quarantine. Otherwise why have a SPAM filter?

to have it tag spam, and your mail server deliver it to a specific user mailbox folder. Althoug I agree this is not the more efficient way, it is sometimes convenient.

clickx3 wrote:The User Authentication area is where we all get stuck. Here is what I did and if you have a similar setup just mimic this information:

If one needs more information all these settings are explained here: http://www.mailcleaner.org/doku.php/documentation:configuration:connectors

clickx3 wrote:bind user: domain\administrator (This is the netbios name of your domain if your domain was domain.local. If you have renamed your administrator account change this line to match)

no need to be the administrator account. Any account with bind right will do it well.

clickx3 wrote:Whitelists, warn lists and grey lists are up to you and your company policy. I have no opinion on this, but no matter what you check it won't affect the ability of the filter to work.

greylist is not that much efficient these days as spammers have started using smarter botnets.
whitelisting is usually a bad idea for middle and long term efficiency
clickx3
Posts: 53
Joined: Sun Jun 03, 2007 9:13 pm
Location: Portland, OR
Contact:

Follow up on Domain Setup

Postby clickx3 » Sun Jun 03, 2007 10:39 pm

Hi

Thanks for the clarification on those points. The difficulty I had was in the area of configuration of connectors in the documentation. It gave the example of the Base DN to be domain.com, and it was confusing because it was looking for the internal .local active directory name and not necessarily the public email domain.

The other area of confusion was the bind user box. I wanted to make sure people knew to put in the netbiosdomain\username. Just putting the username alone, or the FQDNS name didn't work for me and I assume a lot of other people as well.
Bob

Return to “Tips”

Who is online

Users browsing this forum: No registered users and 1 guest