Using AMS as edge email security gateway

[Pugglewuggle]

Hi again Chris and Rob,

I usually shoot you guys an email, but I'm posting this here so everyone can see in case they want to try the same thing.

I'm currently about to setup another Exchange server and what I'd like to do is use AMS as an "edge email security gateway" to filter SPAM and viruses. AMS has the best bayesian spam filtering engine I think I've ever seen and I'd like to use it to protect an Exchange server if possible.

I've seen the Barracuda email filters but they're very expensive and I'd like to see if I can just do this with AMS (gosh I love AMS).

What I suppose this would consist of is receiving email on certain domains, filtering it with the defined rules in AMS, and then forwarding it on to the internal Exchange server. This would then protect the Exchange server from direct external attacks since AMS would be acting as a relay (AMS seems to be very secure and Exchange periodically has a major exploit come out). This would also protect us from losing mails or getting them bounced back to the sender (at lease for a little while) if we were experiencing Exchange problems (happens sometimes) as AMS would hold the mail in the relay queue. We also have an offsite mail backup server, but it would be nice to have an internal 'buffer' and only one outside-facing address for SMTP.

Is there any way to do what I'm talking about or am I just dreaming?

Sorry I always have something ridiculous I'm trying, either like this or like the custom webmail frontend I did.

Thanks in advance guys!

[m1byo]

This isnt that rediculous.

I have done exactly the same here for exactly the same reason! I have just set each domain up as a backup domain in AMS and then configured the static route for each domain to point to the exchange server! The settings are a 30 min retry interval and a 14 day queue life so emails can wait till we have fixed exchange!

We mainly use greylisting and spf as they do not requre any learning interaction, these 2 on their own reduced spam from about 5000 emails/day to about 50 emails per day over 25 users.

I did also configure baysean filtering, and to allow it to learn I had to set up a pseudo domain in AMS which had a SPAM and NON-SPAM account, the spam and non-spam emails were then forwarded by users to these 2 accounts to allow the baysean filter to continue learning.

If you want the user's mailbox spam filtering to work (SPF, Greylisting, Any other way you set the spam flag) you need to use content filtering to add an x-header based on the spam flag into the email which the user's outlook rules look for to move emails to spam/non-spam folders.

I hope this helps!

Ian

[Pugglewuggle]

Our same reasons being AMS' stability and security, and Exchange's bugs, of course! I'm glad to hear someone else has tried this.

Same with us - we use SPF a lot, and then the integrated bayesian filter... it's very good once trained (although it took a year or two - okay I was just too lazy to sort the mails and then did it a bit over a year ago).

As far as getting the right mails sorted to the right folders in Exchange, you just used tagging with a keyword and then had Exchange sort them out when they got there? This needs to be done all server-side... I noticed you said Outlook rules... do this on the clients is rather unacceptable in our situation...

Any ideas?

Cheers!

[m1byo]

I know you can do server-side rules on exchange (CRM has added one on the server here), it shows up in the user's outloook folder as a rule but they cannot edit it, I am not 100% how to create them on the server although I am looking.

This rule then applies the rules to the accounts wheather the user is logged on or logged off.

They emails can then be defined as junk when they get to the users mailbox.

[rob]

Using AMS as a front end SPAM filter is indeed possible. But in addition to what m1byo as said, you can also create a list of users which AMS will only accept. With no list (default), any user address will be accepted for your domain through AMS and passed onto exchange (ie anythinghere@yourdomain.com). The user list can be configured on the backup domain tab of your domain and simply refences a text file. The format of this file is a user per line...

user1
user2
user3

[Pugglewuggle]

Oh I see... So that's basically for if we want to keep some internal users on AMS and only move a few to Exchange? Either way, all external users are staying on AMS.

[Pugglewuggle]

Anybody here?

[m1byo]

If you are using AMS As a front-end spam gateway only, then the users would be on exchange and the userlist would be what AMS uses to decide which emails to forward to exchange. (note, the domain(s) would be configured as backup domains with a static route to exchange)

If your users are on the AMS front-end spam gateway then you are running AMS as a normal email server and so you would configure the users normally.

You can run both backup services for one domain (forwarding them to exchange) and normal mail services for another domain on AMS, but you cannot split the users on any one domain between AMS and Exchange.

I hope this helps

Ian

[rob]

Sorry, I have been on vacation since friday. Ian is spot on, basically the user list only allows AMS's backup service to hand pick which users get forwarded. Splitting users between exchange and AMS isn't really possible as trying to set this up generally results in mail loops, bounces and lost mails between the various users (users on one server will have issues reaching users on the other server).

[Pugglewuggle]

No problem! I appreciate the responses. Thank you very much for that info! I'll see to testing it when the server gets back up - it crashed last night! Arrggghhhh! Please see my new question - it's still down!