company exchange server & exim best practices.

Aaron C. de Bruyn ubuntu-server at
Sun Apr 5 04:03:37 UTC 2009

On 2009-04-03 at 09:40:32 +0200, Rudi Ahlers wrote:
> Date: Fri, 3 Apr 2009 09:40:32 +0200
> From: Rudi Ahlers <rudiahlers at>
> To: Ubuntu Server Team <ubuntu-server at>
> Subject: company exchange server & exim best practices.
> Hi all,
> On of our clients use an MS Exchange 2003 SBS server, with exchange
> for their internal email. We provide them with a domain, ADSL (which
> uses dynamic DNS) and POP3 email. They don't have an spam filter
> program on the exchange server itself due to costs, so I have setup
> each user on the Exim server, which runs ASSPX for anti-virus / spam
> filter / etc. Then I setup the SBS 2003 server to pull the email via
> POP3, but this doesn't seem to work too well, cause the exchange
> server doesn't always download the POP3 email, and then the users
> often sit without email until I go there to manually download the mail
> again.

I am curious about your POP3 issues with Exchange.  I have a handful of clients using mail that way without any issues.

If you really want to push mail into an Exchange server from a spam filter, you have a few hurdles.

The first is that your spam filter must only accept mail for valid exchange mailboxes.
If your spam filter has a catchall box for example, it might accept a message to aaron at example.tld, but the exchange server doesn't have aaron at example.tld--this will cause exchange to bounce the message.  If spammers set fake return addresses on messages to invalid mailboxes, you get backscatter spam.

Keeping your spam filter and exchange mailbox list in sync is a pain.

One way is to open up a port in the client firewall and *only* allow your mail server to access Active Directory.  Then you can put a script on your mail server to download the list of mailboxes from exchange.  (If you need a copy of such a script, let me know)

Another way is to manually update your spam filter.  With several of my clients, I am their only 'IT guy'.  They call me whenever they need an email address changed--so I just remember to update the spam filter too.

Once you have your mailboxes synced between the spam filter and exchange, you need to tell your mail server to accept mail for the client.  In postfix, there's a setting 'relay_domains' which specifies which domains your mail server will pick up and redeliver mail for.  (I'm no Exim expert)

After your server is accepting mail for the client, tell it how to reach the final destination--the exchange server.  In postfix you can setup 'transport_maps' and specify something like: example.tld  smtp:[]

This tells postfix to deliver all mail for example.tld via SMTP to (your customers dynamic address).

Feel free to contact me off-list if you need help with the specifics, setting up scripts, testing, etc...


More information about the ubuntu-server mailing list