Linux SMTP Relay for Exchange

[Jaesii]

Hello

I currently have an Exchange server running in my home lab, since my ISP gives me a dynamic IP, I would like to set up a server in the cloud to use as a mail relay / smart host.

Has anyone ever had any experience setting up a SMTP relay server from scratch on centos or ubuntu ?

I already have a VPS with a static IP and would like to convert that to my smarthost if possible.

 

[EffrafaxOfWug]

I've never tried setting one up on a remote site before (assume you're talking about a VPN or secure SMTP from your home lab through to some colo server or suchlike, with a static WAN IP/domain name?) but configuring postfix to act as a smarthost (IIRC this is called the "internet site" option in the debian postfix setup wizard) is a relative doddle.

Are you looking for your relay box to be the endpoint for all your incoming and outgoing mails, or would you be forwarding through to a dedicated mail provider? If the former, bear in mind if you're going to put an SMTP relay on the wild west internet you're going to want to read up on locking it down very tightly, and if you expect to be able to mail out to most other mail providers you'll likely have a lot of work in setting up DKIM and the rest of it - setting up a smarthost in this fashion is essentially the same as putting a whole SMTP server on t'internet. Ars recently did a series of articles covering exactly this sort of thing and a lot more besides:
How to run your own e-mail server with your own domain, part 1
Taking e-mail back, part 2: Arming your server with Postfix and Dovecot
Taking e-mail back, part 3: Fortifying your box against spammers
Taking e-mail back, part 4: The finale, with webmail & everything after

If you've already got a mail provider, then I imagine you can just point your exchange server at them instead. Personally I use a local postfix server for handling internal mail which then relays certain stuff out to my hosting provider who look after the majority of the internet-facing mail gubbins.

 

[Jaesii]

I would be looking to do a secure SMTP from my exchange server to the Postfix server. Kind of like the way I implement McAfee SaaS and Barracuda ESS at work, using firewall rules to only allow the VPS to send / receive mail.

I already have the exchange server up and running with mail actively flowing through it. Just due to my home connection having a dynamic IP, I am frequently put on SORBS and SpamHaus blacklists.

My thinking is by using the VPS as a smarthost I would be able to avoid getting put back on the blacklists.

 

[EffrafaxOfWug]

In that case yeah, if you don't have an existing "static" SMTP server (like one provided by your ISP or hosting provider) then you're looking at putting something like postfix on your VPS - postfix is my personal favourite because it's easy and powerful and I've been using it for years but of course other MTAs are available

 

[Blinky 42]

You can setup postfix pretty quickly to be the public relay in front of the exchange (or other SMTP) server. Just be sure to use it for outgoing and incoming email, and make sure the reverse DNS on your public IP is setup to resolve properly and you remove any references to the dynamic IP from your MX and SPF records.
If you are using a wonky VPS provider, be sure the static IP you have is geolocated the the right general area - if your IP was one recently transferred from a different regions (AfriNIC for example) then you may be blocked just on the history that netblock had in a different geography.

Also nothing stopping you from doing the same on multiple VPS providers to have some redundancy, just be sure to watch the mail queues on each host for the amount of bounces that go out.

There are also other projects and configurations you can use that don't queue incoming email, they will act more like a proxy and directly forward it to your exchange server when the request comes in. This can be nice to prevent a lot of bounce messages flooding your queues when the VPS MTA accepted the mail but the final Exchange server rejected it. I had custom built a mail router based off of qpsmtpd - Develooper LLC at in the past to route email by address instead of domain with a complex email based CMS that was being transitioned from one server to another.

 

[azev]

One other thing you can do is deploy free sophos utm, it has all the built in security and it can do mail inspection, spam filtering etc.