nt341 mail server integration
Post on 07-Aug-2015
32 Views
Preview:
TRANSCRIPT
Mail Server Integration Integrating Citadel & Surgemail with Microsoft Exchange 2010
Ryan Ellingson Herzing University 6/17/15
1
Table of Contents I. Executive Summary ............................................................................................... 2
II. Design Decisions ........................................................ Error! Bookmark not defined.
Network Diagram
Technical Planning
Exchange Server Specifications
Surgemail Server Specifications
Citadel Server Specifications
III. Implementation ..................................................................................................... 6
Exchange 2010 DNS
Surgemail DNS
Citadel DNS
Create New User in Surgemail
Create New User in Citadel
Create New User in Exchange 2010
Security for Exchange 2010
Security for Surgemail
Security for Citadel
IV. Testing and Evaluation ....................................................................................... 20
V. Conclusion ........................................................................................................... 24
VI. Appendix .............................................................................................................. 25
Executive Summary
Companies merge all the time. During the merging process, one of the big worries is how the mail system will adapt to the changes. Luckily, with enough time and effort, connecting email systems so that both users inside and outside the company have little to no issues is very simple. When someone outside emails someone inside the organization, they should not have to know the new email address. Emails sent to an old email address (prior to migration) should be seamless, so mail should be relayed from the old email system to the new one and vice versa.
MAIL SERVER INTEGRATION - MARCH 2015
3
Design Decisions
For this project, Citadel and Surgemail were used. Citadel is very easy to use, versatile, and powerful. It uses a something called “rooms” to combine many other features into the entire platform. Citadel is free and available for numerous distributions of Linux. Surgemail is a fast, robust, and secure mail server. Setup is simple and the feature set is comprehensive. It offers a bunch of different plugins and settings to tweak the platform to the user’s (and administrator’s) liking.
MAIL SERVER INTEGRATION - MARCH 2015
4
Network Diagram
Figure 1 Network Diagram
MAIL SERVER INTEGRATION - MARCH 2015
5
Technical Planning
The following specifications were used as part of the technical planning of the project entities. These include multiple different servers. For this project, make two Windows 2008 r2 servers and one Centos 5.11 server.
Exchange Server Specifications
Operating System Windows 2008 r2Memory 1 GBHard Disk 60 GBNetwork Cards 1 NICFigure 2 Exchange Server Specifications
Surgemail Server Specifications
Operating System Windows 2008 r2Memory 4 GBHard Disk 20 GBNetwork Cards 1 NICFigure 3 Surgemail Server Specifications
Citadel Server Specifications
Operating System Centos 5.11Memory 2 GBHard Disk 20 GBNetwork Cards 1 NICFigure 4 Citadel Server Specifications
MAIL SERVER INTEGRATION - MARCH 2015
6
Implementation
Implementation (for the purpose of this project) was done on VMware Workstation 10.0.1. Depending on the size of the network, the time that implementation will take will vary. All servers had the mail servers installed prior to this project.
Exchange 2010 DNS
DNS will be set up on the Domain Controller. For this project, make sure that there is an A record for the DC-62 server and EX01-62 server. Make sure another A Record for the EX01-62 server is created and call it “Mail”. Create a Glue record for both the DC-62 and EX01-62 server. Create an MX record for both the DC-62 and EX01-62 server.
Figure 5 DNS Settings
Next, be sure to create a conditional forwarder for the Ezicomms and Fourpoints servers.
MAIL SERVER INTEGRATION - MARCH 2015
7
Figure 6 Conditional Forward Settings
Surgemail DNS
Setting up DNS for Surgemail is largely the same as the Exchange 2010 server. Simply add an A record for Surgemail.fourpoints62.com and Mail.fourpoints62.com. Create an MX record for Surgemail. Create a Glue record for Surgemail as well. Lastly, create Conditional Forwarders for both of the other servers.
Figure 7 DNS Settings
Figure 8 Conditional Forward Settings
Citadel DNS
Install Windows 7 like normal. Set a user and password. Make sure to write them down so you will not forget it. On Windows 7, for this project, X-Lite is the softphone of choice. Any softphone with SIP capabilities should work fine though. X-Lite is not pre-installed on Windows 7, so you will have to download it (for free) from their website.
MAIL SERVER INTEGRATION - MARCH 2015
8
Figure 9 DNS Settings
Create New User in Surgemail
While logged in as the administrator, create a new user. From the mail splash page at 127.0.0.1:7026 in your browser, click “Accounts”. From there, add in the user’s Username and Password and click “Create Account”.
Figure 10 Creating New User in Surgemail
MAIL SERVER INTEGRATION - MARCH 2015
9
Create New User in Citadel
While logged in as the root user, create a new user. From the splash screen found at citadel.ezicomms62.com:2000, click “Administration”. From that page, you can Click on “Add, change, delete user accounts”. There you will add the new user in the “New User” box. Click “Create”. This will take you to a page where you can specify other information for the user. Save changes when the user is completely set up.
Figure 11 Creating New User in Citadel
Figure 12 Setting User's Password in Citadel
MAIL SERVER INTEGRATION - MARCH 2015
10
Create New User in Exchange 2010
Over in Active Directory of the DC-62 server, create a matching user for each user created in the previous steps. These will be linked in the EX01-62 server management console. To do this, right click under Recipient Configuration. Create the existing user’s matching mailbox. Once done, double click on the user in the Mailbox container. In the window that just opened, click on the E-mail Addresses tab. Add an alias for the remote email you want connected to this mailbox. Apply the changes.
Figure 13 New User Mailbox
MAIL SERVER INTEGRATION - MARCH 2015
11
Figure 14 Setting User Alias
Security for Exchange 2010
Configure Anti-spam on the Exchange 2010 server by clicking on the Hub Transport container under Organization Configuration. There will be an Anti-Spam tab. There is also another Anti-Spam setting in the Hub Transport hub under Server Configuration.
Figure 15 Antivirus Settings
MAIL SERVER INTEGRATION - MARCH 2015
12
Figure 16 Other Antivirus Settings
Next, add an SSL Certificate to your Exchange 2010 server. This can be done one of many ways. In this case, the SSL certificate was obtained through Microsoft AD Certificate Services and applied through the Server Management console.
Figure 17 SSL Creation
MAIL SERVER INTEGRATION - MARCH 2015
13
Figure 18 Adding SSL Certificate
Security for Surgemail
The first thing to make sure is setup is Antispam. By default, these settings are turned on. If they are not, be sure to do so. Change this setting to Strict: Do SPF check and then perform action, stamp | block | strict, action is conditional on [g_]spam_block settings Make sure these settings are checked: Enable greylisting instead of allow in some cases (recommended for block or strict) Block spam (as decided by spf etc), if not set then user or domain can set Enable auto spam phrase filter (You might want to check Download list of known phishing addresses and block outgoing email to them)
MAIL SERVER INTEGRATION - MARCH 2015
14
Figure 19 Surgemail Antispam Settings
Next, set the Antivirus system up. Surgemail uses Avast. Simply go to the Antivirus tab and Install Avast. From there, check the box that enables Avast. After that, make sure to check these settings: Rename executables by changing '.' to '_' prevents many auto run viruses Report virus to recipients Enable internal simple virus scanner Set report detected viruses to someone to admin@fourpoints62.com.
MAIL SERVER INTEGRATION - MARCH 2015
15
Figure 20 Surgemail Antivirus Install
Figure 21 Surgemail Antivirus Settings
Lastly, configure SSL Certificates on the Surgemail server. In the Global Settings, go to SSL. Click Configure SSL Certificate and check the box next to Create/use an SSL certificate for each domain. Save the settings.
MAIL SERVER INTEGRATION - MARCH 2015
16
Figure 22 Surgemail SSL
Security for Citadel
Citadel uses SpamAssassin and ClamAV. By default, Centos has both these services installed. Make sure the services are started. Once started, go to Administration in the browser. Add 127.0.0.1 to SpamAssassin and ClamAV clamd hosts boxes.
MAIL SERVER INTEGRATION - MARCH 2015
17
Figure 23 Citadel SpamAssassin & ClamAV
Lastly, make sure there is an SSL certificate on setup on the system. Citadel does this by default. You can check to make sure this is set by going to the Site configuration setting on the Administration page.
Figure 24 Citadel SSL
MAIL SERVER INTEGRATION - MARCH 2015
18
Surgemail Relay Settings
In Surgemail, set the relay up. To do this, search g_redirect_cc. Click configure next to the g_redirect_cc setting. Under “Was”, add *fourpoints62.com. Under “To”, add %1@ellingson.com. Save changes.
Figure 25 Surgemail Relay
Citadel Relay Settings
In Citadel, go to “Advanced”. Click “View/edit server-side mail filters”. In there, add two different filters. 1. If To or Cc contains *@[old domain] Forward to *@[new domain] and then continue processing 2. If To of Cc contains *[old domain] Keep and then continue processing
MAIL SERVER INTEGRATION - MARCH 2015
19
Figure 26 Citadel Relay
MAIL SERVER INTEGRATION - MARCH 2015
20
Testing and Evaluation
Testing these features is as simple as configuring a mail client on another host (who’s DNS is pointed to the appropriate DNS server). You can also test this in the browser since all three platforms support browser logins. For this project, all users used the browser.
Sending an E-mail from Citadel to Surgemail
Since the relays have been setup, send an email from Citadel to Surgemail. That email should be received by Surgemail, forwarded to Exchange 2010, and be received by Exchange 2010.
MAIL SERVER INTEGRATION - MARCH 2015
21
Figure 27 Sending from Citadel
Figure 28 Received by Surgemail
MAIL SERVER INTEGRATION - MARCH 2015
22
Figure 29 Forwarded to Exchange
Sending an E-mail from Surgemail to Citadel
Since the relays have been setup, send an email from Surgemail to Citadel. That email should be received by Citadel, forwarded to Exchange 2010, and be received by Exchange 2010.
Figure 30 Sending from Surgemail
MAIL SERVER INTEGRATION - MARCH 2015
23
Figure 31 Received by Citadel
Figure 32 Received by Exchange
MAIL SERVER INTEGRATION - MARCH 2015
24
Conclusion
To conclude, Citadel and Surgemail were simple to plug into a network that used Exchange 2010. The biggest issue to look out for when setting everything up would be making sure the DNS is properly configured. Everything is very particular. Make sure, if there are issues, to see if the domain can be pinged. Also, use the nslookup or dig commands (depending on which platform is being used).
References
Wilson, C. (2015, June). Assistance Cann, J. (2015, June). Assistance http://netwinsite.com/surgemail/ http://www.citadel.org/doku.php
MAIL SERVER INTEGRATION - MARCH 2015
25
Appendix
Figure 33 Checking SSL Certification
Figure 34Citadel Advanced Menu
MAIL SERVER INTEGRATION - MARCH 2015
26
Figure 35 Starting Services
Figure 36 Security Settings
MAIL SERVER INTEGRATION - MARCH 2015
27
Figure 37 Surgemail Splash Page
top related