nt341 mail server integration

Mail Server Integration Integrating Citadel & Surgemail with Microsoft Exchange 2010

Ryan Ellingson Herzing University 6/17/15

1

Table of Contents I. Executive Summary ............................................................................................... 2

II. Design Decisions ........................................................ Error! Bookmark not defined.

Network Diagram

Technical Planning

Exchange Server Specifications

Surgemail Server Specifications

Citadel Server Specifications

III. Implementation ..................................................................................................... 6

Exchange 2010 DNS

Surgemail DNS

Citadel DNS

Create New User in Surgemail

Create New User in Citadel

Create New User in Exchange 2010

Security for Exchange 2010

Security for Surgemail

Security for Citadel

IV. Testing and Evaluation ....................................................................................... 20

V. Conclusion ........................................................................................................... 24

VI. Appendix .............................................................................................................. 25

Executive Summary

Companies merge all the time. During the merging process, one of the big worries is how the mail system will adapt to the changes. Luckily, with enough time and effort, connecting email systems so that both users inside and outside the company have little to no issues is very simple. When someone outside emails someone inside the organization, they should not have to know the new email address. Emails sent to an old email address (prior to migration) should be seamless, so mail should be relayed from the old email system to the new one and vice versa.

MAIL SERVER INTEGRATION - MARCH 2015

3

Design Decisions

For this project, Citadel and Surgemail were used. Citadel is very easy to use, versatile, and powerful. It uses a something called “rooms” to combine many other features into the entire platform. Citadel is free and available for numerous distributions of Linux. Surgemail is a fast, robust, and secure mail server. Setup is simple and the feature set is comprehensive. It offers a bunch of different plugins and settings to tweak the platform to the user’s (and administrator’s) liking.


4

Network Diagram

Figure 1 Network Diagram


5

Technical Planning

The following specifications were used as part of the technical planning of the project entities. These include multiple different servers. For this project, make two Windows 2008 r2 servers and one Centos 5.11 server.

Exchange Server Specifications

Operating System Windows 2008 r2Memory 1 GBHard Disk 60 GBNetwork Cards 1 NICFigure 2 Exchange Server Specifications

Surgemail Server Specifications

Operating System Windows 2008 r2Memory 4 GBHard Disk 20 GBNetwork Cards 1 NICFigure 3 Surgemail Server Specifications

Citadel Server Specifications

Operating System Centos 5.11Memory 2 GBHard Disk 20 GBNetwork Cards 1 NICFigure 4 Citadel Server Specifications


6

Implementation

Implementation (for the purpose of this project) was done on VMware Workstation 10.0.1. Depending on the size of the network, the time that implementation will take will vary. All servers had the mail servers installed prior to this project.

Exchange 2010 DNS

DNS will be set up on the Domain Controller. For this project, make sure that there is an A record for the DC-62 server and EX01-62 server. Make sure another A Record for the EX01-62 server is created and call it “Mail”. Create a Glue record for both the DC-62 and EX01-62 server. Create an MX record for both the DC-62 and EX01-62 server.

Figure 5 DNS Settings

Next, be sure to create a conditional forwarder for the Ezicomms and Fourpoints servers.


7

Figure 6 Conditional Forward Settings

Surgemail DNS

Setting up DNS for Surgemail is largely the same as the Exchange 2010 server. Simply add an A record for Surgemail.fourpoints62.com and Mail.fourpoints62.com. Create an MX record for Surgemail. Create a Glue record for Surgemail as well. Lastly, create Conditional Forwarders for both of the other servers.


Figure 8 Conditional Forward Settings

Citadel DNS

Install Windows 7 like normal. Set a user and password. Make sure to write them down so you will not forget it. On Windows 7, for this project, X-Lite is the softphone of choice. Any softphone with SIP capabilities should work fine though. X-Lite is not pre-installed on Windows 7, so you will have to download it (for free) from their website.


8


Create New User in Surgemail

While logged in as the administrator, create a new user. From the mail splash page at 127.0.0.1:7026 in your browser, click “Accounts”. From there, add in the user’s Username and Password and click “Create Account”.

Figure 10 Creating New User in Surgemail


9

Create New User in Citadel

While logged in as the root user, create a new user. From the splash screen found at citadel.ezicomms62.com:2000, click “Administration”. From that page, you can Click on “Add, change, delete user accounts”. There you will add the new user in the “New User” box. Click “Create”. This will take you to a page where you can specify other information for the user. Save changes when the user is completely set up.

Figure 11 Creating New User in Citadel

Figure 12 Setting User's Password in Citadel


10

Create New User in Exchange 2010

Over in Active Directory of the DC-62 server, create a matching user for each user created in the previous steps. These will be linked in the EX01-62 server management console. To do this, right click under Recipient Configuration. Create the existing user’s matching mailbox. Once done, double click on the user in the Mailbox container. In the window that just opened, click on the E-mail Addresses tab. Add an alias for the remote email you want connected to this mailbox. Apply the changes.

Figure 13 New User Mailbox


11

Figure 14 Setting User Alias

Security for Exchange 2010

Configure Anti-spam on the Exchange 2010 server by clicking on the Hub Transport container under Organization Configuration. There will be an Anti-Spam tab. There is also another Anti-Spam setting in the Hub Transport hub under Server Configuration.

Figure 15 Antivirus Settings


12

Figure 16 Other Antivirus Settings

Next, add an SSL Certificate to your Exchange 2010 server. This can be done one of many ways. In this case, the SSL certificate was obtained through Microsoft AD Certificate Services and applied through the Server Management console.

Figure 17 SSL Creation


13

Figure 18 Adding SSL Certificate

Security for Surgemail

The first thing to make sure is setup is Antispam. By default, these settings are turned on. If they are not, be sure to do so. Change this setting to Strict: Do SPF check and then perform action, stamp | block | strict, action is conditional on [g_]spam_block settings Make sure these settings are checked: Enable greylisting instead of allow in some cases (recommended for block or strict) Block spam (as decided by spf etc), if not set then user or domain can set Enable auto spam phrase filter (You might want to check Download list of known phishing addresses and block outgoing email to them)


14

Figure 19 Surgemail Antispam Settings

Next, set the Antivirus system up. Surgemail uses Avast. Simply go to the Antivirus tab and Install Avast. From there, check the box that enables Avast. After that, make sure to check these settings: Rename executables by changing '.' to '_' prevents many auto run viruses Report virus to recipients Enable internal simple virus scanner Set report detected viruses to someone to [email protected].


15

Figure 20 Surgemail Antivirus Install

Figure 21 Surgemail Antivirus Settings

Lastly, configure SSL Certificates on the Surgemail server. In the Global Settings, go to SSL. Click Configure SSL Certificate and check the box next to Create/use an SSL certificate for each domain. Save the settings.


16

Figure 22 Surgemail SSL

Security for Citadel

Citadel uses SpamAssassin and ClamAV. By default, Centos has both these services installed. Make sure the services are started. Once started, go to Administration in the browser. Add 127.0.0.1 to SpamAssassin and ClamAV clamd hosts boxes.


17

Figure 23 Citadel SpamAssassin & ClamAV

Lastly, make sure there is an SSL certificate on setup on the system. Citadel does this by default. You can check to make sure this is set by going to the Site configuration setting on the Administration page.

Figure 24 Citadel SSL


18

Surgemail Relay Settings

In Surgemail, set the relay up. To do this, search g_redirect_cc. Click configure next to the g_redirect_cc setting. Under “Was”, add *fourpoints62.com. Under “To”, add %[email protected]. Save changes.

Figure 25 Surgemail Relay

Citadel Relay Settings

In Citadel, go to “Advanced”. Click “View/edit server-side mail filters”. In there, add two different filters. 1. If To or Cc contains *@[old domain] Forward to *@[new domain] and then continue processing 2. If To of Cc contains *[old domain] Keep and then continue processing


19

Figure 26 Citadel Relay


20

Testing and Evaluation

Testing these features is as simple as configuring a mail client on another host (who’s DNS is pointed to the appropriate DNS server). You can also test this in the browser since all three platforms support browser logins. For this project, all users used the browser.

Sending an E-mail from Citadel to Surgemail

Since the relays have been setup, send an email from Citadel to Surgemail. That email should be received by Surgemail, forwarded to Exchange 2010, and be received by Exchange 2010.


21

Figure 27 Sending from Citadel

Figure 28 Received by Surgemail


22

Figure 29 Forwarded to Exchange

Sending an E-mail from Surgemail to Citadel

Since the relays have been setup, send an email from Surgemail to Citadel. That email should be received by Citadel, forwarded to Exchange 2010, and be received by Exchange 2010.

Figure 30 Sending from Surgemail


23

Figure 31 Received by Citadel

Figure 32 Received by Exchange


24

Conclusion

To conclude, Citadel and Surgemail were simple to plug into a network that used Exchange 2010. The biggest issue to look out for when setting everything up would be making sure the DNS is properly configured. Everything is very particular. Make sure, if there are issues, to see if the domain can be pinged. Also, use the nslookup or dig commands (depending on which platform is being used).

References

Wilson, C. (2015, June). Assistance Cann, J. (2015, June). Assistance http://netwinsite.com/surgemail/ http://www.citadel.org/doku.php


25

Appendix

Figure 33 Checking SSL Certification

Figure 34Citadel Advanced Menu


26

Figure 35 Starting Services

Figure 36 Security Settings


27

Figure 37 Surgemail Splash Page

nt341 mail server integration

Documents

mail server integration

citadel surgemail

secure mail server

surgemail security

dns surgemail dns citadel

following specifications

citadel iv

gb network cards