[geeks] Help Please, Email server question.
David L Kindred (Dave)
d.kindred at telesciences.com
Wed Sep 4 11:30:58 CDT 2002
>>>>> "Geoff" == Geoff Reed <geoffr at zipcon.net> writes:
Geoff> Ok, I am thinking of putting a machine up on my net as an
Geoff> incoming and outgoing email server, I can throw exchange2000
Geoff> server on a spare Win2K box and apply all the security
Geoff> patches and then only let the pop3 and smtp ports be opened
Geoff> from the firewall, or I can use one of my sparcs, what MTA,
Geoff> IMAP, Etc do y'all reccomend for a low-volume mail system?
What are your requirements? You mention Exchange, does that mean you
have user(s) who would like the Exchange collaboration features? If so,
then you must have the Exchange server at this point. But you really
don't want it any closer to the open Internet than you have to. Your
best bet is to have it on an internal private network and have suitable
proxy servers(s) accessible from the Internet.
To handle the SMTP exchanges with the world you want a modern,
well-maintained and readily configurable program. The right choice is
probably the one you know best, as you'll be more likely to get it
right. If you don't know any of them, I think Postfix is a good choice,
but lots of people still swear by Sendmail. If you have remote users
who need to send mail over the Internet you have to be real careful or
you'll be an Open Relay, which is real bad.
As far as POP/IMAP servers go, if you're running Exchange your internal
clients should just connect to it. If you decide to go with a *ix only
solution, there are several supported ones out there, each with it's own
set of fans and detractors. I'm not sure it matters that much which one
you use as long as you use one that's actively supported.
You mention opening IMAP ports to the world. Do you really need to have
Internet users access email from your site? If so, you'll have all
sorts of security issues to worry about. Although I don't know if it's
perfect, I've been looking at Perdition as an IMAP proxy and so far it
looks good. I believe it has hooks for POP-before-SMTP (actually
IMAP-before-SMTP in this case) which can be used to avoid the Open Relay
syndrome.
Be advised that all of this requires time and patience to get it
configured right, and constant monitoring and updating to keep it
working well and secure. You will find that your mail servers are
continually being "tested" by the "bad guys"; they'll probably know
before you do if you fall behind on security updates.
If you have only a few users, and a working solution through some
provider, you might be better off just sticking with it.
If I sound negative it's because running email servers is pain in the
posterior.
--
David L. Kindred <mailto:d.kindred at telesciences.com>
Unix Systems & Network Administrator
Telesciences, Inc. <http://www.telesciences.com>
Support: <http://support.telesciences.com>
2000 Midlantic Drive, Suite 410, Mt. Laurel, NJ 08054
Tel: +1.856.866.1000 ext. 4184
Fax: +1.856.866.0185
---
More information about the geeks
mailing list