Re: [nznog] Re: New and unacknowledged Exchange / Win2k SMTPvulnerability?

Definitely agree with you John Safest way is to setup even a simple sendmail / qmail smtp server as the internet facing smtp gateway and have it relay all email for your domain(s) to (and perhaps from) your exchange servers. Doesn't really require a high end box either. Even a first generation pentium with 32 MB of RAM running sendmail on linux will relay a good 1 mbps of continous incomming mail to your exchange server. In most cases it also makes sense to use it as the outgoing mail relay for your excahnge servers as well. Further once it is in place it would require close to zero maintenance. If your worried the HDD may crash, create a software raid mirror / raid5 array. Further Note - Qmail with LDAP is a very viable, stable and hassle-free alternative to Exchange p.s. I personally would never run Exchange at all but then again that is just me and my own personal preference. Cheers Tikiri ----- Original Message ----- From: "John Rothlisberger" To: "NZNOG" Sent: Tuesday, October 28, 2003 12:02 PM Subject: [nznog] Re: New and unacknowledged Exchange / Win2k SMTPvulnerability? I would *strongly* recommend against EVER running Exchange as your Internet-facing SMTP server. Use a *nix box as a proxy. There have been too many [unacknowledged] bugs/holes in MS Exchange, and troubleshooting something that hasn't been acknowledged by the manufacturer can have you thinking that you've gone crazy. Using a *proper* SMTP server to sanity check incoming connections is the only way to go with Exchange, even for small customers -- the risks are pretty high otherwise. And while you're at it throw SpamAssassin/Antivirus on it and kill multiple birds, et al. My COP$35.28 --John R?thlisberger _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog