Home | FAQ | Server | Presentations | Mailing Lists/Archives | Member Tools | Links | Sponsors | ContactHome | FAQ | Server | Presentations | Mailing Lists/Archives | Member Tools | Links | Sponsors | ContactOn Dec 7, 2003, at 1:55 PM, Brent Deterding wrote: > I've always found it to be the case that converting something as > fundamental as the mail server and how users access that server is > more trouble than it is worth. The big commercial servers (Exchange > and Notes pretty much) do a pretty decent job at combining a lot of > things. That said - I'm not comfortable letting them be accessed > directly from the Internet. This can be trouble, but they're not even using exchange or notes. Further, the mail server they are using costs like $60 a month, and right now, the general idea is to go CHEAP. i.e. this is kinda a startup thing, and they don't have too much in the way of a mail system as of yet. SO, converting is right now the best solution. There's not really much in the way of conversion - a fair bit, but not much. Second, using a simple mail system with an equally simple webmail component (separate or otherwise) is much cheaper. Price is DEFINITELY an issue in this instance. > > Why not put in a mail relay on the DMZ - commercial or open source (I > prefer some of the commercial ones quite honestly - more full-featured > without sacrificing security) - that filters and forwards on to the > internal Exchange server. If you go with open source have it do spam > filtering and anti-relaying (only permit relay from the internal mail > server with the correct domain). With open source I would keep the AV > function on the internal mail server (better support and easy to do). > A commercial relay will get you all this plus the AV on the relay and > some content filtering if that is desired. Set the smart host on the > Exchange server (in the SMTP connector) to send mail back out through > this host. Make sure to ensure the firewall doesn't allow the mail/web > server on the inside to initiate smtp except to the relay. In fact - I > would only allow it out on https to get it's updates. *grin* That'd work if there was a large enough system. Right now, we're talking one machine, a backup machine, and MAYBE one other down the road. So, no money for a firewall, relay, etc. Win2K server doing both email and webserver (and anything else) at the moment. The idea is to get off of NT and all the subscription crap that goes on it, move to an apache/php/jsp system. > Allow the Internet to the internal box for webmail - but enforce > certificates so only those with certs can talk to it. Or depending on > the firewall enforce that any external access to retrieve mail is done > through a VPN. open source is going to screw you here I hate to admit > - there just isn't a good way to do an IPSec VPN from a windows client > (although you may try SSH Sentinel - but it costs $$). Here's the issue - this is a web company. As such, clients can be from anywhere using any kind of machine from any source. There has to be generalized access to this machine. As such, I'm looking at a linux box locked down TIGHT. REALLY tight. Again, goes back to the whole money issue, as well as complexity. Right now, I'm it, the only techy, and I'm going to have to do some of this remotely. As such, windows works, but not very well. And also keep in mind - not too many servers, so I'm very limited in what I can do. Once the company takes off, maybe I can do more, but right now, I'm very limited in my options. The company is looking at OS X Server on a dual G5 platform right now (very Mac oriented investors) and that'll probably be the best solution. It fits with their interests, and also allows remote administration and maintenance. I can lock the system down pretty effectively, virus's (although they do exist I suspect) are rare, spam filters are easy to install, it's unix so I can do all kinds of fun administrative stuff, etc. > I personally don't believe there are many solutions out there that can > beat MS Small Business Server for under 50 users - it costs $1200 and > includes IIS, OWA, Exchange, AD, DNS, DHCP. Put in a qmail relay and > enforce VPN for remote mail retrieval and you can't get much better > for cost and functionality. Then it is somewhat standardized so > someone other than the guy who built it can support it. Ongoing > support costs and decreased functionality will quickly eat up the > $1200 license up front. Perhaps, but hopefully the company is going to grow beyond 50 users. And an open source solution is free - which means no software costs, just me maintaining it. And that right now is free, as this is kinda an investment thing. However, for commercial, they're looking at OS X Server. One of the servers is going to be a Mac (that's the investors/owners preference). > *sigh* well I'm sure that will get some people going - but it is what > it is. I've been doing this for long enough and seen the real > business, security, and usability situations in 2 person shops all the > way up to multiple Fortune 100 clients and everywhere in between in > every vertical that influence my opinions. Don't get me wrong - I love > Linux as much as the rest of us - but I'm pragmatic about the real > world business requirements. For email servers I just don't > think you can beat Exchange for functionality - but that's just me. Oh, I agree - Exchange has probably some of the best groupware or other functionality. BUT, they're not using any of that. At all. As such, the only thing really needed is a simple imap server and a simple webmail client. Pop is also probably going to be moderately prevalent. As such, exchange is overkill (and will continue to be so). Particularly if I can find a cheap alternative. Thankfully, OS X Server, which is probably going to be the end platform, has VERY nice mail handling and support. It's probably the easiest solution at this point. The ONLY services that'll probably be running: mail system apache webserver - under apache, php and jsp. Probably use a php webmail system - they're free and easy to use. JBoss application server, if I do the site in java. ssh if I need to do remote access, firewalled so only my remote ip address let's me get in. PERHAPS the server admin process - which is OS X specific, and also firewalled so only my one remote machine and perhaps an internal network can access the system. Anyways, in a limited environment, with limited resources, that's probably the best solution for the time being. Particularly considering its an internet company. Any other thoughts? Comments? Jason /--------------------------------------|---------------------------\ | Jason McIntosh | CELL: 573-424-7612 | | Webmaster, thinker, Programmer, etc. | WORK: 573-884-3865 | | http://poetshome.com/ | | |------------------------------------------------------------------| |"How should I know if it works? That's what beta testers are | |for. I only coded it." | |(Attributed to Linus Torvalds, somewhere in a posting) | \--------------------------------------|---------------------------/ GnuPG Key: http://poetshome.com/about/jmcintosh_mlug.missouri.edu.gpgkey
Attachment:
PGP.sig
Description: This is a digitally signed message part
_______________________________________________ members mailing list EMAIL:PROTECTED http://mlug.missouri.edu/mailman/listinfo/members