RE: [MLUG] Mailers for Windows

["Brent Deterding" <EMAIL:PROTECTED>]

Agreed - if they aren't even using a big commercial mailer and price is an
issue then you can't go wrong converting now to a simple open-source email
only thing with webmail component. Squirrelmail's webmail interface isn't
bad.

Ahh - so a really small shop :) Agreed - relay with FW and DMZ is out :)

You know - I completely disregarded OS X. Everything I hear about it is
outstanding - I need to start keeping that in mind when considering
solutions.

Sounds like a good solution you've come up with - esp. with getting a
*NIX-like box in there. Update with what you end up doing - I'd be
interested to hear.

-- Brent

-----Original Message-----
From: EMAIL:PROTECTED
[mailto:EMAIL:PROTECTED]On Behalf Of Jason McIntosh
Sent: Sunday, December 07, 2003 2:11 PM
To: MLUG Members
Subject: Re: [MLUG] Mailers for Windows



On Dec 7, 2003, at 1:55 PM, Brent Deterding wrote:

> I've always found it to be the case that converting something as
> fundamental as the mail server and how users access that server is
> more trouble than it is worth. The big commercial servers (Exchange
> and Notes pretty much) do a pretty decent job at combining a lot of
> things. That said - I'm not comfortable letting them be accessed
> directly from the Internet.

This can be trouble, but they're not even using exchange or notes.
Further, the mail server they are using costs like $60 a month, and
right now, the general idea is to go CHEAP.  i.e. this is kinda a
startup thing, and they don't have too much in the way of a mail system
as of yet.  SO, converting is right now the best solution.  There's not
really much in the way of conversion - a fair bit, but not much.
Second, using a simple mail system with an equally simple webmail
component (separate or otherwise) is much cheaper.  Price is DEFINITELY
an issue in this instance.

>  
> Why not put in a mail relay on the DMZ - commercial or open source (I
> prefer some of the commercial ones quite honestly - more full-featured
> without sacrificing security) - that filters and forwards on to the
> internal Exchange server. If you go with open source have it do spam
> filtering and anti-relaying (only permit relay from the internal mail
> server with the correct domain). With open source I would keep the AV
> function on the internal mail server (better support and easy to do).
> A commercial relay will get you all this plus the AV on the relay and
> some content filtering if that is desired. Set the smart host on the
> Exchange server (in the SMTP connector) to send mail back out through
> this host. Make sure to ensure the firewall doesn't allow the mail/web
> server on the inside to initiate smtp except to the relay. In fact - I
> would only allow it out on https to get it's updates.

*grin* That'd work if there was a large enough system.  Right now,
we're talking one machine, a backup machine, and MAYBE one other down
the road.  So, no money for a firewall, relay, etc.  Win2K server doing
both email and webserver (and anything else) at the moment.  The idea
is to get off of NT and all the subscription crap that goes on it, move
to an apache/php/jsp system. 

> Allow the Internet to the internal box for webmail - but enforce
> certificates so only those with certs can talk to it. Or depending on
> the firewall enforce that any external access to retrieve mail is done
> through a VPN. open source is going to screw you here I hate to admit
> - there just isn't a good way to do an IPSec VPN from a windows client
> (although you may try SSH Sentinel - but it costs $$).

Here's the issue - this is a web company.  As such, clients can be from
anywhere using any kind of machine from any source.  There has to be
generalized access to this machine.  As such, I'm looking at a linux
box locked down TIGHT.  REALLY tight.  Again, goes back to the whole
money issue, as well as complexity.  Right now, I'm it, the only techy,
and I'm going to have to do some of this remotely.  As such, windows
works, but not very well.  And also keep in mind - not too many
servers, so I'm very limited in what I can do.  Once the company takes
off, maybe I can do more, but right now, I'm very limited in my
options.  The company is looking at OS X Server on a dual G5 platform
right now (very Mac oriented investors) and that'll probably be the
best solution.  It fits with their interests, and also allows remote
administration and maintenance.  I can lock the system down pretty
effectively, virus's (although they do exist I suspect) are rare, spam
filters are easy to install, it's unix so I can do all kinds of fun
administrative stuff, etc.

> I personally don't believe there are many solutions out there that can
> beat MS Small Business Server for under 50 users - it costs $1200 and
> includes IIS, OWA, Exchange, AD, DNS, DHCP. Put in a qmail relay and
> enforce VPN for remote mail retrieval and you can't get much better
> for cost and functionality. Then it is somewhat standardized so
> someone other than the guy who built it can support it. Ongoing
> support costs and decreased functionality will quickly eat up the
> $1200 license up front.

Perhaps, but hopefully the company is going to grow beyond 50 users.
And an open source solution is free - which means no software costs,
just me maintaining it.  And that right now is free, as this is kinda
an investment thing.  However, for commercial, they're looking at OS X
Server.  One of the servers is going to be a Mac (that's the
investors/owners preference).

> *sigh* well I'm sure that will get some people going - but it is what
> it is. I've been doing this for long enough and seen the real
> business, security, and usability situations in 2 person shops all the
> way up to multiple Fortune 100 clients and everywhere in between in
> every vertical that influence my opinions. Don't get me wrong - I love
> Linux as much as the rest of us - but I'm pragmatic about the real
> world business requirements. For email servers I just don't
> think you can beat Exchange for functionality - but that's just me.

Oh, I agree - Exchange has probably some of the best groupware or other
functionality.  BUT, they're not using any of that.  At all.  As such,
the only thing really needed is a simple imap server and a simple
webmail client.  Pop is also probably going to be moderately prevalent.
  As such, exchange is overkill (and will continue to be so).
Particularly if I can find a cheap alternative.  Thankfully, OS X
Server, which is probably going to be the end platform, has VERY nice
mail handling and support.  It's probably the easiest solution at this
point.  The ONLY services that'll probably be running:

mail system
apache webserver
- under apache, php and jsp.  Probably use a php webmail system -
they're free and easy to use.
JBoss application server, if I do the site in java.
ssh if I need to do remote access, firewalled so only my remote ip
address let's me get in.
PERHAPS the server admin process - which is OS X specific, and also
firewalled so only my one remote machine and perhaps an internal
network can access the system.

Anyways, in a limited environment, with limited resources, that's
probably the best solution for the time being.  Particularly
considering its an internet company.
Any other thoughts?  Comments?
Jason

/--------------------------------------|---------------------------\
| Jason McIntosh                       | CELL: 573-424-7612        |
| Webmaster, thinker, Programmer, etc. | WORK: 573-884-3865        |
| http://poetshome.com/                |                           |
|------------------------------------------------------------------|
|"How should I know if it works?  That's what beta testers are     |
|for.  I only coded it."                                           |
|(Attributed to Linus Torvalds, somewhere in a posting)            |
\--------------------------------------|---------------------------/
GnuPG Key:
http://poetshome.com/about/jmcintosh_mlug.missouri.edu.gpgkey

_______________________________________________
members mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/members