Slashdot Mirror

← Back to Stories (view on slashdot.org)

Exchange 2003 vs. Sendmail Mail Routing?

Posted by Cliff on from the do-you-change-the-exchange dept.

good soldier svejk asks: "I am a unix sysadmin at a medium sized (~10,000 user) organization. We currently using Exchange 5.5 for messaging, calendaring etc., and sendmail for mail routing and relaying. We arrived at this architecture because Exchange 5.5 was neither flexible enough to route our mail nor secure enough to meet our relay control standards (my Windows counterparts tell me it has since improved it's relay control). Now we are looking to upgrade to Exchange 2003 and the boss wants to know if we can eliminate the sendmail layer. We use LDAP mail routing across multiple domains and Brightmail Anti-Spam. We have not yet implemented Active Directory. Does Exchange 2003 offer a sendmail comparable level of configurability and flexability regarding routing, access control, filtering, virtual hosting and queue management? Just as important, is the Windows 2000/Exchange 2003-SMTP combination adequately securable for use in the DMZ?"

5 of 95 comments (clear)

  1. There are others by mnmn · · Score: 2, Insightful

    I dont get why the boss ASKS for Exchange, but offer him a list of email systems including Lotus Domino, Courier MTA, Sendmail, Qmail, Exim, Postfix and others you think are appropriate for such sized organizations.

    Then run a few basic tests. It doesnt take too many hours to install and configure each of the above mail MTAs (or routers) for demonstration purposes.

    Heres how you can explain the thing... Microsoft is insecure. Thats a given (show the documents proving so) and you will need an additional layer in front of Exchange to go through the emails, maybe including Bayesian filters like spamassassin. You could run it unprotected, but working unprotected is something you just dont do...

    Theyll understand.

    --
    "Give orange me give eat orange me eat orange give me eat orange give me you." -Nim Chimpsky
  2. Wrong layer by GoRK · · Score: 2, Insightful

    Have you considered removing the Exchange layer and preserving the Sendmail layer? :)

    Seriously, though, if you have a setup this large, and you're already willing to fork out the dough for Exchange 2003 and all that it requires to run, why don't you pick up the phone and talk to Microsoft about getting Exchange 2003 to route properly in your setup. It'd probably be worth the money to have the people that made it get you into a setup that will work.

    I may be no fan of Microsoft, but I certainly understnd when it's prudent and cost effective to get the support I'm paying for with commercial software.

    ~GoRK

  3. I wouldnt recommend Exchange for you by skinfitz · · Score: 2, Insightful

    From your post, I wouldn't recommend Exchange as if you are only going to be using it for mail routing, you are basically going to paying a LOT of money for something loaded with features that you will literally never use when you could have the same functionality for free with sendmail or Exim.

    As I read your post, you dont want mailboxes or calendaring but simply mail routing.

    You would probably be better building a big OpenBSD box and spending some time with Exim, or sendmail if you are happy with that.

    Exchange 2003 uses the Windows 2000 SMTP service for mail routing anyway so really you dont need Exchange 2003, just a copy of Windows 2000 server or server 2003.

    Exchange 2003 does mailboxes and calendaring - it's a good product and does this very well but you only seem to need mail routing.

  4. Re:Capabilities aside....... by 4of12 · · Score: 3, Insightful

    security debate (which can get political).

    It can get political, emotional and religious if the discussion gets away from the facts.

    Defense in depth is sound security strategy; a strategy whose soundness is manifest to people of all political persuasions.

    Let Exchange do what it's good at: storing user mail messages in a database, serving IMAP clients and helping do group calendaring.

    Switch out sendmail for qmail, which is more secure. Keeping a pure MTA like qmail costs very little in the way of setup and maintence and helps purify the traffic seen by your Exchange servers.

    --
    "Provided by the management for your protection."
  5. Stick with Sendmail by winchester · · Score: 2, Insightful

    You have a small problem. First of all, Exchange 5.5 will be unsupported by the end of this year, so the upgrade to 2k/2k3 is somewhat mandatory.
    Second, as noted before, both 2k and 2k3 require active directory, which means upgrading at least your pdc and bdc's to windows 2k or windows server 2k3.
    Exchange 2k and 2k3 are both more secure and more reliable than Exchange 5.5, but I would not recommend them for DMZ use (if you want to sleep at night). Also, it will take you quite a bit of work to move your working Sendmail setup to Exchange.
    I would recommend building a test lab closely mirroring your current production environment, and see for yourself the impact of the migration to Exchange 2003.