Slashdot Mirror

← Back to Stories (view on slashdot.org)

Exchange 2003 vs. Sendmail Mail Routing?

Posted by Cliff on from the do-you-change-the-exchange dept.

good soldier svejk asks: "I am a unix sysadmin at a medium sized (~10,000 user) organization. We currently using Exchange 5.5 for messaging, calendaring etc., and sendmail for mail routing and relaying. We arrived at this architecture because Exchange 5.5 was neither flexible enough to route our mail nor secure enough to meet our relay control standards (my Windows counterparts tell me it has since improved it's relay control). Now we are looking to upgrade to Exchange 2003 and the boss wants to know if we can eliminate the sendmail layer. We use LDAP mail routing across multiple domains and Brightmail Anti-Spam. We have not yet implemented Active Directory. Does Exchange 2003 offer a sendmail comparable level of configurability and flexability regarding routing, access control, filtering, virtual hosting and queue management? Just as important, is the Windows 2000/Exchange 2003-SMTP combination adequately securable for use in the DMZ?"

11 of 95 comments (clear)

  1. Better get Active Directory setup... by questionlp · · Score: 2, Informative

    If you want to upgrade to Exchange 2003, then you will need to get Active Directory setup, prepared and configured as stated in the Exchange 2003 documentation :)

  2. There are others by mnmn · · Score: 2, Insightful

    I dont get why the boss ASKS for Exchange, but offer him a list of email systems including Lotus Domino, Courier MTA, Sendmail, Qmail, Exim, Postfix and others you think are appropriate for such sized organizations.

    Then run a few basic tests. It doesnt take too many hours to install and configure each of the above mail MTAs (or routers) for demonstration purposes.

    Heres how you can explain the thing... Microsoft is insecure. Thats a given (show the documents proving so) and you will need an additional layer in front of Exchange to go through the emails, maybe including Bayesian filters like spamassassin. You could run it unprotected, but working unprotected is something you just dont do...

    Theyll understand.

    --
    "Give orange me give eat orange me eat orange give me eat orange give me you." -Nim Chimpsky
    1. Re:There are others by clifyt · · Score: 2, Interesting

      Because Exchange is MUCH more than an email solution.

      If you don't know this, you honestly shouldn't be making suggestions.

      Microsoft *IS* insecure, but find a decent mail solution, that has scheduling and can also deal with groupware aspects such as Project in a single package...I'm not talking about individual packages...I'm talking ONE package that works seamlessly.

      There are a lot of reason bosses ask for Exchange. The mail component is a small portion of this. With the new exchange server coming out later this year, it will be even better. I wish the Open Source community would get something better than this, but it hasn't happened yet -- even the individual packages as weak compared to what M$ can do.

      And I say this as a certified M$ hater. I use their products at work, but I'm a Mac / Linux user at home (except when I pull up XP so I can play my video games).

  3. Wrong layer by GoRK · · Score: 2, Insightful

    Have you considered removing the Exchange layer and preserving the Sendmail layer? :)

    Seriously, though, if you have a setup this large, and you're already willing to fork out the dough for Exchange 2003 and all that it requires to run, why don't you pick up the phone and talk to Microsoft about getting Exchange 2003 to route properly in your setup. It'd probably be worth the money to have the people that made it get you into a setup that will work.

    I may be no fan of Microsoft, but I certainly understnd when it's prudent and cost effective to get the support I'm paying for with commercial software.

    ~GoRK

  4. You have a major problem. by Talonius · · Score: 5, Informative

    Exchange 2003 requires Active Directory, quite an undertaking in an organization of your size.

    I would investigate the repercussions of that requirement before moving forward with any other research or comparisons.

    --
    My reality check bounced.
  5. I wouldnt recommend Exchange for you by skinfitz · · Score: 2, Insightful

    From your post, I wouldn't recommend Exchange as if you are only going to be using it for mail routing, you are basically going to paying a LOT of money for something loaded with features that you will literally never use when you could have the same functionality for free with sendmail or Exim.

    As I read your post, you dont want mailboxes or calendaring but simply mail routing.

    You would probably be better building a big OpenBSD box and spending some time with Exim, or sendmail if you are happy with that.

    Exchange 2003 uses the Windows 2000 SMTP service for mail routing anyway so really you dont need Exchange 2003, just a copy of Windows 2000 server or server 2003.

    Exchange 2003 does mailboxes and calendaring - it's a good product and does this very well but you only seem to need mail routing.

    1. Re:I wouldnt recommend Exchange for you by jhoffoss · · Score: 2, Interesting

      Re-read the post. He's already using Exchange, he's only using Sendmail for routing. With his next upgrade, he wants to eliminate Sendmail and use Exchange for the routing, AS WELL AS the calendar/groupware/project/etc functionality already in Exchange.

      --
      Linux: The world's best text-adventure game.
  6. Re:Capabilities aside....... by 4of12 · · Score: 3, Insightful

    security debate (which can get political).

    It can get political, emotional and religious if the discussion gets away from the facts.

    Defense in depth is sound security strategy; a strategy whose soundness is manifest to people of all political persuasions.

    Let Exchange do what it's good at: storing user mail messages in a database, serving IMAP clients and helping do group calendaring.

    Switch out sendmail for qmail, which is more secure. Keeping a pure MTA like qmail costs very little in the way of setup and maintence and helps purify the traffic seen by your Exchange servers.

    --
    "Provided by the management for your protection."
  7. Lots of work... by seigniory · · Score: 3, Informative

    I'm in the same predicament here. We're a small company (~500) but handle more email than most 10,000 shops - mostly customer service-related mails.

    Anyway, first off, I'd like to say that if you have a 10,000 person organization, and you'renot running AD yet, handle that first. I'd guess that you're looking at at *least* 4 months for planning and implementation of your AD environment.

    Also, you might as well go right to Windows 2003 (AD 2.0) since Exchange 2003 can only run in an AD 2.0 environment and on Windows 2003 server.

    Finally, yes, Exchange 2003 routing is much better than 5.5 (which was hooooriiiible). Now, if you're familiar with sendmail routing, who cares? :-) The only way you're going to be able to do the Exchange 2k3 (or 2k) routing you require is to program some custom COM event sinks in a .NET language.

    If you question is "can it be done" the answer is "sure it can". Just remember that just like any major infrastructure change, it ain't gonna be easy or quick to do.

    Luckily, we were able to upgrade to Exchange 2k3 with little trouble. I'm still trying to get the hang of the custom event sinks, but it's coming along. I'm a perl guy and trying my best to use Perl.NET but there's few resources out there to help out with the nook I've created for myself.

    If you're looking for spam/anti-virus management - definitely check out Postini (www.postini.com) - they rock and are pretty cheap ($1.25/month/user). Setting us up with this service removed 4 front-end mail relays from my DMZ and dropped our spam over 90%.

    That's my $0.02.

  8. Stick with Sendmail by winchester · · Score: 2, Insightful

    You have a small problem. First of all, Exchange 5.5 will be unsupported by the end of this year, so the upgrade to 2k/2k3 is somewhat mandatory.
    Second, as noted before, both 2k and 2k3 require active directory, which means upgrading at least your pdc and bdc's to windows 2k or windows server 2k3.
    Exchange 2k and 2k3 are both more secure and more reliable than Exchange 5.5, but I would not recommend them for DMZ use (if you want to sleep at night). Also, it will take you quite a bit of work to move your working Sendmail setup to Exchange.
    I would recommend building a test lab closely mirroring your current production environment, and see for yourself the impact of the migration to Exchange 2003.

  9. And for those looking for alternative systems... by rainer_d · · Score: 2, Informative
    Exchange does more than just email, so you can't replace it with a qmail-toaster.

    SamsungContact
    SuSE Openexchange Server
    Oracle Collaboration Suite
    and
    Lotus Notes

    are viable products that don't rely on AD and MSFT-products.

    I use qmail for myself, but it's not something for people who need calendaring.
    Disclaimer: my company re-sells SuSE's product.

    --
    Windows 2000 - from the guys who brought us edlin