Re: WIndows 2003 SMTP

  • From: "Mulnick, Al" <Al.Mulnick@xxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Tue, 8 Feb 2005 17:34:55 -0500

Thanks for the explanation.  I was just checking for the background and
trying to understand where you were coming from.

K3 = W2K3 Server; sometimes I get lazy and shorten it. :)

I suppose it's worth mentioning that security to me is not about the device
by itself.  Let's face it, there's always *something* more secure out there
in terms of devices.  To me it's a process and concept that spans all 8
layers of the OSI stack. If any of them are open or un-cared for, then it
degrades the security of the device. There's plenty of fixes and hacks for
just about any OS in use, so I personally see no other way to deal with it.
The level of effort is a risk-management and technical issue - no argument
there.  Some are definitely easier to get secure and BSD is one of those. I
was just curious if you were advocating set it and forget it security or
were just pointing out the difference in the level of effort to get to an
acceptable security stance. 

Thanks Danny.  Been interesting.

Al 

-----Original Message-----
From: Danny [mailto:nocmonkey@xxxxxxxxx] 
Sent: Tuesday, February 08, 2005 4:40 PM
To: [ExchangeList]
Subject: [exchangelist] Re: WIndows 2003 SMTP

http://www.MSExchange.org/

On Tue, 8 Feb 2005 13:52:26 -0500, Mulnick, Al <Al.Mulnick@xxxxxxxxxx>
wrote:
> http://www.MSExchange.org/
> 
> Maybe I misunderstand, but can you expand on the add-on concept?
> 
> I understand Postfix add-ons to be applications written by others to 
> enhance the service provided by the MTA.  Put in Microsoft terms, a
third-party app.

You are correct. However, I was hoping that I didn't have to say it, but the
advantage of these types of add-ons vs a 3rd party MS app,  is that the
majority of Postfix add-on's (which allow you to go above and beyond typical
MTA capabilities) are open source, "free", and highly customizable.

> I'm not seeing the differences between postfix and K3 as an MTA.

What is K3?

> Additionally, it's never a good idea to consider something "bulletproof"
> when you deploy it.  It's good, but to say you don't have to worry 
> about something would, over time, open the door for disaster in most
cases.

Relative to Microsoft software, it's security record, and it's industry foot
print, yes, Postfix for example. is "bulletproof" (not sure where you are
quoting that from - I never said that) in comparison.

If you ignore the overall history, current developer/programmer, past
security vulnerabilities (or lack of in this case), simplicity, reliability,
robust-ness, scalability, performance, the operating systems it can run on,
and cost of Postifx (or possibly qmail and Exim), then, yes, IIS SMTP could
be considered just as good.

Bottom line: In the environments I am responsible for, I do not limit my
systems by only using Microsoft based software.  For example, both IIS SMTP
and Postfix have their place in my networks.  The difference:
one is accessible to untrusted networks (a.k.a. The Internet) and the other
isn't.  Does this make me bulletproof?  No.  Does this decrease my exposure
to known and unknown vulnerabilities in the most exploited operating system
called Windows?  Yes.  Do I need to do patch the hell out of a Windows
server and lock it down to the nuts before I even think about plugging it
into the Internet?  YES.  Do I need to do the same for a BSD server with
Postfix installed?  NO.  Do I need a pretty OS called Windows on my SMTP
MTA?  No.

Anyway, we are kind of straying off-topic.  Make not mistake about it,
though: I wouldn't be on this mailing list if I didn't think Microsoft
products, particularly Exchange had it's place in my (and millions of
other) email and collaboration systems.  I would also have less free time if
all my deployments had un-firewalled Microsoft servers facing the Internet
to perform services instead of un-firewalled (apples to apples; what if the
firewall were to fail, or was improperly
configured) BSD servers.

...D

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
al.mulnick@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx


Other related posts: