Re: WIndows 2003 SMTP

  • From: Danny <nocmonkey@xxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Tue, 8 Feb 2005 16:55:51 -0500

On Tue, 8 Feb 2005 10:19:43 -0900, Tim Jordan <tim@xxxxxxxxxxxxx> wrote:
> Danny, I'm getting ready to build on opensource mail filter box but have
> not decided on which mail server to use.  I'm curious why you went with
> Postfix?

In addition to my last post on this topic, the website for Postfix
says it best: " Postfix attempts to be fast, easy to administer, and
secure, while at the same time being sendmail compatible enough to not
upset existing users. Thus, the outside has a sendmail-ish flavor, but
the inside is completely different."

Reason #2 - For the purposes of Internet facing (accessible to
untrusted networks) SMTP services, here is *my* quick comparison of
the preperation necessary to setup an IIS based SMTP MTA vs. Postfix
on any BSD (FreeBSD, OpenBSD, and NetBSD) based OS.

Role: MTA

Server #1) Windows 2000 (or Windows Server 2003 web edition) with IIS
SMTP server installed.

Server #2) FreeBSD (any version within the last 2 years without any
patches!) with Postfix installed.

Configuration & Preparation:

Server #1)
-Put behind locked down firewall before plugging into Internet to
download updates (or enable Windows Firewall on Windows Server 2003).
Threatfocus: "According to a recent article by USA Today working with
Kevin Mitnick, it takes less than 4 minutes for an unpatched Windows
XP SP1 system to be taken over and added to a "Bot network."
-Download and install dozens of patches and hope that MBSA,
WindowsUpdate, or hfnetcheck report and verify successful installation
-Run MBSA if you don't have all the recommended lockdown tips memorized
-Disable unessential services
-Disable unnecessary accounts
-Verify NTFS permissions, specifically the file system hosting these services
-Disable uncessary IIS extensions
-Install URLScan and/or IISLockdown
-Rename admin account - although SID (500) can be retrieved to
identify built-in admin acct
-Verify IIS SMTP configuration - test for open relay
-Cross fingers

Server #2) (P.S. No software to purchase with this one)
-No firewall necessary
-vi /etc/rc.conf to disable sendmail
-cd /usr/ports/mail/postfix && make install clean
-vi and enter your domains. It ain't an open relay out of the
box, so test if you like
-postfix check (check your config for errors)
-postfix start

For more in-depth guides:

Happy MTA'ing,


Other related posts: