Re: WIndows 2003 SMTP

• From: Danny <nocmonkey@xxxxxxxxx>
• To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
• Date: Tue, 8 Feb 2005 16:55:51 -0500

On Tue, 8 Feb 2005 10:19:43 -0900, Tim Jordan <tim@xxxxxxxxxxxxx> wrote:
> http://www.MSExchange.org/
> 
> Danny, I'm getting ready to build on opensource mail filter box but have
> not decided on which mail server to use.  I'm curious why you went with
> Postfix?

In addition to my last post on this topic, the website for Postfix
says it best: " Postfix attempts to be fast, easy to administer, and
secure, while at the same time being sendmail compatible enough to not
upset existing users. Thus, the outside has a sendmail-ish flavor, but
the inside is completely different."

Reason #2 - For the purposes of Internet facing (accessible to
untrusted networks) SMTP services, here is *my* quick comparison of
the preperation necessary to setup an IIS based SMTP MTA vs. Postfix
on any BSD (FreeBSD, OpenBSD, and NetBSD) based OS.

Role: MTA

Server #1) Windows 2000 (or Windows Server 2003 web edition) with IIS
SMTP server installed.

Server #2) FreeBSD (any version within the last 2 years without any
patches!) with Postfix installed.

Configuration & Preparation:

Server #1)
-Put behind locked down firewall before plugging into Internet to
download updates (or enable Windows Firewall on Windows Server 2003).
Threatfocus: "According to a recent article by USA Today working with
Kevin Mitnick, it takes less than 4 minutes for an unpatched Windows
XP SP1 system to be taken over and added to a "Bot network."
-Download and install dozens of patches and hope that MBSA,
WindowsUpdate, or hfnetcheck report and verify successful installation
-Reboot
-Run MBSA if you don't have all the recommended lockdown tips memorized
-Disable unessential services
-Disable unnecessary accounts
-Verify NTFS permissions, specifically the file system hosting these services
-Disable uncessary IIS extensions
-Install URLScan and/or IISLockdown
-Rename admin account - although SID (500) can be retrieved to
identify built-in admin acct
-Verify IIS SMTP configuration - test for open relay
-Cross fingers

Server #2) (P.S. No software to purchase with this one)
-No firewall necessary
-vi /etc/rc.conf to disable sendmail
-cd /usr/ports/mail/postfix && make install clean
-vi main.cf and enter your domains. It ain't an open relay out of the
box, so test if you like
-postfix check (check your config for errors)
-postfix start

For more in-depth guides:
http://www.flakshack.com/anti-spam/wiki/index.php
http://www.securitysage.com/guides/postfix_uce.html
http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt
http://www-personal.umich.edu/~malth/gaptuning/postfix/

Happy MTA'ing,

...D

Other related posts:

• » WIndows 2003 SMTP
• » RE: WIndows 2003 SMTP
• » RE: WIndows 2003 SMTP
• » Re: WIndows 2003 SMTP
• » Re: WIndows 2003 SMTP
• » Re: WIndows 2003 SMTP
• » Re: WIndows 2003 SMTP
• » Re: WIndows 2003 SMTP
• » Re: WIndows 2003 SMTP
• » Re: WIndows 2003 SMTP
• » Re: WIndows 2003 SMTP
• » RE: WIndows 2003 SMTP
• » RE: WIndows 2003 SMTP
• » RE: WIndows 2003 SMTP
• » RE: WIndows 2003 SMTP

1. Home
2. exchangelist
3. Archive
4. 02-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---