Re: Why use external email hosts?



In news:7m4js1l3qc7jt1lrqn0b8dre2l6ec3uhcu@xxxxxxx,
Ezra Herman <eherman@xxxxxxxxxxxxxxxxxxx> typed:
> I posted a request for external email host service recommendations in
> a different thread and received a question on why someone would want
> an external host when they have Exchange.
>
> I have a few clients who haven't used Exchange as their default
> external mail host and the reasons varied.
>
> 1) The client used and liked a different internal email solution and
> didn't want to bother with Exchange.

Show them what Exchange *does*. Explain also that if they don't use it, and
use only POP/SMTP, not only can they notshare any information or use OWA,
they can't reasonably back up & maintain their e-mail. PST files must be
stored/accessed from the local hard drive of the workstation, not across a
LAN/WAN connection (it isn't supported and *will* invariably cause
problems). One of my tasks as a consultant is to train & teach and advise on
Best Practices....I'm supposed to know more about this than they do, and
advise accordingly.

>
> 2) The security posture of the company dictated no open ports directly
> into a domain controller.

So put a Postfix/sendmail box in a DMZ, set it up to relay mail to your SBS
server's LAN IP, set up your SMTP virtual server to receive mail *only* from
the IP of the other server, and open up port 25 to the other server.
Although allowing port 25 inbound is not really a valid cause for panic,
from a security standpoint.

Also, re security, if you don't use an internal mail server of some sort,
you can't do centralized antivirus/content filtering from your own server...

>
> 3) Too little bandwidth on the internet connection.

You'll still have the same issue, and in fact it will be worse, if each
client is downloading/uploading mail via the same connection from their
workstations.
>
> 4) Unreliable internet connectivity.

Same issue as in #3, but a) fix the unreliability as best you can, even if
it involves getting another ISP/connection type, b) get someone else to act
as backup so their server queues mail and automatically retries delivery
every X hours - Mail Hop BackupMX at www.dyndns.org is one option if the ISP
won't doe it.
>
> These are the only reasons that I've run into and thankfully they are
> less and less common (except for the security justification).
>
> -Ezra Herman


.

Relevant Pages

  • Re: escalating IUSR to admin rights via unicode and iis4
    ... 6- Try a command line net scan that can be uploaded to the web server ... any TCP/IP connections from your host through a middle host to ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: Dropping syn+fin replies, but not really?
    ... Now we're required to run external security scans on some of the hosts, and they constantly come back with a "high" or "medium" severity problem: The host replies to TCP packets with SYN+FIN set. ... Since when did "pound ssl proxy" equal "aladdin web server"? ... You can let tcpdump only show specific ports and source/destination ...
    (FreeBSD-Security)
  • [UNIX] TUX HTTPD Denial of Service Condition (Large Host)
    ... TUX HTTPD Denial of Service Condition (Large Host) ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... server coded for optimal performance (IRQ Affinity, HTTP Compression, ...
    (Securiteam)
  • Forwarding Not Working
    ... My Internet connection is ... through Cox so I have to use their SMTP server. ...
    (comp.mail.misc)
  • Re: Trouble executing ActiveXObject
    ... > I'm trying to run the following page on my desktop from my host ... > server. ... This poses a security risk. ...
    (microsoft.public.scripting.jscript)