Re: POP3, exhcange server and blackberry
- From: "David Barnes" <david at bitsolve dot com .nospam.ignore.net>
- Date: Wed, 3 Oct 2007 21:19:52 +0100
!!<G>!!
I just love the lively discussions in the NG..
BTW.. Susan's away at SMB Nation so we won't get told off saying
Bollocks!!.. woops..
(sorry Susan <g>)
"Lanwench [MVP - Exchange]"
<lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:uRdCq7eBIHA.5652@xxxxxxxxxxxxxxxxxxxxxxx
David Barnes <david at bitsolve dot com .nospam.ignore.net> wrote:
<snip>>
Subhas,
I agree 90% with Lanwench. however I disagree on the point of POP3.
Ooh, let's have a rumble! :-)
Direct mail delivery means opening up your servers SMTP service to
ANYONE..
This includes hackers in China, Russia, Brazil..etc
Are you 100% comfortable that your SMTP service is up to scratch?
Are you aware of any direct cracks/exploits (not spam!) using TCP 25? I'm
not - but if one is concerned about such things, there's MailFoundry or
Postini or their ilk, and you can block all SMTP connections in your
firewall except for the IP addresses of the intermediate hosts.
- but they tend to be out of the budget of small businesses..
OK.. This is the KNOWN one and hence the patched one..
IF you have patched your system.. The question is are you 100% confident
that the patch was done sucessfully.. Yes you can take the time to go
through
the DLL versions etc.. but seing as there are so many other hotfixes to wory
about does an admin have time to go into that level of detail..(i know we
should.. but the client is paying and you can streatch things like this so
far..)
MS04-035 (KB885881)
(http://www.microsoft.com/technet/security/Bulletin/MS04-035.mspx)
What else exists undiscovered or kept secret by hackers???? Can you be
certain????
OK I'm paranoid.. I was un-binding NetBIOS even before Steve Gibson was
shouting
about it.. (www.grc.com well worth a visit.. love security now!)
You can also use connection filtering & RBLs in E2k3 SP2 to prevent
connections from, say, an entire country if you wish!
Direct mail delivery makes your server CRITICAL for mail delivery
from senders. Your ISP will be running multiple servers to (within
reason) guarantee that messages can be recieved on your behalf.
You can have someone else's server do store/forward for you - I like
MailHop
BackupMX from www.dyndns.com.
However, having a "backup MX" means you are more likely to be a spam
target,
and mail unanswered for three days is not necessarily a good thing
(whereas,
a delivery status notification at least lets the sender know you didn't
get
their message yet). This is something I'm starting to re-think although
I've
been using store/forward for years.
If you take your server offline for maintenence or your internet line
fails mail goes nowhere and starts to do the magic 4 day time-out.
Well, the sender should get a DSN from their own server.NO by default the message will queue for up to 4 days.
2 days before exchange sends a delay notification (by default)
And as most companies 'relay' or 'smarthost' via their ISP you
will find that you will not get a delay notification and ISP's are
now starting to address the NDR backscatter spam and are no longer
delivering NDR's to addresses that are NOT local on the server.
So NDR's are no longer a given.
So what I see is (when running direct into single exch svr with no backup
MX)
Transient connection issues etc on the internet, for whatever reason, cause
the first delivery to fail.. the user then rings me cos he's waiting for an
urgent
e-mail. I check evrything out and confirm all is ok.. The user then calls
the sender, who resends and it is deliverred fairly instantly.
bout 2 hours later the user calls me to complain that the first (delayed)
message has just arrived.. And they want me to fix it!!! GRRR
Seing as the retry queue is on the senders server, it's out of my hands..
BTW.. I set my delivery to Direct, with 10 min retry and notify after 35
mins.. NDR at 12 hours.
Hence it's expensive..
Congestion on your line or at your ISP can have the same effect.
In the SBS arena most companies cannot afford a second (backup MX)
server and second internet line. Buying backup MX service from your
ISP tends to be overly expensive.
Gawd, most ISPs don't even offer this anymore.
<g> exactly!!.. on your exchange server please BLOCK messages
Unless you are fairly hot at VBScript and know what you are doing
with SMTP synch events, then intervening and controling inbound mail
is an impossiblity.
Not sure what you mean - event sinks? To do what?
routing via the IP address (eg) 196.78.66.78 <-- this will be in the
header.. a pop3 collector will allow you to build a rule to filter these
out.
The alternative is to install (using VBScript) an SMTP event sink that
inspects
the message and takes the appropriate action. You have to be fairly good at
VBScript.. Have a look at ArchiveSink_Setup.vbs Hmm...
You cannot create any rules to capture, divert or otherwise mails that
are definately spam or virus.
Well, there's some good rudimentary filtering in E2k3 SP2, and of course
one
ought to have an Exchange-aware antivirus product - and possibly an
antispam
product as well.
Agreed.. sort of goes without saying realy.. but exchange anti-spam is a bit
out
of the budget for SBS clients.. don't forget this is a £300 product.. SBS
customers are trying 'to do things cost-efectively' (well let's not be
polite..
they are cheapscates!) If they had the money.. they would have a seperates
solution.. 2xAD, 1x F&P, 1xExchange client, 1xExchange gateway,
SQL cluster, Sharepoint MOSS ent server.. etc..
There are alternative software products to the MS POP collector
I personally use POPcon Pro.
This can be set to poll every 5 minutes (same as default outlook
internet connector) and to be honest with outlook to exchange, isp
delays etc.. no-one will normally notice.
POPcon Pro will AV test, SPAM RBL test e-mail and you can add
stacks of rules to filter mail.
It gives you a controll point. and stopping the service just stops
the collection of e-mail from the ISP. Mail continues to arrive and
queue. when your server comes back up and the popcon service starts
all queued mail trundles in.
It's much better than the POP connector (I personally prefer POPBeamer)
but
all such things are still ultimately a kluge.....
agreed.. in an ideal world they would have 2 extra exchanger servers on
seperate
ISP's, using the authenticated connector to maintain the EXCH5.5 blob and
thus fully support IMF..
Hmm, probably have to agree to disagree, but yes controll is important,
My normal setup is to get a 'catch-all' mailbox at the isp and then
popcon only has to pull from one mailbox, it then filters out fred,
susans etc mail into their mailboxes.
They have a 30-day demo so you are free to try it out.
The only business reason for "going direct" is if the business realy,
realy realy MUST have instant inbound delivery, but then outlook's
default cached mode will add another delay anyway. so you don't win..
I disagree there - in my view, one of the main reasons you host your own
mail is for control, and that's followed by simplicity. I don't like
troubleshooting things in three places when I can troubleshoot them only
in
one.
hence SBS/exchange.. you are hosting and controling delivery of your mail
Just NOT reciept..
Troubleshooting an sbs exchange server inbound mail routing problem is
VERY dificult if you aren't outside the client and can test port 25
connections
from the internet. they will almost always work internally (the server would
be down otherwise)
However testing an smtp into your selected mail hosting service is fairly
easy
and I maintain a test mailbox allongside the catchall and an outlook profile
to test it..
Both methods (direct & internet POP box) have their own nuances and
support challenges.. neither is 100% reliable..
Turning off outlooks cached mode starts to LOAD the resources
on the server and you will need more ram, faster CPU and disks.
And I would think, most here would advise against turning it off.
Cached Outlook mode also reduces network (LAN) loading.
Plus you can't use junk e-mail filtering in Outlook unless you use cached
mode. I always use it.
Agreed.. just making sure he's not expecting INSTANT delivery
with Exch 2k3 and outlook 2k3
Thats £11 (bout $19) a month for 25 users (not each user)
If the business needs to get messages instantly to the users, then
e-mail is not the product you need. E-mail is an offline, non
guaranteed, delayed messaging system.
Yep.
Instant real-time messaging systems already exist in Messenger
etc.
and for £11 a month you can have 25 users e-mail, your domain
name, web space etc, all on MS Office Live and NOT have to run
exchange, AD, SBS et. al..
A simple 60$ NAS box covers shared files and my-docs redirection.
Outlook has an office live connector so it synchronises e-mail.
Office Live has a webmail interface (well it uses hotmail)
your windows messenger is registered against your e-mail addy.
You get 2GB sharepoint web-based space as well. Sort of
25-user SBS without the costs of hardware or supporting
SBS...
But with recurring costs for service, loss of control over one's own data,
and so forth. It may be a good fit for some, but for a 20-user office I
wouldn't outsource this stuff.
£130 a year.. £390 over 3 years total cost.. you can only just buy SBS
oem for that price.. Then you need a server to run it on and an SBS
Admin to install it..
But I agree with you as well, I love SBS it's a good solution..
But I get the feeling there are good solid alternatives creeping up on us.
With mail synching.. you can argue that you have
all your data locally...
I can see it coming..
Q: Will there be an SBS 2007/2008 version??
- or will it be a mix Office Live Small Business..
The only main thing (apart from physical controll) that SBS gives
is Local file/print.
Hence the flap and stink with the move to SBS 2003 (2000 had LC
There is an MS product 'live comunications server' that handles
being a central messenger server for a LAN and can record
messages and conversations. But I think this will need a seperate
server, and windows licence.
Yes- it's quite pricey.
I think..)
BTW Outlook set to poll every 2 mins, is a problem waiting to happen.
1/ it applies a constant loading to your internet connection.
2/ many (most) ISP 'nix pop3 servers do not fair well if you
keep hitting them that often.
3/ it applies additional loading to the client PC's.
Yep :)
David Barnes
.
- Follow-Ups:
- Re: POP3, exhcange server and blackberry
- From: Lanwench [MVP - Exchange]
- Re: POP3, exhcange server and blackberry
- References:
- Re: POP3, exhcange server and blackberry
- From: Lanwench [MVP - Exchange]
- Re: POP3, exhcange server and blackberry
- Prev by Date: restoring friends network best practice
- Next by Date: Re: SBS2003 + tombstoned WIN2K DC
- Previous by thread: Re: POP3, exhcange server and blackberry
- Next by thread: Re: POP3, exhcange server and blackberry
- Index(es):
Relevant Pages
|
