Actually, there are plenty of issues where a properly configured box gets hacked. In fact, that had been an issue with older sendmail implementations - they had holes that could be exploited with only connectivity to port 25. And some of them were outright nasty.
Hence the reason for the boot from cd systems - even if there is an application vulnerability, the system is exceedingly hard to trojan because it is physically impossible to change an executable without physical access to the box. -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: Sean Faust [mailto:[EMAIL PROTECTED] > Sent: Sunday, December 14, 2003 7:38 PM > To: Exchange Discussions > Subject: RE: Mail Processing by Exchange vs. SendMail > > > That is exactly what I did with my last organization before > we got a real > firewall. I multihomed exchange, used a smart host with our ISP and > filtered on the external NIC, everything except port 25. > Where I am at now, > they say if you do that you will get hacked, and I say only > if the box is > not properly configured. > > I pick up my best practices from this list. Even if they are > MVP's..... > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Ed > Crowley [MVP] > Sent: Sunday, December 14, 2003 1:38 PM > To: Exchange Discussions > Subject: RE: Mail Processing by Exchange vs. SendMail > > Even on allegedly hack-prone Windows, you can lock down the > outside port so > that it'll filter everything except TCP port 25, no? > > Ed Crowley MCSE+Internet MVP > Freelance E-Mail Philosopher > Protecting the world from PSTs and Bricked Backups!T > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Roger Seielstad > Sent: Sunday, December 14, 2003 9:45 AM > To: Exchange Discussions > Subject: RE: Mail Processing by Exchange vs. SendMail > > I actually would be comfortable with that, except I have yet > to find a way > to get Windows (any version) to run correctly from read only > media - our > external relays boot and run from CD, with only certain > configuration files > actually existing on a writable drive, along with the spool > directories. > > Sooner or later I might just play with that kind of configuration for > Windows, although I'm afraid it might not be possible. But its worth > trying.... > > -------------------------------------------------------------- > Roger D. Seielstad - MTS MCSE MS-MVP > Sr. Systems Administrator > Inovis Inc. > > > > -----Original Message----- > > From: Ed Crowley [MVP] [mailto:[EMAIL PROTECTED] > > Sent: Friday, December 12, 2003 6:14 PM > > To: Exchange Discussions > > Subject: RE: Mail Processing by Exchange vs. SendMail > > > > > > If you feel that way, a locked down Windows 2003 box > running the SMTP > > service is just as capable as a Unix box running sendmail. > > > > Ed Crowley MCSE+Internet MVP > > Freelance E-Mail Philosopher > > Protecting the world from PSTs and Bricked Backups!T > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Roger > > Seielstad > > Sent: Friday, December 12, 2003 6:54 AM > > To: Exchange Discussions > > Subject: RE: Mail Processing by Exchange vs. SendMail > > > > Um, no, it can't. But that's a whole different story. > > Microsoft has some > > hard num bers about the speed of the IIS SMTP component in > comparison > > to sendmail. I think they're in a whitepaper someone on the MS site. > > > > That being said, I'm not a fan of exposing Exchange directly to the > > Internet. If for no other reason, I like to run border > virus scanning > > (using VirusWall from Trend Micro), which I feel runs > better on Unix. > > Even then, these systems are in the middle of the mail flow > (internal > > relays). We use a highly locked down[1] version of OpenBSD > as inbound > > only relays in our DMZ (they only accept and forward mail for us - > > they don't send mail outbound). > > It's a bit overkill, but we also run a lot more mail through our > > systems than comparible sized companies seem to do. > > > > To answer your question, however, I've not found a case where a > > properly tuned Exchange server fell under load, short of an > outright > > DOS attack or mail loop. > > > > -------------------------------------------------------------- > > Roger D. Seielstad - MTS MCSE MS-MVP > > Sr. Systems Administrator > > Inovis Inc. > > > > [1] That seems redundant to me... > > > > > -----Original Message----- > > > From: Sean Faust [mailto:[EMAIL PROTECTED] > > > Sent: Friday, December 12, 2003 9:20 AM > > > To: Exchange Discussions > > > Subject: Mail Processing by Exchange vs. SendMail > > > > > > > > > Good Morning All, > > > > > > I have a Unix/Linux admin that is just wearing me out with > > regards to > > > Exchanging being 3rd rate. Given all of the variables including > > > memory, processors, etc. How much mail traffic can > > Exchange process > > > in an hour/day and what is the advantage if any of putting > > SendMail in > > > front of Exchange? > > > > > > His last statement was that SendMail can process more mail in one > > > minute than Exchagne can process in a day. > > > > > > Thanks, > > > > > > Sean > > > > > > _________________________________________________________________ > > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > > Web Interface: > > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > > ext_mode=&lang=english > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Web Interface: > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=&lang > =english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t ext_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
