-----Original Message-----
From: Sanford Whiteman [mailto:[EMAIL PROTECTED]]
Sent: Sunday, August 11, 2002 11:53 PM
To: Dave Marchette
Subject: Re[2]: [IMail Forum] Exchange 5.5 and Imail sharing a domain
Dave,
I like your suggestion, but I think it has a couple of inherent
vulnerabilities.
> All mail destined for your domain is delivered to Imail first.
Except then you don't have a backup mail spooler (active-active MXs)
and you have a single point of failure for all mail, dangerous if a
wayward student finds a way to bring down IMail.
--Yep. Maybe an IMgate machine for that or even another instance of Imail, or perhaps
even having the upstream provider queue mail. I just like to keep Exchange as
invisible as possible to the Internet in any possible case. I've seen you recommend
using MS SMTP for just this purpose but I've had several bad experiences and now I try
to avoid this. Example: during a really well devised Brute force attack, I've seen
Exchange do some very undesirable things to itself, whereas Imail handles the attack
in a much more 'mature' way. (ever try implementing a CDO event sync on the fly? Not
fun!! But with Imail, the tools are in place to do many of the things you could use
to slow down such an attack as it is happening) My opinions only!! Your mileage may
vary.
> ALL mail from your domain is delivered to the Internet through
> Imail, as it does an arguably better job at delivering mail than
> Exchange.
Wouldn't want to take that side in an argument, especially not when
you're talking about taking away users' direct connection to the
Internet and routing them through a loaded IMail server.
--I just like the idea of only having to troubleshoot one mail queue, one spool, one
set of logs, etc.
> (plus you can scan outgoing with Declude still)
Definitely allows for an inexpensive anti-virus solution, but is
useless for intra-Exchange mail. Especially in an educational
environment, I would want to protect ALL mail, so you would still need
to run something on Exchange--albeit with a lower user count for
licensing.
--True. That is a big issue. I suppose I assumed that the Exchange box would have an
AV solution implemented, and that funneling mail through Imail\Declude would give an
extra layer of protection. I like the idea of scanning outgoing mail twice if
possible, each with a different vendor's product.
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Please visit the Knowledge Base for answers to frequently asked
questions: http://www.ipswitch.com/support/IMail/
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Please visit the Knowledge Base for answers to frequently asked
questions: http://www.ipswitch.com/support/IMail/
