> and the problem is?
> 
> if they want exchange, give them exchange. don't fight (directly),
> watch
> instead. take pleasure of the situation, get fun as you can. I
> personally took fun all day long in windows-only (and believe it or
> not,
> in linux-only) environments.
> 
> 
> that said, you can still try to explain that exchange should not be
> exposed to the internet. you still need a relay (such as
> freebsd/postfix).


Many of our clients run Exchange but solely use Postfix/SA/ClamAV on the wall.  
There is no direct access to SMTP on the Exchange box for incoming.  We use 
Postfix w/LDAP with SSL for SMTP clients (such as iphones, etc).  In most cases 
we also use IMAP proxy to Exchange (when we can).

Our biggest problems, as mentioned, is the admin side of it.  If it's a Windows 
mentality shop, no *nix, if it's a *nix shop, no Windows.  I would still argue 
the case that all incoming email still be passed through a relay and filtered.  
Let them have as much Windows stuff as they want.  Just plead the case to 
supplement.  Start by allowing all of their email to flow unfiltered, let them 
lose emails because of the overly paranoid Exchange settings, then, after they 
tweak the settings, let them get swamped by the under tagging.  Make sure to 
remind them to keep AV updated on their Exchange, then just offer to put the 
relay back into place.

Reply via email to