> and the problem is? > > if they want exchange, give them exchange. don't fight (directly), > watch > instead. take pleasure of the situation, get fun as you can. I > personally took fun all day long in windows-only (and believe it or > not, > in linux-only) environments. > > > that said, you can still try to explain that exchange should not be > exposed to the internet. you still need a relay (such as > freebsd/postfix).
Many of our clients run Exchange but solely use Postfix/SA/ClamAV on the wall. There is no direct access to SMTP on the Exchange box for incoming. We use Postfix w/LDAP with SSL for SMTP clients (such as iphones, etc). In most cases we also use IMAP proxy to Exchange (when we can). Our biggest problems, as mentioned, is the admin side of it. If it's a Windows mentality shop, no *nix, if it's a *nix shop, no Windows. I would still argue the case that all incoming email still be passed through a relay and filtered. Let them have as much Windows stuff as they want. Just plead the case to supplement. Start by allowing all of their email to flow unfiltered, let them lose emails because of the overly paranoid Exchange settings, then, after they tweak the settings, let them get swamped by the under tagging. Make sure to remind them to keep AV updated on their Exchange, then just offer to put the relay back into place.