It all started with Windows 2003 SP1 and Exchange SP2 - what happen to KISS

We have a simple domain - one DC and one Member server supporting Exchange 
2003.

Both run with - DC Windows 2003 Enterprise and Exchange Windows 2003 
Standard. My clients all use Office 2003 Professional.

I have installed SP1 on both and SP2 on the Exchange server.

Now the fun  starts and where I am looking for help.

Point 1 - I understand that the new Firewall using SCW has some problems; to 
the extent that Microsoft has issued a Troubleshooting Guide. I see there 
could be problems (article ID 896742) and Microsoft has a fix. I also 
understand that the recommendation is not to use SCW on the Exchange server; 
but rather to Harden the Server. and so on..........!

Question - what do I do with the new firewall - forget it or install it 
blindly and hope for the best?

Point 2 -  Now that I have SP2 installed on the Exchange server - do I:
Try to use SenderID? it seems that most ISP will accept the SPF records, but 
will not want to support it. I did create the text file and sent it to my 
ISP.
Enable the SenderID or not?

What ever happened to KISS (keep it simple stupid)?

Looking for a solution that is not complicated - we are not a large 
organization.





0
sagegrp (56)
2/15/2006 3:08:39 PM
exchange.admin 57650 articles. 2 followers. Follow

2 Replies
583 Views

Similar Articles

[PageSpeed] 25

On Wed, 15 Feb 2006 10:08:39 -0500, "John Leonard - Sage"
<sagegrp@adelphia.net> wrote:

>We have a simple domain - one DC and one Member server supporting Exchange 
>2003.
>
>Both run with - DC Windows 2003 Enterprise and Exchange Windows 2003 
>Standard. My clients all use Office 2003 Professional.
>
>I have installed SP1 on both and SP2 on the Exchange server.
>
>Now the fun  starts and where I am looking for help.
>
>Point 1 - I understand that the new Firewall using SCW has some problems; to 
>the extent that Microsoft has issued a Troubleshooting Guide. I see there 
>could be problems (article ID 896742) and Microsoft has a fix. I also 
>understand that the recommendation is not to use SCW on the Exchange server; 
>but rather to Harden the Server. and so on..........!
>
>Question - what do I do with the new firewall - forget it or install it 
>blindly and hope for the best?

Do you need it? I dont enable it myself. I trsut you already have an
external firewall. Have you enabled the firewalls on the XP Sp2
workstations? Do you keep up on security fixes and AV?

>
>Point 2 -  Now that I have SP2 installed on the Exchange server - do I:
>Try to use SenderID? it seems that most ISP will accept the SPF records, but 
>will not want to support it. I did create the text file and sent it to my 
>ISP.
>Enable the SenderID or not?

Sure, why not.
But the SenderIS feature allows your server to check the senders
records. The DNS record that you create for your domain is for
messages you send. 

I certainly would not drop mail that fails the senderid test in a
corporate environment however. Use it as test along with other
anti-spam tests.
>
>What ever happened to KISS (keep it simple stupid)?

Everybody complains about Microsoft not providing enough security and
functionality and when they do, they complain that its too much I
guess.

>
>Looking for a solution that is not complicated - we are not a large 
>organization.
>

It isnt really.

>
>
>
0
adavid (8731)
2/15/2006 3:27:44 PM
Thanks for the response

Yes, I have routers with the firewall  enabled.

I cannot use firewall on the clients. I have a VPN configured and it stops 
working if Firewall is on the client.


"Andy David - MVP" <adavid@pleasekeepinngcheesebucket.com> wrote in message 
news:tqh6v1p34g8bhv144qv5fh94j9krp80ucc@4ax.com...
> On Wed, 15 Feb 2006 10:08:39 -0500, "John Leonard - Sage"
> <sagegrp@adelphia.net> wrote:
>
>>We have a simple domain - one DC and one Member server supporting Exchange
>>2003.
>>
>>Both run with - DC Windows 2003 Enterprise and Exchange Windows 2003
>>Standard. My clients all use Office 2003 Professional.
>>
>>I have installed SP1 on both and SP2 on the Exchange server.
>>
>>Now the fun  starts and where I am looking for help.
>>
>>Point 1 - I understand that the new Firewall using SCW has some problems; 
>>to
>>the extent that Microsoft has issued a Troubleshooting Guide. I see there
>>could be problems (article ID 896742) and Microsoft has a fix. I also
>>understand that the recommendation is not to use SCW on the Exchange 
>>server;
>>but rather to Harden the Server. and so on..........!
>>
>>Question - what do I do with the new firewall - forget it or install it
>>blindly and hope for the best?
>
> Do you need it? I dont enable it myself. I trsut you already have an
> external firewall. Have you enabled the firewalls on the XP Sp2
> workstations? Do you keep up on security fixes and AV?
>
>>
>>Point 2 -  Now that I have SP2 installed on the Exchange server - do I:
>>Try to use SenderID? it seems that most ISP will accept the SPF records, 
>>but
>>will not want to support it. I did create the text file and sent it to my
>>ISP.
>>Enable the SenderID or not?
>
> Sure, why not.
> But the SenderIS feature allows your server to check the senders
> records. The DNS record that you create for your domain is for
> messages you send.
>
> I certainly would not drop mail that fails the senderid test in a
> corporate environment however. Use it as test along with other
> anti-spam tests.
>>
>>What ever happened to KISS (keep it simple stupid)?
>
> Everybody complains about Microsoft not providing enough security and
> functionality and when they do, they complain that its too much I
> guess.
>
>>
>>Looking for a solution that is not complicated - we are not a large
>>organization.
>>
>
> It isnt really.
>
>>
>>
>> 


0
sagegrp (56)
2/15/2006 4:26:39 PM
Reply:

Similar Artilces: