NO MORE UPDATES TO THIS PAGE PLEASE. SUBMIT ALL FUTURE COMMENTS TO

19.1.2 pg 408

Bwahahah. You've never used Lotus Notes! (Actually, Notes goes against most of your recommendations in this chapter; shame big businesses like banks and the Federal Government use it!)

19.1.4 pg 408

"Desktops should not even listen to the SMTP port". Note that the latest sendmail versions require a listener on port 25. This is because it's finally seperated message submission from message processing. A seperate submission process runs as non-root and just basically resubmits the message to localhost:25 via SMTP. Now the sendmail command doesn't need to be suid root! Whee. Fortunately the mail sendmail process can be bound to just localhost, so it doesn't accept connections from the LAN.

19.1.5 footnote pg 412

To the best of my knowledge, although Exchange can now communicate via open protocols, the content of the data is still proprietory. So if you want to make use of calendaring or the address books or "enhanced" content messages you still need the LookOut^? client.

Later thought on the train the next day... Lotus Notes can also work in this way; you can use POP or IMAP or even a web page to access your mailbox (if enabled by the admin). However, advanced features (such as calendaring, or encrypted messages) won't necessarily (or at all) work this way.

19.1.8 pg 414

Something I've not tested; what does a client like Mozilla or MSIE or other POP/IMAP/SMTP clients do if the address you enter doesn't have any A records, just MX? I know sendmail will try the SMTP servers in order, even for smart-host delivery so for a network of Unix machines your contingency/backup mail server can be handled just by having MX records for the smart host. If normal clients work properly like this then DNS "tricks" are OK.

19.1.9 pg 414

Note that "leave on server" options for POP, and IMAP, can cause the inbox to grow and grow, and so the client opening and reading mail will slow things down. Ain't no such thing as infinite bandwidth or disk I/O. Unfortunately. Many an ISP has had a customer complain about how long it takes to open their 200Mb mailbox!

-- StephenHarris - 21 Aug 2006

19.1.10 Security pg 416

It's more than your mail servers being exposed to the internet; they are relays between the internet and the corporate LAN. They may have access to or expose some internal naming services (corporate directory?), they can transfer potentially malignant messages (eg those crafted to exploit common client bugs) and so on.

19.2.1 encryption pg 418

Note SOX requirements for key recovery. If you allow encryption of email then the company must be able to recover the private key so as to make message contents available, if demanded by the appropriate authorities. Bleh.

-- StephenHarris - 22 Aug 2006