Resuscitating Microsoft Exchange 5.5 with Linux

Microsoft dropped support for Exchange 5.5 on December 31st, 2004. Exchange 5.5 users can upgrade to Exchange Server 2003, continue to run 5.5 with all accompanied security risks, or switch over to another mail/groupware system.In this article I propose a fourth option that is really options two (run Exchange) and three (run another mail system) combined.

Exchange 5.5 is no longer supported by Microsoft as of December 31, 2004. According to Microsoft, organizations have two options. The first is to upgrade to Microsoft Exchange
Server 2003, this is what Microsoft wants you to do. This means purchasing new hardware, new licenses and learning a totally
different operating system (Active Directory, anyone?) and being tied into Microsoft once again.

The second option is to continue running Microsoft Exchange 5.5 and hope no one finds a new exploit.
Microsoft frowns on option number 2, and I have to agree, Exchange 5.5 is not secure enough to serve Internet mail, especially without
Microsoft patching it.

There
is a third option that isn’t
mentioned by Microsoft. Change over to another mail/groupware system.
This is a valid alternative if you have the time and resources. The
worst part of changing to a new system is getting the email clients
to behave, and getting the users of said email clients up to speed.

In
this article I propose a fourth
option that is really options two (run Exchange) and three (run
another mail system) combined. The downside
of options two and three will be mitigated while the functionality
remains the same. The cost of all this? Depending on the amount of
users, it starts at $200USD, and about a weekend’s worth of time. The
time varies greatly upon the level of expertise and the amount of
users.

What
we will be doing is running
NT4/Exchange inside the Linux OS via a virtual machine, VMWare
is the vm recommend for its ease of use and
stability. We will use a more secure MTA, such as Postfix and we will
receive mail via an Imap server, such as Cyrus. Exchange 5.5 will not
connect to the Internet at all, and all mail will be filtered through
the more secure systems before Exchange has to deal with it. We can
even have Exchange 5.5 forgo all mail handling, and only perform
address book and calendar sharing.

What
you will need:

  • A
    virtual machine package that can run
    Windows NT Server
    (VMWare Workstation for Linux is what I
    use);
  • A
    decent server
    (A PIII 1Ghz minimum with ample HD storage
    and 512~1Gb Ram);
  • A
    working knowledge (plus packages) of
    Linux, Postfix and Cyrus
    (I recommend Kolab2 on top
    of Debian);
  • A
    licensed copy of Microsoft NT 4
    Server and Exchange 5.5 Server with CALs
    (If you don’t have a legal copy, check
    the Internet, it is inexpensive now);
  • A
    working knowledge of NT4/Exchange 5.5
    (If you’ve installed and run it before,
    then you should have the knowledge).
  • The information
    contained
    in this article is rather superficial. This isn’t an in-depth how-to,
    but rather a pointer as to how it can be done. A good tech will be
    able to take this information and implement it using the knowledge
    that he or she already possesses.

    Backup
    your current NT environment,
    including Exchange. I’ve only done smaller networks with less than 40
    users, so I relied upon making a pst of everyone’s mailbox and
    creating an additional pst for public folders. There are several
    methods to backup an Exchange system, do what is most comfortable.

    Install
    your Linux OS, VMware and your
    Open Source mail system. I use and recommend Kolab2, it is a mail and
    groupware system that performs the same duties as Exchange, plus the
    added benefit of spam and virus filtering. If you choose Kolab2 you
    also have a migration path away from Microsoft and Exchange, which
    you may or may not choose to implement.

    Create
    your user accounts in the mail
    system. There is no script that will create users for both Exchange
    and Unix accounts that I know of, but you can write one utilizing a
    macro program, Perl and/or Bash.

    Inside
    VMware, install NT4 and Exchange
    5.5. Import all user accounts, or re-create accounts whichever uses
    less time. Block all Internet access from the NT4 virtual machine.

    Simple Setup:

    Have
    Exchange use the Linux mail system
    as an upstream server, and have all mail received by Exchange via
    Imap or pop.

    Upside: Least amount of client
    configuration needed. Exchange not interacting with the Internet.

    Downside: Exchange 5.5’s MTA is
    problematic, but if you lived with it before, it will be no
    different. Exchange 5.5 mailboxes will hold all the users mail, same
    corruption issues Exchange 5.5 users always had to deal with.

    Intermediate
    Setup:

    Setup
    pop mail accounts on all clients
    and have Outlook pull all the mail down from the Linux mail server, sending mail will use the Linux SMTP mail server.

    Upside: All Internet mail handled by
    Linux mail system, less mail handling by Exchange. Exchange not
    interacting with the Internet.

    Downside: Exchange 5.5 mailboxes will
    hold all the users mail, same corruption issues Exchange 5.5 users
    always had to deal with. Outlook clients will need Internet email
    accounts in addition to Exchange.

    Expert
    Setup:

    Setup
    Imap accounts on Outlook (version
    2002 and above). Sending mail will use the Linux SMTP mail server.
    Create a public address book in Exchange of all office users with the
    Linux SMTP server account addresses. Make it available as an email
    address book on all clients. Set the Imap account as the default,
    remove the Global Address Book and the Recipients from the address
    books in Outlook. Set the public addressbook that you created earlier
    as the default.

    Upside: All Internet mail handled by
    Linux mail system. Mailboxes all handled by Cyrus. Eases future
    migration. Stability of Exchange increases.

    Downside: Outlook clients will need
    Internet email accounts in addition to Exchange. Configuration of
    Outlook clients address books.

    I
    recommend the
    expert option because it relieves Exchange of the stress that user
    mailboxes and mail handling impose. Exchange becomes a public address
    book
    and shared calendar system. This makes Exchange extremely stable. I
    have one system that ran 8 months before a reboot, for Exchange 5.5
    that is nearly a miracle. Another reason I recommend the following
    option is that is eases migration away from Exchange, since Imap
    becomes the default mail handling system. Kolab2 with Outlook plugins
    can replace Exchange when the time comes.

    Microsoft
    Exchange 5.5 covers what many
    businesses need. Most companies don’t enjoy being forced into an
    upgrade, especially when there is no reason other than monetary gain
    for the software vendor. The procedure outlined in this article will
    allow companies to run NT4/Exchange 5.5 as long as they want. Since
    NT4 and Exchange are no longer accessing the Internet, they are
    essentially sandboxed. By removing unnecessary
    services and
    utilizing a properly configured firewall, you can run a secure
    NT4/Exchange environment. If Kolab2 is used, then there is a path
    away from Exchange, whenever your organization is ready. This
    procedure will help free your organization from forced upgrades, and
    eventually allow an it to free itself from all controlling software
    companies.

    I’d
    like to thank Erfrakon for
    designing the Kolab architecture and Intevation GmbH for their
    contributions to the Kolab project. I’d also like to thank everyone
    who contributes to Open Source and Free software.

    Linux is a registered trademark
    of Linus Torvalds.
    Microsoft Windows NT, Exchange
    5.5, and Outlook are all registered trademarks of Microsoft Corporation.
    VMware Workstation is a
    registered trademark of VMware, an EMC Company.

    About the Author:
    My name is Alex Chejlyk. I’ve owned and operated a small business that performs IT tasks for other small businesses in the area, since 1994.
    I’ve been computing since the early 80’s, started out with CPM then
    to DOS, LANtastic, Windows 2.x, Apple, OS2, Windows 3.x, Be, Windows
    NT/9x/2K/Xp, Unix, and Linux.

    51 Comments

    1. 2005-07-18 5:38 pm
      • 2005-07-18 6:32 pm
        • 2005-07-18 6:41 pm
          • 2005-07-18 6:46 pm
        • 2005-07-18 6:48 pm
        • 2005-07-18 6:52 pm
      • 2005-07-18 6:34 pm
    2. 2005-07-18 5:50 pm
      • 2005-07-18 9:33 pm
        • 2005-07-18 11:23 pm
    3. 2005-07-18 6:18 pm
      • 2005-07-18 6:39 pm
    4. 2005-07-18 6:39 pm
      • 2005-07-18 8:37 pm
        • 2005-07-18 9:17 pm
    5. 2005-07-18 7:04 pm
    6. 2005-07-18 7:16 pm
      • 2005-07-18 7:23 pm
    7. 2005-07-18 7:24 pm
      • 2005-07-18 7:50 pm
      • 2005-07-18 8:26 pm
      • 2005-07-18 8:30 pm
        • 2005-07-18 8:44 pm
    8. 2005-07-18 9:04 pm
    9. 2005-07-18 9:07 pm
    10. 2005-07-18 9:16 pm
    11. 2005-07-18 9:23 pm
    12. 2005-07-18 9:35 pm
    13. 2005-07-18 9:44 pm
    14. 2005-07-18 9:54 pm
    15. 2005-07-18 10:28 pm
      • 2005-07-19 1:28 pm
        • 2005-07-19 2:26 pm
          • 2005-07-19 9:35 pm
    16. 2005-07-18 10:28 pm
    17. 2005-07-18 10:59 pm
      • 2005-07-18 11:05 pm
    18. 2005-07-18 11:16 pm
    19. 2005-07-19 12:09 am
    20. 2005-07-19 1:47 am
    21. 2005-07-19 1:49 am
    22. 2005-07-19 2:28 am
    23. 2005-07-19 2:42 am
    24. 2005-07-19 9:40 am
    25. 2005-07-19 12:01 pm
    26. 2005-07-19 2:12 pm
    27. 2005-07-19 2:14 pm
    28. 2005-07-19 3:33 pm
    29. 2005-07-19 3:45 pm
    30. 2005-07-19 4:57 pm
      • 2005-07-19 8:56 pm