Microsoft dropped support for Exchange 5.5 on December 31st, 2004. Exchange 5.5 users can upgrade to Exchange Server 2003, continue to run 5.5 with all accompanied security risks, or switch over to another mail/groupware system.In this article I propose a fourth option that is really options two (run Exchange) and three (run another mail system) combined.
Exchange 5.5 is no longer supported by Microsoft as of December 31, 2004. According to Microsoft, organizations have two options. The first is to upgrade to Microsoft Exchange
Server 2003, this is what Microsoft wants you to do. This means purchasing new hardware, new licenses and learning a totally
different operating system (Active Directory, anyone?) and being tied into Microsoft once again.
The second option is to continue running Microsoft Exchange 5.5 and hope no one finds a new exploit.
Microsoft frowns on option number 2, and I have to agree, Exchange 5.5 is not secure enough to serve Internet mail, especially without
Microsoft patching it.
is a third option that isn’t
mentioned by Microsoft. Change over to another mail/groupware system.
This is a valid alternative if you have the time and resources. The
worst part of changing to a new system is getting the email clients
to behave, and getting the users of said email clients up to speed.
this article I propose a fourth
option that is really options two (run Exchange) and three (run
another mail system) combined. The downside
of options two and three will be mitigated while the functionality
remains the same. The cost of all this? Depending on the amount of
users, it starts at $200USD, and about a weekend’s worth of time. The
time varies greatly upon the level of expertise and the amount of
we will be doing is running
NT4/Exchange inside the Linux OS via a virtual machine, VMWare
is the vm recommend for its ease of use and
stability. We will use a more secure MTA, such as Postfix and we will
receive mail via an Imap server, such as Cyrus. Exchange 5.5 will not
connect to the Internet at all, and all mail will be filtered through
the more secure systems before Exchange has to deal with it. We can
even have Exchange 5.5 forgo all mail handling, and only perform
address book and calendar sharing.
you will need:
virtual machine package that can run
Windows NT Server
(VMWare Workstation for Linux is what I
(A PIII 1Ghz minimum with ample HD storage
and 512~1Gb Ram);
working knowledge (plus packages) of
Linux, Postfix and Cyrus
(I recommend Kolab2 on top
licensed copy of Microsoft NT 4
Server and Exchange 5.5 Server with CALs
(If you don’t have a legal copy, check
the Internet, it is inexpensive now);
working knowledge of NT4/Exchange 5.5
(If you’ve installed and run it before,
then you should have the knowledge).
in this article is rather superficial. This isn’t an in-depth how-to,
but rather a pointer as to how it can be done. A good tech will be
able to take this information and implement it using the knowledge
that he or she already possesses.
your current NT environment,
including Exchange. I’ve only done smaller networks with less than 40
users, so I relied upon making a pst of everyone’s mailbox and
creating an additional pst for public folders. There are several
methods to backup an Exchange system, do what is most comfortable.
your Linux OS, VMware and your
Open Source mail system. I use and recommend Kolab2, it is a mail and
groupware system that performs the same duties as Exchange, plus the
added benefit of spam and virus filtering. If you choose Kolab2 you
also have a migration path away from Microsoft and Exchange, which
you may or may not choose to implement.
your user accounts in the mail
system. There is no script that will create users for both Exchange
and Unix accounts that I know of, but you can write one utilizing a
macro program, Perl and/or Bash.
VMware, install NT4 and Exchange
5.5. Import all user accounts, or re-create accounts whichever uses
less time. Block all Internet access from the NT4 virtual machine.
Exchange use the Linux mail system
as an upstream server, and have all mail received by Exchange via
Imap or pop.
Upside: Least amount of client
configuration needed. Exchange not interacting with the Internet.
Downside: Exchange 5.5’s MTA is
problematic, but if you lived with it before, it will be no
different. Exchange 5.5 mailboxes will hold all the users mail, same
corruption issues Exchange 5.5 users always had to deal with.
pop mail accounts on all clients
and have Outlook pull all the mail down from the Linux mail server, sending mail will use the Linux SMTP mail server.
Upside: All Internet mail handled by
Linux mail system, less mail handling by Exchange. Exchange not
interacting with the Internet.
Downside: Exchange 5.5 mailboxes will
hold all the users mail, same corruption issues Exchange 5.5 users
always had to deal with. Outlook clients will need Internet email
accounts in addition to Exchange.
Imap accounts on Outlook (version
2002 and above). Sending mail will use the Linux SMTP mail server.
Create a public address book in Exchange of all office users with the
Linux SMTP server account addresses. Make it available as an email
address book on all clients. Set the Imap account as the default,
remove the Global Address Book and the Recipients from the address
books in Outlook. Set the public addressbook that you created earlier
as the default.
Upside: All Internet mail handled by
Linux mail system. Mailboxes all handled by Cyrus. Eases future
migration. Stability of Exchange increases.
Downside: Outlook clients will need
Internet email accounts in addition to Exchange. Configuration of
Outlook clients address books.
expert option because it relieves Exchange of the stress that user
mailboxes and mail handling impose. Exchange becomes a public address
and shared calendar system. This makes Exchange extremely stable. I
have one system that ran 8 months before a reboot, for Exchange 5.5
that is nearly a miracle. Another reason I recommend the following
option is that is eases migration away from Exchange, since Imap
becomes the default mail handling system. Kolab2 with Outlook plugins
can replace Exchange when the time comes.
Exchange 5.5 covers what many
businesses need. Most companies don’t enjoy being forced into an
upgrade, especially when there is no reason other than monetary gain
for the software vendor. The procedure outlined in this article will
allow companies to run NT4/Exchange 5.5 as long as they want. Since
NT4 and Exchange are no longer accessing the Internet, they are
essentially sandboxed. By removing unnecessary
utilizing a properly configured firewall, you can run a secure
NT4/Exchange environment. If Kolab2 is used, then there is a path
away from Exchange, whenever your organization is ready. This
procedure will help free your organization from forced upgrades, and
eventually allow an it to free itself from all controlling software
like to thank Erfrakon for
designing the Kolab architecture and Intevation GmbH for their
contributions to the Kolab project. I’d also like to thank everyone
who contributes to Open Source and Free software.
Linux is a registered trademark
of Linus Torvalds.
Microsoft Windows NT, Exchange
5.5, and Outlook are all registered trademarks of Microsoft Corporation.
VMware Workstation is a
registered trademark of VMware, an EMC Company.
About the Author:
My name is Alex Chejlyk. I’ve owned and operated a small business that performs IT tasks for other small businesses in the area, since 1994.
I’ve been computing since the early 80’s, started out with CPM then
to DOS, LANtastic, Windows 2.x, Apple, OS2, Windows 3.x, Be, Windows
NT/9x/2K/Xp, Unix, and Linux.