Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • December 03, 2016, 03:33:32 AM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: Email Server Frustration -- Looking for Advice  (Read 6867 times)

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,220
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Email Server Frustration -- Looking for Advice
« on: November 21, 2010, 12:47:10 PM »
This post is basically for administrators and not end users.

Well, I'm fed up with my current email server software and looking for some new email server software.

I've been trying to find a good combination of:

* Email server software
* Antivirus software
* Antispam software

But, I'm running a Windows machine, and there's just crap out there unless I want to spend a fortune, which I don't. I'd like to get some decent software for a reasonable price or free. I'm not interested in Johnny's garage software though. I'm only interested in well established software with a track record that I can rely on.

I will be installing VMware vSphere Hypervisor (ESXi) in order to have a Linux server running on the same machine.

Can anyone recommend a combination of:

* Linux distribution (Preferably one that's already in the VMware catalog if possible, or maybe ThoughtPolice.)
* Email server software (Postfix, Zimba, etc.)
* Antivirus software
* Antispam software (hopefully not a "per user" license. Spamassassin?)
* Webmail interface for email server (e.g. Zimba, SquirrelMail, etc.)

At the end of the day, I want to get things running properly

I will also likely end up running a limited set of websites on it, so lighttpd and Apache will also be important later on, but not crucial now.

If you have personal experience, please say so. Also, if you've done virtualization before in production environments (not desktop), please say so.

I had a look at Spamassassin, and it's simply not worth the trouble on Windows. The installation and configuration for it is nothing short of Black Magic. I'm open to a Linux version if I can get it to work without sacrificing virgins and children to the devil.



Thanks in advance for any recommendations.


Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

skwire

  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 4,664
    • View Profile
    • Donate to Member
Re: Email Server Frustration -- Looking for Advice
« Reply #1 on: November 21, 2010, 06:06:26 PM »
Which daemons have you tried on Windows?

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,220
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Email Server Frustration -- Looking for Advice
« Reply #2 on: November 21, 2010, 09:15:49 PM »
I've used a few. Currently using Argosoft. I used to use Mercury32.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

skwire

  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 4,664
    • View Profile
    • Donate to Member
Re: Email Server Frustration -- Looking for Advice
« Reply #3 on: November 21, 2010, 10:04:05 PM »
I used to use Argosoft many years ago before switching to a paid version of mDaemon.  Have you tried hMailServer?  It has SpamAssassin integrated.  I've never tried it myself...just throwing a bone out there.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,220
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Email Server Frustration -- Looking for Advice
« Reply #4 on: November 21, 2010, 10:46:08 PM »
I used to use Argosoft many years ago before switching to a paid version of mDaemon.  Have you tried hMailServer?  It has SpamAssassin integrated.  I've never tried it myself...just throwing a bone out there.

I'm actually switching to hMailServer now. Going over antispam stuff at the moment...

I think I'm out of time. I fly out in a few days, and need to do a ton of stuff.

I looked into the VMware stuff more... I'd have to wipe the server entirely. I thought it was more like the desktop version. Oops. So, I think I'll end up trying to get Spamassassin working in a month or so.

The thing is that hMailServer requires you to install and configure Spamassassin, and SA is nothing short of Black Magic. You have to fart around in Perl and make crap and sacrifice children... It's a non-ending process of self-mutilation. You lose a bit of your soul in doing so...

Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,294
    • View Profile
    • www.StoicJoker.com
    • Donate to Member
Re: Email Server Frustration -- Looking for Advice
« Reply #5 on: November 22, 2010, 06:49:31 AM »
How many users/mail boxes do you plan on supporting with this?

I maintain 3 production Exchange servers all of which use GFi MailEssentials. Per user licensing makes the licensing costs (not exactly cheap, but...) reasonable, and I can't argue with the results. multiple infinitely configurable filters give you extreemly granular control so that filters with higher success rates can be allowed to auto delete. While other filters which tend to be more iffy can be set to only tag or move to junkmail/alternate box for manual sorting (which is seldom needed).

I keep one box called Little Bunny Foo-foo that catches the iffy stuff, and users are told that if something they should have gotten hasn't arived...tell me and I'll "check" with "Bunny" to see if it's been "eaten". This happens approx 3 times a month, and is more often than not the senders fault for botching the address.

GFi also has excellent logging and a real-time dashboard so you can watch all of the mail (sender, reciepient, subject, timestamp, disposition, etc.) as it flows through the server.

I also host the mail for my own domain (MS POP/SMTP) on a virtualized (MS VPC Server) copy of Server 2k3. Other than power issues taking me offline at home from time to time both options have been quite reliable in the years I've been running them (6 for the exchange servers and 10 for the domain/home lab).

Now, granted the Exchange config scales much better but for maintaining small 5-10 mailbox servers the MS POP/SMTP option has proven stone ax (also speaks to its feature set) reliable.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,220
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Email Server Frustration -- Looking for Advice
« Reply #6 on: November 22, 2010, 12:54:38 PM »
This is where I want to cry... I just can't do it with Exchange.

First, I'd need DNS servers, which means 2 more machines -- no go.

Then, Active Directory - Nightmare from Hell.

Exchange just doesn't cut it as it's too big for me.

I'm running 1 server for this (well, I have another, but I want everything on 1), so...

I think I've decided to suck it up and go with hMailServer. But if anyone knows of a good Windows email server that doesn't charge by the inbox, I'd appreciate it.

I only need about 50 inboxes or so. Most are things like sales@, support@, postmaster@, abuse@, info@, etc. I just don't want to pay for that. Postmaster and abuse are mandatory (by RFC), so...

Another thing though, does anyone know of a good webmail program? I'm using Squirrelmail, but it's pretty basic. No RTE even. Sigh...

I hate email. :( ;(
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,294
    • View Profile
    • www.StoicJoker.com
    • Donate to Member
Re: Email Server Frustration -- Looking for Advice
« Reply #7 on: November 22, 2010, 01:16:18 PM »
This is where I want to cry... I just can't do it with Exchange.

First, I'd need DNS servers, which means 2 more machines -- no go.
Why would you need two extra machines for DNS? - Come to think of it why would you need 2 DNS servers period?

Quote
Then, Active Directory - Nightmare from Hell.


If all AD has to do is backup Exchange, it's next to impossible to screw-up - Unless DNS is configured wrong. If you go with the 2k3 versions hardware requirements aren't bad either. With AD the DC will have DNS, throw Exchange on the same box (Lots of small shops do it - SBS...) and as long as you seperate Exchange (and etc) onto its own partition it's perfectly stable. Our Exchange server here (is pared with a DC) supports 25 mail boxes, and has a typical uptime of 6 months and longer depending on what type of security updates are needed/required/arrive. ...And that's on 4GB of RAM.

Quote
Exchange just doesn't cut it as it's too big for me.
To big how?

Quote
I hate email. :( ;(
Email isn't the problem, it's the users we need to shoot... ;)

Shades

  • Member
  • Joined in 2006
  • **
  • Posts: 2,096
    • View Profile
    • Donate to Member
Re: Email Server Frustration -- Looking for Advice
« Reply #8 on: November 22, 2010, 04:12:36 PM »
Hey, I am running an Exchange 2000 Server on a Pentium II 350MHz with 256MB RAM. Definitely not fast, but also nearly not as slow as you might think (several 100's of mostly text based mail messages per minute divided over 10 mailboxes).

Don't know if you still can get GFI or other products for it anymore, but if you only need the basics...
Besides we use a linux box to do some serious traffic shaping (carpet bombing style) and that leaves all quiet on the western front. That server is still running after 4 years of power failures and failing hard drives.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,768
    • View Profile
    • Donate to Member
Re: Email Server Frustration -- Looking for Advice
« Reply #9 on: November 22, 2010, 05:37:37 PM »
A free 5 IP address version of GFI LanGuard is still available for download. IMHO, if you're running a Windows network, you should be using this utility - or at least something with comparable functions. Works with Standard, Enterprise, and SBS Windows Servers.  Supports versions 2000, 2k3, and 2k8.

Link for more info and download here.

Cool tool.  8) :Thmbsup:




Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,294
    • View Profile
    • www.StoicJoker.com
    • Donate to Member
Re: Email Server Frustration -- Looking for Advice
« Reply #10 on: November 22, 2010, 05:56:12 PM »
@Shades - Cool, but a bit risky to start now coming out-of-the-gate with an EoL server ... But 2k3 would be safe enough. Once it's deployed it's just a "simple" matter of not breaking it. <-I'll probably get shot for that statement)

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,294
    • View Profile
    • www.StoicJoker.com
    • Donate to Member
Re: Email Server Frustration -- Looking for Advice
« Reply #11 on: November 22, 2010, 06:06:15 PM »
A free 5 IP address version of GFI LanGuard is still available for download. IMHO, if you're running a Windows network, you should be using this utility - or at least something with comparable functions. Works with Standard, Enterprise, and SBS Windows Servers.  Supports versions 2000, 2k3, and 2k8.

Link for more info and download here.

Cool tool.  8) :Thmbsup:

That is cool, we recently went with Kaseya for managing multiple local and remote networks. While it ain't real cheap it's easily worth it. Hell after only 2 months the time savings alone (mine) has covered the cost of the system. It's best of both worlds - cloud based so free access from anywhere - But it's my  cloud so all of the data is on my local server (not being held hostage by evil ones afar). Oh and one shot done licensing fees.

Shades

  • Member
  • Joined in 2006
  • **
  • Posts: 2,096
    • View Profile
    • Donate to Member
Re: Email Server Frustration -- Looking for Advice
« Reply #12 on: November 22, 2010, 06:33:15 PM »
@ Stoic Joker:
You are definitely right, but as the server is not essential I will keep it around until it really cannot be resurrected.

On-topic:
I had positive experiences with Vpop3 in a previous company I worked for. It is not free, but comes with quite effective anti-spam measures. At least a lot less sacrificial black Voodoo required.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,220
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Email Server Frustration -- Looking for Advice
« Reply #13 on: November 23, 2010, 11:45:49 AM »
Well, I think I'm sticking with hMailServer and AfterLogic Webmail and ClamWin for now.

hMailServer seems quite good so far. There are some things that I'd like to see in it, but they aren't 100% crucial, e.g. IP per domain, etc.

AfterLogic is a nice front end though. I installed Squirrelmail, and wow... is it fugly. It's also miserable to configure. AfterLogic Webmail was very easy to config. Which is nice because it indicates some polish. The UI for it is quite slick -- uses AJAX.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,768
    • View Profile
    • Donate to Member
Re: Email Server Frustration -- Looking for Advice
« Reply #14 on: November 23, 2010, 11:56:24 AM »
Does this article address what you want to do?

Quote
This document describes how to install a Postfix mail server that is based on virtual users and domains, i.e. users and domains that are in a MySQL database. I'll also demonstrate the installation and configuration of Courier (Courier-POP3, Courier-IMAP), so that Courier can authenticate against the same MySQL database used by Postfix.
The resulting Postfix server is capable of SMTP-AUTH and TLS and quota (quota is not built into Postfix by default, I'll show how to patch your Postfix appropriately). Passwords are stored in encrypted form in the database (most documents I found were dealing with plain text passwords which is a security risk). In addition to that, this tutorial covers the installation of Amavisd, SpamAssassin and ClamAV so that emails will be scanned for spam and viruses. I will also show how to install SquirrelMail as a webmail interface so that users can read and send emails and change their passwords.
« Last Edit: November 23, 2010, 12:02:10 PM by 40hz »

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,220
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Email Server Frustration -- Looking for Advice
« Reply #15 on: November 23, 2010, 12:03:22 PM »
Actually, Postfix is the server that I really wanted to run, but no... That's for CentOS. I'm running Windows 2008 R2.

I skipped over Postfix because I really don't like the "cross-platform" voodoo that's needed to get anything from the *nix world running properly on Windows. PHP is bad enough to get working properly. (Always a plethora of standard components in it that break it entirely on Windows. Uncomment... Break... Comment out again... Next... Rinse. Repeat.)

What I really should have done is installed VMware and then had Windows and Linux running inside. No time anymore though. :(

Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,768
    • View Profile
    • Donate to Member
Re: Email Server Frustration -- Looking for Advice
« Reply #16 on: November 23, 2010, 12:23:22 PM »
^You're obviously a more committed than me when it comes to email servers.

Nowadays I'm more inclined to go with an inexpensive email setup through a reasonable hosting company like Dreamhost unless there are very unique or special requirements involved.

IMHO, for vanilla POP, IMAP and webmail it's a lot easier (and cheaper if you value your time at more than $3/hr.  ;)) to farm the "tech part" out, only do the administration - and save your personal hardware and "little gray cells" for something far more interesting than email.

But maybe that's just me.  ;D

Luck! :Thmbsup:

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,294
    • View Profile
    • www.StoicJoker.com
    • Donate to Member
Re: Email Server Frustration -- Looking for Advice
« Reply #17 on: November 23, 2010, 01:11:53 PM »
I'm running Windows 2008 R2.

Ah! that explains alot.

Quote
PHP is bad enough to get working properly. (Always a plethora of standard components in it that break it entirely on Windows.
Biggest problem I've seen with PHP on Windows is most folks either use the installer package, or follow the (quickie way) instructions found online. Both are wrong.

Install only the parts you are going to use (much less attack surface), and put the script extension in the location MS intended...not on the root of the C: drive (Eliminates a ton of before & after permissions issues).

I did a quick bounce into the home lab - This is a clean and lean manual PHP install - IIRC these settings also worked on my current IIS7 (2k8) web server.

These are the Files & File Paths used for the MySQL db &
PHP Script support installation on IIS6 (Webster) <-Old now decommissioned server)

FOR PHP SUPPORT ONLY:

C:\Windows\php.ini
C:\Windows\System32\php5ts.dll
C:\Windows\System32\inetsrv\php5isapi.dll
---------------------------------------------------------

For PHP with MySQL Support ADD These Files:

C:\Windows\System32\libmysql.dll <-"Helper" File, Required for ANY of the Extensions to Work)
C:\Windows\System32\inetsrv\phpext\php_mysql.dll
---------------------------------------------------------

IF Using MS-SQL (Which Includes the MSDE Version) ADD These Files:

C:\Windows\System32\ntwdblib.dll
C:\Windows\System32\inetsrv\phpext\php_mssql.dll


NOTE: These additional Files are required (in these locations) to load & run the PHP_cURL.DLL module.

C:\Windows\System32\inetsrv\phpext\php_curl.dll
C:\Windows\System32\libeay32.dll
C:\Windows\System32\ssleay32.dll

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,220
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Email Server Frustration -- Looking for Advice
« Reply #18 on: November 23, 2010, 01:34:53 PM »
^You're obviously a more committed than me when it comes to email servers.

Nowadays I'm more inclined to go with an inexpensive email setup through a reasonable hosting company like Dreamhost unless there are very unique or special requirements involved.

IMHO, for vanilla POP, IMAP and webmail it's a lot easier (and cheaper if you value your time at more than $3/hr.  ;)) to farm the "tech part" out, only do the administration - and save your personal hardware and "little gray cells" for something far more interesting than email.

But maybe that's just me.  ;D

Luck! :Thmbsup:



I've simply been burned too many times by crappy services.

WebHost4Life? Groan... Some of the worst, dishonest, lying, scum.

Layered Technologies? Some of the worst, most incompetent, retards.

I'm skittish about farming some things out. Email for $3? Nah... Too cheap. Scares me.

An email account costs around $100 a year to run if you're running any of the top software. Antivirus will run you $20 to $60. Antispam about the same. The account itself will cost $20 to $40 depending on the number of users you have. It adds up quickly. This is why I don't like to pay for "user" licenses. I like being able to add accounts at a whim.

When I see cheap stuff, it just scares me.


I'm running Windows 2008 R2.

Ah! that explains alot.

Quote
PHP is bad enough to get working properly. (Always a plethora of standard components in it that break it entirely on Windows.
Biggest problem I've seen with PHP on Windows is most folks either use the installer package, or follow the (quickie way) instructions found online. Both are wrong.

Install only the parts you are going to use (much less attack surface), and put the script extension in the location MS intended...not on the root of the C: drive (Eliminates a ton of before & after permissions issues).

I did a quick bounce into the home lab - This is a clean and lean manual PHP install - IIRC these settings also worked on my current IIS7 (2k8) web server.

These are the Files & File Paths used for the MySQL db &
PHP Script support installation on IIS6 (Webster) <-Old now decommissioned server)

FOR PHP SUPPORT ONLY:

C:\Windows\php.ini
C:\Windows\System32\php5ts.dll
C:\Windows\System32\inetsrv\php5isapi.dll
---------------------------------------------------------

For PHP with MySQL Support ADD These Files:

C:\Windows\System32\libmysql.dll <-"Helper" File, Required for ANY of the Extensions to Work)
C:\Windows\System32\inetsrv\phpext\php_mysql.dll
---------------------------------------------------------

IF Using MS-SQL (Which Includes the MSDE Version) ADD These Files:

C:\Windows\System32\ntwdblib.dll
C:\Windows\System32\inetsrv\phpext\php_mssql.dll


NOTE: These additional Files are required (in these locations) to load & run the PHP_cURL.DLL module.

C:\Windows\System32\inetsrv\phpext\php_curl.dll
C:\Windows\System32\libeay32.dll
C:\Windows\System32\ssleay32.dll


At the moment I'm running the new PHP installation under FastCGI with the php-cgi.exe instead of the ISAPI DLL. On my other server I use the ISAPI. Both are the ZIP file and not the installer. FastCGI is supposed to give far better performance (20x?), so that's why I'm running with that.

I must confess though, I prefer to keep C:\PHP as my install location and configure paths instead. It makes for an easier upgrade, and I don't need to "remember" every path and file then. God knows my records are non-existent.

But I've had no real problems other than uncommenting some extensions like php_whatever.dll breaks PHP. They're so horribly documented that it just makes it a nightmare to figure out. A good number of extensions break. And I'm too busy to look into things further for anything but critical extensions, which all seem to work fine.

I only enable PHP for sites that use it though.

I use My Personal Proxy with SSL so I can surf without the ISP snooping on me, but it's a PITA and doesn't really work very well. It's also rather slow. That one is under the ISAPI, but the server is old too, and one of the reasons for the new one. I think it's mostly bad coding though that makes it slow.

My ASP.NET applications on the old server run nicely though.

Anyways, this is way off topic. :) Still enjoyable though. :)

Any reasons why you like PHP in the Windows folder? It just seems somewhat dirty to me and hard to maintain. I've not really seen any practical upshot for it, so I'd love to hear more. :)
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,768
    • View Profile
    • Donate to Member
Re: Email Server Frustration -- Looking for Advice
« Reply #19 on: November 23, 2010, 02:08:47 PM »
When I see cheap stuff, it just scares me.

Scares me too. That's why I didn't day cheap. I said from a reasonable host. And I named a good one.

Note: I also do it conjunction with a server package. Most will give you at least 100 mailboxes as part of the deal. It's still sub $350 per year for something decent. And at a buck or less per day, it's worth it to me. And this also gives me another webserver to play with! Perfect as a test bed if it's not needed for production.

From my perspective, running a mailserver is no longer a fun or interesting or educational activity. The blush has long since gone off the rose on that for me.

But again, that's just me.  ;D
 :)



Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,220
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Email Server Frustration -- Looking for Advice
« Reply #20 on: November 23, 2010, 02:33:55 PM »
From my perspective, running a mailserver is no longer a fun or interesting or educational activity. The blush has long since gone off the rose on that for me.

Amen to that!

But honestly, I'm still pretty much terrified of relying on hosted services.

Things get really, really scary when they want to control your DNS... Sheesh...

I suppose I'm somewhat paranoid.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,768
    • View Profile
    • Donate to Member
Re: Email Server Frustration -- Looking for Advice
« Reply #21 on: November 23, 2010, 05:39:54 PM »
^Not at all. It's a legitimate concern now that the big players are trying to eliminate "open" from the formula. But I think it will still be a few years before that becomes a problem.

 :)



Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,294
    • View Profile
    • www.StoicJoker.com
    • Donate to Member
Re: Email Server Frustration -- Looking for Advice
« Reply #22 on: November 24, 2010, 08:17:37 AM »
At the moment I'm running the new PHP installation under FastCGI with the php-cgi.exe instead of the ISAPI DLL. On my other server I use the ISAPI. Both are the ZIP file and not the installer. FastCGI is supposed to give far better performance (20x?), so that's why I'm running with that.

20x?!? (Damn) ...I'll have to investigate that one myself. I actually don't recall why I went the ISAPI route originally, but it was several years ago when I first set up an IIS5 (Win2k) web server and I've just been replicating that config ever since.

Quote
I must confess though, I prefer to keep C:\PHP as my install location and configure paths instead. It makes for an easier upgrade, and I don't need to "remember" every path and file then. God knows my records are non-existent.


There's a few things driving this and not all are completely technical... It has also been awhile (years) since I had to do any research so things may have (finally) changed regarding install behavior (but I'm not holding my breath).

   1. Most of the install tutorials (rather flippantly) advised kicking the permissions wide open for the C:\PHP folder for "testing purposes" ... But never followed up with what they really should be restricted to. The Windows System32 folder is already by design heavily "defended" so things are much less likely to get out of control in there.

   2. With all of the PHP extension files in the C:\PHP folder the fact that they are "disabled" doesn't really guarantee that they can't be used/leveraged against you/the server...It just makes it less likely. If on the other hand the required binary for extension X is nowhere to be found in the systems executable path...then the chances of it being used maliciously are 100% guarantee-ably friggin zero.

   3. Every time you add something to the system Path variable it takes the system that much longer to find out item X doesn't exist. So I've always made a point of keeping the Path down to the barest of minimums. Any time something "requires" adding yet another string to the Path variable ... I immediately start looking for why/a better way (as it's almost never actually required).

   4. The default Web Service Extensions are already stored in C:\Windows\System32\inetserv. So the most logical place to put more of them (at least to me) is in the same place as the rest. Mind you I do (to keep things clean) keep the active PHP extension files in their own sub folder so that what's "live" now checks are a snap.

   5. I really just hate having stuff scattered around on the C: drive. It should be kept as clean as possible so if something odd shows up it can be spotted quickly (Yes this is the non-technical part... ;)).


Quote
But I've had no real problems other than uncommenting some extensions like php_whatever.dll breaks PHP. They're so horribly documented that it just makes it a nightmare to figure out. A good number of extensions break. And I'm too busy to look into things further for anything but critical extensions, which all seem to work fine.


You'll get no argument from me there. That's why I started the cheat-sheet I posted above 10+ years ago when I first researched how to get it working on my then new Windows 2000 Server. Christ it took weeks to find anything vaguely resembling a straight answer on how the hell to get the thing lite.

Quote
I only enable PHP for sites that use it though.

Wise man. :)


Quote
Anyways, this is way off topic. :) Still enjoyable though. :)
Last time I checked it was legal to sidetrack your-own topic, and yes indeed it is.

Quote
Any reasons why you like PHP in the Windows folder? It just seems somewhat dirty to me and hard to maintain. I've not really seen any practical upshot for it, so I'd love to hear more.
I kinda covered part of this above, but... The key is closely controlling the files (documentation). There are really only two locations and very few files required to get PHP running and the phpext sub folder in inetsrv keep the variable items easily accessible at all times. If a new PHP exploit shows up I only need to know which extension it targets, and at a quick glance in the extensions folder know if it applies to me.

Sure, the php.ini file can be used in a similar fashion, but... It's huge and if all the extensions are in the target folder there is always the possibility that something can get "bump-started" into action against the server.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,220
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Email Server Frustration -- Looking for Advice
« Reply #23 on: November 24, 2010, 09:58:32 AM »
Quote
I actually don't recall why I went the ISAPI route originally

I do. Because the CGI extension just didn't work reliably! :D

Seems ok now though. Microsoft is recommending FastCGI and the php-cgi.exe binary. They've got a whole truckload of open source stuff available at the MS site. Have for a while now actually.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

brahman

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 171
    • View Profile
    • Donate to Member
Re: Email Server Frustration -- Looking for Advice
« Reply #24 on: November 24, 2010, 03:28:13 PM »
What were your experiences with mercury32, since you mentioned it?

You also said you use clamwin:

http://clamsentinel.sourceforge.net

is a neat add-on, but I don't know if it helps in your situation.
Regards, Brahman