Kevin Beaumont#Rackspace have declared their managed #Exchange Server outage a security incident. I strongly suggest orgs patch for #ProxyNotShell.
I did a writeup of the #Rackspace breach https://doublepulsar.com/rackspace-cloud-office-suffers-security-breach-958e6c755d7f
Mike Owens@GossiTheDog Nice article, thanks. It does put orgs in a seemingly impossible situation. With my team we're often saying informally that no SMB or even mid-market org has any business running Exchange Server. Was probably true pre #Log4Shell and #proxynotshell, even more so since. But the recommendation to use #Microsoft365 and #ExchangeOnline now takes a pretty big hit with the #GDPR assessment. What's an org to do? How do we tell a non-Fortune 500 org to safely run corporate email? (It's a general standing question we face... not one I'm expecting you to have an answer to!)
Bill Woodcock@m0x4d @GossiTheDog Why not just run a normal mailserver, rather than some proprietary Microsoft thing?
@woody What would you suggest? The appeal of Exchange Server is that it just works* with the Microsoft & Active Directory ecosystem that the vast majority of orgs are already running.
*(For some definitions of "just works"...)
The appeal of moving to M365 is having SaaS that still cleanly integrates with the rest of on-prem infra but removes need for underlying server management & maintenance & security & letting the M$FT extensive security apparatus do a lot of the heavy lifting. All of which is ostensibly a net benefit for already-overstretched IT & security teams. (If the orgs even have security teams.)
I'm not personally familiar with & don't see "in the wild" any consistent alternatives with the same range of capabilities, integrations, security, & ease of management. But I'd love to hear about some!
@m0x4d Hm. That seems like a circular definition, if the requirement is that it be integrated with Microsoft-specific stuff, and that that doesn't constitute a problem. Microsoft products will always be the ones most interdependent upon other Microsoft products, because that's what a walled garden is.
But if you want email, just run some combination of Postfix, Dovecot, SpamAssassin, etc. If you want an easy installation wrapper, iRedMail does that well enough. There's no rocket science here, it's what everyone who hasn't bought into Google or Microsoft has done, since before Google existed, and Microsoft didn't have pretensions to be anything other than a half-assed OS for indiscriminate people.
Microsoft (and Google) only have power over you if you believe they do. The walls of the walled garden are illusory.
It's way more fun out here in the real world, where we can spend our IT budget on making things better, rather than shipping it off to Redmond to make someone richer.
But if you want email, just run some combination of Postfix, Dovecot, SpamAssassin, etc. If you want an easy installation wrapper, iRedMail does that well enough. There's no rocket science here, it's what everyone who hasn't bought into Google or Microsoft has done, since before Google existed, and Microsoft didn't have pretensions to be anything other than a half-assed OS for indiscriminate people.
Microsoft (and Google) only have power over you if you believe they do. The walls of the walled garden are illusory.
It's way more fun out here in the real world, where we can spend our IT budget on making things better, rather than shipping it off to Redmond to make someone richer.
@m0x4d I once replaced an entire enterprise's Exchange installation with UUCP, magically fixing all of their problems and saving them $25M/year. It took that for them to understand that their problem was Microsoft, not technology.