Exchange 2007 and SBS
I wonder how many of those instances are on old installs of SBS. Great product to install and initially configure, but upgrades were a nightmare. For most small businesses, if it's not broken, they're not going to upgrade.
Security company Rapid7 reports that there are more than 139,000 Microsoft Exchange 2010 servers with internet-facing services (Outlook Web Access or OWA) despite the application going out of support this month. Exchange 2010 was initially due to go end-of-life in January this year, but Microsoft extended support to 13 October …
Future versions were a nightmare too. I had a test license of Exchange 2013 from TechNet, back when Microsoft had some brains and TechNet premium was still a thing. I had a test server to play around with and learn how to use new software. This was Server 2012 R2 standard. I had the essentials role installed for the backup. I follow Microsoft's instructions to the letter. Turns out, essentials role and Exchange were incompatible. But did Microsoft bother saying any of that in their instructions? Did Exchange throw an error in the install? Nope, the closest you get is that Exchange is incompatible with Server Essentials. It installed but never worked.
So I installed a Server 2012 R2 standard virtual machine. I had nothing installed, no updates of any kind. I once again followed Microsoft instructions to the letter. Exchange 2013 installed, but still didn't work. The web interface or Exchange powershell would never ever work.
This time I bought a book, and it had steps Microsoft didn't bother to include. A format, and following the book's instructions Exchange 2013 finally started to work. But 2 months later, the web interface stopped working, although everything else did work. I didn't test the Exchange powershell at that time. About 12 months after that, everything stopped working: calendar, email, etc. I had Exchange on a VM with nothing else and I didn't do anything to the VM, ever. I didn't touch Exchange or the Windows Server on the VM. After I installed, I never remoted into the VM server for any reason. I did nothing, and Exchange just stopped working for no good reason. I came to the conclusion that the new Microsoft has software so screwed up that you have to be pay them to be certified just to fix their incompetence.
A *lot* of the problems with 2013 get solved with cumulative updates; assuming, of course, that the CU one is installing doesn't break something horribly in the process. :(
Also, with 2013 and later, **EVERYTHING** is powershell; the EMS is god. the EAC? it runs powershell commands on the backend, which is why it's dog slow at times.
We had a VAR assist us with doing a migration from 2010 to 2013, which was... _interesting_ in a few ways, some not good.
Also, those poor people that bought SBS and were expecting to 'grow out' of it? If by 'grow out' meaning 'throw it out and re-build it with a proper fleet of AD, exchange, etc. servers', then yes. (SBS at one point had some hardcoded limitations built into it which made it extremely difficult if not impossible to migrate into a 'big boy' solution. )
Moved all my users to GMail.
Can find no redeeming feature in either Outlook or Exchange at all, and certainly not in OWA.
For those whose inbox was precious, I just used GSSMO (be careful, GSMMO or something is a similarly named tool!) and imported their mailbox into GMail.
The only blocker was a couple of people who use desktop programs that use MAPI to send their mail... but Google Sync for Outlook sorts that out - they have an install of Outlook that syncs to their GMail and it sends the mail from GMail.
The administration, the spam-filtering, the access, the compatibility, the calendar... so much better with GMail and Google Calendar.
If I was a millionaire starting my own business, I'd just buy GSuite. So many problems solved so very simply in any modern browser.
Borkzilla is finally gearing up to get everyone on board with a subscription. And with the perfect excuse : no more out-of-date mail servers !
Ain't life grand ? There are going to be some fat bonuses when Vnext comes out, and it'll be every year, too.
I am starting to think about getting some Borkzilla shares. It looks like they won't be going down any time soon.
Why should you need to patch an email server that has a code base at least 10 years old (and probably much older)?
As it’s a security outfit that is highlighting the issue, I’m guessing the concern is with (lack of) security patches.
I used to run a BSD box with qmail running on it - a mature codebase for what is basically a relatively simple and certainly very well understood service. I never felt the need to monitor security patch releases for it; mostly because there weren’t any but also because it didn’t need any.
Strange how MS email STILL needs security patches donkeys after first release.
WHy does it need patching? Let me summarize the ways:
* web interface- the usual suspects apply. Exchange is married and sewn firmly into it's own IIS instance.
* SMTP bugs/compromises
* OS surface attacks
Yeah, a firewall helps with _some_ of those issues, but not nearly enough of them.
Micros~1 have succeeded in making Exchange so obtuse, so difficult to run, so persnickety, that no one can run it but them. That's the current play with Exchange 365, and they're loving it.
Anyone who wants to continue running on-prem email and collaboration should be moving to different software. On-prem Exchange is a dead end.
Care to suggest alternatives, then? Remember, it has to support:
Shared Contacts/ address books (the GAL is still very much a thing)
Email (natch)
Shared calendars (room calendars, people sharing their calendars, the ability for a team of co-workers to see each other's calendars, etc.)
The often (and quite rightly so!) maligned public folders, although people are (finally!!) moving away from the bloody things
Having those 'special' folks in upper management (you know who they are) that never delete ANYTHING and use their mailbox as a file storage mechanism not complain about being able to see all their messages, even if they only read them once and consign them to taking up disk space on your mail server.
All from within Outlook (either natively or via an add-in or plug-in)- your userbase will break out the pitchforks and torches if they have to learn something new!
/rant
Exchange 2010 can be installed on Server 2012R2.
Also I believe that Exchange 2010 support tops out at Windows Server 2012 R2 for supported Active Directory environments (writable DCs, writeable GCs, and maximum forest functional level). Any AD site that contains an Exchange 2010 server must contain at least one Windows 2012 R2 or earlier writeable DC and writeable GC. In other words, The presence of other Windows 2016 or later DCs in the site or forest is OK, as long as your forest functional level stays at Windows 2012 R2 or lower.
"One tip that some have missed: plus addressing"
Oh thank $DEITY, MS have finally invented that, what? ... 20 years late.
I generally front Exchange with a Linux smtp daemon. Nowadays (last 15 years) my weapon of choice is Exim. Keeping /etc/aliases up to date is trivial. /etc/skel makes an alias file appear in a user's home directories (which magically appears on demand) if they point Explorer at the mail gateway. Winbind and smbd do the hard work. They can edit the thing and if they don't break the syntax then they can have as many aliases as they like. I have a scripted cron job that runs every 24ish hours that looks for duplicates and emails them to me to resolve.
The problem with hiding the complexity is that if you are successful at it, people think what you do is simple, and, therefore, anyone can do it.
An issue with producing systems that can be administrated by people with less-than-comprehensive skill-sets is that management can be tempted to dispense with the producer's services because a cheaper administrator can do the visible job. This is not to say that one should deliberately make things complicated as job-security: but be aware that people can be lulled into a false sense of security by using a simplified interface that covers most of the functionality to do a complex job. When the extra competence is needed, and is not readily available, problems occur.
It is bit like writing: text lacking proper punctuation, and missing out odd words and mistyping/misspelling others means that text takes longer to unpick and understand, so good writing is in a style made easy for others to follow. I tend to be a bit verbose and convoluted, but appreciate good writing because it is hard to do.
an old employer of mine is still running 2010 although a small deployment. another old employer managed to migrate from 2010 to o365 hybrid about 12 months ago to beat the previous Jan 2020 EOL that was for a city council so quite a large deployment. And a company (a large housing association) I went for an interview with last month are still running 2010 although currently migrating, again a o365 hybrid
Exchange 2010 was the last one covered by the NHS wide Enterprise Licence Agreement, hence most trusts were still using it.
Those trusts that couldnt afford 2013 or 2019, are currently working on migrating 2010 to N365 (the NHS version of M365) under a new NHS wide agreement
Right, wasn't aware of that, I left there in 2016. My bosses were always very leery of the latest versions, we went straight from 2003 to 2010 - it also avoided the problem of going from 2003 to 2013 directly.
I was pretty sad when I shut down the last 2003 box, it was what I certified on, and I knew it would be the last one I ever saw. Yes, it was shit, but it was shit I knew. I suppose it's the same feeling the last flint-knapper had when everyone was using copper tools or something.