I just took over a new project and trying to setup the environment up to best
practicing standards. I wanted to install MS Outlook to setup MAPI. My
manager thinks installing outlook on production server is really nuts. He
thinks it's a security risk and overall having MS Outlook on a production
server doesn't seem right. I have never heard of any kind of security risk or
any other internal problems MS Outlook can create in a production box with
SQL Server installed on it. Can one of the MVPs please confirm it for me and
if possible give any suggestions or arguments that I can use to convince him?
Thanks in advance for your support ...
BobBob wrote:
> I just took over a new project and trying to setup the environment up to best
> practicing standards. I wanted to install MS Outlook to setup MAPI. My
> manager thinks installing outlook on production server is really nuts. He
> thinks it's a security risk and overall having MS Outlook on a production
> server doesn't seem right. I have never heard of any kind of security risk or
> any other internal problems MS Outlook can create in a production box with
> SQL Server installed on it. Can one of the MVPs please confirm it for me and
> if possible give any suggestions or arguments that I can use to convince him?
> Thanks in advance for your support ...
> Bob
I assume this is a SQL 2000 server? I agree, Outlook has no place on a
server, but if you want to use SQL Mail, you have no choice. You do
have alternatives to SQL Mail, however. I've used a command-line mailer
called "BLAT" for years with great success. There is also an extended
stored procedure available for download called xp_smtp_sendmail, that is
nearly a drop-in replacement for xp_sendmail.
Of course, if you're on SQL 2005, this is all moot...
Tracy McKibben
MCDBA
http://www.realsqlguy.com|||I don't find Outlook to be a security risk, I find it to be a stability
risk. Outlook is a lot of things, but a stable MAPI service provider isn't
on that list. I prefer to use xp_smtpmail from www.sqldev.net. It isn't a
drop-in replacement for SQLMail or SQLAgentMail, but you can make it do most
of the tasks that xp_sendmail supports. I usually add extra steps for
failure and success notification to my agent jobs, but there are several
ways to implement this code. It is a very stable add-in and has caused me
zero problems, even on large cluster installations.
--
Geoff N. Hiten
Senior Database Administrator
Microsoft SQL Server MVP
"Bob" <Bob@.discussions.microsoft.com> wrote in message
news:3A2B8DAB-9424-4E86-9C53-C8BD6E0B1206@.microsoft.com...
>I just took over a new project and trying to setup the environment up to
>best
> practicing standards. I wanted to install MS Outlook to setup MAPI. My
> manager thinks installing outlook on production server is really nuts. He
> thinks it's a security risk and overall having MS Outlook on a production
> server doesn't seem right. I have never heard of any kind of security risk
> or
> any other internal problems MS Outlook can create in a production box with
> SQL Server installed on it. Can one of the MVPs please confirm it for me
> and
> if possible give any suggestions or arguments that I can use to convince
> him?
> Thanks in advance for your support ...
> Bob|||Sorry, I forgot to put SQL Server version .. yes it is SQL Server 2000 (SP4)
on Windows 2003 server
That's the confusion .. MS Outlook is also a Microsoft product then why
can't we have that on the server where SQL Server resides?
"Tracy McKibben" wrote:
> Bob wrote:
> > I just took over a new project and trying to setup the environment up to best
> > practicing standards. I wanted to install MS Outlook to setup MAPI. My
> > manager thinks installing outlook on production server is really nuts. He
> > thinks it's a security risk and overall having MS Outlook on a production
> > server doesn't seem right. I have never heard of any kind of security risk or
> > any other internal problems MS Outlook can create in a production box with
> > SQL Server installed on it. Can one of the MVPs please confirm it for me and
> > if possible give any suggestions or arguments that I can use to convince him?
> > Thanks in advance for your support ...
> >
> > Bob
> I assume this is a SQL 2000 server? I agree, Outlook has no place on a
> server, but if you want to use SQL Mail, you have no choice. You do
> have alternatives to SQL Mail, however. I've used a command-line mailer
> called "BLAT" for years with great success. There is also an extended
> stored procedure available for download called xp_smtp_sendmail, that is
> nearly a drop-in replacement for xp_sendmail.
> Of course, if you're on SQL 2005, this is all moot...
>
> --
> Tracy McKibben
> MCDBA
> http://www.realsqlguy.com
>|||Bob wrote:
> Sorry, I forgot to put SQL Server version .. yes it is SQL Server 2000 (SP4)
> on Windows 2003 server
> That's the confusion .. MS Outlook is also a Microsoft product then why
> can't we have that on the server where SQL Server resides?
>
My personal reasons:
1. It's absurd to require a full blown mail client in order to send
SMTP messages from a database server. In the *nix world, there are
hundreds of tiny, dedicated SMTP components available if you need to
send an email message. Why couldn't Microsoft provide something so
simple without requiring their mail client?
2. Outlook is not a stable application, and I don't like having
unstable applications running on my servers, especially when they have
hooks into my database server.
3. Internet Explorer is also a Microsoft product, but I don't trust it,
even on a Microsoft operating system, therefore I don't use it. IE has
some serious flaws, as does Outlook. If something (virus/worm,
whatever) gets loose on my network, I don't want to have to worry about
my databases getting nailed by it.
4. There are simply better options available...
Tracy McKibben
MCDBA
http://www.realsqlguy.com|||Bob wrote:
> I just took over a new project and trying to setup the environment up to best
> practicing standards. I wanted to install MS Outlook to setup MAPI. My
> manager thinks installing outlook on production server is really nuts. He
> thinks it's a security risk and overall having MS Outlook on a production
> server doesn't seem right. I have never heard of any kind of security risk or
> any other internal problems MS Outlook can create in a production box with
> SQL Server installed on it. Can one of the MVPs please confirm it for me and
> if possible give any suggestions or arguments that I can use to convince him?
> Thanks in advance for your support ...
> Bob
MAPI mail support is gone from SQL Server 2005. That's one more reason
why NOT to use it (the main reason has always been "It sucks!"). Think
xp_smtp_sendmailk, Notification Services or some other mail component.
--
David Portas, SQL Server MVP
Whenever possible please post enough code to reproduce your problem.
Including CREATE TABLE and INSERT statements usually helps.
State what version of SQL Server you are using and specify the content
of any error messages.
SQL Server Books Online:
http://msdn2.microsoft.com/library/ms130214(en-US,SQL.90).aspx
--|||my confusion has come to an end after reading all these replies ... Thanks so
much all for your help
"David Portas" wrote:
> Bob wrote:
> > I just took over a new project and trying to setup the environment up to best
> > practicing standards. I wanted to install MS Outlook to setup MAPI. My
> > manager thinks installing outlook on production server is really nuts. He
> > thinks it's a security risk and overall having MS Outlook on a production
> > server doesn't seem right. I have never heard of any kind of security risk or
> > any other internal problems MS Outlook can create in a production box with
> > SQL Server installed on it. Can one of the MVPs please confirm it for me and
> > if possible give any suggestions or arguments that I can use to convince him?
> > Thanks in advance for your support ...
> >
> > Bob
> MAPI mail support is gone from SQL Server 2005. That's one more reason
> why NOT to use it (the main reason has always been "It sucks!"). Think
> xp_smtp_sendmailk, Notification Services or some other mail component.
> --
> David Portas, SQL Server MVP
> Whenever possible please post enough code to reproduce your problem.
> Including CREATE TABLE and INSERT statements usually helps.
> State what version of SQL Server you are using and specify the content
> of any error messages.
> SQL Server Books Online:
> http://msdn2.microsoft.com/library/ms130214(en-US,SQL.90).aspx
> --
>|||"Tracy McKibben" <tracy@.realsqlguy.com> wrote in message
news:ekTxHeFpGHA.4424@.TK2MSFTNGP05.phx.gbl...
> Bob wrote:
> > I just took over a new project and trying to setup the environment up to
best
> > practicing standards. I wanted to install MS Outlook to setup MAPI. My
> > manager thinks installing outlook on production server is really nuts.
He
> > thinks it's a security risk and overall having MS Outlook on a
production
> > server doesn't seem right. I have never heard of any kind of security
risk or
> > any other internal problems MS Outlook can create in a production box
with
> > SQL Server installed on it. Can one of the MVPs please confirm it for me
and
> > if possible give any suggestions or arguments that I can use to convince
him?
> > Thanks in advance for your support ...
> >
> > Bob
> I assume this is a SQL 2000 server? I agree, Outlook has no place on a
> server, but if you want to use SQL Mail, you have no choice. You do
> have alternatives to SQL Mail, however. I've used a command-line mailer
> called "BLAT" for years with great success. There is also an extended
> stored procedure available for download called xp_smtp_sendmail, that is
> nearly a drop-in replacement for xp_sendmail.
Except they don't replace the best reason (in my opinion) to use outlook
which is to allow SQL Agent to send alerts, etc.
(I also have used blat btw, decent product.)
I don't think there's a problem with outlook on a SQL Server. Just make sure
it's only sending email and not receiving.
Generally I install the SMTP server that comes with IIS and have my Outlook
install send to this and have it relay to my "real" SMTP server.
This eliminates a lot of issues with Outlook locking up if it can't reach
the mail server.
I don't think the security risk is that large if you understand your goals
and what you're doing.
> Of course, if you're on SQL 2005, this is all moot...
>
> --
> Tracy McKibben
> MCDBA
> http://www.realsqlguy.com|||"Geoff N. Hiten" <SQLCraftsman@.gmail.com> wrote in message
news:OH33MhFpGHA.1796@.TK2MSFTNGP03.phx.gbl...
> I don't find Outlook to be a security risk, I find it to be a stability
> risk. Outlook is a lot of things, but a stable MAPI service provider
isn't
> on that list.
Just for the record, while I tend to agree, see my other email.
The BEST thing I ever did for Outlook was to put a local SMTP server on the
SQL box and set it up to relay only from that box to my main SMTP server.
This has GREATLY increased my stability. (to the point I really don't have
to think about SQL Mail at all. It pretty much just works.)
> I prefer to use xp_smtpmail from www.sqldev.net. It isn't a
> drop-in replacement for SQLMail or SQLAgentMail, but you can make it do
most
> of the tasks that xp_sendmail supports. I usually add extra steps for
> failure and success notification to my agent jobs, but there are several
> ways to implement this code. It is a very stable add-in and has caused me
> zero problems, even on large cluster installations.
> --
> Geoff N. Hiten
> Senior Database Administrator
> Microsoft SQL Server MVP
>
>
> "Bob" <Bob@.discussions.microsoft.com> wrote in message
> news:3A2B8DAB-9424-4E86-9C53-C8BD6E0B1206@.microsoft.com...
> >I just took over a new project and trying to setup the environment up to
> >best
> > practicing standards. I wanted to install MS Outlook to setup MAPI. My
> > manager thinks installing outlook on production server is really nuts.
He
> > thinks it's a security risk and overall having MS Outlook on a
production
> > server doesn't seem right. I have never heard of any kind of security
risk
> > or
> > any other internal problems MS Outlook can create in a production box
with
> > SQL Server installed on it. Can one of the MVPs please confirm it for me
> > and
> > if possible give any suggestions or arguments that I can use to convince
> > him?
> > Thanks in advance for your support ...
> >
> > Bob
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment