Mailbox policies at work

[dphantom]

I am in charge of the IT department at a large public library and am reviewing our email policies and would like to get your feedback on your company/organization policies regarding email. We currently use Exchange 2003 standard and have over 400 mailboxes.

Currently, size of the mailbox is limited to 45 MB and send/receive to 6MB attachments. We have 19 locations all connected via T-1 except for one that has a pair of T-1s bonded with the Exchange server hosted at a central site.

We strip alomost all attachments at the Spam filter including jpg's, bmp's and the usual ocx, dll etc... we do allow common Office extension files through.

I've seen threads on this topic in the past but haven't found any recently.

We have a small IT staff with no dedicated Exchange person. The last virus outbreak was almost three years ago and took us down for 3.5 days. Since then, we've tightened our email policies, added better anti-virus protection and use a Barracuda box at the front-end.

Now, staff are complaining we are too restrictive, partcularly on graphic type files. Staff want to be able to send/recieve images and especially very large ones such as 12-30MB in size.

We provide WinZip to our users and allow zip attachments thru from outside so we believe an acceptable alternative exists.

Any advice on how to convince our users our policies are not out of line or if they are, what are your practices for ensuring email is not a point source for virus/trojan/etc..?

Thanks in advance for your help.

 

[jondercik]

Your policies MAY be out of line. One thing to remember is that it your job to support your users and allow them to do their job efficiently. If those graphic files are needed to accomplish their job function, then the policy is out of line. If they are not needed the policy is correct.

It all depends on the organization.

 

[Kelemvor]

We have policies but they are somewhat reversed from yours.

We don't allow zip files at all because of so many viruses coming inside them with notices to people tp open them to view information. I think now we have a progrma that cheks inside the zip file before it gets delivered though.

We do allow MOST extensions such as pictures, docs, etc. I'm pretty sure we don't allow EXEs to get through. Viruses can't come in a jpg/gif file (or at least extremely rare) so blocking them isn't really helping anything.

As for sizes, everyone gets 50 megs. Warnings get sent aroudn 40 and the mailbox gets locked down at 50. Attachments were limited to 5 megs but that got increased a week or two ago to 10 megs.

I think that's about it.

 

[Hardlin]

For the email systems I have managed, the policies are based on business requirements. I have had policies affected by the legal department (max age of emails), budget restrictions (max storage space), expected availablity and performance (attachment sizes). It usually comes down to how much money (for admins and system capabilities) they want to spend and if you have a legal department that wants to mandate policies (I work in healthcare and they don't like old emails hanging around).

 

[smashp]

Is your exchange server have Service Pack 2 installed ?

well if you dont, Exchange 2000 and 2003 standard have a size limitation on the store of 16gb.


so 400 users x 45mb = 18gb

not accounting for your public folder data, but if every in your exchange org had their mailbox's at the limit, The Server wouldnt be working right now.

By the way once that 16gb limit is hit, the store turns itself off. (goodbye mail)


that is why that policy is in place. First upgrade to Exchange 2003 sp2...... then you can manually set the limit up to 75gb for the store.


if users want to sent that massive amount of data, and store large amounts of data,

get two new Beefy boxes with 4gb of ram, atleast 200gb in a raid 5 array, and use your old exchange box as a front end server and the two other boxes as backend servers.


Oh and you will need an exchnage admin soon, or someone who can take on that responsibility

 

[nweaver]

Get their managment to justify a buisness case why it needs changed, and they you guys propose a fee for that change, and managment says Yea or Nay...

you are on the verge of needing a dedicated exchange guy, so that's a high cost. Backups could go through the roof if you are passing 20 meg pics of someones grandkid/niece/nephew/etc.
I don't think your policies are too restrictive, I would watch the .zip files though. If it gets stripped, teach them to have the user change the extension to .zi_ or something, with instructinos to change it back on the other end.

as an FYI, running out of drive space sucks, I was up deleting stuff this morning (we have 10+ people with 2Gig+ mailboxes) so I could remount the mail store.

 

[skisteven1]

at the last place I worked, attachements were limited to 5mb, but each user was given a place where they could post files for collaboration. Depending on your setup, it sounds like a window share wouldn't work, but maybe a public ftp/sftp server?

We had something like 500MB on an ftp server that was NOT backed up (just for quick transfers, and the login message reminds you of that every time) for shuttling around large files.

Might something like that be feasible?

 

[dphantom]

Originally posted by: smashp
Is your exchange server have Service Pack 2 installed ?

well if you dont, Exchange 2000 and 2003 standard have a size limitation on the store of 16gb.


so 400 users x 45mb = 18gb

not accounting for your public folder data, but if every in your exchange org had their mailbox's at the limit, The Server wouldnt be working right now.

By the way once that 16gb limit is hit, the store turns itself off. (goodbye mail)


that is why that policy is in place. First upgrade to Exchange 2003 sp2...... then you can manually set the limit up to 75gb for the store.


if users want to sent that massive amount of data, and store large amounts of data,

get two new Beefy boxes with 4gb of ram, atleast 200gb in a raid 5 array, and use your old exchange box as a front end server and the two other boxes as backend servers.


Oh and you will need an exchnage admin soon, or someone who can take on that responsibility

That's a good point re applying SP2. However, I then have another issue and that is upgrading our SAN to handle the additional storage. Our mail store resides on a partition on the SAN.

As for the calculation, I am VERY aware of that. 90% of my users mailboxes are <5mb. Perhaps a dozen or so want what amounts to an unlimited ability to send/recieve any size attachment. So that is why I can get away with a 45AMB limit knowing most users will never approach it.

The business case has not yet been made. As I mentioned, alternative means of delivery do exist.

Good comments.. thanks

 

[dphantom]

Originally posted by: nweaver
Get their managment to justify a buisness case why it needs changed, and they you guys propose a fee for that change, and managment says Yea or Nay...

you are on the verge of needing a dedicated exchange guy, so that's a high cost. Backups could go through the roof if you are passing 20 meg pics of someones grandkid/niece/nephew/etc.
I don't think your policies are too restrictive, I would watch the .zip files though. If it gets stripped, teach them to have the user change the extension to .zi_ or something, with instructinos to change it back on the other end.

as an FYI, running out of drive space sucks, I was up deleting stuff this morning (we have 10+ people with 2Gig+ mailboxes) so I could remount the mail store.

And most of these pictures are non-business related. Some are though and that is where the issue lies. I can make the business case, but getting a Library to fork over dollars to make this happen is most challenging.

Tell me about running out of drive space. Not fun when everyone and their bother starts screaming and worse when your voice mail is integrated with your email.

 

[RebateMonger]

Email is not a very efficient way to share large files. Multiple copies end up all over the place, and fill up the Server's drives and your backup system.

Consider implementing SharePoint as a way of sharing large data files. That'll give you full search capabiility, version control, check-in/check-out, and a way to see who's storing what and where.

 

[dphantom]

Originally posted by: RebateMonger
Email is not a very efficient way to share large files. Multiple copies end up all over the place, and fill up the Server's drives and your backup system.

Consider implementing SharePoint as a way of sharing large data files. That'll give you full search capabiility, version control, check-in/check-out, and a way to see who's storing what and where.

I know and it is an educaiton process to teach users to not use an email box to store data. We are looking at Sharepoint.

 

[MrControversial]

Originally posted by: dphantom
I am in charge of the IT department at a large public library and am reviewing our email policies and would like to get your feedback on your company/organization policies regarding email. We currently use Exchange 2003 standard and have over 400 mailboxes.

Currently, size of the mailbox is limited to 45 MB and send/receive to 6MB attachments. We have 19 locations all connected via T-1 except for one that has a pair of T-1s bonded with the Exchange server hosted at a central site.

We strip alomost all attachments at the Spam filter including jpg's, bmp's and the usual ocx, dll etc... we do allow common Office extension files through.

I've seen threads on this topic in the past but haven't found any recently.

We have a small IT staff with no dedicated Exchange person. The last virus outbreak was almost three years ago and took us down for 3.5 days. Since then, we've tightened our email policies, added better anti-virus protection and use a Barracuda box at the front-end.

Now, staff are complaining we are too restrictive, partcularly on graphic type files. Staff want to be able to send/recieve images and especially very large ones such as 12-30MB in size.

We provide WinZip to our users and allow zip attachments thru from outside so we believe an acceptable alternative exists.

Any advice on how to convince our users our policies are not out of line or if they are, what are your practices for ensuring email is not a point source for virus/trojan/etc..?

Thanks in advance for your help.

Everyone has this problem. However the solution is different depending on your business. I manage IT for a community health organization, so our standard operating procedures are going to be different. I set email accounts to 25 MB and set attachments at 5 MB. The reason I did this is because some people were emailing pictures of their friends or new baby to everyone and the total attachment size was bigger than the mailbox size. Instead of rejecting the message, Exchange 2000 let it through and I had to deal with a handful of locked-up email accounts.

Since we deal with many other organizations, I can't filter out attachments other than executables. See, that's right for OUR business. However, is it right for yours? You work for a library so I think things like JPGs and whatnot are germain to your business. I don't worry about viruses and spam and whatnot because I set up a Symantec 10 Enterprise Edition PC that is responsible for making sure that every PC on our LAN/WAN is up-to-date virus definitions-wise. On the Exchange Server, I have Symantec for Exchange which basically scans email in and out, blocks some spam and filters out executables as attachments. I also put another server up that runs Surf Control and it blocks spyware, bad websites and monitors and reports Internet traffic.

If users bitch about it, I just let them know that we don't have a bottomless pit for storage and that just as they can't put packages that are too large in their offices, we just can't accept attachements that are over 1/5 the size of their account quota. You just have to be firm. If they REALLY hate your rules, you could compromise by setting up a 3rd party email account such as Gmail and linking it to Outlook or whatever program you use.