Hello, I am a SQL Server DBA working with SQL Server 7 and SQL Server 2000 on NT4 and Win2000. We would like to use the SQL agent mail component of SQL server to notify us if a SQL agent job fails. To do this, we must install a client like Outlook Express on our database servers. There has been some concern that Messaging Application Program Interface (MAPI) on the SQL boxes would create some huge risk from our employees. We don't have Exchange servers, so the Outlook client would be sending the message to a Groupwise SMTP server. Does any of this cause an unacceptable risk? Thanks.
To be honest, it's impossible for me to opine as to whether or not the risk is acceptable. I'm not trying to be glib -- there's just a lot more involved in risk assessment than the facts presented to me here. I don't see how a MAPI client on a properly secured SQL server could create a risk (huge or otherwise) from your employees; however, certainly your internal folks know more about the situation than I do. Thus, in the absence of any information to the contrary, I would have to defer to their opinions on this one.
Having said that, I have never encountered nor heard of any security violations or issues related to having a MAPI client on a SQL Server.
As far as I know, you won't be able to use the Groupwise SMTP Server. My understanding of SQLMail, which is based in part on Microsoft Knowledge Base article 263556, is that SQLMail only sends MAPI-based e-mail. That relevenat part of this article states:
The SQL Server mail client support depends upon your SQL Server version and the functionality required.
SQL Server 6.5 and SQL Server 7.0
SQL Mail establishes a simple MAPI connection to Microsoft Exchange Server, Microsoft Windows NT Mail, or a Post Office Protocol 3 (POP3) server.
SQL Server 7.0 Using SQLAgentMail
SQLAgentMail establishes either a simple or extended MAPI connection to Microsoft Exchange Server, Microsoft Windows NT Mail, or a Post Office Protocol 3 (POP3) server.
SQL Server 2000
SQL Mail establishes an extended MAPI connection with a mail host, while SQLAgentMail establishes a separate extended MAPI connection. Both SQL Mail and SQLAgentMail can connect with Microsoft Exchange Server, or a Post Office Protocol 3 (POP3) server.
NOTE: Due to the limitation of only providing extended MAPI support, SQL Server 2000 requires a Microsoft Outlook 2000 client (or later version)."
You can find the complete text of this article, which has a lot of great information, on the Microsoft Web site.