To MTA or not to MTA?

Possibly the longest running debate in the history of Exchange 2003 is if you should disable the MTA Stacks service on an Exchange 2003 Cluster.  There are some very valid reasons to remove it, and one HUGE reason to leave it alone.

First, what is the MTA?  The Message Transfer Agent is a compatibility solution put in place by Microsoft to allow the movement of messages from Exchange 2000 and 2003 Servers (stand-alone and clustered) to other messaging platforms.  That could be an Exchange 5.5 Server, Lotus Notes, etc.  This is not the only method that could be used to move information between server platforms, but especially for 5.5 it is the preferred method.

You may be tempted to remove the MTA Stacks resource from a cluster, as it's one more resource that could go sideways on you, and it does offer an additional attack surface for those who would try to hack your system.  You may also try to remove it when you move to a pure Exchange 2003 environment, as such a configuration would seemingly not require it at all.

In theory, you'd be technically correct.  Reducing potential problems and removing avenues to attack are generally considered good things.  But an explicit ruling from Microsoft on the matter and the pain caused by the operations required to reinstall it if you need it in future can make you think twice.

The Microsoft Knowledge Base is pretty explicit that removing the MTA is not supported.  You can read about it here:

KB 810489 "MTA Stacks service supportability guidelines for Exchange 2000 Server and Exchange Server 2003"

Within that KB, along with the explicit note that removing the MTA is a bad idea, is the problem of reinstallation later on.  Most notably, if you ever want to re-install the MTA Resource, you have to delete the Exchange Virtual Server entirely (by deleting the SA Resource) and reinstall the whole EVA.  So, if you have to call into support, they'll tell you that you need the MTA resource in place. And in order to put it back in place, you have to first destroy the live clustered Exchange server.  That's a catch-22 you can avoid by not removing the MTA at all.

Long story short, keeping the MTA does offer a potential avenue for attack, but removing it creates an absolute headache if you need support later on.  For now, at least, leaving the MTA in place is a much better option - just make sure you have set up your firewall to block potential attacks!