I am running Windows 2000 Small Business Server SP4 with Exchange Server 2000 (says Ver 6.0 SP3). This server also hosts our website using IIS/ISA and our email and is the local proxy and domain controller for our small network.
I am chasing two Spam issues. This one is the use of our Exchange server as a Spam Relay. Our SMTP Virtual Server is configured to allow Authenticated Relay only and passes independent Open Relay tests, however I still see spam being relayed through our server.
Comments on another thread ( http://www.experts-exchange.com/Networking/Email_Groupware/Exchange_Server/Q_20732482.html
) led me to look at possible weak security. I discovered the built-in Guest account with the weak password "guest" and disabled it.
My question is: Do I need be concerned with any of the other built-in accounts such as IUSR_servername, IWAM_servername, Small Business Admin, Small Business User, etc.?
Also, if there is a MS Technet document that speaks to what built in users are required for IIS / ISA and what built-in accounts can be disabled, that would be good reading.