Solved

Windows 2003 SMTP User Authentication on DMZ

Posted on 2004-08-30
13
252 Views
Last Modified: 2008-03-17
I have a windows 2003 SMTP server running on a DMZ. I use it to send the incoming mail to my Exchange server 2003 running on my lan. I need to be able to authenticate with my email account so I can relay email from an outside connection, otherwise I get error 550. I need to know what ports I need to open on the firewall and how to set it up. It is any other more secure way to have this working?
0
Comment
Question by:DPRIETO
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
  • 3
13 Comments
 
LVL 20

Expert Comment

by:ikm7176
ID: 11929439
0
 
LVL 20

Expert Comment

by:ikm7176
ID: 11929464
0
 

Author Comment

by:DPRIETO
ID: 11929536
I have readed the comments but i think i did not explain myself.
What i need is to be able to send email using  outlook from outside my office, using the smtp server on DMZ. I need to be able to delivey mail to my domain and also to any other domains. Now the internal mail is route to my exchange server and is working, but when i try to send email to other domains i get 550. I need smtp server to authenticate me as an internal user and let me send the outgoing mail.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 12

Expert Comment

by:ColinRoyds
ID: 11929563
on the default smtp server relay setting, put a check box in the "allow authenticated users to relay"
0
 

Author Comment

by:DPRIETO
ID: 11929575
I know, but when i try to authenticate i get 'user unknown' I think i will have this server to join the domain in order to user the domain users. but if so, is this a secure solution?
0
 
LVL 20

Expert Comment

by:ikm7176
ID: 11929595
0
 

Author Comment

by:DPRIETO
ID: 11929656
Let`s change the question. How do i enable internal users to send email messages to any domain from outside the office.
0
 
LVL 20

Expert Comment

by:ikm7176
ID: 11929658
if the server is not in your domain, then it will look into its local user accounts to authenticate. If you want to authenticate using windows 2003 domain user account you need to add the SMTP server to domain.
0
 

Author Comment

by:DPRIETO
ID: 11929673
Ok. How secure is this solution? recommended? Should i use any other?
0
 
LVL 12

Expert Comment

by:ColinRoyds
ID: 11929716
In that case there is not much point in having it in the DMZ, but ikm7176 is right about the authentication
0
 
LVL 20

Accepted Solution

by:
ikm7176 earned 500 total points
ID: 11929730
though you can uncheck "allow authenticated users to relay" It is not recommended to not have any restrictions because anyone can use your server as an open relay

i recommend using a VPN server in your DMZ zone and allow external clients to access your SMTP server through your VPN server by creating  L2TP Session.
0
 

Author Comment

by:DPRIETO
ID: 11929740
Ok, now you know what i need. Is there any other solution more secure?
0
 
LVL 12

Expert Comment

by:ColinRoyds
ID: 11929784
I definately would not leave it as an open relay as you will be blacklisted before you now it, then you will have no mail, but I do agree with ikm7176 with regards to vpn's
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
This video discusses moving either the default database or any database to a new volume.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question