Windows 2003 SMTP User Authentication on DMZ

I have a windows 2003 SMTP server running on a DMZ. I use it to send the incoming mail to my Exchange server 2003 running on my lan. I need to be able to authenticate with my email account so I can relay email from an outside connection, otherwise I get error 550. I need to know what ports I need to open on the firewall and how to set it up. It is any other more secure way to have this working?
DPRIETOAsked:
Who is Participating?
 
ikm7176Connect With a Mentor Commented:
though you can uncheck "allow authenticated users to relay" It is not recommended to not have any restrictions because anyone can use your server as an open relay

i recommend using a VPN server in your DMZ zone and allow external clients to access your SMTP server through your VPN server by creating  L2TP Session.
0
 
ikm7176Commented:
0
 
ikm7176Commented:
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
DPRIETOAuthor Commented:
I have readed the comments but i think i did not explain myself.
What i need is to be able to send email using  outlook from outside my office, using the smtp server on DMZ. I need to be able to delivey mail to my domain and also to any other domains. Now the internal mail is route to my exchange server and is working, but when i try to send email to other domains i get 550. I need smtp server to authenticate me as an internal user and let me send the outgoing mail.
0
 
ColinRoydsCommented:
on the default smtp server relay setting, put a check box in the "allow authenticated users to relay"
0
 
DPRIETOAuthor Commented:
I know, but when i try to authenticate i get 'user unknown' I think i will have this server to join the domain in order to user the domain users. but if so, is this a secure solution?
0
 
ikm7176Commented:
0
 
DPRIETOAuthor Commented:
Let`s change the question. How do i enable internal users to send email messages to any domain from outside the office.
0
 
ikm7176Commented:
if the server is not in your domain, then it will look into its local user accounts to authenticate. If you want to authenticate using windows 2003 domain user account you need to add the SMTP server to domain.
0
 
DPRIETOAuthor Commented:
Ok. How secure is this solution? recommended? Should i use any other?
0
 
ColinRoydsCommented:
In that case there is not much point in having it in the DMZ, but ikm7176 is right about the authentication
0
 
DPRIETOAuthor Commented:
Ok, now you know what i need. Is there any other solution more secure?
0
 
ColinRoydsCommented:
I definately would not leave it as an open relay as you will be blacklisted before you now it, then you will have no mail, but I do agree with ikm7176 with regards to vpn's
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.