Exchange 2003 SP2 and SMTP virtual server anonymous connection?

When I open up Exchange system manager and go under the smtp virtual servers I noticed there is an option for anonymous smtp connections. This is enabled. Should this be deselected, and what is it's purpose? With it selected does it mean anyone can send an email message on the internet and they don't have to be authenticated on the Windows 200X system?

Who is Participating?
This is by design and default behaiviour.  When someone sends you an e-mail, their server
connects annonymously to your exchange servers SMTP server.  If you removed this setting then any server wishing to send e-mail to you would have to authenticate to Exchange first with correct login details before exchange would accept mail from them.  As no mail servers on the internet would be configured with logon details for your exchange server, you will recieve no e-mail.

If anything, some people advise that you should remove everything but the annonymous.  The reason for this is that by default you CAN try to authenticate to the SMTP server.  This means that someone could mount a dictionary attack on the server, hence this can be viewed as a security issue.  As all internet mail server deliver e-mail annonymously, no internet e-mail is affected if you remove the other authentication options.

I think you have confused this setting with mail relaying which allows people to send mail without first authenticating to your server.  Mail relaying is not permitted in Exchange 2003 by default.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.