Allow Authenticated relay with Barracuda - Exchange

We want to allow Authenticated users to send email from our Exchange domain.  Barracuda spam device, to my knowledge, does not allow this at all.  
How can I make this happen?
LVL 3
artthegeekAsked:
Who is Participating?
 
SembeeConnect With a Mentor Commented:
The way that I would do it is via TLS, aka Secure SMTP.
Exchange supports this natively on port 25 - ie you can install a certificate on to the SMTP server and if it is available, then it will support it.
However there is also an additional port allocated for it in the central list - 465.
Thus...

1. Setup an additional SMTP Virtual Server on your Exchange server.
2. Change its port to 465.
3. Acquire an SSL certificate for this SMTP Virtual Server. If you have commercial one for OWA, then use the same certificate, simply export it from the http server and then import it - you don't need to purchase a different certificate unless you want to use another name.
4. Disable anonymous access. Ensure that authenticated relaying is enabled.
5. If you have an SMTP Connector in place (which you may well have), do NOT add the new SMTP virtual server to it.
6. On the POP3 client, change the SMTP port to 465, enable the option to use a secure connection, and enable authentication for the outbound email.

End result
- traffic is secure.
- you bypass any blocks on port 25 that ISPs may run
- you are using a standard port - so no need to worry about it clashing with something else.

Simon.
0
 
SembeeCommented:
What exactly do you want to do?

Is this external people sending email through your server?

Simon.
0
 
artthegeekAuthor Commented:
yes, I want my users to be able to send from their mail account via a pop client when out of the office
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
artthegeekAuthor Commented:
Thanks Simon - Sounds nice.  I'll test it (w/out the cert for now).
We do not currently use a certificate - how do we purchase one?
0
 
SembeeCommented:
If you don't already have a certificate, then you should get one, as you will allow you to protect OWA, OMA, RPC over HTTPS etc.
I usually use RapidSSL. They have trial certificates which you can get that are valid for 30 days, so have a play around with them before committing the purchase. There are also guides on that site on how to request the certificate and stop through the process.

Just remember to use a common name that is valid on the Internet - so mail.domain.com is good, mail.domain.local is not.

Simon.
0
 
artthegeekAuthor Commented:
Appologies all,

Without access to the Barracuda device, we will have to assume the issue needs help there - we'll have to plan on other options at this point.  
Thank you for your comments.  
I am awarding some points to Sembee -  though not the complete solution here, the security option he's presented will be helpful in one of my next installs.  

Thank you, Sembee.

-a the geek
0
All Courses

From novice to tech pro — start learning today.