Solved

Trying to better lock down Default Virtual Server SMTP Authentication settings

Posted on 2006-06-20
4
490 Views
Last Modified: 2008-02-01
I am trying to understand how to better lock down exchange server 2003. I don’t have any POP3 or IMAP users so I don’t have the need for any users to relay mail. All of my exchange users are using Outlook in exchange mode only. Keeping this in mind can I safely disable "Basic authentication" and "Integrated Windows Authentication" under the Default Virtual Server SMTP Authentication settings?

Also from my understanding I will need to keep “Anonymous access” enabled or otherwise other email servers will not be able to send mail to this server? Is this correct?

Thanks
0
Comment
Question by:illtbagu
  • 2
4 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 16946334
The first rule of Exchange - if you don't know, don't touch.
As such you shouldn't change the settings on the SMTP virtual server. Exchange is based on SMTP and making changes to the VS will break things - usually distribution groups.

If you don't have anyone who needs to relay through the server then simply disable the option to allow authenticated users to relay through the server.

Simon.
0
 
LVL 1

Author Comment

by:illtbagu
ID: 16947179
>The first rule of Exchange - if you don't know, don't touch.
For me that’s the rule for anything. I don't touch unless I know, that’s why I am asking and trying to further educate myself by people with EE Exchange expert certifications  like yourself : )

I have read that by default the Anonymous access, Basic authentication, and Integrated Windows Authentication are all selected. However I have read that this might be changed to further tighten the security of exchange. Microsoft published a document called "Microsoft Exchange Server Intelligent Message Filter (v2) Operations Guide" that basically is telling a whole different story
http://www.microsoft.com/downloads/details.aspx?familyid=b1218d8c-e8b3-48fb-9208-6f75707870c2&displaylang=en
On pages 9 and 10 of this document it is saying that for SMTP gateways (which I only have 1 exchange server and it is acting as an smtp gateway) I can disable the Basic authentication and Integrated Windows Authentication options.

However I did find another publication from Microsoft that is telling me what you are
http://www.microsoft.com/technet/prodtechnol/exchange/guides/E2k3TransnRouting/0285bc67-0768-4994-a525-bec861177a4d.mspx?mfr=true
It states that “By default, the Anonymous access, Basic authentication, and Integrated Windows Authentication check boxes are selected. If you are using a single default virtual server, it is recommended that you use the default settings; this allows users to authenticate by using the most common methods.”

> If you don't have anyone who needs to relay through the server then
> simply disable the option to allow authenticated users to relay through the server.
Could you please tell me where this setting is at? Are you talking about the “Relay restrictions” in the “Default SMTP Virtual Server” properties? The setting I assume you are talking about is “Allow all computers that successfully authenticate to relay, regardless of the list above”

Thanks for your expert advise!
0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 16947217
You are not running a gateway machine.
A gateway machine is a separate machine that acts as the gateway to other machines. A single server configuration does not count as a gateway.

You have the setting I was referring to correct. It is enabled by default and can be safely turned off. Don't confuse wanting to relay.

Simon.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question