Solved

Securing auth on Exchange 2003?

Posted on 2006-10-24
5
518 Views
Last Modified: 2010-10-05
Hello,

I’m wondering what settings I should use for SMTP authentication, where the single mail server in question receives mail from external sources, and it’s also the mail server for an internal Windows 2003 domain.

I’ve been looking at the authentication settings, but I’m not confident in my own knowledge on securing Exchange 2003.

The setting I believe I need to tighten are located in: Exchange System Manager > Administrative groups > First administrative group > Server > srv01 > Protocols > SMTP > Default SMTP Virtual Server Properties > Access > Authentication.

The defaults are…

[X] Anonymous access
---[ ] Resolve anonymous email

[X] Basic authentication (password is sent in clear text)
---[ ] Requires TLS encryption
---__________ Default domain

[X] Integrated Windows Authentication


Can someone advise?

Thanks,
/wl
0
Comment
Question by:windylad
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17794746
Hi windylad,

That is the default setting, and the default is fine (exchange is configured correctly by default nowadays)

You will always need Anonymous access ticked, if you don't then other mail servers will not be able to send to you.

This guide from Sembee will show you how to harden it up that little bit more -> http://www.amset.info/exchange/smtp-relaysecure.asp

Hope that helps,

-red
0
 

Author Comment

by:windylad
ID: 17794857
Thanks for the link red.


I’m specifically interested in disabling the plain text authentication method on my SMTP server for unencrypted sessions.  (None of my users will be connecting from an external source)


If I change the default settings from

[X] Anonymous access
---[ ] Resolve anonymous email

[X] Basic authentication (password is sent in clear text)
---[ ] Requires TLS encryption
---__________ Default domain

[X] Integrated Windows Authentication


to…


[X] Anonymous access
---[ ] Resolve anonymous email

[ ] Basic authentication (password is sent in clear text)
---[ ] Requires TLS encryption
---__________ Default domain

[X] Integrated Windows Authentication


What effect will this have on my servers security?

Thanks,
/wl

0
 
LVL 39

Accepted Solution

by:
redseatechnologies earned 250 total points
ID: 17795060
windylad,

The effect would be positive if anything, less option means less vulnerability.

However, if you have no external users connecting to it, and relaying disabled - then it is not going to make a difference (as it isn't going to be used, and even if someone tries, isn't going to do anything for them anyway)

Although, I am a big fan of overkill when it comes to security - it isn't called paranoia when everyone REALLY IS out to get you, then it is just called common sense!

-red
0
 

Author Comment

by:windylad
ID: 17795203
Even though disabling it in this case will not make a difference, the fact that it's disabled meets a particular security policy we need to comply with.  Thanks red.
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17795268
No problem, thanks for the A grade

-red
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Raising Forest Functional Level 2 45
Exchange server Error 3 41
Block Hacker? 2 37
Creating Recovery DB in Exchange 2010 3 30
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question