windylad
asked on
Securing auth on Exchange 2003?
Hello,
I’m wondering what settings I should use for SMTP authentication, where the single mail server in question receives mail from external sources, and it’s also the mail server for an internal Windows 2003 domain.
I’ve been looking at the authentication settings, but I’m not confident in my own knowledge on securing Exchange 2003.
The setting I believe I need to tighten are located in: Exchange System Manager > Administrative groups > First administrative group > Server > srv01 > Protocols > SMTP > Default SMTP Virtual Server Properties > Access > Authentication.
The defaults are…
[X] Anonymous access
---[ ] Resolve anonymous email
[X] Basic authentication (password is sent in clear text)
---[ ] Requires TLS encryption
---__________ Default domain
[X] Integrated Windows Authentication
Can someone advise?
Thanks,
/wl
I’m wondering what settings I should use for SMTP authentication, where the single mail server in question receives mail from external sources, and it’s also the mail server for an internal Windows 2003 domain.
I’ve been looking at the authentication settings, but I’m not confident in my own knowledge on securing Exchange 2003.
The setting I believe I need to tighten are located in: Exchange System Manager > Administrative groups > First administrative group > Server > srv01 > Protocols > SMTP > Default SMTP Virtual Server Properties > Access > Authentication.
The defaults are…
[X] Anonymous access
---[ ] Resolve anonymous email
[X] Basic authentication (password is sent in clear text)
---[ ] Requires TLS encryption
---__________ Default domain
[X] Integrated Windows Authentication
Can someone advise?
Thanks,
/wl
ASKER
Thanks for the link red.
I’m specifically interested in disabling the plain text authentication method on my SMTP server for unencrypted sessions. (None of my users will be connecting from an external source)
If I change the default settings from
[X] Anonymous access
---[ ] Resolve anonymous email
[X] Basic authentication (password is sent in clear text)
---[ ] Requires TLS encryption
---__________ Default domain
[X] Integrated Windows Authentication
to…
[X] Anonymous access
---[ ] Resolve anonymous email
[ ] Basic authentication (password is sent in clear text)
---[ ] Requires TLS encryption
---__________ Default domain
[X] Integrated Windows Authentication
What effect will this have on my servers security?
Thanks,
/wl
I’m specifically interested in disabling the plain text authentication method on my SMTP server for unencrypted sessions. (None of my users will be connecting from an external source)
If I change the default settings from
[X] Anonymous access
---[ ] Resolve anonymous email
[X] Basic authentication (password is sent in clear text)
---[ ] Requires TLS encryption
---__________ Default domain
[X] Integrated Windows Authentication
to…
[X] Anonymous access
---[ ] Resolve anonymous email
[ ] Basic authentication (password is sent in clear text)
---[ ] Requires TLS encryption
---__________ Default domain
[X] Integrated Windows Authentication
What effect will this have on my servers security?
Thanks,
/wl
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Even though disabling it in this case will not make a difference, the fact that it's disabled meets a particular security policy we need to comply with. Thanks red.
No problem, thanks for the A grade
-red
-red
That is the default setting, and the default is fine (exchange is configured correctly by default nowadays)
You will always need Anonymous access ticked, if you don't then other mail servers will not be able to send to you.
This guide from Sembee will show you how to harden it up that little bit more -> http://www.amset.info/exchange/smtp-relaysecure.asp
Hope that helps,
-red