nexcool
asked on
Sending emails to internal clients even with autheticaion turned on. Possiable spam Vulnerability
While testing my pop3 protocol on my exchange 2003 server i noticed that even with authetication on my virtual smtp server i still can use my email address from any rogue my machine and send emails to my self. The authetication will stop it if i try and send them to someone else. I noticed that if I send them via smtp to my self though (external) via outlook express client. Is there a way to turn on securtiy even for my own addresses??
Phadke_hemant
use integrated windows authentication and remove anonymous access, this should be sufficient
ASKER
for some reason when i turn anonymous access of then no one can send to my server
ok then turn ON plain text type for authentication and turn off anonymous access
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
on my exchange server i have turned off anonymous access and using plain text for authentication. Its working fine for my case thats why i suggested it.
Phadke_hemant - So how do you receive emails from the internet? Does your email come in from another server? You cannot receive email from outside of your network unless you have anonymous turned on.
Simon.
Simon.
no, we are not receiving mails through Exchange server. Instead we have configured MS outlook to receive the mails using POP3 account. But I can receive the mails in exchange if I configure POP3 connector.
here nexcool want to stop spam Vulnerability for outgoing mails so i suggested him this solution
here nexcool want to stop spam Vulnerability for outgoing mails so i suggested him this solution
If you are collecting email with Outlook and not having Exchange delivered directly,
then your "fix" doesn't really apply in this scenario.
While your solution is valid for stopping spam, it also stops all email. It worked for you because you are not using Exchange as it is designed.
POP3 collection of email is a pretty poor solution for any email client - and isn't something I would call enterprise grade.
You also have confused the POP3 connector with the POP3 server. They are different things. The question led me to believe that the OP is using the POP3 server functionality of Exchange, not the POP3 connector.
Simon.
then your "fix" doesn't really apply in this scenario.
While your solution is valid for stopping spam, it also stops all email. It worked for you because you are not using Exchange as it is designed.
POP3 collection of email is a pretty poor solution for any email client - and isn't something I would call enterprise grade.
You also have confused the POP3 connector with the POP3 server. They are different things. The question led me to believe that the OP is using the POP3 server functionality of Exchange, not the POP3 connector.
Simon.