welshiv
asked on
How to require authentication in internal email on Exchange 2003
We have a standalone Exchange 2003 server, with the default SMTP Virtual Server authentication config. However, we've recently noticed that using a mail client, if we do not check the Server requires SMTP authentication" option on the client, we can "spoof" senders on our internal email. I mean I can send an email to anyone else in the company and it shows as coming from whomever or whatever mail address I place in the address field. How can I force the server to require authentication from all users even if sending email internally? It works fine externally - won't allow email without authentication, but does not require it internally, which has led to some issues, Thanks for your help.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The simplest option I can see would be to assign 2 IP addresses to your NIC card. You can edit the default SMTP VS to use one of the IP addresses, and that IP address should also be the one which port 25 is forwarded to in your router's firewall. Then, you would set up another SMTP VS, bound to the other IP on port 25, which you turn off anonymous authentication in. Make sure the IP of this one is what is registered in DNS, so users don't know about the other one. Obviously, since it isn't accessible to the outside world and requires authentication anyway, the internal VS could also have relaying enabled if necessary.
Ideally, this would work best if the server was multihomed (2 NICs), but that's a bad idea with Exchange so don't do it.
-tigermatt