How do I resecure my Exchange 2003 server
I have an Exchange 2003 SP2 server that was recently hijacked by someone who gained access using the username and password of one of our employees. I believe I have this situation under control.
However, I am looking for some step-by-step directions on how to really lock down our server. I am familiar with navigating ESM but I am unsure of what authentication options should be enabled, and pretty much every other setting in there. Could someone help me set the security on this server so only users of our domain can send mail?
Also, is there a way to flag the admin if one user is sending X number of emails out?
Thanks again!
However, I am looking for some step-by-step directions on how to really lock down our server. I am familiar with navigating ESM but I am unsure of what authentication options should be enabled, and pretty much every other setting in there. Could someone help me set the security on this server so only users of our domain can send mail?
Also, is there a way to flag the admin if one user is sending X number of emails out?
Thanks again!
Asked:
Who is Participating?
If you are looking at SMTP then doing anything with authentication will not help. It isn't the authentication that is the problem, but the permissions.
If you do not need anyone relaying through the server (so you have no POP3/SMTP clients) then turn off all relaying options and authenticated relaying.
Enable recipient filtering.
Then it comes down to good network security practises - nothing to do with Exchange.
For example
- expiring passwords
- lockout periods
- lockout after a number of retries
etc
Exchange is secure out of the box, you only get problems if someone starts playing around with it.
Finally, the Exchange best practises tool will sometimes spot errors. http://www.exbpa.com/
On the alerts - there is nothing in the full product of Exchange. You would have to use a third party tool.
Simon.
If you do not need anyone relaying through the server (so you have no POP3/SMTP clients) then turn off all relaying options and authenticated relaying.
Enable recipient filtering.
Then it comes down to good network security practises - nothing to do with Exchange.
For example
- expiring passwords
- lockout periods
- lockout after a number of retries
etc
Exchange is secure out of the box, you only get problems if someone starts playing around with it.
Finally, the Exchange best practises tool will sometimes spot errors. http://www.exbpa.com/
On the alerts - there is nothing in the full product of Exchange. You would have to use a third party tool.
Simon.
Thanks for that link, it looks like a slick application.
This maybe a dumb question, but what exactly is relaying?
We do not use pop mail, but I think we are using smtp on some windows mobile devices, but I might be wrong.
Again thanks for all your help.
This maybe a dumb question, but what exactly is relaying?
We do not use pop mail, but I think we are using smtp on some windows mobile devices, but I might be wrong.
Again thanks for all your help.
Relaying is basically anything that is not using MAPI. Outlook configured to connect to Exchange as opposed to POP3/IMAP is using MAPI. Blackberry through BES is MAPI. Windows Mobile devices using Exchange ActiveSync is a form of MAPI. OWA is MAPI.
Outlook Express would require relaying. Sending email by SMTP from another device to an external server would also require relaying. However SMTP from a device to an internal user (so a hardware alert for example) does not require relaying.
If you are doing a pure Outlook 200x deployment then you do not need any relaying settings enabled for the clients to work correctly.
Simon.
Outlook Express would require relaying. Sending email by SMTP from another device to an external server would also require relaying. However SMTP from a device to an internal user (so a hardware alert for example) does not require relaying.
If you are doing a pure Outlook 200x deployment then you do not need any relaying settings enabled for the clients to work correctly.
Simon.
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
All Courses
From novice to tech pro — start learning today.
-
Course of the Month11 days, 6 hours left to enrollMonitoring and Operating a Private Cloud with System Center 2012 R2 273 lessons
http://www.amset.info/exchange/smtp-relaysecure.asp
Simon.