Solved

How do I resecure my Exchange 2003 server

Posted on 2007-11-29
5
185 Views
Last Modified: 2010-03-06
I have an Exchange 2003 SP2 server that was recently hijacked by someone who gained access using the username and password of one of our employees.  I believe I have this situation under control.

However, I am looking for some step-by-step directions on how to really lock down our server.  I am familiar with navigating  ESM but I am unsure of what authentication options should be enabled, and pretty much every other setting in there.  Could someone help me set the security on this server so only users of our domain can send mail?

Also, is there a way to flag the admin if one user is sending X number of emails out?

Thanks again!
0
Comment
Question by:thirdlifes
  • 3
  • 2
5 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 20376473
If you are looking at SMTP then doing anything with authentication will not help. It isn't the authentication that is the problem, but the permissions.

If you do not need anyone relaying through the server (so you have no POP3/SMTP clients) then turn off all relaying options and authenticated relaying.
Enable recipient filtering.

Then it comes down to good network security practises - nothing to do with Exchange.
For example
- expiring passwords
- lockout periods
- lockout after a number of retries
etc

Exchange is secure out of the box, you only get problems if someone starts playing around with it.

Finally, the Exchange best practises tool will sometimes spot errors. http://www.exbpa.com/ 

On the alerts - there is nothing in the full product of Exchange. You would have to use a third party tool.

Simon.
0
 
LVL 1

Author Comment

by:thirdlifes
ID: 20376742
Thanks for that link, it looks like a slick application.

This maybe a dumb question, but what exactly is relaying?  
We do not use pop mail, but I think we are using smtp on some windows mobile devices, but I might be wrong.

Again thanks for all your help.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20378682
Relaying is basically anything that is not using MAPI. Outlook configured to connect to Exchange as opposed to POP3/IMAP is using MAPI. Blackberry through BES is MAPI. Windows Mobile devices using Exchange ActiveSync is a form of MAPI. OWA is MAPI.

Outlook Express would require relaying. Sending email by SMTP from another device to an external server would also require relaying. However SMTP from a device to an internal user (so a hardware alert for example) does not require relaying.

If you are doing a pure Outlook 200x deployment then you do not need any relaying settings enabled for the clients to work correctly.

Simon.
0
 
LVL 1

Author Comment

by:thirdlifes
ID: 20402824
Do you know if Entourage X requires relaying?  My entire office is running Outlook 2003-2007 except for two notebooks that are running OS X.  

Again, thank you for your time and knowledge.

-Jesse
0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 20404490
My knowledge of Entourage is not great (I can just about spell it) but those clients will probably need some kind of relaying. Authenticated relaying would be the best option as that would allow you to lock it down to specific users and not IP addresses.
http://www.amset.info/exchange/smtp-relaysecure.asp

Simon.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange powershell help 4 26
Office 365 cutover migration questions 2 36
voice mail Box feature on Lync 2010 3 44
problem with default throttling policy 2 23
Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question