I'm trying to determine the proper way to configure our Exchange sever so that it is not an open relay. We have some internal servers that need to relay and do not authenticate.
Currently, we have 'Only the list below' checked and we defined the IP address (mask) for the ranger of all our internal computers. We also have allow all computers which successfully authenticate to relay regardless of the list above.
1. Should we uncheck allow all computers which successfully authenticate to relay regardless of the list above so that not just any computer internal or external can user our mail server as an SMTP relay?
2. Should we limit the in the Computers section those servers that use our mail server to relay? I assume that clients don't need to be listed here.
3. Under the Authentication section, we have Anonymous access, Basic authentication and Integrated Windows Authentication checked. I have noticed that our clients when launching Outlook need to enter their credentials. Is this because Basic authentication is checked?