Bradley Smith
asked on
disabling outbound email - sbs2003
if i disable a user account in aduc will this stop the user being able to send outbound email? i am running a sbs2003 environment with xp workstations.
If your SMTP-server requires authentication, then that particular user will not be able to send messages directly. The SMTP is the only weakness, since often administrators allow unauthenticated relaying from within the local network address range.
Oh, and Exchange is also off limits for that user, because there the AD authentication is strictly enforced by the server.
ASKER
could you explain this please? i need to stop certain users sending external email, and they currently have this available to them.
ASKER
we are using exchange
Your Exchange server uses the Exchange protocol that Outlook can connect to directly. Since you disabled the account, the user won't be able to send mails via Outlook anymore.
Your Exchange server also contains an SMTP server. If your user connects to this one directly, he may be able to send emails through the server. It depends on the settings of the SMTP-server. Often they are configured to relay without authentication from within the local network. Set your SMTP to accept only authenticated connections and this loophole is also closed. See http://support.microsoft.com/kb/823019
Your Exchange server also contains an SMTP server. If your user connects to this one directly, he may be able to send emails through the server. It depends on the settings of the SMTP-server. Often they are configured to relay without authentication from within the local network. Set your SMTP to accept only authenticated connections and this loophole is also closed. See http://support.microsoft.com/kb/823019
ASKER
ok, thats great. i dont know if our SMTP server requires authentication but we use outlook and exchange, i have disabled the account in ADUC, so this should do the trick?
sorry, wrong post.
Yes, disabling the user should do the trick - if your users access the Exchange server by Outlook and/or Outlook web access.
If they use Outlook express or another POP3/IMAP/SMTP client, they may be able to send emails, if your SMTP is not well configured as outlined before.
If they use Outlook express or another POP3/IMAP/SMTP client, they may be able to send emails, if your SMTP is not well configured as outlined before.
ASKER
ah anonymous access is ticked - under ESM>Administrative Groups>First Administrative Group>Servers>Server Name>Protocols>SMTP>Defaul t SMTP Virtual Server>Properties>Access>A uthenticat ion> along with basic authentication and integrated windows authentication.
ASKER
ok thank you. just needed to stop a user sending something they shouldnt be asap! thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.