smtp misconfiguration?

lappladmin
lappladmin used Ask the Experts™
on
Hello,

I just setup an exchange 2007 test mail server, I came across this website to run a smtp test on my mail server. I ran a test without providing any authentication credential which startled me. Can anyone tell me where in the configuration that i missed that will allow mail to send without authentication?

http://smtper.sweetylife.com/
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Will SzymkowskiSenior Solution Architect
Most Valuable Expert 2015
Top Expert 2015

Commented:
You need to check your receive connector permissions group. Make sure that Anonymous is NOT selected.

Will.

Author

Commented:
If leaving this option unchecked will that impact any mail flow from the internet to me?
Will SzymkowskiSenior Solution Architect
Most Valuable Expert 2015
Top Expert 2015

Commented:
No it will not it will not. Although I do not know your environment you can simply re-enable it if it does. However it should not affect anything,

Will.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Will SzymkowskiSenior Solution Architect
Most Valuable Expert 2015
Top Expert 2015

Commented:
Second thought, it might affect internal application servers that are sending email notifications without using authentication. However from the INTERNET it do you have a smart host? If you do then it might affect that as well.

Best option is to create a new receive connector and lock it down via IP address under the networking tab and then allow anonymous permission group. It will be locked down via IP.

Do not do this on your DEFAULT receive  connector.

Will.

Author

Commented:
1. I don't have a smart host.
2. that was my default receive connector.
Will SzymkowskiSenior Solution Architect
Most Valuable Expert 2015
Top Expert 2015

Commented:
Well just remove the setting and see if anything happens. Preferably after hours.

Will.

Author

Commented:
Will

I ran a test last night with that option unchecked, all mails flow from the internet rejected.
Senior Solution Architect
Most Valuable Expert 2015
Top Expert 2015
Commented:
What are you using as a preimeter device? You should not have a default connector set with anonymous permission group. You should create a new connector and lock it down via IP address.

So you have a misconfiguration somewhere.

Will.

Author

Commented:
Thanks for the help!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial