Exchange 2000 SMTP relay

[Guest]

Hi,

I'm looking at opening up the firewall on Port 25 to let people connect to
mail.mydomain.com (from their home DSL connection through the internet)
rather than using a providers SMTP for relay. Is there any thing i should do
to the exchange box to make sure it has been locked down so only
authenticated users can use the source and stop spammers getting in.

Basically at present contractors use

mail.mydomain.com for pop3 = no probs
mail.theirseviceprovider.com for SMTP = ok sometimes but would rather they
use our server for tracking mail etc

any help would be great.

cheers

 

[Rob Gregory]

Security is obviously to big to discuss here, but see if "Security
Operations for Microsoft Exchange 2000 Server" is still on their web site.

To answer your specific question, open the Exchange System Manager, go to
Servers\<server name>\Protocols\SMTP\<Virtual Server Name (Probably "Default
SMTP Virtual Server").

Right-click and go to Properties. Choose the Access tab. Check Access
control - you'll need to enable Basic authentication for outside users
coming in over TCP25.

Relay Restrictions is the key to the whole deal - I suggest you set this to
allow "Only the list below" and leave the list blank. Then check the "Allow
all computers which successfully authenticate to relay, regardless of the
list above". This way, you don't need to mess with the list when you
add/delete users. Also, I strongly suggest you enforce strong passwords for
*anyone* using *any* service you've opened up through the firewall.