Microsoft Windows 2003 Securing SMTP

Microsoft Windows 2003 Securing SMTP Virtual Servers:
http://technet.microsoft.com/en-us/library/cc737604.aspx

Configuring Access-Related Settings

You can restrict access to your SMTP server by requiring authentication, limiting access according to IP address, or both. Restrict access by using the Access tab of the SMTP virtual server properties dialog box. The Access tab has five important security-related settings: Authentication, Certificate, Communication, Connection, and Relay.

Authentication

The Authentication option allows you to select from the following methods for authenticating users who attempt to connect to your SMTP server:

  • Anonymous access. Anonymous access does not require users to enter a user name and password. This option is intended for servers that accept mail from outside the network.
    For example, if you are creating a stand-alone smart host that sits outside of your firewall and in front of your Exchange server, then you might select Anonymous access. Or, if you are creating a server to receive e-mail from a public Web site, then you might select Anonymous access.
  • Basic authentication. Basic authentication requires users to enter a valid user name and password; however, the credentials are sent across the network unencrypted. If you select Basic authentication, then select Requires TLS encryption, which encrypts the user credentials. To require TLS encryption, you must have a valid SSL certificate installed on the server.
  • Integrated Windows authentication. Integrated Windows authentication requires users to enter a valid Windows user name and password to connect to your SMTP server. Credentials are sent across the network encrypted. You can select Integrated Windows authentication if you are setting up a smart host to relay messages within your network or if you are setting up a server to receive e-mail from internal sites, such as a company intranet.

Certificate and Communication

The Certificate and Communication options allow you to secure communication by installing security certificates and requiring encryption. To install a certificate, click Certificate to start the New Certificate Wizard. Then, if you want to require the SMTP service to use SSL to encrypt every message, click Communication.

Connection

The Connection option allows you to restrict access to your server based on IP address. For example, if you are setting up a smart host that works inside your network, then you can use the Only the list below option to restrict access to the range of IP addresses for your network. If you are setting up a smart host that relays external e-mail or if you are setting up a server to accept e-mail from a public Web site, then connection control can be an effective way to restrict unsolicited commercial e-mail. After you identify the IP address or addresses of computers that send bulk e-mail, you can use the All except the list belowoption to prevent computers with specific IP addresses from connecting to your server. Although you can restrict access based solely on the domain name, this practice is not recommended because of the resources required to perform a reverse DNS lookup to identify the IP address of the computer attempting to connect.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: