SMTP security/relaying settings, best practices?

ctjohnson · Sep 21, 2002

Any user, remote or internal, is able to send mail from apparently any address (for example, an external user can send mail from what appears to be an internal address)

What are the preffered security settings for the smtp/pop3 virtual server to prevent this? I tried turning off anonyomus access on the smtp virtual server, but it rejected all incoming messages because servers hadn't authenticated.

Please help!

ctjohnson · Sep 21, 2002

To make this more clear, I don't want people to be able to send be able to send a message from user@ourdomain.com without authenticating, which they now appear to be able to do.

isguyatlanta · Sep 23, 2002

Talk to your ISP about hosting your inbound mail. Have thier server authenticate with yours and turn on SMTP authentication. I have not done this yet, but plan on it.

Kill pop3, very unsecure. I was able to perform a brute force attack on a pop3 server without locking the account. It was running Exchange 2000.

Also see this article about relay:

http://www.exchangeadmin.com/Articles/Index.cfm?ArticleID=7696

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

SMTP security/relaying settings, best practices?

ctjohnson

MIS

ctjohnson

MIS

isguyatlanta

MIS

Similar threads

Part and Inventory Search

Sponsor