SMTP Authentication Question

mmonti · Oct 16, 2003

Hi,
Recently their have been some articles out on the increasing amount of authentication attacks against the SMTP virtual server. Spammers use brute force attacks till they crack a valid user account. Then they spam.

Can't you just turn off basic authentication and windows authentication to the SMTP virtual server? I know we have to leave anonymous access enabled or else we will not receive mail.

In my exchange enviroment 90 percent of my users use OWA to access there mail and the other ten percent use Outlook MAPI.

-Monti

gmcdonnell · Oct 19, 2003

What you want to do is turn off the ability to relay SMTP mail if one is authenticated.

To do so use Exchange System Manager and drill down through the object tree to the Default Virtual SMTP Server. Right click the object and select the Properties. Change to the Access tab, click on the Relay tab and uncheck the option box titled "Allow all computers that successfully authenticate to relay...". Click OK to save the changes and you're done.

Good luck!

Gary McDonnell

http://turbogeeks.com

Stop Spam with TurboGeeks Block & Tackle

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

SMTP Authentication Question

mmonti

IS-IT--Management

gmcdonnell

MIS

Similar threads

Part and Inventory Search

Sponsor