Troubleshooter: Making Your Exchange 2000 SMTP Gateway More Secure

To experiment with making my Exchange 2000 Server SMTP gateway more secure, I configured a test server to deny anonymous access and require authentication. After I set those requirements, we couldn't receive Internet mail. What caused that behavior?

The engineers who developed the SMTP protocol didn't design it to require any type of authentication. They probably never imagined the protocol's potential abuses—spam and mail-bombing among them. When one mail server uses SMTP to send a message to its peer, the two servers don't have a shared basis for authentication. Therefore, when you require authentication on your server, other SMTP servers on the Internet can't authenticate to you and you get no mail from them.

However, because users who've properly configured their mailer can authenticate using the same credentials they use to pick up their mail, your server will still accept their messages. You can tell Exchange 2000 to allow relaying only from clients who successfully authenticated. This setup lets random SMTP servers send mail addressed to your users and lets your users use your SMTP server to send mail to users on other systems—all without letting spammers use your system as a spam injector. For more information about securing SMTP servers, see Joseph Neubauer's articles, "Fortify Your Email Transport, Part 2," January 2002, InstantDoc ID 23149; "Fortify Your Email Transport, Part 1," December 2001, InstantDoc ID 22858; and "Secure Client Communications with SSL," October 2001, InstantDoc ID 22153.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.