Re: OK, I must be retarded or something...

Some firewalls will not support passing NTLM (Integrated Windows Auth). If
this is the case, you'll have to revert back to Basic, and optionally set up
SSL.

--
Ben Winzenz
Exchange MVP
MessageOne


"Harry Bates" <None> wrote in message
news:%23ycWK4cdFHA.2688@xxxxxxxxxxxxxxxxxxxxxxx
> Thanks for your help so far Ben. Here is what I have now in my settings
> now
> that I read your post:
>
> In Exchange Manager:
>
> [Access] Tab
>
> [Authentication] Button:
>
> Anonymous=checked
> Basic=unchecked
> Integrated Windows Authentication=checked
>
> [Relay] Button:
> Only the list below=checked
> Allow all computers that successfully authenticate...=checked
>
> No other changes have been made. Do I need to do something under the
> [Delivery] tab?
>
> Stop and start SMTP. Do I need to stop and restart any other services?
>
> In Outlook I enabled SPA checkbox, and did a "Test Account Settings" that
> came back with a dialog asking for username, password, & domain (not just
> username and password).
> I put in internal domain (fqdn) user and password, but it kept popping up.
> I
> finally clicked [Cancel] and it returned an error message in Outlook
> stating: "The POP3 email account you created does not support SPA..."
>
> Do I need to do something with POP3 Virtual Server?
>
> That you in advance for your help.
>
> -Harry
>
>
>
>
>
>
>
>
>
>
> "Ben Winzenz [Exchange MVP]" <ben_winzenz@NOSPAMdotmessageonedotcom> wrote
> in message news:eBlYcRbdFHA.384@xxxxxxxxxxxxxxxxxxxxxxx
>> 1. You can't disable anonymous authentication, as that is what all other
>> mail servers will use to send mail to your server. This would result in
> all
>> inbound mail being halted, as you experienced. Requiring TLS will result
> in
>> the same experience of inbound mail being halted.
>>
>> 2. For POP3 clients (that relay via SMTP), you should leave the relay
>> defaults enabled, which are "Only the list below", and "allow computer
> that
>> authenticate" check box checked. This allows clients that authenticate
>> to
>> send via your server without opening relaying to anyone. If you want
>> additional security, you can try enabling Windows Authentication on the
> SMTP
>> server, and then setting the Outlook clients to use Secure Password
>> Authentication (SPA). You can also set up SSL on the POP3 virtual server
>> and the SMTP Virtual Server, but you won't want to require SSL on the
>> SMTP
>> VS unless you create a separate one specifically for your POP3 clients.
>>
>> --
>> Ben Winzenz
>> Exchange MVP
>> MessageOne
>>
>>
>> "Harry Bates" <None> wrote in message
>> news:OlrmwfadFHA.1292@xxxxxxxxxxxxxxxxxxxxxxx
>> > OK, I must be retarded or something. I am having the hardest time
> setting
>> > up
>> > POP3 mail for external users. When I do, eithe it halts all mail with
>> > no
>> > immediate return messages or it only allows delivery from an internal
> user
>> > to an internal user. I obviously do not want to have the relay open.
> That
>> > is
>> > understood. Here are the latest sub-genius steps I have done with no
>> > avail.
>> >
>> > Exchange 2003 over 2003 native\native AD domain
>> >
>> > All done under properties of <Server>\SMTP:
>> > 1. Accesss tab, Authentication button. Anonymous unchecked, Basic
>> > Authentication checked, and the default domain is listed correctly.
>> > Just
>> > for
>> > testing I did not use TLS encryption. (is this absolutely necessary to
>> > make
>> > it work?)
>> >
>> > 2. Click OK, then go to the Relay button. Click the radio button ON for
>> > "All
>> > except the list below" and obviously radio button OFF for "Only the
>> > list
>> > below".
>> >
>> > 3. Stop and restart SMTP service to make sure seetings take effect.
>> >
>> > 4. On the Outlook clients I set "Server requires Auth..." & "Use same
>> > username and password..."
>> >
>> > At this point no mail travels. What am I doing wrong. All of the other
>> > settings are basically default, and there are no connnectors set up.
>> > Thanks
>> > for your anticipated help because I am new to the whole Exchange and
> mail
>> > server thing.
>> >
>> >
>> >
>> > -Harry Bates
>> >
>> >
>> >
>>
>>
>
>


.