Re: Help, I've been hijacked! :-(

• Previous message: -D-: "Re: SMTP relay properties"
• In reply to: Bill Seymour: "Re: Help, I've been hijacked! :-("
• Next in thread: Bill Seymour: "Re: Help, I've been hijacked! :-("
• Reply: Bill Seymour: "Re: Help, I've been hijacked! :-("
• Messages sorted by: [ date ] [ thread ]

Date: Tue, 21 Sep 2004 17:03:19 +1000

"Bill Seymour" <billsey@dsl-only.net> wrote in message
news:u3aR$m4nEHA.4032@TK2MSFTNGP15.phx.gbl...
> Thanks again Ken.
>
> a) I've been working my way through the documentation for a long time now,
> but I'm sorry to say that I'm still too much in the dark. :-(

That's OK - it'll start to make sense over time as you actually play with
stuff. Too many people don't even have an idea of what they're doing at all
because they don't read the instructions

> b) I'm setup for encrypted password file authentication, since I
> understand that using Windows authentication requires that I setup a
> Windows account for each user, rather than just an account for the
> POP3/SMTP server. I haven't enabled TLS, I'd like to get things at least
> working again before I complicate things. Right now, no one is able to
> authenticate, so no one can send or receive email... Does the encrypted
> password file stuff work?

OK, the "encrypted file" thing - that's for the POP3 server *only* (as far
as I remember - I'll look into this for you). It's not something that users
can use to authenticate to the SMTP service to relay mail. To use the "allow
computers who authenticate to relay" option (again, as far as I can
remember - I could be wrong here), the user will need a Windows account, and
use that username/password to authenticate to the SMTP server. If you enable
Basic Auth here, then you should consider using TLS to ensure that the
credentials are encrypted between user and server.

Cheers
Ken

> C) Thanks, I placed an order. It's liable to be a week or so before it
> arrives though...
>
> "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
> news:eQasbN4nEHA.2340@TK2MSFTNGP11.phx.gbl...
>> Hi,
>>
>> a) Reading the documentation is a good start. It covers a lot of
>> information, and gives you a good background on what you need to do (eg
>> what clients you can use) for authentication purposes
>>
>> b) Are your users on an internal trusted LAN? or are they roaming out on
>> the internet? If they are on the trusted LAN, add your LAN's IP
>> addresses/subnets to the "only the list below" in the dialogue. If they
>> are roaming out on the internet you will need to:
>> - select an authentication mechanism. IIS supports Basic and
>> Integrated Windows Authentication (this is actually NTLM v2
>> authentication)
>> - ensure that the users have a compatible email client. Only Microsoft
>> email clients (eg Outlook Express and Outlook), and maybe a handful of
>> 3rd party clients support NTLM v2 authentication. The rest only support
>> Basic. If you are using Basic auth, then the user's username/password is
>> passed in clear-text across the internet *unless* you enable TLS
>> (Transport Layer Security). TLS is basically the same as SSL (that
>> websites use), and encrypts the traffic between the server and client. If
>> you already have a certificate for your website, then you can reuse that
>> for your SMTP server (if the DNS names are the same).
>>
>> c) <shameless plug> There's a whole chapter on securing MS SMTP server
>> and MS POP3 server in the IIS6 security book that I co-wrote:
>> http://www.amazon.com/exec/obidos/ASIN/1931836256/adopenstati0f-20 If you
>> want to get up-to-speed on IIS6 security quickly, then this might be a
>> worthwhile investment</shameless plug>
>>
>> Cheers
>> Ken
>
>

• Previous message: -D-: "Re: SMTP relay properties"
• In reply to: Bill Seymour: "Re: Help, I've been hijacked! :-("
• Next in thread: Bill Seymour: "Re: Help, I've been hijacked! :-("
• Reply: Bill Seymour: "Re: Help, I've been hijacked! :-("
• Messages sorted by: [ date ] [ thread ]