Re: Default SMTP Virtual Server - Best authentication methods?
- From: Mike H <mkREMOVEhuskeyALL@xxxxxxxxxxxxxxxxxxx>
- Date: Mon, 4 Jun 2007 15:31:03 -0700
Changed back as you suggest. Thank you.
So, for that Authentication box I have check-marked all three methods of
authentication as you say. I'm not sure if a stop and start is necessary
for those changes, but I did so anyway.
Additionally:
"Resolve anonymous e-mail" - NOT checked
"Requires TLS encryption" - NOT checked
"Default Domain" - blank
Under "Users", what I see is "Authenticated Users" only.
If those settings are good as well, then I guess all is good to go.
Regards,
Mike
On Mon, 04 Jun 2007 07:57:46 GMT, Robert Li [MSFT] wrote:
Hi Mike,.
Thanks for posting in our newsgroup.
I am sorry for the delay due to the weekend.
Generally speaking, if you deploy IMF v2 on a gateway Exchange server, you
can disable all forms of authentication on your inbound SMTP virtual
servers that accept Internet mail to avoid dictionary attack. On the
backend Exchange server, you can check all the authentication methods
because some partner company needs authentication.
On SBS server, since there is only one Exchange server and that is not a
gateway server, so it's recommended to check the all the three
authentication methods and Anonymous access has the highest priority.
For more information, please refer to:
How to troubleshoot the "504 need to authenticate first" SMTP protocol error
http://support.microsoft.com/kb/843106
Hope the information helps.
If you have any concerns on this issue, please don't hesitate to let me
know.
Best regards,
Robert Li(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
<From: Mike H <mkREMOVEhuskeyALL@xxxxxxxxxxxxxxxxxxx>
<Subject: Default SMTP Virtual Server - Best authentication methods?
<User-Agent: 40tude_Dialog/2.0.15.1 (41bd9d2e.23.388)
<MIME-Version: 1.0
<Content-Type: text/plain; charset="us-ascii"
<Content-Transfer-Encoding: 7bit
<Date: Fri, 1 Jun 2007 17:56:35 -0700
<Message-ID: <OJzFfDLpHHA.3264@xxxxxxxxxxxxxxxxxxxx>
<Newsgroups: microsoft.public.windows.server.sbs
<NNTP-Posting-Host: adsl-71-144-115-66.dsl.renocs.sbcglobal.net
71.144.115.66
<Lines: 1
<Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP04.phx.gbl
<Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:41103
<X-Tomcat-NG: microsoft.public.windows.server.sbs
<
<In setting up Intelligent Message Filter for Exchange 2003 SP2 I
<followed the guidelines in "Microsoft Exchange Server Intelligent
<Message Filter v2 Operations Guide".
<
<On pages 10 and 11 Microsoft discusses "Helping to Secure Your Gateway
<SMTP Virtual Servers." To this end it's suggested that for the inbound
<Exchange Server, which in my case is the default virtual server, one
<accept only Anonymous Access, unstriking Basic Authentication and
<Integrated Windows Authentication. I'm told by the documentation that
<this prevents one source of password discovery. In the default
<installation on my server all three of those methods were ticked.
<
<I feel like checking that out here. I see many more SMTP connection
<errors in the Application Log, but I'm not sure that's related. I've
<gone from 0-6 SMTP connection errors a day to about 20. These errors
<have always been have been and continue to be MSExchange Transport
<EventIDs 7004 and 7010. They appear to be legitimately REJECTED
<connections. I am in no way unhappy or concerned by those errors.
<
<* What I'm wondering is if illegitimate connections were being made
<before, or is what is now 0-20 connection drops still in the range of
<"normal"?
<
<* Are those authentication settings correct?
- Follow-Ups:
- Re: Default SMTP Virtual Server - Best authentication methods?
- From: Robert Li [MSFT]
- Re: Default SMTP Virtual Server - Best authentication methods?
- References:
- Default SMTP Virtual Server - Best authentication methods?
- From: Mike H
- RE: Default SMTP Virtual Server - Best authentication methods?
- From: Robert Li [MSFT]
- Default SMTP Virtual Server - Best authentication methods?
- Prev by Date: Re: Changing Domain names
- Next by Date: Re: Remote Desktops Tool
- Previous by thread: RE: Default SMTP Virtual Server - Best authentication methods?
- Next by thread: Re: Default SMTP Virtual Server - Best authentication methods?
- Index(es):
Relevant Pages
|
