Re: Default SMTP Virtual Server - Best authentication methods?

Very good. Thanks, Robert.

On Tue, 05 Jun 2007 10:11:59 GMT, Robert Li [MSFT] wrote:

Hi Mike,

Thanks for updating.

I am glad to know the information is help to you.

I checked your settings for the authentication method. They are the same as
my test machine and are default settings.

Hope the information helps.

If you have any questions, please don't hesitate to let me know.

Best regards,

Robert Li(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================

This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
<From: Mike H <mkREMOVEhuskeyALL@xxxxxxxxxxxxxxxxxxx>
<Subject: Re: Default SMTP Virtual Server - Best authentication methods?
<User-Agent: 40tude_Dialog/2.0.15.1 (c3106ae0.44.447)
<MIME-Version: 1.0
<Content-Type: text/plain; charset="us-ascii"
<Content-Transfer-Encoding: 7bit
<References: <OJzFfDLpHHA.3264@xxxxxxxxxxxxxxxxxxxx>
<LUkEL4npHHA.1140@xxxxxxxxxxxxxxxxxxxxxx>
<Date: Mon, 4 Jun 2007 15:31:03 -0700
<Message-ID: <#bVoJgvpHHA.4364@xxxxxxxxxxxxxxxxxxxx>
<Newsgroups: microsoft.public.windows.server.sbs
<NNTP-Posting-Host: adsl-71-144-115-66.dsl.renocs.sbcglobal.net
71.144.115.66
<Lines: 1
<Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP03.phx.gbl
<Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:41680
<X-Tomcat-NG: microsoft.public.windows.server.sbs
<
<Changed back as you suggest. Thank you.
<
<So, for that Authentication box I have check-marked all three methods of
<authentication as you say. I'm not sure if a stop and start is necessary
<for those changes, but I did so anyway.
<
<Additionally:
< "Resolve anonymous e-mail" - NOT checked
< "Requires TLS encryption" - NOT checked
< "Default Domain" - blank
< Under "Users", what I see is "Authenticated Users" only.
<
<If those settings are good as well, then I guess all is good to go.
<
<Regards,
<Mike
<
<On Mon, 04 Jun 2007 07:57:46 GMT, Robert Li [MSFT] wrote:
<
<> Hi Mike,
<>
<> Thanks for posting in our newsgroup.
<>
<> I am sorry for the delay due to the weekend.
<>
<> Generally speaking, if you deploy IMF v2 on a gateway Exchange server,
you
<> can disable all forms of authentication on your inbound SMTP virtual
<> servers that accept Internet mail to avoid dictionary attack. On the
<> backend Exchange server, you can check all the authentication methods
<> because some partner company needs authentication.
<>
<> On SBS server, since there is only one Exchange server and that is not a
<> gateway server, so it's recommended to check the all the three
<> authentication methods and Anonymous access has the highest priority.
<>
<> For more information, please refer to:
<>
<> How to troubleshoot the "504 need to authenticate first" SMTP protocol
error
<> http://support.microsoft.com/kb/843106
<>
<> Hope the information helps.
<>
<> If you have any concerns on this issue, please don't hesitate to let me
<> know.
<>
<> Best regards,
<>
<> Robert Li(MSFT)
<>
<> Microsoft CSS Online Newsgroup Support
<>
<> Get Secure! - www.microsoft.com/security
<>
<> =====================================================
<>
<> This newsgroup only focuses on SBS technical issues. If you have issues
<> regarding other Microsoft products, you'd better post in the
corresponding
<> newsgroups so that they can be resolved in an efficient and timely
manner.
<> You can locate the newsgroup here:
<> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
<>
<> When opening a new thread via the web interface, we recommend you check
the
<> "Notify me of replies" box to receive e-mail notifications when there
are
<> any updates in your thread. When responding to posts via your
newsreader,
<> please "Reply to Group" so that others may learn and benefit from your
<> issue.
<>
<> Microsoft engineers can only focus on one issue per thread. Although we
<> provide other information for your reference, we recommend you post
<> different incidents in different threads to keep the thread clean. In
doing
<> so, it will ensure your issues are resolved in a timely manner.
<>
<> For urgent issues, you may want to contact Microsoft CSS directly.
Please
<> check http://support.microsoft.com for regional support phone numbers.
<>
<> Any input or comments in this thread are highly appreciated.
<>
<> =====================================================
<>
<> This posting is provided "AS IS" with no warranties, and confers no
rights.
<>
<> --------------------
<> <From: Mike H <mkREMOVEhuskeyALL@xxxxxxxxxxxxxxxxxxx>
<> <Subject: Default SMTP Virtual Server - Best authentication methods?
<> <User-Agent: 40tude_Dialog/2.0.15.1 (41bd9d2e.23.388)
<> <MIME-Version: 1.0
<> <Content-Type: text/plain; charset="us-ascii"
<> <Content-Transfer-Encoding: 7bit
<> <Date: Fri, 1 Jun 2007 17:56:35 -0700
<> <Message-ID: <OJzFfDLpHHA.3264@xxxxxxxxxxxxxxxxxxxx>
<> <Newsgroups: microsoft.public.windows.server.sbs
<> <NNTP-Posting-Host: adsl-71-144-115-66.dsl.renocs.sbcglobal.net
<> 71.144.115.66
<> <Lines: 1
<> <Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP04.phx.gbl
<> <Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:41103
<> <X-Tomcat-NG: microsoft.public.windows.server.sbs
<> <
<> <In setting up Intelligent Message Filter for Exchange 2003 SP2 I
<> <followed the guidelines in "Microsoft Exchange Server Intelligent
<> <Message Filter v2 Operations Guide".
<> <
<> <On pages 10 and 11 Microsoft discusses "Helping to Secure Your Gateway
<> <SMTP Virtual Servers." To this end it's suggested that for the inbound
<> <Exchange Server, which in my case is the default virtual server, one
<> <accept only Anonymous Access, unstriking Basic Authentication and
<> <Integrated Windows Authentication. I'm told by the documentation that
<> <this prevents one source of password discovery. In the default
<> <installation on my server all three of those methods were ticked.
<> <
<> <I feel like checking that out here. I see many more SMTP connection
<> <errors in the Application Log, but I'm not sure that's related. I've
<> <gone from 0-6 SMTP connection errors a day to about 20. These errors
<> <have always been have been and continue to be MSExchange Transport
<> <EventIDs 7004 and 7010. They appear to be legitimately REJECTED
<> <connections. I am in no way unhappy or concerned by those errors.
<> <
<> <* What I'm wondering is if illegitimate connections were being made
<> <before, or is what is now 0-20 connection drops still in the range of
<> <"normal"?
<> <
<> <* Are those authentication settings correct?
.

Relevant Pages

  • RE: RWW Remote Web Workplace Multiple Logins
    ... Did you install ISA Server Feature Pack 1 and the update per Q331062? ... configure ISA Server pass-through authentication for incoming Web requests. ... Click Start, point to Programs, point to Microsoft ISA Server and click ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • RE: RWW Remote Web Workplace Multiple Logins
    ... this issue could be caused by the authentication ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ... | Did you install ISA Server Feature Pack 1 and the update per Q331062? ...
    (microsoft.public.windows.server.sbs)
  • RE: screwed up Outlook Web Access context?
    ... > Thank you for posting in the SBS newsgroup. ... you have changed some settings of the SBS Server. ... > Authentication" check box, and select High in the Compression box. ... To restart Microsoft Internet Information Services ...
    (microsoft.public.windows.server.sbs)
  • RE: Form Based Authentication on ISA2k4
    ... Again, thanks for using newsgroup. ... Microsoft CSS Online Newsgroup Support ... Form Based Authentication on ISA2k4 ... The FBA was already enabled on the Exchange Server ...
    (microsoft.public.windows.server.sbs)
  • Re: Default SMTP Virtual Server - Best authentication methods?
    ... I checked your settings for the authentication method. ... This newsgroup only focuses on SBS technical issues. ... Generally speaking, if you deploy IMF v2 on a gateway Exchange server, ... authentication methods and Anonymous access has the highest priority. ...
    (microsoft.public.windows.server.sbs)