Security in SMTP Virtual Server

Hi!

I'm using a POP3 service and SMTP Service of Windows 2003 server to setup a
small Mail Server Enviroment.

In my "Default SMTP Virtual Server" -> Properties -> Access ->
Authentication I need to allow "Anonymous Acces". If I don't do that, people
can't send me mail's. My question is:

This "Anonymous Access" don't open my SMTP Server to SPAMMERS?

How I know that my SMTP Server is protected and only authenticate users can
send mail through his?

Thanks for anything,

Andrew

Re: Security in SMTP Virtual Server

"aboni" wrote in message
news:%23BwJJN3fGHA.3652@TK2MSFTNGP02.phx.gbl...
> Hi!
>
> I'm using a POP3 service and SMTP Service of Windows 2003 server to setup
> a small Mail Server Enviroment.
>
> In my "Default SMTP Virtual Server" -> Properties -> Access ->
> Authentication I need to allow "Anonymous Acces". If I don't do that,
> people can't send me mail's.

People can send email if they authenticate to the SMTP server. This needs to
be configured in the user's email program


> My question is:
>
> This "Anonymous Access" don't open my SMTP Server to SPAMMERS?

Yes, and No.

Does it mean spammers can send you email? Yes. But you need other people to
be able to send you mail anyway. So, you do need to allow this if your SMTP
server is accepting email from outside users.

Does it mean spammers can hijack your email server to send spam through it?
Not if you don't allow relaying. Ensure that only your private IP addresses
are allowed to relay.


> How I know that my SMTP Server is protected and only authenticate users
> can send mail through his?

You need to disable anonymous authentication if you want *all* users to
authenticate first.

Cheers
Ken

Re: Security in SMTP Virtual Server

Thanks for help!

> Does it mean spammers can hijack your email server to send spam through
> it? Not if you don't allow relaying. Ensure that only your private IP
> addresses are allowed to relay.

My doubt in just in how I should configure relay restrictions.
In the "Relay properties" I should configure like below:

1 - Mark option "Only the list Below";
2 - Add my IP(e.g. 192.168.0.4) to the list;
(My SMTP is installed in same machine that my DNS, I should add my private
IP(e.g. 192.168.0.4) or my internet IP(e.g. 200.166.xxx.xxx)??????)
(Adding IP to the list I can configure my SMTP to be used outside
enterprise(e.g. my home)?????)
3 - Uncheck "Allow all computers witch sucessfully authenticate to relay,
regardless of the list above"
(I think that need uncheck because "Anonymous Access" are allowed, then any
user is authenticated. It's right??????).

It's configuration is valid? My SMTP stay protected against SPAMMERS???

Thanks for any additional help.
Andrew



"Ken Schaefer" escreveu na mensagem
news:ev0wTr6fGHA.2456@TK2MSFTNGP04.phx.gbl...
> "aboni" wrote in message
> news:%23BwJJN3fGHA.3652@TK2MSFTNGP02.phx.gbl...
>> Hi!
>>
>> I'm using a POP3 service and SMTP Service of Windows 2003 server to setup
>> a small Mail Server Enviroment.
>>
>> In my "Default SMTP Virtual Server" -> Properties -> Access ->
>> Authentication I need to allow "Anonymous Acces". If I don't do that,
>> people can't send me mail's.
>
> People can send email if they authenticate to the SMTP server. This needs
> to be configured in the user's email program
>
>
>> My question is:
>>
>> This "Anonymous Access" don't open my SMTP Server to SPAMMERS?
>
> Yes, and No.
>
> Does it mean spammers can send you email? Yes. But you need other people
> to be able to send you mail anyway. So, you do need to allow this if your
> SMTP server is accepting email from outside users.
>
> Does it mean spammers can hijack your email server to send spam through
> it? Not if you don't allow relaying. Ensure that only your private IP
> addresses are allowed to relay.
>
>
>> How I know that my SMTP Server is protected and only authenticate users
>> can send mail through his?
>
> You need to disable anonymous authentication if you want *all* users to
> authenticate first.
>
> Cheers
> Ken
>

Re: Security in SMTP Virtual Server

Hi,

By default, your SMTP server will only accept mail that is addressed To:
someone at your domain.

When you allow "relaying" you allow selected users or IP addresses to send
mail to anyone.

So, you should only enable relaying for:
a) your private IP addresses (this allows machines on your network to send
email to anyone)
and/or
b) authenticated users (users will need valid Windows accounts to send mail
to anyone through the SMTP server)

(b) is usually disabled (you uncheck "Allow all computers witch sucessfully
authenticate to relay, regardless of the list above") and you only enable
(a)

That means anyone can send you email (including spammers), however spammers
can not use your server to send email to anyone (relaying). Only your
private addresses are allowed to relay (send email to anyone).

Cheers
Ken


"aboni" wrote in message
news:%23Sikf8$fGHA.4864@TK2MSFTNGP05.phx.gbl...
> Thanks for help!
>
>> Does it mean spammers can hijack your email server to send spam through
>> it? Not if you don't allow relaying. Ensure that only your private IP
>> addresses are allowed to relay.
>
> My doubt in just in how I should configure relay restrictions.
> In the "Relay properties" I should configure like below:
>
> 1 - Mark option "Only the list Below";
> 2 - Add my IP(e.g. 192.168.0.4) to the list;
> (My SMTP is installed in same machine that my DNS, I should add my private
> IP(e.g. 192.168.0.4) or my internet IP(e.g. 200.166.xxx.xxx)??????)
> (Adding IP to the list I can configure my SMTP to be used outside
> enterprise(e.g. my home)?????)
> 3 - Uncheck "Allow all computers witch sucessfully authenticate to relay,
> regardless of the list above"
> (I think that need uncheck because "Anonymous Access" are allowed, then
> any user is authenticated. It's right??????).
>
> It's configuration is valid? My SMTP stay protected against SPAMMERS???
>
> Thanks for any additional help.
> Andrew
>
>
>
> "Ken Schaefer" escreveu na mensagem
> news:ev0wTr6fGHA.2456@TK2MSFTNGP04.phx.gbl...
>> "aboni" wrote in message
>> news:%23BwJJN3fGHA.3652@TK2MSFTNGP02.phx.gbl...
>>> Hi!
>>>
>>> I'm using a POP3 service and SMTP Service of Windows 2003 server to
>>> setup a small Mail Server Enviroment.
>>>
>>> In my "Default SMTP Virtual Server" -> Properties -> Access ->
>>> Authentication I need to allow "Anonymous Acces". If I don't do that,
>>> people can't send me mail's.
>>
>> People can send email if they authenticate to the SMTP server. This needs
>> to be configured in the user's email program
>>
>>
>>> My question is:
>>>
>>> This "Anonymous Access" don't open my SMTP Server to SPAMMERS?
>>
>> Yes, and No.
>>
>> Does it mean spammers can send you email? Yes. But you need other people
>> to be able to send you mail anyway. So, you do need to allow this if your
>> SMTP server is accepting email from outside users.
>>
>> Does it mean spammers can hijack your email server to send spam through
>> it? Not if you don't allow relaying. Ensure that only your private IP
>> addresses are allowed to relay.
>>
>>
>>> How I know that my SMTP Server is protected and only authenticate users
>>> can send mail through his?
>>
>> You need to disable anonymous authentication if you want *all* users to
>> authenticate first.
>>
>> Cheers
>> Ken
>>
>
>

Re: Security in SMTP Virtual Server

Thanks for reply!

My configuration appears correct, how you describe!

My authentication is defined to:
- Anonymous Access
- Integrated Windows Authentication

My relay configuration is defined to:
- Only the list below
- Allow all computers witch sucessfully authenticate to relay...

It's correct, right? Or no?

Thanks for all help,
Andrew


"Ken Schaefer" escreveu na mensagem
news:%23UaAhGHgGHA.3572@TK2MSFTNGP04.phx.gbl...
> Hi,
>
> By default, your SMTP server will only accept mail that is addressed To:
> someone at your domain.
>
> When you allow "relaying" you allow selected users or IP addresses to send
> mail to anyone.
>
> So, you should only enable relaying for:
> a) your private IP addresses (this allows machines on your network to send
> email to anyone)
> and/or
> b) authenticated users (users will need valid Windows accounts to send
> mail to anyone through the SMTP server)
>
> (b) is usually disabled (you uncheck "Allow all computers witch
> sucessfully authenticate to relay, regardless of the list above") and you
> only enable (a)
>
> That means anyone can send you email (including spammers), however
> spammers can not use your server to send email to anyone (relaying). Only
> your private addresses are allowed to relay (send email to anyone).
>
> Cheers
> Ken
>
>
> "aboni" wrote in message
> news:%23Sikf8$fGHA.4864@TK2MSFTNGP05.phx.gbl...
>> Thanks for help!
>>
>>> Does it mean spammers can hijack your email server to send spam through
>>> it? Not if you don't allow relaying. Ensure that only your private IP
>>> addresses are allowed to relay.
>>
>> My doubt in just in how I should configure relay restrictions.
>> In the "Relay properties" I should configure like below:
>>
>> 1 - Mark option "Only the list Below";
>> 2 - Add my IP(e.g. 192.168.0.4) to the list;
>> (My SMTP is installed in same machine that my DNS, I should add my
>> private IP(e.g. 192.168.0.4) or my internet IP(e.g.
>> 200.166.xxx.xxx)??????)
>> (Adding IP to the list I can configure my SMTP to be used outside
>> enterprise(e.g. my home)?????)
>> 3 - Uncheck "Allow all computers witch sucessfully authenticate to relay,
>> regardless of the list above"
>> (I think that need uncheck because "Anonymous Access" are allowed, then
>> any user is authenticated. It's right??????).
>>
>> It's configuration is valid? My SMTP stay protected against SPAMMERS???
>>
>> Thanks for any additional help.
>> Andrew
>>
>>
>>
>> "Ken Schaefer" escreveu na mensagem
>> news:ev0wTr6fGHA.2456@TK2MSFTNGP04.phx.gbl...
>>> "aboni" wrote in message
>>> news:%23BwJJN3fGHA.3652@TK2MSFTNGP02.phx.gbl...
>>>> Hi!
>>>>
>>>> I'm using a POP3 service and SMTP Service of Windows 2003 server to
>>>> setup a small Mail Server Enviroment.
>>>>
>>>> In my "Default SMTP Virtual Server" -> Properties -> Access ->
>>>> Authentication I need to allow "Anonymous Acces". If I don't do that,
>>>> people can't send me mail's.
>>>
>>> People can send email if they authenticate to the SMTP server. This
>>> needs to be configured in the user's email program
>>>
>>>
>>>> My question is:
>>>>
>>>> This "Anonymous Access" don't open my SMTP Server to SPAMMERS?
>>>
>>> Yes, and No.
>>>
>>> Does it mean spammers can send you email? Yes. But you need other people
>>> to be able to send you mail anyway. So, you do need to allow this if
>>> your SMTP server is accepting email from outside users.
>>>
>>> Does it mean spammers can hijack your email server to send spam through
>>> it? Not if you don't allow relaying. Ensure that only your private IP
>>> addresses are allowed to relay.
>>>
>>>
>>>> How I know that my SMTP Server is protected and only authenticate users
>>>> can send mail through his?
>>>
>>> You need to disable anonymous authentication if you want *all* users to
>>> authenticate first.
>>>
>>> Cheers
>>> Ken
>>>
>>
>>
>
>

Re: Security in SMTP Virtual Server

Only you can decide whether this is correct or not.

With your settings it means that:
a) any one can send mail to yourdomain.com
b) any computer in "the list below" can send email to anyone
c) any user who can authenticate using a valid Windows username/password can
send email to anyone (ensure that all your users have strong passwords!)

Cheers
Ken

"aboni" wrote in message
news:uFoQAeMgGHA.4892@TK2MSFTNGP02.phx.gbl...
> Thanks for reply!
>
> My configuration appears correct, how you describe!
>
> My authentication is defined to:
> - Anonymous Access
> - Integrated Windows Authentication
>
> My relay configuration is defined to:
> - Only the list below
> - Allow all computers witch sucessfully authenticate to relay...
>
> It's correct, right? Or no?
>
> Thanks for all help,
> Andrew
>
>
> "Ken Schaefer" escreveu na mensagem
> news:%23UaAhGHgGHA.3572@TK2MSFTNGP04.phx.gbl...
>> Hi,
>>
>> By default, your SMTP server will only accept mail that is addressed To:
>> someone at your domain.
>>
>> When you allow "relaying" you allow selected users or IP addresses to
>> send mail to anyone.
>>
>> So, you should only enable relaying for:
>> a) your private IP addresses (this allows machines on your network to
>> send email to anyone)
>> and/or
>> b) authenticated users (users will need valid Windows accounts to send
>> mail to anyone through the SMTP server)
>>
>> (b) is usually disabled (you uncheck "Allow all computers witch
>> sucessfully authenticate to relay, regardless of the list above") and
>> you only enable (a)
>>
>> That means anyone can send you email (including spammers), however
>> spammers can not use your server to send email to anyone (relaying). Only
>> your private addresses are allowed to relay (send email to anyone).
>>
>> Cheers
>> Ken
>>
>>
>> "aboni" wrote in message
>> news:%23Sikf8$fGHA.4864@TK2MSFTNGP05.phx.gbl...
>>> Thanks for help!
>>>
>>>> Does it mean spammers can hijack your email server to send spam through
>>>> it? Not if you don't allow relaying. Ensure that only your private IP
>>>> addresses are allowed to relay.
>>>
>>> My doubt in just in how I should configure relay restrictions.
>>> In the "Relay properties" I should configure like below:
>>>
>>> 1 - Mark option "Only the list Below";
>>> 2 - Add my IP(e.g. 192.168.0.4) to the list;
>>> (My SMTP is installed in same machine that my DNS, I should add my
>>> private IP(e.g. 192.168.0.4) or my internet IP(e.g.
>>> 200.166.xxx.xxx)??????)
>>> (Adding IP to the list I can configure my SMTP to be used outside
>>> enterprise(e.g. my home)?????)
>>> 3 - Uncheck "Allow all computers witch sucessfully authenticate to
>>> relay, regardless of the list above"
>>> (I think that need uncheck because "Anonymous Access" are allowed, then
>>> any user is authenticated. It's right??????).
>>>
>>> It's configuration is valid? My SMTP stay protected against SPAMMERS???
>>>
>>> Thanks for any additional help.
>>> Andrew
>>>
>>>
>>>
>>> "Ken Schaefer" escreveu na mensagem
>>> news:ev0wTr6fGHA.2456@TK2MSFTNGP04.phx.gbl...
>>>> "aboni" wrote in message
>>>> news:%23BwJJN3fGHA.3652@TK2MSFTNGP02.phx.gbl...
>>>>> Hi!
>>>>>
>>>>> I'm using a POP3 service and SMTP Service of Windows 2003 server to
>>>>> setup a small Mail Server Enviroment.
>>>>>
>>>>> In my "Default SMTP Virtual Server" -> Properties -> Access ->
>>>>> Authentication I need to allow "Anonymous Acces". If I don't do that,
>>>>> people can't send me mail's.
>>>>
>>>> People can send email if they authenticate to the SMTP server. This
>>>> needs to be configured in the user's email program
>>>>
>>>>
>>>>> My question is:
>>>>>
>>>>> This "Anonymous Access" don't open my SMTP Server to SPAMMERS?
>>>>
>>>> Yes, and No.
>>>>
>>>> Does it mean spammers can send you email? Yes. But you need other
>>>> people to be able to send you mail anyway. So, you do need to allow
>>>> this if your SMTP server is accepting email from outside users.
>>>>
>>>> Does it mean spammers can hijack your email server to send spam through
>>>> it? Not if you don't allow relaying. Ensure that only your private IP
>>>> addresses are allowed to relay.
>>>>
>>>>
>>>>> How I know that my SMTP Server is protected and only authenticate
>>>>> users can send mail through his?
>>>>
>>>> You need to disable anonymous authentication if you want *all* users to
>>>> authenticate first.
>>>>
>>>> Cheers
>>>> Ken
>>>>
>>>
>>>
>>
>>
>
>

Re: Security in SMTP Virtual Server

It's right!

Thanks for help and attention!
Andrew

"Ken Schaefer" escreveu na mensagem
news:%23tJOjBugGHA.4304@TK2MSFTNGP05.phx.gbl...
> Only you can decide whether this is correct or not.
>
> With your settings it means that:
> a) any one can send mail to yourdomain.com
> b) any computer in "the list below" can send email to anyone
> c) any user who can authenticate using a valid Windows username/password
> can send email to anyone (ensure that all your users have strong
> passwords!)
>
> Cheers
> Ken
>
> "aboni" wrote in message
> news:uFoQAeMgGHA.4892@TK2MSFTNGP02.phx.gbl...
>> Thanks for reply!
>>
>> My configuration appears correct, how you describe!
>>
>> My authentication is defined to:
>> - Anonymous Access
>> - Integrated Windows Authentication
>>
>> My relay configuration is defined to:
>> - Only the list below
>> - Allow all computers witch sucessfully authenticate to relay...
>>
>> It's correct, right? Or no?
>>
>> Thanks for all help,
>> Andrew
>>
>>
>> "Ken Schaefer" escreveu na mensagem
>> news:%23UaAhGHgGHA.3572@TK2MSFTNGP04.phx.gbl...
>>> Hi,
>>>
>>> By default, your SMTP server will only accept mail that is addressed To:
>>> someone at your domain.
>>>
>>> When you allow "relaying" you allow selected users or IP addresses to
>>> send mail to anyone.
>>>
>>> So, you should only enable relaying for:
>>> a) your private IP addresses (this allows machines on your network to
>>> send email to anyone)
>>> and/or
>>> b) authenticated users (users will need valid Windows accounts to send
>>> mail to anyone through the SMTP server)
>>>
>>> (b) is usually disabled (you uncheck "Allow all computers witch
>>> sucessfully authenticate to relay, regardless of the list above") and
>>> you only enable (a)
>>>
>>> That means anyone can send you email (including spammers), however
>>> spammers can not use your server to send email to anyone (relaying).
>>> Only your private addresses are allowed to relay (send email to anyone).
>>>
>>> Cheers
>>> Ken
>>>
>>>
>>> "aboni" wrote in message
>>> news:%23Sikf8$fGHA.4864@TK2MSFTNGP05.phx.gbl...
>>>> Thanks for help!
>>>>
>>>>> Does it mean spammers can hijack your email server to send spam
>>>>> through it? Not if you don't allow relaying. Ensure that only your
>>>>> private IP addresses are allowed to relay.
>>>>
>>>> My doubt in just in how I should configure relay restrictions.
>>>> In the "Relay properties" I should configure like below:
>>>>
>>>> 1 - Mark option "Only the list Below";
>>>> 2 - Add my IP(e.g. 192.168.0.4) to the list;
>>>> (My SMTP is installed in same machine that my DNS, I should add my
>>>> private IP(e.g. 192.168.0.4) or my internet IP(e.g.
>>>> 200.166.xxx.xxx)??????)
>>>> (Adding IP to the list I can configure my SMTP to be used outside
>>>> enterprise(e.g. my home)?????)
>>>> 3 - Uncheck "Allow all computers witch sucessfully authenticate to
>>>> relay, regardless of the list above"
>>>> (I think that need uncheck because "Anonymous Access" are allowed, then
>>>> any user is authenticated. It's right??????).
>>>>
>>>> It's configuration is valid? My SMTP stay protected against SPAMMERS???
>>>>
>>>> Thanks for any additional help.
>>>> Andrew
>>>>
>>>>
>>>>
>>>> "Ken Schaefer" escreveu na mensagem
>>>> news:ev0wTr6fGHA.2456@TK2MSFTNGP04.phx.gbl...
>>>>> "aboni" wrote in message
>>>>> news:%23BwJJN3fGHA.3652@TK2MSFTNGP02.phx.gbl...
>>>>>> Hi!
>>>>>>
>>>>>> I'm using a POP3 service and SMTP Service of Windows 2003 server to
>>>>>> setup a small Mail Server Enviroment.
>>>>>>
>>>>>> In my "Default SMTP Virtual Server" -> Properties -> Access ->
>>>>>> Authentication I need to allow "Anonymous Acces". If I don't do that,
>>>>>> people can't send me mail's.
>>>>>
>>>>> People can send email if they authenticate to the SMTP server. This
>>>>> needs to be configured in the user's email program
>>>>>
>>>>>
>>>>>> My question is:
>>>>>>
>>>>>> This "Anonymous Access" don't open my SMTP Server to SPAMMERS?
>>>>>
>>>>> Yes, and No.
>>>>>
>>>>> Does it mean spammers can send you email? Yes. But you need other
>>>>> people to be able to send you mail anyway. So, you do need to allow
>>>>> this if your SMTP server is accepting email from outside users.
>>>>>
>>>>> Does it mean spammers can hijack your email server to send spam
>>>>> through it? Not if you don't allow relaying. Ensure that only your
>>>>> private IP addresses are allowed to relay.
>>>>>
>>>>>
>>>>>> How I know that my SMTP Server is protected and only authenticate
>>>>>> users can send mail through his?
>>>>>
>>>>> You need to disable anonymous authentication if you want *all* users
>>>>> to authenticate first.
>>>>>
>>>>> Cheers
>>>>> Ken
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>