|
Home > Archive > IIS and SMTP > August 2004 > enabling SMTP but restrict open relay
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
enabling SMTP but restrict open relay
|
|
| Joel from London 2004-06-02, 11:53 pm |
| I am running exchange 2000, and some users access their email by POP3. Most of these have a fixed IP, but one user has a dynamic IP assigned from his ISP
I need to enable relaying otherwise the users cannot send emails from the outside, via our server, to the outside. However, I don't want my server to be an open relay
I notice that if I uncheck the "anonymous authentication" for the SMTP server, then we cannot receive emails from the outside. I don't think I can restrict relaying to specific IP addresses because of the user's dynamic IP. So I have to check "Allow all c
omputers which successfully authenticate to relay, regardless of the list above." But I think that allows anonymous people to relay messages through my server
How can I allow the SMTP for remote users but stop anonymous users relaying?
thanks
joel
| |
| Kristofer Gafvert 2004-06-02, 11:53 pm |
| That setting does _not_ allow anonymous users to send emails. What
credentials would the anonymous users have passed to the server? And if it
sent a username and password, can we consider him/her anonymous?
--
Regards,
Kristofer Gafvert - IIS MVP
http://www.ilopia.com - When you need help!
"Joel from London" <anonymous@discussions.microsoft.com> wrote in message
news:17903AC3-5E5E-4081-8DC9-CCBCEACCD423@microsoft.com...
> I am running exchange 2000, and some users access their email by POP3.
Most of these have a fixed IP, but one user has a dynamic IP assigned from
his ISP
> I need to enable relaying otherwise the users cannot send emails from the
outside, via our server, to the outside. However, I don't want my server to
be an open relay
> I notice that if I uncheck the "anonymous authentication" for the SMTP
server, then we cannot receive emails from the outside. I don't think I can
restrict relaying to specific IP addresses because of the user's dynamic IP.
So I have to check "Allow all computers which successfully authenticate to
relay, regardless of the list above." But I think that allows anonymous
people to relay messages through my server
> How can I allow the SMTP for remote users but stop anonymous users
relaying?
>
> thanks
>
> joel
| |
| Joel from London 2004-06-03, 4:52 pm |
| Kristofer-
if someone sends a username and password, then i don't consider that anonymous
i can see on the SMTP queue that there are connections with dodgy domains, half of them russian which is always a bit suspicious, and my users (there are only about 10) should have nothing to do with these messages
if the setting doesn't allow anonymous connections, how can i find out how the unwelcome connections in the message queue got there?
thank you x 1000
joel
----- Kristofer Gafvert wrote: -----
That setting does _not_ allow anonymous users to send emails. What
credentials would the anonymous users have passed to the server? And if it
sent a username and password, can we consider him/her anonymous?
--
Regards,
Kristofer Gafvert - IIS MVP
http://www.ilopia.com - When you need help!
"Joel from London" <anonymous@discussions.microsoft.com> wrote in message
news:17903AC3-5E5E-4081-8DC9-CCBCEACCD423@microsoft.com...
> I am running exchange 2000, and some users access their email by POP3.
Most of these have a fixed IP, but one user has a dynamic IP assigned from
his ISP
> I need to enable relaying otherwise the users cannot send emails from the
outside, via our server, to the outside. However, I don't want my server to
be an open relay
> I notice that if I uncheck the "anonymous authentication" for the SMTP
server, then we cannot receive emails from the outside. I don't think I can
restrict relaying to specific IP addresses because of the user's dynamic IP.
So I have to check "Allow all computers which successfully authenticate to
relay, regardless of the list above." But I think that allows anonymous
people to relay messages through my server
> How can I allow the SMTP for remote users but stop anonymous users
relaying?[vbcol=seagreen]
| |
|
| I am trying to get my email to work as well.
If I'm understanding everything correctly, then the
wording used in the server properties are just very
confusing to understand.
Someone correct me if I'm wrong, but this is how I see it:
Anonymous "authentication" doesn't count as an
authentication method because no credentials are being
passed in this mode of access. Therefore, when you check
Allow users who authenticate to relay, then that doesn't
take into account Anonymous from the Authentication
types, because anonymous access is not a method of
authentication.
When you allow authenticated users to relay, they must
authenticate either through the Basic or Integrated
authentication methods. Anonymous access therefore
shouldn't affect relay whatsoever.
Look at
http://www.ilopia.com/Articles/Wind...r2003/EmailServ
er.aspx also.
I am trying these settings and monitoring the logs for
any relay attempts that may be spam.
What Kristofer was trying to say in his reply to your
post is this: An anonymous user by definition has no
credentials, and so can never be an authenticated user,
by definition, since authentication requires credentials.
Therefore, if someone tries to send a password to
authenticate, only then (and with the right password) can
they get authenticated to relay.
|
|
|
|
|