Programming4us
         
 
 
Windows Server

Windows Server 2008 : Configuring SMTP (part 4) - Securing Access to an SMTP Virtual Server

12/20/2010 9:04:37 AM
Securing Access to an SMTP Virtual Server

To prevent unwanted use of SMTP virtual servers, it is important to configure access rules for sending messages by SMTP. A large portion of unsolicited commercial e-mail (spam) is sent through SMTP relays that are unprotected. You can manage rules for using the SMTP virtual server through the properties on the Access tab. (See Figure 5.)

Figure 5. Configuring Access settings for an SMTP virtual server


You can use the Authentication settings to determine how potential users of the SMTP virtual server must pass their credentials to the service. Figure 6 shows the available options. The default setting is Anonymous Access, which specifies that no credentials are required to connect to the SMTP virtual server. This option is useful when you are using other methods (such as firewalls or trusted network connections) to prevent unauthorized access to the server.

Figure 6. Managing authentication options for an SMTP virtual server


The Basic Authentication option requires a username and password to be sent to the SMTP virtual server. By default, these logon credentials are transmitted using clear text and are, therefore, susceptible to being intercepted. You can also enable Transport Layer Security (TLS) to enable encryption for sent messages. TLS uses a certificate-based approach to create the encrypted connection. Integrated Windows Authentication relies on standard Windows accounts to verify credentials to access the system. This method is most appropriate for applications that will be used by a single Windows account or when all potential users of the SMTP server have Active Directory domain accounts.

In addition to configuring authentication settings, you can also restrict access to an SMTP virtual server based on IP addresses or domain names. This can help ensure that only authorized network clients are able to use SMTP services. To add these restrictions, click the Connection button on the Access tab of the properties of the SMTP virtual server. You will be able to choose the default behavior for connection attempts.

The Only The List Below option means that only computers that match the entry rules you have configured will be able to use the server. This is most appropriate when all the expected client computers are part of one or a few networks. The All Except The List Below option means that the rules you add are for computers that are not allowed to use the SMTP virtual server. Click the Add button to create new configuration rules. (See Figure 7.) You can configure restrictions by specifying a single IP address or an IP address range.

Figure 7. Creating a new Connection Control rule for an SMTP virtual server


You can also use the DNS Lookup command to find a specific IP address based on a domain name. The Domain option instructs the SMTP server to perform a DNS reverse lookup operation when a computer attempts to connect. This method attempts to resolve the IP address of the incoming connection to a DNS name. Enabling this option can reduce performance due to the overhead of performing many DNS queries.

The final set of Access control options are relay restrictions. SMTP relaying occurs when a message is sent with both to and from addresses that are not part of the virtual server’s domain. Relaying is a common method by which large spammers are able to use unprotected SMTP virtual servers to send unsolicited mail. The Relay Restrictions option enables you to specify which computers can relay messages through the SMTP server. (See Figure 8.) The default settings are for all users and computers to be allowed to relay messages as long as they are able to authenticate. You can use the Add command to define which IP addresses, domain names, or both will be allowed to relay messages.

Figure 8. Configuring SMTP relay restrictions


Note: Helping reduce spam

Apart from the benefits of reducing load on unprotected networks, there are other good reasons to protect your SMTP virtual server from unauthorized access. Many anti-spam utilities will maintain a list of known unprotected SMTP servers and will add them to a blocklist. All messages sent through this SMTP relay might be marked as spam, making it difficult for your users and applications to communicate with individuals outside your organization. When you’re setting up a new SMTP virtual server, be sure to take the time to secure the configuration. It is also important to review SMTP server configuration and log files regularly to find potential unauthorized use of the server.

Other -----------------
- Windows Server 2008 : Configuring FTP (part 14) - Using FTP Client Software
- Windows Server 2008 : Configuring FTP (part 13) - Configuring Directory Browsing
- Windows Server 2008 : Configuring FTP (part 12) - Managing FTP Site Settings
- Windows Server 2008 : Configuring FTP (part 11) - Managing FTP Firewall Options
- Windows Server 2008 : Configuring FTP (part 10) - Configuring FTP SSL Settings
- Windows Server 2008 : Configuring FTP (part 9) - Configuring FTP User Isolation Options
- Windows Server 2008 : Configuring FTP (part 8) - Managing FTP User Security
- Windows Server 2008 : Configuring FTP (part 7)
- Windows Server 2008 : Configuring FTP (part 6) - Installing and Managing FTP 7
- Windows Server 2008 : Configuring FTP (part 5)
- Windows Server 2008 : Configuring FTP (part 4)
- Windows Server 2008 : Configuring FTP (part 3) - Configuring FTP Site Properties
- Windows Server 2008 : Configuring FTP (part 2) - Configuring FTP Sites by Using IIS 6.0 Manager
- Windows Server 2008 : Configuring FTP (part 1) - Installing the FTP Publishing Service
- Windows Server 2008 : Controlling Access to Web Services (part 10) - Configuring .NET Trust Levels
- Windows Server 2008 : Controlling Access to Web Services (part 9) - Configuring IP Address and Domain Restrictions
- Windows Server 2008 : Controlling Access to Web Services (part 8)
- Windows Server 2008 : Controlling Access to Web Services (part 7)
- Windows Server 2008 : Controlling Access to Web Services (part 6) - Configuring Server Certificates
- Windows Server 2008 : Controlling Access to Web Services (part 5) - Managing URL Authorization Rules
 
 
Most View
- jQuery 1.3 : AJAX - Passing data to the server
- SharePoint 2010 : Organizing Information - An Information Organization Project
- Troubleshooting and Optimizing SQL Server 2005 : Data Analysis and Problem Diagnosis
- Optimizing SQL Server for SharePoint 2010 (part 2) - Database Files and Their Location
- Installing Configuration Manager 2007 : ConfigMgr Service Manager
- Exchange Server 2010 : Manage Database Redundancy (part 1) - Configure Redundant Databases
- Windows Phone 7 : Loading Local Bitmaps from Code
- SharePoint 2010: Modify a Content Type
- Windows 7 : Enhancing Your Browsing Security (part 6) - Managing Add-Ons
- Windows Server 2008 : Using Virtualization to Increase Productivity and Facilitate Consolidation - Installing Hyper-V
Top 10
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 3) - Configuring Recipient Filtering
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 2)
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 1)
- Implementing Edge Services for an Exchange Server 2007 Environment : Installing and Configuring the Edge Transport Server Components
- What's New in SharePoint 2013 (part 7) - BCS
- What's New in SharePoint 2013 (part 6) - SEARCH
- What's New in SharePoint 2013 (part 6) - WEB CONTENT MANAGEMENT
- What's New in SharePoint 2013 (part 5) - ENTERPRISE CONTENT MANAGEMENT
- What's New in SharePoint 2013 (part 4) - WORKFLOWS
- What's New in SharePoint 2013 (part 3) - REMOTE EVENTS