Programming4us
         
 
 
Windows Server

Windows Server 2008 : Configuring SMTP (part 4) - Securing Access to an SMTP Virtual Server

- Windows Server 2008 R2 : Work with RAID Volumes - Understand RAID Levels & Implement RAID
- Windows Server 2008 R2 Administration : Managing Printers with the Print Management Console
- Configuring Email Settings in Windows Small Business Server 2011
- Windows Server 2008 R2 : Configuring Folder Security, Access, and Replication - Implement Permissions
12/20/2010 9:04:37 AM
Securing Access to an SMTP Virtual Server

To prevent unwanted use of SMTP virtual servers, it is important to configure access rules for sending messages by SMTP. A large portion of unsolicited commercial e-mail (spam) is sent through SMTP relays that are unprotected. You can manage rules for using the SMTP virtual server through the properties on the Access tab. (See Figure 5.)

Figure 5. Configuring Access settings for an SMTP virtual server


You can use the Authentication settings to determine how potential users of the SMTP virtual server must pass their credentials to the service. Figure 6 shows the available options. The default setting is Anonymous Access, which specifies that no credentials are required to connect to the SMTP virtual server. This option is useful when you are using other methods (such as firewalls or trusted network connections) to prevent unauthorized access to the server.

Figure 6. Managing authentication options for an SMTP virtual server


The Basic Authentication option requires a username and password to be sent to the SMTP virtual server. By default, these logon credentials are transmitted using clear text and are, therefore, susceptible to being intercepted. You can also enable Transport Layer Security (TLS) to enable encryption for sent messages. TLS uses a certificate-based approach to create the encrypted connection. Integrated Windows Authentication relies on standard Windows accounts to verify credentials to access the system. This method is most appropriate for applications that will be used by a single Windows account or when all potential users of the SMTP server have Active Directory domain accounts.

In addition to configuring authentication settings, you can also restrict access to an SMTP virtual server based on IP addresses or domain names. This can help ensure that only authorized network clients are able to use SMTP services. To add these restrictions, click the Connection button on the Access tab of the properties of the SMTP virtual server. You will be able to choose the default behavior for connection attempts.

The Only The List Below option means that only computers that match the entry rules you have configured will be able to use the server. This is most appropriate when all the expected client computers are part of one or a few networks. The All Except The List Below option means that the rules you add are for computers that are not allowed to use the SMTP virtual server. Click the Add button to create new configuration rules. (See Figure 7.) You can configure restrictions by specifying a single IP address or an IP address range.

Figure 7. Creating a new Connection Control rule for an SMTP virtual server


You can also use the DNS Lookup command to find a specific IP address based on a domain name. The Domain option instructs the SMTP server to perform a DNS reverse lookup operation when a computer attempts to connect. This method attempts to resolve the IP address of the incoming connection to a DNS name. Enabling this option can reduce performance due to the overhead of performing many DNS queries.

The final set of Access control options are relay restrictions. SMTP relaying occurs when a message is sent with both to and from addresses that are not part of the virtual server’s domain. Relaying is a common method by which large spammers are able to use unprotected SMTP virtual servers to send unsolicited mail. The Relay Restrictions option enables you to specify which computers can relay messages through the SMTP server. (See Figure 8.) The default settings are for all users and computers to be allowed to relay messages as long as they are able to authenticate. You can use the Add command to define which IP addresses, domain names, or both will be allowed to relay messages.

Figure 8. Configuring SMTP relay restrictions


Note: Helping reduce spam

Apart from the benefits of reducing load on unprotected networks, there are other good reasons to protect your SMTP virtual server from unauthorized access. Many anti-spam utilities will maintain a list of known unprotected SMTP servers and will add them to a blocklist. All messages sent through this SMTP relay might be marked as spam, making it difficult for your users and applications to communicate with individuals outside your organization. When you’re setting up a new SMTP virtual server, be sure to take the time to secure the configuration. It is also important to review SMTP server configuration and log files regularly to find potential unauthorized use of the server.

Other -----------------
- Windows Server 2008 : Configuring SMTP (part 3) - Configuring General SMTP Server Settings
- Windows Server 2008 : Configuring SMTP (part 2) - Creating a New SMTP Virtual Server
- Windows Server 2008 : Configuring SMTP (part 1) - Installing the SMTP Server Feature
- Windows Server 2008 : Configuring FTP (part 14) - Using FTP Client Software
- Windows Server 2008 : Configuring FTP (part 13) - Configuring Directory Browsing
- Windows Server 2008 : Configuring FTP (part 12) - Managing FTP Site Settings
- Windows Server 2008 : Configuring FTP (part 11) - Managing FTP Firewall Options
- Windows Server 2008 : Configuring FTP (part 10) - Configuring FTP SSL Settings
- Windows Server 2008 : Configuring FTP (part 9) - Configuring FTP User Isolation Options
- Windows Server 2008 : Configuring FTP (part 8) - Managing FTP User Security
- Windows Server 2008 : Configuring FTP (part 7)
- Windows Server 2008 : Configuring FTP (part 6) - Installing and Managing FTP 7
- Windows Server 2008 : Configuring FTP (part 5)
- Windows Server 2008 : Configuring FTP (part 4)
- Windows Server 2008 : Configuring FTP (part 3) - Configuring FTP Site Properties
- Windows Server 2008 : Configuring FTP (part 2) - Configuring FTP Sites by Using IIS 6.0 Manager
- Windows Server 2008 : Configuring FTP (part 1) - Installing the FTP Publishing Service
- Windows Server 2008 : Controlling Access to Web Services (part 10) - Configuring .NET Trust Levels
- Windows Server 2008 : Controlling Access to Web Services (part 9) - Configuring IP Address and Domain Restrictions
- Windows Server 2008 : Controlling Access to Web Services (part 8)
 
 
Most View
- Programming WCF Services : Queued Services - Delivery Failures (part 1) - Configuring the Dead-Letter Queue
- SQL server 2012 : T-SQL Enhancements - Windowing (OVER Clause) Enhancements
- Windows Phone 7: Posting to Facebook or Windows Live
- Windows Phone 7: Linking Contacts
- Managing Windows Server 2012 Storage and File Systems : Storage Management (part 6) - Configuring storage - Using the MBR and GPT partition styles, Using the disk storage types
- Windows Phone 7 : Using the Touch Screen (part 4) - Sprite Hit Testing - Elliptical Hit Tests, Building the Hit Tests into the Game Framework
- Windows Phone 8 : Phone Hardware - Using Motion (part 1)
- SQL Server 2008 : Developing Custom Managed Database Objects (part 4) - Developing Managed User-Defined Types
- SQL Server 2008 Scheduling and Notification : Managing Operators
- SQL Azure : Connecting to a SQL Azure Database (part 1) - Connecting Using ADO.NET
Top 10
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 3) - Configuring Recipient Filtering
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 2)
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 1)
- Implementing Edge Services for an Exchange Server 2007 Environment : Installing and Configuring the Edge Transport Server Components
- What's New in SharePoint 2013 (part 7) - BCS
- What's New in SharePoint 2013 (part 6) - SEARCH
- What's New in SharePoint 2013 (part 6) - WEB CONTENT MANAGEMENT
- What's New in SharePoint 2013 (part 5) - ENTERPRISE CONTENT MANAGEMENT
- What's New in SharePoint 2013 (part 4) - WORKFLOWS
- What's New in SharePoint 2013 (part 3) - REMOTE EVENTS