Sheldon's Blog .Com

SEE: http://support.zen.co.uk/kb/Knowledgebase/How-to-disable-authenticated-SMTP-in-MS-Exchange-2003?Keywords=server where this Article is Originally Published. Full credit for original authorship of this knowledge base Article goes to whoever published it at that URL. All copyrights remain with the original author. This article will be immediately removed from here on notice from support.zen.co.uk.

Aim of this article:

This article provides instructions on disabling authenticated delivery of e-mail over the SMTP protocol to a Microsoft Exchange 2003 Server, in order to prevent yourserver from being used as a relay for fraudulent e-mail.

Background

Out of the box MS Exchange 2003 is not an open relay, but it can be used as a relay if the spammer has usernames and passwords for users on your network. This authenticated relay is the most common way that spammers get MS Exchange to send their junk.
In an ideal world this would not be a problem because users would have complex passwords that cannot be guessed by using brute force, continuously attempting log in using possible passwords until a valid one is found. However, users will use as easy to remember a password as they can, thus making brute force password guessing very effective.
By disabling authentication when not on the office network, even if a network password is known, spam cannot be sent through the Exchange server, although other services exposed to the Internet may be exploited – remote desktop etc.
Note: most smartphones do not use SMTP for sending and receiving e-mail so disabling aSMTP in this way should not affect remote employees that use their phones to access e-mail.

Accessing Virtual SMTP server Properties

On the Exchange server, open Server Management, then in the left hand trees view expand the following:
Advanced Management > Domainname (Exchange) > Servers > ServerName > Protocols > SMTP
Right click and select properties of the Default SMTP Virtual Server

Select Access from the tabs at the top, and then click the button named Relay

The Relay Restrictions window should open. By default under the Add button, a checkbox will be ticked. This “Allow all computers…..” checkbox is what allows someone with a valid password to send mail through your server from anywhere on the Internet. Un-tick this box.
Next click the button named Users…

Ensure Authenticated Users only have Submit Permission ticked.
Selecting Relay Permission here will override removing the tick from the previous window.
To finish, click OK until all the properties boxes are closed.

End of Article = = = = = = =

MY COMMENTARY:

I am not sure whether it is necessary or advisable to grant relay access to the localhost at 127.0.0.1 nor the local IP bind to the network interface of the 2k3 exchange server. In other words, if your exchange server is located at 192.168.2.2, for example, it might not be wise to grant that either. It is, however, important to grant access to the exchange smtp relay from any perimeter smart host that you may use to forward email to your exchange server on your LAN.

FURTHER COMMENTARY IF YOU USE A SMART HOST OUTSIDE THE EXCHANGE LAN PERIMETER:

The smart host might have several separate email boxes:

user1 @ myDomain.com
smart host configured to keep a copy of each msg received, and redirect each message to user1 @ ExchangeServer.MyDomain.com

On the other hand, you may merely set the smart host to receive all mail for MyDomain.com) and forward it to ExchangeServer.MyDomain.com where the exchange server will sort the mail by account and deliver it to the appropriate mail box accounts.

Configure the MX records of both the perimeter smart host and the exchange server with the appropriate priorities. The following, for example, will ensure that attempted delivery will be made first to the smart host (standard priority 10) and, if the smart host is offline, then secondary delivery will be made directly to the exchange server (priority 12).

smtp.smarthost.somedomain.com. MX 10
smtp.exchangeserver.MyDomain.com MX 12

Q — Will shutting off relay to anyone other than the smart host and the local.lan prevent reception of internet mail destined for delivery (secondary priority) on the local 2k3 exchange server?

Per Wikipedia: http://en.wikipedia.org/wiki/Ides_of_March

The Ides of March (Latin: Idus Martii or Idus Martiae) is a day on the Roman calendar that corresponds to 15 March. It was marked by several religious observances, and became notorious as the date of the assassination of Julius Caesar in 44 BC. The death of Caesar made the Ides of March a turning point in Roman history, as one of the events that marked the transition from the historical period known as the Roman Republic to the Roman Empire.[1]

Although March (Martius) was the third month of the Julian calendar, in the oldest Roman calendar it was the first month of the year. The holidays observed by the Romans from the first through the Ides often reflect their origin as new year celebrations.

The Romans did not number days of a month sequentially from the first through the last day. Instead, they counted back from three fixed points of the month: the Nones (5th or 7th, depending on the length of the month), the Ides (13th or 15th), and the Kalends (1st) of the following month. The Ides occurred near the midpoint, on the 13th for most months, but on the 15th for March, May, July, and October. The Ides were supposed to be determined by the full moon, reflecting the lunar origin of the Roman calendar. On the earliest calendar, the Ides of March would have been the first full moon of the new year.[2]

[1] ^ “Forum in Rome” entry in Oxford Encyclopedia of Ancient Greece and Rome (Oxford University Press, 2010), p. 215.

[2] ^ H.H. Scullard, Festivals and Ceremonies of the Roman Republic (Cornell University Press, 1981), pp. 42–43.