Windows 2000 Server’s SMTP service won’t turn your server
into a full-blown mail server, but it can be useful for relaying mail to other
servers. For example, you can use the SMTP service to route incoming mail to a
smart host running Exchange Server or another mail server application.

One of the ways you can prevent relay through the internal
SMTP server is to require authentication between the external server running
the SMTP service and the internal server. By requiring authentication at the
internal server, you help eliminate the possibility that unauthorized
users—including those inside your organization—will use the internal server for
relaying or spamming.

To secure a connection between servers, start by configuring
the SMTP service on the external server to use the appropriate authentication
method for outgoing connections. Follow these steps:

  1. Open
    the IIS console, and connect to the external server.
  2. Select
    the SMTP virtual server, and click the Properties button on the toolbar.
  3. On the
    Delivery tab, click Outbound Security, and choose Windows Security
  4. Enter
    the username and password from the internal server that the system will
    use to authenticate the connection, and click OK.
  5. Click
    Advanced, and enter the fully qualified domain name (FQDN) of the internal
    server in the Smart Host field. If you specify an IP address instead of an
    FQDN, enclose the address in square brackets, such as [].
  6. Deselect
    the Attempt Direct Delivery Before Sending To Smart Host option, click OK,
    and click OK to close the server’s properties.
  7. Configure
    the internal server to require authentication, and configure it for
    Windows authentication.

Configuring the connection in this way doesn’t secure the
e-mail system by itself; it simply secures the connection to the internal
server and helps prevent unauthorized access to the internal server. You should
still take steps to secure the external server to prevent unauthorized relay.

Miss a tip?

Check out the Windows 2000 Server Archive,
and catch up on the most recent tips from this newsletter.

Want more Win2K tips
and tricks? Automatically
sign up for our free Windows 2000 Server newsletter
, delivered each