Posts: 104
Joined: 14.Feb.2005
From: Toronto
Status: offline
Hello all Some of my users reported that they can send emails using my Exchange 2000 without the need to input a password. They use Outlook Express. I checked Relay setting and it is just fine. Did anyone have such a situation before?
Posts: 104
Joined: 14.Feb.2005
From: Toronto
Status: offline
In the client settings, I set the incoming and outgoing servers as myserver.mydomain.com. In the user name, I used a ligitimate user name which has no r special rights BUT did not enter his password. For the SMTP, it is configured to block relay as in http://www.msexchange.org/tutorials/MF005.html
Posts: 6812
Joined: 9.Jun.2004
From: Philadelphia PA
Status: offline
Sounds ok. So, am I right in assuming that on the LAN everything is fine but if you're using a PC off the LAN (at home perhaps) you do need to supply credentials?
Posts: 104
Joined: 14.Feb.2005
From: Toronto
Status: offline
Yes, the LAN is working fine. The issue is that, remote users can send emails even if they cleared the passwrod field from the outlook configuration, i.e they can send an email with no password at all.
Posts: 6812
Joined: 9.Jun.2004
From: Philadelphia PA
Status: offline
Well, without you posting your exact settings (I did ask) rather than just little snippets you can't be helped too much. You've already checked the open relay thing and as long as you are sure you've checked properly you don't have one worry that might otherwise have been the case.
Either post exact information or start undoing the Integrated Authentication so that you are only left with basic and see where you get. Best to post us some really clear information though.
Posts: 104
Joined: 14.Feb.2005
From: Toronto
Status: offline
I think that from server setting point of view, it is as described in the URL I mentioned earlier.
From client point of view, it is as follows In the server tab Incoming mail --> myserver.mydomain.com outgoing mail --> myserver.mydomain.com My server requires authentication is left blank rest of the tabs are default.
Posts: 104
Joined: 14.Feb.2005
From: Toronto
Status: offline
I thought that it was enough when I pointed to that open relay URL.
However, going to ESM and checking SMTP properties, I get the following: General tab--> it has the local ip address which is 192.168.x.x Access tab--> in Authentication, all is checked except for TLS encryption In relay, Allow all computers which successfully authenticateto relay, regardless of the list above Message tab-->limit number of messages per connection to 20 and Limit number of recipients per message to 64,000 Delivery-->Outbound security-->anonymus access
Posts: 6812
Joined: 9.Jun.2004
From: Philadelphia PA
Status: offline
So just untick the integrated authentication and it will ask for a password. As it stands your server is negotiating with the client PC and finding that the PC/User is ok, it doesn't matter what the application thinks.
Posts: 104
Joined: 14.Feb.2005
From: Toronto
Status: offline
Thanks for that. I have few questions more, if you do not mind 1-should I re-start smtp service for changes to take effect 2-Would these changes affect my LAN users? 3- A while ago, users had to set their Outlook client to "my servers requires authrntication" and had to re-enter their user name and password.. How can I retain such setup again?
Posts: 6812
Joined: 9.Jun.2004
From: Philadelphia PA
Status: offline
In the properties of the MAPI profile you'll see a "Security" tab and on that there's an "always ask blah" tickbox. Wording depends on the version of Outlook and the exact route to that also depends on the OL version.
I'm going to leave this thread alone now because I simply can't understand why you would want to demand another entry of the same credentials that you logged onto the workstation with, I can't understand why you use POP on the outside for remote users rather than IMAP at the very worst and RPC over HTTPS or even OWA at the good end of the spectrum.
Posts: 104
Joined: 14.Feb.2005
From: Toronto
Status: offline
You have been of great help. Answering your question about multiplre entries, I have not done that but I was responding to one of my remote users who thought that he could send emails without the server would prompt him for a password.
Posts: 104
Joined: 14.Feb.2005
From: Toronto
Status: offline
Mark: I found what what causing the issue. Actually, there was no issue to take care of. What happened is due to SMTP sender authentication limitations, some users without entering any credentials in their Outlook could send messages to users inside my domain. I was responding to that issue but did not realize at the time that they can ONLY send to users inside the domain.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [Microsoft Exchange 2000] >> Server Security >> Breaking into Exchange 2000 
Breaking into Exchange 2000 - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread
