• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

"SMTP Server Accepts Basic Authentication" Setting

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2003] >> General >> "SMTP Server Accepts Basic Authentication" Setting Page: [1]
Login
Message << Older Topic   Newer Topic >>
"SMTP Server Accepts Basic Authentication" Se... - 11.Jun.2007 9:03:40 AM   
shoemakerna

 

Posts: 122
Joined: 3.May2007
Status: offline
I finished running the Exchange Best Practices Analyzer tool against our new Exchange server. One of the warnings that I got back was that the SMTP server accepts basic authentication. It recommends clearing the Basic authentication (password is sent in clear text) check box, or using TLS encryption.

My question is, what kind of negative impact, if any, would it have on the Exchange server if I uncheck the basic authentication box? Is there any risk of not receiving emails from a domain because it cannot authenticate? Are there any issues to look for once basic authentication has been removed?

Thanks if advance for the help!

Nick

_____________________________

Nicholas Shoemaker
Systems Engineer
Post #: 1
RE: "SMTP Server Accepts Basic Authentication"... - 11.Jun.2007 9:48:01 AM   
alaa

 

Posts: 31
Joined: 25.Feb.2007
Status: offline
sure my friend its a big risk, it would compromise ur network's security, using basic authentication would make user account information sent in a clear text to the server which means if a client at home (maybe you) with administrative priviliges access his/her e-mail ur password can be easily captured through any packet sniffer..

so its always recommended to use SSL encryption, to encrypt the traffic between the client and the server :)

about the problems u might experience... if Basic authentication is the only authentication method then yes, no one would have acces to his/her mailbox using OWA , they would receive a page stating "You are unatuhorized to view this page" so you have to impelement another way such as SSL over Http which requires certificate services.

or just stick to Basic and ignore the warning if you're sure ur not being monitored by sniffers, or network security is not a high priority at ur company..


Greetings,


< Message edited by alaa -- 11.Jun.2007 9:55:21 AM >

(in reply to shoemakerna)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2003] >> General >> "SMTP Server Accepts Basic Authentication" Setting Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter