SECURE A VIRTUAL SMTP SERVER

The SMTP service in Internet Information Services (IIS) allows Windows 2000 Server to function as an SMTP relay agent. However, because Windows 2000 doesn't provide full mailbox support, it can't function as a full-blown mail server without the addition of a custom or third-party application to process incoming messages.

For that reason, organizations most often use the SMTP service by itself to process outgoing messages rather than incoming messages.

If you use the SMTP service in your network, it's very important that you secure the server to prevent others from using it for unauthorized relay or spamming. You can use a combination of connection control and relay settings to secure the server.

Open the IIS console, and open the properties for the SMTP virtual server. On the Access tab, click Connection. In the Connection dialog box, select Only The List Below, add the individual IP addresses, range of computers, or domain that should be able to connect to the server, and click OK.

Next, click Relay on the Access tab. Select Only The List Below, and click Add. Enter the IP address, range of computers, or domain that you want to allow to send outgoing mail through the server, and click OK.

Finally, click Authentication on the Access tab, and turn off anonymous access to the server. Then, configure each client or other SMTP server as needed to specify the necessary credentials to access the server. If set up properly, this combination of authentication, connection control, and relay control should eliminate any possibility of unauthorized use of the SMTP server.