SECURE A VIRTUAL SMTP SERVER
The SMTP service in Internet Information Services (IIS) allows Windows
2000 Server to function as an SMTP relay agent. However, because Windows
2000 doesn't provide full mailbox support, it can't function as a
full-blown mail server without the addition of a custom or third-party
application to process incoming messages.
For that reason, organizations most often use the SMTP service by
itself to process outgoing messages rather than incoming messages.
If you use the SMTP service in your network, it's very important that
you secure the server to prevent others from using it for unauthorized
relay or spamming. You can use a combination of connection control
and relay settings to secure the server.
Open the IIS console, and open the properties for the SMTP virtual
server. On the Access tab, click Connection. In the Connection dialog
box, select Only The List Below, add the individual IP addresses,
range of computers, or domain that should be able to connect to the
server, and click OK.
Next, click Relay on the Access tab. Select Only The List Below, and
click Add. Enter the IP address, range of computers, or domain that
you want to allow to send outgoing mail through the server, and click
Finally, click Authentication on the Access tab, and turn off anonymous
access to the server. Then, configure each client or other SMTP server
as needed to specify the necessary credentials to access the server.
If set up properly, this combination of authentication, connection
control, and relay control should eliminate any possibility of unauthorized
use of the SMTP server.