Windows 2000 Server's SMTP service won't turn your server into a full-blown mail server, but it can be useful for relaying mail to other servers. For example, you can use the SMTP service to route incoming mail to a smart host running Exchange Server or another mail server application.

One of the ways you can prevent relay through the internal SMTP server is to require authentication between the external server running the SMTP service and the internal server. By requiring authentication at the internal server, you help eliminate the possibility that unauthorized users --- including those inside your organization--will use the internal server for relaying or spamming.

To secure a connection between servers, start by configuring the SMTP service on the external server to use the appropriate authentication method for outgoing connections. Follow these steps:

1. Open the IIS console, and connect to the external server.

2. Select the SMTP virtual server, and click the Properties button on the toolbar.

3. On the Delivery tab, click Outbound Security, and choose Windows Security Package.

4. Enter the username and password from the internal server that the system will use to authenticate the connection, and click OK.

5. Click Advanced, and enter the fully qualified domain name (FQDN) of the internal server in the Smart Host field. If you specify an IP address instead of an FQDN, enclose the address in square brackets, such as [].

6. Deselect the Attempt Direct Delivery Before Sending To Smart Host option, click OK, and click OK to close the server's properties.

7. Configure the internal server to require authentication, and configure it for Windows authentication.

Configuring the connection in this way doesn't secure the e-mail system by itself; it simply secures the connection to the internal server and helps prevent unauthorized access to the internal server. You should still take steps to secure the external server to prevent unauthorized relay.