SMTP Virtual Server questions

I admin an Exchange 2003 Enterprise email server that I didn't setup, it has the IP address set to all unassigned on the default smtp Virtual server TCP port 26 ???? and a Second Virtual Server setup with two port identities of TCP Port 2600 and 25? IP address all unassigned as well. I know some of the POP3 users had their outlook configured for smtp port 2600 but why would it be done this way? The old admin and director have been fired before I got a chance to ask them this. The EBPA tool reports on this as a possible reason for trafic flow issues, we also have smart hosts setup on both so outgoing and incoming mail gets filtered by Postini. I just want to know how it should be done or is it ok this way?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

blargoe

If you look at some of the other settings on the virtual servers, maybe that will provide a clue as to why it was set up this way. For example, do one of them have restrictions on which hosts or users can send mail through that virtual server.

I would try to find out if this Postini that you refer to is set up to send through your server at port 26. I wouldn't have set it up like that, but you really need to look at everything that might possibly be touching SMTP to get the full picture.

Is logging enabled on the SMTP virtual servers? Searching for those port numbers in the log file might provide some clues too.

coax31

No ip or user settings, one of the log files is enabled for the default smtp port 26 server.

Claymoore

It is common to set up different SMTP virtual servers to control traffic flow or security, but it is recommended that you do this with different IP addresses and not different port numbers on the same IP address. For example, we have a different SMTP virtual server set up here that uses TLS encryption for communication with a few of our clients. The rest of our mail goes through the default virtual server.

Check the Connection and the Relay buttons on the Access tab of the different virtual servers. They probably have different settings to allow your POP3 clients to relay through their connections. If they don't, then the previous admins were probably counting on using the alternate ports as a layer of security. This isn't really that safe beacuse a port scan would reveal the port as open and a spammer is one setting change away from using your exchange server as an open relay. If you set the virtual server to only allow computers that authenticate to relay, your users will have to enter a username and password to send mail but you won't be an open relay.

Since you mentioned these are Outlook users, have you considered RPC over HTTP instead of POP3/SMTP for your remote users?

coax31

Yeah, I want to setup RPC over HTTP but we only have one Exchange server and no ISA server, can you set it up with only one Exchange server.

royal

coax31 wrote:

Yeah, I want to setup RPC over HTTP but we only have one Exchange server and no ISA server, can you set it up with only one Exchange server.

Yes
http://www.petri.co.il/configure_rpc_over_https_on_a_single_server.htm