Guide to the Secure Configuration and Administration of Microsoft ...
Guide to the Secure Configuration and Administration of Microsoft ...
Guide to the Secure Configuration and Administration of Microsoft ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Select <strong>the</strong> “Delivery Restrictions” tab. These settings are advertised <strong>to</strong> restrict which<br />
Exchange users can/cannot send outgoing messages through IMS; however, <strong>the</strong>y<br />
have no effect upon users accessing <strong>the</strong> Exchange Server through SMTP.<br />
Exchange 5.0 Exchange 5.5<br />
Select <strong>the</strong> “Connections” tab, check “Accept or reject by host” <strong>and</strong> select “Specify<br />
Hosts.” Unless an Exchange server is intended for universal access, it is<br />
recommended <strong>to</strong> restrict access.<br />
Exchange 5.0 Exchange 5.5<br />
Select <strong>the</strong> “Connections” tab. Unless an Exchange server is intended for universal<br />
access, it is recommended <strong>to</strong> restrict access by use <strong>of</strong> one or more <strong>of</strong> <strong>the</strong> following:<br />
Use <strong>the</strong> “Accept Connections” option <strong>to</strong> require au<strong>the</strong>ntication, encryption, or<br />
both on all SMTP connections (applies <strong>to</strong> both client connections <strong>and</strong><br />
connections <strong>to</strong> o<strong>the</strong>r hosts).<br />
Use <strong>the</strong> “Clients can only submit if homed on this server” option <strong>to</strong> require <strong>the</strong><br />
user <strong>to</strong> have a mailbox on <strong>the</strong> Exchange Server before a connection will be<br />
allowed.<br />
Use <strong>the</strong> “Clients can only submit if au<strong>the</strong>ntication accounts matches submission<br />
address” option <strong>to</strong> help preclude a user from masquerading as ano<strong>the</strong>r when<br />
dropping <strong>of</strong>f a message via SMTP.<br />
Select <strong>the</strong> “Internet Mail” tab. Enable (check) “Clients support S/MIME signatures” if<br />
S/MIME will be used.<br />
Note: An additional IMS security related setting, “securing outbound connections”<br />
(security tab), is discussed in Chapter 5.<br />
28