"Sanford Whiteman" <swhitemanlistens-software@cypressintegrated.com> wrote
in message news:op.tukfpwcj6c17zw@gw02.broadleaf.local...
>> Is it possible to setup the SMTP server to allow inbound connections
>> from any machine for messages to my domain, but only allow outbound
>> messages from computers that successfully authenticate (via Windows
>> username/password)?
>
> Of course!
>
> I have posted quite extensively on related matters in just the past 2
> weeks. Take a look at those messages and post back with follow-up
> questions.

>> ...it looks like if I enable anonymous access (required for inbound
>> to my domain) then set the Allow computers to relay that
>> successfully authenticate then what I am doing is creating an open
>> relay...
>
> Briefly: no, not at all. If the unknown public is going to be allowed
> to connect to your VS (as it is your published MX), you have to allow
> anonymous connections. Those are not authenticated connections, and it
> doesn't mean you're letting them relay. Indeed, the settings you have
> described are what you want in those areas -- but you may have
> *additional* settings added to those that make your server more open
> (what makes you think it is open, anyway?).
>
> --Sandy

"Sanford Whiteman" <swhitemanlistens-software@cypressintegrated.com> wrote
in message news:op.tukfpwcj6c17zw@gw02.broadleaf.local...
>> Is it possible to setup the SMTP server to allow inbound connections
>> from any machine for messages to my domain, but only allow outbound
>> messages from computers that successfully authenticate (via Windows
>> username/password)?
>
> Of course!
>
> I have posted quite extensively on related matters in just the past 2
> weeks. Take a look at those messages and post back with follow-up
> questions.
>
>> ...it looks like if I enable anonymous access (required for inbound
>> to my domain) then set the Allow computers to relay that
>> successfully authenticate then what I am doing is creating an open
>> relay...
>
> Briefly: no, not at all. If the unknown public is going to be allowed
> to connect to your VS (as it is your published MX), you have to allow
> anonymous connections. Those are not authenticated connections, and it
> doesn't mean you're letting them relay. Indeed, the settings you have
> described are what you want in those areas -- but you may have
> *additional* settings added to those that make your server more open
> (what makes you think it is open, anyway?).
>
> --Sandy

> Is it possible to setup the SMTP server to allow inbound connections
> from any machine for messages to my domain, but only allow outbound
> messages from computers that successfully authenticate (via Windows
> username/password)?

> ...it looks like if I enable anonymous access (required for inbound
> to my domain) then set the Allow computers to relay that
> successfully authenticate then what I am doing is creating an open
> relay...

> I think where I made a mistake was in leaving the first setting in
> Relay Restrictions at the default of All but the list below - which
> was blank!

> Now that I've changed it I'm not relaying a massive flood of SPAM
> anymore - thanks Sandy! An interesting side note is they keep trying
> - when I look at connections I see anywhere from 2 to 6 at a time -
> all beginning with 125.110 - hopefully they will give up soon.