Exchange
United States (English) Sign in
Home Online 2013 2010 Other Versions Library Forums Gallery EHLO Blog
TechNet Library
Exchange
Exchange Server Technical Articles
Exchange Server 2003 Technical Articles
Accept Mail for a Domain
Anti-Spam Enhancements in Exchange Server 2003 Service Pack 2
Back Up Mailbox and Public Folder Databases
Best Practices for Public Folders
Best Practices for Using Volume Shadow Copy Service with Exchange Server 2003
The Changing Landscape of E-mail Security
Choosing Exchange Server 2003 Hardware for Reuse with Exchange Server 2007
Client Network Traffic with Exchange Server 2003
Components of Public Folders in Exchange Server
Configuration and Security-Related Update Recommendations for Exchange Server 2003
Configure the Default E-Mail Address for New User Accounts
Create an E-Mail Distribution List
Creating and Deploying Outlook Web Access Themes
Cross-Matching Exchange Databases and Log Files
Customizing the Outlook Web Access Logon Page
Deployment Changes in Exchange Server 2003 SP1
Determining the True Amount of Space in an Exchange Database
E-Mail and IM Archiving: Proven Strategies for the Enterprise
Exchange 2000 Server and Exchange Server 2003 Message Restrictions
Exchange 2000 Server and Exchange Server 2003 SRS
Exchange 2003 SP2 Disabling Mapi/Non-Cached Access Per User
Exchange 2007: Anywhere Access
Exchange ActiveSync: Frequently Asked Questions
Exchange Admin Q and A: Often Misunderstood Subjects Part 1
Exchange Admin Q and A: Often Misunderstood Subjects Part 2
Exchange Analyzer Tools Success Stories
Exchange Best Practices Analyzer: This Doctor Makes House Calls
Exchange Clustering Concepts
Exchange Server 2003 Active Directory Connector Changes
Exchange Server 2003 Active Directory Integration
Exchange Server 2003 ActiveSync Architecture
Exchange Server 2003 Auto Accept Agent
Exchange Server 2003 Common Criteria Certification
Exchange Server 2003 Mailbox Recovery Center
Exchange Server 2003 MAPI Messaging Benchmark 3
Exchange Server 2003 Performance: Ten Things to Think About
Exchange Server 2003 Processor and Memory Scalability
Exchange Server 2003 Real-Time Block Lists
Exchange Server 2003 SP1 Recover Mailbox Data Feature
Exchange Server 2003 SP2 Overview
Exchange Server 2007 Deployment: 10 Tips When Installing
Exchange Server 5.5 Rides into the Sunset (Exchange 2000 Server, Saddle Up!)
Exchange Server and Daylight Saving Time (DST) 2007
Exchange Server Compatibility with Windows Server Operating Systems
Exchange Server Soft and Hard Recovery
Exchange Store Maintenance
Exchange TechCenters Go Global
Exchange Transactions and the Exchange Database Overview
Frequently Asked Questions: Troubleshooting Inbound Mail Flow in Exchange Server 2003
Frequently Asked Questions: Troubleshooting Outbound Mail Flow in Exchange Server 2003
Geographically Dispersed Clusters in Exchange Server 2003
Getting Started with Exchange Server 2007: Server Roles
Go-Along Tools to Use with Exchange Server 2003
How Outlook 2003 SP2 and Exchange Server 2003 SP2 OAB Version 4 Work Together
How Outlook, CDO, MAPI, and Providers Work Together
How to Configure Exchange Server Always Up-To-Date Notifications
How to Create and Edit Exchange Server 2003 Unattend Files
How to Troubleshoot Parent Distinguished Name Changes
Implementing Security
Installing Exchange Server 2003 Clusters
Installing Exchange Server 2003 on Windows Server 2003 Local Quorum Cluster
Inter-Organizational Migration to Exchange Server 2003 Using Exchange Server Migration Wizard - Part 1
Inter-Organizational Migration to Exchange Server 2003 Using Exchange Server Migration Wizard - Part 2
Introduction to Active Directory Migration Tool v2 for Administrators
Introduction to ADModify.net
Introduction to Cluster Diagnostics and Verification Tool for Exchange Administrators
Introduction to Exchange Server 2003 ESM Features - Part 1
Introduction to Exchange Server 2003 ESM Features - Part 2
Introduction to Exchange Server 2003 ESM Features - Part 3
Introduction to Microsoft Exchange Server 2003 GroupWise Connector
LDAP Query Basics
Microsoft Exchange Server 2003 Clustering Improvements
Microsoft Exchange Server Analyzer Retrospective
Microsoft Exchange Server Best Practices Analyzer Quick Start Guide
Microsoft Exchange Server Best Practices Analyzer Tool Troubleshooting Connectivity Problems
New Mobility Features in Exchange Server 2003 SP2
New Tools Available for Public Folders and Mailbox Management, and for Mobility
New Tools for Migrating IBM Domino Mailboxes to Exchange Server
Non-Microsoft Applications and Migration
OAB Version 4 in Exchange Server 2003 Service Pack 2
Offline Address Book - Things to Consider
Offline Address List Generation Overview
Online Resources for Exchange Server Optimization and Community
Open Outlook Web Access
Overview of Exchange 2000 Server and Exchange Server 2003 Special Mailboxes
Overview of Exchange Server Backup Methods
Overview of Microsoft Office Outlook Web Access for Exchange Server 2003 Customization
Public Folder Routing
Public Folders in Exchange Server 2003
Recipient Policies and Exchange 2000 Server and Exchange Server 2003 Sites
Some Exchange 2000 Server Disaster Recovery Concepts
System Event Viewer Tips
System Requirements for Exchange Server 2003
Tips for Designing a Well Performing Exchange Disk Subsystem
Tools for Performance Stressing Exchange 2003 Servers
Top 10 Database Mounting Issues and Their Solutions
Top 10 KBs for Exchange Server Mobility
Top 4 Exchange Server Security Best Practices
Top Ten Reasons to Upgrade to Exchange Server 2007
Top Three Configuration Issues with Exchange Management Pack
Transaction Log Replay from Offline Backup
Troubleshooting Failure to Publish Exchange Management Pack Data for Mailbox Monitoring
Troubleshooting Fast Growing Transaction Logs on Microsoft Exchange 2000 Server and Exchange Server 2003
Troubleshooting Microsoft Exchange System Manager Public Folder Expansion Problems
Understanding Availability and Site Resilience Solutions for Exchange Server 2003
Understanding EXOLEDB Default Folders
Upgrading from Exchange Server 5.5 to Exchange Server 2003
Using Exchange Server 2003 Stress Tools in a Test Lab
Welcome to Exchange Server 2007
What Exchange Administrators Need to Know About the Active Directory Migration Tool
What to Do When an Exchange Store Won't Mount
What's New with Tools in Exchange 2007
Windows Server 2003 System Monitor Tips for Exchange Server Administrators
WinRoute Explained
Working with Public Folder and Mailbox Permissions
Worksheet: Disaster Recovery Preparation for Microsoft Exchange Server 2003
White Paper: Integrating Exchange 2003 in a Complex X.400 Infrastructure
Expand Minimize
1 out of 2 rated this helpful - Rate this topic

Top 4 Exchange Server Security Best Practices

 

Topic Last Modified: 2007-12-26

Published: February 17, 2004

Use the recommendations listed on this page to help implement the best possible security practices in your Exchange Server environment.

File-level scanners scan a file when it is used or at a scheduled interval and can lock or quarantine an Exchange Server log or database file while Exchange Server tries to use the file. This can cause a sever failure in Exchange Server 2003 and earlier versions and can also generate -1018 errors.

Best practice   Make sure that you exclude the following directories on all the drives:

  • In Exchange Server 2003, exclude:
    • Exchsrvr\MDBData
    • SRS
  • In Exchange 2000 Server, exclude:
    • Exchsrvr\MDBData
    • SRS
    importantImportant:
    Do not scan the M: drive. File-level scanning of your M: drive can cause calendar items to disappear from users? folders.
  • In Exchange Server 5.5, exclude:
    • Exchsrvr\MDBData
    • DSAData

For more information, see the following Microsoft Knowledge Base articles:

When preparing for a disaster recovery situation, answering a few key questions helps direct you to the necessary steps:

  • Do you need to recover data from a backup (private or public store) and have questions about how to set up the recovery environment or about the restore itself?
  • What do you need to set up for Active Directory directory service and DNS?
  • Do you need to have the same organization, administrator group, server, and store names as the production environment?

Best practice   Test your backup files monthly and become familiar with the processes themselves. Should it ever become necessary to restore data to your production environment, your familiarity with the procedure will lessen the downtime of your servers.

For answers to your questions, see the following Knowledge Base articles:

Also, download the following white papers from the Microsoft Download Center:

The top causes for open relays with Exchange Server include:

  • The SMTP service is live on the Internet and not enforcing authentication to relay.
  • The SMTP server has accounts locally or is part of a domain that has poor passwords or no password at all.

Best practice   The following list of known accounts have the potential of being compromised and should either be disabled or should have a strong password. These accounts have been logged in past cases through the event viewer after turning up diagnostic logging. Remember, the passwords should never match the logon name.

  • Webmaster
  • Admin
  • Root
  • Test
  • Master
  • Web
  • www
  • administrator
  • backup
  • server
  • data
  • abc
  • guest

To help guide your configurations, prevent your servers running Exchange Server from becoming an open relay, and look for key clues in the future to ensure your SMTP server doesn't relay, read the following Knowledge Base articles:

Microsoft Outlook 2000 Service Pack 1 (SP1), Outlook 2000 without service packs, Outlook 98, and Outlook 97 do not have mechanisms to block attachments. If you are using one of these versions, virus and worm protection must be provided on the server running Exchange Server.

Best practice   Upgrade to Outlook 2000 Service Pack 2 (SP2) or later to protect the client or install the appropriate e-mail security update:

By default, Microsoft Office Outlook 2003, Outlook 2002 in Microsoft Office XP, and Outlook 2000 SP2 provide an attachment security feature. This security feature is designed to increase the security protection for certain types of e-mail attachments. This feature provides explicit warning language when attachments are opened, and you have to save the attachment to the file system before opening it. This can help you avoid accidentally releasing viruses that hide in certain file types.

While we do not recommend reducing e-mail client security levels, there might be instances when an organization wants to customize or remove the additional protections provided by Outlook.

Best practice   You can modify default security settings for the Outlook 2003 client by using the Outlook Security template, which you install as a form in Outlook. To install this form, see Knowledge Base article 290499, Administrator information about e-mail security features.

For additional information, see Microsoft Knowledge Base article 829982, Cannot open attachments in Microsoft Outlook.

As part of our commitment to help you improve and maintain security, Microsoft provides proactive information that can help you implement the best possible security practices and improve your security and availability. To learn more about security, see:

  • Exclude Certain Directories from File-level Virus Scanners
  • Prepare for an Exchange Server Disaster Recovery
  • Close an Open Relay
  • Configure Attachment Blocking Using Outlook
  • Get Help
 
Did you find this helpful?
(1500 characters remaining)

Community Additions

ADD
© 2013 Microsoft. All rights reserved.