How to Restrict Submissions to an SMTP Server Based on a Security Group


Topic Last Modified: 2005-05-24

In Exchange Server 2003, you can restrict submissions and relaying permissions to an SMTP virtual server to a limited number of users or groups though the standard Windows 2000 Server or Windows Server 2003 Discretionary Access Control List (DACL). This allows you to specify groups of users who can submit or relay mail on a virtual server.

Restricting submissions to an SMTP virtual server is useful if you have specific users that you want to allow to send Internet mail on particular virtual servers. You can grant only these users or groups access to submit mail to these SMTP virtual servers.

Do not restrict submissions on SMTP virtual servers that accept Internet mail.

Before you perform the procedure in this topic, read Securing Your Exchange Server.

The following permissions are required to perform this procedure:

  • Member of the local administrators group and a member of a group that has had the Exchange Administrators role applied at the administrative group level

  1. Start Exchange System Manager: Click Start, point to All Programs, point to Microsoft Exchange, and then click System Manager.

  2. In the console tree, expand Servers, expand the server that you want, expand Protocols, and then expand SMTP.

  3. Right-click the SMTP virtual server on which you want to restrict submissions, and then click Properties.

  4. In <SMTP Virtual Server> Properties, click the Access tab, and then click Authentication.

  5. In Authentication, clear the Anonymous access check box, and then click Users to specify a subset of users for which you want to grant submit permissions on this SMTP virtual server.

  6. In Permissions for Submit and Relay, to remove a group or user, select the group or user, and then click Remove.

  7. To add a group or user, click Add, and then select the group or user for which you want to specify permissions. Select from one of the following options:

    • On Windows Server 2003, in Select Users, Computers, or Groups, under Enter the object name to select, type the name of the user or the group. If you want to search for the user or group, click Advanced, search for the user or group name, and then click Check Names to validate your entry.

      Click the examples link to view the acceptable formats for your entries.
    • On Windows 2000 Server, in Select Users, Computers, or Groups, select the group or user that you want to grant submit permissions, and then click Add.

  8. Click OK to return to the Permissions for Submit and Relay dialog box.

  9. Under Group or user names, select the group that you just added.

  10. Under Permissions for <Selected Group>, next to Submit Permission, if necessary, click Allow to allow the selected user or group to submit mail through this SMTP virtual server.

  11. Click OK.