Configuring SMTP on the Front-End Server


Topic Last Modified: 2005-05-24

SMTP must be available on the front-end server to allow POP and IMAP clients to submit e-mail messages. You can install SMTP on the front-end server or set up a separate SMTP server. To install SMTP on the front-end server, configure SMTP for internal and external domains, as described in the following two sections.

For the front-end server to accept mail that is inbound from the Internet, the front-end server needs to know the domains for which it should accept mail. Adding recipient policies for each of your domains tells all servers in the Exchange organization to accept mail for those domains. Additionally, you must enable anonymous access for other SMTP servers on the Internet to successfully route mail to your organization (this is the default setting).

In the default configuration, any SMTP mail that is submitted to your server and addressed to external domains is denied. This occurs because relaying is turned off for all anonymous access (however, authenticated users can still send e-mail to any external domain). Users who try to anonymously submit e-mail to external domains receive an error, such as "550 5.7.1 Unable to relay for" The clients must be configured to use SMTP authentication.

Although you could allow relaying for anonymous access, it is not recommended and should never be required. Allowing unauthenticated relaying lets anyone on the Internet use your server to send e-mail.

If you choose to require SMTP authentication for mail submitted by your users from the Internet, you should also require SSL for clear text or basic authentication, so that corporate usernames and passwords are not sent out unencrypted. Configure SSL for basic authentication in the Properties of the SMTP virtual server: On the Access tab, click Authentication, and then select Requires TLS encryption.

For more information about SMTP, see the Exchange Server 2003 Transport and Routing Guide.