Tips for Hardening your Exchange Server

By Ehamouda, GOBI IT Solutions |  Security, Microsoft Exchange

Email is the main means of communications for both critical and non-critical information in business today. Therefore, having a reliable email service should be the main concern of any business operator. Here are 10 ways to have a reliable Exchange server and secured email services.

Disable open relaying on all SMTP virtual servers: Open relay on your Exchange Server allows other Email servers to use your server as a gateway to others. This allows others to send spam Email which appears to be originated from your address, therefore you will be identified as a spam source.

Prevent anonymous access on internal SMTP virtual servers and dedicated SMTP virtual servers for IMAP and POP clients: Because all Exchange servers within your organization authenticate with each other to send mail, you do not need to enable anonymous access on your internal Simple Mail Transfer Protocol (SMTP) virtual servers. Additionally, all Post Office Protocol (POP) and Internet Message Access Protocol (IMAP) clients authenticate with your SMTP virtual server, so anonymous access is not required on a server that is used exclusively by POP and IMAP clients

Restricting Submissions to Distribution Lists and Users: Restrict who can send e-mail messages to an individual user or a distribution list. Restricting submissions on a distribution list prevents non-trusted senders, such as unauthorized Internet users, from sending mail to an internal-only distribution list.

Digitally sign and Encrypt your Email: Digitally signing and Encrypting your Email prevents anyone from intercepting and reading your Email and makes sure it is only opened by the person you sent the message to.

Educate your users not to open Email attachments from unknown users: Attachments could include programs that start sending Spam email messages to multiple users within your address list that could cause you troubles.

Backup your Exchange server periodically: Always backup your Exchange Server so when disaster happens you will be ready.

Deploy Front End Server: Deploy a Front End Server on the DMZ, and close unused ports on the DMZ. Here are the ports most used by Exchange services:
SMTP 25
DNS 53
HTTP 80
Kerberos 88
POP3 110
NNTP 119
RPC EndPoint Mapper 135
IMAP4 143
LDAP 389
Global Catalog 3268 /9
Secure Sockets Layer (SSL)
HTTP (SSL) 443 SSL
LDAP (SSL) 636 SSL
IMAP4 (SSL) 993 SSL
POP3 (SSL) 995 SSL

Consider using OWA "Form based Authentication": Deploy SSL certificate for you OWA access; this will add another layer of security to your Exchange environment.

Consider using RBL: Exchange 2003 has a feature of identifying Spam and open relays using RBL "Real Time Block Lists" .

Audit your Exchange server: It's important that you audit your Exchange server to track changes made to your server.

I hope this was a good source of information. Feel free to contact me for any additional question or remarks.
Thank you
Ehab Hamouda
System Engineer
GOBI IT Solutions
URL: www.Gobiit.com

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question