Hi all, I have been told on other forums, that the pop connector on my server (SBS) is not supposed to be a long term fix. All well and good, I thought, I'll look into redirecting the MX record for our mail directly to the server. I am VERY worried about becoming an unwitting SPAMbot, and having out SMTP hijacked. The Exchange books all say this won't happen, so long as I install an edge server etc. The problem is, we are a firm of about 10 staff members, and it makes no sense us having boxes all over the place for edge servers etc. I have one box acting as a file host for shared files (Win 7) and a second performing all other server functions (ADDS, Exchange, DHCP, DNS etc). What steps can I take to ensure my server isn't broken and used for nefarious means?Mike Oke MCTS, MCITP (Windows 7)

1. Enable Recipient Filtering against Active Directory. ( Depends on Exchange version on how to do that) 2. Disable authenticated relay. 3. Install anti-spam /anti-malware, Exchange aware software 4. Deploy SPF These are a few things you can do that will go along way to keep your org off the BlockLists and be internet-friendly.

Many companies will use a third party mail relay (we use Forefront). You point your MX records to them, and they accept the email, virus scan and spam filter it, and relay the rest on to you. The only public exposure you have is the smtp receive connector, and you lock that down to only accepting a connection from their servers.[string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

1. Enable Recipient Filtering against Active Directory. ( Depends on Exchange version on how to do that) 2. Disable authenticated relay. 3. Install anti-spam /anti-malware, Exchange aware software 4. Deploy SPF These are a few things you can do that will go along way to keep your org off the BlockLists and be internet-friendly.

Many companies will use a third party mail relay (we use Forefront). You point your MX records to them, and they accept the email, virus scan and spam filter it, and relay the rest on to you. The only public exposure you have is the smtp receive connector, and you lock that down to only accepting a connection from their servers.[string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

Many companies will use a third party mail relay (we use Forefront). You point your MX records to them, and they accept the email, virus scan and spam filter it, and relay the rest on to you. The only public exposure you have is the smtp receive connector, and you lock that down to only accepting a connection from their servers. [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " " and of course, you send outbound mail through it as well! Note that you if go this route, you still should deploy SenderID/SPF to help mitigate spoofing.

Many companies will use a third party mail relay (we use Forefront). You point your MX records to them, and they accept the email, virus scan and spam filter it, and relay the rest on to you. The only public exposure you have is the smtp receive connector, and you lock that down to only accepting a connection from their servers. [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " " and of course, you send outbound mail through it as well! Note that you if go this route, you still should deploy SenderID/SPF to help mitigate spoofing.