Creating a Hardened Internet SMTP Gateway on Exchange 2003

by Bret Fisher
Sept. 1, 2017 0 comments SANS Institute Encryption & Authentication email issues

This paper will evaluate a ‘locked down’ inbound mail gateway (receives email from the Internet) design on Windows 2003 and Exchange 2003, using a set of complementing software products including Microsoft ISA Server 2004 and McAfee SecurityShield for Microsoft ISA Server 1.0. The purpose is to create a more secure Exchange Internet gateway without resorting to using a third party SMTP engine for receiving Internet email. The focus is on hardening the Exchange SMTP engine, increasing the intelligence of mail filtering before entering the internal network, and defending against common types of emailborn attacks. Note, topics this paper will not discuss include: OS hardening, email authentication or encryption features, or the security of Exchange backend systems