Question : SMTP Open Relay Authentication

I'm trying to determine the proper way to configure our Exchange sever so that it is not an open relay.  We have some internal servers that need to relay and do not authenticate.

Currently, we have 'Only the list below' checked and we defined the IP address (mask) for the ranger of all our internal computers.  We also have allow all computers which successfully  authenticate to relay regardless of the list above.

1. Should we uncheck allow all computers which successfully  authenticate to relay regardless of the list above so that not just any computer internal or external can user our mail server as an SMTP relay?  

2. Should we limit the in the Computers section those servers that use our mail server to relay?  I assume that clients don't need to be listed here.

3. Under the Authentication section, we have Anonymous access, Basic authentication and Integrated Windows Authentication checked.  I have noticed that our clients when launching Outlook need to enter their credentials.  Is this because Basic authentication is checked?

Thanks!

Answer : SMTP Open Relay Authentication

If you uncheck "allow all computers...." then you may indeed have problems with users not being able to send email.  Microsoft recommends that you always leave this checked, and if you test your system with it checked, you will see that it does not create an open relay by having this checkbox active.

Yes, you want to limit the scope on your "only the list" list to any internal computer or device that needs to relay email without authentication.  This would include things like scanner/printers that have the capability to send email through your SMTP server or software that sends email alerts or messages automatically without using a user name/password to authenticate with your server.