No announcement yet.

Outbound Security Account requirements

  • Filter
  • Time
  • Show
Clear All
new posts

  • Outbound Security Account requirements

    About 18 months ago our organisation upgraded from Exchange 2003 to Exchange 2010. Because many of our legacy systems supported by outside parties my predecessor created a spoof of our old exchange server to act as mail-relay and everything appeared to be OK. The bad news was that he used his own credentials for outbound security on the smtp relay host which requires password change regularly and he has since left the organisation.I have created a user account to replace his but this causes outbound queues to quickly build up. Apologies for the long-winded introduction but I wondered what is the minimum level of user rights I need to give to this new account. I could of course copy all of the user group membership but that would be overkill and not good security practice.

    Any advice appreciated.
    Last edited by agedmcse; 3rd January 2012, 14:20. Reason: Line space incorrect

  • #2
    Re: Outbound Security Account requirements

    A regular mail enabled account will be able to relay through Exchange on a default configuration. No special permissions required.

    Whether that is all the settings that are required though, is a different matter, as it is impossible to know whether the relaying ability has been further locked down. Poor practise to use one's own account though, for these kind of things you usually have a dedicated account locked down with a strong password.

    Simon Butler
    Exchange MVP

    More Exchange Content:
    Exchange Resources List:
    In the UK? Hire me:

    Sembee is a registered trademark, used here with permission.


    • #3
      Re: Outbound Security Account requirements

      Hi Simon,
      Thanks for your reply. I thought that by mail enabling the account as you suggested would do the trick (I had forgotten to do so). Sadly not the case. This is the entry in the System event log.

      Event Type: Warning
      Event Source: smtpsvc
      Event Category: None
      Event ID: 4006
      Date: 04/01/2012
      Time: 11:04:28
      User: N/A
      Computer: INTRANET3
      Message delivery to the host '' failed while delivering to the remote domain '<IP Address>' for the following reason: The remote SMTP
      service rejected AUTH negotiation.