No announcement yet.

Securing Exchange 2013

  • Filter
  • Time
  • Show
Clear All
new posts

  • Securing Exchange 2013

    Im little bit confuse with the new setup of ex 2013. what I would like to make sure is that only my domain user will be able to relay emails out. I have all these frontendtransport and hubtransport which I really not sure what is been used and why there is so many of them. I just want to make sure my setting are secure enough so no one except my domain user will be able to send out emails.

    here is my setup
    Exchange 2013 SP1

    Receive connectors -

    Client Frontend port 587 &
    Client Proxy port 465 Hubtransport &
    Default port 2525 Hubtransport &
    Outbound Proxy port 717 Frontend

    All the about has the same security check below
    Transport Layer Security (TLS)
    Basic authentication
    Integrated Windows authentication
    Exchange Server authentication

    Permission groups:
    Exchange servers
    Legacy Exchange servers
    Exchange users

    Inbound FrontEndTransport port 25 has all the above checked + Anonymous users.

    Also I have one Send connector config as following

    Any Ideas comments are welcome. Thanks

  • #2
    Re: Securing Exchange 2013

    easiest way:
    setup your email so all inbound emai lgoes to mimecast or similar. let it do cleansing etc.
    Then, set up your inbound connector so it only accepts connections from the mimecast servers

    then nothing can connect to the front end of your server....

    perform the same outbound - set an outbuond connector to mimecast, route all outbound email through that. then block all outbound smtp traffic that's not from the server and not destined to that address
    Please do show your appreciation to those who assist you by leaving Rep Point


    • #3
      Re: Securing Exchange 2013

      I completely agree with tehcamel, do a thorough research before choosing the email filtering product

      Technical Director
      Ex-Microsoft (Exchange Client & Server Infrastructure Team), MCSA, MCSE, MCITP, MCTS & ITIL Foundation certified


      • #4
        Re: Securing Exchange 2013

        Thanks guys, I was wishing for a solution that will not involve 3rd party company.
        after all why to invest so much into exchange server were I can get one online and worry less about all these issue, my main goal is to accomplice this without the need to spent to much money we are on a very low budget here.


        • #5
          Re: Securing Exchange 2013

          well you can have a look at EOP, 0.65 user/month:

          Note: Please do understand that I am not trying to promote any company here but this seems to be one of the cheapest option I could find and its not third party.

          Technical Director

          Ex-Microsoft (Exchange Client & Server Infrastructure Team), MCSA, MCSE, MCITP, MCTS & ITIL Foundation certified


          • #6
            Re: Securing Exchange 2013

            The default configuration is secure.
            You don't have to change anything t make it secure. The connectors are used for internal transport of the email traffic and therefore can be left alone. People trying to "secure" the product cause more problems than they resolve and then wonder why Exchange doesn't work properly.

            However there is a place for third party services to block malware etc. While Exchange does have that built in, it is very basic and most users will require additional services. However that has been the case with all Microsoft products for many years and should really be expected.

            Simon Butler
            Exchange MVP

            More Exchange Content:
            Exchange Resources List:
            In the UK? Hire me:

            Sembee is a registered trademark, used here with permission.