Now, the important part, Uncheck the "Allow all computers which successfully authenticate to relay, regardless of the list above." What this will do is confine relaying to the internal IPs, No longer will an external user be able to relay using an authenticated user's information. While that may have worked for you, it will not work if you have users connecting outside of the local LAN. Also, your setup will allow some one from an internal IP to relay freely. This could happen in a number of ways, including an internal user with Kaaza installed, an internal user that is using software to send out bulk e-mail and so forth. The point is Microsoft, or any one else, has no need to create any KB article about how to configure a certain way, as each situation is different and demands different configurations. For me or any of my clients, I will never allow free relay from the internal IP range. You must authenticate. Disallowing authenticated users to relay IS NOT AN ANSWER TO A WEAK PASSWORD POLICY! While there can be many right ways of doing things, coming up with a work around is not one of them. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com