Peter, Microsoft have done a pretty good job with SBS to make it all work on one box. The fact that you can telnet to port 25 is not an issue as you need this port open to allow incoming mail via SMTP. The telnet service on the server is a totally different item and works on a different port altogether. Using telnet from a client PC to get to port 25 simply shows that your server is in fact working and is not a security risk. with SBS if you run the Internet Connection Wizard and close off the ports you do not need then you are prettty safe. Yes having a seperate ISA box in front of SBS would be safer given that it would not be a domain controller, but again this would cost more $$$ and hassle to get it working - not really the type of thing that SBS was marketed towards. Regards, Wayne Small SBS MVP MCSE+I, MCSE 2000 Correct Solutions Pty Ltd Check out www.sbsfaq.com for more SBS FAQs and information. Contributions welcome! -----Original Message----- From: Peter Forster [mailto:pforster@xxxxxxxxxx] Sent: Saturday, 26 October 2002 1:12 AM To: [ISAserver.org Discussion List] Subject: [isalist] SBS and smtp service using Exchange http://www.ISAserver.org Hi yes I appreciate that the SMTP service had to be running on Exchange. With SBS the Exchange and ISA are on the same box, a perimeter box. This makes me vulnerable with being able to telnet to this box on port 25, even though my telnet service is not started. I imagine the most secure is to have the ISA box on the perimeter, then publish to an internal server. I have this working successfully on another site. That ISA box does not have the SMTP service running it publishes to the internal server that is a SecureNAT client. If I was to start the SMTP service on that box I would get a relay problem happening. Got to love this stuff.. I do! Thanks, Peter ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: wayne@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')