Any insight on this would be gretly appreciated. I have implimented Tom's solution for using SMTP Auth to protect exchange 2000 smtp. It works flawlessly. If your not sending to a remote domain I have listed your dropped. If your not Authorized via windows security package you can not relay through my virtual. Now the issue. I want to implement Imail server for providing email hosting. It works great for what it is intended for. I have it running, but not in the same secure manner as my exchange is. Imail gives you about 4 choices on securing smtp relaying. The strongest is based on being a user in the imail user database to be able to relay. However, they warn that manipulation of the header can allow it to be compromised. Their option of a NT user base being used states it MUST be installed on a pdc/bdc. I am running w2k AD and have NO intentions of putting a email server for the masses on a DC. My question is.....since I am using Imail user database is there a way for me to secure smtp relaying like I did exchange even though I can't use the "windows security package" for authentication. thanks as always John Lyon http://www.accuwired.com