Firstly, I know nothing about how exchange operates and what is and isn't possible.
We're trying to send mail from our webserver (AWS) through our own mail server(In house) but for this we need an authentication method enabling in exchange. Our systems are managed by an outside company who have a contract with us, they seem very reluctant to enable any type of authentication for remote IPs to use (We asked them first back in February). Their latest response was to decline our request again and told us just use Amazon SES. I have no access to this server myself, so any answers can only be used when I talk to them next.
1) Are there any major security issues with enabling an authentication method on a server? (I'm aware that basic auth sends details in plain text)
2) Does Exchange offer an IP whitelist?
3) Is there an idiot proof guide to how to set all of this up?
Here is the result of connecting over telnet:
220 domain.com Microsoft ESMTP MAIL Service ready at Thu, 23 May 2 ehlo name 250-domain.com Hello [ip.ip.ip.ip] 250-SIZE 10485760 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-STARTTLS 250-AUTH 250-8BITMIME 250-BINARYMIME 250 CHUNKING
Best Answer
For 1) and 2):
You can set up a custom Receive Connector in Exchange that allows your preferred authentication type, and can be limited to accepting connections from only certain Networks, IPs, User types, etc.:
If you are aware the credentials are sent in plain text (with basic authentication), then you understand the primary security risks, and you'll have to decide if those risks are OK with you.
For 3):
See the link in the first line of this answer. :) Also, if you pay them to manage your Exchange Server, and they can't figure this out without an "Idiot-Proof" guide, then you need to consider a new Exchange host.