You want to minimize the attack surface of your Exchange servers by disabling unnecessary services.
Log in to the target Exchange server using an account with administrative privileges.
Open the Services snap-in (services.msc).
Check Table 10-2 for services that you need for your server type (Exchange 2000 or Exchange Server 2003) and role (front- or back-end server).
For each service in the table, verify that its startup type is set appropriately.
Table 10-2. Service settings for Exchange front- and back-end servers
Enabled on FE?
Enabled on BE?
Microsoft Exchange Information Store
The IS is required for servers that serve mailboxes, but it's also required for SMTP bridgeheads so they can generate and process NDRs.
Microsoft Exchange System Attendant
The SA is required to do any sort of Exchange management. You can disable it on the FE, but you'll need to reenable it before you can make changes to the server's ettings via ESM.
IIS Admin Service
Required if you're using IMAP, POP, Web, SMTP, NNTP, or well as the routing service; can be disabled otherwise.
FTP Publishing Service
Not installed by default on Windows 2003. Don't ever enable this unless you're running an FTP server.
World Wide Web Publishing Service
The W3SVC is required for web access via OWA, OMA, or EAS.
This service ...