Bonus Chapter: Using the SMTP Service for
Mail Relay
Copyright © 2002 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved. No part of this publication may be stored in a retrieval system, transmitted, or reproduced in any way, including but not limited to photocopy, photograph, magnetic or other record, without the prior agreement and written permission of the publisher.
ISBN: 0-7821-4067-X
SYBEX and the SYBEX logo are either registered trademarks or trademarks of SYBEX Inc. in the USA and other countries.
TRADEMARKS: Sybex has attempted throughout this book to distinguish proprietary trademarks from descriptive terms by following the capitalization style used by the manufacturer. Copyrights and trademarks of all products and services listed or described herein are property of their respective owners and companies. All rules and laws pertaining to said copyrights and trademarks are inferred.
This document may contain images, text, trademarks, logos, and/or other material owned by third parties. All rights reserved. Such material may not be copied, distributed, transmitted, or stored without the express, prior, written consent of the owner.
The author and publisher have made their best efforts to prepare this book, and the content is based upon final release software whenever possible. Portions of the manuscript may be based upon pre-release versions supplied by software manufacturers. The author and the publisher make no representation or warranties of any kind with regard to the completeness or accuracy of the contents herein and accept no liability of any kind including but not limited to
performance, merchantability, fitness for any particular purpose, or any losses or damages of any kind caused or alleged to be caused directly or indirectly from this book.
Sybex Inc.
1151 Marina Village Parkway Alameda, CA 94501 U.S.A.
Phone: 510-523-8233 www.sybex.com
Using the SMTP Service
for Mail Relay
O
ne important aspect of hosting a website for many people is being able to forward mail from forms on the site to e-mail accounts. I covered some of this in Chapter 37 of Win- dows XP Power Tools. FrontPage and other web development environments provide an easy means to set up e-mail-enabled forms, and publicly available scripts such as formmail.pl make it easy to accomplish in development environments that lack e-mail integration.It’s also useful in other situations to be able to forward mail. For example, perhaps you have developed a program or script that needs to send e-mail to a group list, but your other available e-mail servers impose restrictions on message relay. In this situation, you don’t need a full-blown e-mail server—just one that can send mail.
Another reason to set up your own e-mail relay server is to handle your own outgoing mail. To reduce spamming, many e-mail server administrators (the good ones, anyway) impose restrictions that prevent relay from outside of the server’s network. This means that your computer must reside in the mail server’s network to be allowed to relay. In many cases, this isn’t possible or practical. Setting up your own e-mail relay service lets your Windows XP computer act as your outgoing e-mail server.
In this bonus chapter, I explain the SMTP service included with Windows XP and describe how to configure and use it for e-mail relay. In addition to covering the nuts and bolts issues, this chapter also focuses on security.
NOTE This bonus chapter accompanies Windows XP Power Tools.
Overview of SMTP
Simple Mail Transport Protocol (SMTP) is the primary standard by which e-mail is relayed across the Internet. If you have an e-mail account with an ISP, it’s a sure bet that your e-mail
program uses SMTP to send messages to the server. The server then uses SMTP to relay the mail to its final destination through one or more other servers that also use SMTP.
SMTP isn’t the only e-mail protocol, however, although it is the most common for relay- ing messages between servers. E-mail clients typically send mail using SMTP, but they gen- erally use POP3 or IMAP to retrieve messages. Figure 1 illustrates one example of how e-mail is routed and received.
A full-blown e-mail server must support several different protocols. For example, it needs to support SMTP to enable clients to send outgoing messages and to communicate with other e-mail servers to exchange messages. The server needs to support at least one client protocol, such as POP3, IMAP, or HTTP, to enable clients to download their messages.
The SMTP service included in Windows XP Professional doesn’t turn a Windows XP computer into an e-mail server. Instead, the SMTP service enables the computer to function as an e-mail relay agent, accepting messages and relaying them to other servers for delivery.
For example, you can use the SMTP service to accept e-mail from a form on your website and send it to its intended recipient.
Or you might use the SMTP service to send your outgoing mail because you don’t have a cost-effective connection to a particular outgoing server. For example, I’ve had a CompuServe account for many years but have never had a local CompuServe access number. CompuServe blocks e-mail relay from outside of its network, which means that to send outgoing e-mail
Internet Remote Internet
client
Windows XP SMTP server
Mail server
“SNOOPY”
POP3/SMTP access to SNOOPY POP3/SMTP
access to SNOOPY
SMTP for outgoing mail
Local client
Local client
Local client
Local client
Local client
F I G U R E 1 :
E-mail systems rely on several protocols.
through CompuServe, I must dial into the CompuServe network (through a CompuServe dial-up line). Instead, I can use the Windows XP SMTP service as my outgoing e-mail server and the CompuServe server for my incoming mail server. My e-mail client connects to the Windows XP SMTP service, transfers outgoing mail to it, and the Windows XP computer then takes care of routing the messages to their destination.
In a nutshell, the Windows XP SMTP service is a mail relay agent, accepting messages for delivery to other e-mail servers. The SMTP service is not a full-blown e-mail server, how- ever. It provides no mailbox structure and no support for client protocols that would other- wise enable a client to retrieve e-mail from the server. It does provide an incoming (drop) e-mail folder, and while you could write an application to retrieve messages from the drop folder, that goes way beyond the scope of this book. So I’ll take the approach that you want to use the SMTP service to route messages from your website or use it as your outgoing e-mail server.
TIP The SMTP service relies on Domain Name System (DNS) to look up the mail exchange (MX) records needed to route messages. Before you install the SMTP service on your computer, make sure you configure DNS servers in the computer’s TCP/IP properties. If you can open a remote web page from the computer, then DNS is working.
Configuring the SMTP Service
There are several issues to consider when you use the SMTP service—it’s not just a matter of installing the service and letting it do its thing. You need to worry about access to the server, preventing remote users from abusing your server to route spam, and other considerations.
This section examines all these issues to help you successfully install and configure the SMTP service.
TIP Many of the configuration steps you can take to set up the SMTP service are really only necessary if the SMTP server will be available to anonymous users on the Internet. If your server resides on a private subnet and you use it only to send outgoing messages, you can generally just add the SMTP service and then start using it right away with its default settings.
Installing the Service
The SMTP service is a subcomponent of Internet Information Services (IIS) and could already be installed on your computer if you have installed IIS. To check, open the IIS con- sole from the Administrative Toolsfolder. The SMTP service is installed if the IIS console
includes a Default SMTP Virtual Server branch as shown in Figure 2. If this branch is miss- ing, you need to install SMTP.
To install SMTP, open the Add Or Remove Programs item in Control Panel and then click Add/Remove Windows Components. Select Internet Information Services in the component list and click Details. Place a check beside SMTP Service and click OK. Click Next and pro- vide the Windows XP CD or path to the Windows XP files when prompted by Setup.
As with web and FTP sites, IIS on Windows XP only supports one SMTP server. Rather than create a new server to suit your needs, you change the properties of the Default SMTP Server.
As with the other IIS components, you use the IIS console to manage the SMTP service.
The following sections explain how to configure each aspect of the service.
Configuring General Server Properties
Your first step is to verify and adjust the general properties for the server, if needed. Open the IIS console, right-click the Default SMTP Server, and choose Properties. The General tab (Figure 3) lets you configure the IP address for the server, the SMTP port, and a few other properties.
Use the IP Address drop-down list to select the IP address to which you want the SMTP service to respond. If you choose All Unassigned, the SMTP service will respond to SMTP requests to all IP addresses not assigned to other SMTP virtual servers. Considering that Windows XP only supports one server, this selection isn’t really applicable, although you can leave the server set for All Unassigned and the server will work just fine. If the computer contains multiple interfaces, you should specify one IP address to allow for proper network address translation, as explained later in the section “Receiving Mail from the Internet.”
F I G U R E 2 :
Setup adds a virtual SMTP server to the IIS console.
TIP The SMTP server can actually respond on more than one IP address and/or port. On a multihomed system, for example, you might want the ser vice to respond to both IP addresses on the standard port 25. Or you could have the server respond to two different ports on the same IP address. However, clients would still need to be configured to use the appropriate port.
The default port for SMTP is 25. There is only one scenario in which I recommend you change the port number: you have a third-party e-mail server application running on the computer that uses port 25, but you still want to use the Windows XP SMTP service to process outgoing messages. If that’s the case, you need to configure the SMTP service for an available port and configure the e-mail settings of the outgoing mail client or script to use that non-standard port.
To change ports or assign an additional IP address and port, click Advanced on the General tab to display the Advanced properties dialog box. Click Add to add another IP address and port, or click Edit to change the existing IP address/port combination.
You can also set the maximum number of SMTP connections and the connection timeout through the General tab. Windows XP is limited to 10 concurrent connections, and although you can enter a greater number in the Limit Number Of Connections field, Windows XP reverts to using a value of 10. The main purpose for this setting under Windows XP, therefore, is to limit the number of connections to fewer than 10 for security or performance reasons.
F I G U R E 3 :
Use the General tab to configure the SMTP service’s IP address, port, and connection settings.
You also configure SMTP logging on the General tab. Select Enable Logging if you want the SMTP service to log transactions between the server and clients. Use the Active Log Format drop-down list to choose the desired log format. I recommend you use the W3C Extended Log File Format because it offers extended logging options. Each of the log types uses an ASCII file format so you can view the logs with Notepad or other text editor.
TIP Contrary to the Help documentation, the Windows XP SMTP service does not support log- ging to an ODBC database. This option is available only with IIS running on a Win- dows 2000 Server or Windows .NET Server platform. This information appears incorrectly in the Help documentation because Microsoft simply ported the Windows 2000 Help doc- umentation to Windows XP.
Click Properties to configure the log settings. The General Properties tab of the Extended Logging Properties dialog box specifies how often Windows XP starts a new log file and the location of the log file.
TIP Select the option Use Local Time For File Naming And Rollover if you want to use midnight local time for log file creation and naming rather than Greenwich Mean Time (GMT).
Use the Extended Properties tab if you have selected the W3C format and want to control which items the SMTP service logs. Place a check beside each item you want to log, then click OK.
Controlling Access and Authentication
The Access tab of the STMP service’s properties (Figure 4) lets you control which authenti- cation methods the SMTP server allows, configure secure authentication with a certificate, control which computers can connect to the SMTP server, and determine which computers and domains can relay mail through the server.
Access Control
The SMTP service supports three authentication methods: anonymous, basic authentication, and Integrated Windows Authentication (IWA). The most common is anonymous, which allows a remote client or other e-mail server to connect to the server without providing user credentials.
NOTE For the purposes of this discussion, consider a remote e-mail server that communicates with your Windows XP SMTP service to be a client.
If you receive incoming messages from the Internet to your Windows XP SMTP server, you need to enable anonymous authentication because other e-mail servers on the Internet will have no knowledge of valid user credentials on your computer. In fact, you can use only anonymous authentication if you wish, but I recommend this only if you understand the risk of spamming through your server and take steps to avoid it, which I explain later in “Relay Restrictions.” If you are not receiving e-mail from the Internet, turn off anonymous access.
This will virtually eliminate the possibility of spamming through your computer.
The Basic Authentication option allows the client to send user credentials in clear text. If the network isn’t susceptible to sniffing (you’re on a private subnet with no potential hackers in your local organization), this option is acceptable. If you choose to support this method, you can specify a default domain name to be appended to the user name. You need do this only if the account resides in a domain rather than on the local computer.
TIP For airtight security, you can select the option Requires TLS Encryption. This requires that incoming messages be encrypted using Transport Layer Security, or TLS. The client must support TLS to use this option.
The third option, Integrated Windows Authentication, allows the client to negotiate the connection without transmitting passwords across the network. However, it requires that the user have an e-mail client that supports IWA. Both Outlook Express and Outlook support IWA authentication.
F I G U R E 4 :
Use the Access tab to configure authentica- tion and other security settings.
Whichever method(s) you choose for authentication, keep in mind that the Basic and IWA options require that the client provide user credentials to access the SMTP service. This is easy to accomplish if all the clients are local and you have control of them, but impossible to accomplish with undetermined public Internet clients and servers.
Using Certificates and SSL
For greater security, you can use SSL to secure transactions between clients and the e-mail server. To accomplish this, you must first obtain a server certificate for your Windows XP SMTP server. I explained in detail in Chapter 37 how to obtain a certificate to support SSL for a website. If you haven’t already obtained a certificate for that purpose, refer to that chapter to learn how to obtain and install one. The process is the same for an SMTP server. Just click Cer- tificate on the Access tab to start the Web Server Certificate Wizard and complete the process.
If you already have a certificate installed on the server for web access and want to use it for SMTP, click Certificate on the Access tab. In the wizard, choose the option Assign An Existing Certificate and click Next. Select the existing certificate, then click Next through the rest of the wizard to complete the process.
Finally, click Communication to open the Security dialog box (Figure 5). Select the option Require Secure Channel to require SSL, or leave it deselected to allow SSL as an option.
Select Require 128-Bit Encryption if you want to force the clients to use that.
Connection Control
You can control which computers can connect to your SMTP server. For example, assume you’re using the SMTP service to process outgoing mail for your website, and only want the server itself to be able to send mail through the service. In that case, you would limit access only to the server’s IP address. Or perhaps you are using the server as the outgoing mail ser- vice for everyone on your local network; for that, you allow each IP address individually or allow the range of IP addresses used on your LAN. You can also allow access based on the computer’s DNS domain name.
F I G U R E 5 :
Configure SSL with the Security dialog box.
Click Connection on the Access tab to configure access to the server. On the Connection dialog box, you can specify that access be limited to only those addresses and domains specif- ically listed (most likely) or allow access to all clients except those listed. Use the latter option if anonymous clients on the Internet need to connect to your server to deliver mail, and then add the IP address or domains of clients that you do not want to be able to connect.
TIP If you are using the SMTP server as the mail transfer agent for users in your own organiza- tion or for a sister company, but anonymous Internet clients do not need to connect to your server, choose the option Only The List Below. Then explicitly add the IP addresses, subnet, or domain of the computers that need access. This option provides the best security. How- ever, if your clients connect from the road by a public dial-up connection, it’s unlikely that you’ll be able to keep track of the addresses used and won’t be able to restrict access by IP address or domain name. Instead, use relay restrictions to prevent unauthorized access.
To add a computer to the list—either to allow or deny access—click Add on the Connec- tion dialog box to display the Computer dialog box. If adding a range of computers, enter the subnet address and the subnet mask. For the local subnet 192.168.0.x, for example, use 192.168.0.0 and 255.255.255.0 for the address and mask, respectively. If adding a domain, specify the domain name for the clients without the host name, such as example.com.
Relay Restrictions
I hate spam…the e-mail kind, not the meat product (although my taste runs more to a juicy steak). Spam continues to exist for two reasons: many e-mail administrators don’t understand how to prevent spammers from using their e-mail servers to relay mail, and many public e-mail services and ISPs do a lousy job of identifying and restricting spam.
If you set up your own e-mail relay agent through the Windows XP SMTP service and fail to address this problem, it won’t be long before spammers find and begin to abuse your server. The end result will be that those ISPs and e-mail services that are doing a good job of spam manage- ment will soon block your IP address or domain, and your e-mail will no longer be delivered.
NOTE If your server resides on a private subnet behind a firewall, and you don’t allow incoming SMTP through a firewall, you don’t need to worry about anyone spamming your SMTP server.
In this section, I assume that your server is available to the Internet for incoming SMTP traf- fic or you want to restrict who on your local LAN can send e-mail through your SMTP server.
After all, one of your co-workers could be an evil spammer!
You configure relay restrictions through the Access tab of the SMTP server’s properties.
Click Relay to open the Relay Restrictions dialog box. As with connection limitations, you can either allow all users on the list, excluding all others, or deny relay ability to everyone on the specified list, allowing all others.
Realistically, remote mail servers on the Internet should never need to relay through your SMTP server unless you are using the SMTP server as a portal to another e-mail server (which I don’t recommend). For that reason, the best approach is to deny relay to all but those clients you explicitly allow. Select the option Only The List Below and then click Add to add the individual IP addresses, address ranges, or domain names of clients that will be allowed to send mail through the SMTP server.
TIP Even if the computer is available publicly on the Internet and you are using it for mail delivery to your domain, remote e-mail ser vers still do not need to relay through your server to deliver mail to your domain. However, this assumes that you are using a custom application to pull the e-mail from the server, since it doesn’t provide mailboxes or client protocols.
Setting Message Limits
You can use the Messages tab of the SMTP service’s properties (Figure 6) to set limits on outgoing messages and specify how the server should handle non-deliverable mail.
The following options control message and connection limits:
Limit Message Size Use this option to set a maximum size for outgoing messages.
The default value is 2,048 KB—that is, 2 MB. If you sometimes need to send larger files, increase this value.
F I G U R E 6 :
Configure message limits on the Mes- sages tab.
Limit Session Size This option controls the total amount of data that the server will accept during a session. The default value is 10,240 KB—that is, 10 MB. If you need to send larger amounts of data, increase this value.
Limit Number Of Messages Per Connection Use this option to limit the number of messages that a client can send in a given session. Keeping this value relatively low can help prevent or reduce spamming. Also, keeping the number low can speed message deliv- ery if you send a large number of messages. The server sends the maximum number of messages and then automatically starts a new session to send the next set, repeating the process until all messages are sent.
Limit Number Of Recipients Per Message Use this option to limit the number of recipients that the server will process in one operation for a given message. If the Windows XP SMTP service receives a message with more than the specified number of recipients, the service sends the maximum and then immediately opens another session to continue sending the message to the remaining recipients.
Send Copy Of Non-Delivery Report To Specify the e-mail address to which you want a copy of all non-delivery receipts (NDRs) sent. For example, if the SMTP service sends a message and the message is rejected by the destination e-mail server, the SMTP service copies the NDR to the specified address. Generally, this should be an e-mail address that you monitor on a regular basis.
Badmail Directory The SMTP service places in this folder the messages that it can’t deliver. You should periodically check the folder and either resend the messages or delete them. Rely on the NDR to let you know when a message doesn’t go through.
Setting Delivery Options and Restrictions
The Delivery tab (Figure 7) contains the settings that determine how the SMTP service handles outgoing messages. The retry intervals on the Delivery tab define how often the SMTP service attempts to resend messages after a delivery problem occurs. For example, the destination e-mail server might be offline, or a network problem has rendered it temporarily unavailable. The SMPT server waits the specified amount of time and then tries to resend the message.
Use the Delay Notification setting in the Outbound control group to specify how long the SMTP service waits after a failed delivery attempt to notify the sender that message delivery has been delayed. The default is 12 hours. Use the Expiration Timeout settings in the Out- going group to specify how long the SMTP service will attempt to deliver a message before it gives up and returns an NDR. The Delay Notification and Expiration Timeout settings in the Local control group specify the same behaviors for local message delivery (as opposed to remote delivery).
Configuring Connections to Remote Servers
Click Outbound Security if you need to configure the way the SMTP service interacts with remote e-mail servers; Windows XP displays the dialog box shown in Figure 8.
F I G U R E 8 :
Use the Outbound Security dialog box to configure authentica- tion to remote servers.
F I G U R E 7 :
Configure options for outgoing messages on the Delivery tab.
If your computer is only acting as an outgoing mail server to deliver messages to anony- mous servers, you can leave the default setting of Anonymous Access selected. The only rea- son to use a different authentication method is if you need to connect to a remote server (such as your corporate mail server) that requires authentication or encryption. If that’s the case, choose either Basic Authentication or Integrated Windows Authentication depending on what the remote server requires, and enter the appropriate user name and password in the fields provided. Select the TLS Encryption option if the remote server requires Transport Layer Security.
NOTE Unlike incoming connections, you can choose only one authentication method for outgoing messages.
Limiting Outbound Connections
Click Outbound Connections on the Delivery tab to open the Outbound Connections dialog box. Use this dialog box to set the following properties:
Limit Number Of Connections To Set the maximum number of concurrent outgoing connections.
Time-Out Set the timeout period for each connection. Windows XP drops the connec- tion if the timeout period is reached.
Limit Number Of Connections Per Domain To Set the maximum number of con- nections to a given remote domain. For example, if set to 100, the SMTP service would establish a maximum of 100 concurrent connections to yahoo.comto deliver messages to that domain. This value should not be greater than the value of Limit Number Of Con- nections To.
TCP Port Specify the TCP port the service should use to connect to the remote e-mail server(s). All of the remote servers must listen on the specified port, so you will usually change this only if you are connecting only to one well-known server (or a few that use the same nonstandard port).
Setting Advanced Delivery Options
Click Advanced on the Delivery tab to open the Advanced Delivery dialog box (Figure 9) and set advanced options.
The following list summarizes the settings on this dialog box:
Maximum Hop Count Set the maximum number of routers the message can travel through before it is considered undeliverable. The default is 15, and you should generally not need to change this setting unless you need to pass through a lot of local routers to reach the Internet.
Masquerade Domain The domain you specify here replaces the domain name that appears in the Mail From portion of the message header. This value doesn’t affect what the e-mail client sees as the From address. It applies to the first hop only.
Fully-Qualified Domain Name (FQDN) This field specifies the host name by which your SMTP server is identified for message delivery and needs to match the MX record you have created in your DNS zone for your Windows XP SMTP server. By default, the SMTP service uses the FQDN taken from the computer’s properties, but you can specify a different name in this field to use instead.
Check DNS Click this button to perform a DNS lookup on the FQDN specified for the SMTP server to validate the name.
Smart Host Use this option to route all outgoing mail to another e-mail server, which processes the messages for delivery. For example, assume your Windows XP computer uses a particular default gateway to the Internet, but your organization includes a mail server or relay agent with a more efficient connection to the Internet. Routing the messages through the smart host is therefore more cost effective. Specify the FQDN of the smart host, or enter its IP address enclosed in square brackets, such as [192.168.0.75]. Including the brackets identifies the entry as an IP address and bypasses DNS lookup.
Attempt Direct Delivery Before Sending To Smart Host Select this option if you are using a smart host and want your SMTP service to attempt to deliver the messages before forwarding them to the smart host. The SMTP service forwards the message to the smart host if it is unable to deliver the message itself.
F I G U R E 9 :
Set the maximum hop count and other advanced settings with the Advanced Delivery dialog box.
Perform Reverse DNS Lookup On Incoming Messages When this option is enabled, the SMTP service attempts a reverse DNS lookup of the sender’s IP address with the host and domain submitted by the client when it establishes communications with your server.
If the IP address resolves, the SMTP service leaves the RECEIVED header in the message intact (which references the sender’s host/domain). If the IP address does not resolve, the SMTP service changes the RECEIVED header data to include unverifiedafter the IP address. Reverse lookup imposes a lot of system overhead, so I don’t recommend you use this option unless you suspect spamming or other abuse of your SMTP server.
Configuring LDAP Routing
Lightweight Directory Access Protocol (LDAP) enables directory services to exchange infor- mation and clients to look up information in a directory. Windows 2000 Active Directory (AD) is an example of a directory service.
The LDAP Routing tab of the SMTP service’s properties (Figure 10) lets you set up your SMTP service to use LDAP queries against a remote LDAP server to resolve destination addresses. For example, assume you have an Exchange 2000 Server installed in your organi- zation, and you are using the Windows XP SMTP service to deliver messages that originate from your website. You can configure your SMTP service to look up addresses in Active Directory to resolve the addresses of both senders and receivers. This allows the SMTP ser- vice to accomplish such tasks as resolving a distribution-list address into individual destina- tion addresses.
F I G U R E 1 0 :
Use the LDAP Routing tab to enable LDAP queries to a remote LDAP server.
When you select the Enable LDAP Routing option, you can set the following options:
Server Specify the name or address of the remote LDAP server. You don’t need to spec- ify a server if you choose the Exchange LDAP Service schema type.
Schema Select from this drop-down list the type of directory service hosted by the remote LDAP server. Choose Active Directory to connect to AD on a Windows 2000 Server or Windows .NET Server domain controller. Choose Site Server Membership Directory to query against a Microsoft Commercial Internet System 2 e-mail server.
Choose Exchange LDAP Service if you are querying against a Microsoft Site Server 3 or later LDAP server.
Binding Select from this drop-down list the method that the SMTP service uses to authenticate on the remote LDAP server.
Domain If you choose the Plain Text or Windows SSPI binding type, enter in this field the domain name in which the specified user account resides (see the next option).
User Name Specify the user name to use to authenticate on the remote server. Use the distinguished name (DN) in the format cn=user,ou=users,o=company.
Password Provide the password for the account specified by the User Name field.
Base Specify the container in the directory at which you want to begin the search. Setting the base appropriately can decrease search time, because the search can be focused on a spe- cific container. For example, if you need to query only a specific organization unit in the directory, enter that OU as the base, such as ou=support, to search only the support OU.
Configuring Security
The Security tab lists the accounts that have the ability to act as operators for the SMTP ser- vice, making configuration changes to the SMTP service. Adding other users is easy. Just click Add, enter or search for the account, and click OK.
Adding and Configuring Domains
When you add the SMTP service, Setup creates a default domain using the FQDN of the computer hosting the SMTP service. It takes the FQDN from the computer’s DNS settings for the TCP/IP protocol. The SMTP service uses the default domain to stamp messages from addresses that have no domain specified. Incoming messages that are destined for the specified domain are treated as local messages and are delivered to the domain’s specified drop folder.
TIP You can’t delete the default domain unless you first create a new domain and designate that domain as the default.
You can create additional domains for the SMTP service. The domain can be an alias to the local domain or can point to a remote domain. Incoming messages destined for the alias domain are delivered to the default domain’s drop folder. Incoming messages destined for a remote domain are forwarded to the remote domain, either through DNS resolution or through a smart host that you designate.
Alias Domains
The main reason to create alias domains is to support multiple domains on one SMTP server.
For example, my main domain is boyce.ws. However, I also own the domain stuffyourhead.com.
If I want to receive e-mail to both domains with a single SMTP server, I create the default boyce.ws domain and then create an alias domain for stuffyourhead.com. The result is that incoming messages destined for the stuffyourhead.com domain are delivered to the local SMTP drop folder rather than forwarded.
To create an alias domain, open the IIS console and expand the Default SMTP Virtual Server branch. Right-click Domains and choose New➢Domain. Select Alias in the wizard and click Next. When prompted for the domain name, specify the name for the second domain (stuffyourhead.com in this example) and click Finish.
Remote Domains
Remote domains act differently from alias/local domains. You can create and configure a remote domain so that messages received by the SMTP service that are destined for that domain are routed to the appropriate smart host, or are simply routed using DNS. In this scenario, you’re probably using the SMTP service on the Windows XP computer as a mail forwarding agent for internal domains.
You can also use remote domains to prevent e-mail from being forwarded to remote domains. For example, you might host three domains but want e-mail to be delivered only to two of them. You would add a remote domain for each, but configure the third to not allow messages to be relayed to the domain.
When you create a remote domain, you have the ability to specify the connection between the Windows XP SMTP service and the remote domain. For example, you can specify the authentication method required for the connection, set the method the SMTP service uses to initiate a session to the remote server, and specify that the remote server must connect to the local SMTP server to retrieve waiting messages. This latter option is called triggered delivery. I’ll cover it shortly.
To create a remote domain, right-click the Domains branch under the SMTP virtual server in the IIS console and choose New➢Domain. Select Remote in the wizard and click Next. Specify the name of the remote domain and click Finish.
Next, double-click the newly-created domain to open the properties for the domain. The following list explains the options on the General tab:
Allow Incoming Mail To Be Relayed To This Domain Select this option to allow incoming mail destined for the remote domain to be relayed to the domain. Clear this option to prevent messages from forwarding to the remote domain.
Send HELO Instead of EHLO Servers that support Extended SMPT support the use of the EHLO command to establish a connection. If the remote domain doesn’t support Extended SMTP, you can use this option to force the Windows XP SMTP service to use SMTP and the HELO command instead.
Outbound Security Click to set the authentication method required by the remote domain’s server. You can use anonymous, basic, or Integrated Windows Authentication.
See the discussion of authentication earlier in this bonus chapter for more information.
Use DNS To Route To This Domain Select this option if you want the SMTP service to route mail for the remote domain using DNS lookups for the remote domain’s MX record(s).
Forward All Mail To Smart Host Select this option to forward the mail to a smart host, which will forward the mail to the remote domain.
Managing Sessions
The Current Sessions branch of the SMTP virtual server in the IIS console displays any cur- rent connections to other servers. Unless the servers are transferring a lot of messages, or the server is very active, you generally won’t have time to see the sessions come and go. You can, however see the session details if the server is very active or transferring a large number of messages.
In most cases, you won’t need to terminate a session, but there are some situations where you might need to do so. For example, if you’re being spammed, you can terminate the ses- sion and then block that domain through the properties for the virtual server as explained previously. Right-click a session in the right pane and choose Terminate to terminate that session. Right-click Current Sessions in the left pane and choose Terminate All to terminate all sessions.
Sending Mail through the Server
Sending mail through your Windows XP SMTP server is really an easy task—just treat it like any other mail server. Whether you specify the computer’s DNS name or its IP address
depends on your network configuration and the presence or lack of a host record in DNS for the server.
For example, assume there are client computers on your LAN that need to send e-mail out through the server. In the clients’ e-mail programs, specify the IP address of the Windows XP SMTP server as the outgoing mail server. Or, if the server has a host name in DNS that points to its IP address, specify the FQDN instead, such as mail.example.com.
You might also need to configure settings to enable the web server to send e-mail through the server. FrontPage Server Extensions includes a setting to designate the mail server for outgoing messages generated by FrontPage forms. See Chapter 38 for detailed information on FrontPage Server Extensions. If you are using a Perl script such as formmail.pl, modify the script to point to the IP address or host name of the server.
Receiving Mail from the Internet
As I explained earlier in this bonus chapter, the SMTP service can accept incoming messages from the Internet as well as messages that come from the local network. Most of the time you’ll use the SMTP service to route mail to other mail servers, because the Windows XP SMTP service lacks mailboxes or client protocols.
Configuring your network to allow incoming mail from the Internet to be directed to your Windows XP SMTP server is really no different from setting up a full-blown e-mail server.
If the server resides on a public subnet (has a public IP address), then you can simply create an MX record in the DNS zone for the domain and point it to the public IP of the Windows XP computer. If the server resides on a private subnet behind a firewall, you need to create an MX record that points to a public IP address that routes to the firewall, and then create a network address translation (NAT) mapping between the public IP address referenced by the MX record and the private IP address of the SMTP server.
Implementing a Full-Blown E-Mail Server
At some point you might decide that you need the capabilities of a full-blown e-mail server, including mailboxes, client protocols, etc. Contrary to what you might think, this doesn’t necessarily mean installing Windows 2000 Server or Windows .NET Server and installing an application such as Exchange 2000 Server. There are several e-mail server applications that function just fine on Windows XP (and also on earlier platforms such as Windows 98).
I’ve included a small selection on the CD.
TIP Many of these e-mail servers also add the ability to pull e-mail from remote accounts on other ser vers and deliver them to local mailboxes. For example, I use EFS from www.chimera.co.nz to pull all of my CompuServe mail down to my local e-mail server to scrub for viruses, generate out-of-office replies, and so on.
The following list is a small selection of the e-mail servers that are available for Windows platforms in a range of prices. Check out your favorite download site for more.
ArGoSoft Mail Server This e-mail server is available in three versions: Freeware, Plus, and Pro. The free version does a good job as a simple e-mail server with an unlimited number of accounts, support for SMTP authentication, and other features. The Plus and Pro versions add such features as enhanced administration, support for distribution lists and auto-responders, filters, message limits, and many more. Preview the program’s fea- tures at www.argosoft.com/applications/mailserver.
EFS (Email Forwarding Server) This free program pulls mail from remote POP3 accounts and delivers it to a local mail server. The program can distribute messages to mul- tiple local accounts. The registered version adds other management features, support for multiple domains, and many other features. Find out more at www.chimera.co.nz.
IA eMail Server This e-mail server application supports SMTP and POP3 and provides support for a wide range of mailbox types. In addition to user mailboxes, the program sup- ports alias and group mailboxes, mailing list mailboxes, and several other types for special message handling. The SmartPOP feature enables the server to retrieve messages from external POP3 accounts, so you can integrate your external accounts into your local mail server. The program supports rules-based scanning, virus scanning, and much more.
Check it out at www.tnsoft.com/msoverview.htm.
Sambar Server Pro This full-featured server product not only includes an e-mail server, but also contains FTP, DNS, web, DHCP, and several other server components. The e-mail server includes support for SMTP and POP3 support, as well as web-based retrieval of e-mail, which eliminates the need for an e-mail client. The program includes an incredi- ble amount of features at a very low price. Find out more at www.sambar.com.
VPOP3 This e-mail server provides local mailboxes as well as the ability to retrieve e-mail from remote POP3 accounts. The server can be configured to transfer messages on a scheduled basis, allowing it to function through a dial-up connection. You can purchase optional add-ons for fax send/receive, virus scanning, and other features. You’ll find infor- mation at www.pscs.co.uk/products/vpop3/index.html.
