Although IIS cannot host more than one SMTP site, the one site can host multiple e-mail domains. If a domain is locally hosted, the SMTP Service considers itself — specifically, the Drop folder — the final destination of messages addressed to that domain.
To view the domains that the local SMTP Service hosts, expand the Default SMTP Site and select the Domains object. The Results Pane lists both the locally hosted domains and any remote domains that require special delivery configuration. The Type column indicates whether the domain is local or remote. See Figure 9.5 for an example.
You do not need to explicitly create and list remote domains to forward mail to them. The SMTP Service automatically queries DNS for the IP addresses of remote SMTP servers when a message is destined for a remote domain. However, on occasion you may have to create a remote domain object to specify delivery options that should apply only when sending mail to that domain.
To create either a local or remote domain object in the Results pane,
Right-click the Domains node under the Default SMTP Site, select New, and then click Domain. This launches the New Domain Wizard.
Choose Local or Remote and click Next.
Type the e-mail domain name and click Finish.
Configuring Local Domains
The Default Local Domain dialog box lets you, as an administrator, change the location of the Drop folder. Click Browse or type the path to a folder on a local drive.
Note: You must specify at least one Default Local Domain, and it cannot be deleted.
The Default Local Domain is important because it is the name of the e-mail domain used for return address information on outgoing messages. Unless otherwise specified, the From domain in e-mail is the Default Local Domain.
Configuring Remote Domains
A remote domain object is created when you want special delivery options to apply to messages going to this domain only.
Route Domain
The Route Domain is the NETBIOS name, fully qualified domain name, or IP address of another SMTP server that should always be used when forwarding messages to that remote domain. The Route Domain is similar to a Default SMTP Gateway for just this one remote domain and handles all further routing of the messages. This option overrides the Smart Host setting at the Default SMTP Site level.
Note: Enclose the IP address of the Route Domain in brackets ([ ]) to improve performance.
Allow Incoming Mail to Be Relayed to This Domain
When the SMTP Service receives a message from another SMTP server, the message is usually destined for a local domain hosted on the IIS server itself. Some messages, however, may merely be passing through to other remote domains. In this case, the SMTP Service acts as an e-mail router or as another server’s Smart Host. For a particular remote domain, you can change options configured at the Default SMTP Site level by checking or clearing this box. See “SMTP Security,” below, for more information.
Outbound Security
We discuss outbound security under “SMTP Security,” below.
SMTP SECURITY
SMTP security is important for several reasons, including preventing the unauthorized use of one’s SMTP servers and encrypting messages during transit between SMTP servers. The principal threats come from individuals who make money by using other people’s SMTP servers to send unsolicited e-mail advertisements (“junk mailers”) and those who intercept messages as they are routed from SMTP server to SMTP server.
There are four SMTP security features: authentication methods, encryption, IP address restrictions, and relay restrictions.
Authentication Methods
Authentication is the process of verifying someone or something’s identity. Once authenticated, users or computers can be granted access to some resources and denied access to others based on their identity. Authentication usually requires a user name and password.
With the SMTP Service, you can require the authentication of remote clients and servers before granting access to SMTP services. Conversely, remote SMTP servers may demand that the local SMTP Service authenticate itself to them before they accept any messages from it. Like the Web and FTP Services, the SMTP Service can use the Anonymous, Basic, and Windows NT Challenge/Response authentication methods.
To require authentication of incoming clients and servers, go to the Default SMTP Site dialog box and click on the Directory Security tab. Click the Edit button under “Anonymous Access and Authentication Control.” To understand the requirements and implications of using each authentication method, review the earlier Web and FTP modules.
To connect to remote SMTP servers that require authentication from the local SMTP Service, you must know a user name and password valid on the remote system. With this information, go to the Default SMTP Site dialog box and select the Delivery tab. Click on the Outbound Security button. On this dialog box, type the user name and password that should be used when connecting to a remote SMTP server.
Instead of choosing a default authentication method for all remote domains, it is better to create domain objects for just those remote domains that require authentication. (Any destination domain for which a domain object has been created will be accessed using the properties of this object, instead of properties at the Default SMTP Site level.) You accomplish this by creating the domain objects (as discussed earlier under “Hosting Multiple Domains”). If you go to the properties of the object, you can modify the remote domain that requires authentication by clicking on the Outbound Security button. A dialog box containing authentication options identical to those available at the Default SMTP Site level appears; however, options specified here apply only to those connecting to the domain specified by (or associated with) this object.
Encryption
Encryption is a technique for scrambling a message so that it is unintelligible to all but the intended recipient. Encryption does not imply authentication. You can use encryption when connecting to remote SMTP servers or when accepting connections from remote servers and e-mail clients.
Encryption is achieved through a mechanism similar to that used in the Secure Sockets Layer (SSL) protocol for the Web Service. A Public Key encryption scheme called Transport Layer Security (TLS) is used for the SMTP Service. To require that incoming messages be encrypted, you must have a Server Certificate installed in Key Manager. Sending encrypted messages does not require a certificate on the local server. Review Module 7 for more information about Public Key encryption schemes.
Encrypting Outgoing Messages
You can set outgoing encryption as a default for all connections to remote domains, or particular remote domains can have their own custom encryption settings.
To require encryption on all outgoing messages to remote domains, go to the Default SMTP Site dialog box and select the Delivery tab. Click the Outbound Security button and check the TLS Encryption box (see Figure 9.6).
To override the default encryption setting at the Default SMTP Site level for a particular remote domain, create an object for that domain in the Domains container (see “Hosting Multiple Domains” earlier in this module). Go to the dialog box for the remote domain object and click the Outbound Security button. Then, check or clear the box for TLS Encryption to set this option; remember that properties set here apply only to the domain referenced by this object.
Encrypting Incoming Messages
Encrypting incoming messages from remote SMTP servers or e-mail clients requires a Server Certificate on the local SMTP server. Review Module 7 for more information about installing a Server Certificate.
You configure required encryption for incoming messages at the Default SMTP Site level. There is no option for overriding this setting for particular remote domains, e-mail clients, or IP addresses. To set this requirement, go to the Default SMTP Site dialog box and select the Directory Security tab. Click the Edit button under Secure Communications. In the dialog box that appears, check the “Require secure communications” box.
Note: Although TLS is not mentioned in the dialog box, this is in fact the encryption scheme being enabled.
If the SMTP server is located in the U.S. or Canada, you can check the “Require 128-bit encryption” box. The default encryption method uses a 40-bit key.
Order Your SQL Fundamentals CD Today! Learn how to use SQL Server, understand Office integration techniques and dive into the essentials of SQL Express and Visual Basic with this free SQL Fundamentals CD.
You've Deployed SharePoint...Now What? This one-day free online conference delivers the technical knowledge needed to kick MOSS up a notch. In one information-packed day, independent SharePoint experts will present practical, real-world information and provide take-away, ready-to-use solutions
What Would You Do If You Ran Microsoft? ITTV's 2008 inaugural video contest, "If I Ran Microsoft..." is your chance to tell it like it is. Be goofy or be serious, but don"t miss this chance to have fun, win prizes, and go viral in a major way.
Maximize Your SharePoint Investment This web seminar discusses how true bi-directional replication of SharePoint content from one server to another enables branch offices to maintain access to current SharePoint content.
Windows IT Pro
Register
