IP Address Restrictions
You can restrict access to the SMTP server based on the remote computer’s IP address or DNS domain name (but not the e-mail domain). You can configure these options exactly as you do for the Web and FTP Services. See Modules 4 and 5 to review these procedures.
To configure these options,
Go to the Default SMTP Site dialog box and select the Directory Security tab.
Click the Edit button under “IP Address and Domain Name Restrictions” and choose whether, by default, to accept or deny access to remote computers.
If desired, click the Add button to specify exceptions to this default policy.
Relay Restrictions
By default, the SMTP Service is configured to accept only incoming messages destined for local domains hosted on the server itself, including incoming messages from e-mail clients or remote SMTP servers. This default is intended to thwart those who would forward thousands of unsolicited e-mail messages to the Internet through your SMTP server. However, with this configuration, the local SMTP server cannot be a Smart Host. Also, this configuration makes it impossible for e-mail clients to send messages to any domain except those hosted on the SMTP server itself.
When the SMTP Service receives a message destined for another remote domain and forwards it to the destination domain in the regular way, it has relayed the message. You can set relay restrictions at the Default SMTP Site level for all domains.
To set the default relay restrictions at the Default SMTP Site level for all remote domains,
Go to the Default SMTP Site dialog box and select the Directory Security tab.
Click the Edit under “Relay Restrictions” and, in the dialog box that appears, select whether all computers will be allowed to relay through the local SMTP server.
To specify exceptions to this general policy, click the Add button and type the IP address, range of IP addresses, or DNS domain name of the exception(s).
Note: Exceptions are defined by the remote computer’s IP address or DNS domain only. It is not possible to define exceptions based on the destination domain of the relayed message at the Default SMTP Site level.
If the default policy is not to allow messages to be relayed to remote domains, you can make an exception in two ways. One is by granting an exception based on the IP address or DNS domain name of the computer that wants to have a message relayed, as discussed above. Another way to grant exceptions is to specify which remote destination domains should always have their e-mail relayed to them, regardless of the IP address or DNS domain name of the originator. This permits the relaying of messages based on final destination, and not originating source.
To grant an exception to the no-relay policy at the Default SMTP Site level based on a message’s destination domain, create an object for that remote domain in the Domains container (see “Hosting Multiple Domains” earlier in this module). Go to the properties of this domain object, and check the “Allow Incoming Mail to Be Relayed to This Domain” box.
SMTP OPTIMIZATION
The simplicity of SMTP does not leave you very many parameters to tweak to improve performance. As with any network service, the performance of SMTP benefits from upgrading the server’s hardware, increasing network bandwidth, and relocating services to different machines.
Installing the SMTP Service adds counters for virtually all aspects of SMTP message processing to Performance Monitor, so you can measure very precisely the performance effects of configuration changes.
To optimize SMTP performance,
Do not require TLS for incoming messages.
Disable logging, or log only to text files (not to an ODBC database).
Do not perform DNS Reverse Lookups on incoming messages.
Do not restrict remote users’ access based on their DNS domain names.
Use a Smart Host to relay all messages to remote SMTP servers.
Limit the maximum number of connections per domain so that no single destination domain can monopolize the SMTP Service’s outgoing connections.
Do not require Basic or Challenge/Response authentication.
You can fine-tune the option for the Maximum Number of Outbound Messages per Connection on the Messages tab of the Default SMTP Site dialog box (Figure 9.3). Recall that when the SMTP Service connects to a remote system to deliver mail to it, messages are queued for delivery. If the number of queued messages exceeds this messages-per-connection value, new, concurrent connections are established with the target SMTP server.
If you clear this option, all messages go through a single connection, resulting in a significant reduction in message throughput (an 86 percent reduction from optimal, during one author’s informal testing). If the value is set too high, too much traffic is wasted simply maintaining the connections themselves, and message throughput suffers. The best value for this parameter is determined chiefly by the speed of the network connection to the remote SMTP server. Only testing will reveal the optimal setting.
REVIEW
You can use the SMTP Service to send e-mail within a private intranet to any other SMTP server on the Internet. However, software accompanying IIS and the Option Pack does not let e-mail clients check their e-mail or maintain private mailboxes on the IIS server.
Any properly formatted text file placed in the Pickup folder will be sent as e-mail. The SMTP server can be configured to use a Smart Host to perform all message forwarding on its behalf. TLS can be used to encrypt messages before they are sent or downloaded. To optimize SMTP’s performance, do not use DNS Reverse Lookups or TLS encryption, and pay attention to the “Maximum number of outbound messages per connection” option.
VOCABULARY
Before proceeding to the next module, review the following terms and definitions.
Term
Definition
SMTP domain
The SMTP domain is represented by the text after the @ character in an e-mail address. SMTP uses the domain to query DNS for the IP address of the remote SMTP server(s) responsible for all messages addressed to its domain.
TLS
Transport Layer Security is a form of SSL encryption that the SMTP Service uses to scramble messages from e-mail clients and other SMTP servers.
Smart host
A smart host is an SMTP server that receives, from the local SMTP server, all messages destined for remote domains; the smart host is similar to a default SMTP gateway.
Drop folder
The Drop folder is where all messages destined for locally hosted domains are put. When a SMTP server deposits a message into the Mailroot\Drop folder, its job is done.
NDR
A Non-Delivery Report is a message automatically sent to the original author of any message that cannot be delivered.
Masquerade domain
The masquerade domain is the domain name substituted in the header of an outgoing message in place of the name of the default local e-mail domain. The masquerade domain makes the message appear to be from the masquerade domain.
IN BRIEF
If you want to...
Do this...
Use another SMTP server to handle the routing of all outgoing messages to remote domains
In the Default SMTP Site dialog box, select the Delivery tab and type the name or IP address of another SMTP server in the Smart Host box.
Prevent “junk mailers” from relaying thousands of messages through your SMTP server out to the Internet
From the Default SMTP Site dialog box, select the Security tab and click Edit under “Relay Restrictions.” Then, select “Not allowed to relay.”
Have an administrator receive a copy of all Non-Delivery Reports
From the Default SMTP Site dialog box, select the Messages tab and type the e-mail address of the administrator in the “Send a copy of Non-Delivery Reports to” box.
Determine whether outgoing messages are being successfully delivered
Check the Mailroot\Badmail folder, which contains all undeliverable mail.
ACTIVITIES
Thoroughly researching and completing these activities will better prepare you for the exam.
Read the first few sections of RFCs 821 and 822, which define SMTP. On the Web, go to http://ds.internic.net/rfc/.
Create a text file using the directions presented on page 192 of this module and have this file delivered by placing it into the Mailroot\Pickup folder.
Relocate the Badmail folder, where undeliverable messages are stored.
Go to the Default SMTP Site dialog box.
Select the Messages tab.
Click browse to choose a new path for Badmail Directory.
Create a remote domain object, and permit message relaying to it.
Right-click the Domains container object; select New, Domain.
Choose Remote as the domain type.
Type mail.mycorp.com for the remote domain name, then click Finish.
Go to the properties of this new domain object and check the “Allow incoming mail to be relayed to this domain” box.
Enable encryption when uploading e-mail to the SMTP server for delivery.
From the Default SMTP Site dialog box, select the Directory Security tab.
Click Edit under “Secure Communications.”
Check the “Require secure channel” box and click OK. Note that this assumes a Server Certificate has already been installed.
Create an Expiration Policy to delete all articles older than seven days.
Right-click the Expiration Policies container, select New, Expiration Policy.
Type a descriptive name for the policy and click Next.
Select the button for “All Newsgroups on This Site.” Click Next.
Check the box for “When Articles Become Older Than” and select the number seven. Click Finish.
WinConnections Conference Fall 2008 Don’t miss the premier event for Microsoft IT Professionals in Las Vegas, November 10-13. Register and book your room by August 25 and receive a FREE room night (based on a three night minimum stay).
Master SharePoint with 3 eLearning Seminars Learn how to build a better SharePoint infrastructure and enable powerful collaboration with MVPs Dan Holme and Michael Noel. Register today!
SharePointConnections Conference Fall 2008 Don’t miss the premier event for Microsoft IT Professionals in Las Vegas, November 10-13. Register and book your room by August 25 and receive a FREE room night (based on a three night minimum stay).
VMworld 2008 - Sign Up Today! Join your peers on September 15-18 at The Venetian Hotel in Las Vegas as VMware hosts VMworld 2008, the leading Virtualization event.
Microsoft® Tech•Ed EMEA 2008 IT Professionals Advance your thinking with new ideas and practical real-world solutions at Microsoft’s FIVE day technical infrastructure conference 3-7 Nov., 2008. Register before 26 September 2008 to save €300.
Order Your Fundamentals CD Today! Gain an introduction to Exchange, learn server security requirements, and understand how unified communications can play a role in your messaging strategies with this free Exchange CD.
Are You Really Compliant with Software Regulations? View this web seminar that will help you with compliance best practices and check out a management solution to assure that you won’t be in jeopardy of an audit.
Virtualization Congress Oct. 14-16 in London Don't miss Virtualization Congress, the premiere EMEA conference dedicated to hardware, OS and application virtualization. Oct. 14-16 in London.
Windows IT Pro
Register
