Microsoft Exchange Server 2003 supports Simple Mail Transfer Protocol (SMTP), Internet Message Access Protocol 4 (IMAP4), and Post Office Protocol 3 (POP3). These protocols play an important role in determining how mail is delivered and transferred both within and outside the Exchange organization.
SMTP is the native mail protocol for mail submission and mail transport. This means that clients use SMTP to send messages and Exchange servers use SMTP to deliver messages and message data.
IMAP4 is a protocol for reading mail and accessing public and private folders on remote servers. Clients can log on to an Exchange server and use IMAP4 to download message headers and then read messages individually while online.
POP3 is a protocol for retrieving mail on remote servers. Clients can log on to an Exchange server and then use POP3 to download their mail for offline use.
Each of these protocols has an associated virtual server. You use virtual servers to specify configuration information and control access. You can also create additional virtual servers.
The following sections examine the key tasks you’ll use to manage SMTP, IMAP4, and POP3.
SMTP, IMAP4, and POP3 services are hosted on separate virtual servers. A virtual server is a server process that has its own configuration information, which includes an Internet Protocol (IP) address, a port number, and authentication settings. If you installed SMTP, IMAP4, and POP3 using the default options:
The default SMTP virtual server is configured to use any available IP address on the server and respond on port 25. SMTP virtual servers replace and extend the Internet Mail Connector and Internet Mail Service that were used in previous versions of Exchange Server. To control outbound connections and message delivery, you configure the default SMTP virtual server for the organization.
The default IMAP4 virtual server is configured to use any available IP address on the server and respond on ports 143 and 993. Port 143 is used for standard communications, and port 993 is used for Secure Sockets Layer (SSL) communications. IMAP4 virtual servers allow Internet clients to download message headers and then read messages individually while online.
The default POP3 virtual server is configured to use any available IP address on the server and respond on ports 110 and 995. Port 110 is used for standard communications, and port 995 is used for SSL communications. POP3 virtual servers allow Internet clients to download mail for offline use.
You can change the IP address and port assignment at any time. In most cases you’ll want the messaging protocol to respond on a specific IP address. For SMTP, this is the IP address or addresses you’ve designated in the Domain Name System (DNS) mail exchanger (MX) records for the domains you’re supporting through Exchange Server. For IMAP4 and POP3, this is the IP address or IP addresses associated with the fully qualified domain name (FQDN) of the Exchange servers providing these services.
Although a single Exchange server could provide SMTP, IMAP4, and POP3 services, you can install these services on separate Exchange servers. Here are some typical scenarios:
In a moderately sized enterprise, you might want one Exchange server to handle SMTP and another to handle IMAP4 and POP3. You install Server A as the SMTP server and then update the domain’s MX record so that it points to Server A. Next, you install Server B as the POP3 and IMAP4 server. Afterward, you configure Internet mail clients so that they use Server B for POP3 and IMAP4 (incoming mail) and Server A for SMTP (outgoing mail).
In a large enterprise, you might want a different Exchange server for each protocol. You install Server A as the SMTP server and then update the domain’s MX record so that it points to Server A. Next, you install Server B as the POP3 server and Server C as the IMAP4 server. Afterward, you configure POP3 clients so that they use Server B for POP3 (incoming mail) and Server A for SMTP (outgoing mail). Then you configure IMAP4 clients so that they use Server C for IMAP4 (incoming mail) and Server A for SMTP (outgoing mail).
When mail exchange is critical to the enterprise, you might want to build fault tolerance into the Exchange organization. Typically, you do this by installing multiple Exchange servers that support each protocol. For example, to ensure fault tolerance for SMTP, you could install Server A, Server B, and Server C as SMTP servers. Then, when you create the domain’s MX records, you set a priority of 10 for Server A, a priority of 20 for Server B, and a priority of 30 for Server C. In this way, any one of the servers can be offline without affecting mail submission and delivery in the organization.
A single virtual server can provide messaging services for multiple domains. You can also install multiple virtual servers of the same type. You can use additional virtual servers to help provide fault tolerance in a large enterprise or to handle messaging services for multiple domains. When you create multiple SMTP virtual servers, you must also create additional MX records for the servers.
Regardless of whether you’re working with SMTP, IMAP4, or POP3, you’ll perform a common set of administrative tasks. These tasks are examined in this section.
Virtual servers run under a server process, which you can start, stop, and pause much like other server processes. For example, if you’re changing the configuration of a virtual server or performing other maintenance tasks, you might need to stop the virtual server, make the changes, and then restart it. When you stop a virtual server, it doesn’t accept connections from users, and you can’t use it to deliver or retrieve mail.
An alternative to stopping a virtual server is to pause it. Pausing a virtual server prevents new client connections, but it doesn’t disconnect current connections. When you pause a POP3 or IMAP4 virtual server, active clients can continue to retrieve mail. When you pause an SMTP virtual server, active clients can continue to submit messages and the virtual server can deliver existing messages that are queued for delivery. No new connections are accepted, however.
The master process for each virtual server of a particular type is the Microsoft Windows service under which the virtual server process runs—either Simple Mail Transfer Protocol (SMTP), Microsoft Exchange IMAP4, or Microsoft Exchange POP3. Stopping the master process stops all virtual servers using the process and halts all message delivery for the service. Starting the master process restarts all virtual servers that were running when the master process was stopped.
You can start, stop, or pause a virtual server by completing the following steps:
Start System Manager. If administrative groups are enabled, expand the administrative group in which the server you want to use is located.
In the console tree, navigate to the Protocols container. Expand Servers, expand the server you want to work with, and then expand Protocols.
In the console tree, expand SMTP, IMAP4, or POP3, and then right-click the virtual server you want to manage. You can now do the following:
Select Start to start the virtual server.
Select Stop to stop the virtual server.
Select Pause to pause the virtual server.
Note
The metabase update service is responsible for processing and replicating configuration changes. This service reads data from Active Directory and enters it into the virtual server’s local metabase. Exchange Server uses the service to make configuration changes to virtual servers on remote systems without needing a permanent connection. When the service updates a remote server, it might need several minutes to read and apply the changes.
You can start, stop, or pause the master process for virtual servers by completing the following steps:
Start Computer Management. Click Start, Programs or All Programs as appropriate, Administrative Tools, and then Computer Management.
If you wish to connect to a remote server, right-click the Computer Management entry in the console tree. Choose Connect To Another Computer from the shortcut menu. You can now choose the Exchange server for which you want to manage services.
Expand the Services And Applications node by clicking the plus sign (+) next to it, and then choose Services. The SMTP, Microsoft Exchange IMAP4, and Microsoft Exchange POP3 services control SMTP, IMAP4, and POP3, respectively.
Right-click the service you want to manipulate, and then select Start, Stop, or Pause as appropriate. You can also choose Restart to have Windows stop and then start the service after a brief pause. If you pause a service, you can use the Resume option to resume normal operation.
Each virtual server has an IP address and a Transmission Control Protocol (TCP) port configuration setting. The default IP address setting is to use any available IP address. On a multihomed server, however, you’ll usually want messaging protocols to respond on a specific IP address and to do this, you need to change the default setting.
What the default port setting is depends on the messaging protocol being used and whether SSL is enabled or disabled. Table 15-1 shows the default port settings for key protocols used by Exchange Server 2003.
Table 15-1. Standard and Secure Port Settings for Messaging Protocols
Protocol | Default Port | Default Secure Port |
|---|---|---|
SMTP | 25 | |
HTTP | 80 | 443 |
IMAP4 | 143 | 993 |
POP3 | 110 | 995 |
NNTP (Network News Transfer Protocol) | 119 | 563 |
To change the IP address or port number for a virtual server, complete the following steps:
Start System Manager. If administrative groups are enabled, expand the administrative group in which the server you want to use is located.
In the console tree, navigate to the Protocols container. Expand Servers, expand the server you want to work with, and then expand Protocols.
In the console tree, expand SMTP, IMAP4, or POP3. Right-click the virtual server you want to manage, and then select Properties.
On the General tab, use the IP Address drop-down list to select an available IP address. Select (All Unassigned) to allow the protocol to respond on all unassigned IP addresses that are configured on the server.
Tip
If the IP address you want to use isn’t listed and you want the server to respond on that IP address, you’ll need to update the server’s TCP/IP network configuration. For details, see "Configuring Static IP Addresses" in Chapter 16 of Microsoft Windows Server 2003 Administrator’s Pocket Consultant (Microsoft Press, 2003).
On the General tab, click Advanced. As Figure 15-1 shows, the Advanced dialog box shows the current TCP port settings for the protocol. You can assign ports for individual IP addresses and for all unassigned IP addresses.
Use the following options in the Advanced dialog box to modify port settings:
Add. Adds a TCP port on a per IP address basis or all unassigned IP address basis. Click Add, and then select the IP address you want to use.
Edit. Allows you to edit the TCP port settings for the currently selected entry in the Address list box.
Remove. Allows you to remove the TCP port settings for the currently selected entry in the Address list box.
Click OK twice.
You can control incoming connections to virtual servers in several ways. You can do the following:
Grant or deny access using IP addresses or Internet domain names.
Require secure incoming connections.
Require authentication for incoming connections.
Restrict concurrent connections and set connection time-out values.
Each of these tasks is discussed in the sections that follow.
Note
With SMTP, you can configure both incoming and outbound connections. To learn how to configure outbound connections for SMTP, see the section of this chapter entitled "Configuring Outgoing Connections."
By default, virtual servers are accessible to all IP addresses, which presents a security risk that could allow your messaging system to be misused. To control use of a virtual server, you might want to grant or deny access by IP address, subnet, or domain.
Granting access allows a computer to access the virtual server but doesn’t necessarily allow users to submit or retrieve messages. If you require authentication, users still need to authenticate themselves.
Denying access prevents a computer from accessing the virtual server. As a result, users of the computer can’t submit or retrieve messages from the virtual server—even if they could have authenticated themselves with a user name and password.
As stated earlier, POP3 and IMAP4 virtual servers control message retrieval by remote clients and SMTP virtual servers control message delivery. Thus, if you want to block users outside the organization from sending mail, you deny access to the SMTP virtual server. If you want to block users from retrieving mail, you deny access to POP3, IMAP4, or both.
Note
You can also restrict access by e-mail address. To do this, you must set a filter and then enable the filter on the SMTP virtual server. For details, see the section of Chapter 13, "Part IV," entitled "Configuring Antispam and Message Filtering Options."
To grant or deny access to a virtual server by IP address, subnet, or domain, follow these steps:
Start System Manager. If administrative groups are enabled, expand the administrative group in which the server you want to use is located.
In the console tree, navigate to the Protocols container. Expand Servers, expand the server you want to work with, and then expand Protocols.
In the console tree, expand SMTP, IMAP4, or POP3. Right-click the virtual server you want to manage, and then select Properties.
Click Connection on the Access tab. As shown in Figure 15-2, the Computers list shows the computers that currently have connection controls.
To grant access to specific computers and deny access to all others, select Only The List Below.
To deny access to specific computers and grant access to all others, select All Except The List Below.
Create the grant or deny list. Click Add, and then in the Computer dialog box, specify Single Computer, Group Of Computers, or Domain.
For a single computer, type the IP address for the computer, such as 192.168.5.50.
For groups of computers, type the subnet address, such as 192.168.5, and the subnet mask, such as 255.255.0.0.
For a domain name, type the FQDN, such as eng.microsoft.com.
Caution
When you grant or deny by domain, Exchange Server must perform a reverse DNS lookup on each connection to determine whether the connection comes from the domain. These reverse lookups can severely affect Exchange Server’s performance, and this performance impact increases as the number of concurrent users and connections increases.
If you want to remove an entry from the grant or deny list, select the related entry in the Computers list and then click Remove.
Click OK.
By default, mail clients pass connection information and message data through an insecure connection. If corporate security is a high priority, however, your information security team might require mail clients to connect over secure communication channels. You have several options for configuring secure communications, including smart cards, SSL, and Pretty Good Privacy (PGP). In an environment in which you need to support multiple transfer protocols, such as HTTP and SMTP, SSL offers a good solution.
You configure secure SSL communications by completing the following steps:
Create a certificate request for the Exchange server for which you want to use secure communications. Each server (but not necessarily each virtual server) must have its own certificate.
Submit the certificate request to a certification authority (CA). The certification authority then issues you a certificate (usually for a fee).
Install the certificate on the Exchange server. Repeat Steps 1 through 3 for each Exchange server that needs to communicate over a secure channel.
Configure the server to require secure communications on a per virtual server basis.
Following this procedure, you could create, install, and enable a certificate for use on a virtual server by completing the following steps:
Start System Manager. If administrative groups are enabled, expand the administrative group in which the server you want to use is located.
In the console tree, navigate to the Protocols container. Expand Servers, expand the server you want to work with, and then expand Protocols.
In the console tree, expand SMTP, IMAP4, or POP3. Right-click the virtual server for which you want to use secure communications, and then select Properties.
On the Access tab, click Certificate. This starts the Web Server Certificate Wizard. Use the wizard to create a new certificate. For additional virtual servers on the same Exchange server, you’ll want to assign an existing certificate.
Send the certificate request to your CA. When you receive the certificate back from the CA, access the Web Server Certificate Wizard from the virtual server’s Properties dialog box again. Now you’ll be able to process the pending request and install the certificate.
When you’re finished installing the certificate, don’t close the Properties dialog box. Instead, on the Access tab, click Communication.
In the Security dialog box, click Require Secure Channel. If you’ve also configured 128-bit security, select Require 128-Bit Encryption.
Click OK twice.
You can control incoming connections to a virtual server in two ways. You can set a limit on the number of simultaneous connections and you can set a connection time-out value.
Virtual servers normally accept an unlimited number of connections, and in most environments this is an acceptable setting. However, when you’re trying to prevent a virtual server from becoming overloaded, you might want to limit the number of simultaneous connections. Once the limit is reached, no other clients are permitted to access the server. The clients must wait until the connection load on the server decreases.
The connection time-out value determines when idle connections are disconnected. Normally, connections time out after they’ve been idle for 30 minutes. In most situations a 30-minute time-out value is sufficient. Still, there are times when you’ll want to increase the time-out value, and this primarily relates to clients who get disconnected when downloading large files. If you discover that clients get disconnected during large downloads, the time-out value is one area to examine. You’ll also want to look at the Message Transfer Agent settings as discussed in Chapter 14.
You can modify connection limits and time-outs by completing the following steps:
Start System Manager. If administrative groups are enabled, expand the administrative group in which the server you want to use is located.
In the console tree, navigate to the Protocols container. Expand Servers, expand the server you want to work with, and then expand Protocols.
In the console tree, expand SMTP, IMAP4, or POP3. Right-click the virtual server that you want to work with, and select Properties. This displays the Properties dialog box, as shown in Figure 15-3.
To remove connection limits, clear the Limit Number Of Connections To check box. To set a connection limit, select the Limit Number Of Connections To check box and then type the limit value.
The Connection Time-Out field controls the connection time-out. Type the new time-out value in minutes. In most cases, you’ll want to use a time-out value between 30 and 90 minutes.
Click OK.
A user session is started each time a user connects to a virtual server. The session lasts for the duration of the user’s connection. Each virtual server tracks user sessions separately. By viewing the current sessions, you can monitor server load and determine which users are logged on to a server and how long they have been connected. If an unauthorized user is accessing a virtual server, you can terminate the user’s session, which immediately disconnects the user. You also have the option of disconnecting all users who are accessing a particular virtual server.
To view or end user sessions, complete the following steps:
Start System Manager. If administrative groups are enabled, expand the administrative group in which the server you want to use is located.
In the console tree, navigate to the Protocols container. Expand Servers, expand the server you want to work with, and then expand Protocols.
In the console tree, expand SMTP, IMAP4, or POP3, and then double-click the virtual server that you want to work with.
You should now see a node called Current Sessions. Select this node in the console tree. The details pane displays current sessions.
To disconnect a single user, right-click a user entry in the details pane, and then select Terminate.
To disconnect all users, right-click any user entry in the details pane, and then select Terminate All.
SMTP virtual servers have two roles in the Exchange organization. They handle mail transport and mail submission. This means that servers use SMTP to deliver messages and clients use SMTP to submit messages. The tasks you use to manage SMTP virtual servers are examined in this section.
When you first install Exchange Server 2003 in an organization, a default SMTP virtual server is created. The default SMTP virtual server is used for mail transport and mail submission.
In most cases you won’t need to create an additional SMTP virtual server. However, if you’re hosting multiple domains and you want to have more than one default domain, you might want to create additional SMTP virtual servers to service these domains. Another reason to create additional SMTP virtual servers is for fault tolerance. When you have several SMTP virtual servers, one of the servers can go offline without stopping message delivery in the Exchange organization.
You can create additional SMTP virtual servers by completing the following steps:
If you want the SMTP virtual server to use a new IP address, you must configure the IP address before installing the SMTP virtual server. For details, see "Configuring Static IP Addresses" in Chapter 16 of Microsoft Windows Server 2003 Administrator’s Pocket Consultant.
Start System Manager. If administrative groups are enabled, expand the administrative group in which the server you want to use is located.
In the console tree, navigate to the Protocols container. Expand Servers, expand the server you want to work with, and then expand Protocols.
In the console tree, right-click SMTP, point to New, and then select SMTP Virtual Server. As shown in Figure 15-4, this starts the New SMTP Virtual Server Wizard.
Type a descriptive name for the virtual server, and then click Next.
Use the IP Address drop-down list to select an available IP address. Choose (All Unassigned) to allow SMTP to respond on all IP addresses that are configured on the server and have not been assigned. The TCP port is mapped automatically as port 25.
Click Finish to create the virtual server. If the default startup setting for the SMTP service is set to Automatic, the new SMTP virtual server starts automatically as well.
Configure the server using the tasks outlined in this section and the earlier section entitled "Mastering Core SMTP, IMAP4, and POP3 Administration."
SMTP delivery options determine how mail is delivered once a connection has been established and the receiving computer has acknowledged that it’s ready to receive the data transfer. This section shows you how to use the configuration options that determine how message delivery and transfer occurs.
You can set the following options to control message delivery:
Outbound retry intervals
Outbound and local delay notification
Outbound and local expiration time-out values
Message hop count
Domain name options
Reverse DNS lookups
External DNS server lists
Once a connection has been established and the receiving computer has acknowledged that it’s ready to receive the data transfer, Exchange Server attempts to deliver messages queued for delivery to the computer. If a message can’t be delivered on the first attempt, Exchange Server tries to send the message again after a specified time. Exchange Server keeps trying to send the message at the intervals you’ve specified until the expiration time-out is reached. When the time limit is reached, the message is returned to the sender with a nondelivery report (NDR). The default expiration time-out is two days.
After each failed attempt to deliver a message, Exchange Server generates a delay notification and queues it for delivery to the user who sent the message. Notification doesn’t occur immediately after failure. Instead, Exchange Server sends the delay notification message only after the notification delay interval and then only if the message hasn’t already been delivered. The default delay notification is 12 hours.
The way in which Exchange Server handles delay notification and expiration time-out values depends on whether the message originated within or outside the organization. Exchange Server handles messages that originate within the organization using the local delay notification and expiration time-out values. Exchange Server handles messages that originate outside the organization using the outbound delay notification and expiration time-out values.
Tip
A copy of the failed message and the NDR can be sent to your organization’s postmaster or other administrator’s inbox. To do this, follow the procedure outlined in the section of this chapter entitled "Managing Message Delivery for SMTP and the Exchange Server Organization."
You can view or change the retry interval, delay notification, and expiration time-out by completing the following steps:
Start System Manager. If administrative groups are enabled, expand the administrative group in which the server you want to use is located.
In the console tree, navigate to the Protocols container. Expand Servers, expand the server you want to work with, and then expand Protocols.
In the console tree, expand SMTP. Right-click the virtual server that you want to work with, and then select Properties. The default SMTP virtual server controls message delivery for the default domain.
Click the Delivery tab, as shown in Figure 15-5, and then use the following options to set the retry values:
First Retry Interval (Minutes). Sets the amount of time to wait after the first delivery attempt. The default is 10 minutes.
Second Retry Interval (Minutes). Sets the amount of time to wait after the second delivery attempt. The default is 10 minutes after the first retry interval.
Third Retry Interval (Minutes). Sets the amount of time to wait after the third delivery attempt. The default is 10 minutes after the second retry interval.
Subsequent Retry Interval (Minutes). Sets the amount of time to wait after the fourth and subsequent delivery attempts. The default is 15 minutes.
Set the outbound delay notification and expiration time-out values using the Delay Notification and Expiration Timeout fields in the Outbound panel. You can set these values in minutes, hours, or days.
Set the local delay notification and expiration time-out values using the Delay Notification and Expiration Timeout fields in the Local panel. You can set these values in minutes, hours, or days.
Click OK.
Messages can be routed through many different servers before reaching their final destination. The number of servers a message passes through is called the hop count. As an administrator, you can control the maximum allowable hop count and you’ll usually want to do this to prevent a message from being repeatedly misrouted.
The default maximum hop count is 30, which works well for most network configurations. However, if users frequently get NDRs that state that the maximum hop count was reached and the message wasn’t delivered, you might want to consider increasing the maximum allowable hop count. The number of received lines in the message header determines the total hops.
Caution
Don’t automatically increase the hop count without first examining the network. NDRs due to the hop count can also indicate network problems. You can run a traceroute command (tracert hostname) to the destination mail server to help determine if a misconfigured or down network is the source of the delivery problem.
You can view or set the maximum hop count by completing the following steps:
Start System Manager. If administrative groups are enabled, expand the administrative group in which the server you want to use is located.
In the console tree, navigate to the Protocols container. Expand Servers, expand the server you want to work with, and then expand Protocols.
In the console tree, expand SMTP. Right-click the virtual server that you want to work with, and then select Properties. The default SMTP virtual server controls message delivery for the default domain.
On the Delivery tab, click Advanced. This displays the Advanced Delivery dialog box.
If you want to change the hop count, type a new value in the Maximum Hop Count field. Valid values are between 10 and 256.
Click OK twice.
Domain names play an important role in determining how mail is delivered in the enterprise, and you have two options for configuring domain name usage. You can set a masquerade domain, or you can set an FQDN for the SMTP virtual server.
A masquerade domain replaces the local domain name in any Mail From lines in the message header. Mail From information is used to determine the address for sending NDRs and doesn’t replace the From lines in the message body that are displayed to mail clients. The name replacement occurs on the first hop only.
The FQDN of the Exchange server is used in mail delivery. The server must have an FQDN, and this FQDN is associated with an e-mail domain through a DNS MX record. In Exchange Server you have two options for specifying an FQDN:
You can use the name specified on the Network Identification tab of the System utility.
You can specify a unique FQDN for the SMTP virtual server you’re configuring.
The name on the Network Identification tab is used automatically. If you change the name on this tab, the new name is used the next time the computer is rebooted. No action is required to update the FQDN for the virtual server. However, if you want to override the setting on the Network Identification tab, you can do so by specifying a unique FQDN for the SMTP virtual server.
You can set the masquerade domain name or override the default FQDN by completing the following steps:
Start System Manager. If administrative groups are enabled, expand the administrative group in which the server you want to use is located.
In the console tree, navigate to the Protocols container. Expand Servers, expand the server you want to work with, and then expand Protocols.
In the console tree, expand SMTP. Right-click the virtual server that you want to work with, and then select Properties. The default SMTP virtual server controls message delivery for the default domain.
On the Delivery tab, click Advanced. This displays the Advanced Delivery dialog box shown in Figure 15-6.
In the Masquerade Domain field, type the domain name to which you would like NDRs to be sent. This domain name replaces the default domain name in outgoing message headers.
If you want to override the default FQDN, type a new value in the Fully- Qualified Domain Name field. Click Check DNS to ensure that you’ve entered the correct value and that DNS resolution is configured properly.
Click OK twice.
When you want to put extra controls on how DNS is used with a particular virtual server, you have several options. You can enable reverse DNS lookups or you can specify an explicit list of external DNS servers to use for name resolution.
With reverse lookups enabled, Exchange Server attempts to verify that the mail client’s IP address matches the host and domain submitted by the client in the start session command. If the IP and DNS information match, Exchange Server passes the message through without modifying its contents. If Exchange Server can’t verify the IP and DNS information, Exchange Server modifies the message header so that the key word "unverified" is inserted on the Received line of the message header.
As stated previously, reverse lookups can severely affect Exchange Server’s performance, and this performance impact increases as the number of concurrent users and connections increases. Because of this, you’ll want to be very cautious about enabling reverse lookups.
DNS servers are used to resolve host and domain names for message delivery. Internal DNS servers are used to resolve host and domain names within the organization, and external DNS servers are used to resolve names outside the organization. Normally, the list of DNS servers that you want to use for name resolution is configured in the TCP/IP settings for the Exchange server. If necessary, you can override these settings for external servers by defining an external DNS server list for an individual virtual server.
Once the external DNS server list is created, the SMTP virtual server uses only the servers on that list. If you want to keep using some or all of the local DNS servers, you must manually add those IP addresses to the list.
To enable reverse DNS lookups or define an external DNS server list, complete the following steps:
Start System Manager. If administrative groups are enabled, expand the administrative group in which the server you want to use is located.
In the console tree, navigate to the Protocols container. Expand Servers, expand the server you want to work with, and then expand Protocols.
In the console tree, expand SMTP. Right-click the virtual server that you want to work with, and then select Properties. The default SMTP virtual server controls message delivery for the default domain.
On the Delivery tab, click Advanced. This displays the Advanced Delivery dialog box shown previously in Figure 15-6.
To enable reverse lookups, select the Perform Reverse DNS Lookup On Incoming Messages check box. To disable reverse lookups, clear this check box.
To define an external DNS server list, click Configure. The External DNS list shows the servers that are currently configured (if any). The order of entries in the list is extremely important. The SMTP virtual server starts with the top DNS server and then goes down the list until one of the servers returns the information it needs. You use the options in the Configure dialog box as follows:
Add. Adds an entry to the external DNS server list. Click Add, type the IP address of a DNS server, and then click OK.
Remove. Removes a selected entry from the external DNS server list. Select the entry you want to remove, and then click Remove.
Move Up. Moves the selected entry up in the priority list. Select the entry you want to change, and then click Move Up.
Move Down. Moves the selected entry down in the priority list. Select the entry you want to change, and then click Move Down.
Click OK three times.
Exchange Server 2003 supports three authentication methods for incoming SMTP connnections:
Anonymous authentication. With anonymous authentication, users can log on with an anonymous or guest account. This allows users to access server resources without being prompted for user name and password information.
Basic authentication. With basic authentication, users are prompted for logon information. When entered, this information is transmitted unencrypted across the network. If you’ve configured secure communications on the server as described in the section of this chapter entitled "Controlling Secure Communications for Incoming Connections," you can require clients to use SSL. When you use SSL with basic authentication, the logon information is encrypted before transmission.
Integrated Windows authentication. With integrated Windows authentication, Exchange Server uses standard Windows security to validate the user’s identity. Instead of prompting for a user name and password, clients relay the logon credentials that users supply when they log on to Windows. These credentials are fully encrypted without the need for SSL, and they include the user name and password needed to log on to the network.
In most cases, only the basic and integrated Windows authentication methods should be enabled for SMTP. With this configuration, the logon process looks like this:
Exchange Server attempts to obtain the user’s Windows credentials. If the credentials can be validated and the user has the appropriate access permissions, the user is allowed to log on to the virtual server.
If validation of the credentials fails or no credentials are available, the server uses basic authentication and tells the client to display a logon prompt. When the logon information is submitted, the server validates the logon. If the credentials can be validated and the user has the appropriate access permissions, the user is allowed to log on to the virtual server.
If validation fails or the user doesn’t have appropriate access permissions, the user is denied access to the virtual server.
As necessary, you can enable or disable support for these authentication methods by completing the following steps:
Start System Manager. If administrative groups are enabled, expand the administrative group in which the server you want to use is located.
In the console tree, navigate to the Protocols container. Expand Servers, expand the server you want to work with, and then expand Protocols.
In the console tree, expand SMTP. Right-click the virtual server that you want to work with, and then select Properties.
On the Access tab, click Authentication. This displays the Authentication dialog box shown in Figure 15-7.
Select or clear the Anonymous Access check box to enable or disable anonymous access. If you enable anonymous access, no user name or password is required to access the SMTP virtual server.
Select or clear the Basic Authentication check box to enable or disable this authentication method. If you disable basic authentication, keep in mind that this might prevent some clients from accessing mail remotely. Clients can log on only when you enable an authentication method that they support.
A default domain isn’t set automatically. If you enable basic authentication, you can choose to set a default domain that should be used when no domain information is supplied during the logon process. Setting the default domain is useful when you want to ensure that clients authenticate properly.
Select or clear the Integrated Windows Authentication check box to enable or disable this authentication method.
Click OK twice.
By default, SMTP virtual servers deliver messages to other servers without authenticating themselves. This mode of authentication is referred to as anonymous. You can also configure SMTP virtual servers to use basic or integrated Windows authentication. However, you’ll rarely use an authentication method other than anonymous when configuring an SMTP virtual server’s outbound security.
In fact, one of the only times you’ll use basic or integrated Windows authentication with an SMTP virtual server’s outbound security is when the server must deliver all e-mail to a specific server or e-mail address in another domain. That is, the server delivers mail to only one destination and doesn’t deliver mail to other destinations. If you need to configure authentication for e-mail delivered to a particular server and also need to deliver mail to other servers, you should configure an Exchange connector to send mail to that specific server and use anonymous authentication for all other mail.
To view or change the outbound security settings for an SMTP virtual server, complete the following steps:
Start System Manager. If administrative groups are enabled, expand the administrative group in which the server you want to use is located.
In the console tree, navigate to the Protocols container. Expand Servers, expand the server you want to work with, and then expand Protocols.
In the console tree, expand SMTP. Right-click the virtual server that you want to work with, and then select Properties.
On the Delivery tab, click Outbound Security. To use standard delivery for outgoing messages, click Anonymous Access.
To set basic authentication for outgoing messages, click Basic Authentication. Under User Name and Password, type the account name and password that are required to connect to the remote server.
To set integrated Windows authentication for outgoing messages, select Integrated Windows Authentication, and then under Account and Password, type the Windows account name and password that are required to connect to the remote server.
Click OK twice.
With SMTP virtual servers you have much more control over outgoing connections than you do over incoming connections. You can limit the number of simultaneous connections and the number of connections per domain. These limits set the maximum number of simultaneous outbound connections. By default, no maximum is set, and this can cause performance problems. To improve performance, you should optimize these values based on the size of your Exchange environment and the characteristics of your server hardware.
You can set a connection time-out that determines when idle connections are disconnected. Normally, outbound connections time out after they’ve been idle for 10 minutes. Sometimes you’ll want to increase the time-out value, primarily when you’re experiencing connectivity problems and messages aren’t getting delivered.
You can also map outbound SMTP connections to a TCP port other than port 25. If you’re connecting through a firewall or proxy, you might want to map outgoing connections to a different port and then let the firewall or proxy deliver the mail over the standard SMTP port (port 25).
You set outgoing connection controls by completing the following steps:
Start System Manager. If administrative groups are enabled, expand the administrative group in which the server you want to use is located.
In the console tree, navigate to the Protocols container. Expand Servers, expand the server you want to work with, and then expand Protocols.
In the console tree, expand SMTP. Right-click the virtual server that you want to work with and select Properties.
On the Delivery tab, click Outbound Connections. This displays the Outbound Connections dialog box shown in Figure 15-8.
To remove outgoing connection limits, clear Limit Connections To. To set an outgoing connection limit, select the Limit Number Of Connections To check box, and then type the limit value. Valid values are from 1 to 1,999,999,999.
The Time-Out field controls the connection time-out. Type the new time-out value in minutes. Valid values are from 30 to 99,999,999. In most cases, you’ll want to use a time-out value between 30 and 90 minutes.
To set an outgoing connection limit per domain, select the Limit Number Of Connections Per Domain To check box, and then type the limit value. Valid values are from 1 to 1,999,999,999. You can remove the per domain limit by clearing this check box.
To map outgoing connections to a different port, in the TCP Port field, type the outbound port that the firewall or proxy expects.
Click OK twice.
You can use messaging limits to control Exchange usage and to improve throughput for message delivery. You can set the maximum allowable message size. Clients who attempt to send a message larger than this size get an NDR that states the message exceeds this limit. The default limit is 4096 KB.
Note
You can set message size limits that apply to both incoming and outgoing mail globally on all user mailboxes and individually on specific mailboxes. You set global limits through Message Delivery under Global Settings. You set individual limits in the user’s Properties dialog box.
You can set the maximum size of all messages that can be sent in a single connection. You should always set the session limit so that it’s several times larger than the message size limit. The default limit is 10240 KB.
You can control the number of messages that can be sent in a single connection. When the number of messages exceeds this value, Exchange Server starts a new connection and transfer continues until all messages are delivered. Optimizing this value for your environment can improve server performance, especially if users typically send large numbers of messages to the same external domains. The default is 20. If you had 50 messages queued for delivery to the same destination server, Exchange Server would open three connections and use these connections to deliver the mail. Because message delivery would take less time, you could considerably enhance Exchange Server’s performance.
You can also control the number of recipients for a single message. When the number of recipients exceeds this value, Exchange Server opens a new connection and uses this connection to process the remaining recipients. The default value is 64,000, but a more practical limit is 1000. Using the limit of 1000, a message queued for delivery to 2500 recipients would be sent over three connections. Again, because message delivery would take less time, you could considerably enhance Exchange Server’s performance.
You set messaging limits by completing the following steps:
Start System Manager. If administrative groups are enabled, expand the administrative group in which the server you want to use is located.
In the console tree, navigate to the Protocols container. Expand Servers, expand the server you want to work with, and then expand Protocols.
In the console tree, expand SMTP. Right-click the virtual server that you want to work with and select Properties.
Click the Messages tab, shown in Figure 15-9.
Use the message size limit settings to strictly control the maximum message size. To disable this limit, clear the Limit Message Size To (KB) check box. Otherwise, select the Limit Message Size To (KB) check box and use the related field to set a message size limit.
Use session limits to strictly control the maximum size of all messages that can be sent in a single session. To disable this limit, clear the Limit Session Size To (KB) check box. Otherwise, select the Limit Session Size To (KB) check box and use the related field to set a session size limit.
Use the messages per connection limit to force Exchange Server to open new connections when multiple messages are queued for delivery to the same destination. To disable this limit, clear the Limit Number Of Messages Per Connection To check box. Otherwise, select the Limit Number Of Messages Per Connection To check box and use the related field to set a limit.
Use recipient limits to force Exchange Server to open new connections when messages are addressed to many recipients. To disable this limit, clear the Limit Number Of Recipients Per Message To check box. Otherwise, select the Limit Number Of Recipients Per Message To check box and use the related field to set a limit.
Click OK.
When a message is undeliverable or a fatal error occurs during delivery, Exchange Server generates an NDR and attempts to deliver it to the sender. SMTP virtual server options provide several ways that you can configure how Exchange Server handles nondelivery.
For tracking purposes, you can send a copy of all NDRs to a specific e-mail address such as the organization’s postmaster account. The e-mail address specified is also placed in the Reply-To field of the NDR. This allows users to respond to the error message and potentially reach someone who can help resolve the problem.
If an NDR can’t be delivered to the sender, a copy of the original message is placed in the "bad" mail directory. Messages placed in this directory can’t be delivered or returned. You can use the bad mail directory to track potential abuse of your messaging system. By default, the bad mail directory is located at root:ExchsrvrMailrootVsi#BadMail, where root is the install drive for Exchange Server and # is the number of the SMTP virtual server, such as C:ExchsrvrMailrootvsi 1BadMail. You can change the location of the bad mail directory at any time.
If you have another mail system in your organization that handles the same mail as the SMTP virtual server, you might want to have the SMTP virtual server forward unresolved recipients to this server. In this way, when Exchange Server receives e-mail for a user it can’t resolve, it forwards the e-mail to the other mail system, where the recipients can be resolved. For example, if your organization has an Exchange server and a Sendmail server, Exchange Server might receive mail intended for users on the Sendmail server. When Exchange Server can’t resolve these users, it forwards the mail to the Sendmail server.
Caution
When forwarding is enabled, Exchange Server won’t generate NDRs for unresolved mail. Because of this, you should make sure that another mail system is able to send NDRs if necessary. You should also ensure that mail sent to your organization is first delivered to Exchange Server and then forwarded as necessary.
You can configure these nondelivery options by completing the following steps:
Start System Manager. If administrative groups are enabled, expand the administrative group in which the server you want to use is located.
In the console tree, navigate to the Protocols container. Expand Servers, expand the server you want to work with, and then expand Protocols.
In the console tree, expand SMTP. Right-click the virtual server that you want to work with, and select Properties.
Click the Messages tab, shown previously in Figure 15-9.
In the Send Copy Of Non-Delivery Report To field, type the e-mail address of the organization’s postmaster account or other account that should receive a copy of NDRs.
In the Badmail Directory field, type the full path to the directory in which you want to store bad mail. If you don’t know the full path, click Browse, and then use the Browse For Folder dialog box to find the folder you want to use.
If you have another mail system in your organization that handles the same mail as the SMTP virtual server, type the host name in the Forward All Mail With Unresolved Recipients To Host field.
Click OK.
Mail relaying can occur when users outside the organization use your mail system to send messages bound for another organization. However, Exchange Server normally prevents unauthorized users and computers from relaying mail through your organization—and this is the behavior that you’ll typically want to use. In this way, only users and computers that are able to authenticate themselves can use your mail system to relay messages.
If necessary, you can grant or deny relaying permissions, overriding the default configuration. To do this, follow these steps:
Start System Manager. If administrative groups are enabled, expand the administrative group in which the server you want to use is located.
In the console tree, navigate to the Protocols container. Expand Servers, expand the server you want to work with, and then expand Protocols.
In the console tree, expand SMTP. Right-click the virtual server that you want to work with, and select Properties.
Click the Access tab, and then click Relay. You should now see the Relay Restrictions dialog box, shown in Figure 15-10.
To grant relay rights to specific computers and deny relay rights to all others, select Only The List Below.
To deny relaying for specific computers and grant all others the right to relay, select All Except The List Below.
Create the grant or deny list. Click Add, and then in the Computer dialog box, specify Single Computer, Group Of Computers, or Domain.
For a single computer, type the IP address for the computer, such as 192.168.5.50.
For groups of computers, type the subnet address, such as 192.168.5, and the subnet mask, such as 255.255.0.0.
With a domain name, type the FQDN, such as eng.microsoft.com.
Caution
When you grant or deny relaying by domain, Exchange Server 2003 must perform a reverse DNS lookup on each connection to determine if the connection comes from the domain. These reverse lookups can severely affect the performance of Exchange Server, and this performance impact increases as the number of concurrent users and connections increases.
If you want to remove an entry from the grant or deny list, select the entry in the Computers list, and then click Remove.
Click OK.
You use IMAP4 virtual servers to read mail and access public folders on remote servers. Clients can log on to an Exchange server and use IMAP4 to download message headers, and then read messages individually while online.
Most of the tasks you perform with IMAP4 virtual servers were discussed earlier in the section "Mastering Core SMTP, IMAP4, and POP3 Administration." This section examines the few tasks that are unique to IMAP4.
When you first install Exchange Server 2003 in an organization and configure it for messaging, a default IMAP4 virtual server is created. The default IMAP4 virtual server allows Internet clients to download message headers and then read messages individually while online. Normally, you won’t need to create additional IMAP4 virtual servers, but you can do so if you want to support multiple domains or build fault tolerance into the organization.
You can create additional IMAP4 virtual servers by completing the following steps:
If you’re installing the virtual server on a new Exchange server, ensure that messaging services have been installed on the server.
If you want the IMAP4 virtual server to use a new IP address, you must configure the IP address before installing the IMAP4 virtual server. For details, see "Configuring Static IP Addresses" in Chapter 16 of Microsoft Windows Server 2003 Administrator’s Pocket Consultant.
Start System Manager. If administrative groups are enabled, expand the administrative group in which the server you want to use is located.
In the console tree, navigate to the Protocols container. Expand Servers, expand the server you want to work with, and then expand Protocols.
In the console tree, right-click IMAP4, point to New, and then select IMAP4 Virtual Server. As shown in Figure 15-11, this starts the New IMAP4 Virtual Server Wizard.
Type a descriptive name for the virtual server, and then click Next.
Use the IP Address drop-down list to select an available IP address. Choose (All Unassigned) to allow IMAP4 to respond on all unassigned IP addresses that are configured on the server. The TCP port is mapped automatically as port 143.
Click Finish to create the virtual server. If the default startup setting for the Microsoft Exchange IMAP4 service is set to Automatic, the new IMAP4 virtual server starts automatically as well. If the server doesn’t start automatically, you might have selected an IP address/TCP port combination that’s already in use.
Configure the server using the tasks outlined in this section and the section of this chapter entitled "Mastering Core SMTP, IMAP4, and POP3 Administration."
Exchange Server 2003 supports two authentication methods for incoming IMAP4 connections:
Basic authentication. With basic authentication, users are prompted for logon information. When it’s entered, this information is transmitted unencrypted across the network. If you’ve configured secure communications on the server as described in the section of this chapter entitled "Controlling Secure Communications for Incoming Connections," you can require clients to use SSL. When you use SSL with basic authentication, the logon information is encrypted before transmission.
Simple Authentication and Security Layer. With Simple Authentication and Security Layer (SASL), Exchange Server uses NT LAN Manager (NTLM) and standard Windows security to validate the user’s identity. Instead of prompting for a user name and password, clients relay the logon credentials that users supply when they log on to a Windows domain. These credentials are fully encrypted without the need for SSL, and they include the user name and password needed to log on to the network.
Both authentication methods are enabled by default for IMAP4. Because of this, the default logon process looks like this:
Exchange Server attempts to obtain the user’s Windows credentials using NTLM. If the credentials can be validated and the user has the appropriate access permissions, the user is allowed to log on to the virtual server.
If validation of the credentials fails or no credentials are available, the server uses basic authentication and tells the client to display a logon prompt. When the logon information is submitted, the server validates the logon. If the credentials can be validated and the user has the appropriate access permissions, the user is allowed to log on to the virtual server.
If validation fails or the user doesn’t have appropriate access permissions, the user is denied access to the virtual server.
As necessary, you can enable or disable support for these authentication methods by completing the following steps:
Start System Manager. If administrative groups are enabled, expand the administrative group in which the server you want to use is located.
In the console tree, navigate to the Protocols container. Expand Servers, expand the server you want to work with, and then expand Protocols.
In the console tree, expand IMAP4. Right-click the virtual server that you want to work with, and then select Properties.
On the Access tab, click Authentication. This displays the Authentication dialog box shown in Figure 15-12.
Select or clear the Basic Authentication check box to enable or disable this authentication method. If you disable basic authentication, keep in mind that this might prevent some clients from accessing mail remotely. Clients can log on only when you enable an authentication method that they support.
Select or clear the Simple Authentication And Security Layer check box to enable or disable this authentication method.
Click OK twice.
With IMAP4 virtual servers, you can control public folder and message retrieval in two ways. You can do the following:
Allow clients to download a list of all public folders or just a list of their private folders.
Specify that Exchange Server should approximate message sizes instead of calculating message sizes exactly during transmission.
Both configuration settings can affect the performance of the virtual server. If your organization uses numerous public folders, you’ll usually want to disable automatic downloading of all public folder lists. This allows clients to access their e-mail and private folders more quickly. If the IMAP4 server has a heavy load, you can reduce some of the load and hasten the message retrieval process by allowing the server to approximate message sizes instead of calculating them exactly.
You set these options by completing the following steps:
Start System Manager. If administrative groups are enabled, expand the administrative group in which the server you want to use is located.
In the console tree, navigate to the Protocols container. Expand Servers, expand the server you want to work with, and then expand Protocols.
In the console tree, expand IMAP4. Right-click the virtual server that you want to work with and select Properties. As shown in Figure 15-13, you want to work with options on the General tab.
To allow clients to download a list of all public folders, select the Include All Public Folders When A Folder List Is Requested check box. Clear this check box to disable automatic downloading of public folder lists.
To have Exchange Server 2003 approximate message sizes instead of calculating them exactly, select the Enable Fast Message Retrieval check box. Clear this check box to force Exchange Server to calculate message size exactly.
Click OK.
Message format options allow you to set rules that IMAP4 servers use to format messages before clients read them. By default, when Messaging Application Programming Interface (MAPI) clients in the organization send messages, the message body is converted from Exchange Rich Text Format to Multipurpose Internet Mail Extensions (MIME) and message attachments are identified with a MIME content type based on the attachment’s file extension. You can change this behavior by applying new rules.
Two key aspects of message formatting are encoding and character set usage. Message encoding rules determine the formatting for elements in the body of a message. Only MIME encoding is available. Character set usage determines which character sets are used for reading and writing messages. If users send messages with text in more than one language, the character set used determines how multilingual text is displayed.
To set message encoding and character set usage for an IMAP4 virtual server, follow these steps:
Start System Manager. If administrative groups are enabled, expand the administrative group in which the server you want to use is located.
In the console tree, navigate to the Protocols container. Expand Servers, expand the server you want to work with, and then expand Protocols.
In the console tree, expand IMAP4. Right-click the virtual server that you want to work with and select Properties.
Click the Message Format tab shown in Figure 15-14, then choose one of the following options for MIME encoding:
Provide Message Body As Plain Text. Exchange Server converts the message body to text format, and any other elements, such as graphics, are replaced with textual representations.
Provide Message Body As HTML. Exchange Server converts the message body to Hypertext Markup Language (HTML). This allows compliant client applications to display the message body with graphics, hypertext links, and other elements. However, clients that don’t support HTML display the actual markup tags mixed in with the text, which can make the message difficult to read.
Both. Exchange Server delivers messages with their original formatting, which can be either plaintext or HTML. Use this option to allow the sender to choose the message format.
Note
Exchange Server also supports a third message encoding. This format is called Exchange Rich Text Format and selecting the Use Exchange Rich-Text Format check box enables it. Exchange Rich Text Format is displayed only when clients elect to use this format and you’ve set the message format as either Provide Message Body As Plain Text or Both.
Select the character set to use. The default character set is Western European (ISO-8859-1). All text in the affected messages uses the character set you specify.
Click OK to apply the changes.
You use POP3 virtual servers to read mail on remote servers. Clients can log on to an Exchange server and then use POP3 to download their mail for offline use.
Most of the tasks you perform with POP3 virtual servers were discussed earlier in the section "Mastering Core SMTP, IMAP4, and POP3 Administration." This section examines the few tasks that are unique to POP3.
When you first install Exchange Server 2003 in an organization and configure it for messaging, a default POP3 virtual server is created. The default POP3 virtual server allows Internet clients to download mail for offline use. Normally, you won’t need to create additional POP3 virtual servers, but you can do so if you want to support multiple domains or build fault tolerance into the organization.
You can create additional POP3 virtual servers by completing the following steps:
If you’re installing the virtual server on a new Exchange server, ensure that messaging services have been installed on the server.
If you want the POP3 virtual server to use a new IP address, you must configure the IP address before installing the POP3 virtual server. For details, see "Configuring Static IP Addresses" in Chapter 16 of Microsoft Windows Server 2003 Administrator’s Pocket Consultant.
Start System Manager. If administrative groups are enabled, expand the administrative group in which the server you want to use is located.
In the console tree, navigate to the Protocols container. Expand Servers, expand the server you want to work with, and then expand Protocols.
In the console tree, right-click POP3, point to New, and then select POP3 Virtual Server. As shown in Figure 15-15, this starts the New POP3 Virtual Server Wizard.
Type a descriptive name for the virtual server, and then click Next.
Use the IP Address drop-down list to select an available IP address. Choose (All Unassigned) to allow POP3 to respond on all unassigned IP addresses that are configured on the server. The TCP port is assigned automatically as port 110.
Click Finish to create the virtual server. If the default startup setting for the Microsoft Exchange POP3 service is set to Automatic, the new POP3 virtual server starts automatically as well. If the server doesn’t start automatically, you might have selected an IP address/TCP port combination that’s already in use.
Configure the server using the tasks outlined in this section and the section of this chapter entitled "Mastering Core SMTP, IMAP4, and POP3 Administration."
Exchange Server 2003 supports two authentication methods for incoming POP3 connections:
Basic authentication. With basic authentication, users are prompted for logon information. When entered, this information is transmitted unencrypted across the network. If you’ve configured secure communications on the server as described in the section of this chapter entitled "Controlling Secure Communications for Incoming Connections," you can require clients to use SSL. When you use SSL with basic authentication, the logon information is encrypted before transmission.
Simple Authentication and Security Layer. With SASL, Exchange Server uses NTLM and standard Windows security to validate the user’s identity. Instead of prompting for a user name and password, clients relay the logon credentials that users supply when they log on to a Windows domain. These credentials are fully encrypted without the need for SSL, and they include the user name and password needed to log on to the network.
Both authentication methods are enabled by default for POP3. Because of this, the default logon process looks like this:
Exchange Server attempts to obtain the user’s Windows credentials using NTLM. If the credentials can be validated and the user has the appropriate access permissions, the user is allowed to log on to the virtual server.
If validation of the credentials fails or no credentials are available, the server uses basic authentication and tells the client to display a logon prompt. When the logon information is submitted, the server validates the logon. If the credentials can be validated and the user has the appropriate access permissions, the user is allowed to log on to the virtual server.
If validation fails or the user doesn’t have appropriate access permissions, the user is denied access to the virtual server.
As necessary, you can enable or disable support for these authentication methods by completing the following steps:
Start System Manager. If administrative groups are enabled, expand the administrative group in which the server you want to use is located.
In the console tree, navigate to the Protocols container. Expand Servers, expand the server you want to work with, and then expand Protocols.
In the console tree, expand IMAP4. Right-click the virtual server that you want to work with, and then select Properties.
On the Access tab, click Authentication. This displays the Authentication dialog box shown in Figure 15-16.
Select or clear the Basic Authentication check box to enable or disable this authentication method. If you disable basic authentication, keep in mind that this might prevent some clients from accessing mail remotely. Clients can log on only when you enable an authentication method that they support.
Select or clear the Simple Authentication And Security Layer check box to enable or disable this authentication method.
Click OK twice.
Message format options allow you to set rules that POP3 servers use to format messages before clients read them. By default, when MAPI clients in the organization send messages, the message body is converted from Exchange Rich Text Format to MIME and message attachments are identified with a MIME content type based on the attachment’s file extension. You can change this behavior by applying new rules.
Two key aspects of message formatting are encoding and character set usage. Message encoding rules determine the formatting for elements in the body of a message. With POP3, you can use either MIME or UUEncode. Character set usage determines which character sets are used for reading and writing messages. If users send messages with text in more than one language, the character set used determines how multilingual text is displayed.
To set message encoding and character set usage for a POP3 virtual server, follow these steps:
Start System Manager. If administrative groups are enabled, expand the administrative group in which the server you want to use is located.
In the console tree, navigate to the Protocols container. Expand Servers, expand the server you want to work with, and then expand Protocols.
In the console tree, expand POP3. Right-click the virtual server that you want to work with, and select Properties.
Click the Message Format tab, shown in Figure 15-17. Exchange Server can format messages using either UUEncode or MIME. To use UUEncode, select UUEncode, and then, if you wish, select the Use BinHex For Macintosh check box to deliver messages to Macintosh clients using the native binary encoding format. To use MIME, select MIME in the Message Encoding panel, and then choose one of the following options:
Provide Message Body As Plain Text. Exchange Server converts the message body to text format and any other elements, such as graphics, are replaced with textual representations.
Provide Message Body As HTML. Exchange Server converts the message body to HTML. This allows compliant client applications to display the message body with graphics, hypertext links, and other elements. However, clients that don’t support HTML display the actual markup tags mixed in with the text, which can make the message difficult to read.
Both. Exchange Server delivers messages with their original formatting, which can be either plaintext or HTML. Use this option to allow the sender to choose the message format.
Note
Exchange Server also supports a third message encoding. This format is called Exchange Rich Text Format and selecting the Use Exchange Rich-Text Format check box enables it. Exchange Rich Text Format is displayed only when clients elect to use this format and you’ve set the message format as either Provide Message Body As Plain Text or Both.
Select the character set to use. The default character set is Western European (ISO-8859-1). All text in the affected messages uses the character set you specify.
Click OK to apply the changes.
