CHAPTER 15

                SMTP TRANSPORT CONFIGURATION

 

 

 

As its name implies, it is a simple protocol.  The core transport engine of Exchange

20000 Server is SMTP service of Microsoft Windows 2000.  SMTP is very

efficient transport protocol; it can transfer messages, for instance, up to 300% faster

than X.400.

 

 

Lesson 1:  SMTP Configuration and Virtual Servers

 

By default, every Exchange 2000 server relies on one SMTP virtual server for its

communication with other servers in the local routing group.  Use and remote SMTP hosts

don’t to authenticate themselves before they can communicate.  Anonymous access to the

 local SMTP service is generally allowed.  Nevertheless, you can restrict access through

authentication and encrypt the communication.

 

 

Configuring Additional SMTP Virtual Servers

 

One SMTP virtual server is usually sufficient for Exchange 2000 Server, but there are

situations in which multiple virtual servers can be helpful.  Each virtual server must be a

unique TCP socket, (that is, IP address + TCP  port).

 

 

NOTE:  Adding additional virtual servers does not increase the server’s scalability or

performance.  Each SMTP virtual server operates with multiple threads being able to handle

tasks concurrently.

 

 

Working with Additional Virtual Servers

 

You can control virtual servers and start, stop, or pause them independently of each other. 

Pausing a server prevents the establishment of new connections, and existing connections are

not terminated.

 

NOTE:  Stopping virtual servers in Exchange System Manager leaves the SMTP service running

on the computer. Stopping the SMTP service itself, on the other hand stops all virtual servers. 

When you restart the SMTP service, only those virtual servers that originally were active when

the service was shut down will be activated.

 

 

=======================================================================

 

winexc15.html                                              PAGE 2                                                          2002/06/26 

 

 

 

 

Mailroot Directories of Virtual Servers

 

Every SMTP virtual server has a separate Mailroot directory.   All Mailroot directories are

located under \Program Files\Exchsrvr\Mailroot and are named sequentially, for example, Vsi1,

Vsi2, and so on.

 

NOTE:  The Exchange 2000 Setup program moves the Mailroot directory of the SMTP service

from \Inetpub\Mailroot to Program Files\Exchsrvr\Mailroot.   The old folder structure will not

be deleted, but any messages in the former Pickup and Queue directories are not delivered. 

To send them, move them to the Pickup directory under the new location.  (VS = Virtual server,

and Bad Mail – NDR or non-delivery report.

 

 

Managing Incoming Message Traffic

 

Let’s assume the Exchange 2000 server is supposed to accept messages from any host on the

Internet.  How does a remote Internet host find the SMTP virtual server to transfer messages

to it?  You will need to make sure that the Internet hosts are able to resolve your domain name

to your host’s public IP address.   Typically, DNS provides the required name resolution

functionality, as explained in Chapter 11, “Internet-Based Client Access”.

 

IMPORTANT  For other SMTP servers to find your SMTP server on the network, your

SMTP domain name must be registered in the Internet DNS (mail exchanger, or MX records.)

 

 

Controlling Incoming Connections

 

As soon as your host is connected to the Internet and publicly registered in DNS, all Internet

hosts are able to find it, connect to it and transfer messages.  Every connection consumes

server resources, so numerous simultaneous connections can decrease system performance. 

By default, Exchange 2000 Server does not enforce any limits.  The default timeout is 10 minutes. 

You can also specify a limit for the number of inbound connections.

 

 

Inbound E-Mail Domains

 

The recipients container, select Recipient Policies, than then in the details pan, right-click the

desired policy, such as Default Policy.

 

=======================================================================

 

winexc15.html                                              PAGE 3                                                          2002/06/26 

 

 

 

 

Controlling Message Relay

 

By default, Exchange 2000 Server allows only authenticated computers to relay SMTP messages. 

An advertiser might configure his or her Internet mail client to send messages to your SMTP host

if it accepts message relaying for anybody.  Now, all the advertiser has to do is compose one new

message, specify thousands of recipients conveniently from a database, and then send this one

message to the relaying host.

 

 

Configuring Message Filters

 

Delivering unnecessary Internet messages is a drain on your system resources; it decreases the

productivity of the knowledge worker; and there is always a risk of receiving viruses contained

in message attachments.

 

You should use wildcards (*) where possible.  To filter for entire Internet domains, for instance,

use a wildcard as follows:  *@makeabillioneveryday-times-100.com.

 

 

By default, Exchange 2000 Server accepts messages for delivery to up to 5,000 recipients. 

Messages with more recipients are returned undeliverable.  However, the settings specified at

this location apply only to users with mailboxes in the organization.   Limits can be overwritten

per user in Active Directory Users and Computers in the user account’s Exchange general tab.

 

If you allow anonymous users and SMTP hosts to relay through your Exchange 2000 Server,

up to 64,000 recipients are accepted per message, because the settings of the SMTP virtual

server apply instead of global delivery settings.

 

 

Forwarding Messages with Unresolved Recipients

 

If you examine the Messages tab further, you will discover the Forward All Mail With Unresolved

Recipients To Host text box, which allows you to specify the fully qualified domain name (FQDN)

of another host for delivery of messages that contain unresolved recipients.

 

NOTE:  To avoid message loops, do not forward messages for unresolved recipients to another

virtual server if this server is also configured for forwarding of unresolved messages.

 

NOTE:  The forwarding of nondeliverable message to another SMTP host affects messages form

Internet and MAPI-based clients.  If you use this feature to support non-migrated users, keep in

mind that nondeliverable messages of MAPI-based clients, such as Outlook 2000, will only contain

a WINMAIL.DAT attachment and may not be readable by non-MAPI clients.  It is not advisable to

use the forwarding of nondeliverable messages for long-term coexistence.

 

 

 

=======================================================================

 

winexc15.html                                              PAGE 4                                                          2002/06/26 

 

 

 

 

Managing Outgoing Message Traffic

 

The configuration of outgoing message transfer primarily concerns the notification of local users about

the delivery process.  By default, an SMTP virtual server attempts to deliver a message as soon as it

arrives.  If the remote host is unavailable at that time or if a communication failure occurs, the virtual

server queues the messages for delivery at later time.

 

Optimizing Outbound Connections

 

Per domain, 100 concurrent connections are allowed by default.  If you have a large number of

messages to transfer between SMTP hosts, you might increase the number of connections, but the

remote host must be able to accept them.  In a default configuration, Exchange 2000 Server is able

to open up to 1000 concurrent connections to multiple Internet domains and deliver messages to

them at the same time.  (ANONYMOUS).

 

TCP  is always used for SMTP.

 

 

Smart Host Message Transfer

 

In most cases, you should not change this setting because it affects all connections.  Internet hosts,

for instance, generally expect incoming connections on port 25.

 

Smart Hosts rely through a proxy or a firewall.

 

 

Direct Message Transfer

 

If you don’t use a smart host for message delivery, your SMTP virtual server must be able to resolve

e-mail domain names into corresponding IP addresses itself. 

 

NOTE:  By default, Exchange 2000 Server uses DNS to locate remote SMTP hosts.

 

 

=======================================================================

 

winexc15.html                                              PAGE 5                                                          2002/06/26 

 

 

 

 

Automatic Replies to the Internet

 

Automatic message relies are system messages, such as delivery and nondelivery reports,

out-of-office responses, read and nonread receipts, and messages automatically forwarded by

means of Inbox rules. By default, these message types can be sent to Internet recipients.

 

 

Communicating with Other Exchange Organizations over the Internet

 

Your users will communicate with many Internet domains that actually correspond to other

Exchange organizations.  After all, Exchange 2000 Server is one of the world’s most popular

messaging systems.  In Exchange organization, users typically work with MAPI-based clients,

such as Outlook 2000, that support advanced rich text information in e-mail messages.  The

Default message format definition object allows the user to decide whether to send Exchange

rich text information in Internet messages.

 

 

Configuring Protocol Logging

 

You can also use protocol log information to verify whether the virtual server is performing its

work as expected or it experiencing communication problems.  Last but not least, SMTP

protocol logging can help to identify attacks from the Internet.

 

 

Exercise Summary:

 

•   Only messages to recipients in the local organization are accepted.
•   As soon as the SMTP service detects a match for a filtered sender address, it denies the

sender the ability to transfer messages.

 

 

Lesson 2:  Customizing the SMTP Service

 

Most important, SMTP extensions give you a means by which you can examine messages

for critical or unsafe content and block their transmission or delivery.

 

 

SMTP Transport Event Handling

 

Event sinks rely on Microsoft Collaboration Data Objects 2.0 (CDO 2.0).

 

 

 

 

 

=======================================================================

 

winexc15.html                                              PAGE 6                                                          2002/06/26 

 

 

 

Exchange 2000 registers numerous SMTP and NNTP event sinks to integrate the existing

Windows 2000 services with the Information Store.

 

 

Protocol Event Handling

 

SMTP protocol events allow you to alter the way the SMTP service communicates with

other SMTP-based systems.  Exchange 2000 Server, for instance, implements a variety of

SMTP protocol event sinks, which propagate, among other things,

link state information across the communication infrastructure.

 

There are two types of protocol events that the SMTP service allows you to intercept:

 

•   Inbound protocol events.  These occur when a remote SMTP host or client connects to the

local SMTP service and establishes a session by sending the HELO or EHLO command.

•   Outbound protocol events.  These occur when the local SMTP service connects to a remote

SMTP host and establishes a session to transfer messages.

 

Event Binding

 

For the SMTP service to work with your event sinks, you need to register them in the IIS

metabase.  A binding associates a particular event, such as OnArrival, with a sink name,

such as SMTPMessageCheck.  Within the metabase a globally unique identifier (GUID)

identifies each binding.

 

 

Virus Protection Using Transport Event Sinks

 

A virus scanner, for instance, can use them to check all incoming messages and safely discard

 those that contain infected file attachments.

 

Mail worms follow a very simple principle.  A recipient opens an infected message attachment,

and the virus code is executed.  This retrieves the full set of address information from all available

address lists to or from messages in the inbox, and a new message addressed to all recipients is

generated.

 

 

 

Exercise Summary:

 

•   You can gain full access to the contents of messages passing through your SMTP service.
•   This allows you to log all incoming messages, for instance; add additional text to each of them,

such as an official note that this message was received from an insecure network; or perform a

basic virus scan.

 

 

=======================================================================

 

winexc15.html                                              PAGE 7                                                         2002/06/26 

 

 

 

 

Chapter Summary:

 

•   The Mailroot directory is moved to Exchsrvr\Mailroot.  Under Mailroot, a structure of one or

many subdirectories exists, depending on the number of SMTP virtual servers that have been

configured.  Typically, one virtual server can handle all SMTP-based message transfer.

•   If you plan to connect to Exchange 2000 server directly to the Internet, you must make sure

that incoming messages are delivered to your server.  Your SMTP domain name must be

registered in an MX record in the Internet DNS.