SMTP PROTOCOL CONFIGURATION AND MANAGEMENT Chapter 8

2 OVERVIEW SMTP and ESMTP DNS MX records Internet connectivity SMTP virtual servers and connectors Relaying and smart hosts SMTP security Global settings Domain nodes Per-user settings SMTP and ESMTP DNS MX records Internet connectivity SMTP virtual servers and connectors Relaying and smart hosts SMTP security Global settings Domain nodes Per-user settings

3 HOW SMTP IMPLEMENTS A CONNECTION Initiates a TCP connection Response 220 Host Server Indicates end of session using quit Sends helo command Response 250 Identifies the sender using mail from: Response 250 Identifies the recipient using rcpt to: Response 250 Indicates ready to send using data Response 354 Sends message Waits for quit Response 221

4 HOW ESMTP IMPLEMENTS A CONNECTION Host sends ehlo instead of helo If server supports ESMTP it returns response 250 If server does not support ESMTP it returns response 500 ESMTP session very similar to SMTP session Host sends ehlo instead of helo If server supports ESMTP it returns response 250 If server does not support ESMTP it returns response 500 ESMTP session very similar to SMTP session

5 SMTP SYSTEM FOLDERS Pickup Queue Badmail

6 CONFIGURING MX RECORDS Managing your own DNS: Single namespace Multiple namespaces Internet service provider (ISP) manages your DNS: Nonpersistent connection Permanent connection

7 CONFIGURING INTERNET CONNECTIVITY Configuring SMTP virtual servers Creating and configuring an SMTP Connector Configuring an SMTP policy for a domain Configuring per-user settings Configuring SMTP virtual servers Creating and configuring an SMTP Connector Configuring an SMTP policy for a domain Configuring per-user settings

8 DEMONSTRATION: CREATING AND CONFIGURING AN ADDITIONAL SMTP VIRTUAL SERVER

9 DEMONSTRATION: CREATING AN SMTP CONNECTOR

10 DEMONSTRATION: CONFIGURING AN SMTP CONNECTOR Limiting the scope Configuring the credentials Configuring to only receive Configuring to only send e- mail Configuring Internet message formats Configuring message delivery parameters Limiting the scope Configuring the credentials Configuring to only receive Configuring to only send e- mail Configuring Internet message formats Configuring message delivery parameters

11 SMTP RELAYS SMTP virtual server configured to use a smart host SMTP virtual server forwards unresolved messages to a smart host SMTP virtual server configured as a relay host SMTP virtual server configured to use a smart host SMTP virtual server forwards unresolved messages to a smart host SMTP virtual server configured as a relay host

12 SMTP RELAYS (CONT.) SMTP virtual server configured to limit the servers that can relay messages SMTP Connector configured to use a smart host Configuring domains to which you want to relay messages SMTP virtual server configured to limit the servers that can relay messages SMTP Connector configured to use a smart host Configuring domains to which you want to relay messages

13 SMTP VIRTUAL SERVER CONFIGURED TO USE A SMART HOST Virtual servers forward all outbound mail to a smart host Virtual server does not resolve the SMTP domain name Entry and exit point for all Internet messages Entry and exit point for messages to a foreign messaging system Virtual servers forward all outbound mail to a smart host Virtual server does not resolve the SMTP domain name Entry and exit point for all Internet messages Entry and exit point for messages to a foreign messaging system

14 SMTP VIRTUAL SERVER CONFIGURED TO USE A SMART HOST (CONT.) Helps manage Internet message traffic Provides dial-up solutions Clients do not need permanent connections to the Exchange server

15 SMTP VIRTUAL SERVER FORWARDS UNRESOLVED MESSAGES TO A SMART HOST Forward all unresolved SMTP messages from Exchange to a smart host Other SMTP messaging systems in addition to Exchange Smart host cannot resolve the recipient’s name; message returned with a nondelivery report (NDR)

16 SMTP VIRTUAL SERVER CONFIGURED AS A RELAY HOST Configure an SMTP virtual server as an inbound relay host Gives Exchange Server 2003 smart host capabilities Can configure other SMTP servers to use the virtual server as their smart host Virtual server resolves the recipient’s SMTP domain name through DNS and delivers the messages

17 LIMIT THE SERVERS THAT CAN RELAY MESSAGES Specify who or what can relay messages through your organization: Computers Groups of computers Domains Prevent unwanted SMTP hosts from using your SMTP host as a relay agent Stops third parties from relaying bulk unsolicited commercial

18 SMTP CONNECTOR CONFIGURED TO USE A SMART HOST By default SMTP Connector uses DNS Can configure connector to forward all outbound mail to a smart host Typically SMTP configuration done on connector rather than virtual server

19 CONFIGURING DOMAINS TO WHICH YOU WANT TO RELAY MESSAGES Can limit domains to which you relay messages Useful when organization has multiple SMTP messaging systems and domain names SMTP host can accept messages from any domain but then forward them only to specific domains

20 VERIFYING A CONNECTION BETWEEN AN SMTP CONNECTOR AND A SMART HOST Send an message to an unresolvable address on the smart host Verify the connection object in the queue

21 CONFIGURING CONNECTIONS ON AN SMTP VIRTUAL SERVER Incoming: Limit Number Of Connections To Connection Time-Out (Minutes) Outgoing: Limit Connections To Time-Out (Minutes) Limit Connections Per Domain To TCP Port

22 SMTP SECURITY Authentication Encryption Reverse DNS lookup

23 AUTHENTICATION

24 ENCRYPTION

25 REVERSE DNS LOOKUP IP spoofing: Attacker impersonates a trusted host Uses its IP address Reverse DNS lookup: Resolves IP address to a host name or FQDN Confirms that the sender’s IP address is from the correct network Result written into the message’s SMTP header

26 RESTRICTING INTERNET E- MAIL

27 RELAYING Permits mail for another organization to be forwarded Disabled by default Required for interfacing with other SMTP mail systems Required to allow IMAP4 and POP3 clients to send mail

28 OPEN RELAYING Organization configured to allow relaying by default Open relaying allows propagation of junk mail

29 CONFIGURING RELAYING Can restrict using discretionary access control lists (DACLs) Safer to create additional SMTP virtual server Can restrict using discretionary access control lists (DACLs) Safer to create additional SMTP virtual server

30 RETRIEVING FROM AN ISP Typically over a nonpersistent connection Configure the on-demand dial-up connection in Routing and Remote Access Service Configure ISP’s Exchange server as smart host Pull by using the turn or etrn command Advanced tab of SMTP Connector’s Properties dialog box Request ETRN/TURN when sending messages

31 MESSAGE DELIVERY FAILURES Identify where failure occurred SMTP host unable to deliver: Test using telnet DNS problem: Test using nslookup

32 OTHER SMTP MESSAGING SYSTEMS If connectors do not exist: Obtain third-party gateways Use Microsoft Exchange 5.5 connectors Microsoft Mail: Configure Exchange 2000 Server for directory synchronization

33 GLOBAL SETTINGS Configure systemwide settings Overridden by: Virtual server settings Per-user settings

34 SMTP POLICY ON A DOMAIN NODE Does not create a new domain Used when sending messages in a format suitable for another domain Can be used to send mail to a partner organization Can be used for interdomain mail within the same forest

35 CONFIGURING AN SMTP POLICY

36 MAILBOX DEFAULTS Mailbox defaults apply to all mailboxes Per-user settings apply to individual mailboxes Widely used to prevent bottlenecks in the Exchange routing engine Message size limits can apply to inbound or outbound messages Recipient limits apply to all messages

37 PER-USER SETTINGS FOR OUTLOOK WEB ACCESS

38 PER-USER SETTINGS FOR IMAP4 AND POP3

39 SUMMARY How SMTP and ESMTP work Identifying Exchange servers and connecting to the Internet SMTP virtual servers, connectors, relays, and smart hosts Security: authentication, encryption, reverse DNS lookup Global settings and SMTP policies Per-user settings