smtp protocol configuration and management
DESCRIPTION
SMTP PROTOCOL CONFIGURATION AND MANAGEMENT. Chapter 8. OVERVIEW. SMTP and ESMTP DNS MX records Internet connectivity SMTP virtual servers and connectors Relaying and smart hosts SMTP security Global settings Domain nodes Per-user settings. HOW SMTP IMPLEMENTS A CONNECTION. Server. - PowerPoint PPT PresentationTRANSCRIPT
SMTP PROTOCOL CONFIGURATION AND MANAGEMENT
Chapter 8
2
OVERVIEW
SMTP and ESMTP DNS MX records Internet connectivity SMTP virtual servers and connectors Relaying and smart hosts SMTP security Global settings Domain nodes Per-user settings
3
HOW SMTP IMPLEMENTS A CONNECTION
Initiates a TCP connection Response 220
HostHost ServerServer
Indicates end of session using quit
Sends helo command Response 250
Identifies the sender using mail from: Response 250
Identifies the recipient using rcpt to: Response 250
Indicates ready to send using data Response 354
Sends message Waits for quit
Response 221
4
HOW ESMTP IMPLEMENTS A CONNECTION Host sends ehlo instead of helo If server supports ESMTP it returns
response 250 If server does not support ESMTP it
returns response 500 ESMTP session very similar to SMTP
session
5
SMTP SYSTEM FOLDERS
Pickup Queue Badmail
6
CONFIGURING MX RECORDS
Managing your own DNS: Single namespace Multiple namespaces
Internet service provider (ISP) manages your DNS: Nonpersistent connection Permanent connection
7
CONFIGURING INTERNET CONNECTIVITY Configuring SMTP virtual servers Creating and configuring an SMTP
Connector Configuring an SMTP policy for a domain Configuring per-user settings
8
DEMONSTRATION: CREATING AND CONFIGURING AN ADDITIONAL SMTP VIRTUAL SERVER
9
DEMONSTRATION: CREATING AN SMTP CONNECTOR
10
DEMONSTRATION: CONFIGURING AN SMTP CONNECTOR Limiting the scope Configuring the
credentials Configuring to only
receive e-mail Configuring to only send
e-mail Configuring Internet
message formats Configuring message
delivery parameters
11
SMTP RELAYS
SMTP virtual server configured to use a smart host
SMTP virtual server forwards unresolved messages to a smart host
SMTP virtual server configured as a relay host
12
SMTP RELAYS (CONT.)
SMTP virtual server configured to limit the servers that can relay e-mail messages
SMTP Connector configured to use a smart host
Configuring domains to which you want to relay messages
13
SMTP VIRTUAL SERVER CONFIGURED TO USE A SMART HOST Virtual servers forward all outbound mail
to a smart host Virtual server does not resolve the SMTP
domain name Entry and exit point for all Internet
messages Entry and exit point for messages to a
foreign messaging system
14
SMTP VIRTUAL SERVER CONFIGURED TO USE A SMART HOST (CONT.) Helps manage Internet message traffic Provides dial-up solutions Clients do not need permanent
connections to the Exchange server
15
SMTP VIRTUAL SERVER FORWARDS UNRESOLVED MESSAGES TO A SMART HOST Forward all unresolved SMTP messages
from Exchange to a smart host Other SMTP messaging systems in
addition to Exchange Smart host cannot resolve the
recipient’s name; message returned with a nondelivery report (NDR)
16
SMTP VIRTUAL SERVER CONFIGURED AS A RELAY HOST Configure an SMTP virtual server as an
inbound relay host Gives Exchange Server 2003 smart host
capabilities Can configure other SMTP servers to use
the virtual server as their smart host Virtual server resolves the recipient’s
SMTP domain name through DNS and delivers the messages
17
LIMIT THE SERVERS THAT CAN RELAY E-MAIL MESSAGES Specify who or what can relay e-mail
messages through your organization: Computers Groups of computers Domains
Prevent unwanted SMTP hosts from using your SMTP host as a relay agent
Stops third parties from relaying bulk unsolicited commercial e-mail
18
SMTP CONNECTOR CONFIGURED TO USE A SMART HOST By default SMTP Connector uses DNS Can configure connector to forward all
outbound mail to a smart host Typically SMTP configuration done on
connector rather than virtual server
19
CONFIGURING DOMAINS TO WHICH YOU WANT TO RELAY MESSAGES Can limit domains to which you relay
messages Useful when organization has multiple
SMTP messaging systems and domain names
SMTP host can accept messages from any domain but then forward them only to specific domains
20
VERIFYING A CONNECTION BETWEEN AN SMTP CONNECTOR AND A SMART HOST Send an e-mail message to an
unresolvable address on the smart host Verify the connection object in the
queue
21
CONFIGURING CONNECTIONS ON AN SMTP VIRTUAL SERVER Incoming:
Limit Number Of Connections To Connection Time-Out (Minutes)
Outgoing: Limit Connections To Time-Out (Minutes) Limit Connections Per Domain To TCP Port
22
SMTP SECURITY
Authentication Encryption Reverse DNS lookup
23
AUTHENTICATION
24
ENCRYPTION
25
REVERSE DNS LOOKUP
IP spoofing: Attacker impersonates a trusted host Uses its IP address
Reverse DNS lookup: Resolves IP address to a host name or FQDN Confirms that the sender’s IP address is
from the correct network Result written into the message’s SMTP
header
26
RESTRICTING INTERNET E-MAIL
27
RELAYING
Permits mail for another organization to be forwarded
Disabled by default Required for interfacing with other SMTP
mail systems Required to allow IMAP4 and POP3
clients to send mail
28
OPEN RELAYING
Organization configured to allow relaying by default
Open relaying allows propagation of junk mail
29
CONFIGURING RELAYING
Can restrict using discretionary access control lists (DACLs)
Safer to create additional SMTP virtual server
30
RETRIEVING E-MAIL FROM AN ISP Typically over a nonpersistent connection Configure the on-demand dial-up connection in
Routing and Remote Access Service Configure ISP’s Exchange server as smart host Pull e-mail by using the turn or etrn command Advanced tab of SMTP Connector’s Properties
dialog box Request ETRN/TURN when sending messages
31
MESSAGE DELIVERY FAILURES
Identify where failure occurred SMTP host unable to deliver:
Test using telnet DNS problem:
Test using nslookup
32
OTHER SMTP MESSAGING SYSTEMS
If connectors do not exist: Obtain third-party gateways Use Microsoft Exchange 5.5 connectors
Microsoft Mail: Configure Exchange 2000 Server for
directory synchronization
33
GLOBAL SETTINGS
Configure systemwide settings Overridden by:
Virtual server settings Per-user settings
34
SMTP POLICY ON A DOMAIN NODE
Does not create a new domain Used when sending messages in a
format suitable for another domain Can be used to send mail to a partner
organization Can be used for interdomain mail within
the same forest
35
CONFIGURING AN SMTP POLICY
36
MAILBOX DEFAULTS
Mailbox defaults apply to all mailboxes Per-user settings apply to individual
mailboxes Widely used to prevent bottlenecks in
the Exchange routing engine Message size limits can apply to
inbound or outbound messages Recipient limits apply to all messages
37
PER-USER SETTINGS FOR OUTLOOK WEB ACCESS
38
PER-USER SETTINGS FOR IMAP4 AND POP3
39
SUMMARY
How SMTP and ESMTP work Identifying Exchange servers and
connecting to the Internet SMTP virtual servers, connectors, relays,
and smart hosts Security: authentication, encryption,
reverse DNS lookup Global settings and SMTP policies Per-user settings