SMTP PROTOCOL CONFIGURATION AND MANAGEMENT

1
SMTP PROTOCOL CONFIGURATION AND MANAGEMENT

• Chapter 8

2
OVERVIEW

• SMTP and ESMTP
• DNS MX records
• Internet connectivity
• SMTP virtual servers and connectors
• Relaying and smart hosts
• SMTP security
• Global settings
• Domain nodes
• Per-user settings

3
HOW SMTP IMPLEMENTS A CONNECTION
Server
Host
Initiates a TCP connection
Response 220
Response 250
Sends helo command
Response 250
Identifies the sender using mail from
Identifies the recipient using rcpt to
Response 250
Indicates ready to send using data
Response 354
Sends message
Waits for quit
Indicates end of session using quit
Response 221
4
HOW ESMTP IMPLEMENTS A CONNECTION

• Host sends ehlo instead of helo
• If server supports ESMTP it returns response 250
• If server does not support ESMTP it returns
  response 500
• ESMTP session very similar to SMTP session

5
SMTP SYSTEM FOLDERS

• Pickup
• Queue
• Badmail

6
CONFIGURING MX RECORDS

• Managing your own DNS
• Single namespace
• Multiple namespaces
• Internet service provider (ISP) manages your DNS
• Nonpersistent connection
• Permanent connection

7
CONFIGURING INTERNET CONNECTIVITY

• Configuring SMTP virtual servers
• Creating and configuring an SMTP Connector
• Configuring an SMTP policy for a domain
• Configuring per-user settings

8
DEMONSTRATION CREATING AND CONFIGURING AN
ADDITIONAL SMTP VIRTUAL SERVER
9
DEMONSTRATION CREATING AN SMTP CONNECTOR
10
DEMONSTRATION CONFIGURING AN SMTP CONNECTOR

• Limiting the scope
• Configuring the credentials
• Configuring to only receive e-mail
• Configuring to only send e-mail
• Configuring Internet message formats
• Configuring message delivery parameters

11
SMTP RELAYS

• SMTP virtual server configured to use a smart
  host
• SMTP virtual server forwards unresolved messages
  to a smart host
• SMTP virtual server configured as a relay host

12
SMTP RELAYS (CONT.)

• SMTP virtual server configured to limit the
  servers that can relay e-mail messages
• SMTP Connector configured to use a smart host
• Configuring domains to which you want to relay
  messages

13
SMTP VIRTUAL SERVER CONFIGURED TO USE A SMART HOST

• Virtual servers forward all outbound mail to a
  smart host
• Virtual server does not resolve the SMTP domain
  name
• Entry and exit point for all Internet messages
• Entry and exit point for messages to a foreign
  messaging system

14
SMTP VIRTUAL SERVER CONFIGURED TO USE A SMART
HOST (CONT.)

• Helps manage Internet message traffic
• Provides dial-up solutions
• Clients do not need permanent connections to the
  Exchange server

15
SMTP VIRTUAL SERVER FORWARDS UNRESOLVED MESSAGES
TO A SMART HOST

• Forward all unresolved SMTP messages from
  Exchange to a smart host
• Other SMTP messaging systems in addition to
  Exchange
• Smart host cannot resolve the recipients name
  message returned with a nondelivery report (NDR)

16
SMTP VIRTUAL SERVER CONFIGURED AS A RELAY HOST

• Configure an SMTP virtual server as an inbound
  relay host
• Gives Exchange Server 2003 smart host
  capabilities
• Can configure other SMTP servers to use the
  virtual server as their smart host
• Virtual server resolves the recipients SMTP
  domain name through DNS and delivers the messages

17
LIMIT THE SERVERS THAT CAN RELAY E-MAIL MESSAGES

• Specify who or what can relay e-mail messages
  through your organization
• Computers
• Groups of computers
• Domains
• Prevent unwanted SMTP hosts from using your SMTP
  host as a relay agent
• Stops third parties from relaying bulk
  unsolicited commercial e-mail

18
SMTP CONNECTOR CONFIGURED TO USE A SMART HOST

• By default SMTP Connector uses DNS
• Can configure connector to forward all outbound
  mail to a smart host
• Typically SMTP configuration done on connector
  rather than virtual server

19
CONFIGURING DOMAINS TO WHICH YOU WANT TO RELAY
MESSAGES

• Can limit domains to which you relay messages
• Useful when organization has multiple SMTP
  messaging systems and domain names
• SMTP host can accept messages from any domain but
  then forward them only to specific domains

20
VERIFYING A CONNECTION BETWEEN AN SMTP CONNECTOR
AND A SMART HOST

• Send an e-mail message to an unresolvable address
  on the smart host
• Verify the connection object in the queue

21
CONFIGURING CONNECTIONS ON AN SMTP VIRTUAL SERVER

• Incoming
• Limit Number Of Connections To
• Connection Time-Out (Minutes)
• Outgoing
• Limit Connections To
• Time-Out (Minutes)
• Limit Connections Per Domain To
• TCP Port

22
SMTP SECURITY

• Authentication
• Encryption
• Reverse DNS lookup

23
AUTHENTICATION
24
ENCRYPTION
25
REVERSE DNS LOOKUP

• IP spoofing
• Attacker impersonates a trusted host
• Uses its IP address
• Reverse DNS lookup
• Resolves IP address to a host name or FQDN
• Confirms that the senders IP address is from the
  correct network
• Result written into the messages SMTP header

26
RESTRICTING INTERNET E-MAIL
27
RELAYING

• Permits mail for another organization to be
  forwarded
• Disabled by default
• Required for interfacing with other SMTP mail
  systems
• Required to allow IMAP4 and POP3 clients to send
  mail

28
OPEN RELAYING

• Organization configured to allow relaying by
  default
• Open relaying allows propagation of junk mail

29
CONFIGURING RELAYING

• Can restrict using discretionary access control
  lists (DACLs)
• Safer to create additional SMTP virtual server

30
RETRIEVING E-MAIL FROM AN ISP

• Typically over a nonpersistent connection
• Configure the on-demand dial-up connection in
  Routing and Remote Access Service
• Configure ISPs Exchange server as smart host
• Pull e-mail by using the turn or etrn command
• Advanced tab of SMTP Connectors Properties
  dialog box
• Request ETRN/TURN when sending messages

31
MESSAGE DELIVERY FAILURES

• Identify where failure occurred
• SMTP host unable to deliver
• Test using telnet
• DNS problem
• Test using nslookup

32
OTHER SMTP MESSAGING SYSTEMS

• If connectors do not exist
• Obtain third-party gateways
• Use Microsoft Exchange 5.5 connectors
• Microsoft Mail
• Configure Exchange 2000 Server for directory
  synchronization

33
GLOBAL SETTINGS

• Configure systemwide settings
• Overridden by
• Virtual server settings
• Per-user settings

34
SMTP POLICY ON A DOMAIN NODE

• Does not create a new domain
• Used when sending messages in a format suitable
  for another domain
• Can be used to send mail to a partner
  organization
• Can be used for interdomain mail within the same
  forest

35
CONFIGURING AN SMTP POLICY
36
MAILBOX DEFAULTS

• Mailbox defaults apply to all mailboxes
• Per-user settings apply to individual mailboxes
• Widely used to prevent bottlenecks in the
  Exchange routing engine
• Message size limits can apply to inbound or
  outbound messages
• Recipient limits apply to all messages

37
PER-USER SETTINGS FOR OUTLOOK WEB ACCESS
38
PER-USER SETTINGS FOR IMAP4 AND POP3
39
SUMMARY

• How SMTP and ESMTP work
• Identifying Exchange servers and connecting to
  the Internet
• SMTP virtual servers, connectors, relays, and
  smart hosts
• Security authentication, encryption, reverse DNS
  lookup
• Global settings and SMTP policies
• Per-user settings