|< Day Day Up >|| |
One of the most used and important parts of the Microsoft Windows Small Business Server 2003 package is Microsoft Exchange Server 2003. Installed as part of both the Windows Small Business Server 2003 Standard Edition and Premium Edition, Exchange Server provides a full-featured, flexible, and robust e-mail and collaboration infrastructure. Windows Small Business Server gives you the wizards and tools to make managing Exchange Server a straightforward process. This chapter covers basic e-mail configuration and goes on to address some of the advanced configuration options that allow you to tweak Exchange Server to your needs, including ways to block unwanted e-mail before it gets to your users.
The default Exchange Server configuration is set up when you first run the Configure E-Mail and Internet Connection Wizard, which was described in Chapter 6, “Completing the To Do List and Other Post-Installation Tasks.” If you haven’t yet run this wizard to connect to the Internet, you’ll need to do that first. The first part of the wizard sets up your Internet connection. Once you configure the Internet connection, the wizard guides you through initial configuration of your Exchange server, starting with the Internet E-Mail page shown in Figure 14-1.
If you’ve got the Exchange snap-in open when you click Next, you get a warning message about refreshing the snap-in when you’re done so you’ll see any changes. Next, you need to decide how you want your outgoing e-mail configured. You can either use DNS to route outgoing e-mail or forward all your outgoing e-mail to a server specified by your ISP, as shown in Figure 14-2.
Figure 14-1: Enabling Internet e-mail as part of the Configure E-Mail and Internet Connection Wizard.
Figure 14-2: Choosing between DNS e-mail routing or forwarding through your ISP’s server.
Use DNS E-Mail Routing
Choosing forwarding as your e-mail delivery mechanism has some serious drawbacks, not the least of which is that all e-mail from your Windows Small Business Server will show that it has been forwarded from your ISP. Because spam e-mails use this technique, often forwarding from unsuspecting and poorly configured mail servers, using a forwarder can result in undelivered e-mail. Some very fussy e-mail domains refuse to accept mail that has passed through a mail forwarder, and even those who are not that absolute can end up blocking your e-mail when your ISP gets on their black list—something you have no control over.
In the early days of e-mail on the Internet, forwarding was a sensible way to configure many Simple Mail Transfer Protocol (SMTP) servers. Configuring an SMTP server, most commonly one running sendmail, was an arcane and difficult task for even experienced UNIX administrators. Many opted instead to use “smart hosts” that were configured to accept mail and send it on to the right place. Sadly, the flood of Unsolicited Commercial E-Mail (UCE, or more commonly spam) has made that practice no longer possible or desirable. Fortunately, Exchange Server 2003 does most of the SMTP heavy lifting in the background, so you don’t need to understand all the complexities.
Once you configure your sending method, click Next to open the E-Mail Retrieval Method page shown in Figure 14-3, where you define how e-mail gets delivered to you. Your ISP will have a preferred method, so make sure you consult with them before filling this out. You can also configure POP3 mailboxes at this point, but save that for later. Configuring POP3 e-mail will be discussed later in the “POP3 E-Mail” section. Click Next after you make your selections.
Incorrectly configuring your e-mail retrieval method will result in e-mail not being delivered to your server. Your ISP’s configuration will determine what the correct method is.
Figure 14-3: Configuring how your e-mail gets delivered to your server.
E-Mail Retrieval Methods
There are two basic methods for e-mail retrieval: e-mail is directly delivered to your Exchange server, or e-mail is first delivered to your ISP, which holds it until your Exchange server specifically asks for it. Which method is used is controlled by the DNS records for your domain—specifically the MX record.
If you want e-mail delivered directly to your server, the MX record for your domain must point to your server. If you want it delivered first to your ISP, and to you only when you ask for it, the MX record must point to your ISP’s server. Many ISPs support a mixture of the two methods—the primary MX record points to your server, but a secondary one points to your ISP. If for some reason your server is not available, your e-mail will go to your ISP. Once your e-mail server comes back online, you can either trigger delivery directly if your ISP supports that or wait until their automatic process recognizes that your e-mail server is back online.
Indirect Delivery: ETRN
The Extended Turn (ETRN) command is used by most ISPs to initiate a download of queued e-mail messages that are stored while waiting for a server to be online to receive them. The ETRN command is documented in the Request for Comments (RFC) 1985, available at http://www.ietf.org/rfc/rfc1985.txt. The ETRN command is an extension of the TURN command, which had serious security issues and is generally not used any longer.
Indirect Delivery: TURN After Authentication
The TURN After Authentication command gets around the most serious security issues of the TURN command by requiring your Exchange server to authenticate to your ISP’s SMTP server before the SMTP server accepts a TURN command from it. This methodology is useful when your Exchange server doesn’t have a fixed IP address but uses a dynamic IP address. Dynamic IP addresses are not supported for the ETRN method.
Manual ETRN Trigger
If you normally have e-mail directly delivered to your Exchange server and have secondary MX records that allow your ISP to hold e-mail when you’re offline, once your server is back up and available, you can wait for normal processing to send your e-mail to you, or you can manually initiate the transfer if your ISP supports doing that. The following procedure starts a mail queue to send e-mail to your domain. It assumes that your ISP’s SMTP server is smtp.example.com and your domain is microsoft.com.
telnet smtp.example.com 25 220 smtp.example.com ESMTP Mon, 3 Nov 2003 15:18:30 -0800 (PST) ETRN @microsoft.com 250 2.0.0 Queuing for node @microsoft.com started quit 221 2.0.0 smtp.example.com closing connection
The 220, 250, and 221 lines are the responses from the remote server.
If you’re using TURN After Authentication as your retrieval method, you get prompted for an account name and a password, which are used to authenticate your Exchange server to your ISP, as shown in Figure 14-4. Fill in the authentication information you received from your ISP and click Next.
Figure 14-4: The TURN authentication information used to ensure that only your Exchange server can retrieve your e-mail.
The E-Mail Domain Name page is shown in Figure 14-5. Type your Internet domain name, which should be different from your internal domain name, and click Next.
The Remove E-mail Attachments page of the Configure E-Mail and Internet Connection Wizard, shown in Figure 14-6, lets you automatically strip certain attachments from incoming e-mail received from the Internet. E-mail that has an attachment removed will have a text note attached to it so that the recipient knows the attachment was stripped. You can edit this list to add additional extensions or to remove ones that your business routinely uses.
Figure 14-5: The E-Mail Domain Name page of the Configure E-Mail and Internet Connection Wizard.
|Security Alert|| |
If you routinely need to receive e-mail from the Internet with an attachment that can be used maliciously, don’t simply enable that particular extension, but rather create a policy for how to change the extension so that both sender and recipient know what to use (for example, .vb for .vbs). This strategy enables you to get your work done efficiently while still providing some protection.
|Security Alert|| |
E-mail sent from one Exchange mailbox to another Exchange mailbox that does not go outside your internal network will not be checked nor have attachments removed.
Figure 14-6: Removing potentially hazardous attachments is one way to help protect your network.
If you want any stripped attachments to be saved into a safe area for inspection, select the Save Removed E-Mail Attachments In A Folder check box and specify a location where the attachments will be saved.
|Security Alert|| |
Although automatically removing some attachments from your e-mail is a good thing to do, it just isn’t enough these days. You should be running an antivirus suite that protects your network at multiple points of attack and includes at least file scanning and e-mail attachment scanning.
Click Next to display a final confirmation page that summarizes all your selections. If everything looks right, click Finish to implement them.
You can run the Configure E-Mail and Internet Connection Wizard again at any time if you need to change one or more of the configuration items. The wizard will start with your existing configuration and let you change just the items that need changing.
|< Day Day Up >|| |