Tài liệu Module 7: SMTP in Microsoft Exchange 2000 pptx

Contents Overview 1 Configuring Multiple SMTP Domain Names 12 Configuring an SMTP Virtual Server 13 Lab A: Creating an SMTP Virtual Server 27 2000... Configuring Multiple SMTP Domain

Contents

Overview 1

Configuring Multiple SMTP Domain Names 12

Configuring an SMTP Virtual Server 13

Lab A: Creating an SMTP Virtual Server 27

2000

with all applicable copyright laws is the responsibility of the user No part of this document may

be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation If, however, your only means of access is electronic, permission to print one copy is hereby granted

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property

 2000 Microsoft Corporation All rights reserved

Microsoft, Active Directory, BackOffice, Jscript, NetMeeting, Outlook, Windows, and Windows

NT are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A and/or other countries

Other product and company names mentioned herein may be the trademarks of their respective owners

Program Manager: Steve Thues

Product Manager: Megan Camp

Instructional Designers: Bill Higgins (Volt Technical), Jennifer Morrison, Priya Santhanam

(NIIT (USA) Inc), Samantha Smith, Alan Smithee

Instructional Software Design Engineers: Scott Serna

Subject Matter Experts: Krista Anders, Megan Camp, Chris Gould (Global Logic Ltd),

Janice Howd, Elizabeth Molony, Steve Schwartz (Implement.Com), Bill Wade (Wadeware LLC)

Technical Contributors: Karim Batthish, Paul Bowden, Kevin Kaufman, Barry Steinglass,

Jeff Wilkes

Graphic Artist: Kimberly Jackson (Independent Contractor)

Editing Manager: Lynette Skinner

Editor: Kelly Baker

Production Manager: Miracle Davis

Build Manager: Julie Challenger

Production Support: Marlene Lambert (Online Training Solutions, Inc)

Test Manager: Eric Myers

Courseware Testing: Robertson Lee (Volt)

Creative Director, Media/Sim Services: David Mahlmann

Web Development Lead: Lisa Pease

CD Build Specialist: Julie Challenger

Localization Manager: Rick Terek

Operations Coordinator: John Williams

Manufacturing Support: Laura King; Kathy Hershey

Lead Product Manager, Release Management: Bo Galford

Lead Product Manager, Messaging: Dave Phillips

Group Manager, Courseware Infrastructure: David Bramble

Group Product Manager, Content Development: Dean Murray

General Manager: Robert Stewart

Instructor Notes

This module provides students with the information necessary to understand the role of Simple Mail Transport Protocol (SMTP) in Microsoft® Exchange 2000 messaging Students will learn to configure and manage SMTP virtual servers,

SMTP connectors, and SMTP queues

After completing this module, students will be able to:

! Describe the role of SMTP, Extension to SMTP (ESMTP), and Domain Name System (DNS) in Exchange 2000

! Identify how SMTP is used in Exchange 2000

! Configure Exchange 2000 recipients with multiple SMTP addresses

! Configure an SMTP virtual server

! Configure an SMTP connector

! Identify the tools for troubleshooting SMTP connectivity

Materials and Preparation

This section provides the materials and preparation tasks that you need to teach this module

Required Materials

To teach this module, you need the following:

! Microsoft PowerPoint® file 1572A_07.ppt

Preparation Tasks

To prepare for this module, you should:

! Read all the materials for this module

! Complete the labs

! Identify the appropriate PowerPoint slide for Lab B depending on how many domains are configured in the classroom Remember to display the slide for the students at the beginning of Lab B

Presentation:

90 Minutes

Lab:

45 Minutes

Module Strategy

Use the following strategy to present this module:

! Introduction to SMTP This topic provides an overview of SMTP and ESMTP Explain the role of SMTP in transporting messages Explain how ESMTP extends SMTP functionality to support several messaging commands Explain how DNS efficiently transports messages

! Configuring Multiple SMTP Domain Names This topic covers information on how to configure Exchange 2000 recipients with multiple SMTP addresses Explain how you can ensure that

a recipient receives a message sent to him or her at any of the multiple SMTP addresses

! Configuring an SMTP Virtual Server This topic covers information on when multiple virtual servers may be required and how to configure them Explain the different ways in which you can secure virtual servers in an organization Explain the usage of queues to handle message flow

! Configuring an SMTP Connector This topic covers the benefits of adding an SMTP connector Explain how to fine-tune the configuration of an SMTP connector to suit your organization Explain how to achieve load balancing as well as fault tolerance by

configuring more that one SMTP host

! Troubleshooting SMTP Connectivity This topic covers information on the common tools used to troubleshoot SMTP connectivity

Customization Information

This section identifies the lab setup requirements for the module and the configuration changes that occur on student computers during the labs This information is provided to assist you in replicating or customizing Microsoft Official Curriculum (MOC) courseware

The labs in this module are also dependent on the classroom configuration that is specified in the Customization Information section at the

end of the Classroom Setup Guide for course 1572A, Implementing and Managing Microsoft Exchange 2000

! Complete the labs for Module 2, “Installing Microsoft Exchange 2000,” in

course 1572A, Implementing and Managing Microsoft Exchange 2000

! Install Exchange 2000 at D:\Program Files\Exchsrvr on each server into an organization named Northwind Traders Components installed are Microsoft Exchange Messaging and Collaboration Services, Microsoft Exchange System Management Tools, and Microsoft Exchange Instant Messaging Service Have the students create a custom MMC in the C:\Documents and

Settings\All Users\Desktop that is saved as your_firstname Console The

MMC contains the Active Directory Users and Computers snap-in and the Exchange System snap-in

Setup Requirement 2

The labs in this module require a custom organizational unit, a user account for each student, a mailbox for each student, an Outlook profile, and for the Domain Admins group to be delegated full control of the organization To prepare student computers to meet this requirement, perform one of the following actions:

! Complete the labs for Module 3, “Administering Microsoft Exchange

2000,” in course 1572A, Implementing and Managing Microsoft Exchange

2000

! Create an organizational unit in Active Directory that is named

your_servernameOU for each server in the classroom Create a user account

in each server’s organizational unit for each student The account is a member of the Domain Admins group and has a mailbox on the student’s

Important

Overview

! Introduction to SMTP

! Configuring Multiple SMTP Domain Names

! Configuring an SMTP Virtual Server

! Configuring an SMTP Connector

! Troubleshooting SMTP Connectivity

Simple Mail Transport Protocol (SMTP) is installed when you install Microsoft® Windows® 2000 In this module, you will learn about the importance of SMTP in messaging and how Exchange 2000 extends SMTP After completing this module, you will be able to:

! Describe the role of SMTP, Extension to SMTP (ESMTP), and Domain Name System (DNS) in Exchange 2000

! Configure multiple SMTP domain names

! Configure an SMTP virtual server

In this module, you will learn

to configure and manage

virtual servers, SMTP

connectors, and queues

SMTP Overview

Commands

HELO fqdn

Description

Identifies the sending SMTP host.

MAIL FROM:<sender> Identifies the sender of the message.

RCPT TO:<recipient> Identifies the recipient of the message.

DATA Indicates that the sending host is ready to send the message.Indicates that the sending host is ready to send the message.

RSET Aborts the current mail transaction.

VRFY string Allows the sending host to verify that the recipient is valid before sending the message.Allows the sending host to verify that the recipient is valid before sending the message.HELP <string> Lists the SMTP commands supported on thereceiving host.Lists the SMTP commands supported on thereceiving host.

QUIT Disconnects the TCP session.

TURN Triggers the recipient server to send queued messages destined to the sending server Triggers the recipient server to send queued messages destined to the sending server

SMTP is an asymmetric request-response protocol By default, SMTP uses TCP port 25 for transferring messages between two servers or for sending mail from

a messaging client to a messaging server

For more information on SMTP, see Request for Comments (RFC) 821 and 822

SMTP Commands

SMTP uses a series of plain-text commands that are passed from a sending host

to a receiving host The receiving host replies to these commands with one of several reply codes The following table lists some commonly used SMTP commands

Command Description

HELO fqdn Identifies the sending SMTP host

MAIL FROM:<sender> Identifies the sender of the message

RCPT TO:<recipient> Identifies the recipient of the message This command is

used for each recipient of the message

DATA Indicates that the sending host is ready to send the

message

RSET Aborts the current mail transaction

VRFY string Allows the sending host to verify that the recipient is valid

Topic Objective

To list and describe the

SMTP commands and reply

221 fqdn Service is closing transmission channel

250 Requested action is okay, and has been completed

354 Start message input; end with <CRLF>.<CRLF>

450 Requested action not taken: mailbox busy

451 Requested action aborted: local error in processing

452 Requested action not taken: insufficient system storage

500 Syntax error, command unrecognized

550 Requested action not taken: mailbox unavailable or not found

552 Requested action aborted: exceeded storage allocation

How SMTP Works

SMTP Sender (Client)

SMTP Sender

SMTP Sender (Server)

Connection initiated 220 server1.nwtraders.msft HELO nwtraders.msft 250 server1.nwtraders.msft Hello

[192.168.2.200]

MAIL FROM:<susanf@nwtraders.msft >

250 2.1.0 susanf@nwtraders.msft Sender

OK

RCPT TO:<stefank@contoso.msft > 250 2.1.5 stefank@contoso.msft DATA 354 Start mail input; end with

<CRLF>.<CRLF>

Subject and message body, followed by

a “.” on a line by itself

250 2.6.0 Queued mail for delivery

QUIT 221 server1.nwtraders.msft Service closing

transmission channel

Topic Objective

To list and describe the

SMTP commands and reply

XEXCH50 Used for transferring Exchange–specific contentin messages.Used for transferring Exchange–specific contentin messages.

STARTTLS Provides a Secure Sockets Layer (SSL) connection between the SMTP client and server.Provides a Secure Sockets Layer (SSL) connection between the SMTP client and server.

Some SMTP hosts, such as Windows 2000, support ESMTP ESMTP extends SMTP functionality to support a variety of messaging commands With ESMTP, a sending host can determine if the receiving host supports ESMTP and then communicate accordingly

For more information on ESMTP, see RFC 1869

ESMTP Commands

The following table lists some of the important ESTMP commands

Server command Description

ATRN Authenticated TURN runs only if the session has been

authenticated This command is described in RFC 2645

ETRN Similar to TURN, but it specifies the remote host to which the

mail is to be delivered This command is described in RFC 1985 PIPELINING Allows SMTP commands to be sent in batches without waiting for

a response from the receiving host This makes the protocol more efficient

ENHANCEDSTATUSCODES

Indicates that the SMTP host is capable of providing enhanced status code response to ESMTP commands

8bitmime Provides a standard means for transmitting full eight-bit

characters between SMTP hosts

BINARYMIME Indicates that the current message is a binary encoded MIME

(Multi-Purpose Internet Mail Extensions) message

CHUNKING Enables the sending of large MIME messages more efficient by

chunking the data together as it is transported between SMTP hosts

Topic Objective

To list and describe the

ESMTP commands

Lead-in

ESMTP supports several

more messaging commands

than the SMTP commands

Note

The graphic lists the ESMTP

commands that most

commonly used

AUTH=LOGIN Provides a form of SASL for clients such as Netscape and

Exchange Server 5.5 that require this basic SMTP authentication

X-EXPS GSSAPI NTLM LOGIN

Uses an authentication mechanism that supports Kerberos and NTLM This command supports the same authentication mechanisms as AUTH

X-EXPS=LOGIN Uses an Exchange Server 5.5 specific authentication

mechanism that supports NTLM for compatibility with Exchange Server 5.5

X-LINK2STATE Specifies support for the Exchange 2000 links state command

verb

XEXCH50 Used when establishing a connection with another server

running Exchange The XEXCH50 command is used for transferring Exchange-specific content in messages

HELP Outputs a list of commands supported by the SMTP host This

command is described in RFC 821

VRFY Determines whether an e-mail account exists and if it is

disabled by default Many administrators consider it a security risk if this command is enabled This command is described in RFC 821

DSN Generates and sends a Delivery Status Notification to the

sending host din case of delivery failure This command is considered an improvement over the current non-delivery report (NDR) mechanism This command is described in RFC

1891

SIZE Determines the size of a message prior to acceptance

Previously, a message had to be transmitted to the receiving system in whole or part before it could be rejected for exceeding a size limitation This command is described in RFC

1870

STARTTLS Provides a Secure Sockets Layer (SSL) connection between the

SMTP client and server The client system must initiate the Transport Layer Security (TLS) connection

How ESMTP Works

Unsuccessful Connection Successful Connection

SMTP Sender (Client)

SMTP Sender

SMTP Sender (Server)

Connection Initiated

220 <FQDN> Ready

EHLO <FQND>

250 <FQDN> Hello Returns list of supported extensions

The following steps outline a successful ESTMP connection:

1 The sending host initiates a TCP connection to the receiving host The

receiving host must return a 220 (Ready) response, indicating that it has

opened a connection

2 The sending host requests that an SMTP session be initiated by sending an

EHLO command instead of the HELO command The receiving host returns an OK by sending a code 250 response, which indicates it has

accepted the session and the sending host can continue

3 The receiving host then sends the list of SMTP extensions that it supports The following steps outline an unsuccessful ESMTP connection:

1 The sending host initiates a TCP connection to the receiving host The

receiving host must return a 220 (Ready) response, indicating that it has

opened a connection

2 The sending host requests that an SMTP session be initiated by sending an

EHLO command If the receiving host does not support ESMTP, it returns

a code 500 (Error) response In such a case, the sending host issues a HELO

command to initiate a normal SMTP connection sequence

Topic Objective

To list and describe the

ESMTP commands

Lead-in

ESMTP supports several

more messaging commands

over and above the SMTP

commands

DNS and SMTP

DNS

.msft nwtraders

Establishing an SMTP Session with an SMTP Host

DNS is critical to the Active Directory™ directory service and Exchange 2000 Having a well-designed, reliable DNS implementation is a prerequisite to having reliable and efficient Windows 2000 and Exchange 2000 integration Transferring messages between SMTP hosts is dependent on DNS When a SMTP host sends an e-mail message to another SMTP host, DNS resolves the domain name of receiving host to its TCP/IP address DNS stores an SMTP domain name and host address in a mail exchanger (MX) record A typical company will have multiple MX records registered in DNS to provide fault tolerance in case an SMTP host becomes unavailable

The following table provides an example of MX records in DNS

Topic Objective

To identify the role of DNS

in Exchange 2000

Lead-in

DNS is used to resolve the

SMTP host name of the

receiving host into a TCP/IP

SMTP Folders in Exchange 2000

SMTP C:\Program Files\Exchsrvr\Mailroot

NTFS

There are three file system folders that SMTP uses to manage messages These folders temporally store messages while the messages flow through SMTP By

default, these folders are created in C:\Program Files\Exchsrvr\Mailroot The

three folders are:

! Pickup Any SMTP formatted messages placed in the Pickup folder will be

delivered by SMTP Exchange 2000 does not use this folder

! Queue The Queue folder is where inbound SMTP messages are stored as

they are received by SMTP Once received, they are processed by IIS for delivery

! Bad Mail The Bad Mail folder is where undeliverable messages that cannot

be returned to the sender are stored

You may want to change the location of these folders to something other than their default location for performance or disk capacity reasons You must make these changes in the configuration partition of Active Directory, or Exchange

2000 will overwrite the change with the original values

To change the location of these folders after Exchange 2000 has been installed, you must use ADSI Edit to change the location

Ensure that all Exchange 2000 services are stopped before modifying the folder location to avoid losing SMTP messages

Topic Objective

To identify the folders used

by SMTP

Lead-in

SMTP uses three system

folders to store in-transit

messages temporarily

Caution

To change the location of these folders using ADSI Edit, you need to:

1 Using ADSI Edit, connect to the Configuration Container on the domain controller of the target domain

2 Navigate to CN=Services, CN=Microsoft Exchange, CN=Organization, CN=Administrative Groups, CN=Administrative Group, CN=Servers, CN=Server, CN=Protocols, CN=SMTP

3 Right-click cn=1, and then click Properties

4 Click the Attributes tab

5 In the Select which properties to view box, select Both

6 In the Select a property to view box, select the folder whose location is to

be changed

7 In the Edit Attribute Field box, type the new location

Exchange 2000 replicates the information of the new folder location to the IIS metabase

Configuring Multiple SMTP Domain Names

After you have configured Exchange 2000 to meet your SMTP requirements, you will also need to provide DNS with the MX records necessary to support your SMTP address space For example, you configure Exchange 2000 server recipients with two SMTP addresses, user@nwtraders.msft and

user@contoso.msft You will then need to add MX records to each DNS namespace that point to your Exchange 2000 SMTP hosts Once you add the

MX records, an Internet mail user could send a message to a single recipient at user@nwtraders.msft or user@contoso.msft and the message would reach the intended recipient

The following table lists the records that will be added to the contoso.msft DNS namespace

that a recipient receives a

message sent to him or her

at any of the addresses

Note

# Configuring an SMTP Virtual Server

! Uses of SMTP Virtual Servers

! Configuring a Virtual Server

! Implementing Security

! Configuring Exchange 2000 to Use a Smart Host

! Configuring Exchange 2000 as a Relay Host

! Managing SMTP Virtual Server Queues

! Configuring Global SMTP Parameters

With Exchange 2000, you can create multiple virtual servers for each Internet protocol, such as SMTP Creating multiple SMTP virtual servers enables you to segment SMTP traffic to different IP addresses or ports, each with their own configuration You can use multiple virtual servers in several ways For example, you can configure each virtual server to use different authentication mechanisms However, there is no performance gain in creating multiple virtual servers for load balancing message traffic

Uses of SMTP Virtual Servers

Intranet

Exchange 2000

Virtual Server A

Virtual Server A

Virtual Server B

Virtual Server B

B

No DNS

Internet

SMTP Connector *

SMTP

Internal DNS External DNS

No Routing Enabled

You can use SMTP virtual servers in the following instances

Connecting to the Internet

For small companies that do not have a firewall but wish to connect to the Internet, you can configure one virtual server to send and receive messages to all servers running Exchange 2000 in the organization, and you can configure another virtual server to send and receive SMTP message traffic from the Internet To do this, perform the following tasks:

! Configure two SMTP virtual servers, each with their own network adapter

! Configure Adapter A to use internal DNS servers

! Configure Adapter B to use no DNS servers

! Configure virtual server A to use external DNS servers

! Confirm TCP/IP routing is not enabled between the networks on the server

! Create an SMTP connector with an address space of * for virtual server A

This method of connecting to the Internet is not as secure as using a firewall because the server running Exchange 2000 is connected directly to the Internet

In this scenario, virtual server B will receive messages from the Internet that have an IP address associated with a DNS MX record Once a message is received by virtual server B, Exchange 2000 uses Active Directory to locate the home server of the recipient and routes the message through virtual server A The NIC associated with virtual server A is configured with an internal DNS address so that it can resolve the next hop within the Exchange 2000

When messages are sent to Internet recipients from within the Exchange 2000 organization, they will be routed to one of the local servers specified on the SMTP connector Virtual server A receives the messages from the associated with the SMTP connector, the messages are routed to virtual server B, and then

to the Internet The recipient’s SMTP domain is resolved to an SMTP host using the external DNS servers configured on virtual server A

Each virtual server monitors a specified IP address and port, but can use any network adapter to send messages

Additional security considerations, when using this scenario, include:

! Configuring Internet Security Protocol (IPSec) policies to filter ports on the NIC connected to the Internet

! Not enabling relaying on the virtual server connected to the Internet

! Minimizing the number of users that have permissions to log on to the Exchange 2000 server

Configuring Virtual Servers to Use Different Authentication Methods

Another use for multiple virtual servers is when you require all virtual servers within your organization to use TLS encryption and you want to connect to the Internet Similar to the previous example, this would require a server that has two virtual servers; one with TLS encryption required, another without TLS

encryption required The virtual server without TLS is connected to the Internet The virtual server with TLS is connected to the intranet An SMTP connector is

created and associated with the TLS enabled virtual server

Internal messages sent to the Internet will be routed to the Exchange 2000 server and received by the TLS enabled virtual server The SMTP connector associated with this virtual server will use the virtual server connected to the Internet to send the messages without TLS encryption

Note

Configuring a Virtual Server

Secure Network

Secure Network

Exchange 2000 SMTP Virtual Server A

192.168.2.200 TCP Port 25

SMTP Virtual Server A

192.168.2.200 TCP Port 25

Virtual Server B

10.0.0.125 TCP Port 25

Virtual Server B

10.0.0.125 TCP Port 25

The reasons for having multiple virtual servers may vary, but each virtual server must have a unique IP address or TCP port

Creating and Applying Filters

You can create filters to select specific messages and specify how those messages should be handled For example, you can filter messages sent by specific users, messages with a blank sender address, and so on You create

filters using the Filters tab of the Message Delivery object under Global Settings After creating a filter you can apply the filter on the IP address

assignments of virtual servers

Configuring Connection Settings

Each virtual server accepts an unlimited number of inbound SMTP connections and creates up to 1000 outbound connections by default You can limit the number of inbound SMTP connections that an Exchange 2000 server will accept This is useful if your Exchange 2000 server performance is affected by SMTP while it is providing other services You should configure the inbound and outbound number of connections and session timeout parameters

independently You can limit inbound connections on the General tab To configure outbound connection, you need to use the Delivery tab

Logging Messages

You can log the messages passing through the virtual server in a number of different formats This can be useful in monitoring SMTP usage and troubleshooting SMTP connectivity

Topic Objective

To configure an SMTP

virtual server

Lead-in

There are several options

that you can configure to

customize a virtual server to

suit your requirements

Delivery Tip

Show the virtual server’s

General tab while

explaining creating and

applying filters

Delivery Tip

Show the virtual server’s

General tab and the

Delivery tab while

explaining the connection

settings

Delivery Tip

Show the virtual server’s

General tab while

explaining logging settings

Setting Message Limits

To help prevent a server running Exchange 2000 from becoming overburdened with SMTP traffic, default limitations are set on all virtual servers The

following table lists the default limitations

System messages need not adhere to message size limit settings

Configuring Message Delivery

By default, each virtual server attempts to deliver messages as they arrive However, when message transfer fails due to a communications failure, the virtual server queues the message for subsequent retries or reroutes the message If a message has been queued for 12 hours (default limit), the sender

is notified that the message has not been successfully delivered If, after two days (by default), the message has still not been delivered, the message is returned to the sender with a NDR

Configuring Inbound Relay Restrictions

By default, an SMTP virtual server will accept messages from anyone, but will only relay messages sent from authenticated clients This allows Internet clients, such as Post Office Protocol version 3 (POP3) and Internet Message Access Protocol version 4 (IMAP4), from your domain to send and relay SMTP messages through the SMTP virtual server However, SMTP hosts that are not authorized cannot relay SMTP messages through the SMTP virtual server in your organization

Clients are required to provide credentials when connecting to the SMTP virtual server For users in your domain, you may configure Microsoft Outlook® Express to provide logon credentials when sending SMTP messages through

Delivery Tip

Show the virtual server’s the

Messages tab while

explaining message limit

settings

Note

Note

Delivery Tip

Show the virtual server’s

Delivery tab while

explaining message delivery

settings

Delivery Tip

Show the virtual server’s

Access tab while explaining

inbound relay restrictions

Configuring virtual server inbound relay restrictions is different than configuring outbound relay restrictions, which is done on the SMTP connector

You can configure inbound relay restrictions using the Relay button on the virtual server’s Access tab

Note

Outbound Security

Outbound Inbound

nwtraders.msft

One component of SMTP security is authentication It is useful to require an SMTP host or client to authenticate before allowing message transfer This will reduce unwanted transfer from other than specific hosts or clients with proper credentials You can choose from the following authentication methods

Anonymous Authentication

You can create a user account in IIS that enables users to connect anonymously Anonymous access provides limited access for specific public folders and directory information Anonymous authentication is supported by all clients and

is an easy way to allow access to unsecured content in public folders

Anonymous authentication does not provide security on an individual basis All anonymous authenticated users can access any content that the Anonymous user

account (IUSER_Computername) can access

Basic Authentication

Basic authentication uses clear text to perform a simple challenge and response authentication Basic authentication requires users to enter their user name, domain, and password to gain access to mailbox data

Most clients support basic authentication This method works through proxy servers and firewalls Basic authentication also allows the use of a front-end server

A limitation of basic authentication is that the user’s password is sent as clear

Topic Objective

To explain the

authentication methods and

the when you would use

each method

Lead-in

You can implement a

different security policy for

each virtual server

Delivery Tip

Show the virtual server’s

Access tab while explaining

the different type of

authentication methods

Integrated Windows Authentication

For clients running Windows 2000 and Microsoft Internet Explorer 5, Integrated Windows Authentication uses Kerberos and offers the best security, efficient communication, and transparency Integrated Windows authentication uses the Microsoft Windows NT® local area network (LAN) Manager (NTLM) protocol for non-Windows 2000 networking clients

With Integrated Windows Authentication, the password is sent as an encrypted value for highest security Integrated Windows Authentication provides native authentication from Windows networking clients and allows browser access without prompting the user for their username and password

Integrated Windows Authentication does not work through HTTP proxies and

is not available through a front-end server Integrated Windows Authentication does not work with browsers other than Internet Explorer 4.0 and 5

Determining Your Authentication Method

The authentication method that you choose for SMTP will depend on your environment Anonymous authentication is the most common for Internet communications Basic authentication is the simplest form of security, but is not very secure because the username and password are not encrypted If the network connection between the two SMTP hosts is encrypted, using TLS in

combination with Basic authentication, the network can be considered secure

You use Integrated Windows Authentication when you have Windows-based clients that do not use TLS

You can configure the logon security using the Authentication button on the virtual server’s Access tab

Exchange 2000 servers within the same organization use Kerberos version 5 security to authenticate when between them

Inbound and Outbound Security

Inbound security is used to control which SMTP client can establish an SMTP session with a virtual server Outbound security is used to specify the type of security, along with the username and password that will be used when an SMTP host that requires authentication challenges an SMTP virtual server

As with the SMTP port, which must be consistent among SMTP hosts that want

to communicate with each other, you must also configure security so that a sending SMTP host can meet the requirements of a receiving SMTP host Therefore, you should configure outbound security using the same authentication methods as the other SMTP hosts with which the virtual server will communicate

You can configure the inbound security using the Authentication button on the virtual server’s Access tab You can configure the outbound security using the Outbound Security button on the virtual server’s Delivery tab

Note

Delivery Tip

Show the virtual server’s

Access tab while explaining

inbound security, and the

Delivery tab while

explaining outbound

security