• FAQs
• Articles
• Tutorials
• Web Tools
• Reference
• Blog
• Proxy
• Software
• Cell Phones

• Microsoft IIS Articles
• Understanding IIS 5 and IIS 6
• IIS Performance Monitoring and Tuning
• Installing IIS 6.0
• Managing IIS 5.0 and IIS 6.0
• Managing the IIS Metabase
• Publishing Content to IIS
• Securing IIS
• SSL and IIS
• Troubleshooting IIS
• User Authentication in IIS
• Using IIS Command Line Utilities to Manage IIS
• Understanding and Managing SMTP Virtual Servers
• What is New in IIS 6.0
• Articles Menu
• » Windows Server
• » Microsoft Networking
• » Microsoft Security
• » Active Directory
• » Microsoft IIS
• » Microsoft IPSec
• » Microsoft DNS
• » Microsoft DHCP
• » Microsoft WINS
• » Microsoft Filesystems
• » Remote Access
• » Microsoft Exchange
• » Microsoft SMS
• » Microsoft ISA Server
• » Microsoft Biztalk Server
• Main Menu
• » Networking
• » Physical Layer
• » Data Link Layer
• » Network Layer
• » Network Security
• » Wireless Networks
• » VoIP
• » Telephony
• » Mobile Telephony
• » Electronics
• » Radio
• » Television
• » Cryptology
• » Passwords
• » Smart Cards
• » Privacy
• » Malware
• » Vulnerabilities
• » Unix
• » Macintosh
• » Microsoft Windows
• » The Web
• » Web Publishing
• » E-mail
• » Instant Messaging
• » Databases
• » Computer Hardware
• » CPU's
• » Memory
• » Storage
• » Video
• » Audio
• » Multimedia
• » Satellite
• » Java
• » IT Management
• » Science
• » Miscellaneous

Understanding and Managing SMTP Virtual Servers

An Overview on the Simple Mail Transfer Protocol (SMTP) Service

The Simple Mail Transfer Protocol (SMTP) service, a primary service included as part of IIS, performs the key functions, and has the characteristics listed below:

• SMTP can be used to forward mail from one SMTP host to another SMTP host. SMTP cannot deliver mail directly to the client. Mail clients use POP3 or IMAP to receive e-mail. Windows Server 2003 includes the POP3 service for providing clients with mailboxes, and for handling incoming e-mail.
• It enables IIS machines to operate as SMTP hosts to forward e-mail over the Internet. IIS can be utilized instead of Sendmail.
• SMTP enables IIS machines to protect mail servers such as Microsoft Exchange servers from malicious attacks by operating between these servers and Sendmail host at the ISP of the organization.
• SMTP does not provide mailboxes to users, nor does it process incoming e-mail. Incoming e-mail and e-mail storage is handled by mail servers, such as Microsoft Exchange servers that include support for IMAP and POP3. Windows Server 2003 includes the POP3 service.
• In order to use SMTP as a component of IIS, you have to install the SMTP service first if you are running a Windows Server 2003 Edition other than the Windows Server 2003 Web Edition. The SMTP service is installed on the Windows Server 2003 Web Edition by default.
• To configure and manage the SMTP service on IIS, you can use:
  • The IIS Manager
  • A Web browser using SMTP Service Manager (HTML).
• The SMTP service is fully integrated with event and performance monitoring of Windows Server 2003.

The message store of the SMTP service is created when you install the service on IIS. SMTP utilizes this directory structure to process mail. The folders created in the \Inetpub\Mailroot directory structure (message store) are listed below:

• Pickup: The SMTP service processes messages from the Pickup folder as outbound messages or as messages for delivery. If the message is intended for users that are members of the local domain managed by the SMTP service, the SMTP service moves the message to the Drop folder.
• Drop: Incoming messages intended for the local domains are placed in the Drop folder. This is true for all recipients because the SMTP service does not maintain a mailbox for each recipient.
• Queue: Messages that cannot be immediately delivered are moved by the SMTP service to the Queue folder from the Pickup folder. The SMTP service repeatedly attempts to deliver messages stored in the Queue folder.
• Badmail: The Badmail folder stores messages that could not be forwarded to the recipient, even after attempts have been made for a predefined number of times. Another characteristic of messages in the Badmail folder is that the messages cannot be returned to the senders of these messages by SMTP. This means that administrators have to handle messages residing in the Badmail message store.
• Mailbox, Route, SortTemp: Because these folders are not utilized in IIS 6, you can delete them from the SMTP directory structure.

The events that occur when SMTP processes mail are listed below:

1. The SMTP service, smtpsvc.dll, runs in-process in the Inetinfo.exe IIS process.
2. Smtpsvc.dll monitors TCP port 25 for any incoming messages.
3. It monitors the Pickup folder for all outgoing messages.
4. SMTP places messages for users that are members of the local domain it manages in the Drop folder for delivery.
5. If a message has to be sent to a user that is a member of a different or remote domain, an ASP application has to create and place the outgoing message in the Pickup folder. This is done through the ASP application using CDOSYS.
6. The SMTP service then performs a DNS lookup on the name server so that it can find the SMTP host that manages the remote domain. The port used for this process is port 53. The SMTP service checks for the MX record for the remote domain.
7. After the fully qualified domain name (FQDN) of the remote SMTP host is determined, the SMTP service attempts to create a connection with the remote SMTP host to transfer the message for the recipient to it. Port 25 is utilized for the message transfer.
8. If a connection cannot be established with the remote SMTP host, the SMTP service places the message in the Queue folder.
9. If a connection can be established with the remote SMTP host but the connection is rejected by the remote SMTP host, the SMTP service forwards the sender of the message a non-delivery report (NDR), and returns the message as well. The message is placed in the Badmail folder if it cannot be returned to the sender.
10. If a connection can be established with the remote SMTP host and the remote SMTP host accepts the connection, the SMTP service transfers the message to the remote SMTP host.
11. After the message is received by the remote SMTP host it is sent to the POP3 or IMAP mail server which contains the mailbox of the intended recipient.
12. The message is downloaded when the client connects to the POP3 or IMAP mail server.

How to install the SMTP service as an IIS component

As mentioned previously, in order to use SMTP, you first have to install the SMTP service if you are running Windows Server 2003 Standard Edition or Windows Server 2003 Enterprise Edition.

To install the SMTP service,

1. Place the Windows Server 2003 CD-ROM in the CD-ROM drive.
2. Click Start, Control Panel, and click Add/Remove Programs.
3. Click Add/Remove Windows Components in the Add Or Remove Programs dialog box.
4. Click Application Server in the Windows Components dialog box, and then click the Details button.
5. The Application Server dialog box appears next.
6. Click IIS and then select the Details button.
7. Click the SMTP Service checkbox.
8. Click OK.
9. Open IIS Manager.
10. Verify that the SMTP Virtual Server node appears in the console tree.

When you install the SMTP service on IIS, the SMTP directory structure is created, as well as the Default SMTP Virtual Server. Through configuring the Default SMTP Virtual Server, mail can be forwarded to multiple SMTP domains. This eliminates the need to host multiple SMTP virtual servers on one machine to forward mail.

You can use the IIS Manager to perform the SMTP management tasks listed below:

• Create SMTP virtual servers.
• Configure SMTP virtual servers, such as configuring the following settings:
  • Connection settings
  • Message settings
  • Delivery settings
  • Security and authentication settings
• Start, stop and pause a SMTP virtual server.
• Create and configure SMTP alias domains and remote domains.
• View current SMTP sessions.
• Terminate a particular session(s), or terminate all sessions.

How to configure a SMTP virtual server

To create a SMTP virtual server,

1. Open the IIS Manager.
2. Locate the computer, right-click Default SMTP Server, select New and then Virtual Server from the shortcut menu.
3. The New SMTP Virtual Server Wizard initiates.
4. Enter a name for the SMTP site. Click Next.
5. On the Select IP Address page, enter the IP address settings for the SMTP site. Click Next.
6. Enter the path to the home directory for the SMTP server. Click Next.
7. Provide the domain name for the SMTP server. Click Next.
8. Click Finish.

You can configure various configuration settings for an SMTP virtual server by accessing its Properties window, and then using the various tabs to configure these settings. The tabs of the Properties window of a SMTP virtual server are:

• General tab, Access tab, Messages tab, Delivery tab, LDAP routing, and Security tab.

To access the Properties window of the SMTP virtual server,

1. Open the IIS Manager.
2. Right-click the Default SMTP Virtual Server node, and select Properties from the shortcut menu.
3. The Properties dialog box of the SMTP Virtual Server opens.
4. The settings that can be configured on each tab are discussed below.

General Tab

The configuration settings that can be configured are:

• IP Address text box: The IP address and TCP port number uniquely identify the SMTP virtual server. The default TCP port number is 25. The SMTP virtual server by default listens on port 25 to All Unassigned IP addresses on the IIS machine. If you want the SMTP virtual server to listen to specific IP addresses, change the All Unassigned value in the IP Address box, click Advanced, and select the additional IP addresses.
• Limit Number of Connections To checkbox: If you want to set a limit to the number of concurrent inbound connections SMTP can accept from other hosts, select the Limit Number of Connections To checkbox and set the number desired. The default setting is that an unlimited number of concurrent inbound connections are allowed.
• Connection Timeout text box: You can set a timeout value for outgoing connection attempts in this box.
• If you want to enable SMTP logging, click the Enable Logging checkbox.

Access Tab

The security configuration settings that can be configured for SMTP on the Access tab are:

• Access Control section of the Access tab: Click the Authentication button to configure an authentication method for the SMTP virtual server. This authentication method will be utilized when remote hosts attempt to create an incoming connection with the SMTP virtual server. Clicking the Authentication button opens the Authentication dialog box. You can configure the following authentication methods:
  • Anonymous Access: This is the default authentication method. It is recommended to leave Anonymous Access enabled when the server is connected to the Internet.
  • Basic Authentication: Basic authentication utilizes a clear text user name and password, and is considered the weaker authentication method. It is recommended to enable Transport Layer Security (TLS), a version of SSL encryption, when you use Basic Authentication.
  • Integrated Windows Authentication: When enabled, users would need to provide a user name and password for authentication. Integrated Windows Authentication is usually enabled when the SMTP virtual server is used for transmitting mail to recipients on the Internet.
• Secure Communication section of the Access tab: You can click the Certificate button to start the Web Server Certificate Wizard to obtain and install a server certificate on the SMTP virtual server. After the server certificate is installed. Click the Communication button to require secure communications.
• Connection Control section of the Access tab: Click the Connection button to specify which computers are allowed or denied to access the SMTP server. You can specify computers by the following parameters:
  • IP address
  • Network ID and subnet mask
  • DNS domain name
• Relay Restrictions section of the Access tab: Click the Relay button to configure which SMTP hosts are restricted from relaying messages through the SMTP virtual server to users. Clicking the Relay button opens the Relay Restrictions dialog box:
  • You can select the Only The List Below option, and specify which hosts are allowed, or you can select the All Except The List Below option and then specify which hosts are disallowed.
  • It is recommended to select the Allow All Computers Which Successfully Authenticate to Relay, Regardless Of The List Above checkbox.

When configuring security configuration settings for the SMTP virtual server, the recommended best practices are:

• Enable Anonymous access for inbound connections.
• Enable Windows Integrated Authentication for inbound connections.
• Enable the Allow All Computers Which Successfully Authenticate to Relay, Regardless Of The List Above checkbox on the Relay Restrictions dialog box so that relay access is denied to all computers with the exception being those computers have been authenticated.

Configuring the above security configuration settings results in:

• Users on the internal network can connect to the SMTP virtual server, and be authenticated through Windows Integrated Authentication. These users. messages can then be relayed to recipients of remote domain.
• SMTP hosts residing on the Internet would use Anonymous access to convey messages to the SMTP virtual server. The SMTP virtual server forwards these messages to the POP3 server, where it is placed into the mailbox of the user.
• SMTP hosts attempting to send messages through SMTP to users located in other domain are prevented from doing so.

Messages Tab

The configuration settings which you can configure for messages are:

• Limit Message Size To (KB): You set the maximum incoming message size allowed in this box.
• Limit Session Size To (KB): You set the maximum session size allowed in this box. This would be the maximum amount of data (incoming) which can be sent in the message for a single SMTP connection.
• Limit Number Of Messages Per Connection To: You set the maximum number of outbound messages that can be sent in a single SMTP connection. Additional outgoing connections will be opened when the value specified is exceeded.
• Limit Number Of Recipients Per Message To: You can specify the maximum number of recipients for a message in this box.
• You can specify a destination where a copy of the non-delivery report (NDR) should be transmitted.
• You can also change the location of the SMTP Badmail folder.

Delivery Tab

The configuration settings which you can configure for message delivery are:

• Outbound section of the Delivery tab: This is where you configure settings for when the SMTP server attempts to establish a connection with a remote SMTP host. The settings which you can configure, specific for delivering outbound mail are:
  • Retry Intervals values, indicate the retry intervals for SMTP when it cannot establish a connection with a remote host.
  • Delay Notification value, to accommodate for delays typically caused by network congestion.
  • Expiration Timeout value, the time duration after SMTP sends a non-delivery report (NDR) to the sender of the message.
• Local section of the Delivery tab: This is where you configure settings for local delivery, and includes the following:
  • Delay Notification value, to accommodate for delays typically caused by network congestion.
  • Expiration Timeout value, the time duration after SMTP sends a non-delivery report (NDR) to the sender of the message.
• Click the Outbound Security button to configure an outbound authentication method for the SMTP virtual server. The default authentication method is Anonymous Access. You can only select one outbound authentication method.
• Click the Advanced button to configure additional delivery settings on the Advanced Delivery dialog box:
  • Maximum Hop Count: You can specify the maximum number of hops which are allowed between SMTP hosts to relay an outgoing message. A non-delivery report (NDR) is sent when the value is exceeded.
  • Masquerade Domain (optional): You can define the DNS domain name that should replace the local domain in the Mail From header field of each message.
  • Fully Qualified Domain Name: You can indicate the FQDN of the SMTP virtual server in this field. If you have multiple roles and DNS names for the virtual server, you can modify this value. The default value displayed is the one specified in Control Panel, on the Network Identification tab of the System Properties window.
  • Smart Host: By specifying a smart host, you can route all outgoing messages through a specific SMTP host. You can define the smart host by its IP address or fully qualified domain name.
  • Attempt Direct Delivery Before Sending To Smart Host: This checkbox becomes available when you specify a Smart Host.
  • Perform Reverse DNS Lookup On Incoming Messages: It is recommend to not enable Reverse DNS Lookup because it slows the SMTP server.s performance.

LDAP Routing Tab

If you want to configure the SMTP virtual server to access a directory service to resolve e-mail addresses from the names of senders and recipients, you would do so on the LDAP Routing tab. The directory services supported are:

• Exchange Server directory
• Windows Active Directory
• A custom directory service such as Internet services Four11 and Bigfoot.

To enable LDAP Routing, click the Enable LDAP Routing checkbox on the LDAP Routing tab, and specify the following information for connecting to the directory server:

• Server, Schema type, Binding type, Domain, User name, Password, and Naming context.

Security Tab

The users and security groups that have permission to configure the properties of the SMTP server are located on the Security tab. The default groups that are assigned SMTP operator permissions are:

• Administrators
• LocalService
• NetworkService

SMTP Domains

A SMTP virtual server manages one or multiple SMTP domains. SMTP domains are also called service domains. A SMTP domain is a DNS domain that manages messages for delivery. The SMTP domain is automatically the default local domain of the Default SMTP Virtual Server. You can view the default local domain in the IIS Manager. Simply click the SMTP virtual server node in the console tree to display the default domain. A characteristic of the default domain is that you cannot delete it. A SMTP virtual server can only have one default local domain.

You can however change the name of the default name, by right-clicking it and selecting Rename from the shortcut menu.

If you want configure the default domain, right-click it, and select Properties from the shortcut menu. On the General tab, you can change the location of the Drop directory. You can also select the Enable Drop Directory Quota checkbox if you want to limit the size of the Drop directory. In addition to the SMTP default domain, you can create the following domains.

• Alias Domains: If you want to create additional local SMTP domains, you need to create a type of SMTP domain called alias domains. Alias domains are managed by the SMTP virtual server in the same manner as the default domain. In fact, alias domains use the same setting as the default domain. They also send incoming messages to the Drop folder which the default domain utilizes.
• Remote Domains: You can also create remote domains to connect to the remote SMTP hosts to which mail is frequently transmitted. You can specify different delivery requirements for each remote domain, specify a predefined delivery route for a remote domain, and you can also specify sub-domains.

How to create an alias domain

The New SMTP Domain Wizard is used to create alias domains for the Default SMTP Virtual Server, and to create remote domains.

1. Open the IIS Manager.
2. In the console tree, right-click the Domains node under Default SMTP Virtual Server, select New from shortcut menu, and then select Domain.
3. The New SMTP Domain Wizard starts.
4. Select the Alias domain type option. Click Next.
5. Specify the DNS name for the alias domain. Click Finish.
6. In the console tree of IIS Manager, click the Domains node to view the domains for the Default SMTP Virtual Server.

How to create and configure a remote domain

1. Open the IIS Manager.
2. Right-click the Domains node, select New from shortcut menu, and then select Domain.
3. The New SMTP Domain Wizard starts.
4. Click the Remote domain type option. Click Finish.
5. Proceed to open the Properties window of the remote domain.
6. The delivery settings which you can configure on the General tab are:
   • You can override the default no relay setting and allow for the relaying of incoming messages sent to this domain.
   • You can enable the Send HELO instead of EHLO checkbox.
   • You can configure an authentication method for outbound messages sent to the remote domain. Click the Outbound Security button and select the authentication method.
   • You can set the routing method for sending messages to the remote domain.
7. Click the Advanced tab to specify that the SMTP server should store mail for a SMTP host of the remote domain. This feature is useful for a host that rarely connects to the Internet.

Bookmark Understanding and Managing SMTP Virtual Servers

Latest Blog Posts

• Acai Berry Spam via MSN

• Obama Seeks Power to Shut Down the Internet

• Help Beta Test Tech-FAQ 2.0!

• Windows 7 Forum

• Boston College: Ability to Use a Command Line is a Sign of Criminal Activity

• Google Hacked?

• Recycle your old phone – Make some money, and save the environment too!

• SourceForge vs. Freshmeat

• Fastest Web Browser: Google Chrome

• New Webmaster Forum