Search

Ads

Tuesday, May 25, 2010

Step By Step Email Server Setup in Windows Server 2003

Step By Step Email Server Setup in Windows Server 2003


Start->Programs->Administrative Tools->Manage Your Server once it opens you should see similar to the following screen here Click on Add or remove a role

1

This will start the Configure Your Server Wizard. Read the text and make sure you have connected all the necessary cables and all the other things it says you should do before continuing.Click on Next

2

We now come to the step where we add and remove roles for our server. Select Mail Server (POP3,SMTP) click Next

3

You will now specify the type of authentication and type the email domain name. In this tutorial we will use Windows Authentication, and we will use our domain name, windowsreference. com. You should of course use your domain name.click next

4

Next step shows summary of our selection click on next

5

Mail server is in progress

6

When you get prompted to insert your Windows Server 2003 CD-ROM into your CD-ROM drive, do so and click ok. If you didn’t get prompted to do that, you maybe already have it in the drive.

7

Copying files in progress

8

After completing installation you should see similar to the following screen click Finish

9

Configuring Email Server

Click Start—>run type server.msc click ok this will open up the POP3 Service. This is where you configure and manage the POP3 part of the mail server.Click on in the left pane and Click on Server Properties in the right pane

11

This brings up the Properties for our Mail Server.I will explain each setting as follows

12

Authentication Method

Local Windows Accounts

If your server is stand alone (not member of an Active Directory domain), and you want to have the user accounts on the same local computer as the POP3 service, this is the best option. By using this option, you will use the SAM (Security Accounts Manager) for both the email user accounts, and the user accounts on the local computer. This means that a user can use the same user name and password to be authenticated for both the POP3 service and Windows on the local computer. But there is a limitation, although you can host multiple domains on the server, there must be unique user names for all domains. So, let us say you have two users named Sandra. One working at company1.com and another one working at company2.com. Their user name used will be sachin@company1. com and sachin@company2. com. But in SAM, they will both have the same user name, sandra, so one of them must be renamed to something else (if we don’t want them to read each other’s emails).

If you create the user account when you create the mail box (by using the POP3 interface), the user will be added to the POP3 user group. Members of this group are not allowed to logon locally. The fact that the users are added to the POP3 group does not mean that you must be a member of this group to have a mailbox. You should however be careful adding mailboxes to users that are not member of the POP3 group, because the password used for email can for example be sniffed (if you are not using SPA), or someone can brute force the password and gain access to the server.

Server Port

We strongly recommend that you use port 110 because this is the standard port for the POP3 protocol. If you change this, make sure you notify all users so they can configure their email clients to use this other port. Also make sure you restart the POP3 service if you change this.

Logging Level

Four options to choose between. If you change this, remember that you must restart the POP3 service.

None – Nothing is logged.

Low – Only critical events are logged.

Medium – Both critical and warning events are logged.

High – Critical, warning and informational events are logged.

Root Mail Directory

If you don’t want to use the default Mail Directory, you can choose another one. Make sure the path is not more than 260 characters and you can also not store to the root of a partition (i.e. C:). It is strongly recommended that you use a NTFS formatted partition. You can’t use a mapped drive, but the UNC name (\\servername\ share) can be used. If you later change the store, and there are still emails in one or more boxes, you must manually move the folders in which there are emails to the new location. You must also reset the permissions on the directory by using winpop set mailroot.

SPA

Enable SPA if you want to have a secure communication between your email sever and email clients. This will send both the user name and password encrypted from the client to the server, instead of sending it in clear text. SPA supports only Local Windows Accounts and Active Directory Integrated Authentication. It is recommended to use this. Remember to restart the POP3 service if you change this.

Create a mailbox

The Setup Wizard created a domain to us, so we do not need to create this manually. If you did not use Manage Your Server to install, add the domain manually be clicking the server name in the left pane and then click New domain in the right pane.

Remember to set the properties before you add the domain.(We have completed in the above step)

Click on your domain (windowsreference. com in my case) in the left pane.Click Add Mailbox in the right pane.

13

This will open up the Add Mailbox window here you need to enter name and password click ok

14

A message will pop-up and tell you how to configure the email clients. Read this, and notice the difference when using SPA or not. click ok

15

After creating user you should see similar to the following screen

16

What we just did was not only creating a mailbox named admin, but we also created a user admin.

Configure the SMTP Server

We have to configure the SMTP part to be able to receive and send emails. A common mistake is to think that the POP3 server receives the emails. But that is not true, all the POP3 is doing is ‘pop’ the emails out to the clients. It’s the SMTP server that is communicating with other SMTP servers and receives and sends emails.

17

Open Computer Management,Expand Services and Applications, expand Internet Information Service
Right click Default SMTP Virtual Server and click Properties

18

Once it opens properties tab you should see similar to the following screen here you need to Click the Access tab Click the Authentication button

19

Here you need to make sure Anonymous Access and Integrated Windows Authentication is enabled.

20

Click the Relay button from the properties windows and make sure Allow all computers which successfully… is enabled and Only the list below is selected.

21

First of all, Authentication and Relay is not the same thing. We use the Authentication button to specify which authentications methods are allowed for users and other SMTP servers. So enabling Anonymous here is not a security issue, in fact, it’s required if we want our server to be able to receive emails from other servers on Internet . We also need Windows Authentication so the email clients can authenticate to the server and be able to relay (send emails).

That’s it for server side now you need to configure your email clients.

If you want users to only be allowed to relay if they are on a private network, then you can uncheck Windows Authentication as allowed authentication method, and specify the IP range for your network in the Relay Restrictions window.

Enable SPA (Secure Password Authentication)

You need to configure your network network as secure as possible, so we prefer to use SPA (Secure Password Authentication) . This will, as stated before, send the user name and password from the client encrypted, instead of clear text.

Click Start, then Run ype p3server.msc

In the right pane, right click your computer’s name and click Properties

Check the box Require Secure Password Authentication… and Click OK

22

You will be prompted to restart the Microsoft POP3 Service, click Yes

23

No comments:

Post a Comment