This document which details configuring a Windows 2000 SMTP (Simple Mail Transport Protocol) server is meant to serve as an appendix to the document detailing
how to install a Windows 2000 web server. The main purpose of configuring a SMTP server is for users of skyBuilders timeLines backed web server installations to be able to subscribe to page postings, as well as email bug reports from actual timeLines applications as bugs are discovered. There may be other email functionality layered into timeLines in the future also making use of SMTP services.
*
|
Important: It is highly recommended for security reasons to relocate the default web server root, residing at c:\inetpub\wwwroot, to an area other than the c: drive, where hackers typically try to find vulnerabilities. Also branching off of the c:\inetpub directory are the FTP root and the SMTP root, at c:\inetpub\ftproot and c:\inetpub\mailroot respectively. They should likewise be relocated. The MS Internet Information Services (IIS) Manager will allow for the hard drive migration of both the default web server and the default FTP server, but not the SMTP server. Therefore, this illustration will enatil not configuring the Default SMTP Server, but disabling the Default SMTP Server and then creating a new vitual SMTP server that can be relocated off the c: drive. Please note that it is also necessary to stop the Default SMTP Server for the c:\inetput\mailroot directory tree to be removed from the c: drive. (While the Default SMTP Server is running it increments the share count associated with the c:\inetput\mailroot directory tree, prohibiting its deletion from the c: drive.)
Please refer to the skyBuilders Security Policy document for details concerning MS Windows 2000 server file permissions, user privileges, and allowable services.
|
**
|
Technical Note: If you are trying to use SMTP services to send email from ASP applications and you have settings problems with either the Default SMTP Server or a SMTP Virtual Server of your own, you will likely get ASP errors or silent email dysfunctionality when SMTP services are requested from your ASP application. In MS Windows 2000 the use of CDONTS mail objects still work in some IIS configurations, in other IIS configs it is deprecated and only CDO.Message ojects may be used.
|
The first step in configuring your SMTP server is to invoke the MS Internet Information Services (IIS) interface: Click Start > Programs > Administrative Tools > Internet Services Manager, bringing the following display.
Now right click the Default SMTP Server entry (highlighted) and click on the menu selection labelled Stop to halt the Default SMTP Server as illustrated below. This will release the share count on the c:\inetpub\mailroot directory tree, allowing it to be removed from the c: drive and installed to another drive. You will see the Default SMTP Server in Stopped mode as shown below.
Now you must also change the default SMTP server port number.
This is beacuse when your computer reboots it will recreate thet default mail directories (the ones you will be moving) and take over the default SMTP port (port 25). Unless this is done what Windows 2000 does upon reboot is effectively disable the virtual SMTP mail server you will be setting up later in this document. When you right click on the Default SMTP Server entry, as displayed above, you will get the following additional display:
Clicking on the Advanced button from the previous illustration will yield yet another display where the default SMTP port number can be reassigned.
Click the Edit button to actually change the port number assignment. By loose convention, we recommend using port number 2525, a redoubling of the default SMTP number of 25. This helps the user to know that the original port assignment was 25.
Now you are ready to create a new virtual SMTP server which will specifically serve the email needs of your installation of timeLines. Highlight the computer enummerated in the IIS display, skyspec3 in the illustration, and right click the entry. Selecting New > SMTP Virtual Server.
This brings up the New SMTP Virtual Server Wizard. Enter a desciption and click the Next button.
You will see the following display. Make sure to select one of the enummerated IP addresses as a setting. (If you are dually homed - having two network interface cards (NIC) - you will have to add extra setting later.) Click the Next button again.
Be sure to enter the path of the relocated SMTP server mailroot, or simply browse to it. Click the Next button once again.
Make sure to enter a valid domain value, corresponding to the machine's network ID, in the form of HOST.INTERNET-DOMAIN.EXTENSION, skyspec3.skybuilders.com in the illustration. (If the machine has no DNS suffix associated with it the HOST name alone will suffice.) Click the Finish button to return to the IIS manager display.
You should now see something like the following display, showing your new SMTP server entry in the IIS manager.
In order to get your skyBuilders timeLines installation to send bug reports and page and comment thread updates through this newly created virtual SMTP server you must let the the virtual SMTP server allow relay access from the host machine, which happens to be itself. This MS Windows based idiosyncracy enables the newly created virutal SMTP server to function as if it is the host amchine's default SMTP server.
To do this right click on the vitual SMTP server icon, displayed in the previous illustration above, and click over to the Access tab, as shown below. Then click on the Relay button as is also shown.
Make sure that the "Only the list below" radio button is checked (checked by default) and then click the Add button.
Now supply the IP address of the host machine you are installing this virtual SMTP server on. If the web site from which your timeLines installation is serving has multiple host header IP address bindings
make sure that you add these IP addresses into the list on allowed relay IP addresses. Click the OK button and click the Add button agian, supplying an additional IP address. When you have finished adding IP addresses click Apply and OK buttons as you close out of cascading IIS displays to save your virtual SMPT server edits.
Technical Note: Open SMTP relays are referred to as the internet equivalent to bad body odor. They are frowned upon by responisble administrators. The relay assignment shown above is restricted and not, therefore, an open relay. If employing paranoid computer security settings then you should be aware that if a hacker can masquerade using one of the IP addresses bound to your virtual SMTP server, then that hacker may also be able to relay from your virtual SMTP server. For practical purposes this is not something to worry about.
You may want to double check that your SMTP service has dovetailed appropriately into the new drive path by right clicking on the new SMTP server entry, highlighted above, and clicking on the Messages tab. Spot check the Badmail subdirectory setting and make sure that it corresponds to your original mailroot home directory specification.
You may now close the IIS manager interface.
Now you must give the Internet User (IUSR) nominal privileges on the actual physical area where the SMTP maillroot is. Using the file explorer navigate to the folder, mailroot, and right click on it to invoke a Properties display interface.
In the Security tab of the Properties display click the Add button.
In the resulting Select Users and Groups display scroll to the IUSR user and highlight it and click the Add button. (The IUSR user usually has the machine's hostname appended to it, as is illustrated with IUSR_HOSTS5.)
After hitting the OK button from the previous illustration, you will return to the mailroot Properties interface. You will now see that the IUSR has been added to the mailroot access list. The read & Execute and the List Folder Contents privileges are on by default. Uncheck them, the IUSR does not need them and it is prudent to keep access to a minimum.
Now click the Write privilege checkbox so email failures will be deposited to the Badmail subdirectory.
Then click the Advanced button of the same panel to bring up Access Control Settings for mailroot panel and highlight the IUSR.
Then click View/Edit button to bring up the Permission Entry for mailroot panel.
Check the Delete Subfolders and Files and the Delete checkboxes and make sure to click all Apply and OK buttons as you exit each level of the interface, ensuring that your changes will be saved.
This completes your installation of your SMTP server.
*
|
Testing Note: skyBuilders timeLines ships with a server based email test servlet page called "sendemailtest.html". The file resides in the timeLines directory of your timeLines installation. You may execute the test simply by supplying to your browser the URL: "http://www.yoursite.com/timelines/sendemailtest.html".
If you want the test to send email to yourself or others edit the sendemailtest.html servlet code, changing the email address fields, emphasized below, appropriately:
Call mSendEmail("dtd@skybuilders.com, bobdoyle@skybuilders.com, jesse@skybuilders.com", "dtd@skybuilders.com", "", "", "Mail Test from " & sFQDN, "test")
|
Back to top of page.