This paper presents advanced Mail server (mail server) configuration options in the Windows Server 2003 family. These options include configuring multiple mail servers to use a single mail server or a single mail server. remote mail archiving, e-mail alias configuration, and greeting message changes. Introduce On a Windows Server 2003 mail server, you can configure some of the advanced options. These options include configuring multiple mail servers to use a single mail server or remote mail store, aliasing configuration, and custom greeting notifications. message). This article provides specific instructions on how you can configure these advanced options. We recommend that you review the 'E-mail Services Help' before reading this article. To access E-mail Services Help, click Start, click Help and Support, click Internet and E-mail Services, and then click E-mail services. Scenario 1: Configure multiple mail servers to use a single mail store or remote mail store In a standard mail-server configuration, each mail-server has a corresponding local mail store. However, you can configure multiple mail servers to use a single mail store or a remote mail store. The advantage of using multiple mail servers is to add redundancy to your deployment and allow your network to handle more traffic. The advantage of using a remote location is that you can then use a dedicated file storage device as a network-attached storage (NAS) device. Important: In order to proceed with the procedure, you must be using an Active Directory integrated authentication or encrypted password file authentication. The mail server must be in the same Active Directory domain as the computer on which the mail store is configured. To configure multiple mail-servers you can use a single mail store or remote mail store: Follow the Windows Server 2003 Help Guide to set up E-mail services on each computer you want to use as a mail server. These instructions are provided in the "To install e-mail services" help. To view this item, click Start, and then click Help and Support. Click Internet and E-mail Services, click E-mail services, and then click POP3 service. Click How To, Set Up the POP3 Service, and then click Install e-mail services. On each mail server, select 'Active Directory integrated authentication' or 'encrypted password file authentication'. Instructions for this procedure are provided in the "Set the authentication method" help. To view this item, click Start and then click Help and Support. Click Internet and E-mail Services, click E-mail services, and then click POP3 service. Click How To, click Set Up the POP3 Service, and then click Set the authentication method. Make any additional changes to the configuration of individual mail servers, such as setting logging levels or ports, or configuring SPA (secure password authentication). Follow the instructions in the Windows Server 2003 Help to configure a folder or drive as a shared folder for mail archiving. These instructions are provided in the "Share a folder or drive" help. To view this item, click Start and then click Help and Support. Click Disks and Data, click Managing Files and Folders, Shared Folders, How To, Share a folder or drive. Depending on whether you are using 'encrypted password file authentication' or 'Active Directory integrated authentication', do one of the following: 1 AzSoft_watermark_small.png cong-nghe? P = 1 des.txt en_metadesc.txt en_name.txt getpageinfo.sh getpagelink.sh imglink.txt imglist.txt img.AzSoft.com label: Some Text link_original.txt link.txt log.txt meta_desc.txt name.txt news t-142619 testimg2-0.jpg testimg2-1.jpg testimg2.jpg testimg3.jpg testimg.jpg thumb tim-hieu-excel-2016-200.jpg title_vn.txt tmp02.html tmp03.html tmp2.html tmpdesc2.txt tmpdesc3.txt tmpdesc4.txt tmpdesc5.txt tmpdesc6.txt tmpdesc7.txt tmpdesc.txt tmp.html tmpresult.txt tmptrans.txt transresult.txt wm.AzSoft.com www.mailenable.com www .microsoft.com If you are using 'encrypted password file authentication', you must use the same globally unique identifier (GUID) on each mail server. To do so, select a mail server, identify its GUID, and then configure all other mail servers to use the same GUID. The GUID is located at: HKEY_LOCAL_MACHINE SOFTWAREmicrosoftpop3serviceauthauthguid. The GUID is displayed in the Data column. Or, if you double-click the authguid key, the GUID is displayed in the Value data column. To change the GUID: - Click Start, click Run and then type: regedit - Go to HKEY_LOCAL_MACHINESOFTWARE microsoftpop3serviceauth authguid - Double-click the authguid key and then, in Value data, type: GUID - After the registry is modified, you must restart the POP3 service. Click Start, click Run, type cmd, and then click OK. - At the command prompt, type: net stop pop3svc - After the service has stopped, at the command prompt, type: net start pop3svc 1 AzSoft_watermark_small.png cong-nghe? P = 1 des.txt en_metadesc.txt en_name.txt getpageinfo.sh getpagelink.sh imglink.txt imglist.txt img.AzSoft.com label: Some Text link_original.txt link.txt log.txt meta_desc.txt name.txt news t-142619 testimg2-0.jpg testimg2-1.jpg testimg2.jpg testimg3.jpg testimg.jpg thumb tim-hieu-excel-2016-200.jpg title_vn.txt tmp02.html tmp03.html tmp2.html tmpdesc2.txt tmpdesc3.txt tmpdesc4.txt tmpdesc5.txt tmpdesc6.txt tmpdesc7.txt tmpdesc.txt tmp.html tmpresult.txt tmptrans.txt transresult.txt wm.AzSoft.com www.mailenable.com www .microsoft.com If you are using 'Active Directory integrated authentication', you must wait for the replication of 'Active Directory' to appear, so all mail servers can access the new mail store. . The replication time varies, depending on the number of domain controllers in your deployment. For more information about 'Active Directory replication', see the Windows Server 2003 "Replication overview" Help. To view this item, click Start and then click Help and Support. Click Active Directory, click Concepts, click Understanding Active Directory, click Understanding Sites and Replication, and then click Replication overview. Follow the instructions in Windows Server 2003 to configure each mail server to have a mail store and use the new storage location that you created. If you created a remote shared folder like mail root, the path would look something like: pathshare. To view the help items for this procedure, click Start, and then click Help and Support, Internet and E-mail Services, E-mail services, and POP3 services. After setting up the mail store, you must restart the POP3 service. Click Start, Run, type cmd, and then click OK. At the command prompt, type: net stop pop3svc After the service stops, at the command prompt, type: net start pop3svc To set the security and permissions for the mail store: On the computer where the mail store is located, run Windows Explorer. [item] Right-click on the folder or shared drive that you want to use as the mail store, and then click Sharing and Security. Check that the Share this folder check box is selected. On the Sharing tab, click Permissions, click Everyone, and then click Remove. [item] Click Add, click Object Types, select Computers, and then click OK. In Select Users, Computers, or Groups type: Domain Admins; Network Service; System; and the names of all mail-servers in your deployment, each separated by a semicolon (;), and then click OK. [item] Click on Domain Admins and then press Full Control. Repeat the previous step for the Network Service, System and each mail-server account, and then click OK. On the Security tab, repeat steps 4-7. [item] On the Security tab, click Advanced. Check the Allow inheritable permissions option from the parent to propagate to this object and all child objects. Include these with entries explicitly defined here selected. Select the Replace permission entries on all children objects, OK, Yes when prompted, and then click OK. [item] Create e-mail domains and mailboxes. To view the help topics of these procedures, click Start, and then click Help and Support, Internet and E-mail Services, E-mail Services, and POP3 services. To do this, do one of the following: 1 AzSoft_watermark_small.png cong-nghe? P = 1 des.txt en_metadesc.txt en_name.txt getpageinfo.sh getpagelink.sh imglink.txt imglist.txt img.AzSoft.com label: Some Text link_original.txt link.txt log.txt meta_desc.txt name.txt news t-142619 testimg2-0.jpg testimg2-1.jpg testimg2.jpg testimg3.jpg testimg.jpg thumb tim-hieu-excel-2016-200.jpg title_vn.txt tmp02.html tmp03.html tmp2.html tmpdesc2.txt tmpdesc3.txt tmpdesc4.txt tmpdesc5.txt tmpdesc6.txt tmpdesc7.txt tmpdesc.txt tmp.html tmpresult.txt tmptrans.txt transresult.txt wm.AzSoft.com www.mailenable.com www To see the help articles for creating e-mail domains, click Manage Domains and then click Create a domain. 1 AzSoft_watermark_small.png cong-nghe? P = 1 des.txt en_metadesc.txt en_name.txt getpageinfo.sh getpagelink.sh imglink.txt imglist.txt img.AzSoft.com label: Some Text link_original.txt link.txt log.txt meta_desc.txt name.txt news t-142619 testimg2-0.jpg testimg2-1.jpg testimg2.jpg testimg3.jpg testimg.jpg thumb tim-hieu-excel-2016-200.jpg title_vn.txt tmp02.html tmp03.html tmp2.html tmpdesc2.txt tmpdesc3.txt tmpdesc4.txt tmpdesc5.txt tmpdesc6.txt tmpdesc7.txt tmpdesc.txt tmp.html tmpresult.txt tmptrans.txt transresult.txt wm.AzSoft.com www.mailenable.com www To view the help articles for creating mailboxes, click Manage Mailboxes, and then click Create a mailbox. Attention : Incorrectly editing the registry can damage your system. Before changing the registry, you should back up any valuable data on your computer. Important: If you change any of the POP3 service server properties such as port or logging level, from any mail servers in your deployment, the DACL (discretionary access The control list in the save location will be set to the default values. You must reset the DACLs in the mail store as described earlier, in the procedure "To set mail store security and permissions." Note: - If you have more than one mail server in your deployment, you must perform the appropriate procedure to create an e-mail domain on each mail server that requires access to the e- This mail. If you are deleting an e-mail domain, you must repeat the appropriate procedure on each computer in your deployment. For more information on creating and removing domains, see the corresponding help entries in "Manage Domains". For help, click Start, and then click Help and Support, Internet and E-mail Services, E-mail services, How to, Manage Domains. - You must wait for Active Directory replication to appear before the POP3 service user accounts are available in Active Directory. Although you can create mailboxes from any server, replication must occur between domain controllers before mailbox size portions can be active or POP3 user accounts can log on) to the Active Directory domain. - When you allow quota (part of the drive). Quotas are valid only on computers that are configured with mail archives. If you have a quota-limit set on other mail servers in the Active Directory domain, you must create them in the mail store. - If you are using 'encrypted password file authentication', the quota will be effective against computer accounts that write to the mail store. The process continues until you configure a quota for each mailbox account. For more information about creating quotas for e-mail accounts, see the "Configuring disk quotas for the POP3 service" topic in Windows Server 2003. To view this item, click Start and then click Help and Support. Click Internet and E-mail Services, E-mail services, POP3 service, Concepts, Using the POP3 service, Configuring disk quotas for the POP3 service. - You can not modify a quota until the relevant account has been credited for the first time to the mail store - When you create a new e-mail domain, the first mail-server on which you perform this procedure adds a new e-mail domain to the local SMTP (Simple Mail Transfer Protocol) server and creates the directory. Keeps e-mail messages private. You must repeat this process for other mail servers in your deployment to access the new e-mail domain. However, only the SMTP domain will be added to the server on which you are performing this procedure. The cause is that the folder keeps mail for the existing e-mail domain. - When you delete an e-mail domain, the first mail server on which you are performing this operation removes its local SMTP domain and the e-mail domain's mail folder. You must remove the SMTP domain entry from all of the other mail servers in your deployment. To do that, repeat this process by performing the delete operation at the command prompt of each mail server in your deployment. To do this at the command prompt type: winpop delete domain - Some options must be configured on each mail server in your deployment. These options include setting up mail storage, setting logging levels, setting up SPA (Secure Password Authentication), and setting up authentication methods. Other operations such as creating and deleting mailboxes can be performed on any mail-server in your deployment as these actions affect the entire domain. - For more information about setting permissions on a shared resource, see the Windows Server 2003 help topic "Set permissions on a shared resource." To view this entry, click Start and then Click Help and Support, Disks and Data, Managing Files and Folders, Shared Folders, How To, Set permissions on a shared resource. For more information about setting permissions on a folder see the Windows Server 2003 help topic "To set, view, change, or remove permissions on files and folders." To view this entry, click Start. and then click Help and Support, Security, Access Control, How To, Set, View, Change, or Remove Permissions on an Object, Set, View, change, or remove permissions on files and folders. Scenario 2: Configure E-Mail Aliasing You can use 'aliasing' to configure an e-mail address and thus all e-mails sent to it are routed to another e-mail address. For example, all e-mail sent to postmaster@example.com will be routed to the email address someone@example.com. With 'aliasing', you can preserve different e-mail addresses for both public and private use, obscure network user accounts, and e-mail routing across multiple e- mail and create simple and appropriate e-mail addresses to interact with customers. That reduces the apparentity of internal (e-mail) addresses. Reducing this openness could be a security benefit. 'Aliasing' works by creating a hard link between the mailbox folder of the alias e-mail account and one or more other e-mail account mailbox folders. A "hard" link creates a new and different name for the existing file and directory path. It does not create a backup of the file or folder or change the contents of the file or folder. To create an alias, you create a "hard" link between the alias and e-mail account that you want to route e-mails to and also known as Target email account (target e-mail account). Creating a "hard link" changes the mail directory of the alias email account to the path of the mail store directory of the destination e-mail account. As a result, any e-mail sent to the alias e-mail account is routed to the destination e-mail account. To perform "aliasing", you must use the linkd.exe tool available in the Windows 2000 Resource Kit and the Windows Server 2003 Resource Kit. After you download this tool, you must create a new folder in the mail store where the alias account loads. You use the linkd.exe tool to create a "hard" link between the mail store directory of the alias account and the target account. There is no user account associated with the alias e-mail account. If you are using Active Directory integrated authentication or authenticating local Windows accounts, you can not e-mail them using aliases. If you are using encrypted password file encryption, however, you can retrieve the e-mail using the alias email account name or the target account name. The reason is that the password is shared between the two mailboxes. To create an alias email, follow these steps: Click Start, click Run, and then type: cmd At the command prompt, type: mkdir mailrootdomainp3_aliasAccount.mbx + Go to the directory containing the linkd.exe file. At the command prompt, type: linkd mailrootdomainp3_aliasAccount.mbxmailrootdomainp3_target Account.mbx Important : The directory name that you create for the alias account does not conflict with existing directory names. It must follow some rules for naming mailboxes as shown in the table below. Authentication method The characters are forbidden Active Directory integrated authentication @ () / []:; , " 1 AzSoft_watermark_small.png cong-nghe? P = 1 des.txt en_metadesc.txt en_name.txt getpageinfo.sh getpagelink.sh imglink.txt imglist.txt img.AzSoft.com label: Some Text link_original.txt link.txt log.txt meta_desc.txt name.txt news t-142619 testimg2-0.jpg testimg2-1.jpg testimg2.jpg testimg3.jpg testimg.jpg thumb tim-hieu-excel-2016-200.jpg title_vn.txt tmp02.html tmp03.html tmp2.html tmpdesc2.txt tmpdesc3.txt tmpdesc4.txt tmpdesc5.txt tmpdesc6.txt tmpdesc7.txt tmpdesc.txt tmp.html tmpresult.txt tmptrans.txt transresult.txt wm.AzSoft.com www.mailenable.com www .microsoft.com = | 1 + Local Windows accounts authentication @ () / []:; , " 1 AzSoft_watermark_small.png cong-nghe? P = 1 des.txt en_metadesc.txt en_name.txt getpageinfo.sh getpagelink.sh imglink.txt imglist.txt img.AzSoft.com label: Some Text link_original.txt link.txt log.txt meta_desc.txt name.txt news t-142619 testimg2-0.jpg testimg2-1.jpg testimg2.jpg testimg3.jpg testimg.jpg thumb tim-hieu-excel-2016-200.jpg title_vn.txt tmp02.html tmp03.html tmp2.html tmpdesc2.txt tmpdesc3.txt tmpdesc4.txt tmpdesc5.txt tmpdesc6.txt tmpdesc7.txt tmpdesc.txt tmp.html tmpresult.txt tmptrans.txt transresult.txt wm.AzSoft.com www.mailenable.com www .microsoft.com = | 1 + Encrypted password file authentication @ () / []:; , " 1 AzSoft_watermark_small.png cong-nghe? P = 1 des.txt en_metadesc.txt en_name.txt getpageinfo.sh getpagelink.sh imglink.txt imglist.txt img.AzSoft.com label: Some Text link_original.txt link.txt log.txt meta_desc.txt name.txt news t-142619 testimg2-0.jpg testimg2-1.jpg testimg2.jpg testimg3.jpg testimg.jpg thumb tim-hieu-excel-2016-200.jpg title_vn.txt tmp02.html tmp03.html tmp2.html tmpdesc2.txt tmpdesc3.txt tmpdesc4.txt tmpdesc5.txt tmpdesc6.txt tmpdesc7.txt tmpdesc.txt tmp.html tmpresult.txt tmptrans.txt transresult.txt wm.AzSoft.com www.mailenable.com www .microsoft.com = | first Attention : E-mail that is sent to both the alias account name and the target account name generates multiple copies of the same e-mail in the destination account mailbox. The implementation of administrative actions (such as locking or deleting a mailbox) on the alias mailbox or domain where the alias exists also affects the destination mailbox. For example, if you lock the alias mailbox, the destination mailbox will also be locked. - If you want to delete a domain that contains a mailbox that an alias points to, or a mailbox that an alias points to, you must first remove the alias mailbox. Scenario 3: Change Greeting Message While the POP3 service accepts a connection to it, it responds by sending the following message: "Microsoft Windows POP3 Service Version 1.0". This message identifies the server configuration and provides information that could be exploited by hackers. You can customize this message to cover the transmission of any information about the server configuration. The greeting message has a limit of 259 characters. However, concealing information transmission is not an effective way. It must be enhanced with some additional security realities such as those described in the POP3 Service Helpdesk "Best Practices." To view this help, click Start and then click Help and Support. Click Internet and E-mail Services, E-mail services, POP3 service, Best practices. To customize the POP3 greeting message, you must create a REG_SZ string key in the Windows Server 2003 registry. You can then assign a custom string value to the key that will be used as a greeting message. To change the greeting message: Click Start, click Run and then type: regedit [item] Go to HKEY_LOCAL_MACHINESOFTWAREMicrosoftPop3 Service [item] Click the Edit menu, click New, and then click String Value. [item] To name the new string value, in the "name" column, type Greeting. In the details pane, right-click Greeting and then click Modify. [item] In Value Data, type in the new greeting message, and then click OK. [item] You must stop and then restart the POP3 service for the greeting message to take effect. Warning : Improper editing in the registry can corrupt your system. Before you change the registry, you should back up any valuable data on your computer. Attention : The default message will be used if the custom greeting message is greater than 259 characters or if it contains any invalid characters. Invalid characters include all non-printable ASCII characters and curly braces ( < và=""> ). Good luck !
