Learning Windows Server 2003

8.8. The POP3 Server

Until the release of IIS 6, Windows Server products never included the software needed to retrieve mail that has been sent to a machine. Microsoft wisely decided in Windows Server 2003 to include a simple POP3 server that can make any machine running Windows Server 2003 into a server capable of sending and receiving Internet mail. The POP3 protocol enables users to log in and receive mail sent to them through the SMTP server. In this section, I'll look at installing, configuring, and administering the POP3 component of IIS.

8.8.1. Installing the POP3 Server

First, you'll need to install the POP3 server. Go to the Control Panel, and open the Add/Remove Programs applet; then click Windows Components. You'll find the POP3 checkbox by double-clicking E-Mail Services.

Once the POP3 service has been installed you can load the administrative console for the POP3 service through the MMC program. The specific console is named p3server.msc. By default, the POP3 management tools are not included within IIS Manager.

8.8.2. POP3 Properties

Before actually configuring a domain for use, you'll need to set some global properties within the POP3 Service management console that will be used for all domains receiving mail via the service. To access these properties, right-click the server name within the left pane of the management console and select Properties. You'll see something much like Figure 8-37.

Figure 8-37. POP3 server properties

First, you should select the authentication method this server will use. Available methods are outlined in the following list:

Active Directory Integrated

If this authentication method is selected, the POP3 service will authenticate connecting users against Active Directory accounts on a domain controller. Any POP3 mailboxes created will correspond to Active Directory accounts. As an added bonus, Active Directory authentication supports multiple domains per POP3 server, and a user can retrieve mail from all of them using a single username and passwordthat of their Active Directory account.

Local Windows Accounts

This authentication method is designed for servers that aren't members of Active Directory domains. In this case, mailboxes must correspond to local user accounts, and authentication takes place against the SAM database local to the POP3 server. This option supports multiple domains, but usernames must be unique, even across domains, so it's impossible to make single sign-on available as you can with Active Directory integrated authentication.

Encrypted Password File

Use the Encrypted Password File method of authentication when you have lots of usersmore than 1000 is a good delimiterand you don't want to create and manage user accounts that actually reside in Active Directory or the POP3 server 's SAM database. When you create an account (you also can refer to this as a mailbox) on a server using this method, you specify a password which is then stored encrypted within the user's mail directory. Although you can use multiple domain names with this authentication method, usernames have to be unique within a particular domain.

On this properties page, you also can specify the port number on which the service will run (the default is 110), the level of logging that the service will write to the event log, and the root directory on a server in which mailbox directories for each user should be stored. As well, you can choose to require Secure Password Authentication (SPA), a secure way to transmit passwords across a WAN, for each user connecting to the POP3 server, and you can instruct the POP3 service to create a new user account when mailboxes are created. The POP3 service will generate accounts in either the local SAM database or in Active Directory, depending on the method of authentication selected. This option is obviously grayed out on servers using Encrypted Password File authentication.

8.8.3. Creating Domains and Mailboxes

To add an email domain so that a POP3 server can receive and deliver messages to individual users, right-click the server within the service management console and select Domain from the New menu. The dialog box that appears asks you only for the domain name you want to add; enter it, and then click OK. Individual POP3 domains have no properties because the service handles properties only on a global basis for all domains managed by the service.

Adding a domain to the POP3 service does not link the domain with Active Directory in any way. The POP3 service (and the SMTP service, for that matter) doesn't care what domain is used to deliver mail. The only time Active Directory is involved in a transaction is when a user authenticatesat that time it's expected that the credentials passed to the server will include an appropriate domain name for an Active Directory domain. Other than that, domain names are independent within the two services.

Now, add a mailbox to the domain by right-clicking the server name again and choosing Mailbox from the New menu. You'll be prompted for the mailbox namehere, supply either a new name or the login name of an existing user in the SAM or in Active Directory. If the user doesn't exist yet, also make sure the Create associated user for this mailbox checkbox is checked, and specify an initial password. That's all there is to it. Incoming user mail is stored in the C:\Inetpub\Mailroot\Mailbox\USERNAME folder.

Because this is a very simple POP3 server, you don't have any additional properties to configure. You can add and delete mailboxes and adjust the global properties of the POP3 server as described earlier in this section, but that's it. If you want a more full-featured mail solution, consider Microsoft Exchange or another POP3 or IMAP software package that runs on Windows.

You can use a poor-man's disk quota system to limit the space available to each user by ensuring your mailbox directories reside on a partition or disk formatted with NTFS, and then enabling disk quotas on that volume. This will work only if you use Active Directory Integrated or Local Windows Accounts authentication because they're the only methods that actually create users on the systemyou can assign quotas only to actual users. For more information on disk quotas, see Chapter 3.

Категории