Introduction to Mail Server

Mail Server is a service that is used for server to control and keep all mail that were sent and received from Internet and keeps them for client in server and sends all mail to the users (Client) with using program Outlook Express, Microsoft Outlook, Thunderbird, Opera mail and etc.

In Window Server 2003, it has 2 build-in protocols for use as mail server are:

POP3 (Post Office Protocol Version 3) is a service use with Protocol Type POP3 for receives mails that store in Server to read and it has 110 Ports.

SMTP (Simple Mail Transfer Protocol) is a service use with SMTP for sent mails to Server or Internet or Intranet and it has 25 ports.

STEPs to install a Mail Server:

  1. Window Server 2003
  2. Install Active Directory to make your Stand Alone Server become a Domain Controller
  3. Window XP, or Vista, or 7, or other… to use as Mail Clients
  4. Outlook Express, or Microsoft Outlook, or other mail software to use as Mail Client

1. Window Server 2003

There are two ways to install window server 2003, Attended installation and unattended installation.

Minimum Hardware requirement

  • Computer/Processor: 133 MHz or faster Pentium Computer processor, support up 4 CPUs on one Machine
  • Memory: 128 MB of RAM (256 MB, 4 GB Maximum).
  • Hard disk: 2 GB hard disk with 1 GB available hard disk space.

Disk Partition

  • NTSF

File of System: NTFS is File System that used because

  • Used with Big Partition
  • It provide Compression
  • It provide Security
  • It provide Quota
  • Used for Installation Active Directory Service that have Domain and Domain Base Security
  1. Active Directory

After Installation Windows Server 2003, it is Windows Server 2003 Stand alone, so it cannot be used in management on Network System. For management on network system we must promote it to become Domain Controller (DC).

Requirement:

  • OS Server (Windows 2000 Server, Server 2003 )
  • Partition (Free space 2 GB )
  • NTFS Partition
  • User Account is Admin
  • Network Card

AD is used for: Manage Object of Windows:

  • Access Resource
  • Computer
  • User Account
  • Printer

Start Installation Active Directory:

  • Log on as a local Administrator.
  • Click Start -> Manage Your Server
  • Click Add or remove a role
  • This will start the Configure Your Server Wizard. Read the text and make sure you have connected all the necessary cables and all the other things it says you should do before continuing.

manage-server

Click on Domain Controller (Active Directory) Then

Click Next and Next…

  • Select Domain Controller for a new domain Then Click Next
  • Select Domain in a new forest Then Click Next
  • Select No, just install and confidure DNS on this computer Then Click Next
  • In the New Domain Name window, type the full DNS domain name for the new window, then Click Next and Next…
  • In Select Default Permission, Click Permission compatible with Windows 2000 or Windows Server 2003, and then click Next > Next > Next
  • If you see you made a mistake and want to undo it, you’d better let the wizard finish and the run it again to undo the AD
  • If all went well you’ll see the Final Confirmation window. Click Finish
  • You must reboot in order for the AD to function properly. Click Restart Now
  • After You lock on your computer, you will see your domain
  • Lock on your domain, and then click Finish
  1. Install and Configuration of Email Server

Install Mail Server (POP3)

You can install the Email Server by using Add or Remove Windows Components or Manage Your Server. Manage Your Server is a bit easier to use too, because it will prompt you for the domain you want to use during setup. That will not Add or Remove Windows Components do, and we have to do everything manually.

In this point we would like to show you how to configure Mail Server with Microsoft Window Server 2003. We will show you step by step.

  • Click Start => Manage Your Server, then you will see
  • Click Add or remove a role

Then follow the step you do in Domain Controller until you see Server Role

  • Click Mail Server (POP3, SMTP )
  • Then Click Next

Choose Active Directory-Integrated

  • Type Email Domain Name “xyz.com”
  • Then Click Next and Next
  • Wait for a moment it will install automatically
  • After that you will see
  • Click Finish

Configure Mail Server

So, it is no fun with a mail server installed, if we can’t use it. And to use it, we have to configure it. This section will help you configure the mail server.

  • Click Start > Manage Your Server
  • Click Manage this mail server
  • Click on XYZ_SERVER in the left pane
  • Click on  Properties in the right pane

This brings up the Properties for our Mail Server.

Detail:

As you can see, we have a lot of settings. We will use the standard setup in this tutorial, but I will explain every setting we can change in case you want to change something in the future.

Authentication Method

There are three different authentication methods you can use; Local Windows Accounts, Active Directory Integrated and Encrypted Password File. It is an important decision which method to use, because once you have chosen, you must delete all email domains on the server to change method (from now on, you can migrate Encrypted File user accounts to AD, but nothing else can be migrated).

Server Port

I strongly recommend that you use port 110 because this is the standard port for the POP3 protocol. If you change this, make sure you notify all users so they can configure their email clients to use this other port. Also make sure you restart the POP3 service if you change this.

Login Level:  there are four options to choose. If you change this, remember that you must restart the POP3 service

  • None: Nothing is logged.
  • Low: Only critical events are logged.
  • Medium: Both critical and warning events are logged.
  • High: Critical, warning and informational events are logged.

Root Mail Directory

If you don’t want to use the default Mail Directory, you can choose another one. Make sure the path is not more than 260 characters and you can also not store to the root of a partition (i.e. C:). It is strongly recommended that you use a NTFS formatted partition. You can’t use a mapped drive, but the UNC name (\servername\share) can be used. If you later change the store, and there are still emails in one or more boxes, you must manually move the folders in which there are emails to the new location. You must also reset the permissions on the directory by using winpop set mailroot.

SPA

Enable SPA if you want to have a secure communication between your email sever and email clients. This will send both the user name and password encrypted from the client to the server, instead of sending it in clear text. SPA supports only Local Windows Accounts and Active Directory Integrated Authentication. It is recommended to use this. Remember to restart the POP3 service if you change this

Configure the SMTP Server

Actually, that’s it! It is this simple to configure the POP3 part. But it is not yet working as we want, we have to configure the SMTP part to be able to receive and send emails. Yes, I said receive emails. A common mistake is to think that the POP3 server receives the emails. But that is not true, all the POP3 is doing is ‘pop’ the emails out to the clients. It’s the SMTP server that is communicating with other SMTP servers and receives and sends emails.

  • Open Computer Management
  • Expand Services and Applications, expand Internet Information Service
  • Right click Default SMTP Virtual Server and click Properties
  • Click the Access tab
  • Click the Authentication button and make sure Anonymous Access and Integrated Windows Authentication is enabled.
  • Click the Relay button and make sure Allow all computers which successfully… is enabled and Only the list below is selected.

First of all, Authentication and Relay is not the same thing. We use the Authentication button to specify which authentications methods are allowed for users and other SMTP servers. So enabling Anonymous here is not a security issue, in fact, it’s required if we want our server to be able to receive emails from other servers on Internet (I doubt you want to tell all administrators of email servers on Internet how they should logon to yours). We also need Windows Authentication so the email clients can authenticate to the server and be able to relay (send email).

As Relay Restrictions we selected only the list below because we do not want to be used by spammers to send emails. But we never specified any computers. That is valid, because we wants our clients to always use the username and password to authenticate, no matter where they are.

Define and Manage SMTP Service

SMTP is stand for Simple Mail Transfer Protocol. An SMTP server is a computer that receives outgoing mail messages from users and routes them to their intended recipients. We have already configured configure the POP3 part. But it is not yet working as we want, one important thing that we have to do is configure the SMTP part in order to be able to receive and send emails. A common mistake is to think that the POP3 server receives the emails. But that is not true; all the POP3 is doing is ‘pop’ the emails out to the clients. It’s the SMTP server that is communicating with other SMTP servers and receives and sends emails. I will show you how to configure SMTP Server step by step as follow:

Open computer management by right click on My Computer on the desktop of window server 2003 then click Manage

After that it will show the Computer Management box and you have to expand service and application. Then you have to expand internet information service (IIS) like the image below.

Then Right clicks Default SMTP Virtual Server and click Properties

After that it will show the box like below. Then please click on the Access tab

After that you have to click on the Authentication tab and make sure Anonymous Access and Integrated Windows Authentication is enabled. We use the Authentication button to specify which authentications methods are allowed for users and other SMTP servers.

Click the Relay button and make sure Allow all computers which successfully… is enabled and only the list below is selected. As Relay Restrictions we selected only the list below because we do not want to be used by spammers to send emails. We click it because we want our clients to always use the username and password to authenticate. In this step you can add new domain or you can delete the exist domain in your server.

This is the final step for configure the SMTP sever. You just click ok the ok that all. Now you have succeed in configure SMTP server.  After that you can working with mail server when you finish configure email clients. You have finished you configuration on SMTP server, but one thing that you should do is testing your SMTP server to ensure that it work properly. The following are how to test your SMTP server. Follow these steps to make sure that the host computer and the remote SMTP server can communicate.

Modify Password Policy

After you install Mail Server (POP3), you can create user account in our Mail Server, but each user has to assign strong password to be fully security. The default policy of password are:

Complexity requirements are require user to assign password with combination of lower case letter (a, b, c,…..), upper case letter (A,B,C…), number (0,1,2,3…..), and symbol(*,&,^,%,…).

If we want to assign easy password for user, you need to modify password policy.

password-policy

Here are the steps:

  • Click Start > Run
  • Type mmc in the open command and then click OK
  • Click on File > Add/Remove Snap-in
  • In the Add/Remove Snap-in panel, Click Standalone, Then Click Add
  • When the Add Standalone Snap-in appears, find and click on the Group Policy Object Editor and press Add button again
  • Click Browse
  • Click on Default Domain Policy
  • Click OK
  • Click on Default Domain Policy…
  • Then Click OK

Go to Password Policy By:

  • Default Domain Policy\Computer Configuration\Windows Settings\ Security Settings\ Account Policies\ Password Policy
  • Double Click on Password Length to change the minimum length of password:
  • Change value as bellow, then
  • Click OK
  • Double Click on Password must complexity requirements Properties
  • Change value as bellow, then
  • Click OK
  • Click Save > Save

Now you can assign easy password to every user.

Create a mailbox in server

The Setup Wizard created a domain to us, so we do not need to create this manually. If you did not use Manage Your Server to install, add the domain manually be clicking the server name in the left pane and then click New domain in the right pane. Remember to set the properties before you add the domain.

  • Click on your domain (xyz-group.com) in the left pane.
  • Click Add Mailbox in the right pane.

This will open up the Add Mailbox window.

  • Write xyz in Mailbox Name
  • Write 123456 as password (of course this is not a password you should use in a production environment, it’s too short)
  • Click OK

A message will pop-up and tell you how to configure the email clients. Read this, and notice the difference when using SPA or not.

What we just did was not only creating a mailbox named xyz, but we also created a user xyz. We will also create a mailbox for an existing user – abc. To do that we simply perform the same steps, but we uncheck Create associated user for this mailbox. Remember that the mailbox name must be less than 21 characters (64 for Encrypted Password File and Active Directory). Periods are allowed to use, but not as the first or last character.

So, we have now two users. Are they equally? No, xyz is a member of the POP3 Users group, which is denied to logon locally. Ariel is not member of this group, and can still logon locally and access her mailbox.

After the command Prompt page appear, type the word Telnet Server name port number or you can type you can type the IP Address of the SMTP that you want to connect to instead of Server name like below.

If the command works, you receive a response from the SMTP server that is similar to the following:

There are different versions of Microsoft SMTP or third party SMTP servers, and you may receive different responses from the receiving server. What is important is that you receive the 220 response with the FQDN of the server and the version of SMTP. Additionally, all versions of Microsoft SMTP include the term “Microsoft” in the 220 response.

  1. Create and Manage Mail Account on Client

First Step: Open Outlook Express

In this case, you can put the name which you want to appear in the

  • From field of the outgoing message
  • Click NEXT it will go to next step
  • Click CANCEL if you want to close the Installation

Second Step

In this step you have to put name of your Email Address for example<abc@xyz-group.com>

  • Click BACK to go to the previous step or step 1
  • Click CANCEL if you want to close the Installation
  • Click NEXT  to continue installation or  go to the next step

Third  Step

In this case, you have to choose the incoming server (POP3) and you have to write you IP address that the  Incoming mail and Outgoing mail have the same IP address for example <192.168.100.1>

  • Click BACK to go to the previous step.
  • Clicks CANCEL if you want to close the Installation.
  • Click NEXT to continue installation or go to the next step.

Fourth Step

You have to put the name of account.

Then you have to put the password for you to log on your email. You are require to tick the box (Log on using Secure Password Authentication (SPA))

  • Click BACK to go to the previous step or step 1
  • Click CANCEL if you want to close the Installation
  • Click NEXT  to continue installation or  go to the next step

Fifth Step

You have successfully entered all of the information required to set up your account.

  • Click FINISH  to save these setting
  • Click BACK to go to the previous step or step 1
  • Click CANCEL if you want to close the Installation

Test mail on client

We will use Outlook Express as email client.

  • Start Outlook Express (any computer that is connected to the email server)
  • Click Tools and then Accounts
  • Click the Add button and select Mail

Now we go to the account ABC then we make the message <Welcome  to New Email> with the subject <Hello> send to the address <abc@xyz-Group.com>

  • Start Outlook Express (any computer that is connected to the email server)
  • Click Tools and then Accounts
  • Click the Add button and select XYZ
  • When you access the XYZ account you will see 1 mail message in Box<welcome to New Mail>.
  • Mail message send from account ABC
  • When you open mailbox you will see mail sent from ABC: