Managing SMTP Virtual Servers

  • Article
Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

Updated : September 4, 2001

from Chapter 13, Microsoft Exchange 2000 Administrator's Pocket Consultant by William R. Stanek.

SMTP virtual servers have two roles in the Exchange organization. They handle mail transport and they handle mail submission. This means that servers use SMTP to deliver messages and clients use SMTP to submit messages. The tasks you use to manage SMTP virtual servers are examined in this section.

On This Page

Creating SMTP Virtual Servers

Creating SMTP Virtual Servers

When you install the first Exchange 2000 Server in an organization, a default SMTP virtual server is created. The default SMTP virtual server is used for mail transport and for mail submission.

In most cases you won't need to create an additional SMTP virtual server. However, if you're hosting multiple domains and you want to have more than one default domain, you may want to create additional SMTP virtual servers to service these domains. Another reason to create additional SMTP virtual servers is for fault tolerance. When you have several SMTP virtual servers, one of the servers can go offline without stopping message delivery in the Exchange organization.

You can create additional SMTP virtual servers by completing the following steps:

  1. If you want the SMTP virtual server to use a new IP address, you must configure the IP address before installing the SMTP virtual server. For details, see "Assigning a Static IP Address" in Chapter 15 of Microsoft Windows 2000 Administrator's Pocket Consultant.

  2. Start System Manager. If administrative groups are enabled, expand the administrative group in which the server you want to use is located.

  3. In the console tree, navigate to the Protocols container. Expand Servers, expand the server you want to work with, and then expand Protocols.

  4. In the console tree, right-click SMTP, point to New, and then select SMTP Virtual Server. As shown in Figure 13-5, this starts the New SMTP Virtual Server Wizard.

  5. Type a descriptive name for the virtual server, and then click Next.

  6. Use the IP address selection list to select an available IP address. Choose (All Unassigned) to allow SMTP to respond on all IP addresses that are configured on the server and have not been assigned. The TCP port is mapped automatically as port 25.

    Cc722529.exch1305(en-us,TechNet.10).gif

    Figure 13-5: . Use the New SMTP Virtual Server Wizard to create the additional virtual server.

    Note: The IP address/TCP port combination must be unique on every virtual server. Multiple virtual servers can use the same port as long as the servers are configured to use different IP addresses.

  7. Click Finish to create the virtual server. If the default startup setting for the SMTP service is set to Automatic, the new SMTP virtual server will start automatically as well. If the server doesn't start automatically, you may have selected an IP address/TCP port combination that's already in use.

  8. Configure the server using the tasks outlined in this section and the section entitled "Mastering Core SMTP, IMAP4, and POP3 Administration."

Managing Messaging Delivery for SMTP and the Exchange Server Organization

SMTP delivery options determine how mail is delivered once a connection has been established and the receiving computer has acknowledged that it's ready to receive the data transfer. This section shows you how to use the configuration options that determine how message delivery and transfer occurs.

You can set the following options to control message delivery:

  • Outbound retry intervals

  • Outbound and local delay notification

  • Outbound and local expiration time-out values

  • Message hop count

  • Domain name options

  • Reverse DNS lookups

  • External DNS server lists

Setting Outbound Retry Intervals, Delay Notification, and Expiration Time-Out

Once a connection has been established and the receiving computer has acknowledged that it's ready to receive the data transfer, Exchange Server attempts to deliver messages queued for delivery to the computer. If a message can't be delivered on the first attempt, Exchange Server tries to send the message again after a specified time. Exchange Server keeps trying to send the message at the intervals you've specified until the expiration time-out is reached. When the time limit is reached, the message is returned to the sender with a nondelivery report. The default expiration time-out is two days.

After each failed attempt to deliver a message, Exchange Server generates a delay notification and queues it for delivery to the user who sent the message. Notification doesn't occur immediately after failure. Instead, Exchange Server sends the delay notification message only after the notification delay interval and then only if the message hasn't already been delivered. The default delay notification is 12 hours.

The way in which Exchange Server handles delay notification and expiration time-out values depends on whether the message originated within or outside the organization. Exchange Server handles messages that originate within the organization using the Local delay notification and expiration time-out values. Exchange Server handles messages that originate outside the organization using the Outbound delay notification and expiration time-out values.

Tip A copy of the failed message and the nondelivery report can be sent to your organization's postmaster or other administrator's inbox. To do this, follow the procedure outlined in the section of this chapter entitled "Managing Message Delivery for SMTP and the Exchange Server Organization."

You can view or change the retry interval, delay notification, and expiration time-out by completing the following steps:

  1. Start System Manager. If administrative groups are enabled, expand the administrative group in which the server you want to use is located.

  2. In the console tree, navigate to the Protocols container. Expand Servers, expand the server you want to work with, and then expand Protocols.

  3. In the console tree, expand SMTP. Right-click the virtual server that you want to work with, and then select Properties. The default SMTP virtual server controls message delivery for the default domain.

  4. Click the Delivery tab, as shown in Figure 13-6, and then use the following options to set the retry values:

    • First Retry Interval (Minutes) Sets the amount of time to wait after the first delivery attempt. The default is 15 minutes.

    • Second Retry Interval (Minutes) Sets the amount of time to wait after the second delivery attempt. The default is 30 minutes after the first retry interval.

    • Third Retry Interval (Minutes) Sets the amount of time to wait after the third delivery attempt. The default is 60 minutes after the second retry interval.

    • Subsequent Retry Interval (Minutes) Sets the amount of time to wait after the fourth and subsequent delivery attempts. The default is 240 minutes.

    Cc722529.exch1306(en-us,TechNet.10).gif

    Figure 13-6: . Use the options in the Delivery tab to control message delivery in the organization.

  5. Set the Outbound delay notification and expiration time-out values using the Delay Notification and Expiration Timeout fields on the Outbound panel. You can set these values in minutes, hours, or days.

  6. Set the Local delay notification and expiration time-out values using the Delay Notification and Expiration Timeout fields on the Local panel. You can set these values in minutes, hours, or days.

  7. Click OK.

Setting the Message Hop Count

Messages can be routed through many different servers before reaching their final destination. The number of servers a message passes through is called the hop count. As an administrator, you can control the maximum allowable hop count and you'll usually want to do this to prevent a message from being repeatedly misrouted.

The default maximum hop count is 15, which works well for most network configurations. However, if users frequently get nondelivery reports that state that the maximum hop count was reached and the message wasn't delivered, you may want to consider increasing the maximum allowable hop count. The number of Received lines in the message header determines the total hops.

Caution: Don't automatically increase the hop count without first examining the network. Nondelivery reports due to the hop count can also point to network problems. You can run a traceroute command (tracert hostname) to the destination mail server to help determine if a misconfigured or down network is to blame for the delivery problem.

You can view or set the maximum hop count by completing the following steps:

  1. Start System Manager. If administrative groups are enabled, expand the administrative group in which the server you want to use is located.

  2. In the console tree, navigate to the Protocols container. Expand Servers, expand the server you want to work with, and then expand Protocols.

  3. In the console tree, expand SMTP. Right-click the virtual server that you want to work with, and then select Properties. The default SMTP virtual server controls message delivery for the default domain.

  4. In the Delivery tab, click Advanced. This displays the Advanced Delivery dialog box.

  5. If you want to change the hop count, type a new value in the Maximum Hop Count field. Valid values are between 10 and 256.

  6. Click OK twice.

Setting Domain Name Options

Domain names play an important role in determining how mail is delivered in the enterprise, and you have two options for configuring domain name usage. You can set a masquerade domain, or you can set a fully qualified domain name (FQDN) for the SMTP virtual server.

A masquerade domain replaces the local domain name in any Mail From lines in the message header. Mail From information is used to determine the address for sending nondelivery reports and doesn't replace the From lines in the message body that are displayed to mail clients. The name replacement occurs on the first hop only.

The fully qualified domain name (FQDN) of the Exchange server is used in mail delivery. The server must have a FQDN, and this FQDN is associated with an e-mail domain through a DNS mail exchanger record. In Exchange Server you have two options for specifying an FQDN:

  • You can use the name specified in the Network Identification tab of the System utility.

  • You can specify a unique FQDN for the SMTP virtual server you're configuring.

The name in the Network Identification tab is used automatically. If you change the name in this tab, the new name is used the next time the computer is rebooted. No action is required to update the FQDN for the virtual server. However, if you want to override the setting in the network identification tab, you can do so by specifying a unique FQDN for the SMTP virtual server.

You can set the masquerade domain name or override the default FQDN by completing the following steps:

  1. Start System Manager. If administrative groups are enabled, expand the administrative group in which the server you want to use is located.

  2. In the console tree, navigate to the Protocols container. Expand Servers, expand the server you want to work with, and then expand Protocols.

  3. In the console tree, expand SMTP. Right-click the virtual server that you want to work with, and then select Properties. The default SMTP virtual server controls message delivery for the default domain.

  4. In the Delivery tab, click Advanced. This displays the Advanced Delivery dialog box shown in Figure 13-7.

    Cc722529.exch1307(en-us,TechNet.10).gif

    Figure 13-7: . Use the Advanced Delivery tab to configure the domain name options. Domain names play an important role in determining how mail is delivered.

  5. In the Masquerade Domain field, type the domain name where you would like nondelivery reports to be sent. This domain name will replace the default domain name in outgoing message headers.

  6. If you want to override the default FQDN, type a new value in the Fully-qualified Domain Name field. Click Check DNS to ensure that you've entered the correct value and that DNS resolution is configured properly.

  7. Click OK twice.

Configuring Reverse Lookups and External DNS Servers

When you want to put extra controls on how DNS is used with a particular virtual server, you have several options. You can enable reverse DNS lookups, or you can specify an explicit list of external DNS servers to use for name resolution.

With reverse lookups enabled, Exchange Server attempts to verify that the mail client's IP address matches the host and domain submitted by the client in the start session command. If the IP and DNS information match, Exchange Server passes the message through without modifying its contents. If Exchange Server can't verify the IP and DNS information, Exchange Server modifies the message header so that the key word "unverified" is inserted on the Received line of the message header.

As stated previously, reverse lookups can severely affect Exchange Server's performance, and this performance impact increases as the number of concurrent users and connections increases. Because of this, you'll want to be very cautious about enabling reverse lookups.

DNS servers are used to resolve host and domain names for message delivery. Internal DNS servers are used to resolve host and domain names within the organization, and external DNS servers are used to resolve names outside the organization. Normally, the list of DNS servers that you want to use for name resolution is configured in the TCP/IP settings for the Exchange server. If necessary, you can override these settings for external servers. You do this by defining an external DNS server list for an individual virtual server.

Once the external DNS server list is created, the SMTP virtual server uses only the servers on that list. If you want to keep using some or all of the local DNS servers, you must manually add those IP addresses to the list.

To enable reverse DNS lookups or define an external DNS server list, complete the following steps:

  1. Start System Manager. If administrative groups are enabled, expand the administrative group in which the server you want to use is located.

  2. In the console tree, navigate to the Protocols container. Expand Servers, expand the server you want to work with, and then expand Protocols.

  3. In the console tree, expand SMTP. Right-click the virtual server that you want to work with, and then select Properties. The default SMTP virtual server controls message delivery for the default domain.

  4. In the Delivery tab, click Advanced. This displays the Advanced Delivery dialog box shown previously in Figure 13-7.

  5. To enable reverse lookups, select Perform Reverse DNS Lookup On Incoming Messages. To disable reverse lookups, clear this option.

  6. To define an external DNS server list, click Configure. The External DNS list shows the servers that are currently configured (if any). The order of entries in the list is extremely important. The SMTP virtual server starts with the top DNS server and then goes down the list until one of the servers returns the information it needs. You use the options in the Configure dialog box as follows:

    • Add Adds an entry to the external DNS server list. Click Add, type the IP address of a DNS server, and then click OK.

    • Remove Removes a selected entry from the external DNS server list. Select the entry you want to remove, and then click Remove.

    • Move Up Moves the selected entry up in the priority list. Select the entry you want to change, and then click Move Up.

    • Move Down Moves the selected entry down in the priority list. Select the entry you want to change, and then click Move Down.

  7. Click OK three times.

Configuring Outbound Security

By default, SMTP virtual servers deliver messages to other servers without authenticating themselves. This mode of authentication is referred to as anonymous. You can also configure SMTP virtual servers to use basic or integrated Windows authentication. However, you'll rarely use an authentication method other than anonymous with SMTP virtual servers.

In fact, one of the only times you'll use basic or integrated Windows authentication with an SMTP virtual server is when the server must deliver all e-mail to a specific server or e-mail address in another domain. That is, the server delivers mail to only one destination and doesn't deliver mail to other destinations. If you need to configure authentication for e-mail delivered to a particular server and also need to deliver mail to other servers, you should configure an Exchange connector to send mail to that specific server and use anonymous authentication for all other mail.

To view or change the outbound security settings for an SMTP virtual server, complete the following steps:

  1. Start System Manager. If administrative groups are enabled, expand the administrative group in which the server you want to use is located.

  2. In the console tree, navigate to the Protocols container. Expand Servers, expand the server you want to work with, and then expand Protocols.

  3. In the console tree, expand SMTP. Right-click the virtual server that you want to work with, and then select Properties.

  4. In the Delivery tab, click Outbound Security. To use standard delivery for outgoing messages, click Anonymous Access.

  5. To set basic authentication for outgoing messages, click Basic Authentication. Under User Name and Password, type the account name and password that are required to connect to the remote server.

  6. To set integrated Windows authentication for outgoing messages, select Integrated Windows Authentication, and then under Account and Password, type the Windows account name and password that are required to connect to the remote server.

  7. Click OK twice.

Configuring Outgoing Connections

With SMTP virtual servers you have much more control over outgoing connections than you do over incoming connections. You can limit the number of simultaneous connections and the number of connections per domain. These limits set the maximum number of simultaneous outbound connections. By default, no maximum is set, and this can cause performance problems. To improve performance, you should optimize these values based on the size of your Exchange environment and the characteristics of your server hardware.

You can set a connection time-out that determines when idle connections are disconnected. Normally, outbound connections time out after they've been idle for ten minutes. Sometimes you'll want to increase the time-out value, and this primarily relates to times when you're experiencing connectivity problems and messages aren't getting delivered.

You can also map outbound SMTP connections to a TCP port other than port 25. If you're connecting through a firewall or proxy, you may want to map outgoing connections to a different port and then let the firewall or proxy deliver the mail over the standard SMTP port (port 25).

You set outgoing connection controls by completing the following steps:

  1. Start System Manager. If administrative groups are enabled, expand the administrative group in which the server you want to use is located.

  2. In the console tree, navigate to the Protocols container. Expand Servers, expand the server you want to work with, and then expand Protocols.

  3. In the console tree, expand SMTP. Right-click the virtual server that you want to work with and select Properties.

  4. In the Delivery tab, click Outbound Connections. This displays the Outbound Connections dialog box shown in Figure 13-8.

  5. To remove outgoing connection limits, clear Limit Connections To. To set an outgoing connection limit, select Limit Connections To, and then type the limit value. Valid values are from 1 to 1,999,999,999.

    Cc722529.exch1308(en-us,TechNet.10).gif

    Figure 13-8: . Use the Outbound Connections dialog box to set limits on outbound SMTP traffic. Administrators have much more control over outbound SMTP connections than they do over incoming SMTP connections.

  6. The Time-Out field controls the connection time-out. Type the new time-out value in minutes. Valid values are from 30 to 99,999,999. In most cases, you'll want to use a time-out value between 30 and 90 minutes.

  7. To set an outgoing connection limit per domain, select Limit Connections Per Domain To, and then type the limit value. Valid values are from 1 to 1,999,999,999. You can remove the per domain limit by clearing Limit Connections Per Domain To.

  8. To map outgoing connections to a different port, in the TCP Port field, type the outbound port that the firewall or proxy expects.

  9. Click OK twice.

Managing Messaging Limits for SMTP

You can use messaging limits to control Exchange usage and to improve throughput for message delivery. You can set the maximum allowable message size for incoming messages. Clients who attempt to send a message larger than this size get a nondelivery report that states the message exceeds this limit. The default limit is 2048 KB.

Note: You can set message size limits that apply to both incoming and outgoing mail globally on all user mailboxes and individually on specific mailboxes. You set global limits through Message Delivery under Global Settings. You set individual limits in the user's Properties dialog box.

You can set the maximum size of all messages that can be sent in a single connection. You should always set the session limit so that it's several times larger than the message size limit. The default limit is 10240 KB.

You can control the number of messages that can be sent in a single connection. When the number of messages exceeds this value, Exchange Server starts a new connection and transfer continues until all messages are delivered. Optimizing this value for your environment can improve server performance, especially if users typically send large numbers of messages to the same external domains. The default is 20. So if you had 50 messages queued for delivery to the same destination server, Exchange Server would open 3 connections and use these connections to deliver the mail. Because message delivery would take less time, you can considerably enhance Exchange Server's performance.

You can also control the number of recipients for a single message. When the number of recipients exceeds this value, Exchange Server opens a new connection and uses this connection to process the remaining recipients. The default is 64,000, but a more practical limit is 1000. Using the 1000 limit, a message queued for delivery to 2500 recipients would be sent over 3 connections. Again, because message delivery would take less time, you can considerably enhance Exchange Server's performance.

You set outgoing connection controls by completing the following steps:

  1. Start System Manager. If administrative groups are enabled, expand the administrative group in which the server you want to use is located.

  2. In the console tree, navigate to the Protocols container. Expand Servers, expand the server you want to work with, and then expand Protocols.

  3. In the console tree, expand SMTP. Right-click the virtual server that you want to work with and select Properties.

  4. Click the Messages tab as shown in Figure 13-9.

    Cc722529.exch1309(en-us,TechNet.10).gif

    Figure 13-9: . Use the Messages tab to set limits to control Exchange usage and to improve performance.

  5. Use the message size limit to strictly control the maximum message size. To disable this limit, clear Limit Message Size To. Otherwise, select the Limit Message Size To check box and use the related field to set a message size limit.

    Tip Message size limits apply to incoming messages only. In most environments, you'll find that the default message size limit is too restrictive. You'll usually want to increase this limit to 5120 KB.

  6. Use session limits to strictly control the maximum size of all messages that can be sent in a single session. To disable this limit, clear Limit Session Size To. Otherwise, select the Limit Session Size To check box and use the related field to set a message size limit.

  7. Use the messages per connection limit to force Exchange Server to open new connections when multiple messages are queued for delivery to the same destination. To disable this limit, clear Limit Number Of Messages Per Connection To. Otherwise, select the Limit Number Of Messages Per Connection To check box and use the related field to set a limit.

  8. Use recipient limits to force Exchange Server to open new connections when messages are addressed to many recipients. To disable this limit, clear Limit Number Of Recipients Per Message To. Otherwise, select the Limit Number Of Recipients Per Message To check box and use the related field to set a limit.

  9. Click OK.

Handling Nondelivery, Bad Mail, and Unresolved Recipients

When a message is undeliverable or a fatal error occurs during delivery, Exchange Server generates a nondelivery report and attempts to deliver it to the sender. SMTP virtual server options provide several ways that you can configure how Exchange Server handles nondelivery.

For tracking purposes, you can send a copy of all nondelivery reports to a specific e-mail address, such as the organization's postmaster account. The e-mail address specified is also placed in the Reply-To field of the nondelivery report. This allows users to respond to the error message and potentially reach someone who can help resolve the problem.

If a nondelivery report can't be delivered to the sender, a copy of the original message is placed in the "bad" mail directory. Messages placed in the bad mail directory can't be delivered or returned. You can use the bad mail directory to track potential abuse of your messaging system. By default, the bad mail directory is located at root:\Exchsrvr\Mailroot\vsi*#*\BadMail, where root is the install drive for Exchange Server and # is the number of the SMTP virtual server, such as C:\Exchsrvr\Mailroot\vsi 1\BadMail. You can change the location of the bad mail directory at any time, but you should never place the directory on the M: drive, which is reserved for other types of Exchange Server data.

If you have another mail system in your organization that handles the same mail as the SMTP virtual server, you may want to have the SMTP virtual server forward unresolved recipients to this server. In this way, when Exchange Server receives e-mail for a user it can't resolve, Exchange Server forwards the e-mail to the other mail system, where the recipients can be resolved. For example, if your organization has an Exchange server and a Sendmail server, Exchange Server may receive mail intended for users on the Sendmail server. When Exchange Server can't resolve these users, it'll forward the mail to the Sendmail server.

Caution: When forwarding is enabled, Exchange Server won't generate nondelivery reports for unresolved mail. Because of this, you should make sure that another mail system is able to send nondelivery reports if necessary. You should also ensure that mail sent to your organization is first delivered to Exchange Server and then forwarded as necessary.

You can configure these nondelivery options by completing the following steps:

  1. Start System Manager. If administrative groups are enabled, expand the administrative group in which the server you want to use is located.

  2. In the console tree, navigate to the Protocols container. Expand Servers, expand the server you want to work with, and then expand Protocols.

  3. In the console tree, expand SMTP. Right-click the virtual server that you want to work with, and select Properties.

  4. Click the Messages tab, as shown in Figure 13-9.

  5. In Send A Copy Of Non-Delivery Report To, type the e-mail address of the organization's postmaster account or other account that should receive a copy of Non Delivery Reports (NDR).

  6. In Badmail Directory, type the full path to the directory in which you want to store bad mail. If you don't know the full path, click Browse, and then use the Browse For Folder dialog box to find the folder you want to use.

  7. If you have another mail system in your organization that handles the same mail as the SMTP virtual server, type the host name in Forward All Mail With Unresolved Recipients To Host.

  8. Click OK.

Setting and Removing Relay Restrictions

Mail relaying can occur when users outside the organization use your mail system to send messages bound for another organization. However, Exchange Server normally prevents unauthorized users and computers from relaying mail through your organization—and this is the behavior that you'll typically want to use. In this way, only users and computers that are able to authenticate themselves can use your mail system to relay messages.

If necessary, you can grant or deny relaying permissions, overriding the default configuration. To do this, follow these steps:

  1. Start System Manager. If administrative groups are enabled, expand the administrative group in which the server you want to use is located.

  2. In the console tree, navigate to the Protocols container. Expand Servers, expand the server you want to work with, and then expand Protocols.

  3. In the console tree, expand SMTP. Right-click the virtual server that you want to work with, and select Properties.

  4. Click the Access tab, and then click Relay. You should now see the Relay Restrictions dialog box, shown in Figure 13-10.

    Cc722529.exch1310(en-us,TechNet.10).gif

    Figure 13-10: . If necessary, you can use the Relay Restrictions dialog box to grant some computers the right to relay mail through your organization.

  5. To grant relay rights to specific computers and deny relay rights to all others, click Only The List Below.

  6. To deny relaying for specific computers and grant all others the right to relay, click All Except The List Below.

  7. Create the grant or deny list. Click Add, and then in the Computer dialog box specify Single Computer, Group Of Computers, or Domain.

    • For a single computer, type the IP address for the computer, such as 192.168.5.50.

    • For groups of computers, type the subnet address, such as 192.168.5, and the subnet mask, such as 255.255.0.0.

    • With a domain name, type the fully qualified domain name, such as eng.domain.com.

    Caution: When you grant or deny relaying by domain, Exchange 2000 Server must perform a reverse DNS lookup on each connection to determine if the connection comes from the domain. These reverse lookups can severely affect the performance of Exchange Server, and this performance impact increases as the number of concurrent users and connections increases.

  8. If you want to remove an entry from the grant or deny list, select the entry in the Computers list, and then click Remove.

  9. Click OK.

from Microsoft Exchange 2000 Administrator's Pocket Consultant by William R. Stanek. Copyright © 1999 Microsoft Corporation.

Link
Click to order