Special Edition Microsoft Exchange Server 5.5

- 22 -
Configuring the IMS

• Learning the Internet Mail Service Wizard
• Learning the Internet Mail Service (IMS)
  • Internet Standards on the Internet Mail IMS
  • Understanding IMS Uses
• Understanding the Internet Mail IMS Components
• Setting Up IMS Components
• Setting Up the Internet Mail Service
  • Defining an Administrative Message Account
  • Configuring the Address Space Serviced by the IMS
  • Specifying the Site Address
  • Configuring Connection Options
  • Defining Message Content Options
  • Setting Advanced Options
  • Defining IMS Message Restrictions
  • Setting Security Options
  • Supporting Other Protocols
  • Accessing the Directory Through LDAP
  • Managing SMTP Messages
  • Defining an Additional IMS Within a Site
• Testing the IMS

This IMS is one of the core components of Exchange Server; it integrates directly with the rest of the mail services. You can configure the IMS as a standalone solution or use it as the backbone connectivity protocol.

Learning the Internet Mail Service Wizard

The Internet Mail Wizard helps you to navigate graphically through the configuration of the Internet Mail Service (IMS) that relies on industry standards to enable seamless integration with Exchange and existing SMTP mail systems. The IMS provides message transferring with any other system that uses the SMTP protocol. When you first start the Internet Mail Wizard (IMS), you must have DNS set up already on your computer. The components of DNS (Domain Name Service) are Hostname, Domain name, Domain Name, Computer's IP Address. It is also good to put the domain name (that is, softwarespectrum.com) into the domain suffix search order.

When this is complete and you have rebooted the computer, you must configure the A record and the MX record in the DNS Manager. The A record stands for Authority Record, which is an IP starting point of navigation through the vast Internet pathways. The MX record is a pointer to your Exchange server so that you can be found by your ISP for mail delivery from the Internet. You can obtain the exact configurations for these components from your ISP. Once you have these items set up correctly, you can continue with the installation of the IMS through the Internet Mail Wizard.

---

NOTE: If you have two WINS servers in your environment, then set each of the WINS servers to point to their own IP Address for the primary as well the secondary addresses. The reason for doing this is that if one WINS server is faster than the other on your network, it will try to register itself with the faster WINS server. This will cause an endless loop to occur, which in turn could cause other unknown problems. 

---

Learning the Internet Mail Service (IMS)

The IMS is very versatile. It relies on industry standards to allow seamless integration with Exchange and existing SMTP mail systems. The IMS provides message transferring with any other system that uses the SMTP protocol.

Internet Standards on the Internet Mail IMS

Users from single or multiple Exchange or Microsoft Mail 3.x sites can communicate with the Internet through the IMS.

---

NOTE: Client workstations do not need to have an Internet connection to use the IMS.

---

The functionality provided with the IMS complies with Internet standards. The IMS relies on a set of standards that have been ratified over the past 30 years. These standards are a set of published documents known as Requests for Comment (RFCs). These are the guidebooks for developing applications to be used on the Internet. Following is a list of the key standards to which the Internet Mail IMS adheres:

• RFC 821. This RFC is the Simple Mail Transfer Protocol (SMTP) standard. RFC 821 describes the message definitions for passing or transferring mail from one computer system to another.

• RFC 822. This RFC, which is the continuation of RFC 821, describes the message format and structure of the data in the message. The standard covers the header information (To, From, Subject, and message body data). This RFC deals with non-text attachments by decoding the data with uuencode and uudecode encoding. If you have an attachment, the IMS converts the attachment to text and populates the body of the message with the encoded data.

• RFC 1521. This RFC, which defines the standard for sending attachments over the SMTP protocol, is called Multipurpose Internet Mail Extensions (MIME). This RFC breaks down the components of a message and allows different portions to be sent in separate fields. With MIME, you can attach a variety of data types (such as Microsoft Word documents, video clips, and audio files) and transmit the data without conversion. This provides ease of use for sending data between sites.

• RFC 1554. This RFC defines the protocol used by the legacy Microsoft SMTP gateway for Microsoft Mail 3.x. RFC 1554 defines the message format that is created when a message is transferred through the MS SMTP gateway. This RFC is similar to RFC 822, which provides for encoding attachments into the body of the message as text.

• RFC 1939. This RFC defines the POP3 (Post Office Protocol v3) protocol for the retrieval of messages from a mailstop. It enables POP3 clients to connect directly to the Exchange Server information store, listening to PORT 110.

• RFC 1777. This RFC defines a method of allowing LDAP clients to find, add, delete, and modify the directory with Exchange Server. The RFC provides Exchange 5.0 read-only access to the directory. Exchange 5.5 incorporates version 3.0 of LDAP, which allows for Bind, Unbind, Search, Add, Modify, and Delete to the directory. Exchange Server 5.5 listens to port 389 for communications.

• RFC 2060. This RFC defines a method for IMAP4 clients to access multiple folders and mailboxes on the Exchange Server. It utilizes SMTP for sending mail.

These RFCs allow for seamless integration with other SMTP mail systems across public and private Internet networks.

Understanding IMS Uses

Exchange supports a variety of connection methods, using IMS as the message connector.

The following are different ways to use IMS in a production environment:

• SMTP gateway to a Microsoft Mail Network of post offices (see Figure 22.1).

FIG. 22.1 Microsoft Mail users can leverage the gateway in Exchange to provide Internet connectivity.

• As described in Chapter 19, "Using the Microsoft Mail Connector for PC Networks," Microsoft Mail 3.x users can send and receive Internet messages through the Microsoft Mail Connector on Exchange. In this example, Exchange acts as an Internet SMTP gateway. Exchange converts the messages to Microsoft Mail 3.x format, using the Microsoft Mail Connector interchange, and then transfers the messages to the Microsoft Mail 3.x post offices with the MS Exchange MTA services.

• SMTP connector to an Exchange Network of post offices (see Figure 22.2).

• This example is similar to Microsoft Mail 3.x use of the IMS, providing SMTP connectivity from the native mail-system client to the remote SMTP mail-system recipient. This functionality is seamless to users. The advantage of having all Exchange clients using the IMS is the fact that this architecture reduces the need for data-format conversions. At the same time the IMS services Exchange clients, it can service existing Microsoft Mail clients. This example extends the preceding example by providing additional support for Exchange clients.

FIG. 22.2 The IMS integrates directly with the Exchange Server.

The following is how to utilize the IMS within an organization:

• Allow POP3 and IMAP4 clients to send and receive mail through the Exchange Server.

• This feature enables any POP3 or IMAP4 client to connect to an Exchange server for mail retrieval. This capability extends the reach of Exchange into areas where the Outlook client cannot be utilized.

• Using the IMS to link Exchange sites (backbone) (see Figure 22.3).

FIG. 22.3 The IMS can be used to link multiple Exchange sites.

• In this example, the IMS is used to link two Exchange sites. SMTP messaging is the backbone between the sites. Both Exchange sites need to be running the IMS locally. The IMS then communicates with the destination IMS.

• This is especially useful in organizations where MIS is geographically distributed. Each location can maintain its own Exchange messaging services and still provide connectivity with the other sites. Using the IMS to backbone sites puts additional overhead on the IMS, which now is handling directory synchronization, folder replication, and message transfer through a single link.

• Using the IMS in this manner preserves the Exchange functionality of rich text formatted messages, OLE objects, and public folder postings. This solution is a manageable solution for linking Exchange sites.

• Exchange Server connecting to Microsoft Mail 3.x with the IMS (see Figure 22.4).

FIG. 22.4 The IMS can be used to enable Microsoft Mail 3.x to communicate with Exchange sites.

• This example follows the backbone model. Instead of connecting with another Exchange site, however, the IMS is used to create a backbone with a Microsoft Mail site. The Microsoft Mail site will be using the Microsoft SMTP gateway.

• This solution permits immediate transmission of messages between Exchange and Microsoft Mail sites. You do not have to configure the Microsoft Mail Connector interchange, configure MTA IMSs, or set up remote directory synchronization.

• The Microsoft Mail 3.x gateway product does not support many Exchange features, including OLE v2.0 objects, MIME attachments, directory synchronization through the Microsoft Mail gateway, and multiple-host connections. The Microsoft Mail gateway can communicate with only a single SMTP host, whereas the Exchange IMS can have unlimited SMTP-host connections.

• Another method of connecting these locations to allow communications to occur in the same fashion that you might if connected to the LAN is with PPTP (Point-To-Point Tunneling Protocol). Windows NT 4.0 allows for the use of PPTP (a standard and secure method of connecting locations over the Internet) to encapsulate all Exchange and Microsoft Mail Post Office communications so all configuration would remain the same as a LAN link. This does require that both sides have the capability of running PPTP.

• In some situations, if the Internet Service Provider (ISP) supports PPTP, only one side would require PPTP capability. In this scenario, it is possible to support a legacy system that does not support PPTP to communicate with an Exchange server over a secured line through the ISP.

• Windows 95 client connecting to Exchange Server over the Internet (see Figure 22.5).

• This example focuses on the client connection with Exchange. A Windows 95 client with Exchange Client software installed can access the Internet through a local service provider. After getting connected to the Internet, the client can transmit and receive messages through an Exchange IMS.

FIG. 22.5 The IMS can send and receive messages to Windows 95 client workstations.

These examples provide suggestions and solutions that companies can utilize for communications through the IMS.

Understanding the Internet Mail IMS Components

The IMS has many features that are not available in the Microsoft Mail 3.x SMTP gateway. These new features offer a balance of power and flexibility to route messages over SMTP networks. As described in the preceding section, you can use the IMS's rich feature set in many ways.

After it is configured, the IMS transfers messages to remote SMTP mail systems by initiating a connection. When the connection is made, the messages are transferred across systems.

For incoming messages, the IMS listens to a TCP/IP port for connection requests. In similar fashion, once the remote system establishes its connection with IMS, messages and data are transferred into Exchange.

Inside the Exchange site, the IMS converts the message to an Exchange-format message and routes it to the Exchange recipient. The user will not notice any difference between an SMTP message and a normal Exchange message.

Setting Up IMS Components

Before you configure and run the IMS, you need to meet these requirements:

• TCP/IP must be installed and properly configured on the Exchange Windows NT server that is running the IMS.

• The server should have a static (nondynamic) Internet Protocol (IP) address. If you are using Dynamic Host Configuration Protocol (DHCP), you should exclude the IMS server's IP address from the pool of IP addresses used by DHCP. DHCP assigns IP addresses to TCP/IP clients automatically.

• The reason for specifying a static IP address is that you are required to have a fully qualified Internet domain name. These values do not change dynamically with IP addresses; they are manually configured, and you would need to update them daily for the name to match the server's address.

• In the TCP/IP section of the Windows NT server configuration, you need to enable Domain Name Server (DNS) lookups. The DNS matches common domain names (such as yourcompany.com) into a specific numeric IP address.

• You need to enter the host name and domain name of the IMS server (see Figure 22.6). In addition, you have to enter at least one value for the IP address of the DNS server. For more information on installing TCP/IP on a Windows NT server, refer to your Windows NT user manual.

• Add the IP address, host, domain, and Mail Exchange (MX) entries in the DNS server.

• Use the IP address and the host and domain information from the Windows NT TCP/IP configuration to enter into the DNS. Adding these values to the DNS allows for name resolution. The DNS provides the function of mapping a "friendly" name to an IP address. This way, when a user enters a friendly name, such as LosAngeles01. softwarespectrum.com, the DNS maps this name to its actual numeric IP address.

• Figure 22.7 shows an entry for a server name and then an associated IP address. In addition to the host name and IP address, add an address space entry in the IMS configuration for Internet-bound Exchange messages to pass through the IMS. This entry is called the Mail Exchange entry, or MX.

• MX records associate SMTP mail messages with a routed destination host name and IP address. In Figure 22.7, you see an MX record for mail destined for msmail. softwarespectrum.com to be routed to server LosAngeles01.swsspectrum.com. This way, when remote SMTP systems need to know where to send messages, they can look in the DNS records for the destination IP address of the mail messages. For more information on DNS entries and configuration, consult any related documentation for those products. A wealth of information is also available on Internet Web sites and newsgroups to assist you in learning more.

FIG. 22.6 These are the TCP/IP settings that enable DNS lookups on the Exchange server running the IMS.

FIG. 22.7 The DNS entries for server LosAngeles01 in the domain swsspectrum.com.

It is very important to ensure that these recommendations are followed for the proper configuration of DNS records to enable mail delivery to occur.

Administrators should be careful not to create message loops, and to ensure that all mail domains that will be serviced by the IMS are defined. Aliases can be used to allow multiple domains to be serviced by one IMS.

Setting Up the Internet Mail Service

After you meet the initial requirements for the IMS, you can begin to configure the IMS. The following is a list of procedures to use as you configure the IMS:

• Define an administrative message account

• Configure the address space serviced by the IMS

• Specify the site address

• Configure connection options

• Define message-content options

• Set interoperability options

• Set specific IMS message restrictions

• Management of SMTP messages

• Security access restrictions

• Additional features of the IMS

• Test the IMS

You can configure all options from the Exchange Administrator program; select the Internet Mail IMS from the Connections section of the site hierarchy (see Figure 22.8).

FIG. 22.8 Selecting the Internet Mail IMS from the Exchange Administrator program.

---

NOTE: The IMS is very complicated and has a multitude of options. Prepare yourself by setting aside a few solid hours to set up the IMS.

---

Defining an Administrative Message Account

You must select an Exchange mailbox that will receive notification regarding the function of the Internet Mail IMS. This mailbox can be an administrator's one or a special account created for this purpose. Whichever option you choose, just make sure that the mailbox is checked periodically to catch important notification messages sent by the IMS.

To configure the IMS to send administrative messages to an account, complete the following steps:

1. Open the IMS property pages (see Figure 22.9) for the server that you want to configure.

2. Click the Change button to the right of the Administrator's Mailbox box. The dialog box shown in Figure 22.10 appears.

FIG. 22.9 A blank IMS tab.

FIG. 22.10 Selecting the administrator message account.

The administrator message account is used to send notices of events associated with the IMS and is similar to the postmaster account on the sendmail system for UNIX. This account is the default account for message errors, bounced mail, problems with the IMS, and other administrative notifications.

3. Define the notices to be sent to the administrator message account (see Figure 22.11).

From an administrative standpoint, selecting all the notifications is beneficial. If the volume of the notices is too excessive, change the administrator account to a public folder for the Exchange administrator group's use, or try to troubleshoot the cause for the notices before decreasing the notification settings.

FIG. 22.11 Defining the notices to be sent to the administrator message account.

The preceding steps ensure that any messages that need to be addressed by administrators are delivered to the proper account. In most cases, administrators will utilize this feature for troubleshooting purposes.

Configuring the Address Space Serviced by the IMS

The address space entries for the Internet Mail IMS define which messages are routed through it. You must make at least one entry in this page to activate message routing through the IMS.

The following steps guide you through creating and editing address space entries:

1. From the IMS property page, select the Address Space tab (see Figure 22.12).

FIG. 22.12 This Properties page displays Address Space entries for the IMS.

2. Click the New Internet address space button. The dialog box in Figure 22.13 appears.

In the Address Space property page, you can enter multiple Internet domain names, Microsoft Mail server names, X.400 names, or other IMS names to route messages through this IMS.

FIG. 22.13 Creating a new Internet address space for the IMS.

3. A third property page available in Exchange 5.5 is the Restrictions page. On this page, you can restrict the access to usage of the server to either individuals that are from the Organization, Site, or This Location only.

4. Click OK to set the configuration.

The preceding information describes the main steps in configuring how the IMS is to be used.

Specifying the Site Address

To configure how Internet Mail addresses will be generated for the site, complete the following steps:

1. From the IMS property sheet, click Apply to set all the configuration settings. You see a reminder that you have to stop and restart the IMS.

2. Open the Control Panel services and locate the Exchange Internet Mail IMS (see Figure 22.14). If the IMS is already running, stop the service, then restart it for your new setting to take effect.

FIG. 22.14 NT service for the IMS.

3. Select the Site Addressing icon in the Administrator program's display window and open its property pages.

4. Click the Site Addressing tab. The IMS dialog box appears (see Figure 22.15).

5. The addresses in the IMS dialog box are the global settings for all recipients at this particular site. Make sure that the recipient address for the IMS is the same as what is entered in the MX record of the DNS.

At this point, the IMS should be up and running. The IMS should be listening to port 25 of the TCP/IP protocol stack on the server--the port specified in RFC 822 for SMTP mail transferring. Now you can proceed to configure the additional options of the IMS.

Configuring Connection Options

You can modify the settings for inbound and outbound transfer modes, connection limitations, delivery options, and message queues. Follow these steps:

1. From the IMS property pages, select the Connections tab (see Figure 22.16).

FIG. 22.15 Global site-addressing properties.

FIG. 22.16 Configuring the IMS connections properties.

---

NOTE: The None option is a great tool to use in debugging the IMS. When this option is selected, you can keep the IMS running but restrict messages from being transferred from the site. Users will not notice any difference in their work because messages will just queue up on the server until the transfer mode is reestablished.

---

2. In the Transfer Mode section, click an option button to indicate whether messages will be incoming, outgoing, both, or neither.

3. Click the Advanced button to set the following options (see Figure 22.17).

FIG. 22.17 Configuring the advanced settings for the Transfer mode.

These options can be set based on the resources in your environment.

4. Configure the message delivery settings.

The IMS allows you to use the DNS to resolve SMTP Mail message routes or use a single SMTP relay host. If you choose the DNS option, the IMS attempts to connect with the various destination SMTP mail systems directly. If you do not want to have Exchange perform the actual message transfer to the remote hosts for performance or security reasons, you can specify an SMTP relay host. Exchange is not a relay host. A relay host has the capability to receive SMTP mail, look at the header destination information, and then perform the message transfer to the remote host. Typically, the smart host functionality is run on a UNIX server. The process is known as sendmail.

The DNS option removes the need to have a UNIX server running sendmail just to relay messages to remote hosts.

An additional option is to configure the message-delivery options based on domain. Message delivery can be based on Domain Name Service (DNS) lookup. The IMS can perform a DNS request before forwarding messages to the appropriate destination. With the Microsoft Mail 3.x SMTP gateway, you were forced to point the gateway to an existing SMTP relay host, which would actually deliver the mail to the final destination. The Microsoft Mail 3.x SMTP gateway forced users to manage two servers to transfer Internet mail (see Figure 22.18).

One new feature enables administrators to choose a variation on queuing of messages. Click the E-Mail Domain button to select the ETERN option. ETERN is an alternative method of queuing messages based on the responses from the Host. If the host either initiates a specific command (for example, PING), or issues a "ready to receive" message, Exchange will wait to send or receive mail.

FIG. 22.18 Configuring the advanced settings for the SMTP message delivery.

This is useful if it appears that the IMS is having a difficult time transferring messages to a particular remote host. You can configure an individual entry for that specific domain causing message transfer problems. Entries can be in the form of domain, subdomains, and IP addresses. You can use wild cards as well.

5. Define inbound connections.

You can configure the IMS to receive messages from all incoming hosts or reject remote hosts based on your input (see Figure 22.19).

FIG. 22.19 Configuring the incoming connection to be accepted by the IMS.

You can specify entries only in the form of IP addresses and subnet mask of the remote host to be rejected or accepted. This is useful when remote hosts are having a difficult time communicating with the IMS or when a particular remote host has a history of transferring junk messages or corrupt data.

---

NOTE: Typically, as your users subscribe to Internet listserv mailing groups, a wide variety of mail systems will attempt to communicate and transfer mail into the system. Some of these remote systems do not adhere to the RFCs like the IMS. This can cause communication problems between the systems. Suppose that I speak English and am from the West Coast, and that my business partner speaks English and is from the East Coast. Both of us speak English, but we may not always be able to communicate if our accents affect our speaking abilities.

---

6. Define the IMS message queue retry intervals.

This option is used to define the retry attempt interval for the IMS, if it encounters a host to which it cannot transfer a mail message. The reason for the retry is that the remote host is too busy to process another communication request or is otherwise unavailable. The IMS queues up the message and waits until the retry interval expires before trying to transfer the message to the remote host. The default setting retries the first time in 60 minutes; the subsequent retries are made at 150 percent of the set time interval.

If you use the default setting--the initial retry at 60 minutes--subsequent retries occur at 1 hour, 1.5 hours, 2.25 hours, 3.4 hours, 5 hours, 7.5 hours, and so on, for a total of 8 retries over 72 hours.

Select the Message Time-Outs button to configure more specific retry intervals (see Figure 22.20).

FIG. 22.20 Configuring the message time-out settings to drop remote connections from the IMS.

Notice the granularity of the message queue retries. You can configure a specific retry interval based on the priority level of the mail message.

Make sure to apply your configuration changes before you move to another configuration tab. Remember that you have to stop and restart the IMS after you complete your configurations.

These steps are used to ensure that messages are delivered in a timely and secure manner. In some cases, the administrator may want to modify the retry values to decrease the resolution time-out to provide quicker notification if the connection is reliable.

Defining Message Content Options

This section explains how to configure the default message content format, Exchange rich text formatting options, and message formats for individual domains.

To configure the options for inbound and outbound messages, follow these steps:

1. From the IMS property page, select the Internet Mail tab.

2. The first option is to select the message content type for attachments. You have the option of configuring the IMS to send and receive message by MIME or uuencode. MIME provides support for a variety of file formats, which do not get broken up or encoded into the mail message as in uuencode. MIME support separates the attachments from the text portion of the message, retaining the original format.

3. Choose the MIME character set translation standard (see Figure 22.21). The default option is to use the ISO 8859-1 standard for MIME outbound mail messages.

FIG. 22.21 Configuring the MIME character set translation.

4. Use the drop-down menu to select the Non-MIME character set translation. The default option for uuencode messages is US ASCII for both inbound and outbound messages.

---

NOTE: To send message content to the Microsoft Mail 3.x SMTP gateway, make sure that you are using uuencode. The Microsoft Mail 3.x gateway does not support MIME attachments.

---

5. Click the E-Mail Domain button. The E-Mail Domains dialog box appears (see Figure 22.22).

This dialog box enables you to configure specific character sets, message content formats, and maximum message size for messages transferred through the IMS.

6. Click Add to create additional e-mail domain entries, Edit to change an existing one, or Remove to delete one. When you are done with these settings, click OK to return to the Internet Mail property pages. Figure 22.23 shows the Add e-Mail domain dialog box after you click the Add button.

FIG. 22.22 You can use this dialog box to specify message content by e-mail domain.

FIG. 22.23 Dialog box for creating a new e-mail domain configuration with message content options.

7. Click a site, then click the plus symbol beside the icon for servers, then click the server's icon for that site. From the menu, select properties and the MIME Types tab to define attachment formats.

From this property page, you can configure the MIME types (see Figure 22.24). MIME types include support for Microsoft Word documents, video files, audio files, HTML documents, binary executables, and other format types.

8. Click the New button to create an additional MIME type. The New MIME Type dialog box appears.

For the Microsoft Word Application, enter the MIME content type and the associated extension in the dialog box (see Figure 22.25). The Microsoft Word MIME type is application/msword and the associated extension is .doc. When done, click OK to set the change and activate this new content type.

FIG. 22.24 Configuring MIME attachment formats.

FIG. 22.25 Creating a new MIME type or edit an existing type. You can configure for document formats, multimedia formats, or even application binary formats.

Message content, like MIME, may need to be configured differently depending on the applications utilized within the organization. If organizations have custom applications that are used to view documents or multimedia files, this can be changed to fit their needs.

Setting Advanced Options

To configure the advanced options for the IMS, follow these steps:

1. From the IMS property page, select the Internet Mail tab.

2. Click the Advanced button; the Advanced Options dialog box will appear (see Figure 22.26).

The IMS sends outbound messages with the display name of the sender/creator and the sender's alias. The display name typically is the sender's full name, first and last. If you have a user named Fred Rodriguez, for example, his alias might be fredro and his display name, Fred Rodriguez. You can choose to disable sending the display name over the Internet from the Advanced dialog box.

FIG. 22.26 Defining the interoperability options for the IMS.

In addition to disabling display names, the IMS can be configured to disable Out Of Office Message responses and Automatic Replies to the Internet.

In addition, you choose when to use MS rich text formatting in messages (see Figure 22.27).

FIG. 22.27 Listed are the options of when to send RTF formatting in outbound messages.

The three options allow the users to select when they want to send RTF data, always send RTF data, or never send RTF data. If this IMS communicates only with a Microsoft Mail 3.x SMTP gateway, you should select the option to never send RTF data because the Microsoft Mail SMTP gateway will not be able to understand this information.

3. Define the Message size limit.

4. Open the General tab (see Figure 22.28).

This option enables you to configure message limitations for the IMS.

The Advanced page for most organizations will not need to be changed. However, in certain situations where Internet mail is sent to specific clients or organizations, administrators may agree to allow RTF messages and increase or decrease limits on message sizes. The message size limits can be configured to minimize the impact on Exchange servers for having to convert large messages.

Defining IMS Message Restrictions

These settings deal with the actual message settings for the IMS.

To configure message-specific properties for delivery through IMS, complete the following steps:

FIG. 22.28 The General tab enables you to set the maximum message size.

1. From the IMS property page, select the Advanced button on the Connections tab, as well as the Time-Outs button for message delivery options (see Figure 22.29). From the Advanced and Time-Outs dialog boxes, you can define the message parameters, maximum message transfer times, and the message transfer quotas.

FIG. 22.29 The Advanced tab enables you to configure message transfer parameters.

Message parameters are used to limit the number of unread messages, to set the time to back off from message transfer, and to set a maximum unread message time. The values are set in the number of messages, and in the number of minutes.

The second button, Time-Outs, defines the maximum transfer times broken down by urgent, normal, and non-urgent messages. These values are set in minutes and can be used to close connections that would otherwise be held open for long periods of time. This quota helps to reduce the amount of traffic to single hosts.

The last set of values is used to set upper limits for the size of messages transferred from the IMS to the remote hosts.

2. Click Apply when you have finished modifying these entries to set your new values.

3. Next select the Delivery Restrictions tab menu (see Figure 22.30). Use this tab to restrict message delivery to certain users or to restrict those users from sending outbound SMTP mail through this IMS.

FIG. 22.30 Users can be granted access rights to use the IMS or restricted access to the IMS.

You have the option to either grant users access to the IMS or, on the flip side, deny users access to the IMS. On the left panel you can manage the usage by adding users who can connect. On the right panel, you choose who cannot connect. Figure 22.31 shows the two windows of the IMS's Delivery Restrictions Property page.

In addition to individual mailboxes, you can set delivery restrictions to distribution lists and custom recipients as well.

Of the topics mentioned in this section, the ability to restrict which mailboxes can be sent to and from can help prevent misuse of the mail system. This is an effective way of managing who has the ability to send and receive e-mail (such as temporary employees, or new employees).

FIG. 22.31 You can manage access down to the user level.

Setting Security Options

Setting Security Options

Exchange Server 5.5 has extended the security capabilities to support a wider range of security standards.

Exchange 5.5 offers enhanced security to ensure reliable message delivery. One selection that is available is to enable S/MIME capabilities. You can do this from the Internet Mail tab by checking the option box (see Figure 22.32).

This option, however, should be selected only if the clients that will be connecting support S/MIME. S/MIME is an addition to the MIME standard, which allows for secure message delivery. A client that currently supports S/MIME is Outlook Express, which enables clients to sign and encrypt messages being delivered over the Internet.

A second option that is now available is the Security tab.

The security tab allows for a per-domain configuration depending on the servers you will be connecting to. If the message communications occurs between two Exchange servers, all information will be encrypted across the wire.

An administrator may choose no validation between servers, SASL/AUTH(clear text), or SSL. The final option for security between domains would be Windows NT Challenge/Response encryption. With these options, an administrator can secure channels between multiple Exchange servers, or no security with other domain communications.

Supporting Other Protocols

To ensure that Exchange Server can support a variety of clients for connectivity, Microsoft has included support for IMAP4 and POP3.

FIG. 22.32 Configuring S/MIME on the server side.

IMAP4 (Internet Message Access Protocol), and POP3 (Post Office Protocol) are similar in the sense that they provide a convenient method of accessing mailboxes on an Exchange server without using the Exchange Client or Outlook. With this support, Microsoft has made it possible for an organization to allow all types of workstations to connect as long as they support the specifications.

POP3, which Exchange 5.0 began to support, is also available in Exchange 5.5. With a simple mail client that supports POP3, a client may retrieve and send mail through the Exchange server. POP3 clients communicate directly with the Information Store. The configuration of the POP3 services can be configured on a per-site or per-user basis.

You need to add security to POP3 connections to ensure the correct clients are connecting and have access to only the information the company wants to present.

IMAP4 allows for similar connectivity to the Exchange Server; however, it expands on the capabilities. IMAP4 clients may connect to multiple mailboxes, as well as access public folders. IMAP4 can be enabled on a per-site per-user level. Two features that are not currently supported within Exchange IMAP4 are RFC 2086 (ACLs) and RFC 2087 (Quotas).

To make certain that these clients can receive mail through the Exchange IMS, ensure that the routing of messages is properly configured.

Accessing the Directory Through LDAP

With Exchange Server 5.0, Microsoft extended the capabilities to allow clients to get direct access to the Directory within Exchange. With the adoption of new standards in version 5.0, Exchange 5.5 updates the LDAP support to version 3, which unlike 2.0 allows Modifies to the directory.

This support allows LDAP clients to search for information in the Exchange directory without the need of the Outlook or Exchange client.

To ensure that the client sees only what the organization wants the client to see, the administrator may configure LDAP to present only certain pieces of the directory.

Because of the direct access to the directory, and with the future considerations of ADS (Active Directory Services), developers are able to begin scripting ADSI through LDAP.

Managing SMTP Messages

After you configure the IMS and have the Windows NT service running, you can configure the following additional features to assist you in managing the IMS.

To configure and monitor message tracking, complete the following steps:

1. From the IMS property page, select the Internet Mail tab.

2. Your first option is to check the Enable message tracking field. This will log information about the daily IMS transactions to a common log, which can be browsed to find transmission data on a particular message.

3. Your next option is on the Queues tab (see Figure 22.33). In this tab, you can get real-time statistics on the current processing of IMS data.

FIG. 22.33 This tab provides real-time data about the status of messages in the IMS queue.

If you check the queue and see that several messages are waiting to be processed or transferred to another system, you can begin to diagnose where you may have a problem.

4. Select the Diagnostics Logging tab (see Figure 22.34).

FIG. 22.34 From this tab, you can specify what level of service logging you need for the IMS.

Logged information gets written to the common Windows NT event logs. On the left panel, the IMS (known as MSExchangeIMS in the event log) is listed. The right panel lists the actual log category options. These include:

• Initialization/Termination monitors that the IMS starts and stops.

• Addressing monitors the resolution of e-mail addresses with display names and foreign names.

• Message Transfer is the process that communicates with the remote hosts and transfers message from one system to the other.

• SMTP Interface event refers to the core application IMS operation.

• Internal processing is the service that routes the data inside of the IMS.

• SMTP protocol log records all events having an impact from the protocol stack or network communication.

• Message Archival processes the IMS temporary data while connections are being restored.

Typical configuration of auditing or logging is to keep each active process set to the minimum log level. In the event that the IMS queue begins to back up, you may want to increase the logging level. Turning the logging on to maximum will flood the event log with many additional messages for you to sort through. Once you have solved the problem, I suggest returning your logging levels back to the minimum level.

5. Select the Connected Sites tab for the option to view the Exchange sites reached through this IMS. To configure routing to an additional site, click the New button at the bottom of the tab (see Figure 22.35).

FIG. 22.35 This option shows the additional sites connected to the IMS.

Adding a connected site creates additional routes for messages. Additional Exchange sites, as well as Microsoft Mail 3.x post offices, can be routed to take advantage of the IMS.

6. Enter the organization and site of the additional routed post offices when adding a connected site (see Figure 22.36).

FIG. 22.36 Entering a value for the organization and the site.

7. After you enter the site name, click the routing address tab to complete the new message route. The Properties dialog box, shown in Figure 22.37, appears.

8. Enter a type of mail connection. You can add an SMTP type and include the destination mailbox address.

FIG. 22.37 Completing the message route with a message type and post office.

These features allow organizations to reroute messages to other mail systems. This can be utilized during migrations for existing message routes that were serviced by sendmail servers.

Defining an Additional IMS Within a Site

The IMS runs as a single Windows NT service per server. Typically, you have one IMS per organization to service the public Internet connection. Additional connections may be needed if you are going to use an SMTP backbone to move messages throughout the organization. The IMS is robust and can handle several thousand users. To balance the load, you can set up additional IMSs to distribute the processing.

To allow coexistence between two or more IMSs, you must perform the following adjustments:

1. In the Address Space tab, modify the entries for existing IMS to accommodate the address space of the new IMS.

2. In the Connections tab, modify the maximum inbound and outbound sessions, along with what is specified in any new IMS.

3. Finally, for the new IMS to resolve properly in the DNS, you must modify the DNS or host file to reflect a new IMS's IP address.

Following are special routing suggestions for sites that have multiple IMSs:

• If your organization has multiple domains within the SMTP mail system, consider having each IMS handle messages for one specific domain.

• If your site has relatively balanced incoming and outgoing SMTP messages, consider configuring one IMS to receive SMTP mail and the other to send SMTP mail.

Testing the IMS

When the configuration of the service is complete, the last thing to do (after you stop and restart the service) is test the connection. Use the following steps to test your Internet mail connection.

First, send a message from an Exchange client on your site to a remote SMTP server. Verify that the message was properly received.

Examine the body of the message to make sure that any attachments came through without a problem.

From the remote host, send a message back to the IMS. Verify that the message was properly routed to the appropriate mailbox. If the message is delayed or does not reach the destination mailbox, you must track it down by using Exchange's troubleshooting tools. Refer to Chapter 24,"Exchange Performance Tuning and Capacity Planning," for more information on such tools. A good place to start to verify the working state of the IMS is first the IMS Queues tab and then the Windows NT Event Viewer for any alert messages. l

---

© Copyright, Macmillan Computer Publishing. All rights reserved.