Mail server role: Configuring a mail server

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Mail server role: Configuring a mail server

Configure this computer as a mail server to install E-mail Services, which provides e-mail transfer and retrieval services. E-mail Services includes the POP3 service, which provides e-mail retrieval, and the SMTP service, which provides e-mail transfer. Administrators can use the POP3 service to store and manage e-mail accounts on the mail server. After configuring this computer as a mail server, users can connect to the mail server and retrieve e-mail to their local computer using an e-mail client that supports the POP3 protocol, such as Microsoft Outlook.

This topic explains how to use the Configure Your Server Wizard to install and configure E-mail Services. After you have completed the Configure Your Server Wizard, you must perform additional required steps to create mailboxes. After you have completed the Configure Your Server Wizard and created the appropriate mailboxes, you will have a fully-functioning mail server.

You can configure both member servers and stand-alone servers to be a mail server. However, the default authentication method and the available authentication methods will vary. For more information about the default authentication methods and the available authentication methods, see Before you begin and Configure POP3 Service.

This topic covers:

  • Before you begin

  • Configuring your mail server

  • Next steps: Completing additional tasks

Before you begin

Before you configure your computer as a mail server, verify that:

  • The server on which you intend to install e-mail services has a working Internet connection.

  • There is an NTFS partition available. With an NTFS partition, you can take advantage of the increased security provided by disk quotas. For more information about disk quotas, see Configuring disk quotas for the POP3 service.

  • You have a registered e-mail domain name. Contact your Internet Service Provider for assistance in registering an e-mail domain name.

  • A Mail eXchanger (MX) record for your e-mail domain name exists and matches the name of your server. Contact your Internet service provider (ISP) to create an MX record.

  • You have configured your server for static addressing. Contact your Internet Service Provider for the information necessary to configure your server for static addressing. For more information on how to configure your mail server with a static IP address, see Configure TCP/IP for static addressing.

  • Windows Firewall is enabled. For more information, see Enable Windows Firewall with no exceptions.

  • The Security Configuration Wizard is installed and enabled. For information about the Security Configuration wizard, see Security Configuration Wizard Overview.

The following table lists the information that you need to know to before you add a mail server role.

Before adding a mail server role Comments

Determine the appropriate level of security for this server.

A server in this role may be targeted by attackers because of its exposure to the Internet and other networks. To ensure the security of this server, it is recommended that you implement security precautions, such as firewalls and Internet Protocol security (IPSec), before placing it in a production environment. For more information, see Internet Protocol Security (IPSec) and Basic Firewall.

Determine the appropriate authentication method for your configuration.

You must choose an authentication method before you create any e-mail domains on the mail server. The authentication method can be changed only if there are no existing e-mail domains on the mail server.

If the computer that you are configuring as a mail server is either a member server or a domain controller, the authentication method setting defaults to Active Directory authentication. Otherwise, the setting defaults to local Windows accounts authentication.

Determine that you have a registered e-mail domain name.

The e-mail domain must be a registered domain name and it must match the Mail eXchanger (MX) record created by your ISP. If you do not already have an e-mail domain name, contact your ISP for assistance in registering a domain name.

Note

  • The POP3 service supports top-level and third-level domain names. For example, example.com and mailserver.example.com are both supported.



Configuring your mail server

To configure a mail server, start the Configure Your Server Wizard by doing either of the following:

  • From Manage Your Server, click Add or remove a role. By default, Manage Your Server starts automatically when you log on. To open Manage Your Server, click Start, click Control Panel, double-click Administrative Tools, and then double-click Manage Your Server.

  • To open the Configure Your Server Wizard, click Start, click Control Panel, double-click Administrative Tools, and then double-click Configure Your Server Wizard.

On the Server Role page, click Mail server (POP3, SMTP), and then click Next.

This section covers:

  • Configure POP3 Service

  • Summary of Selections

  • Completing the Configure Your Server Wizard

  • Creating mailboxes

  • Removing the mail server role

Configure POP3 Service

On the Configure POP3 Service page, under Authentication method, click the appropriate method for your deployment. The Windows Server 2003 family supports the authentication methods listed in the following table.

Use this authentication method When

Local Windows accounts

Your mail server is not an Active Directory member server, and you want to store user accounts on the server on which the POP3 service is installed

Active Directory-Integrated

Your mail server is a domain controller or a member server

Encrypted Password File

Your mail server is not using Active Directory, or you do not want to have user accounts for the POP3 service on the local computer

The authentication methods that are available to you depend on the configuration of your server:

  • If the computer on which the POP3 service is running is a member server in an Active Directory domain, all three authentication methods are available.

  • If the computer on which the POP3 service is running is a domain controller, the available authentication methods are Active Directory integrated authentication and encrypted password file authentication.

  • Otherwise, the available authentication methods are local Windows accounts authentication and encrypted password file authentication.

Under E-mail domain name, type your registered e-mail domain name. You can create additional e-mail domains later by using the POP3 service snap-in or the Winpop command-line tool.

After you finish, click Next.

Summary of Selections

On the Summary of Selections page, you can view and confirm the options that you have selected. If you selected Mail server (POP3, SMTP) on the Server Role page, the following appears:

  • Install POP3 and Simple Mail Transfer Protocol (SMTP) to enable POP3 mail clients to send and receive mail

To apply the selections shown on the Summary of Selections page, click Next. After you click Next, the Configuring Components page of the Windows Components Wizard appears, and then closes automatically. You cannot click Back or Next on this page.

Completing the Configure Your Server Wizard

After the components are configured, the Configure Your Server Wizard displays the This Server is Now a Mail Server page. To review all of the changes made to your server by the Configure Your Server Wizard or to ensure that a new role was installed successfully, click Configure Your Server log. The Configure Your Server Wizard log is located at systemroot\Debug\Configure Your Server.log. To close the Configure Your Server Wizard, click Finish.

At this stage, you have a fully-functioning mail server, but you must also create mailboxes for all of the users in the domain who will be sending or receiving e-mail. Without mailboxes, users cannot send or receive e-mail.

However, before you start to use your mail server, we recommend the following steps:

  • Run Windows Update. For more information, see Windows Update.

  • Run the Security Configuration Wizard. For more information, see Security Configuration Wizard Overview.

  • For the mail server role to work correctly, you may need to manually configure Windows Firewall by adding the ports required by POP3 service and SMTP service. For additional information on the ports required, see Windows Firewall Settings.

Creating mailboxes

To send and receive e-mail, each user must have a unique mailbox in the e-mail domain. You can create mailboxes from either the POP3 service MMC snap-in or at the command line. This procedure uses the POP3 service MMC snap-in. For more information about creating mailboxes or administering the POP3 service at the command line, see Winpop. For more information about creating mailboxes, see Create a mailbox.

Step Comments

Open the POP3 service MMC snap-in.

To open the POP3 service snap-in, click Start, click Control Panel, double-click Administrative Tools, and then double-click POP3 Service.

Notes

  • To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.

  • If you are using Active Directory integrated authentication, you must log on to the Active Directory domain, not the local computer, to perform this procedure.

Create one or more mailboxes.

In the console tree, select the e-mail domain that you specified in the Configure Your Server Wizard (for example, example.com). Right-click the e-mail domain, point to New, and then click Mailbox. Provide the following information:

  • Mailbox Name--the name of the mailbox. The maximum length for a mailbox name is 20 characters for local Windows accounts authentication, and 64 characters for encrypted password file authentication or Active Directory integrated authentication. The minimum length is 1 character.

  • Password--the password to access the mailbox.

  • Confirm Password--retype the password that was specified in Password.

If you are using Active Directory integrated authentication or local Windows accounts authentication, select the Create associated user for this mailbox check box, unless a user account already exists with the same name as the mailbox that you want to create. If the check box is already selected, clear it only if an account already exists with the same name as the mailbox that you want to create.

Removing the mail server role

If you need to reconfigure your server for a different role, you can remove existing server roles. By removing the mail server role, you will uninstall all mail server components, such as the POP3 service and SMTP service. After the mail server components are uninstalled, users will no longer be able to send or receive e-mail using that server. Any e-mail that is stored on the computer will not be affected by removing the mail server role and will remain in the mail store.

To remove the mail server role, restart the Configure Your Server Wizard by doing either of the following:

  • From Manage Your Server, click Add or remove a role. By default, Manage Your Server starts automatically when you log on. To open Manage Your Server, click Start, click Control Panel, double-click Administrative Tools, and then double-click Manage Your Server.

  • To open the Configure Your Server Wizard, click Start, click Control Panel, double-click Administrative Tools, and then double-click Configure Your Server Wizard.

On the Server Role page, click Mail server (POP3, SMTP), and then click Next. On the Role Removal Confirmation page, review the items listed under Summary, select the Remove the mail server role check box, and then click Next. After you click Next, the Configuring Components page of the Windows Components Wizard appears, and then closes automatically. You cannot click Back or Next on this page. On the Mail Server Role Removed page, click Finish.

Next steps: Completing additional tasks

After you complete the Configure Your Server Wizard and create mailboxes, the computer is ready for use as a mail server. Up to this point, you have completed the following tasks:

  • Installed the POP3 service and the SMTP service.

  • Configured the POP3 service to use an authentication method.

  • Created an e-mail domain.

  • Created mailboxes.

The Configure Your Server Wizard automatically installs the POP3 service MMC snap-in, which you use to manage your mail server. To open the POP3 service snap-in, click Start, click Control Panel, double-click Administrative Tools, and then double-click POP3 Service.

The following table lists additional tasks that you might want to perform on your mail server.

Task Purpose of task Reference

Provide users with the procedure to configure their e-mail clients to use the mail server.

To connect to the mail server, the user's e-mail client must be configured specifically for the mail server.

Configure E-mail Clients

Implement disk quotas.

Disk quotas ensure that the mail store does not use an excessive or unanticipated amount of disk space, which could adversely affect the performance of the server on which the POP3 service is running. You must have an NTFS partition to implement disk quotas. NTFS partitions allow for greater directory and folder security, which better protects e-mail stored on the local hard disk.

Configuring disk quotas for the POP3 service

Configure your mail server to require secure e-mail client authentication.

The POP3 service supports Secure Password Authentication (SPA) for Active Directory integrated authentication and local Windows accounts authentication. Secure Password Authentication requires that all e-mail clients transmit both the user name and password using secure authentication. Secure Password Authentication is more secure than the default of plaintext and, therefore, is recommended over plaintext. Secure Password Authentication must be configured on both the server on which e-mail services are running and on every e-mail client that will connect to the mail server.

Configure the mail server to require Secure Password Authentication; Configure Outlook Express for Secure Password Authentication

Configure ports to allow remote administration.

To manage the mail server role from other computers on the network.

Windows Firewall Settings