2003 runs as a virtual server because any node in a cluster can assume control of a virtual server. If the node running the Exchange virtual server experiences problems, the virtual server goes offline for a brief period until another node takes control. Exchange Server 2003 installs as a virtual server in both Microsoft Windows clusters and load balancing clusters. Load balancing and failover protection are important features of any e-mail system. Exchange Server 2003 Internet protocol virtual servers provide Simple Mail Transport Protocol (SMTP) resources that handle relay and e-mail delivery, Hypertext Transport Protocol (HTTP) resources that provide Web-based access to Exchange mailboxes and public folders, and Network News Transfer Protocol (NNTP) virtual servers that provide access to newsfeeds. Virtual servers can also be configured to provide access to e-mail messages for Internet Message Access Protocol version 4 (IMAP4) and Post Office Protocol version 3 (POP3) clients. Virtual Servers in a Windows Clustering Environment Exchange virtual servers use the Windows clustering services, which are included in Windows Server 2003, Enterprise Edition, and Windows Server 2003, Datacenter Edition. These services control all aspects of Windows clustering. Back-end servers require failover support and are typically configured in a Windows clustering environment. Exchange Server 2003 uses the following Windows clustering features: Resource DLL : This allows Exchange Server 2003 to communicate with the Windows clustering services and customizes Exchange to provide Windows clustering functionality. Groups : An Exchange virtual server in a cluster is defined as a Windows cluster group containing cluster resources, such as an Internet Protocol (IP) address and Exchange Server 2003 System Attendant. Resources : Exchange virtual servers include the Windows clustering services, such as IP address resources, network name resources, and physical disk resources. Exchange virtual servers also include their own Exchange-specific resources. Shared nothing architecture : Although all nodes in the cluster can access shared data, they cannot access it at the same time. For example, if two physical disk resources are assigned to node 1 of a two-node cluster, node 2 cannot access these disk resources until node 1 fails or is taken offline, or until the disk resource is moved to node 2 manually. This feature prohibits dynamic load balancing in Windows clusters. Virtual Servers in a Network Load Balancing Environment Windows Server 2003 servers can be clustered to provide network load balancing. This is typically implemented on front-end servers, where load balancing is a requirement. You implement network load balancing by creating identical redundant virtual servers on all front- end servers that are part of the network load balancing cluster. In this case, the configuration of every server in the network load balancing cluster must be the same; otherwise, clients may experience different behavior depending on the server to which they are routed. Exchange Virtual Server Requirements
An Exchange virtual server requires, at a
minimum, the following resources: A static IP address A network name One or more dedicated physical disks for shared storage An Exchange 2003 Server System Attendant resource (this installs other Exchange resources) Client computers connect to an Exchange virtual server the same way that they connect to a standalone computer running Exchange Server 2003. Windows Server 2003 provides the IP address resource, the network name resource, and the disk resources. Exchange Server 2003 provides the System Attendant resource and other required resources. When you create the System Attendant resource, all other required and dependant resources are installed. System Attendant : Controls the creation and deletion of all the resources in the virtual server. Dependent on Network name , Shared disk Exchange store Provides mailbox and public folder storage for Exchange Server. Dependent on System Attendant SMTP Handles relay and delivery of e-mail. System Attendant Dependent on System Attendant IMAP4 Provides access to e-mail messages for IMAP4 clients (optional). Dependent on System Attendant POP3 Provides access to e-mail messages for POP3 clients (optional). Dependent on System Attendant HTTP Provides access to Exchange mailboxes and public folders via HTTP—for example, Microsoft Outlook 2003 Web Access (OWA). Dependent on System Attendant Exchange MS Search Instance Provides content indexing for the virtual server. Dependent on System Attendant Message transfer agent (MTA) Responsible for communication with X.400 systems and for interoperation with Exchange Server 5.5. Dependent on System Attendant Routing service Builds the link state tables. Dependent on System Attendant Overview of POP3 Virtual Servers POP3 allows a client to retrieve a specific user’s mail from the server. POP3 clients can access only their server inboxes; they cannot access other public or private folders. POP3 does not provide full manipulation of mail on the server. Messages can be left on the server if required, but typically, mail is downloaded to the client and then deleted. POP3 does not send e-mail—SMTP handles this. You can configure a POP3 virtual server to grant or deny access to specific computers, groups of computers, or domains. You can grant or deny access to a single computer based on an IP address or by overriding POP3 access on a per- user basis A group of computers can be denied or granted access based on their subnet address and mask. You can also control access to an entire domain by specifying a domain name. You can view a list of currently connected users. You can immediately disconnect a single user from this list without disrupting the service of other connected users or denying new connection requests. Installing Exchange Server 2003 automatically installs a default POP3 virtual server. You need to ensure that the default server supports the needs of your specific POP3 clients. The Microsoft Windows Server 2003 POP3 ser vice is not installed on an Exchange Server 2003 server. If you want to install Exchange Server 2003, then you need to uninstall the Microsoft Windows Server 2003 POP3 ser vice and POP3 Web Administration (if installed). Exchange uses its own Microsoft Exchange POP3 service to support POP3 clients. You need to enable this service on your Exchange server before POP3 virtual servers can start. POP3 Virtual Server Configuration Exchange creates the default POP3 virtual server with an IP address of (All Unassigned). As a result, the Exchange server’s IP address identifies the POP3 service on the network. By default, incoming connections use TCP port 110, and Secure Sockets Layer (SSL) connections use port 995. You can use the default IP address, TCP port, and SSL port, or you can assign a different IP address from any available network card. If you have more than one POP3 virtual server on an Exchange server, then each virtual server must have a unique combination of TCP port, SSL port, and IP address. To enable SSL on the POP3 virtual server, you must request and install a certificate. By default, any POP3 client that supports basic authentication can access a POP3 virtual server. You can use selective authentication methods to restrict access, or you can list only specific computers that are allowed to use the service. To further enhance security, you can include or exclude single computers, subnets, and entire domains from accessing a POP3 virtual server. By default, a POP3 virtual server can accept an unlimited number of inbound connections. In practice, there are limitations imposed by the finite resources of the Exchange Server 2003 server. To prevent a server from becoming overloaded, you can limit the number of connections made to the POP3 resource. Messages sent by an Internet client are stored in an Internet format, and no message conversion occurs when a POP3 client reads the message. Messages sent by a Messaging Application Programming Interface (MAPI) client are converted from Microsoft Rich Text Format (RTF) to Multipurpose Internet Mail Extensions (MIME) when read by a POP3 client. If POP3 clients use UNIX to UNIX encoding (uuencode), then you can use uuencode instead of MIME when messages are converted. Before a POP3 client can connect to a server, a mailbox-enabled user must be created in Active Directory for the client. The POP3 client will also need to be configured with account information that is necessary to allow the client to connect to the POP3 virtual server. Overriding server defaults at the user level allows you to support clients with different needs that are accessing the same POP3 virtual server. Overview of IMAP4 Virtual Servers
Like POP3, IMAP4 allows a client to
retrieve a specific user’s mail from the server. Also, IMAP4 can only retrieve e- mail from a user’s mailbox, and SMTP is used to send e-mail. There are strong similarities in the ways that POP3 and IMAP4 virtual servers are configured and managed. However, there are significant differences, IMAP4 vs. POP3 IMAP4 and POP3 are both Internet messaging protocols that allow users to access e-mail. Neither can send e-mail; SMTP is used for this purpose. The protocols differ in where users manipulate their messages. POP3 allows clients to download mail from their inboxes on a server to the client computer where messages are managed. IMAP4 allows clients to access and manage their mail on the server. Unlike POP3 users, IMAP4 users can access other public and private folders on the server if they have permission to do so. You can configure an IMAP4 virtual server to grant or deny access to specific computers, groups of computers, or domains. You can grant or deny access to a single computer based on an IP address or by overriding IMAP4 access on a per-user basis. A group of computers can be denied or granted access based on their subnet address and mask. You can also control access to an entire domain by specifying a domain name. You can view a list of currently connected users. You can immediately disconnect a single user from this list without disrupting the service of other connected users or denying new connection requests. You can configure an IMAP4 virtual server to list all public folders. If you disable this feature, Exchange lists only the client’s private folders Installing Exchange Server 2003 automatically installs a default IMAP4 virtual server. You need to ensure that the default server supports the needs of your specific IMAP4 clients. Exchange uses its own Microsoft Exchange IMAP4 service to support IMAP4 clients. You need to enable this ser vice on your Exchange server before IMAP4 virtual servers can start. IMAP4 Virtual Server Configuration Exchange creates the default IMAP4 virtual server with an IP address of (All Unassigned). As a result, the Exchange server’s IP address identifies the IMAP4 service on the network. By default, incoming connections use TCP port 143, and SSL connections use port 993. You can use the default IP address, TCP port, and SSL port, or you can assign a different IP address from any available network card. If you have more than one IMAP4 virtual server on an Exchange server, then each virtual server must have a unique combination of TCP port and IP address. By default, any IMAP4 client that supports basic authentication can access an IMAP4 virtual server. You can use selective authentication methods to restrict access, or you can list only specific computers that are allowed to use the service. To further enhance security, you can include or exclude single computers, subnets, and entire domains from accessing an IMAP4 virtual server. By default, an IMAP4 virtual server can accept an unlimited number of inbound connections. In practice, there are limitations imposed by the finite resources of the Exchange Server 2003 server. To prevent a server from becoming overloaded, you can limit the number of connections made to the IMAP4 resource. Messages sent by Internet clients are stored in MIME format, and no message conversion takes place when IMAP4 clients read the messages. Messages sent by MAPI clients are converted from RTF to MIME when read by IMAP4 clients. Before an IMAP4 client can connect to a server, a mailbox-enabled user must be created in Active Directory for the client. The IMAP4 client will also need to be configured with account information that is necessary to allow the client to connect to the IMAP4 virtual server Overview of NNTP Virtual Servers NNTP defines a set of client and server commands used to access newsgroups. Exchange Server 2003 uses NNTP virtual servers to enable Outlook users to participate in online discussions over the Internet. You can also enable users running client applications that support NNTP to access newsgroup public folders on computers running Exchange. Exchange Server 2003 does not implement NNTP virtual servers by using a built-in Exchange service (unlike POP3 and IMAP4). Instead it uses the Windows Server 2003 (or Windows 2000 Server) NNTP service. This service is designed to support a standalone newsgroup server, and this makes it easy to create group discussions. When you install Exchange Server 2003, the NNTP service is enhanced. This enables the NNTP virtual server to interface with other news servers through newsfeeds. Using an NNTP virtual server, you can administer newsgroup services from a centralized location and control authentication and client connections. You can create additional NNTP virtual servers to host multiple domains on a single Exchange server. You can create both public and private virtual servers and configure different authentication requirements on each. A public news server can be used, for example, to give users quick and easy access to technical support information. NNTP virtual servers can be used in a master/subordinate configuration. To create a master server, you use the New NNTP Feed Wizard to define a remote server as a subordinate server, rather than directly defining the server as a master server. In Windows 2000 Server, the NNTP service starts automatically. This is not the case in Windows Server 2003, where you need to configure and start the service manually. You can customize the default NNTP virtual server settings and create and configure additional NNTP virtual servers. You can cancel a posting, create a new newsgroup, and remove a newsgroup by sending control messages. Control messages are received by the NNTP service and posted to one of the special newsgroups that are automatically created to manage control messages. These are the control.cancel, control.newgroup, and control.rmgroup newsgroups. NNTP Virtual Server Configuration Exchange creates the default NNTP virtual server with an IP address of (All Unassigned). As a result, the Exchange server’s IP address identifies the NNTP service on the network. By default, incoming connections use TCP port 119, and SSL connections use port 563. You can use the default IP address, TCP port, and SSL port, or you can assign a different IP address from any available network card. If you have more than one NNTP virtual server on an Exchange server, then each virtual server must have a unique combination of TCP port, SSL port, and IP address. By default, an NNTP virtual server can accept an unlimited number of inbound connections. In practice, there are limitations imposed by the finite resources of the Exchange Server 2003 server. To prevent a server from becoming overloaded, you can limit the number of connections made to the NNTP resource. You can also limit the length of time idle connections remain logged on to the server. By default, Exchange disconnects idle sessions after 10 minutes. You can also control the size of individual articles that a user can post, or you can limit the total size of articles that a user can post during a single connection. You can define expiration policies to limit how long articles are stored on a newsgroup’s NNTP virtual server. An expiration policy can apply to a single newsgroup or to all newsgroups on the virtual server. You have a number of ways of controlling access to an NNTP virtual server. You can specify whether users can connect anonymously or whether they need to supply valid usernames and passwords. If users connect over a public network, you can encrypt the connection using SSL, assuming you have obtained the necessary certificate. You can explicitly grant or deny access based on the IP address of the client, and you can include or exclude single computers, subnets, and entire domains. You can also specify the users who are permitted to administer a virtual server by restricting access to administrative tasks on the NNTP server by specifying the accounts that are authorized to modify server settings. By default, Exchange enables basic authentication on NNTP virtual servers. To enhance security, you can use SSL with basic authentication to encrypt all information. If you use basic authentication on NNTP virtual servers, anonymous authentication is disabled. If you want to use both anonymous and basic authentication, then you need to create additional NNTP servers. Integrated Windows authentication is also available but is not a practical option in some newsgroup scenarios. You create a new newsgroup by using the Use New Newsgroup Wizard. The NNTP service creates the directory for the newsgroup automatically, and you have the option of specifying a moderated newsgroup. You can use newsfeeds to distribute articles among multiple computers. Newsfeeds can distribute newsgroup articles between servers within your organization, and between your organization and the Internet through a Usenet host. You can use master, subordinate, and peer newsfeeds to distribute the newsgroup load among servers. A server can have both a subordinate feed and a peer feed. A virtual directory is a public folder store that enables you to store newsgroup files on multiple disk drives. This can improve the performance of a heavily used drive and can provide more storage. Virtual directories also enable you to change the physical location of the directory without changing the name of the newsgroup. Overview of HTTP Virtual Servers The World Wide Web uses the HTTP protocol to define how messages are formatted and transmitted and the actions Web servers and browsers take in response to HTTP commands. Web Distributed Authoring and Versioning (WebDAV) is an extension of the HTTP version 1.1 protocol that allows an HTTP client to retrieve and manipulate information held in the Information Store. Exchange Server 2003 supports HTTP virtual servers and WebDAV to provide the following functions: Document access : HTTP and WebDAV support a collaborative environment in which users can edit documents, protect data, collect resources in a common folder, and move or copy files. E-mail access : HTTP and WebDAV can be used to access mailboxes and messages, notify users that new e-mail has arrived, and allow users to move, copy, or delete e-mail on the server. Application access : HTTP and WebDAV are standards-based application layer protocols that allow access to mailboxes and public folders through a unique Uniform Resource Locator (URL). This allows custom applications to retrieve data directly from the Information Store. Exchange provides support for WebDAV through HTTP virtual servers. Internet Information Services (IIS) converts the folder contents displayed by the HTTP virtual server displays into Web pages and sends them to a user’s browser. The default HTTP virtual server (known as the Exchange virtual server) is created by IIS, and you must administer this server using IIS Manager. However, if you create additional HTTP virtual servers in Exchange, then you should administer them using Exchange System Manager. A default HTTP virtual server is automatically installed, configured, and enabled when you install Exchange Server 2003. It provides users with access to public and private folders. Users can access data by using http://server_name/public to access to public folders and http://server_name/exchange/mailbox_name to access mailboxes. HTTP Virtual Server Configuration Exchange creates the Exchange virtual server with an IP address of (All Unassigned). As a result, the Exchange Server 2003 server’s IP address identifies the HTTP service on the network. By default, incoming connections use TCP port 80, and SSL connections use port 443. You can use the default IP address, TCP port, and SSL port, or you can assign a different IP address from any available network card. If you have more than one HTTP virtual server on an Exchange server, then each virtual server must have a unique combination of TCP port, SSL port, and IP address. The default HTTP virtual server authentication settings vary between server roles, depending on whether the Exchange server is a front-end server or a back-end server. For example, Integrated Windows Authentication is enabled by default on a back-end, but not on a front-end, additional HTTP virtual server. Basic authentication is enabled by default on both back-end and front-end servers, and anonymous access is disabled. If you enable anonymous connections, this allows HTTP clients to access resources with out specifying a Windows user account. You can also configure an HTTP virtual server to use SSL encryption, provided you first obtain and install the required certificate. To prevent a server from becoming overloaded, you can limit the number of connections the HTTP virtual server accepts. You can also limit the length of time that idle connections remain logged on to the server. By default, Exchange Server 2003 limits the number of incoming connections to 1,000 and disconnects idle sessions after 60 seconds. Creating Additional HTTP Virtual Servers and Virtual Directories You can create additional HTTP virtual servers to provide for a number of different collaboration scenarios. For example, you might want to use Integrated Windows Authentication on the default virtual server, but also to provide users outside your organization with information about your company. In this situation, you can enable anonymous access on a separate HTTP virtual server. You can use additional HTTP virtual servers to supplement access to folders that the default Web site in IIS provides. For each virtual server that you create, you must define one virtual directory as the root of the server for publishing content. You can create additional virtual directories to publish content that is not contained within the server’s own directory structure. For example, the virtual directory can provide access to a public folder (or to a mailbox) on a remote domain. When you create a new HTTP virtual server, you must provide access to a public folder or public folder tree, and to an SMTP mailbox domain in order to configure the server’s root. You can change the default e-mail domain of the HTTP virtual server, or you can create additional virtual directories to provide access to mailboxes in multiple domains. When you create a virtual directory, you provide users with access to the contents of a public folder through a URL that takes the form http://virtualserver/public, where virtualserver is the DNS name of the virtual server. You can also access a published directory through Microsoft Internet Explorer or through any client that supports the industry standard HTTP and WebDAV protocols. You can use Microsoft Office to create and save documents directly into an HTTP directory through a feature called Web Folders that lets you work with files and folders that are on a Web server, just as you would with files and folders in My Computer or Windows Explorer. Controlling Access to an HTTP Virtual Server HTTP virtual servers allow you to support a collaborative authoring environment. When you collaborate on confidential material, you need to control access to the data. You may, however, also want users outside of your organization to access public information. In this case, you can use separate HTTP virtual servers and specify different access settings on each. You can configure read, write, and browse permissions on a virtual directory. When you set these permissions, all users are granted the same permissions to access the folders or mailboxes that the virtual directory specifies. Virtual directory settings are general restrictions imposed by IIS and do not override permissions set on the user’s account to access mailboxes and public folders. By default, users can access private mailboxes using a URL in the form of http:// server_name/exchange/mailbox_name after a standard Exchange installation and setup is complete. If you create a new mailbox store, a different URL is automatically assigned to it. This URL is based on the virtual directory name. OWA A default HTTP virtual server is installed and configured during the Exchange Server 2003 installation process to support OWA. You can use OWA to configure Exchange so users can access e-mail, calendar information, shared applications, and any content in the public information store by using a Web browser. To enable your users to access OWA from the Internet, your Exchange Server 2003 server must have an Internet connection, a public IP address, and a registered domain name. In theory, you do not need a registered domain name because OWA users can access their e-mail using an IP address. In the real world, however, this leads to a lot of problems for the administrator and a lot of very unhappy users. OWA can be disabled for the Exchange organization by stopping the HTTP virtual server. It can also be disabled on a per-user basis. Overview of SMTP Virtual Ser vers
SMTP is the Internet standard for
transporting and delivering electronic messages. Exchange Server 2003 expands the SMTP service to give administrators greater control over the routing and delivery of messages and to provide secure access and channels for managing the service. When Exchange Server 2003 is installed, it automatically installs, configures, and enables a default SMTP virtual server. You can alter settings on this server to configure security options, message delivery options, and message filtering. You can configure the SMTP virtual server and the SMTP Connector to support other messaging systems and to relay mail for IMAP4 and POP3 clients. SMTP works closely with DNS, and you can add Mail Exchanger (MX) records in DNS to support your SMTP virtual servers. You can configure SMTP to pull e-mail, which is queued at your Internet Service Provider (ISP), through a dial-up connection. Domain administration is not performed on the SMTP virtual server. You manage local domains through Recipient policies, and you implement most of the configuration you require for sending e-mail to remote domains at the SMTP Connector. If you have different groups of users with varying security requirements or message size needs, then you may want to create additional SMTP virtual servers. You can also, for example, configure one virtual server to handle Internet e-mail, while another handles internal e-mail. Where you support POP3 and IMAP4 clients, you need to permit open relaying for these clients. You do not want to permit open relaying for your entire Exchange organization because this permits the propagation of junk mail. While you can use discretionary access control lists (DACLs) on a single SMTP virtual server to manage this situation, it is often safer and easier to create an additional virtual server for clients that require relaying Configuring an SMTP Virtual Server The display name (for example, Default SMTP Virtual Server) and the IP address and TCP port combination identify an SMTP virtual server. You can also select the IP address that will be associated with the virtual server; by default, this is (All Unassigned). The default SMTP port is TCP port 25. Multiple virtual servers can use port 25, but you must assign a different IP address to each virtual server. You can configure the SMTP virtual server to authenticate incoming connections and also to provide the authentication credentials required by a receiving server. Three authentication methods are available: anonymous access, basic authentication, and Integrated Windows Authentication. You can choose to use one, two, or all three methods. The default setting deactivates anonymous access on SMTP virtual servers. To allow anonymous access, you must manually disable authentication on the virtual server. If basic authentication is enabled, you can require that all clients use Transport Layer Security (TLS) encryption to connect to an SMTP virtual server. TLS is developed from, and is similar to, SSL. This option secures the connection and encrypts the clear-text password sent by the basic authentication method. However, TLS is intended for a point-to-point SMTP connection where both parties know that the other supports TLS. It should not be used if clients access through the Internet. You need to obtain a certificate to implement TLS encryption. You can grant or deny access to an SMTP virtual server to specific users or groups. By default, all IP addresses can access an SMTP virtual server. You can set restrictions by specifying a single IP address, a group of addresses using a subnet mask, or a Windows domain name. Caution : If you grant or deny access based on domain name, you need to configure reverse DNS lookup on each connection. Reverse DNS lookup is resource-intensive and can degrade performance. You can configure an SMTP virtual server to limit the number of messages sent in a single connection. You can improve system performance by allowing the use of multiple connections to deliver messages. You can also configure message size limits and limit the number of message recipients. Creating Additional Virtual Servers you create default virtual servers on Server01, which is a multihomed back-end server. In general, you create a new virtual server if you require different levels of authentication for different groups of users, or different access criteria, or if you want some, but not all, traffic to be encrypted. Additional virtual servers can also provide the following facilities that are specific to the server protocol: HTTP : You can create additional HTTP virtual servers to provide for a number of different collaboration scenarios where different levels of authentication and access control are required. You can use additional HTTP virtual servers to supplement access to folders that the default Web site provides. When you create an additional HTTP virtual server, you also create an additional virtual directory. You can use additional virtual directories to publish content that is not contained within the server’s own directory structure. NNTP : You can create additional NNTP virtual servers to host multiple domains on a single Exchange server. You can, for example, use the default virtual server to access public newsgroups and implement public newsfeeds and to create an additional virtual server for internal newsgroups. POP3 and IMAP4 : You create additional POP3 and IMAP4 virtual servers if you have groups of clients with differing requirements. For example, you might have one group of POP3 clients that can understand messages in MIME format while another group uses uuencode. Where there are sufficient numbers in both groups, you would create an additional virtual server. If there were only a few users in the second group, you would configure per-user settings. SMTP : You can create an additional SMTP virtual server and configure one virtual server to handle Internet e-mail while the other handles internal e-mail. You can also create an additional virtual server to support open relaying for POP3 and IMAP4 clients. Often, however, configuration is best implemented on an SMTP connector rather than on a virtual server. Configuring Virtual Server Settings When you create virtual servers, you assign identities to them and specify parameters, such as IP address and, if necessary, TCP and SSL port numbers. You can configure additional settings on a new virtual server when you create it, or you can create it and configure it later. If you want to change the configuration on a running virtual server, then you should pause the server before making the configuration change and restart it afterwards. Configuring an HTTP Virtual Server When you create a new HTTP virtual server, you need to assign a unique identity—that is, a unique combination of IP address, TCP port, SSL port, and host name. You also need to configure the server’s virtual directory by providing access to a public folder and to a mailbox. When you have created a new virtual server, you can configure it using Exchange System Manager. (Remember that the default HTTP virtual server—the Exchange virtual server—is configured using IIS.) You can do any or all of the following: Limit the number of concurrent connections to the virtual server and configure the number of seconds that must elapse before an unsuccessful connection times out. Control access to the server by setting connection limits, configuring read, write, and browse permissions, setting script and executable access, and editing authentication methods (allowing anonymous access, if required). Create additional virtual directories to publish content not contained within the server’s own directory structure. Virtual directories appear to client browsers as though they are part of the virtual server’s directory tree. You can also set a default document Configuring POP3 and IMAP4 Virtual Servers The procedures to create and configure POP3 and IMAP4 virtual servers are almost identical. When you create a new POP3 virtual server, you complete the New POP3 Virtual Server Wizard to specify the server’s IP address and TCP port. When you create a new IMAP4 virtual server, you complete the New IMAP4 Virtual Server Wizard to specify the server’s IP address and TCP port. After you complete the appropriate wizard, you can configure the settings using Exchange System Manager. You can do any or all of the following: Control access to the server by editing the authentication methods. If you want to enable SSL encryption, you need to obtain, install, and associate a certificate. Secure access by IP address, subnet, or domain name. Limit the number of connections that can be made to the virtual server at any one time and the length of time that idle connections remain logged on to the server. By default, Exchange disconnects idle sessions after 30 minutes. Configure client support by specifying message formats. On POP3 virtual servers, you can specify uuencode and support Macintosh clients by specifying BinHex for Macintosh. Disable complete public folder listings to improve the performance of clients that have difficulty with a large number of folders (IMAP4 only). Enable fast message retrieval to improve performance for clients that do not require exact message sizes (IMAP4 only). Configuring NNTP Virtual Servers You create additional NNTP virtual servers by completing the New NNTP Virtual Server Wizard. This lets you specify the IP address and TCP port. You also need to specify the path to internal files, the storage medium, and the path to the virtual directory that stores the news content. After you complete the wizard, you can configure the settings using Exchange System Manager. You can do any or all of the following: Set connection and posting limits. Control access to the server by editing the authentication methods. If you want to enable SSL encryption, you need to obtain, install, and associate a certificate. You can also secure access by IP address, subnet, or domain name. Create a newsgroup and a newsgroup expiration policy. If you create a moderated newsgroup, you need to specify the path to the directory that stores articles until moderators approve them. You should specify the path to the pickup directory of the SMTP virtual server that is used for moderated groups. Normally, this is the default SMTP virtual server and the path is \Inetpub\Mailroot\Pickup. Create a newsfeed in either a master/subordinate or peer configuration. Configuring SMTP Virtual Servers You create additional SMTP virtual servers by completing the New SMTP Virtual Server Wizard. This lets you specify the IP address. If you want to change the default settings for the TCP port and the SSL port, you can do so by using Exchange System Manager. You can also use Exchange System Manager to do any or all of the following: Configure incoming and outgoing connections. Specify authentication settings for incoming connections and for outbound messages. If required, you can also set up the virtual server to resolve anonymous e-mail. Take care with this setting. If you configure an SMTP virtual server to resolve anonymous e-mails, it is possible for unauthorized users to send e-mail by using the forged address of legitimate users. Specify TLS encryption, if you have obtained the necessary certificate. Set IP address and domain name restrictions, and grant or deny submit permissions to users or groups. You can also configure filtering. Configure relaying. Be careful to restrict this as severely as possible; open relaying can increase the risk of your Exchange organization being used for junk mail propagation. Specify limits for message size, number of recipients, and the number of messages per connection. You can also change the location of the SMTP queue. Specify a storage location for copies of non-delivery report (NDR) messages and configure a masquerade domain to replace the actual identity of that storage location in the outgoing message heading. Configure message delivery by specifying retry intervals and message hop count. You can also specify fully qualified domain name (FQDN) and configure the server either as a smart host or to forward outgoing e-mail to a smart host. You can enable reverse DNS lookup and create a reverse DNS list.