As you know, the mail server system consists of three components, the POP3 service, the Simple Mail Transfer Protocol (SMTP) service, and the e-mail client. The POP3 service is used in conjunction with the SMTP service, POP3 provides the user with a mail download service, while SMTP is used to send messages and to deliver messages between servers. e-mail clients are software used to read, compose, and manage e-mail messages.
The new POP3 service component of the Windows Server 2003 operating system enables users to build a mail server without the use of any tool software. With an e-mail service, you can install the POP3 component on a server computer to configure it as a mail server, and an administrator can use the POP3 service to store and manage e-mail accounts on the mail server. Let's discuss the configuration and management of the mail server.
Second, configure POP3 mail server
When the initial installation is complete, the POP3 service component is not installed. Therefore, before you configure the POP3 service, you must first install the appropriate components before you can work with settings such as authentication methods, mail store settings, domain, and mailbox management.
The POP3 service provides three different authentication methods to authenticate users connected to the mail server. Before you create any e-mail domain on the mail server, you must select an authentication method. You can change the authentication method only if there is no e-mail domain on the mail server.
1. Local Windows account authentication
If the mail server is not a member of the Active Directory domain and you want to store the user account on the local computer where the mail service is installed, you can use the local Windows account authentication method to authenticate users of the mail service. Local Windows account authentication integrates messaging services into the local computer's security account Manager (SAM). By using the security Account manager, users who have user accounts on the local computer can use the same user name and password that are authenticated by the POP3 service or the local computer.
Local Windows account authentication can support multiple domains on one server, but user names on different domains must be unique. For example, a user named email@example.com and firstname.lastname@example.org cannot exist on a single server at the same time.
If you create a mailbox with the appropriate user account, the user account is added to the POP3 users local group. Members of the POP3 Users group cannot log on to the server locally even if they have the same user account on the server. Using the computer's local security policy can increase the limit on local logons, so only authorized users have local logon rights, which can improve the security of the server. In addition, if the user cannot log on locally to the server, it does not affect their use of the POP3 service.
Local Windows account authentication also supports e-mail client authentication for plaintext and Secure Password Authentication (SPA). PlainText authentication is not recommended in which plaintext transmits user data in an unsecured and unencrypted format. Spa requires that e-mail clients use secure authentication to transmit user names and passwords, so this method is recommended instead of plaintext authentication.
2. Active Directory integrated Authentication
If the server that installs the POP3 service is a member of the Active Directory domain or is an Active Directory domain controller, you can use Active Directory-integrated authentication. Also, with Active Directory-integrated authentication, you can integrate the POP3 service into an existing Active Directory domain. If you create a mailbox that corresponds to an existing Active Directory user account, users can use an existing Active Directory domain user name and password to send and receive e-mail.
You can use Active Directory-integrated authentication to support multiple POP3 domains so that you can establish the same user name in different domains. For example, you can use a user named Webmaster@ghq.net and a user named email@example.com.
When you are using Active Directory-integrated authentication and have multiple POP3 e-mail domains, when creating a mailbox, make sure that you consider whether the name of the new mailbox is the same as the name of an existing mailbox in another POP3 e-mail domain. Each mailbox corresponds to an Active Directory user account.
Active Directory-integrated authentication supports both plaintext and Secure Password Authentication (SPA) e-mail client authentication.
If you upgrade a mail server that is using local Windows account authentication to a domain controller, you must follow these steps:
(1) Delete all existing e-mail accounts and domains in the POP3 service.
(2) Create the Active Directory.
(3) Change the local Windows account authentication method to the Active Directory integrated authentication method.
(4) Recreate the domain and the corresponding mailbox.
It should be noted that if you do not follow the above recommended upgrade process, it is possible that the POP3 service will not work properly. In addition, when using Active Directory-integrated authentication, to manage the POP3 service, you must log on to the Active Directory domain instead of logging on to the local computer.
Using the Active Directory domain of the two authentication mechanisms, you can implement the authentication mechanism for client connections. Right-click the computer name in the POP3 Services console and select the Properties menu item to display the Computer Properties dialog box. Select the "Require Secure Password Authentication (SPA) for all client connections" check box to enable authentication for all e-mail clients in the domain. Spa supports only Active Directory-integrated authentication and local Windows account authentication. If Spa is enabled, the user's e-mail client must also be configured to use SPA. Configuring the mail server requires Secure Password authentication, which affects only the POP3 service and does not affect the Simple Mail Transfer Protocol (SMTP) service.
3, encryption password file authentication
Encrypted password file authentication is ideal for large deployments where the Active Directory is not yet installed and you do not want to create a user on the local computer, and you can easily manage a large number of accounts that may exist from a single local computer.
Encrypted password file authentication uses the user's password to create an encrypted file that is stored in the directory of the user's mailbox on the server. During the user's authentication process, the user-supplied password is encrypted and then compared to the encrypted file stored on the server. If the encrypted password matches the encrypted password stored on the server, the user is authenticated. If you are using encrypted password file authentication, you can use the same user name in different domains.
Third, the management of mail server
i) set the location of the message store
By default, the system saves user messages in the C:\Inetpub\mailroot\Mailbox folder. Because the capacity of the system partition is very limited, it is often necessary to modify the message storage location to another partition. If you want to set up where messages are stored, you must be a member of the local Computer Administrators group, or you must be delegated the appropriate permissions. If you join a computer to a domain, members of the DomainAdmins group might also be able to perform that setting.
(1) Open the Manage Your Server window, click the Manage this mail server hyperlink in the mail server (POP3,SMTP) column, or click the Start-> Control Panel-> Administrative Tools-> POP3 Services option to display the POP3 the Service Console window.
(2) Right-click the "Computer name" node and select the "All Tasks"-> "Stop" submenu in the pop-up shortcut menu to stop the e-mail service.
(3) Right-click the computer name node and choose Properties Submenu from the shortcut menu that pops up, the Mail Server Properties dialog box is displayed, and a new message store folder and path, such as D:\Mailbox, is typed in the root Mail directory text box. You can also click the Browse button to locate and locate the folder where you want to save the user's mailbox.
(4) Then click OK to display the POP3 service warning box, which indicates that the existing domain will not store the message correctly, and that the domain directory must be copied to the new root mail directory to retain the current account body.
(5) Clicking the "OK" button displays the POP3 Service prompt box, where you are reminded that you need to restart the POP3 service and SMTP service to make the changes take effect.
(6) Click the Yes button to restart the mail service.
(7) Open the system's Windows Explorer and copy the domain directory to the new root mail directory. For example, if you set the domain name to ghq.net and the new root mail directory is D:\Mailbox, you should copy the Ghq.net subfolders in the C:\Inetpub\mailroot\mailbox folder to the D:\Mailbox folder.
(8) Right-click the "Computer name" node and select the "All Tasks"-> "Start" submenu in the pop-up shortcut menu to start the e-mail service.
(9) Right-click the Computer name node and select the "All Tasks"-> "Refresh" submenu in the pop-up shortcut menu to take effect for the new domain directory.
In this dialog box, although you can also change the receive server port (110), this is not recommended. The reason is very simple, this is because when modifying the POP3 port, the user also has to do the corresponding setting in the email client, will undoubtedly increase the user's mailbox setting difficulty. In addition, the change settings will not take effect until the POP3 service is restarted.
II) Admin Domain
During the mail server installation, a new domain name will be added and set up for use in the e-mail service. If the enterprise requests two or more domain names, or if the server provides mail services as a virtual host, you can also add multiple domain names to enable the coexistence of multiple messaging virtual services.
1, create the domain
(1) First open the "POP3 Service" console, right-click the computer name node in which, and select the New-> field option from the shortcut menu that pops up, and the Add Field dialog box appears, and in the Field Name text box, type the new domain name, And make sure that the domain name already has the MX record set up in the DNS service.
(2) Click the OK button in the dialog box to complete the addition of the new domain name.
Repeat these actions to add multiple domain names to the mail server.
In addition, the following points should be noted when operating:
The POP3 service supports top-level and level three domain names, for example, Ghq.net and js.ghq.net are supported.
If you are using Active Directory-integrated authentication, you must be logged into the Active Directory domain instead of the local computer to perform this procedure.
2. Admin domain
In a POP3 console tree, you can manage the e-mail domain as necessary, such as delete, lock, or unlock control.
(1) Delete the domain. In the POP3 Services console tree, click Computer Name and right-click the field that you want to delete, and then click the Delete menu command to display a prompt to confirm the deletion of the field. Clicking the OK button in the prompt box deletes the domain, all mailboxes in the domain, and all messages stored in the domain.
(2) lock/unlock domain. Right-click the field you want to lock, select the Lock menu command, and Lock the field. When you unlock a domain, simply select the Unlock menu command in the right-click shortcut menu.
3, manage the mailbox
Once you have established a mail domain, you can create an account in that domain, that is, a mailbox account.
3.1 Creating mailboxes
(1) Open the POP3 Service Console window, select the domain for which you want to create a new mailbox, select the new-> Mailbox submenu in the right-click shortcut menu, or select the field you want to add a user's mailbox to, and then right-click the space in the right column and select New-> Mailbox from the shortcut menu that pops up. option, the Add Mailbox dialog box is displayed, in which the Mailbox Name text box is typed webmaster (Letters are case-insensitive), and the same username password is typed in the Password and Confirm password boxes. For example, if you add a mailbox named WXL to the ghq.net domain, the user's e-mail address is firstname.lastname@example.org.
It should be noted that if you use local Windows account authentication or Active Directory integrated authentication, unless a user account with the same name as the mailbox you are creating already exists, you should select the Create an associated user for this mailbox check box, and create a new user and give the user the right to log on to the domain. If you have created a user name in the domain that is the same as the mailbox name, you should clear the check box. Otherwise, the user name is displayed with a prompt box.
(2) Click the OK button, the POP3 Service dialog box appears, prompting the user that the mailbox has been added successfully. If you do not want to display the dialog box, select the Do not show this message again check box.
(3) Click "OK" button, the mailbox has been added complete. Repeat this to add an e-mail to all network users.
3.2 Delete Mailboxes
(1) Open the "POP3 Service" console, select the e-mail domain where you want to delete the mailbox, select the mailbox you want to delete, and right-click, select the Delete menu item (or click the Delete mailbox connection after you select the mailbox you want to delete). The Delete Mailbox dialog box is displayed to ask if the user account associated with this mailbox is also deleted. If this check box is selected, the user in the Users group is also deleted. This means that the user is also denied access to the sending e-mail server and to the domain.
(2) Clicking the Yes button deletes the mailbox and also deletes the mail store directory for that mailbox and all e-mail messages stored in the directory.
3.3 Lock/Unlock Mailbox
If you need to temporarily disable a mailbox account, but you do not need to remove it for later activation, you can temporarily lock the mailbox account. When a mailbox is locked, it can still receive incoming e-mail messages sent to the mail store. However, the user cannot connect to the server to retrieve e-mail messages. Locking a mailbox only restricts the user from being able to connect to the server. However, administrators can still perform all administrative tasks, such as deleting mailboxes or changing mailbox passwords.
You can lock the mailbox by right-clicking the mailbox you want to lock in the POP3 Service Console window and selecting the Lock submenu from the pop-up shortcut menu. To unlock the mailbox, simply select the Unlock submenu from the shortcut menu that pops up.
3.4 Mailbox Property settings
What users care about most about mailboxes is the size of their capacity and security issues. The POP3 mail server for Windows Server 2003 can limit the disk space on one account by enabling disk quotas to achieve the corresponding mailbox size setting. At the same time can also change the initial mailbox password, which effectively protects the interests of the server and users. Not only prevents users from using unlimited disk space, but also protects the security of users ' messages. It is important to note that the root mail directory must be created in an NTFS-formatted hard disk partition, or the system will not be able to implement disk quotas.
Mailbox size Settings
If your mail server uses Active Directory-integrated authentication or local Windows account authentication, when you create mailboxes for users, a quota file is created by default and the appropriate disk quotas are enabled. Therefore, if the user's mailbox uses the default disk quota setting, it is no longer necessary to separate the settings for each user.
(1) Enable the disk quota feature. Because the disk quota feature is applied to all e-mail addresses by default, you should take full account of the total capacity of the disk, the total number of users, and so on to properly set the disk quota feature.
(2) Set disk quotas individually for individual users. For some users who have special requirements for mailbox capacity, you can set disk quotas for them individually. To simplify operations, you can create a mailbox and user account as a template and specify disk quotas for it. The quota file is then copied from the mail store directory in the domain account to the mail store directory corresponding to all mailboxes in the domain. or use the command winpop createquotafile Username@domain[/user:usemame] to make the disk quota option available to other specified accounts in the domain. Where the winpop createquotafile is used to create a quota file, Usemame@domain to specify the user who created the quota file, the/user:username option will refer to the quota file for the existing user account to create a new quota file.
To operate with a command
At the command prompt, type the command: winpop changepwd username@domain newpassword to complete the account password changes.
In fact, there are many operations that can be done at the command prompt, as follows:
Create domain: winpop add domain_name
Delete domain: winpop delete domain_name
Locked domain: winpop lock Domain_nanle
Unlock domain: winpop unl Ock domain_name
Create mailbox: winpop add Username@domain_name[/createuser:new_user ' s_password]
Delete mailbox: winpop delete Username@domain_name/deleteuser
Lock mailbox: winpop lock Username@domain_name
Unlock mailbox: winpop unlock Username@domain_ Name