Implement SMTP service

SMTP service overview

Given the default reader group of this course is the old users who have been more familiar with the use of the Internet, so we don't plan to spend a lot of time to introduce E_mail's usage common sense. If the reader happens to send and receive E_mail's operations, there is still unclear Places, see other courses about Internet basic operations. In this section, we focus on the principle of e_mail communication and its implementation mechanism at a lower network level. We will try to establish the most basic understanding of the principle of e_mail in the Internet in the reader.

We know that the uniqueness identifier of the E_mail user is the email address, such as uesrname@domain.com, that is, the user named uesrname uses the domain name Domain.com to send and receive mail. Users typically use client mail software (such as Foxmail, Outlook Express, etc.) to make email. After the customer submits the mail to the mail server, it is also necessary to make a series of complex delivery operations by the server, which can transfer the mail to the mail server host where the destination address is located. The implementation of this process relies on SMTP services, and SMTP defines a set of valid mail delivery rules, which specifies the criteria compliance with all mail servers in the network.

Here we have to point out that the email service we are familiar with is except for the SMTP protocol, and the POP protocol is also supported by the POP protocol, so the IIS server does not implement intact mail service, this You need to be clear. In general, SMTP is responsible for mail delivery, for example

From the client to the mail server, and the transfer work between the servers. The POP protocol enables customers to retrieve mail sent by SMTP and download the user's local users.

The right figure shows the role of the SMTP and POP protocols during email delivery. SMTP stores emails in a folder, and users can implement mail transmission as long as the message you need to send is in the folder referred to in the SMTP server, but the user has to retrieve the corresponding folder to get its own new email (practice) This method is not used in this way).

Now let's look at POP, the meaning of POP is the post office protocol. Generally, people are accustomed to using the version of the POP protocol to call the POP server, and most POP servers currently on the Internet are POP3 servers. As the right image, the SMTP server sends the message to the POP3 server. User contacts the POP3 machine using the client mail software, after authentication using the account and password, the user sends the message to the server locally, and the POP3 server sends the user email to the user. In this process, the POP3 server itself is also a SMTP server, but it can specify a separate folder for each user, which is the pure SMTP server can't do.

The above content is not the way most email service providers actually use, as a supplement, we will make a brief introduction to the usual way of work using public email service providers (such as Freemail.263.net, Hotmail.com). They usually use two mail server addresses simultaneously, such as Freemail.263.net: Its POP3 server is 263.net, and the SMTP server is SMTP.263.NET. The user is connected to the 263 free mail server through the client mail software (need to configure SMTP and POP3 server addresses), first pass the account authentication, and then send and receive mail. Here, two processes are involved: SMTP and POP3. The user uses SMTP to send mail via TCP port 25; and POP3 retrieves the user's new message and transmits new mail to the user locally using TCP port 110. It can be seen that the perfect mail service requires the common role of SMTP and POP3. But in view of IIS, POP3 is not supported, we will not introduce a lot of POP3 content. Speaking here, readers should clearly understand the limitations of IIS in email services, but in some occasions, SMTP still has its value. SMTP working principle

The forebel is mentioned that the SMTP services supported by IIS have a number of functions or performance limits, which is determined by the SMTP service itself. In fact

Even the SMTP service supported by IIS is just Microsoft's other mail products, such as Exchange, Site Server, easy to provide a simple version of the SMTP service. It is better to say that there is a technical bottleneck, it is better to say to Microsoft's product strategy. After all, IIS is free with Windows 2000, and Exchange, Site Server or other companies such as mail (such as Notes, etc.) It is a worthwhile software. At the same time, for small commercial enterprises, governments, education institutions, IIS's SMTP is en suited. At the same time, in some cases (propaganda, marketing, etc.) (publicity, marketing, etc.), using SMTP, have unexpected effects. In order to make up for the SMTP service, some system administrators have also written some ASP code to implement mail search work by writing some ASP code.

Can (via the CDO for NTS library), you can read simple mail in the SMTP folder.

The SMTP implements the transmission of the message through the folder, and an email is placed in different folders by SMTP in each of the different processes (status) of the store. For example, users only need to send messages to be sent to send folders, which can be automatically sent by IIS, and the new message received by the user is also put into the recipient folder by IIS.

The default SMTP site generated by IIS has the default folder as shown on the right, which is located in the mailroot folder under the INETPUB directory.

The function folder is:

● Pickup: Pick up the message to be sent, the user puts the message to this folder.

● Queue: Save the message during the transfer process, because the network is busy, the target server is not responding, etc. Causes can not be sent once, and there is such a wait for continuing to send.

  DROP: Receive all incoming mail.

● BADMAIL: Store cannot be delivered and cannot return the sender's message (called Death).

● Route, SortTemp, Mailbox: IIS Use these directory to sort and reorganize messages sent to other servers, so that the delivery process is orderly, fast.

Note: In the above folder, the remaining folders must be saved on the NTFS partition in addition to Badmail and DROP to other partitions.

The working principle of SMTP service is as shown on the right. Once the user will be put into the PICKUP folder, IIS instantly picks the letter email and add the Queue folder, and then determined by the IIS to determine the target address of the message, according to the recipient Located in the local or remote judgment Next: ● Local mail delivery: If the message is sent to local recipients, IIS will be from Queue Wen

The folder is moved directly to the DROP folder, once the message is stored in the DROP directory, SMTP's mail transfer loop is completed.

● Remote mail delivery: The SMTP service will do the following for the message of the recipient account in the remote mail server.

1. The SMTP service groups mail to enable multiple emails at the same time at the time of transmission to optimize network resource consumption.

2. IIS is responsible for checking if the remote mail server is ready to receive mail, once ready to work properly. Otherwise, the message will re-enter the mail queue (Queue folder), then IIS will contact the new attempt to contact the target server every other time, and the number of attempts can be set in the SMTP service properties (see below).

2. IIS is responsible for checking if the remote mail server is ready to receive mail, once ready to work properly. Otherwise, the message will re-enter the mail queue (Queue folder), then IIS will contact the new attempt to contact the target server every other time, and the number of attempts can be set in the SMTP service properties (see below). 3. IIS sends mail to the Internet (intranet), after the target mail server returns a successful message, the message is successfully completed. The optional advanced features in this step include SSL encryption, use smart host forwarding, specifying special routing, etc., will be detailed later. 4. Once the target mail server cannot accept the email (mainly because the destination address does not exist or mail it), IIS will attempt to return the message to the sending user, if the return operation is unsuccessful, the message will be delivered as a dead letter to the Badmail folder. The above process is the working principle of SMTP services in IIS. In addition to the IIS server, the client also needs to install client mail programs.

Configuring SMTP Server Based on the SMTP service work in the above, we will discuss specific methods and techniques for configuring SMTP servers in this section. The creation, management, and configuration of the SMTP server is done in IIS, where the SMTP server property form and domain property form are the main interface configured for SMTP. Creating a SMTP virtual server   SMTP service also has a virtual server concept, and you can implement multiple SMTP mail servers on the same computer by creating an SMTP virtual server. Of course, the default directory of different virtual servers (mail folders) is different. The only difference between the SMTP server has the IP address and the TCP port number, the default TCP port number of the SMTP service is 25. Usually after IIS installation is complete (SMTP service is selected), the system automatically generates a default SMTP site, which is the default Web server and the default FTP server shared system default IP address. The following we will create a new SMTP virtual server site:   1. Right-click on the computer node in the IIS Management Control Tree, as shown in the top right, point to [New] click [SMTP virtual server] in the pop-up menu. 2. In the [SMTP Virtual Server Create Wizard] dialog box, the name of the new site is specified in the [SMTP Virtual Server Description] column actually used to distinguish between the IIS inside, note that this name is not domain name of the SMTP server. Click [Next]. 3. As shown in the left figure, specify the IP address used by the SMTP virtual server in the [Selected IP Address] dialog box. Click [Next]. 4. On the right, as shown in the figure, in the [Select Home Directory] dialog box, click [Browse] to specify the server home directory, which mentioned above is included in the server home directory. Note that the SMTP home directory must be in the NTFS partition, otherwise the wizard will not be recognized, but the Badmail and Drop folders can be moved later in other partitions. Click [Next]. 5. As shown in the figure, in the [Select Default Domain] dialog box, specify the default domain name of the current SMTP virtual server, the default domain will inherit all site properties, one SMTP virtual server can only have one default domain, the domain will not Deleted unless the default domain duties are transferred in advance to other domains. IIS will name the default domain using the domain name specified here. 66. Click [Complete] End the SMTP virtual server to create a job.

Creating a SMTP scope   SMTP virtual server contains at least one domain, namely a local default domain, which is used to tag a general message. The local default domain has only one and cannot be deleted. The name of the default domain is specified: if the IIS computer registers a DNS domain name in its DNS server (from [Control Panel], [Network], [TCP / IP Properties] dialog box), local default The domain automatically uses this name, even if this name is changed, IIS will automatically synchronize when the next computer is started; if the IIS computer does not set a DNS domain name, the local default domain name is the computer name of the server. The method of creating a SMTP scope is as follows:   1. In the IIS Management Control Tree, right-click the [domain] subtode next level next level, point to [New] click [Domain ...] in the pop-up menu. 2. As shown in the top right, in the [New SMTP Domain Wizard] dialog box, the new domain type is developed, and the alias domain is a copy domain of the local default domain, which uses the same system folder as the local default domain (DROP and other directories); The remote domain is to facilitate the management of the remote site to be managed. Click [Next] to continue. 3. As shown in the lower right picture, in the [Name] column of the [Select Domain Name] dialog box, specify the domain name used by the user to receive / send by this domain, that is, the domain name in the user's email address "@" characters section. Click [Complete] to end the configuration. At this point, the newly created domain appears in the SMTP virtual server region list. In the domain node of the SMTP virtual server, a list of all domains is provided. Danger the domain icon can open the Domain Properties dialog box and configure its properties. Since the alias domain is a copy (image) of the local default domain, its attribute is unconfiguration. SMTP Virtual Server General Properties   SMTP Virtual Server Properties form provides an operation interface for the SMTP virtual server properties for detailed configuration. In the [Regular] tab of the attribute form, the general virtual server parameters can be specified, the execution steps are as follows:   1. Right-click the SMTP virtual server node in the IIS Management Control Tree, click [Properties] in the pop-up menu to open the SMTP site property form. 2. As shown in the right image, in the [Name] column of the property form [General] tab, you can modify the virtual server ID specified when you create a site, the default SMTP virtual server in the figure is created at the IIS installation. 3. In the [IP Address] drop-down list, specify the IP address used by this site (the default is port number with 25). Under normal circumstances, specify an IP address to meet the user requirements for a virtual server, but sometimes we also need complex IP addresses and TCP port number settings, such as using multiple IP addresses as the available addresses of the virtual server, or specify the same ( And even multiple TCP port numbers of the address, then configure advanced IP address properties. In the left, click [Advanced] to open the Advanced Address Settings dialog. 4. In the [Address] list in the [Advanced] dialog box, the default lists the single IP address and the default port number 25. Click [Add] to specify an additional IP address and TCP port number. The identity of the same virtual server is unrestricted on quantity. However, if the non-default (25) port number specified here, the client mail program requires additional configuration. Click [OK] after completion. 5. Select the [Using Logging] check box in the [Regular] tab, specify the activity log format, and click [Properties] to set the log time and method of the log. For logging issues, we have already spent a lot of ink in the chapter of WWW and FTP services, so there is no longer detailed here.

SMTP connection restrictions  tSMTP connection restrictions are similar to bandwidth truncation in the WWW service, which is the availability of the site. Click [Connection] in the [General] tab of the SMTP virtual server properties form, open the [Connection] dialog shown in the left. The SMTP connection property includes incoming and outgoing two parts, limiting the connection limit number and connection timeout of incoming and outgoing virtual servers, respectively. The connection limit number refers to the upper limit of the number of incoming (receiving mail) and outgoing (email) connecting to the current SMTP virtual server. The reason why the incoming and outgoing connections is to be separately restricted, because for a mail server, it is necessary to guarantee the quality of the transmission of the message, but also guarantee the response speed of the mail. Such as the right picture, select the [Connection] column in the [Connection] tab, select the [Restriction Connection] check box, make the connection restriction function take effect, then specify the maximum number of incoming connections to the incoming connection, this A value defaults to 1000. For the message outline specified in the [Outlet] column, you can set the number of email from each domain or the entire virtual server. The so-called connection timeout means that each connection is automatically disconnected from the server after each connection is continuously idle. The default timeout is 10 minutes (incoming) and 25 minutes (out). The TCP port number can also be changed in the connection dialog. Setting the mail properties   via the mail property, the SMTP virtual server can limit the size and quantity of the user mail. This limitation is in the reasonable allocation of network resources, especially bandwidth resources. For example, the user's mail size is limited, avoiding a single user exclusively network traffic; if the number of recipients of the message is effective, spam is controlled. The message attribute of the SMTP server is configured in the [Mail] tab of the virtual server property form, as shown on the right. By default, all restrictions are valid. Let's take a look at the four email restrictions here:   restricted mail size: Limit the maximum mail size capable of restricting the SMTP server, in KB (default 2048KB). When the customer mail program is attempting to send a message greater than this restricted message, the unprecedented report (NDR) will then return the message to the client. For remote mail servers, if it supports EHLO, check this limit before actually sending emails, automatically generate NDR and report the sender when the message is too large. The server that does not support EHLO is attempted to send too large mail until this limit is exceeded, and it is forced to end the transmission and claim NDR. If you do not want to limit this value, you should deselect [Restriction mail size] check box, here are the following.

Limit session size: Limit the sum of all mail sizes in a connection, that is, the total data traffic size during a connection process. When setting this value, you should consider the effect of the mail agent (MTA) repeatedly submitted the email. The unit of this value is KB, the default maximum message is limited to 10240KB.   Limit the number of messages for each connection: Restrict the number of messages that can be sent in a single connection, the default is 20. Emails exceed this limit will be rejected. To limit this value, consider the performance limits caused by the large-circular email user, and users will have to re-establish the connection in order to complete a large number of email.   Limit the number of recipients for each message: limit the upper limit of the number of recipients per email, default is 100. Email that exceeds this upper limit will return the sender and attach an unprecedented report (NDR). Some customers will return to the SMTP server again with NDR messages. At this time, the SMTP server will no longer reject, but re-establish a connection to send these messages. [Mail] tab can also set the value of [Send a copy of the unprecedented report to], which specifies a mail address, and all NDR reports generated by the SMTP server will be sent in a copy. Address, which is usually handled by the SMTP server administrator. Another set value is the [Dead Letter ", and the dead letter is neither successful, and cannot return the sender's mail, and the dead letter catalog is used to store these dead letters. Setting the SMTP delivery attributes   in the SMTP working principle described above, we have not mentioned how the SMTP server handles these messages if the message is sent once. In fact, an email is quite complex during its actual transmission, how to deal with the fate of the mail in a variety of circumstances, is the SMTP mail delivery attribute. As shown on the right, the SMTP mail delivery attribute is set in the [Pass] tab in the virtual server properties form. The mail delivery property is divided into outbound properties and local attributes. The outbound delivery attribute of the message can set a series of parameter values. Unlike the mail limit parameters of the previous section, these parameters are not optional, that is, the administrator must specify the delivery parameter or use the default value. First, Second, the third retry interval: Once IIS opens a certain connection, the message can be sent out by the receiving server is ready to receive data. But how do the SMTP server handles the email if the SMTP server fails to receive the message for the first time. The three parameters here define that once the email has not been successfully sent, the SMTP server tries to contact the interval of the receiving server, the default is 15, 30, 60 minutes. That is to say, the SMTP server will try again for the first time I first tried to send 15 minutes after the first tried; once it is not successful, I try again after 30 minutes (second Secondary try); the third retransmission interval is pushed by this class. The so-called retransmission here is actually IIS to put these messages from the newly put into the mail queue folder (DROP).

Subsequent retransmission interval: After defining the first three retransmission, (if not successful) SMTP will re-transfer at a uniform interval, the default subsequent retransmission interval is 240 minutes. Now, we will consider the impact of retransmission time for the impact of mail users and SMTP servers. It should be said that the mail user hopes that the mail can quickly and accurately reach the recipient server. Since the total number of retransmissions is fixed (48 times), the smaller retransmission interval can improve the timely time of mail delivery; And larger retransmission intervals can improve the reliability of mail retransmission. However, re-sending mail is often not successful within a short interval, which is due to the fact that the pass failure is much in the state of the remote mail server. Therefore, if the retransmission interval is set small, in addition to greater bandwidth pressure to the SMTP system, the transmission performance of the message will not be improved. After the number of resensus retransmissions is reached, if the message still fails to send recipients, the SMTP server returns the message to the sender while attaching a NDR (not delivered). The following two parameters are valid for local and outbound mail properties. Delayed Notice: In order to allow time delays between local and remote mail systems (transfer information on the network), set a default network delay time, and the SMTP server will send a report such as NDR. Consider this delay time. This value defaults to 12 hours, we can set the development time in minutes, hours, days, and the maximum is 9999 days.   expired timeout: The maximum number of emails mentioned earlier is not the only criterion for restrictions on mail retrans, and the expiration timeout specified is after a certain period of time, the SMTP server automatically abandon the sending of the message, regardless of the number of retransmission . The default expiration timeout is 2 days, like the delay notification parameter, we can specify this value between 1 minute and 9999. The above-mentioned specified delivery attributes can generally meet the email transmission requirements, and for advanced mail delivery properties, we have to set it separately in the [Advanced Send] dialog box. In the [Pass] tab of the virtual server property form, click [Advanced] to open the [Advanced Send] dialog box as shown in the right. The parameters that can be specified are as follows:   Maximum hop: The number of hops is the number of packets through the router on the Internet, and the maximum hop number specifies a message in the process of transferring to the recipient server. The upper limit of the router's number of routers, the default is 15, that is, after the mail passes 15 routers, it will be automatically discarded and returned to the transmit server and attached NDR. The limit of hop count is based on the design defect of the Internet itself, and some routes may be looped to form a dead cycle. The implementation of the hop limit is to attach a hop count on the message, and each router, the counter is automatically reduced, and the send failed at 0. Virtual Domain: We know that the mail header in the SMTP protocol contains a "mail from" value. This value indicates the sending host domain name of the message. The value of the virtual domain is the alias of the real domain name in "Mail from". This way is effective to solve the domain name security confidentiality, and even Chinese can be used. Fully standard domain name: Two records on the DNS server can parse the domain name of the mail server: MX records and A records. MX (Mail Switch) Records Make mappings between the full specification domain name (FQDN) and IP addresses of the mail server; A (address) records for mapping the master registration and IP address. Two records that can be effectively resolved in the DNS server. Specify an SMTP virtual

The full standard domain name of the proponent server is specified in the [Network Identification] tab in the Windows 2000 system properties; or enter a different FQDN here. The newly specified FQDN must be valid in the DNS server, in order to verify its validity, enter the FQDN and click [Check DNS], IIS will automatically check the name on the DNS server. The prompt dialog that successfully verifies the domain name is as shown in the lower right. Relay Host: Through the relay host, you can send all the SMTP remote domains to another server (which is the remote domain specified in the previous creating domain) to actually send. In the [Relay Host] column, specify the domain name (FQDN) or IP address of the relay host to identify, it is recommended to use the IP address (and "[]" enclose) to resolve the time.   The reason why the relay host is used is not extraordinarily cost and safety. Given that the host's access method is different, the cost of the same data traffic is also different, and the bill is more than a thousand words, such as DDN access is much more expensive than the ISDN. In this way, the computer with low flow costs is obviously saving large network overhead. Another important reason is security, in the network environment commonly used by firewalls, putting the mail server within the firewall (intranet), obviously will be convenient for hackers. The more typical approach is to use the host other than the firewall as a relay host, and the mail server within the firewall does not send mail directly, only the role of forwarding and management. In addition, small organizations, as a company branch, is usually applicable to the relay host, but they set the relay host to the center mail server located at the company's headquarters, so that the entire company's mail is managed by unified sending and distribution. For the relay host, there is an attribute, that is, [Try Direct Connection before sending to the relay host], select this check box, SMTP server will be sent priority to send mail, not directly send it. Use relay hosting methods. This method undoubtedly increases the reliability of the system. The message to be received is performed reverse DNS query: If you select this check box, the SMTP service will try to verify that the client's IP address matches the host / domain name submitted by the client in the EHLO / HELO command. If the reverse DNS query is successful, the "received" title will be completely reserved. If the verification fails, the IP address will appear "Unciphered" in the "received" title of the message. Note: Because this feature verifies all the addresses that receive mail, it will greatly affect the performance of the SMTP server.

SMTP Server Security Settings Importance The importance of mail security is not the security of the Web site. Some emails with trade secrets are even related to the company, so we are here. The problem of discussing SMTP service security. The security method of the SMTP server is a variety of diverse, distinguishes from the email transmission angle, there is access security and out security limit; from the customer's angle, authentication and IP address, domain name limit; from the perspective of the host, there is Relay restrictions and operator account restrictions; from data encryption angles, account encryption and SSL encryption, and TLS encryption. The configuration of these security elements will be specifically analyzed below. The security settings of the SMTP server are primarily set in the [Access] tab in the SMTP virtual server properties form, as shown on the right. In addition, you can specify site operator accounts in the [Security] tab; [Pass] tab can be set in detail.

User Authentication   Select the [Access] tab in the SMTP virtual server property form, click [Authentication] to open the [Authentication] dialog shown in the right image. User authentication methods for SMTP services are mainly made of three: anonymous access, basic authentication, and Windows security packages, the following information introduction: Anonymous Access: Select this option Allow this resource for all clients All content is accessed without providing usernames and passwords. You can cancel the identity limit on the virtual server by selecting the check box and eliminating the other two in the local dialog. Basic Authentication: This is a standard authentication method that requires the user to be a legitimate domain user of Windows 2000. And when using this method, the user account and password use clear text (not encrypted) to transmit in the network, is not safe, and it is easy to intercept and crack by hackers. It is recommended to use SSL or TSL. Once the basic authentication is selected, the user has to bear the risk of security, and IIS will also ask a security warning, as shown in the lower right picture. When using basic authentication, you need to specify a domain for verifying its account identity, specified in the [Default Domain] column. In addition, you need to email TLS (transport layer security) encryption, select the appropriate check box. Windows Security Package: This option uses the security package mechanism provided by Windows 2000 for security user account verification, and encrypts when the user password here is encrypted. This safety mechanism is a single, public, unified support from the Windows system. The client mail program also supports Windows security package, typical, Outlook Express supports this security mechanism.

Implement SMTP service

IP Address and Domain Name Access Control  IP address and domain name access restrictions are how to access control for address sources of mail clients. Select the [Access] tab in the SMTP virtual server property form, click [Connection] to open the [Connection Limits] dialog shown in the left diagram. We can use one of two ways to perform client restrictions: [The following list] and [except only the following list], the former specifies all licensed clients (except for this rejection), the latter specifies all rejection. Access the client (except for this). Note that the IP address restriction in the WWW or FTP property form is compared.   Click [Add] Open the computer add dialog as shown in the figure, specify the license or restricted computer. Such as the right image, the three address specification is available: stand-alone, computer group, domain. For a single machine, in addition to the method of specifying its IP address, it is also possible to reverse the function of the IP address in the case of only the host name or FQDN. Method is to click [DNS Search] to open the search dialog shown in the left, enter the computer DNS name, click [OK], then call the DNS server to resolve the computer and add the restriction of the IP address of the computer. In addition to the single-alone method, you can also use the network ID (add subnet mask) or domain name to specify a set of computers. Note that the domain name limit will increase the same burden.

IP Address and Domain Name Access Control  IP address and domain name access restrictions are how to access control for address sources of mail clients. Select the [Access] tab in the SMTP virtual server property form, click [Connection] to open the [Connection Limits] dialog shown in the left diagram. We can use one of two ways to perform client restrictions: [The following list] and [except only the following list], the former specifies all licensed clients (except for this rejection), the latter specifies all rejection. Access the client (except for this). Note that the IP address restriction in the WWW or FTP property form is compared.   Click [Add] Open the computer add dialog as shown in the figure, specify the license or restricted computer. Such as the right image, the three address specification is available: stand-alone, computer group, domain. For a single machine, in addition to the method of specifying its IP address, it is also possible to reverse the function of the IP address in the case of only the host name or FQDN. Method is to open [DNS search] to open the search dialog as shown in the upper right, enter the computer DNS name, click [OK], then call the DNS server to resolve the computer and will restriction the IP address of the Computer. In addition to the single-alone method, you can also use the network ID (add subnet mask) or domain name to specify a set of computers. Note that the domain name limit will increase the same burden.

Relay host restrictions When discussing the advanced delivery properties of the message, we have described the relay host (specified in the [Advanced] dialog box in the SMTP property form [Pass] tab), the relay host is actually sent Computers, but not all computers allow other mail servers to use themselves, and relay host restrictions are one of the security restrictions of the mail server. The steps to restrict other computers are as follows:   1. Select the [Access] tab in the SMTP virtual server properties form, click [Relay] in the [Relay Limit] column. 2. As shown in the image, in the [Relay Limit] dialog box, the specified relay limit is one of the following two: [Only the list below] or [except only the list below]. Among them, the former specifies the computer that can be relayed using the current virtual SMTP server (other computers cannot be relayed), the latter specifies that the computer that cannot be relayed using the current virtual SMTP server (other computers can be relayed). 3. Click [Add] to open the Add Computer dialog, here we can also use three ways to specify authorized / rejected computers: stand-alone, computer groups, domain names. 4. Election some way and enter a restriction parameter: single IP address (or reverse DNS parsing via computer), network address and subnet mask, domain name, and then click [OK]. 5. Repeating the above process can add a number of rejections may access your computer. 66. Note the check box below the [Relay Limit] dialog: [Allow all the computers through authentication, and unrelated to the list above], once the check box is selected, all configurations will no longer be effective. The current virtual server will automatically relate to the authentication user. 77. Click [OK] to complete the configuration. Export security settings   SMTP service not only restricts a virtual server user, using a specific user account verification mechanism, but also enforces the account security verification mechanism required to specify the export user. This is the outbound security properties.   Select the [Pass] tab in the SMTP Virtual Server Properties form, click Outbound Security] to open the [Export Security] dialog shown in the right image. Note that outbound security settings should be consistent with the received (incoming) authentication requirements configured by the mail receiving server. Otherwise, the mail will be collected or the error of user identity cannot be authenticated. The administrator can use three outbound security verification methods to limit the outbound user account. Anonymous Access: Use this option to disable authentication of outbound transfer. This is the default option. Basic Authentication: If you use the Basic Authentication option, all account names and passwords all connected to the server will be transmitted in the network in its entire form. This setting should match the authentication requirements received by the receiving server. This option requires username and password. Click [Browse] to select the user. Windows Security Package: Select this option to use the Windows Security Package for authentication. This setting should match the authentication requirements received by the receiving server. This option requires a Windows account name and password. Click [Modify] to select an account. For the above three verification methods, you can select the [TLS Encryption] checkbox to specify whether to transfer the mail secure transmission (data encryption of the message content). Finally, we must once again emphasize that the outgoing security verification method set by the mail sending server must match the incoming security verification mode set by the mail receiving server (consistent). Setting the site operator   For the site operator configuration dialog as shown on the right, we are no longer unfamiliar, whether we have specified site operator accounts for WWW virtual servers or FTP virtual servers. The SMTP virtual server is no exception. The [Security] tab in the server properties form is configured with an operator account with the Administrative Current Virtual Server.