The newly added POP3 service component of the Windows Server 2003 operating system allows users to build a mail server without the help of any tool software. The email service allows you to install the POP3 component on the server computer to configure it as a mail server, and administrators can use the POP3 service to store and manage email accounts on the mail server. The following content is to discuss the configuration and management of mail servers.
2. Configure the POP3 mail server
After the initial installation, the POP3 service component is not installed. Therefore, before configuring the POP3 service, you must first install the corresponding components, and then you can perform tasks such as setting of authentication methods, setting of mail storage areas, and managing domains and mailboxes.
The POP3 service provides three different authentication methods to authenticate users connected to the mail server. Before creating any email domain on the mail server, you must select an authentication method. The authentication method can only be changed if there is no email domain on the mail server.
1. Local Windows account authentication
If the mail server is not a member of the Active Directory domain and wants to store user accounts on the local computer where the mail service is installed, you can use the Local Windows Account authentication method to perform user authentication for the mail service. Local Windows Account Authentication integrates the mail service into the Secure Account Manager (SAM) of the local computer. By using the Secure Account Manager, users who have user accounts on their local computers can use the same username and password as provided by the POP3 service or authenticated by the local computer.
Local Windows account authentication can support multiple domains on a server, but user names on different domains must be unique. For example, users with user names webmaster@ and webmaster@ cannot exist on the same server at the same time.
If a mailbox is created with the corresponding user account, the user account will be added to the "POP3 Users" local group. Even if you have the same user account on the server, members of the "POP3 Users" group cannot log in to the server locally. Using a computer's local security policy can enhance restrictions on local login, so only authorized users have local login permissions, which can improve server security. In addition, if the user cannot log in to the server locally, it will not affect his use of POP3 services.
Local Windows account authentication supports both plaintext and secure password authentication (SPA) email client authentication. The plaintext in it transmits user data in an unsafe and non-encrypted format, so plaintext authentication is not recommended. SPA requires email clients to use secure authentication to transmit username and password, so this method is recommended instead of plaintext authentication.
2. Active Directory integrated authentication
If the server where the POP3 service is installed is a member of the Active Directory domain or an Active Directory domain controller, you can use Active Directory integrated authentication. At the same time, using the authentication of Active Directory Integrated authentication, you can integrate POP3 services into an existing Active Directory domain. If the created mailbox corresponds to an existing Active Directory user account, the user can send and receive emails using the existing Active Directory domain username and password.
Multiple POP3 domains can be supported using Active Directory Integrated Authentication, so that the same username can be created in different domains. For example, a user named webmaster@ and a user named webmaster@ can be used.
When using the authentication of Active Directory integration and having multiple POP3 email domains, when creating a mailbox, you should make sure to consider whether the name of the new mailbox is the same as the name of the existing mailbox in the other POP3 email domains. Each mailbox corresponds to an active directory user account.
Active Directory Integrated Authentication supports both plaintext and secure password authentication (SPA) email client authentication.
If you upgrade a mail server that is using local Windows account authentication to a domain controller, you must follow the steps below:
(1) Delete all existing email accounts and domains in the POP3 service.
(2) Create an active directory.
(3) Change the local Windows account authentication method to the active directory integrated authentication method.
(4) Recreate the domain and the corresponding mailbox.
It should be noted that if the upgrade process recommended above is not followed, the POP3 service may not work properly. Additionally, when using authentication with Active Directory Integrated Authentication, you must also log in to the Active Directory domain instead of logging onto your local computer.
The active directory domain using the above two authentication mechanisms can realize the authentication mechanism for client connections. Right-click the computer name in the "POP3 Services" console and select the "Properties" menu item, the Computer Properties dialog box will be displayed. Select the "Require secure password authentication (SPA) for all client connections" check box to enable authentication for all email clients in the domain. SPA supports only Active Directory Integrated Authentication and Local Windows Account Authentication. If SPA is enabled, the user's email client must also be configured to use SPA. If configuring the mail server requires secure password authentication, it will only affect the POP3 service without affecting the Simple Mail Transfer Protocol (SMTP) service.
3. Encrypted password file authentication
"Encrypted Password File" authentication is ideal for large-scale deployments that have not been installed on the active directory and do not want to create users on the local machine, while easily managing a large number of accounts that may exist from a local machine.
Encrypted Password File Authentication uses the user's password to create an encrypted file stored in the directory of the user's mailbox on the server. During the user's authentication process, the password provided by the user will be encrypted and then compared to the encrypted file stored on the server. If the encrypted password matches the encrypted password stored on the server, the user passes authentication. If you are using encrypted password file authentication, you can use the same username in different domains.
3. Management of mail servers
1) Set the mail storage location
By default, the system saves user emails in the C:\Inetpub\mailroot\Mailbox folder. Because the capacity of the system partition is very limited, it is usually necessary to modify the mail storage location to other disk partitions. If you want to set the storage location for messages, you must be a member of the Administrators group of the local computer, or you must be delegated with appropriate permissions. If you join a computer to a domain, members of the DomainAdmins group may also be able to perform this setting.
(1) Open the "Manage Your Server" window, click the "Manage this Mail Server" hyperlink in the "Mail Server (POP3, SMTP)" column, or click the "Start" -> "Control Panel" -> "Administrative Tools" -> "POP3 Services" option in turn, and the "POP3 Services" console window will be displayed.
(2) Right-click the "Computer Name" node and select "All Tasks" -> "Stop" submenu in the pop-up shortcut menu to stop the email service.
(3) Right-click the "Computer Name" node and select the "Properties" submenu in the pop-up shortcut menu. The mail server properties dialog box will be displayed. Type a new mail storage folder and path in the "Root Mail Directory" text box, such as D:\Mailbox. You can also click the Browse button to find and locate the folder where you want to save the user's mailbox.
(4) Then click the "OK" button, and the "POP3 Service" warning box will be displayed, prompting that the existing domain will not be able to store the mail correctly. The domain directory must be copied to the new root email directory to retain the current account.
(5) Click the "OK" button and the "POP3 Service" prompt box will be displayed, reminding users that they need to restart the POP3 service and SMTP service in order for the changes to take effect.
(6) Click the "Yes" button to restart the mail service.
(7) Open the system's Windows Explorer and copy the domain directory to the new root mail directory. For example, if the domain name is set and the new root mail directory is D:\Mailbox, then the subfolder in the C:\Inetpub\mailroot\mailbox folder should be copied into the D:\Mailbox folder.
(8) Right-click the "Computer Name" node and select "All Tasks" -> "Start" submenu in the pop-up shortcut menu to start the email service.
(9) Right-click the "Computer Name" node and select "All Tasks" -> "Refresh" submenu in the pop-up shortcut menu to make the new domain directory take effect.
In addition, in this dialog box, although the receiving server port (110) can also be changed, this is not recommended. The reason is very simple. This is because after modifying the POP3 port, the user has to make corresponding settings on the E-mail client, which will undoubtedly increase the difficulty of setting the user's mailbox. In addition, the changes will only take effect after restarting the POP3 service.
II) Management domain
During the mail server installation process, a new domain name will be added and set to use it for the E-mail service. If the enterprise applies for two or more domain names, or the server serves as a virtual host to provide mail services, multiple domain names can also be added to achieve the coexistence of multi-mail virtual services.
1. Create a domain
(1) First open the "POP3 Service" console, right-click the "Computer Name" node in it, and select the "New"->"Domain" option in the pop-up shortcut menu. The "Add Domain" dialog box will be displayed, type the new domain name in the "Domain Name" text box, and make sure that the domain name has MX records set in the DNS service.
(2) Click the "OK" button in this dialog box to complete the addition of the new domain name.
Repeat the above to add multiple domain names to the mail server.
In addition, the following points should be paid attention to when operating:
POP3 services support top-level and three-level domain names, for example, and are supported.
If you are using authentication for Active Directory Integration, you must log in to the Active Directory domain (not the local computer) to perform this procedure.
2. Management domain
In a POP3 console tree, the email domain can be managed as necessary, such as deletion, locking/unlocking control.
(1) Delete the domain. In the "POP3 Services" console tree, click "Computer Name", and right-click the domain you want to delete, and then click the "Delete" menu command, a prompt box confirming deletion of the domain will be displayed. Click the OK button in the prompt box to delete the domain, all mailboxes in the domain, and all messages stored in the domain.
(2) Lock/unlock the domain. Right-click the domain you want to lock and select the "Lock" menu command to lock the domain. When unlocking the domain, just select the "Unlock" menu command in the right-click shortcut menu.
3. Manage email
After establishing a mail domain, you can create an account in the domain, that is, an email account.
3.1 Create an email
(1) Open the "POP3 Services" console window, select the domain to create a new mailbox, and then select the "New"->"Mailbox" submenu in the right-click shortcut menu or select the domain to add the user mailbox, then right-click the blank in the right-hand column, and select the "New"->"Mailbox" option in the pop-up shortcut menu. The "Add Mailbox" dialog box will be displayed. Type the mailbox name Webmaster (the letters are not case sensitive) in the "Password" and "Confirm Password" boxes. At the same time, type the same username and password in the "Password" and "Confirm Password" boxes. For example, if a mailbox added in the domain is named wxl, the user's E-mail address is wxl@.
It should be noted that if you use local Windows account authentication or Active Directory integrated authentication, unless the user account with the same name as the mailbox you are creating already exists, the "Create associated user for this mailbox" check box should be selected, and a new user will be created and the user will be given permission to log in to the domain. If a username that is the same as "Mailbox Name" has been created in the domain, the check box should be cleared. Otherwise, the username already has a prompt box.
(2) Click the "OK" button in it, and the "POP3 Service" dialog box will be displayed, prompting the user's mailbox has been successfully added. If you do not want to display the dialog box, select the "Don't show this message anymore" check box.
(3) Click the "OK" button and the mailbox has been added. Repeat the above to add an email to all network users.
3.2 Delete the email address
(1) Open the "POP3 Service" console, select the email domain where you want to delete the email address, then select the email address you want to delete, right-click and select the "Delete" menu item (or click "Delete Mailbox" to connect directly after the email address you want to delete). The Delete Mailbox dialog box appears to ask whether to "also delete the user account associated with this mailbox." If the check box is selected, the user in the Users group is deleted at the same time. This means that the user will be deprived of access to the sending email server and logging into the domain at the same time.
(2) Click the "Yes" button to delete the mailbox successfully. At the same time, the mailbox's mailbox's mailbox's mailbox and all emails stored in the directory will also be deleted.
3.3 Lock/Unlock the mailbox
If you need to temporarily disable a certain email account, but there is no need to delete it, so that it can be re-enabled in the future. At this time, you can temporarily lock the email account. When a mailbox is locked, incoming emails sent to the mail storage can still be received. However, the user cannot connect to the server to retrieve emails. Locking a mailbox just restricts the user from connecting to the server. But administrators can still perform all administrative tasks, such as deleting mailboxes or changing mailbox passwords.
Right-click the mailbox you want to lock in the "POP3 Services" console window and select the "Lock" submenu in the pop-up shortcut menu to lock the mailbox. To unlock this mailbox, simply select the "Unlock" submenu in the pop-up shortcut menu.
3.4 Mailbox attribute settings
The most important thing users care about mailboxes is their capacity and security issues. The POP3 mail server of Windows Server 2003 can limit the disk space of an account by enabling disk quotas to set the corresponding mailbox size. At the same time, you can also change the initial password of the email address, which effectively protects the interests of the server and users. This not only prevents users from using disk space without restriction, but also protects the security of user emails. It should be noted that the root mail directory must be created in the hard disk partition in NTFS format, otherwise the system will not be able to implement disk quotas.
Mailbox size settings
If the mail server uses Active Directory Integrated Authentication or Local Windows Account Authentication, a quota file is created by default when creating a mailbox for the user and the corresponding disk quota is enabled. Therefore, if the user mailbox adopts the default disk limit settings, there is no need to set it separately for each user.
(1) Enable the disk quota function. Since this disk quota function is applicable to all e-mail boxes by default, factors such as the total capacity of the disk, the total number of users, etc. should be fully taken into account to reasonably set the disk quota function.
(2) Set disk limits separately for individual users. For some users who have special requirements for mailbox capacity, disk quotas can be set separately. To simplify operations, you can first create a mailbox and user account as a template and specify a disk quota for it. Then, copy the quota file from the mail storage directory of the domain account to the mail storage directory corresponding to all mailboxes in the domain. Or use the command winpop createquotafile username@domain[/user:usemame] to make other specified accounts in the domain use the disk quota option. Among them, winpop createquotafile is used to create quotafile, usemame@domain is used to specify the user who creates the quota file, and the /user:username option will refer to the quota file of the existing user account to create a new quota file.
Use commands to operate
At the command prompt, type the command: winpop changepwd username@domain newpassword to complete the change of the account password.
In fact, there are many operations that can be completed at the command prompt, as shown below:
Create domain: winpop add domain_name
Delete domain: winpop delete domain_name
Lock domain: winpop lock domain_nanle
Unlock domain: winpop unlock domain_name
Create an email: winpop add username@domain_name[/createuser:new_user's_password]
Delete email: winpop delete username@domain_name/deleteuser
Lock the email: winpop lock username@domain_name
Unlock the email: winpop unlock username@domain_name