Secure a virtual SMTP server

The SMTP service in Internet Information Services (IIS) allows Windows 2000 Server to function as an SMTP relay agent. However, because Windows 2000 doesn't provide full mailbox support, it can't function as a full-blown mail server without the addition of a custom or third-party application to process incoming messages.

Windows includes tools for managing and monitoring TCP/IP. Whether you're troubleshooting a computer or simply looking for more information to configure it, there are five commands that can come in handy for gathering information about the computer.

For instance, you can use the ipconfig command to get information about the computer's network interfaces, including IP address, gateway, DNS servers, MAC address, and addressing type (static or DHCP). You can also use ipconfig to flush the DNS cache to overcome name resolution problems, renew address leases, and accomplish a handful of other tasks.

The hostname command will save you a trip to the network settings to determine the computer's host name. Type hostname at the command prompt to view the host name, as registered by the computer's DNS properties. The machine name specified in the network properties is used for the host name if no other is specified. The hostname command doesn't support any switches or provide any additional information.

Look to the nbtstat command to display statistics and connections for NetBIOS over TCP. You can also use nbtstat to purge the NetBIOS name cache and reload it from the lmhosts file.

Finally, use the route command to view (and modify if necessary) the computer's routing table, and the arp command to view and modify the computer's ARP table. You can also use arp to determine the MAC address of a remote computer on the network.

Windows 2000 Server


Secure a virtual SMTP server

The SMTP service in Internet Information Services (IIS) allows Windows 2000 Server to function as an SMTP relay agent. However, because Windows 2000 doesn't provide full mailbox support, it can't function as a full-blown mail server without the addition of a custom or third-party application to process incoming messages.

For that reason, organizations most often use the SMTP service by itself to process outgoing messages rather than incoming messages.

If you use the SMTP service in your network, it's very important that you secure the server to prevent others from using it for unauthorized relay or spamming. You can use a combination of connection control and relay settings to secure the server.

Open the IIS console, and open the properties for the SMTP virtual server. On the Access tab, click Connection. In the Connection dialog box, select Only The List Below, add the individual IP addresses, range of computers, or domain that should be able to connect to the server, and click OK.

Next, click Relay on the Access tab. Select Only The List Below, and click Add. Enter the IP address, range of computers, or domain that you want to allow to send outgoing mail through the server, and click OK.

Finally, click Authentication on the Access tab, and turn off anonymous access to the server. Then, configure each client or other SMTP server as needed to specify the necessary credentials to access the server. If set up properly, this combination of authentication, connection control, and relay control should eliminate any possibility of unauthorized use of the SMTP server.