Thursday, February 5, 2009

Email Server Configuration on a Virtual Machine

You can install the Email Server by using Add or Remove Windows Components or Manage Your Server. In this tutorial we will use the latter, because it’s the quickest way to get this up and running. Manage Your Server is a bit easier to use too, because it will prompt you for the domain you want to use during setup. That will not Add or Remove Windows Components do, and we have to do everything manually.
If it’s not open, start
Manage Your Server by clicking Start->Programs->Administrative Tools->Manage Your Server.
  • Click on Add or remove a role.
This will start the Configure Your Server Wizard. Read the text and make sure you have connected all the necessary cables and all the other things it says you should do before continuing.


  • Click Next
The wizard will now detect your network settings. This will take a while depending on how many network connections you have
We now come to the step where we add and remove roles for our server. We will add the Mail Server role. I also suggest that before you click Next, click Read about mail servers because this tutorial is not a complete reference.

  • Click Mail server (POP3, SMTP)
  • Click Next
You will now specify the type of authentication and type the email domain name. In this tutorial we will use Windows Authentication, and I will use a sample domain name, nwph.com. You should of course use your domain name.

  • Click Next
Next step is to confirm the options you have selected.
  • Click Next
The installation will start, and will also start the Windows Components Wizard. When you get prompted to insert your Windows Server 2003 CD-ROM into your CD-ROM drive, do so. If you didn’t get prompted to do that, you maybe already have it in the drive. Hopefully within some minutes you get this screen:

You can now see the log, click view the next steps for this role, or click Finish. Do whatever you feel you want to do before continuing.
  • Click Finish
You have now successfully installed the mail server, congratulations!
So, it is no fun with a mail server installed, if we can’t use it. And to use it, we have to configure it. This section will help you configure the mail server.
  • Click Start, then run, and type p3server.msc
This will open up the POP3 Service. This is where you configure and manage the POP3 part of the mail server.
  • Click on in the left pane
  • Click on Server Properties in the right pane
This brings up the Properties for our Mail Server.

As you can see, we have a lot of settings. We will use the standard setup in this tutorial, but I will explain every setting we can change in case you want to change something in the future.
Create a mailbox
The Setup Wizard created a domain to us, so we do not need to create this manually. If you did not use Manage Your Server to install, add the domain manually be clicking the server name in the left pane and then click New domain in the right pane. Remember to set the properties before you add the domain.
  • Click on your domain (ilopia.com in my case) in the left pane.
  • Click Add Mailbox in the right pane.
This will open up the Add Mailbox window.

  • Write Nwph in Mailbox Name
  • Write nwph as password (of course this is not a password you should use in a production environment, it’s too short)
  • Click OK
A message will pop-up and tell you how to configure the email clients. Read this, and notice the difference when using SPA or not.

  • Click OK
What we just did was not only creating a mailbox named nwph, but we also created a user nwph. We will also create a mailbox for an existing user - andrew. To do that we simply perform the same steps, but we uncheck Create associated user for this mailbox. Remember that the mailbox name must be less then 21 characters (64 for Encrypted Password File and Active Directory). Periods are allowed to use, but not as the first or last character.
So, we have now two users. Are they equally? No, bob is a member of the POP3 Users group, which is denied to logon locally. Ariel is not member of this group, and can still logon locally and access her mailbox.
Actually, that’s it! It is this simple to configure the POP3 part. But it is not yet working as we want, we have to configure the SMTP part to be able to receive and send emails. Yes, I said receive emails. A common mistake is to think that the POP3 server receives the emails. But that is not true, all the POP3 is doing is ‘pop’ the emails out to the clients. It’s the SMTP server that is communicating with other SMTP servers and receives and sends emails.
  • Open Computer Management
  • Expand Services and Applications, expand Internet Information Service
  • Right click Default SMTP Virtual Server and click Properties
  • Click the Access tab
  • Click the Authentication button and make sure Anonymous Access and Integrated Windows Authentication is enabled.
  • Click the Relay button and make sure Allow all computers which successfully... is enabled and Only the list below is selected.
First of all, Authentication and Relay is not the same thing. We use the Authentication button to specify which authentications methods are allowed for users and other SMTP servers. So enabling Anonymous here is not a security issue, in fact, it’s required if we want our server to be able to receive emails from other servers on Internet (I doubt you want to tell all administrators of email servers on Internet how they should logon to yours). We also need Windows Authentication so the email clients can authenticate to the server and be able to relay (send emails).
As Relay Restrictions we selected Only the list below because we do not want to be used by spammers to send emails. But we never specified any computers. That is valid, because we wants our clients to always use the username and password to authenticate, no matter where they are.
If you want users to only be allowed to relay if they are on a private network, then you can uncheck Windows Authentication as allowed authentication method, and specify the IP range for your network in the Relay Restrictions window.
Is that all? Do we have a working email server now? Well, the answer is yes. But we still haven’t configured the email clients.
We will use Outlook Express (2007) as email client.
  • Start Outlook Express (any computer that is connected to the email server)
  • Click Tools and then Accounts
  • Click the New button and select Manually configure sever settings or additional server types
  • Choose Internet E-mail and click Next
A wizard starts. Use the following table to complete the wizard:
Your Name: Nwph
E-mail address: Nwph@ (Nwph@nwph.com)
Account type: POP3
Incoming mail server: (VM name)
Outgoing mail server: (VM name)
Username: Nwph
Password: nwph
Configure SMTP
Click More Settings
Select the Outgoing Server and put check mark on My outgoing server (SMTP) requires authentication. This means that you are configuring the outgoing E-mail to be authenticated. Without this, you will receive an error message.
Click Test Account Settings to test if you have configured it right. If the test is not successful then you may have missed one of the steps…
Click Next and Finish
Of course we want our network as secure as possible, so we prefer to use SPA (Secure Password Authentication). This will, as stated before, send the user name and password from the client encrypted, instead of clear text.
  • Click Start, then Run
  • Type p3server.msc
  • In the right pane, right click your computer’s name and click Properties
  • Check the box Require Secure Password Authentication...
  • Click OK
  • You will be prompted to restart the Microsoft POP3 Service, click Yes
We must also change some settings for the email clients.
  • Start Outlook Express
  • Click Tools, click Accounts
  • Click the E-Mail tab, click the name of your email account, click Changes
  • Put check mark on Log on using Secure Password Authentication
· Click Next and Finish
Create a Port Forwarding Rule on your router
Remember that we have just installed a mail server on a VM so we have to make port redirection for the SMTP and POP3 because without this, you cannot receive and send E-mail outside the network. Now you have to set a port forwarding rule for port 110(POP3) and 25(SMTP) on your router to be redirected to the VM where you’ve installed the Mail Server.