Understanding SMTP Connections and Commands

The process that occurs to establish a connection between a SMTP client and SMTP server is illustrated below:

  1. The SMTP client initiates a TCP connection to SMTP server.
  2. The SMTP server replies with a ready response – 220 response.
  3. The SMTP client sends a helo command to indicate that a SMTP session is to be started.
  4. The server returns a response 250. This signifies that the request has been completed.
  5. The SMTP client uses the mail from: command to identify the sender of the message. The server returns a response 250.
  6. The SMTP client uses the rcpt to: command to identify the server as the recipient. The server returns a response 250.
  7. The SMTP client uses the data command to signify that it will now commence sending data. The server returns response 354. This response indicates that the message can commence.
  8. The SMTP client next sends the message.
  9. The SMTP client uses the quit command to end the session.
  10. The server returns response 221. This response indicates that the connection is being terminated.

The common SMTP commands used are listed here:

  • helo; used to request an SMTP session. The command also identifies the sending SMTP host to the other SMTP host. The fully qualified domain name (FQDN) of the sending host is contained within the argument field.
  • mail from:; used to identify the sender of the message. The sender of the message could differ from the sending SMTP host.
  • rcpt to:; used to identify the recipient of the message.
  • data; signifies that the sending SMTP host will now commence sending data.
  • quit; used to end the session.
  • rset; used to end the current mail transaction.
  • turn; use in dial-up environments for polling of a host for queued messages.
  • vrfy; used to verify the validity of the recipient, prior to the message being sent.

The common SMTP reply codes are listed here

  • Reply code 220; the SMTP service is ready.
  • Reply code 221; the SMTP service is closing the connection.
  • Reply code 250; the requested action is completed.
  • Reply code 354; the sending host should send the message.
  • Reply code 450; the requested action has not been completed because of the mailbox being busy.
  • Reply code 451; the requested action has been aborted because of a processing error.
  • Reply code 452; the requested action has not been completed because of insufficient system storage issues.
  • Reply code 500; the requested action has not been completed because of a syntax error or a command which is not recognized.
  • Reply code 550; the requested action has not been completed because the mailbox is unavailable or was not located.
  • Reply code 552; the requested action has been aborted because storage has been exceeded.
  • Reply code 552; the transaction failed.

SMTP uses the system folders listed here to temporarily store messages as they are being transmitted. The system folders are created on the Exchange Server 2003 server in C:Program FilesExchsrvrMailrootvsi 1 directory:

  • Badmail: Messages that cannot be delivered and returned to the sender are stored here.
  • Pickup: SMTP formatted messages residing in the Pickup folder are delivered by SMTP.
  • Queue: This folder contains inbound SMTP messages that are ready to be delivered.

Understanding ESMTP Connections and Commands

SMTP Service Extensios (ESMTP) is an extension of SMTP that enables users to request delivery status notifications on outgoing messages. It also makes it possible for a message size to be defined for inbound ESMTP connections. SMTP and ESMTP need the TCP/IP protocol as the transport means. While ESMTP makes use of the standard SMTP commands and reply codes, it also provides some additional features, including delivery notification.

By default, the Windows 2000 operating systems and Windows Server 2003 operating systems support ESMTP. ESMTP clients are however available for Unix operating systems and Apple Macintosh operating systems as well.

The process that takes place when an ESMTP client transmits a message to an SMTP server is illustrated below:

  1. The ESMTP client starts a TCP connection with the SMTP server. The SMTP server replies with a ready response – 220 response.
  2. The ESMTP client sends an ehlo command to indicate that an ESMTP session is to be started.
  3. The server returns a response 250. This signifies that the request has been completed.
  4. The ESMTP client proceeds with the ESMTP session.
  5. If the SMTP server does not support ESMTP, then it would return a response 500 to the client. When the client receives a response 500, it sends a SMTP helo command to the server to initiate a standard SMTP session.

The common ESMTP commands used are listed here:

  • chunking; data is chunked together as it is transmitted between SMTP hosts. This enhances the sending of MIME messages.
  • pipelining; enables SMTP commands to be transmitted in batches. There is no need to wait for a reply from the receiving host.
  • atrn; the authenticated turn command which runs when the session was authenticated.
  • etrn; much like the turn command – the difference being that the remote host to which the mail is being transmitted is indicated.
  • starttls; a Secure Sockets Layer (SSL) connection is created between the client and server through a Transport Layer Security (TLS) connection. This must be initiated by the client.
  • auth; enables a form of Simple Authentication and Security Layer (SASL) SMTP authentication to authenticate SMTP hosts.
  • auth=login; enables a form of Simple Authentication and Security Layer (SASL) SMTP authentication for clients that require basic SMTP authentication. Clients here include Netscape and Exchange Server 5.5 clients.
  • x-eps gssapi ntlm login; authentication that supports Kerberos and NTLM is used.
  • x-exps=login; Exchange Server 5.5 authentication that supports NTLM is used to provide compatibility with Exchange Server 5.5.
  • size; used to determine the size of a message before it is acknowledged and accepted.
  • vrfy; used to verify that an e-mail account exists.
  • dsn; if a delivery failure occurs, the command creates and transmits a delivery status notification to the sending host.
  • help; lists commands supported by the SMTP host.

Configuring Internet Connectivity and Relay Agents

You can configure Internet connectivity to define how messages are received at and leave the Exchange organization:

  • Configure a SMTP virtual server that the SMTP connector uses as a bridgehead server: In this configuration, the SMTP connector overrides any settings that the SMTP virtual server and SMTP connector share.
  • Limit the SMTP connector’s scope to a specific routing group: This is done to prevent the SMTP connector from delivering messages from any other routing groups.
  • Define the SMT connector to receive e-mail only or send e-mail only.
  • Define credentials on the SMTP connector: This is usually done if the SMTP connector has to deliver messages to a domain that has a SMTP server that requires authentication.
  • Define Internet message formats and define message delivery parameters: You can use Internet message formats to define the format and type of messages that are transmitted to a particular domain.

Message relay occurs when a message obtained from a remote SMTP host, is relayed to a different SMTP host, for message delivery to the destination. Exchange Server permits authenticated computers to participate in message relay by default. An SMTP connector can be used to relay e-mail messages between Exchange Server 2003 and another SMTP compatible messaging system.

With Exchange Server 2003, you can use either of these methods to configure SMTP relays:

  • Configure the SMTP virtual server as a relay host.
  • Configure the SMTP virtual server to utilize a smart host.
  • Configuring an SMTP connector to utilize a smart host.
  • Define the SMTP virtual server to limit the servers that are able to relay e-mail messages.
  • Define the SMTP virtual server to forward unresolved messages to a smart host.
  • Configure the domains that messages should be relayed to.

Controlling Connections on the SMTP Virtual Server

Incoming connections can be configured through the Properties dialog box of SMTP virtual server. The General tab is used to control incoming connections:

  • Limit Number of Connections To checkbox: If you want to set a limit to the number of concurrent inbound connections SMTP can accept from other hosts, select the Limit Number of Connections To checkbox and set the desired number. The default setting is that an unlimited number of concurrent inbound connections are allowed.
  • Connection Timeout (Minutes) box: You can set a timeout value for idle connections using this setting.

Outgoing connections can be configured through the Properties dialog box of SMTP virtual server. The Delivery tab (Outbound Connections) is used to control outbound connections:

  • Limit Connections To: Used to define the total number of concurrent outbound connections allowed to all remote domains.
  • Timeout (Minutes): You can set a timeout value for idle connections using this box.
  • Limit Connections Per Domain To: For limiting connections to a single remote domain.
  • TCP Port: To assign the TCP port on SMTP remote servers that the SMTP virtual server connects to. The default setting is Port 25.

Configuring SMTP Security

The following authentication methods can be configured to secure SMTP communication:

  • Basic authentication: This authentication method provides a non-complicated level of security. To access a mailbox, a user has to provide the following information:
    • User name
    • Domain name
    • Password

Basic authentication is supported by the majority of client computers.

  • Anonymous authentication: Anonymous authentication is typically used for Internet communication and is supported by all clients. If you want to provide limited access to specific public folders and directory data, then you should use Anonymous authentication.
  • Integrated Windows authentication: Use Integrated Windows Authentication if you have Windows-based clients that do not utilize encryptin. Integrated Windows Authentication provides both security and efficient communication because the password is transmitted in encrypted form. For clients running Windows 2000 Server and above, Kerberos is used.

SMTP virtual servers can use Transport Layer Security (TLS) encryption to encrypt and secure mail messages passed between the client and the server. TLS encryption encrypts the entire TCP/IP session between the client and the server. Before you can use TLS encryption, you have to obtain a X.509 SSL certificate from a trusted CA and install it on the server.

How to configure a SMTP connector

  1. Open Exchange System Manager.
  2. Navigate to the Connectors folder.
  3. Right-click Connectors and select New and then select SMTP Connector from the shortcut menu.
  4. The SMTP Connector Properties dialog box opens.
  5. In the Local Bridgeheads area, click the Add button.
  6. The Add Bridgehead dialog box opens.
  7. Select the SMTP virtual server and then click OK.
  8. Provide a name for the new SMTP connector in the Name box.
  9. Click the Address Space tab.
  10. Click the Add button.
  11. The Add Address Space dialog box opens.
  12. Click SMTP and click OK.
  13. Ensure that Mail Domain is set to * in the Internet Address Space Properties dialog box. This signifies that outbound SMTP e-mail will use the SMTP connector. Click OK.
  14. Click OK in the SMTP Connector Properties dialog box.

How to configure authentication for incoming messages

  1. Open Exchange System Manager.
  2. Expand the Protocols folder and then expand the SMTP folder.
  3. Right-click the SMTP virtual server and select Properties from the shortcut menu.
  4. Click the Access tab.
  5. In the Access Control area of the tab, click Authentication.
  6. The authentication options are:
    • Anonymous Access
    • Basic Authentication – Requires TLS Encryption
    • Integrated Windows Authentication
  1. Click OK in the Authentication dialog box.
  2. Click OK in the SMTP virtual server Properties dialog box.

How to configure TLS encryption

  1. Open Exchange System Manager.
  2. Expand the Protocols folder and then expand the SMTP folder.
  3. Right-click the SMTP virtual server and select Properties from the shortcut menu.
  4. Click the Access tab.
  5. In the Secure Communication area of the tab, click Certificate.
  6. Initiate the Web Server Certificate Wizard to obtain a new certificate.
  7. After completing the Web Server Certificate Wizard, click Apply to save all changes.
  8. On the Access tab, in the Access Control area of the tab, click Authentication.
  9. If you have selected Basic Authentication, select the Requires TLS Encryption checkbox.
  10. Click OK.
  11. In the Secure Communication area of the Access tab, click Communication.
  12. Select the Require Secure Channel checkbox.
  13. Select the Require 128-bit Encryption checkbox.
  14. Click OK.
  15. Click OK in the SMTP virtual server Properties dialog box.

How to prevent users from sending Internet e-mail

  1. Open Exchange System Manager.
  2. Navigate to and expand the Connectors folder.
  3. Right-click the SMTP Connector in the details pane and then select Properties from the shortcut menu.
  4. The SMTP Connector Properties dialog box opens.
  5. Click Delivery Restritions on the General tab.
  6. In the Reject Messages From area of the Delivery Restrictions tab, click the Add button.
  7. The Select Recipient box opens.
  8. Enter the username of those users that you want to prevent from sending Internet e-mail.
  9. Click OK.
  10. Click OK in the SMTP Connector Properties dialog box.

How to disable open relaying

  1. Open Exchange System Manager.
  2. Expand the Protocols folder and then expand the SMTP folder.
  3. Right-click the SMTP virtual server and select Properties from the shortcut menu.
  4. The SMTP virtual server Properties dialog box opens
  5. Click the Access tab.
  6. Click Relay.
  7. The Relay Restrictions dialog box opens. This is where you can configure all Access Control options.
  8. Ensure that the computers that are allowed to relay e-mail messages is set to Only The List Below. The list should be blank.
  9. The Allow All Computers Which Successfully Authenticate To Relay, Regardless Of The List Above checkbox should be disabled/clear.
  10. Click OK in the Relay Restrictions dialog box.
  11. Click OK in the SMTP virtual server Properties dialog box.

How to configure a SMTP connector to override default relay settings defined on the SMTP virtual server

  1. Open Exchange System Manager.
  2. Navigate to and expand the Connectors folder.
  3. Right-click the SMTP Connector in the details pane and then select Properties from the shortcut menu.
  4. The SMTP Connector Properties dialog box opens.
  5. Click the Address Space tab.
  6. Select the Allow Messages To Be Relayed To These Domains checkbox.
  7. Click OK.
  8. Click OK to the message displayed, warning that the default restrictions for relaying on the SMTP virtual server will be overridden.

How to associate a MIME type with an extension

When a MAPI message is sent to a internet client by SMTP, SMTP uses the extension of the attachment file to determine and assign a content type to attachments. You can however configure MIME types and associate it with an extension

To associate a MIME type with an extension;

  1. Open Exchange System Manager.
  2. Double-click Global Settings.
  3. Right-click Internet Message Formats and select Properties from the shortcut menu.
  4. Double-click a content type.
  5. If you want to change the content type, then select the new content type in the Type drop-down list box.
  6. If you want to change the extension, then select the new extension in the Associated Extension box.
  7. If you want to associate a new content type to an extension, select the new content type in the Type drop-down list box and then provide the file extension in the Associated Extension box.
  8. Click OK.

How to create a SMTP policy for a domain

  1. Open Exchange System Manager.
  2. Double-click Global Settings.
  3. Right-click Internet Message Formats and select New and then select Domain from the shortcut menu.
  4. In the Name box, on the General tab, enter the name of the new policy.
  5. In the SMTP Domain box, enter the DNS name of the domain.
  6. Click the Message Format tab.
  7. In the Message Encoding area of the tab, select between the following options:
    • MIME
    • UUEncode
  1. After selecting the MIME option, you can select between the following options:
    • Provide essage Body As Plain Text option
    • Provide Message Body As HTML option
    • Both of these.
  1. After selecting the UUEncode option, you can select the Use BinHex For Macintosh option.
  2. Click the Advanced tab.
  3. To send all messages in RTF, select the Always Use option.
  4. To encode messages in MIME with HTML, select the Never Use option.
  5. To send text in the original format with no forcing of line breaks, select the Never Use in Message Text Word Wrap option.
  6. To limit message text to a specific column, select the Use At Column option and then specify the number of the column.
  7. To notify the sender that the recipient is out of office, select the Allow Out Of Office Responses option.
  8. To notify the sender that a message was received, select the Allow Automatic Replies option.
  9. To transmit duplicate messages to different recipients, select the Allow Automatic Forward option.
  10. To allow senders in a SMTP domain to receive delivery reports when they send mail, select the Allow Delivery Reports option.
  11. To allow senders in a SMTP domain to receive non-delivery reports when they send mail, select the Allow Non-Delivery Reports option.
  12. To display the name of the sender as it is recorded in the Address book, select the Preserve Sender’s Display Name On Message option.
  13. Click OK.

How to create mailbox-enabled users

Mailbox-enabled users have to be created for IMAP4 clients and POP3 clients.

  1. Open the Active Directory Users And Computers console.
  2. Expand the domain.
  3. Right-click the Users folder and select New and then select User from the shortcut menu.
  4. Provide the name of the user in the Full Name box.
  5. Provide the login name in the User Logon Name box. Click Next.
  6. Ensure that the User Must Change Password At Next Logon check box is clear.
  7. Select the User Cannot Change Password checkbox.
  8. Select the Password Never Expires checkbox. Click Next.
  9. The Create An Exchange Mailbox checkbox should be enabled. Click Next.
  10. Click Finish.

How to configure an IMAP4 client

The following set of information has to be provided when you configure an IMAP4 client:

  • IMAP4 account name
  • IMAP4 server name
  • IMAP4 e-mail address
  • SMTP server name

To configure the IMAP4 client;

  1. Open the Active Directory Users And Computers console.
  2. Navigate to the Users container.
  3. Right-click the mailbox-enabled user in the details pane and select Properties from the shortcut menu.
  4. Click IMAP4 on the Exchange Features tab.
  5. Click Properties.
  6. To configure client settings, uncheck the Use Protocol Defaults checkbox.
  7. The MIME Encoding options that you can configure are:
    • Provide Message Body As Plain Text option
    • Provide Message Body As HTML option
    • Both of these.
  1. You can set the Default Character Set setting.
  2. If you enable the Use Microsoft Exchange Rich Text Format setting, then the IMAP4 clients will receive messages in RTF.
  3. To enhance the speed of message retrieval for those clients that do not need exact message size, select the Enable Fast Message Retrieval option.
  4. Click OK.
  5. Click OK again.

How to configure a POP3 client

The following set of information has to be provided when you configurea POP3 client:

  • POP3 account name
  • POP3 server name
  • POP3 e-mail address
  • POP3 server name

To configure the POP3 client;

  1. Open the Active Directory Users And Computers console.
  2. Navigate to the Users container.
  3. Right-click the mailbox-enabled user in the details pane and select Properties from the shortcut menu.
  4. Click POP3 on the Exchange Features tab.
  5. Click Properties.
  6. To configure client settings, uncheck the Use Protocol Defaults checkbox.
  7. The MIME Encoding options that you can configure are:
    • Provide Message Body As Plain Text option
    • Provide Message Body As HTML option
    • Both of these.
  1. You can select uuencode and then select BinHex for Macintosh.
  2. You can set the Default Character Set setting.
  3. If you enable the Use Microsoft Exchange Rich Text Format setting, then the POP3 clients will receive messages in RTF.
  4. Click OK.
  5. Click OK once more.