CYA: Securing IIS 6.0: Cover Your A** By Getting It Right the First Time

Windows Server 2003 provides e-mail services compromising both a Simple Mail Transfer Protocol (SMTP) server (for delivering mail), and a Post Office Protocol v3 (POP3) server (for hosting user mailboxes). Together these provide a complete e-mail service that allows users to send and retrieve mail. Like previous versions of IIS, the SMTP service is part of IIS. The POP3 server is new in Windows Server 2003, and is not part of IIS 6.0 itself. However many systems administrators will use the SMTP server in conjunction with the POP3 server, so we will examine it briefly here.
Configuring SMTP Virtual Servers
SMTP Virtual Server Security
Configuring and Securing the POP3 Server
By the end of this chapter, you will know how to install and configure the SMTP and POP3 servers, and you will be familiar with the security options that each offers. We will also look at connection controls that can limit the machines that can connect to your servers, transport layer security for encrypting message delivery, and authentication mechanisms for your users.
SMTP is the protocol used to deliver e-mail across the Internet. When a user sends e-mail from an e-mail client, SMTP is used to convey the e-mail message from the user s computer to the organization s or ISP s SMTP server. This SMTP server then forwards the mail to the e-mail recipient s e-mail server using SMTP.
IIS 6.0 includes an SMTP service, which can be installed to facilitate the delivery...