Fatbrain Review There couldn`t be anything better than this training kit. Straight from Microsoft, this book is designed for system engineers and Webmasters who host Web sites with Microsoft Internet solutions. With step-by-step lessons and lab exercises, this self-paced learning guide teaches you how to install, configure and support Microsoft Internet Information Server 4.0 and Microsoft Proxy Server 2.0. It also helps you prepare for MCP exams 70-087 and 70-088.
The Microsoft Internet Information Server 4.0 Training booklet walks you through the basics of installation, configuration and architecture. It addresses security aspects, ODBC support, Active Server Pages and content analyzer. The Microsoft Proxy Server 2.0 Training booklet provides lessons on installation, configuration, troubleshooting and basic architecture. Coverage includes Internet access control, cache configuration, caching across multiple computers and interoperability.
The two accompanying CD-ROMs provide an evaluation edition of Microsoft Windows NT Server 4.0, Microsoft Internet Information Server 4.0, Microsoft Internet Explorer 4.0 and Microsoft Proxy Server 2.0.
Read an Excerpt
Chapter 7: Establishing Microsoft SMTP Service
You can use this property sheet to specify the methods for anonymous access and authentication control, and to set the secure communication method. You can also use this sheet to set IP address and domain name restrictions, and to grant or deny permissions to relay e-mail through the SMTP site.
The Anonymous Access and Authentication Control option allows you to enable anonymous access and edit the authentication methods for this resource. Click Edit to select one of more authentication methods from the following options:
- Allow Anonymous Access. This option requires no user name or password for access to the resource.
- Basic Authentication. This option allows client authentication with password sent over the network in clear text using standard commands.
- Windows NT Challenge/Response. This option allows the client and server to negotiate the Windows NT Systems Security Provider Interface using Windows NT Challenge/Response.
The Secure Communication option sets the secure communication method used when the SMTP site is accessed. Once a valid key certificate from a certificate authority is installed on your virtual server, you can require that access to your virtual directory takes place on a secure channel.
You can use the IP Address and Domain Name Restrictions properties to block individuals or groups from gaining access to your server, or to grant access only to specific individuals or groups. Click Edit to set the defaults for your service.
By default, all computers are:
- Granted access. Select this option to grant access to all computers by default. Click Add to list those computers that are denied access by exception.
- Denied access. Select this option to deny access to all computers by default. Click Add to list those computers that are granted access by exception.
The Relay Restrictions properties determine whether to grant or deny permission to relay e-mail through the SMTP site. Click Edit to set the defaults for your service.
By default, all computers are:
- Allowed to relay. Select this option to allow all computers to relay e-mail by default. Click Add to list those computers that, by exception, are not allowed to relay e-mail.
- Not allowed to relay. Select this option not to allow all computers to relay e-mail by default. Click Add to list those computers that, by exception, are allowed to relay e-mail.
- Allow any computer that successfully authenticates to relay. Select this option to override the default for any computer that authenticates itself successfully.
SMTP site access protection is available on several levels. To start, you can grant or deny access for specific computers or networks. For computers allowed access, you can require that SSL is used for all transmissions sent to the server. Finally, you can grant or deny access to specific user accounts. Not all of these options have to be enabled. You can choose how secure you want the SMTP site to be and use the security options to obtain the level of protection you need.
There are two property sheets available for setting security options. The Operators property sheet enables you to designate permissions for specific user accounts, and the Directory Security property sheet provides settings for SSL. It also includes IP access restrictions in Internet Service Manager, but not Internet Service Manager (HTML). Settings on these property sheets apply to all domains on the site.
You can designate which user accounts can have operator permissions for the SMTP site. Once Windows NT user accounts are set up, you can easily grant permissions by selecting the accounts from a list of site operators. These permissions can be rescinded just as easily by removing the account from the list of site operators.
You can require that all clients use SSL to connect to the server managed through the default SMTP site. This option secures the connection, but is not used for authentication.
To use SSL for the server, you must create key pairs and configure key certificates. Clients can then use SSL to submit encrypted messages to Microsoft SMTP Service, which Microsoft SMTP Service can then decode. Microsoft SMTP Service can also use SSL to encrypt messages sent to remote servers.
There are two additional SSL options available. To use SSL for all outgoing connections, you can select Always Use SSL on the Delivery property sheet. Also, if a server you commonly connect to requires the use of SSL for all incoming connections, you can create a remote domain and select Use SSL on the Domain Properties property sheet.
Monitoring the SMTP Service
You can use transaction logging to track individual message transactions, including time of receipt, delivery to a local mailbox, and recipient access. From the SMTP Site property sheet, you can choose which logging format to use for recording information about SMTP Service. From the format list, select a logging format. The default format is the Microsoft IIS Log File Format.
- Microsoft logging. A fixed ASCII format and the default option.
- Extended logging. An ASCII format that can be customized. You choose the items you want to track.
- NCSA logging. A fixed ASCII format common to the NCSA.
You can install SMTP Service when you install Internet Information Server. To configure SMTP Service, open Internet Service Manager and use the SMTP Site, Operators, Messages, Delivery, and Directory Security property sheets. SMTP Service provides site access protection, and you can use transaction logging to monitor message transactions....