SMTP site access protection is available on several levels. To start, you can grant or deny access to specific computers or networks. For computers allowed access, you can require that SSL used for all transmissions sent to the server. Finally, you can grant or deny access to specific user accounts. Not all these options have to be enabled. You can choose how secure you want the SMTP site to be and use the security options to obtain the level of protection needed.
About Security Settings
There are three property sheets available for setting security options. With the Operators property sheet, you can designate permissions for specific user accounts. The Delivery property sheet, Outbound Security button, allows you to enable TLS encryption. The Directory Security property sheet provides settings for SSL. It also includes IP access restrictions in Internet Service Manager, but not Internet Service Manager (HTML). Settings on these property sheets apply to all domains on the site.
Setting Operator Permissions
You can designate which user accounts can have operator permissions for the SMTP site. Once Windows NT accounts are set up, you can easily grant permissions by selecting the accounts from a list. These permits can be rescinded just as quickly by removing the account from the list of site operators.
Requiring SSL for Incoming Connections
You can require that all clients use SSL to connect to the server managed through the default SMTP site. This option secures the connection but not used for authentication.
To use SSL for the server, you must create key pairs and configure key certificates. Clients can then use SSL to submit encrypted messages to Microsoft SMTP Service, which Microsoft SMTP Service can then decode. Microsoft SMTP Service can also use SSL to encrypt messages sent to remote servers.
To use TLS for all outgoing connections, on the Delivery tab, click the Outbound Security button. In the Outbound Security dialog box, select the TLS Encryption options.
If you don't want to use TLS but a server you commonly connect to requires the use of TLS for all incoming transmissions, clear the TLS encryption check box. You can then create a remote domain for the remote site and select the TSL encryption check box under the Outbound Security on that specific Domain Properties property sheet.
You can use transaction logging to track individual message operations, including time of receipt, delivery to a local mailbox, and recipient access. From the SMTP Site property sheet, you can choose which logging format to uses for recording information about SMTP Service. From the Format list, select a logging format. The default format is the Microsoft US Log Format.
- Microsoft Logging – A fixed ASCII format.
- W3C Extended Logging – An ASCII format that can be customized. You choose the items you want to track.
- NCSA Logging – A fixed ASCII format standard to the National Center for Supercomputing Applications (NCSA).
- ODBC Logging – Enables you to log to an ODBC database