Chapter 11, Internet-Based Client Access |1| Chapter Overview Support for Internet Protocols Configuring Virtual Protocol Servers Chapter 11, Lesson 1 |2| Support for Internet Protocols |3| 1. Simple Mail Transfer Protocol (Port 25) A. B. C. |4| 2. Post Office Protocol Version 3 (Port 110) A. B. C. |5| |6| 3. B. 4. POP3 commands and responses are described in RFC 1939. The three POP3 session states are referred to as Authorization, Transaction, and Update. The POP3 server is for reading mail, and the SMTP server is for sending mail. They don’t necessarily need to be the same server. Internet Mail Access Protocol Version 4 (Port 143) A. |7| Sending messages using SMTP SMTP Service Extensions (ESMTP) 1. Defines a set of commands that are supported during an SMTP session (which are described in RFC 821) 2. Extends the commands to include support for setting message size limits on incoming messages and for delivery/read requests on sent messages, (which are described in RFC 1869) Name resolution 1. Active Directory performs name resolution between Microsoft Exchange 2000 servers in the same organization. 2. The Domain Name System (DNS) is used for name resolution when using the Internet through the use of mail exchanger (MX) records. a. MX records are DNS entries that define the mail servers within an organization. b. Multiple MX records can exist within an organization, providing round-robin load balancing and fault tolerance. The four IMAP4 session states are referred to as Non-Authenticated, Authenticated, Selected, and Logout. Commands and responses are described in a series of RFCs, most importantly RFC 2060. Network News Transfer Protocol (Port 119) A. B. C. Newsgroups are public folders that contain discussion threads and are replicated throughout the USENET. Newsreaders are client software used to read the posts within a newsgroup. Outlook Express is a good example of a newsreader. A newsfeed is a connection to your ISP or USENET that is a request for a copy of a particular public folder or newsgroup. 1. 2. 3. |8| 5. Hypertext Transfer Protocol (Port 80) A. B. |9| |10| 6. Push feeds are initiated by the ISP with update intervals set by the ISP. By default, the ISP will include as many newsgroups as it chooses. Pull feeds are initiated by the local host with update intervals set by the local host. Pull feeds allow you to select the newsgroups that will be included in the feed. In both types of feeds, the data is stored in the public store on the Exchange server. Types of Uniform Resource Identifiers (URIs) 1. A Uniform Resource Locator (URL) identifies a resource through its location, or path, on the network. 2. A Uniform Resource Name (URN) identifies a resource by its globally unique distinguished name. Microsoft Exchange 2000 Web Storage System 1. Web Distributed Authoring and Versioning (WebDAV) allows users to access documents stored on the Exchange server by providing the URL for the document in their Web browser. 2. Exchange Installable File System (ExIFS) allows users to access their mailbox and public folders using most applications just as they would access any other shared network drive. Lightweight Directory Access Protocol (Port 389) A. B. |11| LDAP features 1. Basic Encoding Rules (BER) is used at the transport (Transmission Control Protocol, or TCP) layer to provide security for directory lookups. 2. LDAP supports the X.500 distinguished name model, making LDAP a perfect match with Exchange 2000 Server. 3. Exchange 2000 Server offers support for LDAP, version 3. LDAP and Microsoft Windows 2000 Active Directory Directory Service 1. The default LDAP port, TCP port 389, will search Active Directory domain controllers, thereby returning search results from the home domain only. 2. The port used to search the Global Catalog is TCP port 3268 and returns results from the entire forest. Chapter 11, Lesson 2 Configuring Virtual Protocol Servers |12| 1. Protocol Virtual Server Configurations A. B. C. D. 2 A default virtual server exists for each protocol. Additional virtual servers can be created when you have different security requirements or message format requirements for your users. A unique IP address and port number combination must exist for each protocol virtual server. Metabase and Active Directory directory service Outline, Chapter 11 Microsoft Exchange 2000 Server Implementation and Administration 1. 2. 3. |13| 2. Authentication Methods A. B. C. D. 3. B. C. |15| 4. Anonymous Access is supported for public folders through HTTP and NNTP. 1. Enable anonymous access at the protocol using Exchange System Manager. 2. Make sure there is an anonymous account listed. The default is IUSR_<SERVERNAME>. 3. You must define what the permissions are for anonymous users on each folder. Basic Authentication allows your users to access Exchange 2000 resources over the Internet with not-so-secure password encoding. This is turned on by default, but, if possible, it should be turned off. Digest Authentication is typically turned on through a Group Policy when you support Instant Messaging users who access their home server using an HTTP proxy. Integrated Windows Authentication offers support for NTLM or, if the client is using Windows 2000 with a supported Web browser, Kerberos authentication. Setting Security Options A. |14| Internet Information Services (IIS) stores configuration information in the metabase. Exchange 2000 Server stores configuration information in Active Directory. Because the metabase update service overwrites Active Directory changes into the metabase, be sure to configure your Internet protocols from within Exchange System Manager when possible. Some configuration changes can be made only in IIS. Secure Sockets Layer (SSL) resides just above the transport layer. 1. Uses X.509 certificates obtained from either a local or an online certificate authority (CA) to establish a secure communication channel 2. Allows for basic authentication to occur over an encrypted channel You can install a security certificate on the server by using the Access tab on the POP3, IMAP4, SMTP, and NNTP virtual servers. Enforcing a secure communication 1. You can map a certificate to a particular NNTP user on the Authentication button of the Access tab for the virtual server properties. 2. You can map a certificate to a particular HTTP user on the Web site’s Directory Security tab in Internet Services Manager. Configuring NNTP Virtual Servers A. Newsgroups 1. Hierarchies are created using Exchange System Manager either in the Default NNTP Virtual Server container or in the Folders container in Internet Newsgroups under Public Folders. They can be accessed using Outlook or any newsreader, such as Internet Express. Outline, Chapter 11 Microsoft Exchange 2000 Server Implementation and Administration 3 2. B. C. D. E. |16| Set message size limits on the Settings tab of the default NNTP virtual server. 3. Configure the properties for the public folder in the Public Folder Store. 4. Configure newsgroup public folders in Outlook once you give yourself the Owner role in the properties for the public folder in the Public Folder Store. 5. Setting up moderated newsgroups allows you to monitor the posts to the newsgroup. Only the specified moderators have permission to write to the newsgroup. a. Configure the newsgroup in Exchange System Manager. b. Configure the public folder in Outlook. Newsfeeds 1. Creating newsfeeds a. Peer is the typical setting for USENET. b. Master is the setting for a server that accepts changes, assigns an ID to them, and then replicates to the slave servers. c. Slave is the setting to choose if you want users to connect to this server but you don’t want new articles to be sent here. 2. Manage your newsfeedsthrough the property pages of the newsfeed. 3. Control inbound newsgroups by deselecting Enable Feed on the General tab. Age limits 1. Use Newsgroup Expiration Policies in the NNTP virtual server. 2. Set at the Information Store. Age limits set at the Information Store override Expiration Policies. By creating virtual directories, you can store news content across multiple directories. Users can be disconnected using the Current Sessions container in the virtual server. Chapter Summary Support for Internet Protocols Configuring Virtual Protocol Servers 4 Outline, Chapter 11 Microsoft Exchange 2000 Server Implementation and Administration