This step-by-step article describes how to configure Simple
Mail Transfer Protocol (SMTP) Message Screener in Internet Security and
Acceleration (ISA) Server 2000. ISA Server is a firewall and Web caching server
program. You can also use ISA Server to screen e-mail messages that enter the
internal network. The e-mail message screening functionality is a feature of
ISA Server SMTP Message Screener. SMTP Message Screener is an optional
component that is not automatically installed if you perform a typical ISA
You must install SMTP Message Screener on a
computer that is running the Internet Information Services (IIS) 5.0 SMTP
service. SMTP Message Screener uses Distributed Component Object Model (DCOM)
to communicate with the ISA Server SMTP filter.
You can install SMTP
Message Screener on any of the following locations:
- The ISA Server-based computer
- A separate IIS 5.0-based computer on the internal
- The e-mail server
This article describes how to set up SMTP Message Screener on a
separate IIS 5.0-based computer that is situated on the internal
How to Install SMTP Message Screener on an IIS 5.0 SMTP Server
- Insert the ISA Server compact disc (CD) into the CD drive,
and then let it autorun.
If you do not have the ISA Server CD,
- Start the installation of ISA Server, and then click Custom installation.
- Click to clear the ISA Services check box, click Administration Tools, and then click Change.
- Click to select the ISA Management check box, click to clear the H.323 Gatekeeper
Administration Tool check box, and then click OK.
- Click to select the Add-in Services check
box, and then click Change.
- Click to clear the Install H.323 Gatekeeper
Service check box, and then click to select the Message Screener check box.
- Click OK, and then click Continue.
- Restart the computer after the SMTP Message Screener
installation process is finished.
How to Enable the SMTP Application Filter in ISA Server
- Start the ISA Management snap-in, click to expand your
server name, click to expand Extensions, and then click Application Filters.
- Right-click SMTP Filter, and then click Enable.
- Click Save changes and restart the
service(s), and then click OK.
How to Configure the Internal IIS 5.0 SMTP Server
If you configure the SMTP server with a remote domain that
accepts mail for your mail domain, unauthorized users cannot use your server as
a relay to send junk e-mail (spam). The remote domain is configured to relay
mail to the internal mail server. To configure the internal IIS 5.0 SMTP
- Click Internet Services Manager on the Administrative Tools menu.
- Click to expand Default SMTP Virtual
Server, right-click Domains, click New, and then click Domain.
- After the New SMTP Domain Wizard starts, click Remote, and then click Next.
- On the Select Domain Name page, type the domain name for the domain on which your mail
server accepts mail.
For example, if you want the IIS 5.0 SMTP
server to accept only mail that is sent to
domain.com, create a
remote domain for
domain.com. Messages that
are destined for other domains are rejected.
- Click Finish.
- Double-click the remote domain, and then click
Forward all mail to smart host.
- Type the Internet Protocol (IP) address of your internal
NOTE: Surrounded the IP address with brackets ([ ]).
- Click Allow incoming mail to be relayed to this
domain, and then click OK.
- Stop and start the SMTP service.
How to Use the SMTPCred.exe Tool to Configure Permissions on the IIS 5.0-Based ServerNOTE
: Only use the SMTPCred.exe tool if the ISA Server is installed as
a Stand-Alone ISA Server. If the ISA Server is installed as a member of an
Array, do not use the SMTPCred.exe tool. When ISA Server is installed in an
Array, ISA Server retrieves the settings from Active Directory.
- On the IIS 5.0-based server, start the SMTPCred.exe tool.
NOTE: By default, the SMTPCred.exe tool is located in the following
the ISA Server installation folder:
C:\Program Files\Microsoft ISA Server
- Type the name of the ISA Server-based computer in the ISA Server box.
- Do not change the default time period settings that the
remote server uses to retrieve settings.
- Type a user name in the User name box, type a domain name in the Domain box, type the password of the user in the Password box, and then click OK.
NOTE: Type a password of a user who has administrator access to the
ISA Server-based computer. The SMTP server that is running SMTP Message
Screener uses these credentials to communicate with the ISA Server-based
How to Configure DCOM Permissions in ISA Server
- Click Start, click Run, type dcomcnfg.exe in the Open box, and then click OK.
- Click the Applications tab, click VendorData class, and then click Properties.
- Click the Security tab, and then click Use custom access permissions.
- Click Edit, click Add, click Everyone, click OK, and then click OK.
- Click the following options on the Security tab, and then repeat step 4 for each of these options:
- Use custom launch
- Use custom configuration
- Restart the ISA Server-based computer, and then restart the
IIS 5.0 SMTP server.
SMTP Message Screener does not have a configuration interface. To
configure the types of messages that are filtered by SMTP Message Screener, use
the SMTP application filter. For more information about how to configure the
SMTP application filter, refer to ISA Server Online Help.
Article ID: 315132 - Last Review: April 28, 2003 - Revision: 2.3
- Microsoft Internet Security and Acceleration Server 2000 Standard Edition
|kbhowto kbhowtomaster KB315132|