HOW TO: Configure SMTP Message Screener in ISA Server 2000

This step-by-step article describes how to configure Simple Mail Transfer Protocol (SMTP) Message Screener in Internet Security and Acceleration (ISA) Server 2000. ISA Server is a firewall and Web caching server program. You can also use ISA Server to screen e-mail messages that enter the internal network. The e-mail message screening functionality is a feature of ISA Server SMTP Message Screener. SMTP Message Screener is an optional component that is not automatically installed if you perform a typical ISA Server installation.

You must install SMTP Message Screener on a computer that is running the Internet Information Services (IIS) 5.0 SMTP service. SMTP Message Screener uses Distributed Component Object Model (DCOM) to communicate with the ISA Server SMTP filter.

You can install SMTP Message Screener on any of the following locations:

• The ISA Server-based computer
• A separate IIS 5.0-based computer on the internal network
• The e-mail server

This article describes how to set up SMTP Message Screener on a separate IIS 5.0-based computer that is situated on the internal network.

How to Install SMTP Message Screener on an IIS 5.0 SMTP Server

1. Insert the ISA Server compact disc (CD) into the CD drive, and then let it autorun.
   
   If you do not have the ISA Server CD, double-click ISAautorun.exe.
2. Start the installation of ISA Server, and then click Custom installation.
3. Click to clear the ISA Services check box, click Administration Tools, and then click Change.
4. Click to select the ISA Management check box, click to clear the H.323 Gatekeeper Administration Tool check box, and then click OK.
5. Click to select the Add-in Services check box, and then click Change.
6. Click to clear the Install H.323 Gatekeeper Service check box, and then click to select the Message Screener check box.
7. Click OK, and then click Continue.
8. Restart the computer after the SMTP Message Screener installation process is finished.

How to Enable the SMTP Application Filter in ISA Server

1. Start the ISA Management snap-in, click to expand your server name, click to expand Extensions, and then click Application Filters.
2. Right-click SMTP Filter, and then click Enable.
3. Click Save changes and restart the service(s), and then click OK.

How to Configure the Internal IIS 5.0 SMTP Server

If you configure the SMTP server with a remote domain that accepts mail for your mail domain, unauthorized users cannot use your server as a relay to send junk e-mail (spam). The remote domain is configured to relay mail to the internal mail server. To configure the internal IIS 5.0 SMTP server:

1. Click Internet Services Manager on the Administrative Tools menu.
2. Click to expand Default SMTP Virtual Server, right-click Domains, click New, and then click Domain.
3. After the New SMTP Domain Wizard starts, click Remote, and then click Next.
4. On the Select Domain Name page, type the domain name for the domain on which your mail server accepts mail.
   
   For example, if you want the IIS 5.0 SMTP server to accept only mail that is sent to domain.com, create a remote domain for domain.com. Messages that are destined for other domains are rejected.
5. Click Finish.
6. Double-click the remote domain, and then click Forward all mail to smart host.
7. Type the Internet Protocol (IP) address of your internal mail server.
   
   NOTE: Surrounded the IP address with brackets ([ ]).
8. Click Allow incoming mail to be relayed to this domain, and then click OK.
9. Stop and start the SMTP service.

How to Use the SMTPCred.exe Tool to Configure Permissions on the IIS 5.0-Based Server

NOTE: Only use the SMTPCred.exe tool if the ISA Server is installed as a Stand-Alone ISA Server. If the ISA Server is installed as a member of an Array, do not use the SMTPCred.exe tool. When ISA Server is installed in an Array, ISA Server retrieves the settings from Active Directory.

1. On the IIS 5.0-based server, start the SMTPCred.exe tool.
   
   NOTE: By default, the SMTPCred.exe tool is located in the following the ISA Server installation folder:
   C:\Program Files\Microsoft ISA Server
2. Type the name of the ISA Server-based computer in the ISA Server box.
3. Do not change the default time period settings that the remote server uses to retrieve settings.
4. Type a user name in the User name box, type a domain name in the Domain box, type the password of the user in the Password box, and then click OK.
   
   NOTE: Type a password of a user who has administrator access to the ISA Server-based computer. The SMTP server that is running SMTP Message Screener uses these credentials to communicate with the ISA Server-based computer.

How to Configure DCOM Permissions in ISA Server

1. Click Start, click Run, type dcomcnfg.exe in the Open box, and then click OK.
2. Click the Applications tab, click VendorData class, and then click Properties.
3. Click the Security tab, and then click Use custom access permissions.
4. Click Edit, click Add, click Everyone, click OK, and then click OK.
5. Click the following options on the Security tab, and then repeat step 4 for each of these options:
   • Use custom launch permissions
   • Use custom configuration permissions
   
   
6. Restart the ISA Server-based computer, and then restart the IIS 5.0 SMTP server.

Troubleshooting

SMTP Message Screener does not have a configuration interface. To configure the types of messages that are filtered by SMTP Message Screener, use the SMTP application filter. For more information about how to configure the SMTP application filter, refer to ISA Server Online Help.