To configure a mail server, start the Configure Your Server Wizard by doing either of the following:
From Manage Your Server, click Add or remove a role. By default, Manage Your Server starts automatically when you log on. To open Manage Your Server, click Start, click Control Panel, double-click Administrative Tools, and then double-click Manage Your Server.
To open the Configure Your Server Wizard, click Start, click Control Panel, double-click Administrative Tools, and then double-click Configure Your Server Wizard.
On the Server Role page, click Mail server (POP3, SMTP), and then click Next.
This section covers:
Configure POP3 Service
On the Configure POP3 Service page, under Authentication method, click the appropriate method for your deployment. The Windows Server 2003 family supports the authentication methods listed in the following table.
Use this authentication method
When
Local Windows accounts
Your mail server is not an Active Directory member server, and you want to store user accounts on the server on which the POP3 service is installed
Active Directory-Integrated
Your mail server is a domain controller or a member server
Encrypted Password File
Your mail server is not using Active Directory, or you do not want to have user accounts for the POP3 service on the local computer
The authentication methods that are available to you depend on the configuration of your server:
If the computer on which the POP3 service is running is a member server in an Active Directory domain, all three authentication methods are available.
If the computer on which the POP3 service is running is a domain controller, the available authentication methods are Active Directory integrated authentication and encrypted password file authentication.
Otherwise, the available authentication methods are local Windows accounts authentication and encrypted password file authentication.
Under E-mail domain name, type your registered e-mail domain name. You can create additional e-mail domains later by using the POP3 service snap-in or the Winpop command-line tool.
After you finish, click Next
On the Configure POP3 Service page, under Authentication method, click the appropriate method for your deployment. The Windows Server 2003 family supports the authentication methods listed in the following table.
Use this authentication method
When
Local Windows accounts
Your mail server is not an Active Directory member server, and you want to store user accounts on the server on which the POP3 service is installed
Active Directory-Integrated
Your mail server is a domain controller or a member server
Encrypted Password File
Your mail server is not using Active Directory, or you do not want to have user accounts for the POP3 service on the local computer
The authentication methods that are available to you depend on the configuration of your server:
If the computer on which the POP3 service is running is a member server in an Active Directory domain, all three authentication methods are available.
If the computer on which the POP3 service is running is a domain controller, the available authentication methods are Active Directory integrated authentication and encrypted password file authentication.
Otherwise, the available authentication methods are local Windows accounts authentication and encrypted password file authentication.
Under E-mail domain name, type your registered e-mail domain name. You can create additional e-mail domains later by using the POP3 service snap-in or the Winpop command-line tool.
After you finish, click Next
Summary of Selections
On the Summary of Selections page, you can view and confirm the options that you have selected. If you selected Mail server (POP3, SMTP) on the Server Role page, the following appears:
Install POP3 and Simple Mail Transfer Protocol (SMTP) to enable POP3 mail clients to send and receive mail
To apply the selections shown on the Summary of Selections page, click Next. After you click Next, the Configuring Components page of the Windows Components Wizard appears, and then closes automatically. You cannot click Back or Next on this page.
Completing the Configure Your Server Wizard
After the components are configured, the Configure Your Server Wizard displays the This Server is Now a Mail Server page. To review all of the changes made to your server by the Configure Your Server Wizard or to ensure that a new role was installed successfully, click Configure Your Server log. The Configure Your Server Wizard log is located at systemroot\Debug\Configure Your Server.log. To close the Configure Your Server Wizard, click Finish.
At this stage, you have a fully-functioning mail server, but you must also create mailboxes for all of the users in the domain who will be sending or receiving e-mail. Without mailboxes, users cannot send or receive e-mail.
On the Summary of Selections page, you can view and confirm the options that you have selected. If you selected Mail server (POP3, SMTP) on the Server Role page, the following appears:
Install POP3 and Simple Mail Transfer Protocol (SMTP) to enable POP3 mail clients to send and receive mail
To apply the selections shown on the Summary of Selections page, click Next. After you click Next, the Configuring Components page of the Windows Components Wizard appears, and then closes automatically. You cannot click Back or Next on this page.
Completing the Configure Your Server Wizard
After the components are configured, the Configure Your Server Wizard displays the This Server is Now a Mail Server page. To review all of the changes made to your server by the Configure Your Server Wizard or to ensure that a new role was installed successfully, click Configure Your Server log. The Configure Your Server Wizard log is located at systemroot\Debug\Configure Your Server.log. To close the Configure Your Server Wizard, click Finish.
At this stage, you have a fully-functioning mail server, but you must also create mailboxes for all of the users in the domain who will be sending or receiving e-mail. Without mailboxes, users cannot send or receive e-mail.
Creating mailboxes
To send and receive e-mail, each user must have a unique mailbox in the e-mail domain. You can create mailboxes from either the POP3 service MMC snap-in or at the command line. This procedure uses the POP3 service MMC snap-in. For more information about creating mailboxes or administering the POP3 service at the command line, see Winpop. For more information about creating mailboxes, see To create a mailbox.
Step
Comments
Open the POP3 service MMC snap-in.
To open the POP3 service snap-in, click Start, click Control Panel, double-click Administrative Tools, and then double-click POP3 Service.
Notes
To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.
If you are using Active Directory integrated authentication, you must log on to the Active Directory domain, not the local computer, to perform this procedure.
Create one or more mailboxes.
In the console tree, select the e-mail domain that you specified in the Configure Your Server Wizard (for example, example.com). Right-click the e-mail domain, point to New, and then click Mailbox. Provide the following information:
Mailbox Name—the name of the mailbox. The maximum length for a mailbox name is 20 characters for local Windows accounts authentication, and 64 characters for encrypted password file authentication or Active Directory integrated authentication. The minimum length is 1 character.
Password—the password to access the mailbox.
Confirm Password—retype the password that was specified in Password.
If you are using Active Directory integrated authentication or local Windows accounts authentication, select the Create associated user for this mailbox check box, unless a user account already exists with the same name as the mailbox that you want to create. If the check box is already selected, clear it only if an account already exists with the same name as the mailbox that you want to create.
To send and receive e-mail, each user must have a unique mailbox in the e-mail domain. You can create mailboxes from either the POP3 service MMC snap-in or at the command line. This procedure uses the POP3 service MMC snap-in. For more information about creating mailboxes or administering the POP3 service at the command line, see Winpop. For more information about creating mailboxes, see To create a mailbox.
Step
Comments
Open the POP3 service MMC snap-in.
To open the POP3 service snap-in, click Start, click Control Panel, double-click Administrative Tools, and then double-click POP3 Service.
Notes
To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.
If you are using Active Directory integrated authentication, you must log on to the Active Directory domain, not the local computer, to perform this procedure.
Create one or more mailboxes.
In the console tree, select the e-mail domain that you specified in the Configure Your Server Wizard (for example, example.com). Right-click the e-mail domain, point to New, and then click Mailbox. Provide the following information:
Mailbox Name—the name of the mailbox. The maximum length for a mailbox name is 20 characters for local Windows accounts authentication, and 64 characters for encrypted password file authentication or Active Directory integrated authentication. The minimum length is 1 character.
Password—the password to access the mailbox.
Confirm Password—retype the password that was specified in Password.
If you are using Active Directory integrated authentication or local Windows accounts authentication, select the Create associated user for this mailbox check box, unless a user account already exists with the same name as the mailbox that you want to create. If the check box is already selected, clear it only if an account already exists with the same name as the mailbox that you want to create.
Removing the mail server role
If you need to reconfigure your server for a different role, you can remove existing server roles. By removing the mail server role, you will uninstall all mail server components, such as the POP3 service and SMTP service. After the mail server components are uninstalled, users will no longer be able to send or receive e-mail using that server. Any e-mail that is stored on the computer will not be affected by removing the mail server role and will remain in the mail store.
To remove the mail server role, restart the Configure Your Server Wizard by doing either of the following:
From Manage Your Server, click Add or remove a role. By default, Manage Your Server starts automatically when you log on. To open Manage Your Server, click Start, click Control Panel, double-click Administrative Tools, and then double-click Manage Your Server.
To open the Configure Your Server Wizard, click Start, click Control Panel, double-click Administrative Tools, and then double-click Configure Your Server Wizard.
On the Server Role page, click Mail server (POP3, SMTP), and then click Next. On the Role Removal Confirmation page, review the items listed under Summary, select the Remove the mail server role check box, and then click Next. After you click Next, the Configuring Components page of the Windows Components Wizard appears, and then closes automatically. You cannot click Back or Next on this page. On the Mail Server Role Removed page, click Finish.
If you need to reconfigure your server for a different role, you can remove existing server roles. By removing the mail server role, you will uninstall all mail server components, such as the POP3 service and SMTP service. After the mail server components are uninstalled, users will no longer be able to send or receive e-mail using that server. Any e-mail that is stored on the computer will not be affected by removing the mail server role and will remain in the mail store.
To remove the mail server role, restart the Configure Your Server Wizard by doing either of the following:
From Manage Your Server, click Add or remove a role. By default, Manage Your Server starts automatically when you log on. To open Manage Your Server, click Start, click Control Panel, double-click Administrative Tools, and then double-click Manage Your Server.
To open the Configure Your Server Wizard, click Start, click Control Panel, double-click Administrative Tools, and then double-click Configure Your Server Wizard.
On the Server Role page, click Mail server (POP3, SMTP), and then click Next. On the Role Removal Confirmation page, review the items listed under Summary, select the Remove the mail server role check box, and then click Next. After you click Next, the Configuring Components page of the Windows Components Wizard appears, and then closes automatically. You cannot click Back or Next on this page. On the Mail Server Role Removed page, click Finish.
After you complete the Configure Your Server Wizard and create mailboxes, the computer is ready for use as a mail server. Up to this point, you have completed the following tasks:
Installed the POP3 service and the SMTP service.
Configured the POP3 service to use an authentication method.
Created an e-mail domain.
Created mailboxes.
The Configure Your Server Wizard automatically installs the POP3 service MMC snap-in, which you use to manage your mail server. To open the POP3 service snap-in, click Start, click Control Panel, double-click Administrative Tools, and then double-click POP3 Service.
The following table lists additional tasks that you might want to perform on your mail server.
Task
Purpose of task
Reference
Provide users with the procedure to configure their e-mail clients to use the mail server.
To connect to the mail server, the user's e-mail client must be configured specifically for the mail server.
Implement disk quotas.
Disk quotas ensure that the mail store does not use an excessive or unanticipated amount of disk space, which could adversely affect the performance of the server on which the POP3 service is running. You must have an NTFS partition to implement disk quotas. NTFS partitions allow for greater directory and folder security, which better protects e-mail stored on the local hard disk.
Configuring disk quotas for the POP3 service
Configure your mail server to require secure e-mail client authentication.
The POP3 service supports Secure Password Authentication (SPA) for Active Directory integrated authentication and local Windows accounts authentication. Secure Password Authentication requires that all e-mail clients transmit both the user name and password using secure authentication. Secure Password Authentication is more secure than the default of plaintext and, therefore, is recommended over plaintext. Secure Password Authentication must be configured on both the server on which e-mail services are running and on every e-mail client that will connect to the mail server.
Express for Secure Password Authentication!
To configure the mail server to require Secure Password Authentication
Using the Windows interface
Open POP3 service
In the console tree, right-click the computer_name node and click Properties.
Where?
POP3 Service
computer_name
Select Require Secure Password Authentication (SPA) for all client connections.
Important
If you change this parameter, you must stop and restart the POP3 service. For more information on changing the POP3 service state, see Related Topics.
Notes
To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.
To open the POP3 service snap-in, click Start, click Control Panel, double-click Administrative Tools, and then double-click POP3 Service.
SPA supports only Active Directory integrated authentication and local Windows accounts authentication.
If you enable SPA, users' e-mail clients must also be configured to use SPA. For more information, see Related Topics.
If you are using Active Directory integrated authentication, you must log on to the Active Directory domain, not the local computer, to perform this procedure.
Configuring the mail server to require Secure Password Authentication affects only the POP3 service and not the Simple Mail Transfer Protocol (SMTP) service. For more information about the security options for the SMTP service, see Set Security Options.
Using the Windows interface
Open POP3 service
In the console tree, right-click the computer_name node and click Properties.
Where?
POP3 Service
computer_name
Select Require Secure Password Authentication (SPA) for all client connections.
Important
If you change this parameter, you must stop and restart the POP3 service. For more information on changing the POP3 service state, see Related Topics.
Notes
To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.
To open the POP3 service snap-in, click Start, click Control Panel, double-click Administrative Tools, and then double-click POP3 Service.
SPA supports only Active Directory integrated authentication and local Windows accounts authentication.
If you enable SPA, users' e-mail clients must also be configured to use SPA. For more information, see Related Topics.
If you are using Active Directory integrated authentication, you must log on to the Active Directory domain, not the local computer, to perform this procedure.
Configuring the mail server to require Secure Password Authentication affects only the POP3 service and not the Simple Mail Transfer Protocol (SMTP) service. For more information about the security options for the SMTP service, see Set Security Options.
Using a command line
Open Command Prompt.
Type:
winpop set sparequired {01}
Value
Description
winpop set sparequired
Specifies whether Secure Password Authentication is required for all client connections.
{01}
Specifies whether secure authentication is required from all e-mail clients.
The default is 0, which specifies that SPA is not required. 1 requires SPA from all e-mail clients and prevents e-mail clients from authenticating by using plaintext authentication.
Important
If you change this parameter, you must stop and restart the POP3 service. For more information on changing the POP3 service state, see Related Topics.
Notes
To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.
To open a command prompt, click Start, point to All Programs, point to Accessories, and then click Command Prompt.
SPA supports only Active Directory integrated authentication and local Windows accounts authentication.
If you enable SPA, users' e-mail clients must also be configured to use SPA. For more information, see Related Topics.
If you are using Active Directory integrated authentication, you must log on to the Active Directory domain, not the local computer, to perform this procedure.
To view the complete syntax for this command, at a command prompt, type:
winpop set help
Configuring the mail server to require Secure Password Authentication affects only the POP3 service and not the Simple Mail Transfer Protocol (SMTP) service. For more information about the security options for the SMTP service, see Set Security Options.
To configure Outlook Express for Secure Password Authentication
Click Start, point to All Programs, and then click Outlook Express.
On the Tools menu, click Accounts.
In Internet Accounts, click the Mail tab, click the name of your POP3 e-mail account, and then click Properties.
Click the Servers tab, and then click Log on using Secure Password Authentication.
In Account name, type your POP3 service user name not including the domain. For example, if your e-mail address is someone@example.com, you would type:
someone and then click OK. If a naming conflict occurred when the mailbox was created, the user name is the pre-Windows 2000 logon name. For more information about the pre-Windows 2000 logon name, see Notes.
Notes
Secure Password Authentication (SPA) only supports Active Directory integrated authentication and local Windows accounts authentication.
Be sure to update your e-mail client software and client operating system with the latest service pack available.
If you are using an e-mail client other than Outlook Express, check your product documentation for information about how to configure your e-mail client to use Secure Password Authentication (SPA) (also known as NTLM Authentication).
If a dialog box prompts you for your credentials after you configure Outlook Express for SPA, enter your credentials, as described in the following table:
Value
Description
User Name
Your user name, not including the domain. For example, if your e-mail address is someone@example.com, you would type:
someoneIf a naming conflict occurred when the mailbox was created, the user name is the pre-Windows 2000 logon name.
Password
Your password.
Domain
For Active Directory integrated authentication, this is the network basic input/output system (NetBIOS) name of the domain. For local Windows accounts authentication, this is the name of the local computer.
If you are using Active Directory integrated authentication and Secure Password Authentication and a naming conflict occurred when the mailbox was created, the pre-Windows 2000 logon name must be used for e-mail client authentication. To determine the modified logon name, go to the Active Directory Users and Computers snap-in in Administrative Tools. Go to the Users folder, right-click the user account, and then click Properties. Click the Account tab and the modified account name will appear in User logon name (pre-Windows 2000). You must note the pre-Windows 2000 logon name and provide it to the user.
Related Topics
Configuring disk quotas for the POP3 service
Important
You can configure disk quotas only on NTFS file system partitions.
You can use disk quotas to control and limit the amount of disk space individual mailboxes on the mail server can use. This ensures that individual mailboxes, and the mail store in general, do not use excessive or unanticipated amounts of disk space and adversely affect the performance of the server where the POP3 service is running.
For example, if the mail server suddenly receives a large volume of unsolicited e-mail, the mail store expands rapidly and might use all of the available disk space on the hard disk. If you implement quotas, the mail store only expands to the quota limit that you specified. As a result, no more mail is accepted by the server, and the rest of the server still functions normally.
If you are using Active Directory integrated authentication or local Windows accounts authentication, the e-mail delivered to a POP3 service mailbox will have file ownership assigned to the mailbox user by default. A quota file is created in the mailbox directory that contains the security identifier (SID) of the user account associated with the mailbox. File ownership is then assigned to the user account that corresponds to the SID contained in the quota file. The SID is also used by the NTFS file system disk quota system to enforce the quota limits specified on the user account matching the SID. All e-mail transferred to the mailbox's mail store directory is marked with the SID contained in the quota file; this marks the e-mail so it can be monitored by the quota system.
For more information, see Disk quotas.
createquotafile command
If you are using encrypted password file authentication, there is no valid user account for the mailbox that the quota system can use. You can use the createquotafile /user command, however, to manually associate a given mailbox with a valid user account that is configured to have a disk quota. This association is for disk quota purposes only and is separate from mailbox authentication. If you are using Active Directory integrated authentication or local Windows accounts authentication, a quota file is created by default when you create a mailbox.
For more information about the createquotafile command, see To create a quota file.
Configuring domain disk quotas
Although quotas are designed to be implemented on a per-mailbox basis, you can create a domain-wide disk quota.
To create a disk quota for a domain, you must create a new mailbox and user account with an associated quota. The quota file for the new mailbox functions as a template that you can then copy into all of the other mailbox directories in the domain to create a domain-wide quota policy.
The following table describes the steps for creating a domain disk quota.
Step
Reference
Create a new mailbox and user account. When you create the new mailbox, you must also create an associated user account for the mailbox. This account will be used to create a domain-wide quota. Other accounts in the domain can be configured to reference this account and its associated quota. All accounts associated with this account will have their disk usage aggregated under a single quota limit, which will create a domain-wide quota limit.
To create a mailbox
Enable disk quotas for the partition on which the mail store is configured.
To enable disk quotas
Create a quota to be used as the domain quota and assign it to the domain quota account.
To add new quota entries
Do one of the following:
Copy the quota file from the mail store directory of the domain account to the corresponding mail store directory of all the mailboxes in the domain.
Or, using the winpop createquotafile command and the /user: switch, associate one or more accounts in the domain with the domain account and its quota. For more information on the createquotafile command, see To create a quota file.
N/A
Notes
When a mailbox quota is exceeded, the user is not notified. E-mail intended for the user is not accepted, and a Non-Delivery Report (NDR), a notice that the e-mail was not delivered to the recipient, is returned to the sender.
Be sure that users configure their e-mail client to delete from the server any e-mail that has been successfully retrieved. If users leave successfully retrieved e-mail on the server, they can quickly exceed their quota. Users are likely to be unaware of the disk usage and impact of old e-mail stored on the server.
You cannot set quota limits on the accounts of Administrators or members of the Administrators group.
Open Command Prompt.
Type:
winpop set sparequired {01}
Value
Description
winpop set sparequired
Specifies whether Secure Password Authentication is required for all client connections.
{01}
Specifies whether secure authentication is required from all e-mail clients.
The default is 0, which specifies that SPA is not required. 1 requires SPA from all e-mail clients and prevents e-mail clients from authenticating by using plaintext authentication.
Important
If you change this parameter, you must stop and restart the POP3 service. For more information on changing the POP3 service state, see Related Topics.
Notes
To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.
To open a command prompt, click Start, point to All Programs, point to Accessories, and then click Command Prompt.
SPA supports only Active Directory integrated authentication and local Windows accounts authentication.
If you enable SPA, users' e-mail clients must also be configured to use SPA. For more information, see Related Topics.
If you are using Active Directory integrated authentication, you must log on to the Active Directory domain, not the local computer, to perform this procedure.
To view the complete syntax for this command, at a command prompt, type:
winpop set help
Configuring the mail server to require Secure Password Authentication affects only the POP3 service and not the Simple Mail Transfer Protocol (SMTP) service. For more information about the security options for the SMTP service, see Set Security Options.
To configure Outlook Express for Secure Password Authentication
Click Start, point to All Programs, and then click Outlook Express.
On the Tools menu, click Accounts.
In Internet Accounts, click the Mail tab, click the name of your POP3 e-mail account, and then click Properties.
Click the Servers tab, and then click Log on using Secure Password Authentication.
In Account name, type your POP3 service user name not including the domain. For example, if your e-mail address is someone@example.com, you would type:
someone and then click OK. If a naming conflict occurred when the mailbox was created, the user name is the pre-Windows 2000 logon name. For more information about the pre-Windows 2000 logon name, see Notes.
Notes
Secure Password Authentication (SPA) only supports Active Directory integrated authentication and local Windows accounts authentication.
Be sure to update your e-mail client software and client operating system with the latest service pack available.
If you are using an e-mail client other than Outlook Express, check your product documentation for information about how to configure your e-mail client to use Secure Password Authentication (SPA) (also known as NTLM Authentication).
If a dialog box prompts you for your credentials after you configure Outlook Express for SPA, enter your credentials, as described in the following table:
Value
Description
User Name
Your user name, not including the domain. For example, if your e-mail address is someone@example.com, you would type:
someoneIf a naming conflict occurred when the mailbox was created, the user name is the pre-Windows 2000 logon name.
Password
Your password.
Domain
For Active Directory integrated authentication, this is the network basic input/output system (NetBIOS) name of the domain. For local Windows accounts authentication, this is the name of the local computer.
If you are using Active Directory integrated authentication and Secure Password Authentication and a naming conflict occurred when the mailbox was created, the pre-Windows 2000 logon name must be used for e-mail client authentication. To determine the modified logon name, go to the Active Directory Users and Computers snap-in in Administrative Tools. Go to the Users folder, right-click the user account, and then click Properties. Click the Account tab and the modified account name will appear in User logon name (pre-Windows 2000). You must note the pre-Windows 2000 logon name and provide it to the user.
Related Topics
Configuring disk quotas for the POP3 service
Important
You can configure disk quotas only on NTFS file system partitions.
You can use disk quotas to control and limit the amount of disk space individual mailboxes on the mail server can use. This ensures that individual mailboxes, and the mail store in general, do not use excessive or unanticipated amounts of disk space and adversely affect the performance of the server where the POP3 service is running.
For example, if the mail server suddenly receives a large volume of unsolicited e-mail, the mail store expands rapidly and might use all of the available disk space on the hard disk. If you implement quotas, the mail store only expands to the quota limit that you specified. As a result, no more mail is accepted by the server, and the rest of the server still functions normally.
If you are using Active Directory integrated authentication or local Windows accounts authentication, the e-mail delivered to a POP3 service mailbox will have file ownership assigned to the mailbox user by default. A quota file is created in the mailbox directory that contains the security identifier (SID) of the user account associated with the mailbox. File ownership is then assigned to the user account that corresponds to the SID contained in the quota file. The SID is also used by the NTFS file system disk quota system to enforce the quota limits specified on the user account matching the SID. All e-mail transferred to the mailbox's mail store directory is marked with the SID contained in the quota file; this marks the e-mail so it can be monitored by the quota system.
For more information, see Disk quotas.
createquotafile command
If you are using encrypted password file authentication, there is no valid user account for the mailbox that the quota system can use. You can use the createquotafile /user command, however, to manually associate a given mailbox with a valid user account that is configured to have a disk quota. This association is for disk quota purposes only and is separate from mailbox authentication. If you are using Active Directory integrated authentication or local Windows accounts authentication, a quota file is created by default when you create a mailbox.
For more information about the createquotafile command, see To create a quota file.
Configuring domain disk quotas
Although quotas are designed to be implemented on a per-mailbox basis, you can create a domain-wide disk quota.
To create a disk quota for a domain, you must create a new mailbox and user account with an associated quota. The quota file for the new mailbox functions as a template that you can then copy into all of the other mailbox directories in the domain to create a domain-wide quota policy.
The following table describes the steps for creating a domain disk quota.
Step
Reference
Create a new mailbox and user account. When you create the new mailbox, you must also create an associated user account for the mailbox. This account will be used to create a domain-wide quota. Other accounts in the domain can be configured to reference this account and its associated quota. All accounts associated with this account will have their disk usage aggregated under a single quota limit, which will create a domain-wide quota limit.
To create a mailbox
Enable disk quotas for the partition on which the mail store is configured.
To enable disk quotas
Create a quota to be used as the domain quota and assign it to the domain quota account.
To add new quota entries
Do one of the following:
Copy the quota file from the mail store directory of the domain account to the corresponding mail store directory of all the mailboxes in the domain.
Or, using the winpop createquotafile command and the /user: switch, associate one or more accounts in the domain with the domain account and its quota. For more information on the createquotafile command, see To create a quota file.
N/A
Notes
When a mailbox quota is exceeded, the user is not notified. E-mail intended for the user is not accepted, and a Non-Delivery Report (NDR), a notice that the e-mail was not delivered to the recipient, is returned to the sender.
Be sure that users configure their e-mail client to delete from the server any e-mail that has been successfully retrieved. If users leave successfully retrieved e-mail on the server, they can quickly exceed their quota. Users are likely to be unaware of the disk usage and impact of old e-mail stored on the server.
You cannot set quota limits on the accounts of Administrators or members of the Administrators group.
No comments:
Post a Comment