XGEN: Programmatic Modification of SMTP Virtual Server Access and Relay Control (810913)

SUMMARY

Microsoft Exchange 2000 provides connection and relay control for its Simple Mail Transfer Protocol (SMTP) virtual servers. An administrator can use these controls to limit the computers that can connect to a virtual server or that can relay e-mail to outside the Exchange 2000 organization. You can view these controls by using Exchange System Manager.

An Exchange 2000 post-Service Pack 3 (SP3) hotfix introduces a programmatic interface to the SMTP Virtual Server Connection Control settings and the Relay Control settings. The Exchange IP Security Component Object Model (COM) interface (ExIPSec) provides an additional way to access these control settings.

ExIPSec allows an administrator to programmatically view and modify the connection settings and relay control settings on an Exchange 2000 server. In certain circumstances, an administrator can modify these settings in bulk on servers throughout the organization to lower the total cost of ownership of Exchange 2000.

The following file is available for download from the Microsoft Download Center:

Download the 810913 package now. Release Date: December 12, 2002

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to Obtain Microsoft Support Files from Online Services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

Cumulative Patch Information

For additional information about a cumulative patch that contains this hotfix, click the following article number to view the article in the Microsoft Knowledge Base:

813840 XGEN: March 2003 Exchange 2000 Server Post-Service Pack 3 Rollup

MORE INFORMATION

Usage

The computer that is running ExIPSec.dll must be a member of a domain that has Exchange 2000 installed. ExIPSec.dll has been tested on Microsoft Windows NT Server 4.0, Microsoft Windows 2000 Server, and Microsoft Windows XP Professional.

Any language that can create COM clients, such as Visual C++, Visual Basic, Microsoft C#, or Delphi , can use ExIPSec. For languages that require a COM reference, the programmer must add a reference to "ExIPSec 1.0 Type Library". A simple script (Ipsec.vbs) is provided to demonstrate the usage of the COM object. The script can add or delete an entry from either the Allow list or the Deny list, and also clear or display those lists.
The following list describes the typical usage of this interface:

Bind to the SMTP Virtual Server Instance. When you bind to the SMTP Virtual Server you must specify the Exchange 2000 server name, the Virtual Server Instance, and a domain controller to connect to through Lightweight Directory Access Protocol (LDAP). If you do not specify an Exchange 2000 server, the local server (that is, the server that the program is running on) is the default server. The Virtual Server Instance is a number; for example, "1" for the default virtual server. The domain controller is the server which has the Active Directory information that must be accessed to read or write settings. The DS2MB process of Exchange System Attendant later reads the Active Directory information and writes it to the Microsoft Internet Information Service (IIS) metabase to actually implement the settings.

VBScript:
```
Dim objDsIpSec
Set objDsIpSec = CreateObject("ExIpSec.ExIpSecurity")
objDsIpSec.BindToSmtpVsi "MyServer", "1", "MyDomainController
```
C# (assuming default names for referenced COM class):
```
EXIPSECLib.ExIpSecurityClass sec = new EXIPSECLib.ExIpSecurityClass();
sec.BindToSmtpVsi("My ExchangeServer", 1, "MyDomainController");
```
Access the attribute set to view or modify. To access the attribute set:
1. Get either the access list or the relay list.
2. Change the GrantByDefault property, if appropriate.
3. Then access the appropriate list.
The combination of the list that you get (GetIPSecurityList or GetRelayList) and the GrantByDefault property indicates which list is applicable. If GrantByDefault is true and the programmer calls GetIPSecurityList, the valid lists that the programmer can work with are IpDeny and DomainDeny. The lists are arrays of variants (or objects if you are using the Microsoft .NET Framework). Those objects are strings of IP addresses, subnet addresses, or domain names.

VBScript:
```
objDsIpSec.GetIpSecurityList
objDsIpSec.GrantByDefault=false
redim Preserve objDsIpSec.IpGrant(UBound(objDsIpSec.IpGrant)+1)
listGrant(UBound(objDsIpSec.IpGrant)) = "1.2.3.4"
```
C#:
```
System.Collections.ArrayList list = new System.Collections.ArrayList((object[])sec.IPDeny);
list.Add("1.2.3.4");
sec.IPGrant = list.ToArray();
```
Write any modifications. The changes that have been made up to this point only exist in memory. This step writes the new settings to the domain controller's Active Directory.

VBScript:
```
objDsIpSec.WriteList
```
C#:
```
sec.WriteList();
```
Unbind from the Virtual Server Instance. This step is necessary clean up.

VBScript:
```
objDsIpSec.ReleaseBinding
```
C#:
```
sec.ReleaseBinding();
```

See ExIPSec.vbs for more sample code that includes error handling.

The English version of this feature has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Component: EMO

File name	Version	Date	Time	Size (bytes)
ExIPSec.dll	6.0.6374.0	27-Nov-2002	18:41	49,152
Ipsec.vbs	N/A	27-Nov-2002	17:23	15,725