When you implement Windows Server 2003's POP3 service, you'll probably need to implement a method to ensure that users' mailboxes don't grow too large. As long as you store mail in an NTFS partition and use the Local Windows Accounts or AD authentication method, you can implement disk quotas. With Windows 2003, you must configure disk quotas on a partition-by-partition basis, which provides a good argument for assigning a separate partition for mail storage. Mailbox quotas and file-share quotas are different and can be different sizes. If you use the Encrypted Password File authentication method, you can use the command

createquotafile /user

to associate a mailbox file with a unique user account for quota purposes.

One drawback to implementing quotas is that users don't receive a warning when they reach the quota limit; messages destined for their accounts will simply bounce. The best method is to implement a written policy that informs users that email will be removed from the server after a certain amount of time. You must implement this policy on the client rather than the server.

You'll learn that a user has exceeded a quota only by using the Microsoft Management Console (MMC) POP3 Service snap-in to monitor the mailboxes, by noting the appropriate event in the log file, or by receiving a phone call from an irate user who is no longer receiving email. To reduce disk space use, you can also implement file and folder compression.

The POP3 service also lets you lock both domains and mailboxes, as I describe in the main article. However, the locking procedure doesn't block incoming messages from arriving in the mailbox or domain; locking simply prevents users from using POP3 to retrieve email. Locked mailboxes still receive mail, and users with locked mailboxes can still send mail. For these reasons, locking a mailbox won't help clear out a user's mailbox.