As people learn about the new features of Exchange Server 2013 one of the first surprises is often the reduction in server roles to just three; the Client Access server, Mailbox server, and Edge Transport server.
The question that follows is usually asking how does the mail flow work without a Hub Transport server?
Exchange Server 2013 Transport Services
The Hub Transport server role from Exchange 2007 and 2010 has been replaced with a series of services running on the remaining server roles.
The Client Access server role hosts the Front End Transport service, which acts only as a proxy for SMTP connectivity.
The Mailbox server role hosts two additional services:
- Transport service – performs email routing within the organization, and between the Front End transport service and the Mailbox Transport service
- Mailbox Transport service – passes email messages between the Transport service and the mailbox database
There are some additional scenarios for the Mailbox server's Transport services when Database Availability Groups are deployed, but for the moment we'll just consider non-DAG scenarios.
Microsoft has published this diagram that gives a good visual representation of how these components all fit together. But if you find it a little confusing simply read on for a few practical examples.
Internal Mail Flow Example
Let's take a look at an internal mail flow example for Exchange Server 2013. In this case the sender and recipient are both on the same mailbox database on the same server, MB2.exchange2013demo.com.
The message headers look like this (I've truncated the data that is not relevant to this topic):
|
1 2 3 4 5 6 7 8 9 10 11 |
Received: from MB2.exchange2013demo.com (192.168.0.188) by MB2.exchange2013demo.com (192.168.0.188) with Microsoft SMTP Server (TLS) id 15.0.466.13; Tue, 31 Jul 2012 21:52:45 +1000 Received: from MB2.exchange2013demo.com (192.168.0.188) by MB2.exchange2013demo.com (192.168.0.188) with Microsoft SMTP Server (TLS) id 15.0.466.13; Tue, 31 Jul 2012 21:52:43 +1000 Received: from MB2.exchange2013demo.com ([fe80::9ca9:e0d9:ec3a:996b]) by MB2.exchange2013demo.com ([fe80::9ca9:e0d9:ec3a:996b%12]) with mapi id 15.00.0466.010; Tue, 31 Jul 2012 21:52:42 +1000 |
Running the header through the MX Toolbox header analyzer gives us this visual representation.
What we see are three hops all on the same Mailbox server MB2.exchange2013demo.com, as the message travels through each of the services involved.
Now compare that to an email sent between two Exchange Server 2010 recipients on the same mailbox database.
|
1 2 3 4 5 6 7 8 |
Received: from HO-EX2010-MB2.exchangeserverpro.net (10.1.1.22) by HO-EX2010-MB1.exchangeserverpro.net (10.1.1.21) with Microsoft SMTP Server (TLS) id 14.2.309.2; Tue, 31 Jul 2012 22:22:07 +1000 Received: from HO-EX2010-MB1.exchangeserverpro.net ([fe80::d957:3403:56cf:a8cb]) by HO-EX2010-MB2.exchangeserverpro.net ([fe80::f148:390:568f:38dc%16]) with mapi id 14.02.0309.002; Tue, 31 Jul 2012 22:22:03 +1000 |
This time we only see two hops in the message headers.
The best way I can think to describe this difference is that instead of message submission occurring directly via RPC/MAPI between the mailbox database and a Hub Transport server in Exchange 2010, it now traverses the intermediary Mailbox Transport service adding at the very least one additional SMTP hop in the message headers.
You will also note that the example for Exchange Server 2013 demonstrated that the Client Access server's Front End Transport service was not involved for internal mail flow.
External Mail Flow Example
Now let's take a look at an external mail flow example, specifically an email from the internet to a mailbox on an Exchange Server 2013 server.
The first three hops relate belong to Google, and the two that are obscured are another SMTP service involved in this particular mail flow path but not relevant to the Exchange behaviour.
The first Exchange server is an Exchange 2010 Edge Transport, which is configured to route the email to the Exchange 2013 Client Access server CA1.exchange2013demo.com, which then routes it on to the Mailbox server MB1.exchange2013demo.com.
As you can see the Client Access server role in Exchange 2013 performs mail routing for external emails, but not internal emails. And once again we can see in the final hop MB1 -> MB1 as the message is passed between the Hub Transport service and the Mailbox Transport service on that server.
Default Receive Connector for Incoming Internet Email
Unlike Exchange 2007 and 2010 Hub Transport servers which were not configured by default to accept incoming email from the internet, when an Exchange 2013 Client Access server is installed it is pre-configured with a Receive Connector named “Default Frontend <servername>” that allows “Anonymous Users” to connect.
So where Exchange 2007/2010 were secured by default and required the administrator to either deploy Edge Transport servers, or reconfigure the Hub Transport to perform the internet-facing role, Exchange Server 2013 Client Access servers are configured by default for the internet-facing role.
Exchange Server 2013 Message Queues
One of the interesting things about the three transport services in Exchange Server 2013 is that only one of them will actually queue messages locally.
- Front End Transport service – no local queuing
- Transport service – local queuing
- Mailbox Transport service – no local queuing
To test this out I simply stopped the Hub Transport service on my Exchange 2013 server, and then used Telnet to send a test email message via the Front End Transport service.
After completing my commands in the Telnet session I received this error:
|
1 |
451 4.7.0 Temporary server error. Please try again later. PRX3 |
If another email server was sending the email message it would likely queue on that server until it was able to retry and successfully submit the message. However I would anticipate that some mail-enabled devices and applications will not handle this situation very well and it may lead to message failure if there is no high availability and load balancing deployed.
Exchange Server 2013 Edge Transport Server
The Edge Transport role was shipped in Exchange Server 2013 Service Pack 1. Ready more about installing and configuring Exchange 2013 Edge Transport here.
It is also possible to use Exchange Server 2013 with Exchange 2007/2010 Edge Transport servers.
Summary
As you can see the mail flow for Exchange Server 2013 is not that different to that in previous versions of Exchange once you shift your mindset from the server roles in previous versions to the specific services involved in Exchange Server 2013 mail flow.
Additional reading:
- Configuring Outbound Mail Flow in Exchange Server 2013
- How to Configure a Relay Connector in Exchange Server 2013
Paul is a Microsoft MVP for Office Apps and Services and a Pluralsight author. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server.
Thanks Paul for bringing up these ones & its been really informative 🙂
Really consumable
Yep. Super consumable, thanks Paul.
Great article Paul 🙂
good to know about the different queues..
How did you manage to get Exchange 2010 SP3 as its a pre-requisite to coexist with Exchange 2013…I didn’t test with edge but I guess so…?
I believe its not out from MS…?
There’s no co-existence going on there. The 2013 servers are in their own org and the Edge server is not a member of the same AD forest.
You can get a 2007/2010 Edge Transport to work with Exchange 2013 right now without 2010 SP3 existing yet.
I see..
HI Paul,
any update from your side related to the transport queues issue ? Got the same on two different system I installed. http://exchange.microsoftgroups.org/?p=809
Thanks
Thierry
I can’t read French. What issue are you referring to?
About the error message with telnet 451 4.7.0 Temporary server error. Please try again later. PRX3. I got the same problem and for now, my servers are not able to send or receive any emails.
(bypassed the error message with http://technet.microsoft.com/en-us/library/bb232021.aspx) but the messages are not delivered using TELNET
I caused that error by stopping the Hub Transport service on the Mailbox server.
I will double check this on my server. Curious that the service could be stopped by default…
http://imageshack.us/photo/my-images/254/msex201320120820140713.png/
All the required services are running. Any advice ?
Thanks
Thierry
P.S.: No answer on Microsoft’s forums.
Best way to check services on an Exchange server is to run Test-ServiceHealth.
While you’re in the shell run Test-Mailflow as well.
Hello Paul,
About error : 451 4.7.0 Temporary server error. Please try again later. PRX3
Can you try my idea : http://social.technet.microsoft.com/Forums/en-US/exchangeserverpreview/thread/48331a35-fd58-4bb7-957d-08814905149b ?
It’s work for me.
The error occurred for me because I deliberately stopped a service, so the solution in my case was simply to start the service again.
Hi Exchange Experts, I want to establish our exchange server but I have a question about exchange, and the question is….
(How can I find details about companies targeted earlier or not)
If we have 250 outlook users, and they are mailing to companies a.com, b.com and so on. you@mydomain.com target to both companies but I@mydomain.com don’t know that you@domain.com already target to both or not.
I want to know that how can I set or get details that someone targeted those companies or not ?
Dais, I don’t understand your question, and it doesn’t seem relevant to this particular article, so perhaps you can rephrase it and ask it in the forums instead https://practical365.com/forums
thanks Paul for solving my confusion regarding the other roles
Hi Paul.!
Help me.
My computer setup new system Exchange 2013 yet.
There are two system setup windows server 2012.. / 1 setup DC, AD, CAS / 1 setup Exchange 2013
EX Joined domain with AD and setup successful.! and I not add config.
. Then I created 2 user on ex user domain Local.
But I test by send 1 mail user1 to user2.
I see mail user1 can’t send to user2 and else. It Move to Tab “Drafts”. I am very Crazy with them
.
Can you .Help me !
Thank so much.!
If they’re stuck in Drafts its probably a transport service problem. Try restarting the transport services or the server.
hey,
it means CAS server is receiving mail from internet so we have to open port 25 on our firewall/router towards CAS server because it receive mail from anonymous users right ?
and mailbox server is just sending and receiving mail inside the orginization ?
just say yes or no or small explanation if require.
Regards
Yes that is correct.
Hey Paul,
I am currently having CAS and MBX servers on two different servers. I configure my Mailfilerting (ThirdParty) for incoming and outgoing. My outgoing is working fine, but while incoming getting below error :
Delivery of the test email message failed.
Additional Details
The server returned status code 550 – Mailbox unavailable. The server response was: no mailbox by that name is currently available
Exception details:
Message: Mailbox unavailable. The server response was: no mailbox by that name is currently available
Type: System.Net.Mail.SmtpFailedRecipientException
Stack trace:
at System.Net.Mail.SmtpTransport.SendMail(MailAddress sender, MailAddressCollection recipients, String deliveryNotify, Boolean allowUnicode, SmtpFailedRecipientException& exception)
at System.Net.Mail.SmtpClient.Send(MailMessage message)
at Microsoft.Exchange.Tools.ExRca.Tests.SmtpMessageTest.PerformTestReally()
“no mailbox by that name is currently available”
Seems like a clue to me.
This Is an Exchange 2013 configuration
Any Idea on the below event.
In Exchange 2010 HT internet facing server
Receive connector *** requires Transport Layer Security (TLS) before the MailFrom command can be run, but the server can’t achieve it. Check this connector’s authentication setting.
Excellent article Paul. Very clear and concise, makes it easy to undertand.
Hi Sir Paul,
Remember me?
my domain is now registered. i already configure A host, Mail exchanger and CNAME… i already received emails from yahoo, gmail and other domain but when i’m trying to send a reply or even a new message it goes to drafts and it is stuck there… and my role DNS server says x (error). where should be the problem? please help me out…
thank you sir paul.
This might be your problem:
http://thoughtsofanidlemind.com/2013/03/25/exchange-2013-dns-stuck-messages/
Hi Sir Paul,
i want to access my exchange account outside(external access) thru web.. what shoud i do? is it required to purchase a Certificate of authority or SSL certificate to access our mail.company.net? or is there any other way? and then install it on our Web server for me to be able to access it outside?
For email filtering appliances to work with Exchange 2013, do you need to configure them to accept mail from the Exchange Mailbox server or the CAS servers? I have a single Send Connector that is sending mail to a smart host. In my mind I’d think the CAS since they are proxying all incoming/outgoing mail traffic but not sure if it would bypass CAS and go straight to smart host or not. Can you clarify?
Unless you tick the box to proxy through the front end, then the Mailbox server is the role that sends the outbound mail via the Send Connector. If the servers are multi-role then it doesn’t matter either way.
Fellow Exchange 2013 admins. Let me make all of you confussed 🙂
I’ve got a problem that I cannot find anything about.
In the logfile (Hub/Protocollog/smtprecieve) I can see email come in that is send to a bunch of users in our organisation. That email WON’T be delivered to any mailbox if one or more e-mailadresses are wrong.
You’ll get a Delivery Status Notification that delivery to the following recipients failed and then you’ll see the list of all the recipients! Even the correct ones. How is this possible? If all addresses are correct then it will be delivered to all without problems. We use Exchange 2013 SP1 and we do not use 3th party anti spamm solutions. If some ones to see a piece a log, just ask.
Many thanks.
Oke weird… it’s my old Exchangeserver again with his recipient filter. Clearly that does not work well together.
I find it weird that the Exchange 2003 server still does this much when it actually does not do anything. Would this kind of problems be gone when I uninstall Exchange 2003?
I mean Ex 2007
I’m a little confused about the exact details of your situation, but I have seen this type of dropped SMTP connection when the sending server/application doesn’t handle the invalid recipient response properly and just drops the entire connection.
We have a multi role exchange 2013 server. So according to the technetium article on recipient filtering, we should not do recipient filtering. What are our options? We currently need to stop the queue from jamming up with spam from user@ourdomain to some unknown user/domain. Here is a link to a ms forum pic of the queue:
h t t p : / /social.technet.microsoft.com/Forums/exchange/en-US/d4ab4e03-700c-44bb-a6f1-faacedea1820/queue-question?forum=exchangesvrgeneral
According to which TechNet article?
http://technet.microsoft.com/en-us/library/bb125187(v=exchg.150).aspx
First note heading
Solution would be to install an Edge Transport server or a third party antispam product/server.
ok so…. MS guidance is to combine Exchange 2007/2010 Edge role with EX2013. For a new 2013 deployment you wouldn’t want to introduce a version older that the one you’re deploying. The proper placement for an Edge server would be in the DMZ filtering email before it enters the internal network.
Without the Edge role now and obviously not wanting to burden the front-end transport service dealing with junk mail, in this scenario what would you recommend placing in the DMZ to replace the Edge role?
Thanks
Rob
I don’t know if that is really their “guidance”… Exchange 2007/2010 Edge is *supported* with Exchange 2013. But the concern about mismatched versions is irrelevant since there is an Exchange 2013 Edge Transport role available in SP1 and later anyway.
Hello Guys,
I have just set up an exchange 2013 organization. I have two servers both of which run MB and CAS roles in a DAG. I have both of these server connected to another server running edge transport role. I have already synced the two servers with the edge server. I am able to send and receive emails internally, but I can send any emails outside. Could you please assist me with this? Thanks a lot.
Regards,
Pooriya
Hi Paul,
Can we have Exchange 2013 Edge Transport Servers to work with Exchange 2010 Mailbox Servers?
Thanks
We are trying to migrate a client from Exchange 2003 to 2010 and then to 2013 Exchange platform.
Please advise.
Install Exchange 2010 Edge while you’re doing the first phase of the migration. Exchange 2010 Edge can then work with Exchange 2013 (you just need to redo the subscription when the new Ex2013 servers are installed). When Exchange 2010 is fully removed you can replace the Edge with Exchange 2013 version then if you like.
I recently installed Exchange server 2013( CAS and MAS roles installed) on Hyper V Server 2012 R2 with 8 GB of RAM.
I’ve added internet connectivity on the Server and the Exchange server is running well. ( Exchange installed on DC.)
Although the mailbox’s have been created and I can send emails between two random mailbox accounts internally but can’t sent or receive emails outside of the Exchange environment.
must I purchase a Google cloud DNS to add MX and a host name DNS records on a public DNS?
or there is something I should know regarding email internet infrastructure.
Dear Paul
Exchange server 2013, installed on win 2012 with SAN certificate , send and receive connectors are configured as Microsoft said. This server has some problems with outgoing messages. At first sent messages are stuck in OWA drafts folder, but after modifying the DNS lookup in ECP all messages are disappeared from drafts folder and I can send message to internal user. My problem now is that I can not send to outside. . (the server is connected to internet )
Please advise me as always do
thanks
Perhaps something wrong with your send connector, your firewall, or perhaps the other mail servers you’re trying to send to are rejecting your connections.
I suggest checking the messages in the queue to see why they are stuck, perform some testing with telnet, and check your protocol logs on the send connector.
using exchange 2013 (owa), I can send and receive email from outside.
But there is something strange , If I send you a message you can reply to this message in one case that you must only press on reply button and do not add any thing to the message and send it as it is. because if you try to write anything in your reply then your message will not deliver to me. (Delivery to the following recipients failed.)
you can send new email to me and you can reply to my message without adding anything to the original message. this my problem
When there is a delivery failure the NDR (non-delivery report) includes a reason and some diagnostic information that almost always explains why the delivery failed. That is what you should start looking at.
Paul,
You mention in the post about devices that use SMTP to send email that they should “continue pointing to the Mailbox server’s Hub Transport service […] not the Client Access server as you might assume from its default Receive Connector configuration.”
Can you expand on this a bit? Currently we use an internal DNS entry of smtp.domain.org that we put on all of our devices that need email relay access (MFP’s, applications, etc.). Should I point this to my CAS servers or my MBX servers (they’re running on separate machines)? Should I create a new receive connector on the MBX servers to support this? I’ve disabled the “Anonymous” permission on the Default Frontend receive connector since all inbound email needs to go through a spam filter first and I do not want to have an open relay for internal users.
Thanks!
Disregard that. This was written when the Preview release of Exchange 2013 was out and that statement is incorrect.
For SMTP relay purposes refer to this article:
https://practical365.com/exchange-2013-configure-smtp-relay-connector/
Don’t change any settings on the default connectors. The default frontend connector is not a risk of being an open relay.
Thanks Paul. I found the other post shortly after this one.
Sir, Can you please help me out I have a problem I can able to send the mails from my server or clients but I can’t able to receive mails from outside and I can able to send and receive mails locally but I can’t able to receive mails from any site like example – GMAIL,YAHOO,HOTMAIL any other sites my mail server is EXCHANGE SERVER 2010 version please reply as early as possible thanks and I am not getting any error message too
Regards
Mohd Siddiqui
You need to set up an MX record and open port 25 on your firewall.
https://practical365.com/mx-record/
I have Exchange 2010 and 2013 in coexistence and it seems to be working fine. Users on both versions can send and receive emails OK.
However, every 15 minutes I can see the following error in the logs: 1040
The SMTP availability of the Receive connector Default Mailbox Delivery was low (0 percent) in the last 15 minutes.
I have had a look at the connectors on 2013 and they look normal.
PORTS
Client Frontend 587
Client Proxy 465
Default Frontend 25
Default Mailbox 2525
Outbound Proxy Frontend 717
Aside from these events, I am also seeing Unhealthy status in HubTransport and MailboxTransport, which are probably due to this error.
My guess is that this is something to do with the coexistence, but not sure.
How do I confirm what is causing this? All the errors say something is not working, but none of them actually point the finger to what is causing the alert on this system that seems to be working.
Which build/version of Ex2013?
V15.0 / Build 1076.9 (So CU8).
Thanks
Should add – Exchange 2010 is Version 14.3, Build 123.4 (which I gather is SP3).
Seeing this same error recurring every 15 minutes in the Exchange logs. Not due to diskspace or attachment size.
Hi James,
Have you ever found a solution to this problem? We are experiencing exactly the same problem, and would really like to find a solution to the problem.
MG
I have Exchange 2010 and 2013 in coexistence and it seems to be working fine. Users on both versions can send and receive emails OK.
However, every 15 minutes I can see the following error in the logs: 1040
The SMTP availability of the Receive connector Default Mailbox Delivery was low (0 percent) in the last 15 minutes
Exchange 2010 version: 14.3 (123.4)
Exchange 2013 Version: 15.0(1104.5)
Hi Paul,
do you see any issues changing the internal IP of an Exchange Server?
Thanks!
Mike
No, just make sure all DNS aliases and firewall rules etc are also updated.
I love you stuff, it always informative. Can you point me in the right direction. My problem is I have some Linux servers that send emails through my 2013 exchange and I need to be able to track them. But they aren’t in any sent email box so I cant figure out how to track them. Can a linux environment send a email that gets treated like its sent from outlook?
You can still track the message using Message Tracking in Exchange.
https://practical365.com/exchange-2010-message-tracking/
Emails sent via SMTP like I assume yours is do not get saved to the mailbox sent items. But you can do it if you send using Exchange Web Services instead, although that will require more coding and I’m not sure whether the API can be used on Linux or not.
Hello Paul,
I am running Exchange 2013 on a Windows server 2012 machine. We have a fixed IP address. Lately, all emails sent to google-hosted mail servers were bouncing back with an error message making reference to reverse-DNS lookup. I have had my ISP change the reverse-DNS address to match our outgoing record. Which solved the situation for a certain amount of time.
Since last week, a similar issue is happening with the following error message:
mx.google.com
Remote Server returned ‘550-5.7.1 [2002:1825:637a:0:e17e:5ad4:7a3a:439c] Our system has detected that 550-5.7.1 this message does not meet IPv6 sending guidelines regarding PTR 550-5.7.1 records and authentication. Please review 550-5.7.1 https://support.google.com/mail/?p=ipv6_authentication_error for more 550 5.7.1 information. c73si5414604qka.13 – gsmtp’
I read multiple MSExchange blogs and tried one of the suggested solutions which was to restart the MSExchange Transport service.
This seems to solve the problem momentarily but later in the day, other messages bounce and I have to restart the service again.
Can you tell me what is wrong and what needs to be done here?
Thank you very much.
Have you read the information at the Google link in the NDR and made sure you comply with all of their recommendations?
I have and we do. What boggles my mind is that as soon as I restart the Exchange Transport Service, our emails are going through. When they start bouncing again… I restart the service and they flow!
What does the Exchange Transport Service “reset” in our config?
Or, what is automatically resetted until I restart the service?
It reloads the config from AD but shouldn’t be changing anything. Does your network and internet connection support IPv6? Maybe after the reset it uses IPv4 for a while then later it hits a Google server that supports IPv6 and tries that. You need to have a discussion with your network team if that’s separate to your team. Or log a MS support case.
Need your help Paul 🙂
I am trying to find article on Ex2010-2013 co-existence Mail Flow.
SMTP traffic is still on Ex2010.
I need to understand how Mail flow from
1. Ex2010 mailbox to Ex2013 mailbox
2. Which Connectors are involved on both sides
3. The permissions involved in this
As it will help to troubleshoot issues like
1. No mail flow between versions
2. No mail flow from external to migrated user on 2013 (SMTP on 2010).
3. No mail flow from external to Ex2010 user (SMTP on 2013).
Please provide me some pointers.
Thanks.
Hi Pual,
I need your help i use to be able to send email by using telnet smtp but for some reason the after a week i am not able to send anymore and keep getting unable to relay error.
Here you go:
https://practical365.com/exchange-2013-configure-smtp-relay-connector/
Paul, I have an issue with inbound email on an Exchange 2013.. I did not touch any of the default receive connectors, but I created a new receive connector to allow mails only from an external spam appliance – bindings set to the four external IPs which the spam appliance sends mail. But every mail that comes in goes through the Default EXNAME connector (confirmed via MessageTracking). Do I have to disable Anynomous on the default connector? Thanks
If by “bindings” you mean the “Network adapter bindings” settings on the connector, that is supposed to be for the network adapter/IP of the Exchange server that you want to bind the connector (ie the IP it should “listen” on). Normally you don’t need to touch that at all.
Keep in mind that the frontend connector on the server is already configured in a way that is would accept email from your spam appliances that is addressed to internal recipients.
Sorry yes, bindings is set to the IP address of the server and the remote ip ranges are set to the external IPs of the spam service. Ok I understand. So the easiest way is to set the IPs of the spam service to the Default Frontend Servername Connector. I just don’t get why I don’t see the custom receive connector in the tracking logs. Neither the Default Frontend Connector.
a) I don’t recommend you make any changes to the default connectors at all.
b) if you want to know which connector is handling connections for an IP address, use protocol logging not message tracking.
we are testing ex2010 to 2013 migration.
everything seems to be ok except this
mails from 2013 to 2010 have a delay of 10 minutes, the mail stays in the ex 2013 queue for 10 minutes and every ten minutes the mail queue is cleared.
where are mails from 2010 to 2013 is reaching without any delay.
what could be wrong
Hello Paul,
When exchange online mailflow connector tries my on premisses server, and it won’t work (service being down deliberately for instance), a NDR is sent back to the sender and the message fails.
Is there a way to make it queue for retrial?
Hello all,
How would mail flow in a large org with multiple sites when AD sites & services is only set up with a hub-and-spoke for inter-site links? (assuming each site has it’s own 2013 server)
For example, if the AD sites and services were set up with inter-site links of
Site A – Site B
Site A – Site C
(Site B and Site C have direct IP connectivity but there is no inter-site link setup in AD sites & services)
Would mail from an MDB in Site B with a destination of an MDB in Site C route through Site A or would Site B deliver directly to Site C?
I’m confused about this because articles I’ve read state that 2013 calculates the route based on the cost of the IP site links. This would indicate to me that mail would route from Site B, through Site A, to reach Site C. However, looking at a message header tells me the message went right from Site B to Site C. I’m more apt to believe the message header than the article but I’m obviously misunderstanding something.
The server calculates the least cost route, but will then connect directly to the other server, unless
1) One of the sites along the least cost route has been enabled as a hub site, in which case it will send to a server in the hub site
2) Direct connection fails (e.g. server down), in which case it will attempt to queue at a site closest to the destination
There’s other factors at play such as DAGs (closest DAG member is used) and DG expansion servers as well.
there is a way exchange block conections that does not repond to specified helo reponse, much spam realyer trye to conect with helo 192.168.0.1-255 o helo masscan, or pc1 or asdsds the idea is that exchange verify the given ip addres againt helo response and if does not match it block the conections.
Hi,
when we configure “set-transportconfig -maxsendsize 20mb -maxreceivesize 20mb”
even by configuring default receive conector “maxrecievemessage to 200MB”, it is not possible to send messege over 20mb!
how can i solve that?
Hi Paul,
Need your help, I am having Exchange 2013 environment. 2 MBX and 2 CAS servers. I am having Symantec gateway for sending and receiving emails from internet.
My gateway is configured to send the emails directly to my MBX servers.
I need to change the “Default Frontend” receive connector on my CAS server because any of the user/IP in my internal network can telnet to my CAS VIP or name over port 25 and send emails through SMTP commands. I want to stop this behavior and allow only selected IPs to send emails.
I also created relay connectors on MBX servers and added application server IPs and it is working fine but need to stop all others from doing so.
So can I remove anonymous users and 0.0.0.0-255.255.255.255 / ::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff from “Default Frontend” and only allow my Symantec gateway IP address?
Regards, Kapil K
Thanks Paul!
I know this guide does not mention DAG, but this is my scenario:
I have a lab at home with 2 servers in a dag.
There is one database on each server.
User1@domain1,com is hosted on DB01, which is on Server01
User2@domain2.com is hosted on DB02, which is on Server02
I also have two send connector
Send connector 1, send mail using smarthost, only has server01 on the list
Send connector 2, send mail using MX record only has server02 on the list.
In theory, this should mean that user1@domain.com should always send mail using smart host and user2@domain2.com should send using mx record (mx record points to firewall at home lab).
This seems to work once in a while, sometime user2@domain2.com sends email using the smart host.
Seems like DAG is doing something with the mailflow?
I also tried to check for use “proxy throught client access server”, which did not help for send connector 2.
Anything I’m missing here?
thanks!
Since in Exchange 2013/2016 also internal mail (from one mailbox to another mailbox) on the same server is delivered via SMTP – is it possible (and supported) to put a spam/malware filter in front of the “SMTP Receive” of Mailbox Transport Service (port 475) or in front of the “SMTP Receive” of Transport Service (ports 2525 and 465)?
I found no wa to change port 475, is the port number hardcoded?
This would enable spam/malware filtering also on internal mails.
Changing the ports will break your mail flow.
No it is not supported to place other servers or devices in the mail flow between two Exchange servers. If you want internal mail scanned you will need to install an Exchange-integrated antispam solution that can do that job the way you’re expecting.
Hi Paul,
I’m watching your 70-345 course on Pluralsight, but I have one doubt regarding Exchange Hub Site. As Microsoft explain in their KBs (https://technet.microsoft.com/en-us/library/jj916681(v=exchg.150)) the Hub Site it is only used when the hub site has the least cost in the route path between the sites, if the hub site does not have the least cost, Exchange will deliver the messages directly to the destination site. However I’m little confused with the cases below:
Case 1:
https://imgur.com/a/Jya9O
Question 1: In this case, if site 1 needs to deliver the messages to the site 4, site 1 will use site 2 even though both routes (Site1->Site2->Site4 or Site1->Site3-Site4) have the same cost in the end?
Question 2: If site 3 has to deliver the messages to site 2, it will send directly to the site 2 due to the nearest costs are not the least costs?
Case 2:
https://imgur.com/a/jHVdU
Question 1: In this case, if site 4 has to deliver the messages to the site 2, it will send directly to the site 2 because site 1 which is the hub site does not have the least cost? Or will use site 3 instead?
Thank you Paul