As people learn about the new features of Exchange Server 2013 one of the first surprises is often the reduction in server roles to just three; the Client Access server, Mailbox server, and Edge Transport server.

The question that follows is usually asking how does the mail flow work without a Hub Transport server?

Exchange Server 2013 Transport Services

The Hub Transport server role from Exchange 2007 and 2010 has been replaced with a series of services running on the remaining server roles.

The Client Access server role hosts the Front End Transport service, which acts only as a proxy for SMTP connectivity.

The Mailbox server role hosts two additional services:

  • Transport service – performs email routing within the organization, and between the Front End transport service and the Mailbox Transport service
  • Mailbox Transport service – passes email messages between the Transport service and the mailbox database

There are some additional scenarios for the Mailbox server’s Transport services when Database Availability Groups are deployed, but for the moment we’ll just consider non-DAG scenarios.

Microsoft has published this diagram that gives a good visual representation of how these components all fit together. But if you find it a little confusing simply read on for a few practical examples.

exchange-2013-transport-architecture

Internal Mail Flow Example

Let’s take a look at an internal mail flow example for Exchange Server 2013. In this case the sender and recipient are both on the same mailbox database on the same server, MB2.exchange2013demo.com.

The message headers look like this (I’ve truncated the data that is not relevant to this topic):

Received: from MB2.exchange2013demo.com (192.168.0.188) by
 MB2.exchange2013demo.com (192.168.0.188) with Microsoft SMTP Server (TLS) id
 15.0.466.13; Tue, 31 Jul 2012 21:52:45 +1000

Received: from MB2.exchange2013demo.com (192.168.0.188) by
 MB2.exchange2013demo.com (192.168.0.188) with Microsoft SMTP Server (TLS) id
 15.0.466.13; Tue, 31 Jul 2012 21:52:43 +1000

Received: from MB2.exchange2013demo.com ([fe80::9ca9:e0d9:ec3a:996b]) by
 MB2.exchange2013demo.com ([fe80::9ca9:e0d9:ec3a:996b%12]) with mapi id
 15.00.0466.010; Tue, 31 Jul 2012 21:52:42 +1000

Running the header through the MX Toolbox header analyzer gives us this visual representation.

Exchange Server 2013 Mail Flow and Transport Services
Exchange Server 2013 Internal Mail Flow Example

What we see are three hops all on the same Mailbox server MB2.exchange2013demo.com, as the message travels through each of the services involved.

Exchange Server 2013 Mail Flow and Transport Services
Exchange 2013 Internal Mail Flow Hops

Now compare that to an email sent between two Exchange Server 2010 recipients on the same mailbox database.

Received: from HO-EX2010-MB2.exchangeserverpro.net (10.1.1.22) by
 HO-EX2010-MB1.exchangeserverpro.net (10.1.1.21) with Microsoft SMTP Server
 (TLS) id 14.2.309.2; Tue, 31 Jul 2012 22:22:07 +1000

Received: from HO-EX2010-MB1.exchangeserverpro.net
 ([fe80::d957:3403:56cf:a8cb]) by HO-EX2010-MB2.exchangeserverpro.net
 ([fe80::f148:390:568f:38dc%16]) with mapi id 14.02.0309.002; Tue, 31 Jul 2012
 22:22:03 +1000
Exchange Server 2013 Mail Flow and Transport Services
Exchange Server 2010 Internal Mail Flow Example

This time we only see two hops in the message headers.

Exchange Server 2013 Mail Flow and Transport Services
Exchange Server 2010 Internal Mail Flow Hops

The best way I can think to describe this difference is that instead of message submission occurring directly via RPC/MAPI between the mailbox database and a Hub Transport server in Exchange 2010, it now traverses the intermediary Mailbox Transport service adding at the very least one additional SMTP hop in the message headers.

You will also note that the example for Exchange Server 2013 demonstrated that the Client Access server’s Front End Transport service was not involved for internal mail flow.

External Mail Flow Example

Now let’s take a look at an external mail flow example, specifically an email from the internet to a mailbox on an Exchange Server 2013 server.

Exchange Server 2013 Mail Flow and Transport Services
Exchange Server 2013 External Mail Flow Example

The first three hops relate belong to Google, and the two that are obscured are another SMTP service involved in this particular mail flow path but not relevant to the Exchange behaviour.

The first Exchange server is an Exchange 2010 Edge Transport, which is configured to route the email to the Exchange 2013 Client Access server CA1.exchange2013demo.com, which then routes it on to the Mailbox server MB1.exchange2013demo.com.

Exchange Server 2013 Mail Flow and Transport Services
Exchange Server 2013 External Mail Flow Hops

As you can see the Client Access server role in Exchange 2013 performs mail routing for external emails, but not internal emails. And once again we can see in the final hop MB1 -> MB1 as the message is passed between the Hub Transport service and the Mailbox Transport service on that server.

Default Receive Connector for Incoming Internet Email

Unlike Exchange 2007 and 2010 Hub Transport servers which were not configured by default to accept incoming email from the internet, when an Exchange 2013 Client Access server is installed it is pre-configured with a Receive Connector named “Default Frontend <servername>” that allows “Anonymous Users” to connect.

Exchange Server 2013 Mail Flow and Transport Services
Exchange Server 2013 Frontend Receive Connector

So where Exchange 2007/2010 were secured by default and required the administrator to either deploy Edge Transport servers, or reconfigure the Hub Transport to perform the internet-facing role, Exchange Server 2013 Client Access servers are configured by default for the internet-facing role.

Exchange Server 2013 Message Queues

One of the interesting things about the three transport services in Exchange Server 2013 is that only one of them will actually queue messages locally.

  • Front End Transport service – no local queuing
  • Transport service – local queuing
  • Mailbox Transport service – no local queuing

To test this out I simply stopped the Hub Transport service on my Exchange 2013 server, and then used Telnet to send a test email message via the Front End Transport service.

After completing my commands in the Telnet session I received this error:

451 4.7.0 Temporary server error. Please try again later. PRX3

If another email server was sending the email message it would likely queue on that server until it was able to retry and successfully submit the message. However I would anticipate that some mail-enabled devices and applications will not handle this situation very well and it may lead to message failure if there is no high availability and load balancing deployed.

Exchange Server 2013 Edge Transport Server

The Edge Transport role was shipped in Exchange Server 2013 Service Pack 1. Ready more about installing and configuring Exchange 2013 Edge Transport here.

It is also possible to use Exchange Server 2013 with Exchange 2007/2010 Edge Transport servers.

Summary

As you can see the mail flow for Exchange Server 2013 is not that different to that in previous versions of Exchange once you shift your mindset from the server roles in previous versions to the specific services involved in Exchange Server 2013 mail flow.

Additional reading:

About the Author

Paul Cunningham

Paul is a former Microsoft MVP for Office Apps and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul no longer writes for Practical365.com.

Comments

  1. Altamus Aslam

    Hi Paul,

    Currently i have prepared new server 2012 with exchange 2013 and in my company already server 2008 is deployed with exchange 2007.

    I am using same AD DS in server 2012 which was configured in 2008.

    Not able to send mail to external domain while receiving mails from outside working as well as internal mails is also working fine.
    Mails are stuck in queue and error is generating: “error encountered while communicating with primary target ip address “Failed to connect winsock error code 10061, Win32 error code 10061″ Attempted failover to alternate host but did not succeed”

    Mails in server 2008 is working fine both internal as well as external receiving/sending.
    Please help me.

    Regards,
    Altamus Aslam

  2. Luis

    Hi Paul,

    I’m watching your 70-345 course on Pluralsight, but I have one doubt regarding Exchange Hub Site. As Microsoft explain in their KBs (https://technet.microsoft.com/en-us/library/jj916681(v=exchg.150)) the Hub Site it is only used when the hub site has the least cost in the route path between the sites, if the hub site does not have the least cost, Exchange will deliver the messages directly to the destination site. However I’m little confused with the cases below:

    Case 1:

    https://imgur.com/a/Jya9O

    Question 1: In this case, if site 1 needs to deliver the messages to the site 4, site 1 will use site 2 even though both routes (Site1->Site2->Site4 or Site1->Site3-Site4) have the same cost in the end?

    Question 2: If site 3 has to deliver the messages to site 2, it will send directly to the site 2 due to the nearest costs are not the least costs?

    Case 2:

    https://imgur.com/a/jHVdU

    Question 1: In this case, if site 4 has to deliver the messages to the site 2, it will send directly to the site 2 because site 1 which is the hub site does not have the least cost? Or will use site 3 instead?

    Thank you Paul

  3. Richard P.

    Since in Exchange 2013/2016 also internal mail (from one mailbox to another mailbox) on the same server is delivered via SMTP – is it possible (and supported) to put a spam/malware filter in front of the “SMTP Receive” of Mailbox Transport Service (port 475) or in front of the “SMTP Receive” of Transport Service (ports 2525 and 465)?
    I found no wa to change port 475, is the port number hardcoded?

    This would enable spam/malware filtering also on internal mails.

    1. Avatar photo
      Paul Cunningham

      Changing the ports will break your mail flow.

      No it is not supported to place other servers or devices in the mail flow between two Exchange servers. If you want internal mail scanned you will need to install an Exchange-integrated antispam solution that can do that job the way you’re expecting.

  4. 0ff2w0rk

    Thanks Paul!
    I know this guide does not mention DAG, but this is my scenario:

    I have a lab at home with 2 servers in a dag.
    There is one database on each server. 
    User1@domain1,com is hosted on DB01, which is on Server01
    User2@domain2.com is hosted on DB02, which is on Server02
    I also have two send connector
    Send connector 1, send mail using smarthost, only has server01 on the list
    Send connector 2, send mail using MX record only has server02 on the list.
    In theory, this should mean that user1@domain.com should always send mail using smart host and user2@domain2.com should send using mx record (mx record points to firewall at home lab).
    This seems to work once in a while, sometime user2@domain2.com sends email using the smart host.
    Seems like DAG is doing something with the mailflow?
    I also tried to check for use “proxy throught client access server”, which did not help for send connector 2.
    Anything I’m missing here?

    thanks!

  5. Kapil K

    Hi Paul,

    Need your help, I am having Exchange 2013 environment. 2 MBX and 2 CAS servers. I am having Symantec gateway for sending and receiving emails from internet.
    My gateway is configured to send the emails directly to my MBX servers.
    I need to change the “Default Frontend” receive connector on my CAS server because any of the user/IP in my internal network can telnet to my CAS VIP or name over port 25 and send emails through SMTP commands. I want to stop this behavior and allow only selected IPs to send emails.
    I also created relay connectors on MBX servers and added application server IPs and it is working fine but need to stop all others from doing so.

    So can I remove anonymous users and 0.0.0.0-255.255.255.255 / ::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff from “Default Frontend” and only allow my Symantec gateway IP address?

    Regards, Kapil K

  6. saeed

    Hi,

    when we configure “set-transportconfig -maxsendsize 20mb -maxreceivesize 20mb”
    even by configuring default receive conector “maxrecievemessage to 200MB”, it is not possible to send messege over 20mb!

    how can i solve that?

  7. yoel

    there is a way exchange block conections that does not repond to specified helo reponse, much spam realyer trye to conect with helo 192.168.0.1-255 o helo masscan, or pc1 or asdsds the idea is that exchange verify the given ip addres againt helo response and if does not match it block the conections.

  8. Timm

    Hello all,
    How would mail flow in a large org with multiple sites when AD sites & services is only set up with a hub-and-spoke for inter-site links? (assuming each site has it’s own 2013 server)
    For example, if the AD sites and services were set up with inter-site links of
    Site A – Site B
    Site A – Site C
    (Site B and Site C have direct IP connectivity but there is no inter-site link setup in AD sites & services)
    Would mail from an MDB in Site B with a destination of an MDB in Site C route through Site A or would Site B deliver directly to Site C?
    I’m confused about this because articles I’ve read state that 2013 calculates the route based on the cost of the IP site links. This would indicate to me that mail would route from Site B, through Site A, to reach Site C. However, looking at a message header tells me the message went right from Site B to Site C. I’m more apt to believe the message header than the article but I’m obviously misunderstanding something.

    1. Avatar photo
      Paul Cunningham

      The server calculates the least cost route, but will then connect directly to the other server, unless

      1) One of the sites along the least cost route has been enabled as a hub site, in which case it will send to a server in the hub site
      2) Direct connection fails (e.g. server down), in which case it will attempt to queue at a site closest to the destination

      There’s other factors at play such as DAGs (closest DAG member is used) and DG expansion servers as well.

  9. Tiago Geada

    Hello Paul,

    When exchange online mailflow connector tries my on premisses server, and it won’t work (service being down deliberately for instance), a NDR is sent back to the sender and the message fails.

    Is there a way to make it queue for retrial?

  10. Tony

    we are testing ex2010 to 2013 migration.
    everything seems to be ok except this
    mails from 2013 to 2010 have a delay of 10 minutes, the mail stays in the ex 2013 queue for 10 minutes and every ten minutes the mail queue is cleared.
    where are mails from 2010 to 2013 is reaching without any delay.
    what could be wrong

  11. Mike

    Paul, I have an issue with inbound email on an Exchange 2013.. I did not touch any of the default receive connectors, but I created a new receive connector to allow mails only from an external spam appliance – bindings set to the four external IPs which the spam appliance sends mail. But every mail that comes in goes through the Default EXNAME connector (confirmed via MessageTracking). Do I have to disable Anynomous on the default connector? Thanks

    1. Avatar photo
      Paul Cunningham

      If by “bindings” you mean the “Network adapter bindings” settings on the connector, that is supposed to be for the network adapter/IP of the Exchange server that you want to bind the connector (ie the IP it should “listen” on). Normally you don’t need to touch that at all.

      Keep in mind that the frontend connector on the server is already configured in a way that is would accept email from your spam appliances that is addressed to internal recipients.

      1. Mike

        Sorry yes, bindings is set to the IP address of the server and the remote ip ranges are set to the external IPs of the spam service. Ok I understand. So the easiest way is to set the IPs of the spam service to the Default Frontend Servername Connector. I just don’t get why I don’t see the custom receive connector in the tracking logs. Neither the Default Frontend Connector.

        1. Avatar photo
          Paul Cunningham

          a) I don’t recommend you make any changes to the default connectors at all.

          b) if you want to know which connector is handling connections for an IP address, use protocol logging not message tracking.

  12. Jimson

    Hi Pual,
    I need your help i use to be able to send email by using telnet smtp but for some reason the after a week i am not able to send anymore and keep getting unable to relay error.

  13. Vaseem Mohammed

    Need your help Paul 🙂

    I am trying to find article on Ex2010-2013 co-existence Mail Flow.
    SMTP traffic is still on Ex2010.
    I need to understand how Mail flow from
    1. Ex2010 mailbox to Ex2013 mailbox
    2. Which Connectors are involved on both sides
    3. The permissions involved in this

    As it will help to troubleshoot issues like
    1. No mail flow between versions
    2. No mail flow from external to migrated user on 2013 (SMTP on 2010).
    3. No mail flow from external to Ex2010 user (SMTP on 2013).

    Please provide me some pointers.

    Thanks.

  14. Eric

    Hello Paul,

    I am running Exchange 2013 on a Windows server 2012 machine. We have a fixed IP address. Lately, all emails sent to google-hosted mail servers were bouncing back with an error message making reference to reverse-DNS lookup. I have had my ISP change the reverse-DNS address to match our outgoing record. Which solved the situation for a certain amount of time.

    Since last week, a similar issue is happening with the following error message:
    mx.google.com
    Remote Server returned ‘550-5.7.1 [2002:1825:637a:0:e17e:5ad4:7a3a:439c] Our system has detected that 550-5.7.1 this message does not meet IPv6 sending guidelines regarding PTR 550-5.7.1 records and authentication. Please review 550-5.7.1 https://support.google.com/mail/?p=ipv6_authentication_error for more 550 5.7.1 information. c73si5414604qka.13 – gsmtp’

    I read multiple MSExchange blogs and tried one of the suggested solutions which was to restart the MSExchange Transport service.
    This seems to solve the problem momentarily but later in the day, other messages bounce and I have to restart the service again.

    Can you tell me what is wrong and what needs to be done here?

    Thank you very much.

    1. Avatar photo
      Paul Cunningham

      Have you read the information at the Google link in the NDR and made sure you comply with all of their recommendations?

      1. Eric

        I have and we do. What boggles my mind is that as soon as I restart the Exchange Transport Service, our emails are going through. When they start bouncing again… I restart the service and they flow!
        What does the Exchange Transport Service “reset” in our config?
        Or, what is automatically resetted until I restart the service?

        1. Avatar photo
          Paul Cunningham

          It reloads the config from AD but shouldn’t be changing anything. Does your network and internet connection support IPv6? Maybe after the reset it uses IPv4 for a while then later it hits a Google server that supports IPv6 and tries that. You need to have a discussion with your network team if that’s separate to your team. Or log a MS support case.

  15. Brian

    I love you stuff, it always informative. Can you point me in the right direction. My problem is I have some Linux servers that send emails through my 2013 exchange and I need to be able to track them. But they aren’t in any sent email box so I cant figure out how to track them. Can a linux environment send a email that gets treated like its sent from outlook?

    1. Avatar photo
      Paul Cunningham

      You can still track the message using Message Tracking in Exchange.

      https://www.practical365.com/exchange-2010-message-tracking/

      Emails sent via SMTP like I assume yours is do not get saved to the mailbox sent items. But you can do it if you send using Exchange Web Services instead, although that will require more coding and I’m not sure whether the API can be used on Linux or not.

  16. Mik

    Hi Paul,
    do you see any issues changing the internal IP of an Exchange Server?
    Thanks!

    Mike

    1. Avatar photo
      Paul Cunningham

      No, just make sure all DNS aliases and firewall rules etc are also updated.

  17. MG

    Hi James,

    Have you ever found a solution to this problem? We are experiencing exactly the same problem, and would really like to find a solution to the problem.

    MG

    1. PK

      I have Exchange 2010 and 2013 in coexistence and it seems to be working fine. Users on both versions can send and receive emails OK.

      However, every 15 minutes I can see the following error in the logs: 1040

      The SMTP availability of the Receive connector Default Mailbox Delivery was low (0 percent) in the last 15 minutes

      Exchange 2010 version: 14.3 (123.4)
      Exchange 2013 Version: 15.0(1104.5)

  18. James Slack

    I have Exchange 2010 and 2013 in coexistence and it seems to be working fine. Users on both versions can send and receive emails OK.

    However, every 15 minutes I can see the following error in the logs: 1040

    The SMTP availability of the Receive connector Default Mailbox Delivery was low (0 percent) in the last 15 minutes.

    I have had a look at the connectors on 2013 and they look normal.

    PORTS
    Client Frontend 587
    Client Proxy 465
    Default Frontend 25
    Default Mailbox 2525
    Outbound Proxy Frontend 717

    Aside from these events, I am also seeing Unhealthy status in HubTransport and MailboxTransport, which are probably due to this error.

    My guess is that this is something to do with the coexistence, but not sure.

    How do I confirm what is causing this? All the errors say something is not working, but none of them actually point the finger to what is causing the alert on this system that seems to be working.

      1. James Slack

        V15.0 / Build 1076.9 (So CU8).

        Thanks

        1. James Slack

          Should add – Exchange 2010 is Version 14.3, Build 123.4 (which I gather is SP3).

    1. MS

      Seeing this same error recurring every 15 minutes in the Exchange logs. Not due to diskspace or attachment size.

  19. Mohd Siddiqui

    Sir, Can you please help me out I have a problem I can able to send the mails from my server or clients but I can’t able to receive mails from outside and I can able to send and receive mails locally but I can’t able to receive mails from any site like example – GMAIL,YAHOO,HOTMAIL any other sites my mail server is EXCHANGE SERVER 2010 version please reply as early as possible thanks and I am not getting any error message too

    Regards

    Mohd Siddiqui

  20. CR

    Paul,

    You mention in the post about devices that use SMTP to send email that they should “continue pointing to the Mailbox server’s Hub Transport service […] not the Client Access server as you might assume from its default Receive Connector configuration.”

    Can you expand on this a bit? Currently we use an internal DNS entry of smtp.domain.org that we put on all of our devices that need email relay access (MFP’s, applications, etc.). Should I point this to my CAS servers or my MBX servers (they’re running on separate machines)? Should I create a new receive connector on the MBX servers to support this? I’ve disabled the “Anonymous” permission on the Default Frontend receive connector since all inbound email needs to go through a spam filter first and I do not want to have an open relay for internal users.

    Thanks!

      1. CR

        Thanks Paul. I found the other post shortly after this one.

  21. wagdi

    I tried to replay from hotmail , and the NDR report does not contain any details.

    (this is an automatically generated Delivery Status Notification.
    Delivery to the following recipients failed.
    sam@abc.net)
    above is a complete NDR.

    why you can send me a new email but you cannot reply to my message if you add any word to the original message ?

    best regards

  22. wagdi

    using exchange 2013 (owa), I can send and receive email from outside.
    But there is something strange , If I send you a message you can reply to this message in one case that you must only press on reply button and do not add any thing to the message and send it as it is. because if you try to write anything in your reply then your message will not deliver to me. (Delivery to the following recipients failed.)
    you can send new email to me and you can reply to my message without adding anything to the original message. this my problem

    1. Avatar photo
      Paul Cunningham

      When there is a delivery failure the NDR (non-delivery report) includes a reason and some diagnostic information that almost always explains why the delivery failed. That is what you should start looking at.

  23. wagdi

    Dear Paul
    Exchange server 2013, installed on win 2012 with SAN certificate , send and receive connectors are configured as Microsoft said. This server has some problems with outgoing messages. At first sent messages are stuck in OWA drafts folder, but after modifying the DNS lookup in ECP all messages are disappeared from drafts folder and I can send message to internal user. My problem now is that I can not send to outside. . (the server is connected to internet )

    Please advise me as always do
    thanks

    1. Avatar photo
      Paul Cunningham

      Perhaps something wrong with your send connector, your firewall, or perhaps the other mail servers you’re trying to send to are rejecting your connections.

      I suggest checking the messages in the queue to see why they are stuck, perform some testing with telnet, and check your protocol logs on the send connector.

  24. Adel Maher

    i’m using Exchange 2013 but i have problem with it, every day my outlook not received any thing at mooring, i have to push the all mails manually.

    why is that ?

    Remark: before i have Exchange 2010 and upgrade it to Exchange 2013

  25. Edwin

    I recently installed Exchange server 2013( CAS and MAS roles installed) on Hyper V Server 2012 R2 with 8 GB of RAM.

    I’ve added internet connectivity on the Server and the Exchange server is running well. ( Exchange installed on DC.)

    Although the mailbox’s have been created and I can send emails between two random mailbox accounts internally but can’t sent or receive emails outside of the Exchange environment.

    must I purchase a Google cloud DNS to add MX and a host name DNS records on a public DNS?

    or there is something I should know regarding email internet infrastructure.

  26. Ravi Thacker

    Hi Paul,

    Can we have Exchange 2013 Edge Transport Servers to work with Exchange 2010 Mailbox Servers?

    Thanks
    We are trying to migrate a client from Exchange 2003 to 2010 and then to 2013 Exchange platform.

    Please advise.

    1. Avatar photo
      Paul Cunningham

      Install Exchange 2010 Edge while you’re doing the first phase of the migration. Exchange 2010 Edge can then work with Exchange 2013 (you just need to redo the subscription when the new Ex2013 servers are installed). When Exchange 2010 is fully removed you can replace the Edge with Exchange 2013 version then if you like.

  27. Pooriya

    Hello Guys,

    I have just set up an exchange 2013 organization. I have two servers both of which run MB and CAS roles in a DAG. I have both of these server connected to another server running edge transport role. I have already synced the two servers with the edge server. I am able to send and receive emails internally, but I can send any emails outside. Could you please assist me with this? Thanks a lot.

    Regards,
    Pooriya

  28. Rob Shinwell

    ok so…. MS guidance is to combine Exchange 2007/2010 Edge role with EX2013. For a new 2013 deployment you wouldn’t want to introduce a version older that the one you’re deploying. The proper placement for an Edge server would be in the DMZ filtering email before it enters the internal network.

    Without the Edge role now and obviously not wanting to burden the front-end transport service dealing with junk mail, in this scenario what would you recommend placing in the DMZ to replace the Edge role?

    Thanks
    Rob

    1. Avatar photo
      Paul Cunningham

      I don’t know if that is really their “guidance”… Exchange 2007/2010 Edge is *supported* with Exchange 2013. But the concern about mismatched versions is irrelevant since there is an Exchange 2013 Edge Transport role available in SP1 and later anyway.

  29. Chris A

    We have a multi role exchange 2013 server. So according to the technetium article on recipient filtering, we should not do recipient filtering. What are our options? We currently need to stop the queue from jamming up with spam from user@ourdomain to some unknown user/domain. Here is a link to a ms forum pic of the queue:

    h t t p : / /social.technet.microsoft.com/Forums/exchange/en-US/d4ab4e03-700c-44bb-a6f1-faacedea1820/queue-question?forum=exchangesvrgeneral

        1. Avatar photo
          Paul Cunningham

          Solution would be to install an Edge Transport server or a third party antispam product/server.

  30. J-W

    Fellow Exchange 2013 admins. Let me make all of you confussed 🙂
    I’ve got a problem that I cannot find anything about.
    In the logfile (Hub/Protocollog/smtprecieve) I can see email come in that is send to a bunch of users in our organisation. That email WON’T be delivered to any mailbox if one or more e-mailadresses are wrong.
    You’ll get a Delivery Status Notification that delivery to the following recipients failed and then you’ll see the list of all the recipients! Even the correct ones. How is this possible? If all addresses are correct then it will be delivered to all without problems. We use Exchange 2013 SP1 and we do not use 3th party anti spamm solutions. If some ones to see a piece a log, just ask.
    Many thanks.

    1. J-W

      Oke weird… it’s my old Exchangeserver again with his recipient filter. Clearly that does not work well together.
      I find it weird that the Exchange 2003 server still does this much when it actually does not do anything. Would this kind of problems be gone when I uninstall Exchange 2003?

      1. J-W

        I mean Ex 2007

    2. Avatar photo
      Paul Cunningham

      I’m a little confused about the exact details of your situation, but I have seen this type of dropped SMTP connection when the sending server/application doesn’t handle the invalid recipient response properly and just drops the entire connection.

  31. Steve

    For email filtering appliances to work with Exchange 2013, do you need to configure them to accept mail from the Exchange Mailbox server or the CAS servers? I have a single Send Connector that is sending mail to a smart host. In my mind I’d think the CAS since they are proxying all incoming/outgoing mail traffic but not sure if it would bypass CAS and go straight to smart host or not. Can you clarify?

    1. Avatar photo
      Paul Cunningham

      Unless you tick the box to proxy through the front end, then the Mailbox server is the role that sends the outbound mail via the Send Connector. If the servers are multi-role then it doesn’t matter either way.

  32. Jack Cristi

    Hi Sir Paul,

    Remember me?
    my domain is now registered. i already configure A host, Mail exchanger and CNAME… i already received emails from yahoo, gmail and other domain but when i’m trying to send a reply or even a new message it goes to drafts and it is stuck there… and my role DNS server says x (error). where should be the problem? please help me out…

    thank you sir paul.

      1. Jack Cristi

        Hi Sir Paul,

        i want to access my exchange account outside(external access) thru web.. what shoud i do? is it required to purchase a Certificate of authority or SSL certificate to access our mail.company.net? or is there any other way? and then install it on our Web server for me to be able to access it outside?

  33. Rob

    Excellent article Paul. Very clear and concise, makes it easy to undertand.

  34. sunil

    Any Idea on the below event.

    In Exchange 2010 HT internet facing server

    Receive connector *** requires Transport Layer Security (TLS) before the MailFrom command can be run, but the server can’t achieve it. Check this connector’s authentication setting.

  35. Vishal Kayangude

    This Is an Exchange 2013 configuration

  36. Vishal Kayangude

    Hey Paul,

    I am currently having CAS and MBX servers on two different servers. I configure my Mailfilerting (ThirdParty) for incoming and outgoing. My outgoing is working fine, but while incoming getting below error :

    Delivery of the test email message failed.

    Additional Details
    The server returned status code 550 – Mailbox unavailable. The server response was: no mailbox by that name is currently available
    Exception details:
    Message: Mailbox unavailable. The server response was: no mailbox by that name is currently available
    Type: System.Net.Mail.SmtpFailedRecipientException
    Stack trace:
    at System.Net.Mail.SmtpTransport.SendMail(MailAddress sender, MailAddressCollection recipients, String deliveryNotify, Boolean allowUnicode, SmtpFailedRecipientException& exception)
    at System.Net.Mail.SmtpClient.Send(MailMessage message)
    at Microsoft.Exchange.Tools.ExRca.Tests.SmtpMessageTest.PerformTestReally()

    1. Avatar photo
      Paul Cunningham

      “no mailbox by that name is currently available”

      Seems like a clue to me.

  37. Akram

    hey,
    From firewall can we open port 25 for NLB ip of CAS array so that it also load balance inbound mail ?
    or we have to mention physical ip address of each Cas server to receive mail on our reverse proxy/firewall ?
    Regards

  38. ali

    Hi,
    can you explain little what are the requirements so the mail is sent by our domain can reached to Yahoo.com/Gmail.com/Hotmail.com because these big domain dont accept or sent our domain mail in Junk folder.
    i mean should we do some work on external DNS ?
    Thanks

  39. ali

    hey,
    it means CAS server is receiving mail from internet so we have to open port 25 on our firewall/router towards CAS server because it receive mail from anonymous users right ?
    and mailbox server is just sending and receiving mail inside the orginization ?
    just say yes or no or small explanation if require.
    Regards

  40. Onder Avcu

    Hi Paul,
    I have 2 problems after intalling exc 2013.
    our environment has a exc2010 and a exc2013 (new installed).
    exc2013 users dont set mail to exc2010 users in same AD.
    second problem when I migrated a mailbox from exc2010 to exc2013. they whom out of office workers says outlook is disconnected. (I complated outlookanywhere and autodiscovery commands)
    If we use VPN use, they become outlook connected.
    pls help me

    thank you

  41. TUAN

    Hi Paul.!
    Help me.
    My computer setup new system Exchange 2013 yet.
    There are two system setup windows server 2012.. / 1 setup DC, AD, CAS / 1 setup Exchange 2013
    EX Joined domain with AD and setup successful.! and I not add config.
    . Then I created 2 user on ex user domain Local.
    But I test by send 1 mail user1 to user2.
    I see mail user1 can’t send to user2 and else. It Move to Tab “Drafts”. I am very Crazy with them
    .
    Can you .Help me !
    Thank so much.!

    1. Avatar photo
      Paul Cunningham

      If they’re stuck in Drafts its probably a transport service problem. Try restarting the transport services or the server.

  42. Sam O'Donnell

    Hi Paul,

    HELP, for some reason mailflow has stopped internally and externally, test-mailflow comes back with FAILURE, test-Servicehealth comes back with all services running.. but still i get this error!

    The server returned status code 451 – Error in processing. The server response was: 4.7.0 Temporary server error. Please try again later. PRX4

    this was using the testexchangeconnectivity.com page, is this a resource issue? it had been working up until yesterday.

  43. ismatsahar

    thanks Paul for solving my confusion regarding the other roles

  44. Dais

    Hi Exchange Experts, I want to establish our exchange server but I have a question about exchange, and the question is….
    (How can I find details about companies targeted earlier or not)

    If we have 250 outlook users, and they are mailing to companies a.com, b.com and so on. you@mydomain.com target to both companies but I@mydomain.com don’t know that you@domain.com already target to both or not.

    I want to know that how can I set or get details that someone targeted those companies or not ?

    1. Avatar photo
      Paul Cunningham

      The error occurred for me because I deliberately stopped a service, so the solution in my case was simply to start the service again.

    1. Avatar photo
      Paul Cunningham

      I caused that error by stopping the Hub Transport service on the Mailbox server.

      1. Thierry Frache

        I will double check this on my server. Curious that the service could be stopped by default…

        1. Avatar photo
          Paul Cunningham

          Best way to check services on an Exchange server is to run Test-ServiceHealth.

          While you’re in the shell run Test-Mailflow as well.

      1. Thierry Frache

        About the error message with telnet 451 4.7.0 Temporary server error. Please try again later. PRX3. I got the same problem and for now, my servers are not able to send or receive any emails.

  45. Charles Derber

    How did you manage to get Exchange 2010 SP3 as its a pre-requisite to coexist with Exchange 2013…I didn’t test with edge but I guess so…?

    I believe its not out from MS…?

    1. Avatar photo
      Paul Cunningham

      There’s no co-existence going on there. The 2013 servers are in their own org and the Edge server is not a member of the same AD forest.

      You can get a 2007/2010 Edge Transport to work with Exchange 2013 right now without 2010 SP3 existing yet.

  46. Charles Derber

    Thanks Paul for bringing up these ones & its been really informative 🙂

    1. amit

      Really consumable

      1. Chris Brown

        Yep. Super consumable, thanks Paul.

    2. Timmy Luts

      Great article Paul 🙂
      good to know about the different queues..

Leave a Reply