| Home | Kaiming |
Send Connector
Within an Exchange Organization, the send connectors are implicitly and automatically created.
Hub Transport server is for mail delivery. Receive connectors are explicitly created. However the send connectors are implicitly created.
Get-ReceiveConnector -Server Ex20071 | fl Name,bind*
Name : Default EX20071
Bindings : {0000:0000:0000:0000:0000:0000:0.0.0.0:25, 0.0.0.0:25}
Name : Client EX20071
Bindings : {0000:0000:0000:0000:0000:0000:0.0.0.0:587, 0.0.0.0:587}
The receive connectors listen the incoming SMTP connection on port 25.
We cannot see any send connector in EMC. By GET-SENDCONNECTOR cmdlet, nothing comes out unless you create one in your organization for external domain delivery.
The send connector must exist because Exchange 2007 can send messages off the server. Within the Exchange Organization, the on-demand send connector is created by HUB TRANSPORT Server. To modify the send connector parameters, you use Set-TransportServer cmdlet.
At least one send connector must be explicitly created in order to send messages out of Exchange organization.
The Default SMTP Virtual Server on Paula can send e-mail out.
Get-Mailbox | fl name,ServerName,RecipientTypeDetails
Name : Rob
ServerName : ex20071
RecipientTypeDetails : UserMailbox
Name : Tim
ServerName : ex20072
RecipientTypeDetails : UserMailbox
Name : Bond
ServerName : w2008
RecipientTypeDetails : UserMailbox
Name : Newton
ServerName : paula
RecipientTypeDetails : LegacyMailbox
Make sure there is no send connector defined in the organization.
Get-SendConnector | Remove-SendConnector
Rob,Tim,Bond and Newton send e-mail out. All mail goes to unreachable domain queue.
The Default SMTP virtual server on paula server does not deliver the message to Internet. The organization does not know that it exists. Paula Exchange 2003 always delivers messages over Paula-Ex20071 routing group connector.
In a mixed environment, on exchange 2003 server, all remote messages go through PAULA-EX20071 routing group connector.
Don’t create SMTP connector in Exchange 2003 in a mixed environment—looping.
Let's experiement:
Create a SMTP virtual server:26
Create a SMTP connector: Internet2003
Queue Viewer on Ex20071.work.com: Local loop was detected.
Don't change the port 25 to any other port number for the Default SMTP Virtual Server.
AddressSpaces
Scenario 1:
Get-SendConnector | Remove-SendConnector
$credential=Get-Credential
new-SendConnector -Name '*Cost1' -AddressSpaces 'SMTP:*;1' -IsScopedConnector $false -DNSRoutingEnabled $false -SmartHosts '[70.79.160.207]' -AuthenticationCredential $credential -SmartHostAuthMechanism 'BasicAuth' -Port 26 -SourceTransportServers 'EX20071'
All Internet mail (Paula, Ex20071, Ex20072, and W2008) is delivered through the SMTP:*;1 connector.
Scenario 2:
Get-SendConnector | Remove-Connector
$credential=Get-Credential
new-SendConnector -Name '*Cost1' -AddressSpaces 'SMTP:*;1' -IsScopedConnector $false -DNSRoutingEnabled $false -SmartHosts '[70.79.160.207]' -AuthenticationCredential $credential -SmartHostAuthMechanism 'BasicAuth' -Port 26 -SourceTransportServers 'EX20071', 'EX20072'
Ex20071 and Ex20072 perform load-balancing.
Stop MSExchangeTransport service on Ex20071
Stop-Service MSExchangeTransport
Internet mail is delivered through Ex20072 including W2008’s mailboxes.
Scenario 3 ***not good
Get-SendConnector | Remove-Connector
new-SendConnector -Name '*Cost1' -AddressSpaces 'SMTP:*;1' -IsScopedConnector $false -DNSRoutingEnabled $false -SmartHosts '[70.79.160.207]' -AuthenticationCredential $credential -SmartHostAuthMechanism 'BasicAuth' -Port 26 -SourceTransportServers 'EX20071', 'EX20072', 'W2008'
At Ex20071
Stop-Service MSExchangeTransport
At Ex20072
Stop-Service MSExchangeTransport
MSExchangeTransport on W2008 is running.
Bond@work.com (on W2008) sends mail to Internet.
W2008 is still relaying to mail across site (default-first-site-name).
Tim@work.com (on Ex20072) cannot deliver mail to Internet because the Default-first-site-name site does not have a transport server running.
The source transport list should include the transport servers from only one site.
Scenario 4: *** Good
Get-SendConnector | Remove-SendConnector
new-SendConnector -Name '*Cost1' -AddressSpaces 'SMTP:*;1' -IsScopedConnector $false -DNSRoutingEnabled $false -SmartHosts '[70.79.160.207]' -AuthenticationCredential $credential -SmartHostAuthMechanism 'BasicAuth' -Port 26 -SourceTransportServers 'EX20071'
new-SendConnector -Name '*Cost2' -AddressSpaces 'SMTP:*;2' -IsScopedConnector $false -DNSRoutingEnabled $false -SmartHosts '[70.79.160.208]' -AuthenticationCredential $credential -SmartHostAuthMechanism 'BasicAuth' -Port 26 -SourceTransportServers 'EX20072'
new-SendConnector -Name '*Cost3' -AddressSpaces 'SMTP:*;3' -IsScopedConnector $false -DNSRoutingEnabled $false -SmartHosts '[70.79.160.209]' -AuthenticationCredential $credential -SmartHostAuthMechanism 'BasicAuth' -Port 26 -SourceTransportServers 'w2008'
Messages to Internet from mailbox users on Paula, Ex20071 and ex20072 go through SMTP:*;1 connector.
Messages to Internet from mailbox users on W2008 go through SMTP:*;3 connector, even though its cost is 3.
Transport servers (ex20071,ex20072 and w2008) are up and running.
Scenario 5: best
Get-SendConnector | Remove-SendConnector
new-SendConnector -Name 'FirstSite' -AddressSpaces 'SMTP:*;1' -IsScopedConnector $false -DNSRoutingEnabled $false -SmartHosts '[70.79.160.207]' -AuthenticationCredential $credential -SmartHostAuthMechanism 'BasicAuth' -Port 26 -SourceTransportServers 'EX20071', 'EX20072'
new-SendConnector -Name 'vsite' -AddressSpaces 'SMTP:*;1' -IsScopedConnector $false -DNSRoutingEnabled $false -SmartHosts '[70.79.160.209]' -AuthenticationCredential $credential -SmartHostAuthMechanism 'BasicAuth' -Port 26 -SourceTransportServers 'w2008'
Scenario 6:
ISScopeConnector
Get-SendConnector | Remove-SendConnector
new-SendConnector -Name '*Cost1' -AddressSpaces 'SMTP:*;1' -IsScopedConnector $true -DNSRoutingEnabled $false -SmartHosts '[70.79.160.207]' -AuthenticationCredential $credential -SmartHostAuthMechanism 'BasicAuth' -Port 26 -SourceTransportServers 'EX20071', 'EX20072'
Bond@work.com (on w2008 server) sends mail to Internet. The mail goes to Unreachable Domain queue. The SMTP:*;1 connector is scoped to default-first-site-name. It cannot be used by vSite.
Scenario 7:
The closest match is selected.
new-SendConnector -Name 'Toronto.com' -AddressSpaces 'SMTP:Toronto.com;1' -IsScopedConnector $false -DNSRoutingEnabled $false -SmartHosts '[192.168.0.1]' -SmartHostAuthMechanism 'None' -SourceTransportServers 'EX20071'
new-SendConnector -Name '*.Toronto.com' -AddressSpaces 'SMTP:*.Toronto.com;1' -IsScopedConnector $false -DNSRoutingEnabled $false -SmartHosts '[192.168.0.2]' -SmartHostAuthMechanism 'None' -SourceTransportServers 'EX20071'
Route resolution is the closest match.
tm@toronto.com goes through [192.168.0.1].
ok@dev.toronto.com goes through [192.168.0.2].
DNSRoutingEnabled ----Using MX record
Every site with a mailbox server must have at least one Hub Transport server.
Receive Connector
Ex64.east.com
Make sure that the secondary zone: work.com includes the MX record, which points to Paula.work.com.
new-SendConnector -Name 'Internet' -Usage 'Internet' -AddressSpaces 'SMTP:*;1' -IsScopedConnector $false -DNSRoutingEnabled $true -UseExternalDNSServersEnabled $false -SourceTransportServers 'EX64'
James.Bond@east.com sends mail to Newton@work.com,Rob@work.com,Tim@work.com and Bond@work.com.
All recipients receive the mail.
Modify the MX record as:
Set-ReceiveConnector 'Ex20071\Default Ex20071' -PermissionGroups AnonymousUsers, ExchangeUsers, ExchangeServers, ExchangeLegacyServers
James.Bond@east.com sends mail to Newton@work.com,Rob@work.com,Tim@work.com and Bond@work.com.
All recipients receive the mail.
Conclusion:
Any SMTP virtual server or receive connector can receive mail from Internet and delivers the mail to all organization.
Default Receive connectors
Get-ReceiveConnector -Server Ex20072 | fl Name,Bindings,Perm*
Name : Default EX20072
Bindings : {0000:0000:0000:0000:0000:0000:0.0.0.0:25, 0.0.0.0:25}
PermissionGroups : ExchangeUsers, ExchangeServers, ExchangeLegacyServers
Name : Client EX20072
Bindings : {0000:0000:0000:0000:0000:0000:0.0.0.0:587, 0.0.0.0:587}
PermissionGroups : ExchangeUsers
If you set up a POP3 account, you can specify either IP:25 or IP:587 because both Default Ex20072 and Client Ex20072 have the ExchangeUsers permission group applied.
You can configure the Default EX20072 connector to accept incoming connection from other SMTP servers.
Set-ReceiveConnector 'Ex20072\Default Ex20072' -PermissionGroups AnonymousUsers, ExchangeUsers, ExchangeServers, ExchangeLegacyServers
Why additional receive connectors?
MessageRateLimit: maximum number of messages that can be sent by a single client IP address per minute.
MaxRecipientsPerMessage: maximum number of recipients per message that the Receive connector accepts before closing the connection.
MaxInboundConnection: maximum number of inbound connections that this Receive connector serves at the same time.
MaxInboundConnectionPerSource: maximum number of connections that this Receive connector serves at the same time from a single IP address.
TarpitInterval: the amount of time to delay an SMTP response to a remote server that Exchange determines may be abusing the connection.
The receive connector: Default EX20072
MessageRateLimit: unlimited
MaxInboundConnectio: 5000
MaxInboundConnectionPerSource: unlimited
MaxInboundConnectionPercentagePerSource: 100
MaxMessageSize: 10MB
MaxRecipientsPerMessage: 5000
TarpitInterval: 00:00:05
If your Hub Transport server is facing the Internet, the computer should have two NICs (Internal:192.168.11.2 and Internet:200.200.200.2).
Set-ReceiveConnector 'Ex20072\Default Ex20072' -Bindings '192.168.11.2:25'
new-ReceiveConnector -Name 'Internet' -Usage 'Internet' -Bindings '200.200.200.2:25' -Server 'EX20072'
Set-ReceiveConnector 'ex20072\Internet' -MaxMessageSize 5MB
Set-ReceiveConnector 'ex20072\Internet' -MessageRateLimit 100
Bindings must be unique!