Thursday, February 24, 2011

How to configure Exchange 2007 Hub Transport role to receive mail from the Internet

First step is to modify the default receive connector in Exchange Management Console:

Exchange Management Console --> Severs Configuration-->Hub Transport-->Receive Connectors-->Default Your_server_name-->Propreties-->Permission Groups check Anonymus Users

The "Default" receive connector on Hub is configured for other Exchange servers to authenticate, but it does not accept anonymous e-mail by default.See Image Bellow
 This step you can't do from the Exchange Management Shell because the command Set-ReceiveConnector parameter -PermissionGroups takes only one value.In other words you can specify only a single group like AnonymousUsers but you need the other groups to remain checked (ExchangeUsers, ExchangeServers, ExchangeLegacyServers).

Second Step configure the send connector to send messages to the internet:
Exchange Management Console -->Organization Configuration -->Hub Transport-->New Send Connector: type the name of the connector and choose the Internet type see image below:
In order for all outbound mail to pass through the connector, the address space of the connector should be * and the type SMTP.See image below:
The network tab allows you to specify whether you'll use a smart host  to relay your messages, or if you'll handle the delivery yourself (using DNS).The source server specifies which Exchange server or servers in your organization will be responsible for sending Internet email.
Note: For Romania RDS ISP users SMTP port 25 is blocked you have to use your ISP smart host to relay messages to the internet.RDS's smart host fully qualyfied name is
See image below:
 If you want to know more about how to test if port 25 is blocked by your ISP read this article is awsome

Configure the smart host authentication to none.See image below:

 Then Next-->New-->Finish

Or to configure the send connector from the Exchange Management Shell type:
new-SendConnector -Name 'to internet' -Usage 'Internet' -AddressSpaces 'SMTP:*;1' -DNSRoutingEnabled $false -SmartHosts '' -SmartHostAuthMechanism 'None' -UseExternalDNSServersEnabled $true -SourceTransportServers 'SERV642'

Third Step if you do not want to be bombarded with spam you should enable the antispam filters on the hub transport servers like this:
Open the Exchange Management Shell and type:
cd "C:\Program Files\Microsoft\Exchange Server\Scripts"
after that type: Install-AntiSpamAgents.ps1 
now restart the transport service: restart-service msexchangetransport
Once you complete these steps, you will see the Anti-spam tab enabled in the Exchange Management Console.See Image Below:
And of course configure the antispam agents but that is another topic.

Forth Step By default, your new Exchange 2007 servers will only accept e-mail destined to the Windows domain that the server was a member of. In order to accept email destined to your external SMTP domain, you will probably need to create a new Accepted Domain:
Open the Exchange Management Shell and type:
New-AcceptedDomain -DomainName -Name xyz
Exchange Management Console -->Organization Configuration -->Hub Transport--&gt--> then select Accepted Domains tab--> New Accepted Domain (Choose Authoritative Domain)

Notes:Because your server is sitting directly on the Internet, you may want to change the advertised FQDN that is sent in HELO/EHLO commands in SMTP. The user interfaces for both send and receive connectors allows you to configure this.
Because you will not be using Edge Server, you have no need for the Microsoft Exchange EdgeSync service. You can set this service to disabled to prevent it from starting and using system resources.
You can do this from Power Shell or Exchange Management Shell .Type this:

Set-Service MSExchangeEdgeSync -startupType Disabled
Stop-Service MSExchangeEdgeSync

I think almost everyone knows how to disable and stop a service from Computer Management-->Services-->Microsoft Exchange EdgeSync (disable and stop)

Final Suggestions - make sure that your DNS  MX record is correct and  that your firewall is letting the connection inbound to port 25.(The easiest method if you already have a mail server is to either reuse that server's IP, or update the firewall rule to point to the new Exchange 2007 server's internal IP.)

No comments:

Post a Comment