How to Configure Internet Mail Flow Through Hub Server

Exchange Server administration forum
Post Reply
ManU
Founder
Founder
Posts: 98
Joined: Sat Sep 26, 2009 9:57 am
Location: India
Contact:

How to Configure Internet Mail Flow Through Hub Server

Post by ManU » Wed Jan 20, 2010 10:23 am

How to Configure Internet Mail Flow Directly Through a Hub Transport Server

This topic explains how to use the Exchange Management Console or the Exchange Management Shell to configure an Internet-facing Hub Transport server.

To establish Internet mail flow directly through a Hub Transport server, you create a Send connector that routes e-mail to the Internet. Also, you modify the configuration of the default Receive connector to accept e-mail from the Internet.

In this scenario, the Microsoft Exchange Server 2007 Hub Transport server can be reached directly through the Internet. Microsoft don't recommend this topology because it increases security risks by exposing to the Internet the Exchange 2007 server and all roles installed on that server.

Install Antispam agaent in Hub Transport Server: You can install the anti-spam agents on the Hub Transport server role by using the Install-AntiSpamAgents.ps1 script. This script is located in the %system drive%/Program Files/Microsoft/Exchange Server/Scripts folder. After you run this script, all the anti-spam agents are installed and enabled, and the Anti-spam tab is available in the Exchange Management Console for Hub Transport servers. Microsoft recommends that you install the anti-spam agents if you select this topology so that the Hub Transport server can provide anti-spam protection for the Exchange organization

To successfully configure an Exchange 2007 Hub Transport server to receive mail, you must complete the following tasks:
Create a Receive connector
Add the accepted domains
Create a Send connector
Install the Exchange 2007 anti-spam agents


Before you start this procedure, verify that the following prerequisites are met:
1. Register MX resource records for all accepted domains in a public domain name system (DNS) server.
2. Configure network gateways to route SMTP traffic to and from the Hub Transport server


How to Create the Receive Connector
Receive connectors are configured on computers that are running Exchange 2007 and that have the Hub Transport and Edge Transport server roles installed. Receive connectors represent a logical gateway through which all inbound messages are received.

Procedures
1.Click Start, click All Programs, click Microsoft Exchange Server 2007, and then click Exchange Management Console.
2.Navigate to Server Configuration, and then click Hub Transport. Select the server that you want.
3.Click the Receive Connectors tab.
4.The "Default" receive connector on the Hub Transport server is configured for other Exchange servers to authenticate, but, by default, it does not accept anonymous e-mail. To allow for anonymous e-mail, click the Anonymous users check box.

How to Add the Accepted Domains
By default, an Exchange 2007 server only accepts e-mail destined for the Windows domain in which the Exchange 2007 server is a member. For an Exchange 2007 server to accept e-mail that is destined to your external SMTP domain from the Internet, you may have to create a new accepted domain.

Procedure
To create an accepted domain on a computer that has the Hub Transport server role installed

1.Log on to the Hub Transport server, and then open the Exchange Management Console.
2.In the console tree, expand Organization Configuration, select Hub Transport, and then click the Accepted Domains tab.
3.In the action pane, click New Accepted Domain. The New Accepted Domain Wizard appears.
4.On the New Accepted Domain page, complete the following fields:

Name : Use this field to identify the accepted domain in the user interface. You can type any name that you want.
Accepted Domain : Use this field to identify the SMTP namespace for which the Exchange organization will accept e-mail messages.
5.After you complete these fields on the New Accepted Domain page, select one of the following options to set the accepted domain type:
Authoritative Domain E-mail is delivered to a recipient in this Exchange organization.
Internal Relay Domain E-mail is relayed to an e-mail server in another Active Directory forest in the organization.
External Relay Domain E-mail is relayed to an e-mail server outside the organization by the Edge Transport server.
6.Click New.
7.On the Completion page, click Finish.

How to Create the Send Connector
A Send connector controls outbound connections from the sending server to the receiving server or destination e-mail system. By default, no explicit Send connectors are created when the Hub Transport server role is installed.

Procedure
1.On the Hub Transport server, open the Exchange Management Console.
2.In the console tree, expand Organization Configuration, select Hub Transport, and then click the Send Connectors tab.
3.In the action pane, click New Send Connector. The New SMTP Send Connector Wizard starts.
4.On the Introduction page, follow these steps:

a.In the Name field, type a meaningful name for this connector. This name is used to identify the connector.
b.In the Select the intended use for this connector field, select the Internet connector. The Internet Send connectors are used to send e-mail to the Internet. This connector will be configured to use Domain Name System (DNS) MX records to route e-mail.
c.On the Hub Transport server, click Add or the arrow that is located next to Add, and then select SMTP Address Space. Enter the following information in the SMTP Address Space dialog box:
Address: Enter the SMTP address. You can include the wildcard character (*) in the address space as defined in RFC 1035.
Cost : Use the address space cost to set the selection priority when more than one Send connector is configured for the same address space. During routing resolution, when the connector selection is made, the least-cost routing path to the destination address space is selected. The default cost is set to 1. The valid input range is 1 to 100.
d.On the Hub Transport server, click the arrow that is located next to Add, and then select Custom Address Space. Enter the following information in the Custom Address Space dialog box:
Type: This field describes the address space that you enter in the Address field. If you enter SMTP in the Type field,
Address: If you specified SMTP in the Type field, the address space that you enter must be RFC 1035-compliant. For example, enter *.
Cost : Use the address space cost to set the selection priority when more than one Send connector is configured for the same address space.
e.When you are finished, click Next.

5.On the Network settings page, select how you want to send e-mail with the Send connector. The following options are available:

Use domain name system (DNS) "MX" records to route mail automatically When you select this option, the Send connector uses the DNS client service on the sending server to query a DNS server and resolve the destination address.

Route all mail through the following smart hosts This option is available only if you selected a usage type of Custom, Internal, or Internet. When you select this option, follow these steps:

a.Click Add. In the Add Smart Host dialog box, select IP Address or Fully qualified domain name (FQDN) to specify how to locate the smart host. When you are finished, click OK.

b.On the Smart host security settings page, select the method that is used to authenticate to the smart host. The available smart host authentication methods are None, Basic Authentication, Basic Authentication over TLS, Exchange Server Authentication, and Externally Secured. Click Next.

6.The Source Server page only appears on Hub Transport servers. By default, the Hub Transport server that you are currently working on is listed as a source server. To add a source server, click Add. In the Select Hub Transport servers and Edge Subscriptions dialog box, select the Hub Transport server or the subscribed Edge Transport server that will be used as the source server for sending messages to the address space that you provided earlier. When you are finished adding additional source servers, click OK.
7.On the New connector page, review the configuration summary for the connector.
8.On the Completion page, click Finish.

How to Install the Exchange 2007 Anti-Spam Agents on Hub Transport Servers

By default, this feature is not installed on a Hub Transport server. This is because Hub Transport servers have to perform anti-spam functions only when there is no Edge Transport server available to perform this function.

Procedure
1.Click Start, click All Programs, click Microsoft Exchange Server 2007, and then click Exchange Management Shell.
2.At the command prompt, type the following, and then press ENTER:

Install-AntispamAgents.ps1

3.Restart the Microsoft Exchange Transport service.

4.Click Start, click All Programs, click Microsoft Exchange Server 2007, and then click Exchange Management Console.

5.Navigate to Microsoft Exchange -> Organization Configuration -> Hub Transport. A new Anti-Spam tab appears.


cmdlet

To use the Exchange Management Shell to establish Internet mail flow directly on a Hub Transport server

1.To create a Send connector that is used by the Hub Transport server named "HubA" to send e-mail to the Internet run the following command:
New-SendConnector -Name "Internet" -Usage Internet -AddressSpaces "*" -SourceTransportServers "HubA" -DNSRoutingEnabled:$true -UseExternalDNSServersEnabled:$true2.
2. To modify the default Receive connector on the Hub Transport server named "HubA" to allow anonymous connections, run the following command:
Set-ReceiveConnector -Name "Default Server Name" -Server HubA -PermissionGroups AnonymousUsers,ExchangeUsers,ExchangeServers,ExchangeLegacyServers
Thanks
MANU PHILIP
Microsoft MVP(Exchange Server)
| MCITP | MCTS | MCSA | ITIL V3 |
TechNet Forums Profile: ManU

telesha
Rank1
Rank1
Posts: 2
Joined: Sun Feb 13, 2011 11:28 am

Re: How to Configure Internet Mail Flow Through Hub Server

Post by telesha » Tue Feb 22, 2011 1:03 pm

Why they keep DNS server and Mail client Server is placed outside the intranet of a company? Is there any particular reason to place the DNS server and Mail client Server outside of a company what would be a validate of the above problem?
___________________
keyword research ~ keyword tool ~ keyword tracking ~ affiliate elite
Last edited by telesha on Sat Feb 26, 2011 4:37 pm, edited 1 time in total.

ManU
Founder
Founder
Posts: 98
Joined: Sat Sep 26, 2009 9:57 am
Location: India
Contact:

Re: How to Configure Internet Mail Flow Through Hub Server

Post by ManU » Wed Feb 23, 2011 9:36 am

Hi,

It may be a Split DNS setup, that means setting up separate DNS zones so that DNS requests that come from the Internet will resolve to different IP addresses than requests coming from your internal workstations or servers. For ex. if the Internet client resolves mail.windowsadmin.info, it will receive an IP address that is associated with an external firewall solution that is sitting in the perimeter network. The internal client will get an IP address associated with the internal Client Access server array.

The benefit of using split DNS is that it helps control client access. Internal clients use the internal systems instead of the external systems. In other words, internal users’ sessions aren’t handled by the firewall application and you do not expose internal IP addresses or host names to the Internet.
You can also limit access to specific hosts that are part of the perimeter network or force users to take a specific communication route. For this reason it is a best practice to implement split DNS in every Exchange organization that has server roles exposed to the Internet.
Thanks
MANU PHILIP
Microsoft MVP(Exchange Server)
| MCITP | MCTS | MCSA | ITIL V3 |
TechNet Forums Profile: ManU

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest