In Exchange 2007, Receive connectors represent an inbound connection point for Simple Mail Transfer Protocol (SMTP) communications. Send connectors represent a logical gateway through which all outbound messages are sent. For end-to-end mail flow, the Edge Transport server must have connectors that support mail flow to and from the Internet, and to and from the organization. The following connectors are required on the Edge Transport server:
-
A Send connector that is configured to send messages to the Internet
The address space for this connector is typically "*" (all Internet domains) and DNS routing is used to resolve destinations. The usage type for this connector is Internet. This Send connector is created automatically when the Edge Transport server is subscribed to an Active Directory directory service site by using EdgeSync.
-
A Receive connector that is configured to accept messages from the Internet
This connector typically accepts connections from all IP address ranges and allows for anonymous access. The local network bindings for this Receive connector should be the external-facing IP address of the Edge Transport server. The usage type for this connector is Internet.
-
A Send connector that is configured to send messages to the Hub Transport servers in the Exchange organization
The address space for this connector can be "--", or you can list each of your accepted domains. Use the Hub Transport servers in the organization as the smart hosts for this connector. The usage type for this connector is Internal. This Send connector is created automatically when the Edge Transport server is subscribed to an Active Directory site by using EdgeSync.
-
A Receive connector that is configured to receive messages from Hub Transport servers in the Exchange organization
This connector can be configured to accept connections only from the IP address ranges assigned to the Hub Transport servers. The local network bindings for this Receive connector should be the internal-facing IP address of the Edge Transport server. The usage type for this connector is Internal. This connector is optional.
.gif) Note: |
|---|
|
By default, a single Receive connector is configured on the Edge Transport server during installation. This connector is used for both incoming Internet e-mail and incoming e-mail from the Hub Transport servers. The permissions on the connector are automatically determined by how sessions are authenticated. The Edge Subscription process automatically configures permissions and authentication. A second Receive connector is optional and is typically configured only when EdgeSync is not used.
|
Configuring Receive Connectors
During installation, one Receive connector is created. This Receive connector is configured to accept SMTP communications from all IP address ranges and is bound to all IP addresses of the local server. It is configured to have the Internet usage type. Therefore, the connector accepts anonymous connections. If you use EdgeSync, no additional Receive connectors are required. The Edge Subscription process automatically configures permissions and authentication mechanisms. Anonymous sessions and authenticated sessions are granted different permission sets.
If you don't use EdgeSync, we recommend that you modify the settings of this Receive connector and create an additional Receive connector of the Internal usage type. To complete Receive connector configuration, follow these steps:
-
Modify the settings of the default Receive connector. Set the local network bindings to the IP address of only the Internet-facing network adapter.
| Note: |
|---|
If Exchange 2007 Service Pack 1 (SP1) is deployed on a computer that is running Windows Server 2008, you can enter IP addresses and IP address ranges in the Internet Protocol Version 4 (IPv4) format, Internet Protocol Version 6 (IPv6) format, or both formats. A default installation of Windows Server 2008 enables support for IPv4 and IPv6.
We strongly recommend against configuring Receive connectors to accept anonymous connections from unknown IPv6 addresses. If you configure a Receive connector to accept anonymous connections from unknown IPv6 addresses, the amount of spam that enters your organization is likely to increase. Currently, there is no broadly accepted industry standard protocol for looking up IPv6 addresses. Most IP Block List providers do not support IPv6 addresses. Therefore, if you allow anonymous connections from unknown IPv6 addresses on a Receive connector, you increase the chance that spammers will bypass IP Block List providers and successfully deliver spam into your organization.
For more information about Exchange 2007 SP1 support for IPv6 addresses, see IPv6 Support in Exchange 2007 SP1. For more information about connection filtering, how to add IP addresses to the IP Allow list and IP Block list, and how to configure IP Block List provider services and IP Allow List provider services, see Configuring Connection Filtering.
|
-
Create a new Receive connector. Select Internal as the connector usage type. Set the local network bindings to the IP address of the organization-facing network adapter only. Configure the remote network settings to receive mail from the remote IP addresses that are assigned to the Hub Transport servers.
| Note: |
|---|
|
Any Receive connector that is responsible for accepting connections from Edge Transport servers or other Hub Transport servers must have the Exchange Server authentication method assigned to it. The Exchange Server authentication method is the default authentication method when you create a new Receive connector that has the Internal usage type.
|
-
If you want to support Basic authentication, create a local user account and grant the necessary permissions by using the Add-ADPermission cmdlet.
Configuring Send Connectors
When you subscribe an Edge Transport server to the organization, the Send connectors that are required to send messages to the internal organization and to the Internet are automatically created by the Microsoft Exchange EdgeSync service. You must perform manual configuration of the connectors if you decide not to create an Edge Subscription.
To complete configuration of Send connectors by using an Edge Subscription, follow these steps:
-
Install the Hub Transport server role.
-
On the Edge Transport server role, export the Edge Subscription file. If you are installing more than one Edge Transport server, each server requires a separate subscription file.
-
On the Hub Transport server role, import the Edge Subscription.
-
Verify that synchronization was successful.
To manually complete configuration of Send connectors and not create an Edge Subscription, follow these steps:
-
Create a new Send connector and select Internet as the usage type. Set the address space to "*" (all domains). Configure the network settings to use DNS MX records to route mail automatically.
-
Create a new Send connector and select Internal as the usage type. Use your accepted domains as the address space. Configure the network settings to route all mail through smart hosts. Add the IP address or fully qualified domain names (FQDN) of one or more Hub Transport servers as the smart hosts. Select Externally Secured (for example with IPsec) as the authentication mechanism for the smart host security settings. You must also verify that a Receive connector exists on the Hub Transport server that is configured to accept connections from the IP address range of the Edge Transport servers and that the Receive connector is set to use Externally Secured (for example with IPsec) as the authentication mechanism.
| Note: |
|---|
|
If you select Externally Secured (for example with IPsec) as the authentication method, no authentication occurs. A trusted network connection must exist between the transport servers. This connection may be an IPsec association or a virtual private network, or the servers may reside in a trusted physically controlled network. Alternative authentication mechanisms can be used for this connector. For more information about the available authentication mechanisms, see Exchange 2007 Transport Permissions Model.
|