Exchange 2007 SP1 Support for X.400 Authoritative Domains

Exchange 2007 SP1 Support for X.400...

Applies to: Exchange Server 2007 SP1 Topic Last Modified: 2007-08-13

This topic describes the support that Microsoft Exchange Server 2007 Service Pack 1 (SP1) provides for X.400 domains. Exchange 2007 SP1 enables the configuration of one or more X.400 authoritative domain namespaces by using Exchange Management Shell commands.

X.400 Addresses

An X.400 address is an address that is defined as part of a suite of e-mail standards that are defined by International Telecommunication Union Telecommunication Standardization Sector (ITU-T) recommendations. An X.400 address uses a hierarchical naming system and consists of a series of attributes, the sum of which form the X.400 address. Some attributes in the address specify the organization. Other attributes specify the recipient. The sum of all the organizational attributes specifies a unique node in the X.400 address hierarchy.

Exchange 2007 does not support the following X.400 scenarios:

Sharing an X.400 address node with another e-mail system In Exchange 2007, you can share an SMTP domain namespace by configuring an internal relay accepted domain. You can't use this configuration for an X.400 namespace. Exchange 2007 must be authoritative for the X.400 domain. Or the X.400 domain must be configured as an external relay subdomain of an authoritative X.400 domain.
Configuring an X.400 authoritative domain on the Edge Transport server
Configuring an X.400 authoritative domain in the Exchange Management Console You must use the Exchange Management Shell to configure X.400 authoritative domains.
Routing or relay directly to an X.400 message transfer agent (MTA) Exchange 2007 must route through a source server that is running Microsoft Exchange Server 2003 and hosting an X.400 connector, or through a third-party Exchange 2007 X.400 connector.

Configuring X.400 Authoritative Domains

You configure an X.400 authoritative domain on the Hub Transport server role. When an organization is configured as authoritative for a particular domain, it is assumed that the organization hosts all the mailboxes for recipients in that domain. After you create an X.400 authoritative domain name, you can create an e-mail address policy that specifies that domain in the e-mail proxy address. The Exchange organization accepts e-mail that is addressed to recipients who have been assigned an X.400 e-mail proxy address that uses the X.400 authoritative domain namespace. Any X.400 recipient addresses in the authoritative namespace that do not resolve to a mailbox or a contact in the Active Directory directory service are treated as an error and cause messages to result in a non-delivery report (NDR). If the message that causes the error is a Delivery Status Notification (DSN), such as an NDR, it is deleted.

Exchange 2007 supports nonauthoritative X.400 domains if they are a subdomain of an authoritative domain. You use the X400ExternalRelay parameter of the New-X400AuthoritativeDomain cmdlet to define any exceptions where the Exchange organization is not authoritative for a subdomain of the authoritative X.400 domain. By default, the value of the X400ExternalRelay parameter is set to $false. Therefore, a recipient resolution failure for an e-mail that is sent to a recipient in the X.400 subdomain results in an NDR. If the value of the X400ExternalRelay parameter is set to $true, Exchange does not treat recipient resolution failures as an error and routes messages that are addressed to a recipient in the X.400 subdomain to an external address.

Defining an X.400 Namespace

By default, when you configure an X.400 authoritative domain, the Exchange organization is considered authoritative for all X.400 addresses in the hierarchy.

An X.400 address consists of a series of attributes that define organizational components and specify recipients. The X.400 namespace that is specified in the X400DomainName parameter can only include the X.400 organizational components. The following table lists the attributes that you can use to define an X.400 domain namespace in Exchange 2007 SP1. The attributes are listed in hierarchical order.

X.400 organizational components

Attribute abbreviation	Organizational component	Required/Optional	Maximum character length
C	Country The value of the Country attribute is the two-letter country/region designation from International Organization for Standardization (ISO) 3166. This attribute identifies the country or region of the X.400 domain namespace.	Required	2
A	ADMD The value of the Administration Management Domain (ADMD) typically identifies a public mail service provider. Valid values are decided on a country or regional basis.	Required	16
P	PRMD The value of the Private Management Domain (PRMD) defines the top level domain in the namespace of the Exchange organization.	Optional	16
O	Organization The value of the Organization is unique within the context of the PRMD or of the ADMD if there is no PRMD.	Optional	64
OU1	Organizational unit 1 The value of each organizational unit identifies a unique address element within the scope of the immediately superior address element in the hierarchy.	Optional	64
OU2	Organizational unit 2 The value of each organizational unit identifies a unique address element within the scope of the immediately superior address element in the hierarchy.	Optional	64
OU3	Organizational unit 3 The value of each organizational unit identifies a unique address element within the scope of the immediately superior address element in the hierarchy.	Optional	64
OU4	Organizational unit 4 The value of each organizational unit identifies a unique address element within the scope of the immediately superior address element in the hierarchy.	Optional	64

When you specify the X.400 namespace, the address attributes must be separated by semicolons and the address must be enclosed in quotation marks, as in the following example:

"C=US;A=ATT;P=Contoso;O=Example"

X.400 domain names can only include the following ASCII characters:

A to Z
a to z
0-9
These punctuation and special characters: (space) ' () + , - . / : = ?

The inclusion of a wildcard character, such as an asterisk ( * ), is not supported in the X.400 authoritative namespace. Each attribute can appear only one time in the X.400 namespace.

Any address in the hierarchy that is subordinate to the defined organizational components must resolve to a recipient or contact in Active Directory, unless an exception has been defined for a subdomain by specifying the X400ExternalRelay parameter as $true. If the categorizer cannot resolve a recipient, an NDR is generated for a message. If the message is a DSN, it is deleted.

For example, if you have configured an X.400 authoritative domain as "C= US;A=ATT;O=Contoso", the Exchange organization is also considered authoritative for the X.400 namespace "C=US;A=ATT;O=Contoso;OU1=Tailspin Toys". If all the recipients for Tailspin Toys are located in another organization, each of those recipients must be represented as a contact in the Active Directory of the Contoso organization. If you cannot do this, the Tailspin Toys namespace must be defined as an external relay subdomain.

Recipient Resolution and Routing for X.400 Authoritative Domains

To determine how to handle routing of e-mail messages, the Exchange 2007 categorizer compares the recipient addresses to the list of domains for which the Exchange organization is authoritative. This enables the categorizer to determine when to route an X.400 addressed message to an external system and when to generate an NDR for a message if the recipient is not found in the authoritative namespace. If a message is being sent to a recipient address in an X.400 domain for which the Exchange organization is authoritative, the message is delivered to valid recipients, In addition, an NDR is returned to the sender for any recipient that does not appear in Active Directory. If a message is being sent to an X.400 domain for which the Exchange organization is not authoritative, the message is routed externally through an X.400 connector.

After an X.400 authoritative namespace has been defined, the Exchange organization is assumed to be responsible for message delivery to all recipients that have e-mail proxy addresses that match the namespace. Therefore, X.400 addressed messages that are received by an Exchange 2007 Hub Transport server are processed as follows:

If the recipient address resolves to a recipient in Active Directory, the message is delivered.
An NDR is returned to the sender if all the following conditions are true:
- The recipient address does not resolve to a recipient in Active Directory.
- The recipient address matches an X.400 namespace for which Exchange is authoritative
- The e-mail is a message.
The e-mail is deleted if all the following conditions are true:
- The recipient address does not resolve to a recipient in Active Directory.
- The recipient address matches an X.400 namespace for which Exchange is authoritative.
- The e-mail is a DSN.
The e-mail is routed to an X.400 connector if all the following conditions are true:
- The recipient address does not resolve to a recipient in Active Directory.
- The recipient address does not match an X.400 namespace for which Exchange is authoritative.
- The e-mail is routed to an X.400 connector.

Although you can configure recipients to receive e-mail that is addressed to an X.400 namespace, Exchange 2007 SP1 does not provide native transport support for X.400. To send or receive X.400 e-mail messages to or from remote X.400 domains, you must maintain one or more X.400 connectors on an Exchange 2003 server, or configure a foreign connector to the X.400 backbone.

Exchange 2007 does not have an X.400 MTA. Therefore, Exchange 2007 cannot convert messages to the X.400 format. An X.400 connector that is hosted on an Exchange 2003 server or a foreign connector must process the message so that conversion to an X.400 message occurs. To transport X.400 messages, Exchange 2007 SP1 routes the message over SMTP as a MIME-encapsulated TNEF message.

For more information about how to create an X.400 connector on Exchange 2003, see How to Create an X.400 Connector. For more information about how to create a foreign connector, see How to Create a New Foreign Connector.

For More Information

For more information, see the following topics: