How to Configure Internet Mail Flow Directly Through a Hub Transport Server

Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.

Applies to: Exchange Server 2007, Exchange Server 2007 SP1, Exchange Server 2007 SP2, Exchange Server 2007 SP3

This topic explains how to use the Exchange Management Console or the Exchange Management Shell to configure an Internet-facing Hub Transport server. To establish Internet mail flow directly through a Hub Transport server, you create a Send connector that routes e-mail to the Internet. Also, you modify the configuration of the default Receive connector to accept e-mail from the Internet. In this scenario, the Microsoft Exchange Server 2007 Hub Transport server can be reached directly through the Internet. We don't recommend this topology because it increases security risks by exposing to the Internet the Exchange 2007 server and all roles installed on that server. We recommend that you implement a perimeter network-based SMTP gateway, such as the Edge Transport server, instead.

To successfully configure an Exchange 2007 Hub Transport server to receive mail, you must complete the following tasks:

• Create a Receive connector

• Add the accepted domains

• Create a Send connector

• Install the Exchange 2007 anti-spam agents

Before You Begin

To perform the following procedures, the account you use must be delegated the following:

• Exchange Organization Administrator role

To perform the following procedure on a computer that has the Edge Transport server role installed, you must log on by using an account that is a member of the local Administrators group on that computer.

For more information about permissions, delegating roles, and the rights that are required to administer Exchange 2007, see Permission Considerations.

Before you start this procedure, verify that the following prerequisites are met:

• Register MX resource records for all accepted domains in a public domain name system (DNS) server.

  Note

  Consult the documentation of your DNS provider for information about how to register MX records for your domain. Detailed procedures about how to complete this step are outside the scope of this topic.

• Configure network gateways to route SMTP traffic to and from the Hub Transport server.

  Note

  Consult the documentation for your network routers and firewalls for information about how to route SMTP traffic to and from the Hub Transport server. Detailed procedures about how to complete this step are outside the scope of this topic.

How to Create the Receive Connector

The first step is to create a Receive connector so that the Hub Transport server can accept incoming requests. Receive connectors are configured on computers that are running Exchange 2007 and that have the Hub Transport and Edge Transport server roles installed. Receive connectors represent a logical gateway through which all inbound messages are received.

Procedure

To create the Receive connector

1. Click Start, click All Programs, click Microsoft Exchange Server 2007, and then click Exchange Management Console.

2. Navigate to Server Configuration, and then click Hub Transport. Select the server that you want.

3. Click the Receive Connectors tab.

4. The "Default" receive connector on the Hub Transport server is configured for other Exchange servers to authenticate, but, by default, it does not accept anonymous e-mail. To allow for anonymous e-mail, click the Anonymous users check box.

How to Add the Accepted Domains

By default, an Exchange 2007 server only accepts e-mail destined for the Windows domain in which the Exchange 2007 server is a member. For an Exchange 2007 server to accept e-mail that is destined to your external SMTP domain from the Internet, you may have to create a new accepted domain.

Procedure

To create an accepted domain on a computer that has the Hub Transport server role installed

1. Log on to the Hub Transport server, and then open the Exchange Management Console.

2. In the console tree, expand Organization Configuration, select Hub Transport, and then click the Accepted Domains tab.

3. In the action pane, click New Accepted Domain. The New Accepted Domain Wizard appears.

4. On the New Accepted Domain page, complete the following fields:

   • Name   Use this field to identify the accepted domain in the user interface. You can type any name that you want. We recommend that you select a meaningful name that helps you easily identify the purpose of this accepted domain. For example, you may want to use a name that identifies this as a subsidiary domain or as a hosted domain. You must use a unique name for each accepted domain.

   • Accepted Domain   Use this field to identify the SMTP namespace for which the Exchange organization will accept e-mail messages. You can use a wildcard character to accept messages for a domain and all its subdomains. For example, you can type *.contoso.com to set Contoso.com and all its subdomains as accepted domains.

     Note

     If you are using the release to manufacturing version of Exchange 2007, and you want to use a subdomain as part of an e-mail address policy, do not use wildcard characters. You must explicitly specify each subdomain that you want to use in an e-mail address policy as an accepted domain. This restriction does not apply if you are using Exchange 2007 Service Pack 1 or higher.

5. After you complete these fields on the New Accepted Domain page, select one of the following options to set the accepted domain type:

   • Authoritative Domain   E-mail is delivered to a recipient in this Exchange organization.

   • Internal Relay Domain   E-mail is relayed to an e-mail server in another Active Directory forest in the organization.

   • External Relay Domain   E-mail is relayed to an e-mail server outside the organization by the Edge Transport server.

6. Click New.

7. On the Completion page, click Finish.

How to Create the Send Connector

A Send connector controls outbound connections from the sending server to the receiving server or destination e-mail system. By default, no explicit Send connectors are created when the Hub Transport server role is installed.

Procedure

To create a Send connector on a Hub Transport server role

1. On the Hub Transport server, open the Exchange Management Console.

2. In the console tree, expand Organization Configuration, select Hub Transport, and then click the Send Connectors tab.

3. In the action pane, click New Send Connector. The New SMTP Send Connector Wizard starts.

4. On the Introduction page, follow these steps:

   1. In the Name field, type a meaningful name for this connector. This name is used to identify the connector.

   2. In the Select the intended use for this connector field, select the Internet connector. The Internet Send connectors are used to send e-mail to the Internet. This connector will be configured to use Domain Name System (DNS) MX records to route e-mail.

   3. On the Hub Transport server, click Add or the arrow that is located next to Add, and then select SMTP Address Space. Enter the following information in the SMTP Address Space dialog box:

      Address   Enter the SMTP address. You can include the wildcard character (*) in the address space as defined in RFC 1035. When you enter an address space that contains the wildcard character, Include all subdomains is automatically selected.

      Cost   Use the address space cost to set the selection priority when more than one Send connector is configured for the same address space. During routing resolution, when the connector selection is made, the least-cost routing path to the destination address space is selected. The default cost is set to 1. The valid input range is 1 to 100.

   4. On the Hub Transport server, click the arrow that is located next to Add, and then select Custom Address Space. Enter the following information in the Custom Address Space dialog box:

      Type   This field describes the address space that you enter in the Address field. If you enter SMTP in the Type field, Exchange 2007 monitors the syntax of the address space that you enter in the Address field. If you enter any other text string in the Type field, the Address field becomes free-form text.

      Address   If you specified SMTP in the Type field, the address space that you enter must be RFC 1035-compliant. For example, enter *.

      Cost   Use the address space cost to set the selection priority when more than one Send connector is configured for the same address space. During routing resolution, when the connector selection is made, the least-cost routing path to the destination address space is selected. The valid input range is 1 to 100. To let all of the Hub Transport servers in the Exchange organization use this Send connector, do not select Scoped Send connector. To limit the scope of this Send connector so that it can be used only by other Hub Transport servers that exist in the same Active Directory site, select Scoped Send connector.

   5. When you are finished, click Next.

5. On the Network settings page, select how you want to send e-mail with the Send connector. The following options are available:

   Use domain name system (DNS) "MX" records to route mail automatically   When you select this option, the Send connector uses the DNS client service on the sending server to query a DNS server and resolve the destination address.

   Route all mail through the following smart hosts   This option is available only if you selected a usage type of Custom, Internal, or Internet. When you select this option, follow these steps:

   1. Click Add. In the Add Smart Host dialog box, select IP Address or Fully qualified domain name (FQDN) to specify how to locate the smart host. If you select IP Address, enter the IP address of the smart host. If you select Fully qualified domain name (FQDN), enter the FQDN of the smart host. The sending server must be able to resolve the FQDN. When you are finished, click OK.

   2. On the Smart host security settings page, select the method that is used to authenticate to the smart host. The available smart host authentication methods are None, Basic Authentication, Basic Authentication over TLS, Exchange Server Authentication, and Externally Secured. Click Next.

      Note

      For more information about how to configure external DNS lookup settings, see Configuring Transport Server Properties.

6. The Source Server page only appears on Hub Transport servers. By default, the Hub Transport server that you are currently working on is listed as a source server. To add a source server, click Add. In the Select Hub Transport servers and Edge Subscriptions dialog box, select the Hub Transport server or the subscribed Edge Transport server that will be used as the source server for sending messages to the address space that you provided earlier. The list of source servers can contain all Hub Transport servers or all subscribed Edge Transport servers, but not a mix of both. When you are finished adding additional source servers, click OK.

7. On the New connector page, review the configuration summary for the connector. Click Back if you want to change the settings. Click New to create the Send connector on the Hub transport server by using the settings in the configuration summary.

8. On the Completion page, click Finish.

How to Install the Exchange 2007 Anti-Spam Agents on Hub Transport Servers

By default, this feature is not installed on a Hub Transport server. This is because Hub Transport servers have to perform anti-spam functions only when there is no Edge Transport server available to perform this function.

Procedure

To install the Exchange 2007 anti-spam agents

1. Click Start, click All Programs, click Microsoft Exchange Server 2007, and then click Exchange Management Shell.

2. At the command prompt, type the following, and then press ENTER:

Install-AntispamAgents.ps1

3. Restart the Microsoft Exchange Transport service.

4. Click Start, click All Programs, click Microsoft Exchange Server 2007, and then click Exchange Management Console.

5. Navigate to Microsoft Exchange -> Organization Configuration -> Hub Transport. A new Anti-Spam tab appears.

To use the Exchange Management Shell to establish Internet mail flow directly on a Hub Transport server

1. To create a Send connector that is used by the Hub Transport server named "HubA" to send e-mail to the Internet run the following command:

   New-SendConnector -Name "Internet" -Usage Internet -AddressSpaces "*" -SourceTransportServers "HubA" -DNSRoutingEnabled:$true -UseExternalDNSServersEnabled:$true
   

2. To modify the default Receive connector on the Hub Transport server named "HubA" to allow anonymous connections, run the following command:

   Set-ReceiveConnector -Name "Default Server Name" -Server HubA -PermissionGroups AnonymousUsers,ExchangeUsers,ExchangeServers,ExchangeLegacyServers
   

Notes:

• To revert to the Exchange 2007 default settings, you must run the uninstall-AntispamAgents.ps1 script, and then restart the Microsoft Exchange Transport service.

• Because the server is connected to the Internet, you may want to change the advertised FQDN that is sent in HELO/EHLO commands in SMTP.

• Because you will not be using an Edge Transport server, you do not need the Microsoft Exchange EdgeSync service. You can set this service to disabled to prevent it from starting and using system resources.

• Make sure that your MX record is correct and that your firewall allows incoming connections to port 25.

For More Information

For more information, see the following topics:

• Send Connectors

• Receive Connectors

• New-SendConnector

• New-ReceiveConnector