Exchange Server 2007: Internet email without Edge servers

by Bharat Suneja

The Edge Transport server role is not a required role. It’s good to have if you don’t want to expose your domain-joined Exchange servers to the internet, and the high amount of spam that mail gateways receive and filter. Nevertheless, many small environments— typically those with a single Exchange server, do not have that luxury.

In such environments, you can use a Hub Transport server to send/receive internet mail.

Default Receive Connectors
The default installation of a Hub Transport server creates two Receive Connectors:
1) Default Receive Connector: listens on SMTP port 25
2) Client receive connector: intended for remote clients to submit mail – this listens on port 587.

The Default Receive Connector only accepts mails from authenticated senders/hosts. It is configured to accept mail from Mailbox Servers, other Hub Transport servers, and Edge Transport servers.

To allow it accept inbound internet mail in an environment without an Edge Transport server, you need to configure it to accept mail from anonymous senders. Here’s how you can do this from the Exchange shell:

set-ReceiveConnector -identity “Name of Default Connector” -PermissionGroups AnonymousUsers

Test the configuration by telnetting to the SMTP port of the server and sending a message.

Additional Steps:
– Make sure one or more Accepted Domains exist for domain(s) you’ve registered with a domain registrar
– Create an Email Address Policy (or modify an existing one) to generate email addresses for your recipients using the domain(s)
Firewall: Most commercial firewalls require 2 configuration changes. 1) A rule that maps the internal IP address of the server to an external IP address reachable from the Internet. 2) An “access” rule that allows inbound SMTP traffic (tcp port 25) to the server
DNS: 1) Ensure the DNS zone(s) for these domains can be reached from the internet. Many domain registrars now provide free DNS hosting with a domain registration, and allow you to make changes using a web browser. 2)Create an A record: Create an A record that resolves to the external/NATted IP address 3) Create an MX record that points to the A record.

Antispam
– By default, Hub Transport servers do not have anti-spam agents installed. Read related post “HOW TO: Install anti-spam agents on Hub Transport server“.

{ 5 comments… read them below or add one }

Josh Maher August 15, 2006 at 9:27 am

Yes, the hub behind an edge vs. hub behind something else is an interesting topic….

There is a poll over at Vizu

http://www.vizu.com/poll-vote.html?n=8563

what do you think?

Reply

Devin L. Ganger September 25, 2006 at 9:38 am

Should we be modifying the default connector, or setting up a second connector configured for our needs? I’ve been leaning toward the latter option myself, but I’d like to hear the reasoning for it.

Reply

The Tall One December 30, 2006 at 5:28 pm

This was in the first few Google results that I found, and it did the trick, but in order to make it take effect, you will need to restart the “Microsoft Exchange Transport” service. Once I did that, I was receiving email with no problem. Thanks for the cmdlet; I’m sure this will be very helpful in the future!

Reply

Bharat Suneja October 6, 2007 at 10:39 am

Devin,

Just saw your comment/question from over a year ago!

You know enough about this already – I lean towards creating a new Receive Connector myself, just like creating a new SMTP Virtual Server with only anonymous authentication in Exchange 2003/2000.

Reply

Anonymous June 8, 2009 at 5:13 am

hello!
i execute this steps, but i have a problem.
i can't receive e_mail from internet but i can sent e-mail to internet, by the other hand i can receive and send e_mail between internal users.
i have a domanin provider, where i have to do the DNS changes (my DNS's are internals), i supose i have to change the web browser, in DNS provider.
someone can help me with this problem?
Thanks.

Reply

Cancel reply

Leave a Comment

Previous post:

Next post: