Routing outbound mail using a particular IP address

by Bharat Suneja

A question that frequently and inevitably pops up when discussing Exchange transport is that of being able to route outbound mail using a particular IP address. The Exchange Server 2003/2000 transport architecture was confusing for many newcomers— the difference between an SMTP Virtual Server and an SMTP Connector being the main cause of this confusion. This is further exacerbated by the fact that SMTP Connectors use SMTP Virtual Servers as bridgeheads.

Screenshot: SMTP Virtual Server properties - General tab
Figure 1: In Exchange Server 2003/2000, the IP address binding in SMTP Virtual Server properties is only for inbound connections

I’ve often quoted Scott Landry’s post on the team blog— SMTP Virtual Server Myths Exposed. Myth #4 in Scott’s post:

Myth 4: Virtual Server IP Address Will Be Used For Outgoing Connections

The last source of misunderstanding is the socket which will be used to open an SMTP connection. This may seem confusing and somewhat contradictory of my first point, but SMTP simply tells the Windows network stack to provide SMTP with a socket. It does not provide a source IP address to use, and as such, you will notice that the source IP address assigned by Windows will be based on the Windows routing table, not taking into consideration the IP of the SMTP VSI that is delivering the message. A common observation of this is that on a cluster server we are using the physical machine IP as our source IP, not any of the virtual IP addresses.

Exchange Server 2007, with its shiny new transport stack (freshly divorced from IIS‘ SMTP service), makes this quite clear. Receive Connectors, somewhat comparable to the SMTP Virtual Server in previous versions, are for receiving inbound mail. Send Connectors are for sending outbound mail.

When creating or modifying a Send Connector using the shell, you can specify the SourceIPAddress parameter to configure it to use a particular IP address for outbound mail. The IP address can be any IP address bound to a NIC on the Edge Transport server that is configured as a source server on the Send Connector. To modify an existing Send Connector, using the following command:

Set-SendConnector “ToInternet” -SourceIPAddress 1.2.3.4

However, as noted in the documentation, this only works on Edge Transport servers. Hub Transport servers ignore the SourceIPAddress parameter.

{ 4 comments… read them below or add one }

Lucretus March 12, 2008 at 11:54 pm

I hope I am asking this question under the right section. I have one exchange 2003 server with 4 storage groups. I am moving mailboxes and deleting storage groups and stores to relocate them databases on the san and to adopt a new naming convention. On one of the Storage groups that I want to delete there is a mailbox store named Archive with no mailboxes. If I dismount this storage I can not move mailboxes, the error says ” The attempt to log on to the MS Exchange Server computer has failed. The MAPI provider failed. MS Exchnage Server Information Store ID no: 8004011d-0512-00000000.

Never seen this and not sure where to look.

Sorry in advance if I am not posting in the right place. I am new to this blog, found it researching the problem.

TC

Reply

Anonymous January 7, 2010 at 12:28 pm

Darn MS for making hub servers ignore that value.

Reply

Bharat Suneja January 7, 2010 at 12:49 pm

@Anonymous from Jan 7, 2010: Given there can be multiple Hub Transport servers in an AD Site, it's difficult to determine/restrict to a particular IP.

Reply

Anonymous March 11, 2010 at 4:04 am

Believe it or not, people try to follow the proven practice of
binding services to specific virtual (or "alias") IP addresses,
but MS makes this impossible much too often.

The Hub transport role ignores the SourceIPAddress and in a
different case I have not found a way to make the DNS service
use only a specific address.

MS obviously knows better than myself what's good for me…

A different Anonymous

Reply

Leave a Comment

Previous post:

Next post: