• 1. London, UK
  • 2. New York, NY
  • 3. Sydney, Australia
  • 4. Melbourne, Australia
  • 5. Moscow, Russia
  • 6. Singapore
  • 7. Paris, France
  • 8. Chicago, IL
  • 9. Hong Kong
  • 10. Houston, TX

Monday, July 24, 2006


Exchange Server 2007: Internet email without Edge servers

Posted by Bharat Suneja at 1:35 PM
The Edge Transport server role is not a required role. It's good to have if you don't want to expose your domain-joined Exchange servers to the internet, and the high amount of spam that mail gateways receive and filter. Nevertheless, many small environments— typically those with a single Exchange server, do not have that luxury.

In such environments, you can use a Hub Transport server to send/receive internet mail.

Default Receive Connectors
The default installation of a Hub Transport server creates two Receive Connectors:
1) Default Receive Connector: listens on SMTP port 25
2) Client receive connector: intended for remote clients to submit mail - this listens on port 587.

The Default Receive Connector only accepts mails from authenticated senders/hosts. It is configured to accept mail from Mailbox Servers, other Hub Transport servers, and Edge Transport servers.

To allow it accept inbound internet mail in an environment without an Edge Transport server, you need to configure it to accept mail from anonymous senders. Here's how you can do this from the Exchange shell:

set-ReceiveConnector -identity "Name of Default Connector" -PermissionGroups AnonymousUsers

Test the configuration by telnetting to the SMTP port of the server and sending a message.

Additional Steps:
- Make sure one or more Accepted Domains exist for domain(s) you've registered with a domain registrar
- Create an Email Address Policy (or modify an existing one) to generate email addresses for your recipients using the domain(s)
- Firewall: Most commercial firewalls require 2 configuration changes. 1) A rule that maps the internal IP address of the server to an external IP address reachable from the Internet. 2) An "access" rule that allows inbound SMTP traffic (tcp port 25) to the server
- DNS: 1) Ensure the DNS zone(s) for these domains can be reached from the internet. Many domain registrars now provide free DNS hosting with a domain registration, and allow you to make changes using a web browser. 2)Create an A record: Create an A record that resolves to the external/NATted IP address 3) Create an MX record that points to the A record.

- By default, Hub Transport servers do not have anti-spam agents installed. Read related post "HOW TO: Install anti-spam agents on Hub Transport server".

Labels: ,


August 15, 2006 9:27 AM
Blogger Josh Maher said...

Yes, the hub behind an edge vs. hub behind something else is an interesting topic....

There is a poll over at Vizu


what do you think?

September 25, 2006 9:38 AM
Blogger Devin L. Ganger said...

Should we be modifying the default connector, or setting up a second connector configured for our needs? I've been leaning toward the latter option myself, but I'd like to hear the reasoning for it.

December 30, 2006 5:28 PM
Blogger thetootall said...

This was in the first few Google results that I found, and it did the trick, but in order to make it take effect, you will need to restart the "Microsoft Exchange Transport" service. Once I did that, I was receiving email with no problem. Thanks for the cmdlet; I'm sure this will be very helpful in the future!

October 6, 2007 10:39 AM
Blogger Bharat Suneja said...


Just saw your comment/question from over a year ago!

You know enough about this already - I lean towards creating a new Receive Connector myself, just like creating a new SMTP Virtual Server with only anonymous authentication in Exchange 2003/2000.

June 8, 2009 5:13 AM
Anonymous Anonymous said...

i execute this steps, but i have a problem.
i can't receive e_mail from internet but i can sent e-mail to internet, by the other hand i can receive and send e_mail between internal users.
i have a domanin provider, where i have to do the DNS changes (my DNS's are internals), i supose i have to change the web browser, in DNS provider.
someone can help me with this problem?


Post a Comment

Links to this post:

Create a Link

<< Home