Direct SMTP to Edge Transport

Similar Messages

• Mail flow to Edge Transport from a different AD site

  Trying to define a solution for *outbound* load balancing from Exchange 2013 organisation between Edge Transport servers.
  Setup:
  1 Edge Transport server in SiteA
  1 Edge Transport server ins SiteB
  Both subscribed to the AD site in SiteA and are therefore on the same send connector (to allow automatic load balancing and failover)
  Situation:
  Lets say all MBX/CA servers in SiteA go offline.  Can an MBX/CA server in SiteB send email directly to the Edge Transport that is subscribed to the AD site in SiteA, or does there need to be an MBX/CA server available in SiteA to hop through?
  I'm hoping for an answer to be backed up clearly by a TechNet article or authoritative source as I can't really work with guesses.
  Thanks.
  Let’s say I have an Edge Transport subscribed to ADSiteA.  All MBX/HT servers in ADSiteA go down.  Can a MB/HT server in ADSiteB send an email directly to an Edge Transport subscribed to ADSiteA, or does it need to hop through an MBX/HT in the
  subscribed site?
  David

  Hi David
  One or more Edge Transport servers can be subscribed to a single Active Directory site. However, an Edge Transport server can't be subscribed to more than one Active Directory site. If you have more than one Edge Transport server deployed, each server can
  be subscribed to a different Active Directory site. Each Edge Transport server requires an individual Edge Subscription.
  A subscribed Edge Transport server is associated with a particular Active Directory site. If more than one Hub Transport server exists in the site, any of them can replicate data to the subscribed Edge Transport servers.
  I dont think there is a solution to subscribe  edge servers for more than 1 site 
  Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you Check out my latest blog posts on http://exchangequery.com

• Edge Transport Attachment stripping based upon an emails Subject line.

  I am running Exchange 2010 on-prem with a 2013 Hybrid (including a 2013 Edge Transport server for message handling between on-prem and the o365 tenant) connecting to an o365 tenant. I use EMC's SourceOne for archiving running on-prem. The o365
  tenant points to a mailbox on my on-prem Journaling server.
  What I am seeing is that when o365 forwards emails as attachments from the cloud back to the on-prem Journaling server it is examining the subject line of the message and making a decision to strip the attachment based upon the very end of the subject line.
  Example: A simple text message with a subject line of: "Check out the new web site at www.xyz.com"
  The Edge transport server is seeing this as being a ".com" attachment and stripping it off before it gets to the Journaling server. So it does not appear to be looking inside the message to see what it actually is and figure out that it is not
  a ".com" file but a simple text message.
  I have seen this with other file extension types as well. Such as ".exe" . It is also stripping off ".zip" attachments as well, but I understand that and not sure how to deal with it.
  Has anyone else experienced this and how have you dealt with it? Microsoft wants me to take the Edge out of play and go directly to from the cloud to an on-prem Exchange server. But that is not an option as the on-prem servers are not exposed to the internet.
  Thanks, Bob
   

  Hi BobSwe,
  Thank you for your response.
  If you have resolved this question, please mark useful replies as answer.
  Thanks,
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Allen Wang
  TechNet Community Support

• Positioning and role of Edge Transport Server

  Good afternoon, all!
  I'm working on a new Exchange design and implementation project.  I had some research that seemed to indicate that I could have my Edge Transport server in the DMZ to receive Internet mail and to act as a web proxy for the Client Access server residing
  in the internal network.  However, in my testing I haven't found where that is possible.
  Will the Edge Transport server provide that capability or will I need to open a path to the Client Access/Mailbox server?  Is there a tradeoff in separating the Client Access server into a separate machine in the DMZ for remote access, that is, if the
  Edge Transport server won't supply web proxy services, will I need to make a separate machine for Client Access?
  Thanks!
  Gregg

  Hi Gregg,
  Based on my knowledge, Edge Server role handles Internet-facing mail flow and act as an SMTP relay and smart host for Exchange servers in your internal network. We can use Edge server if don't want to expose internal CAS and MBX. We can also
  configure Anti-Spam on Edge server to block specific emails.
  Unlike other Exchange server roles, the Edge server doesn’t need to be a member of an AD domain, so locating it within a DMZ does not create any difficult firewall configurations.
  Confirm that any firewall between your Exchange servers and Edge servers allow port 53 for DNS resolution and port 25 for SMTP traffic.
  Thanks
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Mavis Huang
  TechNet Community Support

• New Edge Transport install - required certificate?

  I'm getting an error with my ET install:
  Exchange Server component Edge Transport Role failed.
  Error: Error:
  The following error was generated when "$error.Clear();
  Install-ExchangeCertificate -DomainController $RoleDomainController -Services SMTP
  " was run: "Access is denied.
  Access is denied.
  I was going to try to install a certificate manually, but I actually am not sure what the requirements of the cert are. This is in a test environment, so nothing live is affected. I was going to just try to self-sign a cert for the server and install it.

  Can you post the error portion from ExchangeSetup.log to get more idea where it is giving access is denied error?
  Blog |
  Get Your Exchange Powershell Tip of the Day from here

• Edge Transport Server Fails DNS Query When Emailing to one Specific Domain

  This issue occurs for the same domain across three different edge transport servers.
  All servers are Windows 2008 STD SP2, Exchange 2007 SP1 U9.  Emails are delivered using DNS connector from edge.  Emails to this one specific domain would sit in the retry queue with DNS query error until NDR was generated.  Connectivity Logging generated the following:
  2009-09-01T19:52:23.539Z,08CBEDE9198E2DC3,SMTP,subdomain.domain.com,>,DNS server returned ErrorRetry reported by 208.241.124.200
  2009-09-01T19:52:23.539Z,08CBEDE9198E2DC3,SMTP,subdomain.domain.com,-,The DNS query for 'DnsConnectorDelivery':'subdomain.domain.com':'cd771f71-77a3-4aca-b002-86f477816910' failed with error: ErrorRetry
  I changed the servers DNS settings to different servers with the same response.  Validated that manual MX lookups worked, and that I could telnet to any of the three MX records and deliver mail via telnet.
  I did a packet capture and received the following:
  12    32.280037    172.28.16.55    208.241.124.200    DNS    Standard query AAAA SMTPSERVER.subdomain.domain.com
  So what is happening is the Edge servers are only performing IP6 lookups, and throughout the log, only for subdomain.domain.com do they NOT perform a regular IP4 A record lookup.  I then went about disabling TCP/IP6 as per this article:
  http://technet.microsoft.com/en-us/network/cc987595.aspx
  this stated to do the following:
  Alternately, from the Windows XP or Windows Server 2003 desktop, click Start , point to Programs , point to Accessories , and then click Command Prompt . At the command prompt, type netsh interface ipv6 uninstall .
  To remove the IPv6 protocol for Windows XP with no service packs installed, do the following:
  Log on to the computer with a user account that has local administrator privileges.
  From the Windows XP desktop, click Start , point to Programs , point to Accessories , and then click Command Prompt .
  At the command prompt, type ipv6 uninstall .
  Unlike Windows XP and Windows Server 2003, IPv6 in Windows Vista and Windows Server 2008 cannot be uninstalled. However, you can disable IPv6 in Windows Vista and Windows Server 2008 by doing one of the following:
  In the Network Connections folder, obtain properties on all of your connections and adapters and clear the check box next to the Internet Protocol version 6 (TCP/IPv6) component in the list under This connection uses the following items .
  This method disables IPv6 on your LAN interfaces and connections, but does not disable IPv6 on tunnel interfaces or the IPv6 loopback interface.
  Add the following registry value (DWORD type) set to 0xFF:
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents
  This method disables IPv6 on all your LAN interfaces, connections, and tunnel interfaces but does not disable the IPv6 loopback interface. You must restart the computer for this registry value to take effect.
  I did the above, and still, the Edge Transport servers would only perform AAAA lookups, and messages would sit in the queue.
  As temporary workaround, created new send connector with the three available MX hosts as possible smarthosts for subdomain.domain.com, and this allowed email flow.
  I've tried disabling the TCPIP6, and still doesnt work.  Any suggestions?

  Hi Allen and Paul,
  we experience problems in receiving mails from senders with this Exchage server problem. When we are aware of the problem, we send them the above mentioned link and ask them to make adjustments. Then afterwards usually mail arrives without any problems.
  The problem for us is that it seems as if the problem grows. More and more mail does not arrive on our mailadresses (mine for example is [email protected]) And not all of the senders recieve notifications that mail cannot be delivered. As you can imagine
  this situation is unacceptable and damaging our customer relations.
  Is there anything WE can do? (apart from sending them the information to make adjustements in their Exchange servers...)
  I hope you can help us...
  Thanks in advance
  Leonard
  Hi Leonard,
  as stated below we where experiencing the same problem with one of our customers. Seeing that it's a DNS related problem we suggested to the customer to change or add an additional DNS service through i.e. dyndns.com. After adding the current DNS records
  to the new DNS service mail started coming in from every customer that had problems.
  So for your clients i would suggest a similar solution, it helped over here at least.
  Kind regards,
  Philipp

• TMG 2010 Without Edge Transport

  Is it possible to configure TMG 2010 to open port 25 and route Exchange 2010 mail without an Edge Transport server?

  Could it be that you are using the wizard found under the node "E-Mail Policy" in the mmc?
  If so, don't use that, use "Publish Mail Servers" under "Firewall Policy" and when asked if you want to continue the wizard (step after selecting SMTP as the protocol to be published, answer yes.
  After completing the wizard you should have a regular server publishing rule for SMTP.
  You could also use the wizard "Publish Non-Web Servers" and select SMTP Server as protocol. This will fill your request "open port 25 on TMG".
  Either way you do it, Edge Transport is not required.
  Hth, Anders Janson Enfo Zipper

• Exchange Server 2013 Edge Transport Role

  Dear,
           I have a question regarding Exchange Server 2013 SP1 that, I have installed Edge Transport Server Role on separate box without Domain Joined. Obviously I installed Exchange CAS and Mailbox on Same box with
  Domain Joined in Corporate LAN.. But my edge is placed on DMZ and it is ready with all configuration, Mailbox Server Synchronization is also installed with Edge. Means all required configuration are properly configured and it is verified. But I want clients
  to OWA Access from Edge only. Because I want to restrict my internal network from the internet. So kindly provide me any possible ways to access OWA from Edge only ??. I have see some another methods like "Web Application Proxy instead of TMG because
  TMG is expired"..
  Kindly provide me possible ways or URL so I will configure it..
  Thanks.
   Fuzail (FM)

  Hi,
  Is there any further question on this thread?
  Thanks,
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Simon Wu
  TechNet Community Support

• When I use maps, and search directions using the public transport, it only gives me one option.. Why cant I decide to use the train or the bus? because on this occasion its not showing me to use the tube despite this being the obvious and quickest way?

  I am trying to get directions around london using the 'maps' on the homepage, however when I ask for the directions to use public transport it isn't using the london underground? why..?

  hello, this sounds like an issue with adware present on your pc. please perform all these steps:
  # [[Reset Firefox – easily fix most problems|reset firefox]] (this will keep your bookmarks and passwords)
  # afterwards go to the firefox menu ≡ > addons > extensions and in case there are still extensions listed there, disable them.
  # finally run a full scan of your system with different security tools like the [http://www.malwarebytes.org/products/malwarebytes_free free version of malwarebytes] and [http://www.bleepingcomputer.com/download/adwcleaner/ adwcleaner] to make sure that adware isn't present in other places of your system as well.
  [[Troubleshoot Firefox issues caused by malware]]

• Co-Locate Client Access and Edge Transport Role on Same Server?

  Co-Locate Client Access and Edge Transport Role on Same Server?
  Is it possible/supported to install the Edge Transport Server Role on the same machine that the Client Access role is installed on now that 2013 SP1 has added support back in for the Edge Transport Role?
  jon

  No.
  Unless something has radically changed from before...
  EDIT
  No, nothing has changed:
  "If you want to install the Exchange 2013 Mailbox or Client Access roles on a computer, see
  Install Exchange 2013 Using the Setup Wizard. The Edge Transport role can't be installed on the same computer as the Mailbox or Client Access server roles."
  http://technet.microsoft.com/en-us/library/dn635117(v=exchg.150).aspx
  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

• Edge Transport Server - Exchange 2013 coexistence Exchange 2007

  Hi Exchange-Gurus,
  We have one Exchange Org.
  sub AD Domain1: A.domain.com (with Exchange 2007 SP3 R10)
  sub AD Domain2: B.domain.com (with Exchange 2013 CU6); DMZ contains Exchange Transport Server - Exchange 2013
  Is it possible to install within the DMZ of AD Domain1   a Edge Transport Server - Exchange 2013?
  Thanks.
  Guitarman

  Hi Guitar,
  Thank you for your question.
  Is it possible to install within the DMZ of AD Domain1 
  an Edge Transport Server - Exchange 2013?
  A: Yes, we could create an Exchange 2013 Edge server on the DMZ of AD domain1.
  Notice: Before we create an EdgeSync Subscription between an Exchange 2007 Hub Transport server and an Exchange 2013 SP1 Edge Transport server, we need to install Exchange 2007 SP3
  Update Rollup 13 or later on the Exchange 2007 Hub Transport server.
  We could refer to the following link:
  https://technet.microsoft.com/en-us/library/aa996719(v=exchg.150).aspx
  If there are any questions regarding this issue, please be free to let me know.
  Best Regard,
  Jim

• RBL not working on Exchange 2013 Edge Transport

  Single multi-role server with a couple of mailboxes, recently added an Edge Transport server. After configuring the Edge Subscribtion I added sen.spamhaus.org as a RBL Provider:
  Add-IPBlockListProvider -Name Spamhaus -LookupDomain zen.spamhaus.org
  This is not working. A lot of spam is still entering Exchange and the http://www.crynwr.com/spam/ test failed.
  Both servers run Exchange 2013 CU5.
  Did my post help? Please use "Vote As Helpful", "Mark as answer" or "Propose as answer". Thank you!

  Hi,
  Yes, the command is specific for provider SpamHaus.
  http://tweaks.com/windows/40003/cut-down-on-spam-with-ip-block-list-providers-rbl/
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety,
  or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
  Have you added the additional parameters in the command and did it work?
  Thanks,
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Simon Wu
  TechNet Community Support

• Managing Exchange Edge Transport Role from my workstation

  Hi Guys
  I want to manage my Edge Transport Role (2010 sp3) that resides in DMZ  from my workstation that resides on internal network. 
  What ports EMC 2010 is using? so I can open them on firewall.
  How can I add edge transport server in my EMC when ports are opened?
  Thanks in Advance
  Farhad

  Hi Farhad,
  I find a topic that provides information about ports, authentication, and encryption for all data paths. Details for your reference:
  http://technet.microsoft.com/en-us/library/bb331973(v=exchg.141).aspx
  Information :
  1. On servers that have Internet Information Services (IIS) installed, Windows opens the HTTP port (port 80, TCP) and HTTPS port (port 443, TCP). Exchange 2010 Setup doesn't open these ports. Therefore, these ports don't appear in the preceding table.
  2. Make sure the Port 25 open by communication between Hub and Edge, Edge and Edge.
  Thanks

• How to install and configure ms exchange server 2007 both role hub and edge transport role in one network

  How to install and configure ms exchange server 2007 both role hub and edge transport role in one network 

  Hi,
  Edge role is design for perimeter networks, to keep security risks minimum.  So it’s not recommended to have edge role in internal network. Must have separate network or subnet for edge services.
  If you are playing around it in labs, then you can put edge role within same subnet as other exchange roles and no specific requirements in that case.
  Thanks.
  MachPanel - Premium Cloud Automation Solution

• Deploy Exchange 2013 Edge Transport Server for multi-site environment

  Hi,
  I have a multi-site Exchange 2013 environment. The configurations are as below.
  Active Directory Sites and Exchange Servers.
  SiteA - EXMB1 & EXCAS1
  SiteB - EXMB2 & EXCAS2
  SiteC - EXMB3 & EXCAS3
  All sites are connected via VPN. (Good speed. No latency issues)
  All the three Mailbox Servers are in DAG. Only one mailbox database. All servers running Exchange 2013.
  I am planning to deploy Edge Servers in the infrastructure (I am doing it for the first time). Normally, it will be in DMZ.
  Now, I can deploy 2 Edge Servers for reliability.
  Question.
  1. Can I deploy 2 Edge Servers and create subscription to all the mailbox server in 3 different site? Or, is it like one edge server can make subscription to only mailbox servers in one Active Directory Site? I am not sure about this and could not find much
  information from TechNet.
  One Edge Server can make subscription to all 3 mailbox server in 3 sites. Similarly, I can make the subscriptions in the second edge server as well. Configure 2 external MX records with the same priority so that there will be some load balancing.
  Also, in such a case if the mailbox database become active from a different site, I need not make any new changes to the Edge Servers right?
  2. If the first way is not correct, I will have to deploy 1 Edge Server each for each of the Active Directory Site. (In DMZ only, not in domain)
  Make Edge Subscription to the mailbox server in corresponding site.
  Make 1 MX record and point it to the Edge Server which is subscribed to the Mailbox Server from which the Database is Active. The problem is, every time will have to change the DNS record when ever the database copy is activated from a different mailbox
  server. And the issues with propagation.. delay..
  I am not sure which of the above 2 ways will work. Appreciate suggestions from anyone who have previous experience with similar infrastructure.
  Thanks in advance. :)

  Hi 
  One or more Edge Transport servers can be subscribed to a single Active Directory site. However, an Edge Transport server can't be subscribed to more than one Active Directory site. If you have more than one Edge Transport server deployed, each server can be
  subscribed to a different Active Directory site. Each Edge Transport server requires an individual Edge Subscription.
  A subscribed Edge Transport server is associated with a particular Active Directory site. If more than one Mailbox server exists in the site, any of them can replicate data to the subscribed Edge Transport servers.
  I don't think there is a solution to subscribe  edge servers for more than 1 site. Edge Servers can be scoped only to one site.
  Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you Check out my latest blog posts on http://exchangequery.com Thanks Sathish
  (MVP)