In Part I of this series I explained how SMTP messages are processed with an Exchange Server, in particular how a Hub Transport Server processes messages from a Mailbox Server.
Figure 1: The SMTP “Transport Pipeline” in Exchange Server 2010
I already explained how a Hub Transport Server picks up a message from the Mailbox Server to process it. There can be multiple Hub Transport Servers in an Active Directory site.
The Mail Submissions Service on the Exchange 2010 Mailbox Server notifies the Hub Transport Server that a message is in the Outbox. The Store Driver on the Hub Transport Server retrieves the message from the Mailbox Server. RPC is used for communication between the Hub and the Mailbox Server.
After retrieval, the message is stored in the Submission Queue waiting for further processing. The Categorizer picks up the message again and determines where to send it:
- Back to the Mailbox Server;
- To another Mailbox Server in the same Active Directory site. Again, RPC is used for communication between the Hub Server and the other Mailbox Server;
- To another Hub Transport Server in another Active Directory site. Communication between Hub Transport Servers is via SMTP;
- To the outside world. For sending messages to the outside world (i.e. the Internet) SMTP is used as well.
You can have multiple Hub Transport Servers in one Active Directory site for redundancy and scalability purposes. When you have multiple Hub Transport Servers in your Active Directory site, the Mailbox Servers keeps an internal list of all these Hub Transport Servers. The Mail Submission Service then Round Robins through this list as to notify a Hub Transport Server and to pick up the message from the Outbox. This way the Mailbox Server load balances between all available Hub Transport Servers in the Active Directory Site.
But, before we can send and receive SMTP message we first have to configure the Hub Transport Server with a Send Connector (to send mail) and configure the Receive Connector (to receive mail).
Right out of the box, Exchange 2010 doesn’t have a way to send message to the Outside world. Before you can send message you have to create a Send Connector:
- Logon as an administrator on an Exchange 2010 Server and open the Exchange Management Console. Navigate to the Organization Configuration and select Hub Transport. In the results pane, select the Send Connector tab;
- The New Send Connector wizard appears. Enter a name for the Send Connector and select its usage (“Internet”) and follow the wizard. Enter * for the address space. This way the Send Connector will be used for all SMTP domains, except for the internal SMTP domains of course.
- Next is to select whether you want to use a smart host (an SMTP server with your provider for example) of whether you want to use DNS. In the latter case the Hub Transport Server will be responsible to retrieve all MX records and send the outbound messages accordingly. My personal preference is to use DNS, but you might have valid reasons to use a smart host of course;
- In the next Windows you have to select the Source Server. If you have multiple Hub Transport Servers in your Active Directory site you can enter them here. These servers all participate in the Send Connector. SMTP messages will automatically be load balanced across all source servers in the Send Connector;
- Finish the wizard and the Send Connector will be created.
The Hub Transport Server is now able to route messages to the Internet.
By default, a Hub Transport Server will not accept anonymous connections. And connections coming form the Internet are anonymous. Microsoft’s opinion is that you need to use the Edge Transport Server (in your DMZ). The Edge Transport Server does accept anonymous connections from the Internet, and communications between Edge Transport Server and Hub Transport Server is secure. I’ll get back to using an Edge Transport Server in one of the next articles in this series.
But if you want to enable anonymous connections you have to enable this on the Default Receive Connector. Open the Exchange Management Console, Navigate to the Server Configuration and select Hub Transport. In the results pane, select your Hub Transport Server and in the low pane, select the Default Receive Connector and request its properties. Click on the Permission Groups tab to see who is allowed to connect to this Receive Connector. The Anonymous Users is not selected by default as shown in this screenshot:
Check the Anonymous users checkbox and click OK to close the window. The Transport Services needs to be restarted for this setting to take effect. Open an Exchange Management Shell window and enter the Restart-Service MSExchangeTransport command.
We now have a Hub Transport Server that can send and receive SMTP messages to and from the Internet.
Please note that when you use an appliance in your DMZ, for example a Barracuda, IronPort or McAfee solution this is considered as “anonymous” from a Hub Transport Server point of view.
Mail flow to the Internet
When a client creates a new message and clicks the Send button the message is placed in the Outbox. A Hub Transport Server will pickup the message and will place it in the Submission Queue on the Hub Transport Server. In this Submission Queue the message is safely stored on the hard disk of the Hub Transport Server. The Hub Transport Server can crash and reboot, but the message is still safe.
The Categorizer would pick up the message from the Submission Queue and check the To: field in the message to determine the recipients. The routing component of the Categorizer determines the final destination for the message. For Internet delivery, the message is delivered to “SMTP Out” (part of the MSExchange Transport Service) which uses the Send Connector that was created in the previous step. Depending on the address space a routing decision is made.
A queue is created for every message that is sent. This is true for internal messages (back to a mailbox server in the current Active Directory site as well as other Hub Transport Servers in the Exchange organization) and for external messages.
You can view the queues using the Queue Viewer. Open the Exchange Management Console and navigate to the Toolbox section. Select the Queue Viewer in the results pane.
You can see the individual queues, the status, the number of messages in the queue and when there are some issues, the error is shown as well. Using the Queue Viewer you need to connect to every Hub Transport Server so see messages in queues on other servers.
You can also use the Exchange Management Shell to get queue information using the Get-Queue cmdlet. When combined with the Get-TransportServer cmdlet you can see all queues on all Hub Transport Servers:
What’s a reasonable amount of messages in a queue and how long do they stay there? That’s not an easy question to answer. You’ll see quite a number of queues as a result of NDR’s (when spam is sent to non existing users) that cannot be delivered. Typically these queues have only 1 or 2 messages. When there are problems using delivery on the other SMTP hosts, the number of messages will increase. This is the time to start troubleshooting.
I will discuss this in my next article.
If you would like to read the other parts in this article series please go to:
- SMTP Routing in Exchange 2010 (Part 1)
- SMTP Routing in Exchange 2010 (Part 3)
- SMTP Routing in Exchange 2010 (Part 4)