4. Creating Send Connectors
Send connectors are the gateways through which transport servers
send messages. Exchange automatically creates the Send connectors
required for internal mail flow but does not create the Send connectors
required for mail flow to the Internet. As an administrator, you can
explicitly create Send connectors for Internet mail flow and other Send
connectors that are needed, and then manage the configuration of these
explicitly created Send connectors as necessary. You cannot, however,
manage the configuration of Send connectors created implicitly by
Exchange to enable mail flow. The key reasons for creating Send
connectors are when you want to
-
Control explicitly how message routing works within domains or between domains.
-
Control explicitly the hosts used as destinations or the way messages are routed over the Internet.
-
Send mail to systems that are not Exchange servers.
When you create Send connectors, you can encrypt message traffic
sent over the link and require strict authentication. You can transmit
messages to a designated internal server—called a smart host—or
you can use DNS records to route messages. If you use a smart host,
Exchange Server 2010 transfers messages directly to the smart host,
which then sends out messages over an established link. The smart host
allows you to route messages on a per-domain basis. If you use DNS
records, Exchange Server 2010 performs a DNS lookup for each address to
which the connector sends mail.
When you create a Send connector, you must either define the address
space for the connector or link it to a specific Receive connector. The
address space determines when the Send connector is used and the domain
names to which the connector sends messages. For example, if you want
to connect two domains in the same Exchange organization—dev.cpandl.com
and corp.cpandl.com—you can create a Send connector in dev.cpandl.com,
and then add an SMTP address type for the e-mail domain corp.cpandl.com.
Send connectors
can be used by multiple Transport servers. When you create a Send
connector within an Exchange organization, you can select the Hub
Transport servers that are permitted to use the Send connector. When
you create a Send connector on an Edge Transport server, the Send
connector is configured for only that server.
To create a Send connector, complete the following steps:
-
Start the Exchange Management Console. On an Edge Transport server,
select Edge Transport and then in the main pane click the Edge
Transport server that you want to work with. On a Hub Transport server,
expand the Organization Configuration node, and then select Hub
Transport.
-
On the Send Connectors tab in the details pane, right-click an open
area, and then select New Send Connector. This starts the New Send
Connector Wizard, shown in Figure 1.
-
In the Name text box, type a descriptive name for the connector, and
then set the connector type. The available options are as follows:
-
Custom Creates a customized Send connector for connecting with systems that are not Exchange servers.
-
Internal Creates
a Send connector for sending mail to another transport server in the
organization, and sets the default permissions so that the connector
can be used by Exchange servers. This connector will be configured to
route mail using smart hosts.
-
Internet Creates
a Send connector that sends mail to external users over the Internet.
This connector will be configured to use DNS records to route mail.
-
Partner Creates a
Send connector that sends mail to partner domains. Partner domains
cannot be configured as smart hosts. Only connections that authenticate
with Transport Layer Security (TLS) certificates are allowed by
default. Partner domains must also be listed on the TLS Send Domain
Secure list, which can be set using the –TLSSendDomainSecureList
parameter of the Set-TransportConfig command.
-
Click Next. On the Address Space page, click Add. In the SMTP
Address Space dialog box, enter the domain name to which this connector
will send mail. To use this connector to send e-mail to all subdomains
of the address space, select the Include All Subdomains check box.
Click OK to close the SMTP Address Space dialog box. Repeat as
necessary to add more address spaces to this connector. If you make a
mistake, select the address space and then click Remove.
Note
If you enter Adatum.com as the address and then select the Include
All Subdomains check box, the address entry is created as *.adatum.com.
You can enter the wildcard character (*) directly in the address space
as defined in RFC 1035. For example, you can enter * for all domains,
*.com for all .com domains, or *.adatum.com for the adatum.com domain
and all subdomains of adatum.com.
-
If you'd like to scope the Send connector to the current site,
select the Scoped Send Connector check box. When a Send connector is
scoped, only Hub Transport servers in the same Active Directory site as
the Send connector's source servers consider that Send connector in
routing decisions. Click Next to continue.
-
On the Network Settings page, select how you want to send e-mail
with the Send connector. If you select Use Domain Name System (DNS)
"MX" Records To Route Mail Automatically, the Send connector uses the
DNS client service on the Transport server to query a DNS server and
resolve the destination address. Skip steps 7–10.
-
If you select Route Mail Through The Following Smart Hosts, you have
to specify the smart hosts to which mail should be forwarded for
processing. Click Add.
-
In the Add Smart Host dialog box, select either IP Address or Fully
Qualified Domain Name (FQDN) to specify how to locate the smart host.
If you select IP Address, enter the IP address of the smart host. If
you select Fully Qualified Domain Name (FQDN), enter the full domain
name of the smart host. The Transport server must be able to resolve
the FQDN.
-
Click OK to close the Add Smart Host dialog box. Repeat steps 7-9 as
necessary to add more smart hosts to this connector. If you make a
mistake, select the smart host, and then click Edit or Remove as
appropriate. When you are finished, click Next to continue.
-
After you've configured smart hosts, you'll see the Configure Smart
Host Authentication Settings page next. On this page, select the method
that you want to use to authenticate your servers to the smart host.
Choose one of the following options, and then click Next:
-
None No authentication. Use this option only if the smart host is configured to accept anonymous connections.
-
Basic Authentication
Standard authentication with wide compatibility. With basic
authentication, the user name and password specified are passed as
cleartext to the remote domain.
-
Basic Authentication Over TLS
Transport Layer Security (TLS) authentication is combined with basic
authentication to allow encrypted authentication for servers with smart
cards or X.509 certificates.
-
Exchange Server Authentication Secure authentication for Exchange servers. With Exchange Server authentication, credentials are passed securely.
-
Externally Secured
Secure authentication for Exchange servers. With externally secured
authentication, credentials are passed securely using an external
security protocol for which the server has been separately configured,
such as Internet Protocol security (IPsec).
Note
With the Basic Authentication or Basic Authentication Over TLS
option, you must provide the name and password for the account
authorized to establish connectors to the designated smart hosts. All
smart hosts must use the same user name and password.
-
When you are working with a Hub Transport server, you see the Source
Server page next. If you are logged on to a Hub Transport server, this
server is added as the source server automatically. Click Add to
associate the connector with Hub Transport servers and Edge
subscriptions. In the Select Hub Transport And Subscribed Edge
Transport Servers dialog box, select the Hub Transport server or the
Edge subscription that will be used as the source server for sending
messages to the address space that you previously specified and then
click OK. Repeat as necessary to add more Transport servers. If you
make a mistake, select the server and then click Remove. When you are
finished, click Next to continue.
-
On the New Connector page, review the configuration summary for the
connector. To modify the settings, click Back. To create the Send
connector, click New. On the Completion page, click Finish.
In the Exchange Management Shell, you can create Send
connectors using the New-SendConnector cmdlet. The –Usage parameter
sets the Send connector type as Custom, Internal, Internet, or Legacy.
The –AddressSpaces parameter sets the address spaces for the Send
connector by FQDN or IP address. The –DNSRoutingEnabled parameter
determines whether DNS records are used for lookups or smart hosts are
used. To use DNS records, set DNSRoutingEnabled to $true. To use smart
hosts, set DNSRoutingEnabled to $false, and then use the –SmartHosts
parameter to designate the smart hosts.
Example 5
provides the syntax and usage for the New-SendConnector cmdlet. With
Basic Authentication or Basic Authentication Over TLS, you will be
prompted to provide credentials. To scope the Send connector to the
current Active Directory site, set the –IsScopedConnector parameter to
$true.
Example 5. New-SendConnector cmdlet syntax and usage
Syntax
New-SendConnector -Name Name
[-AddressSpaces Addresses
]
[-AuthenticationCredential Credentials
]
[-Comment Comment
]
[-ConnectionInactivityTimeout TimeSpan
]
[-Custom <$true | $false>]
[-DNSRoutingEnabled <$true | $false>]
[-DomainController DCName
]
[-DomainSecureEnabled <$true | $false>]
[-Enabled <$true | $false>]
[-Force <$true | $false>]
[-ForceHELO <$true | $false>]
[-Fqdn FQDN
]
[-IgnoreStartTLS <$true | $false>]
[-Internal <$true | $false>]
[-Internet <$true | $false>]
[-IsScopedConnector <$true | $false>]
[-LinkedReceiveConnector ReceiveConnectorIdentity
]
[-MaxMessageSize <Size
| Unlimited>]
[-Partner <$true | $false>]
[-Port PortNumber
]
[-ProtocolLoggingLevel <None | Verbose>]
[-RequireTLS <$true | $false>]
[-SmartHostAuthMechanism <None|BasicAuth|BasicAuthRequireTls
|ExchangeServer|ExternalAuthoritative>]
[-SmartHosts SmartHosts
]
[SmtpMaxMessagesPerConnection MaxMessages
]
[-SourceIPAddress IPAddress
]
[-SourceTransportServers TranportServers
]
[-Usage <Custom|Internal|Internet|Partner>]
[-UseExternalDNSServersEnabled <$true | $false>]
Usage for DNS MX records
New-SendConnector -Name "Adatum.com Send Connector"
-Usage "Custom"
-AddressSpaces "smtp:*.adatum.com;1"
-IsScopedConnector $true
-DNSRoutingEnabled $true
-UseExternalDNSServersEnabled $false
-SourceTransportServers "CORPSVR127"
Usage for smart hosts
New-SendConnector -Name "Cohovineyards.com"
-Usage "Custom"
-AddressSpaces "smtp:*.cohovineyards.com;1"
-IsScopedConnector $false
-DNSRoutingEnabled $false
-SmartHosts "[192.168.10.52]"
-SmartHostAuthMechanism "ExternalAuthoritative"
-UseExternalDNSServersEnabled $false
-SourceTransportServers "CORPSVR127"