8. Creating Receive Connectors
Receive connectors are the gateways through which Transport servers
receive messages. Exchange creates the Receive connectors required for
mail flow automatically. The receive permissions on a Receive connector
determine who is allowed to send mail through the connector.
As an administrator, you can explicitly create Receive
connectors and then manage the configuration of those explicitly
created Receive connectors as necessary. You cannot, however, manage
the configuration of connectors created implicitly by Exchange to
enable mail flow. The key reasons for creating SMTP connectors are when you want to
-
Control explicitly how messages are received within domains or between domains.
-
Control explicitly the permitted incoming connections.
-
Receive mail from systems that are not Exchange servers.
Unlike Send connectors, Receive connectors are used by only a
single, designated Transport server. When you create a Receive
connector within an Exchange organization, you can select the Hub
Transport or Edge Transport server with which the connector should be
associated and configure the specific binding for that connector. A
binding is a combination of local IP addresses, ports, and remote IP
address ranges for the Receive connector. You cannot create a Receive
connector that duplicates the bindings of existing Receive connectors.
Each Receive connector must have a unique binding.
Note
Exchange Server 2010 uses standard SMTP or Extended SMTP (ESMTP)
to deliver mail. Because the ESMTP standard is more efficient and
secure than SMTP, SMTP connectors always try to initiate ESMTP sessions
before trying to initiate standard SMTP sessions. SMTP connectors
initiate ESMTP sessions with other mail servers by issuing an EHLO
start command. SMTP connectors initiate SMTP sessions with other mail
servers by issuing the HELO start command.
To create a Receive connector, complete the following steps:
-
Start the Exchange Management Console. On an Edge Transport server,
select Edge Transport. On a Hub Transport server, expand the Server
Configuration node, and then select the Hub Transport node. On the
Receive Connectors tab in the details pane, select the server on which
you want to create the receive connection and then click the server's
Receive Connectors tab.
-
Click the server you want to work with in the main pane. In the
details pane, below Receive Connectors, right-click an open area, and
then select New Receive Connector. This starts the New Receive
Connector Wizard, shown in Figure 4.
-
In the Name text box, type a descriptive name for the connector and
then set the connector type. The available options are as follows:
-
Custom Creates a
Receive connector bound to a specific port or IP address on a server
with multiple receive ports or IP addresses. It can also be used to
specify a remote IP address from which the connector receives messages.
A custom Receive connector is used to connect with systems that are not
Exchange servers.
-
Internal Creates
a Receive connector to receive messages from another Transport server
in the organization. For Edge Transport servers, it sets the default
permissions so that the connector can be used by Exchange servers. For
Hub Transport servers, it sets the default permissions so that the
connector is configured to accept connections from Exchange servers.
-
Internet Creates
a Receive connector that accepts incoming connections from the
Internet. This connector accepts connections from anonymous users.
-
Client Creates a
Receive connector used to receive mail from Exchange users. Only
connections from authenticated Microsoft Exchange users are accepted by
default.
-
Partner Creates a
Receive connector used to receive mail from partner domains. Partner
domains cannot be configured as smart hosts. Only connections that
authenticate with Transport Layer Security (TLS) are allowed by
default. Partner domains must also be listed on the TLS Receive Domain
Secure list, which can be set using the –TLSReceiveDomainSecureList
parameter of the Set-TransportConfig command.
-
Click Next. For Custom, Partner, and Internet Receive connectors, you can specify the local IP addresses and the port on which mail can be received. (See Figure 5.) By default, Custom and Internet Receive
connectors are configured to receive mail over port 25 on all available
IPv4 addresses configured for the server. Port 25 is the default TCP
port for SMTP. To use a different configuration, select the default
entry on the Local Network Settings page and then click Remove. You can
now create new entries by clicking Add. In the Add Receive Connector
Binding dialog box, select Use All Available IP Addresses to have the
connector listen for connections on all the IP addresses that are
assigned to the network adapters on the local server. Select Specify An
IP Address if you want to type an IP address that is assigned to a
network adapter on the local server and have the connector listen for
connections only on this IP address. As necessary, modify the listen
port value. Click OK.
-
For Custom, Partner, and Internet Receive connectors, you can
specify the FQDN the Transport server provides in response to HELO or
EHLO messages on the Local Network Settings page. In the Specify The
FQDN This Connector Will Provide In Response To HELO Or EHLO text box,
type the name that the server advertises, such as mail.cpandl.com. Click Next.
Note
If you don't specify the FQDN, the wizard uses the name of the server.
-
On the Remote Network Settings page, shown in Figure 6, you can specify the remote IP addresses from which the server can receive mail. By default, Receive
connectors are configured to accept mail from all remote IP addresses,
which is why the IP address range 0.0.0.0–255.255.255.255 is set as the
default entry. You'll only want to change this behavior if you want to
limit the servers that are permitted to send mail to the Transport
server. To use a different configuration, select the default entry on
the Remote Network Settings page and then click Remove. To specify the
remote servers by a range of IP addresses, click the small arrow next
to Add and then select IP Range. In the Add Remote Servers—IP Address
Range dialog box, enter a start IP address and an end IP address for
the first acceptable range of IP addresses, and then click OK. Repeat
this process as necessary to configure other acceptable IP address
ranges. Click Next.
-
On the New Connector page, review the configuration summary for the
connector. If you want to modify the settings, click Back. To create
the Receive connector by using the settings in the configuration
summary, click New.
-
On the Completion page, click Finish.
In the Exchange Management Shell, you can create Receive connectors using the New-ReceiveConnector
cmdlet. The –Usage parameter sets the Receive connector type as Custom,
Internal, Internet, or Legacy. The –Bindings parameter sets the
internal IP addresses and ports on which to listen. The –FQDN parameter
sets the FQDN to advertise in response to HELO or EHLO messages. The
–RemoteIPRanges parameter provides a comma-separated list of acceptable
IP address ranges. The –Server parameter specifies the server on which
to create the Receive connector.
As Example 9 shows, the required parameters for the New-ReceiveConnector cmdlet depend on the type of Receive connector you are creating.
After you provide the required parameters, the remaining parameters can
be used in the same way regardless of which type of Receive connector
you are creating. You use –AuthMechanism to specify the authentication
type. With Basic Authentication or Basic Authentication Over TLS, you
will be prompted to provide credentials.
Example 9. New-ReceiveConnector cmdlet syntax and usage
Syntax
New-ReceiveConnector -Name Name
-Usage <Custom | Internet | Internal | Client | Partner> {AddtlParams}
New-ReceiveConnector -Name Name
-Bindings Bindings
-RemoteIPRanges IPRange1
, IPRange2
, . . . {AddtlParams}
New-ReceiveConnector -Name Name
-Bindings Bindings
-Internet <$true | $false > {AddtlParams}
New-ReceiveConnector -Name Name
-Client <$true | $false >
-RemoteIPRanges IPRange1
, IPRange2
, . . . {AddtlParams}
New-ReceiveConnector -Name Name
-Internal <$true | $false >
-RemoteIPRanges IPRange1
, IPRange2
, . . . {AddtlParams}
New-ReceiveConnector -Name <String> -Bindings Bindings
-Partner <$true | $false > -RemoteIPRanges IPRange1
, IPRange2
, . . .
{AddtlParams}
{AddtlParams}
[-AdvertiseClientSettings <$true | $false>]
[-AuthMechanism <None | Tls | Integrated | BasicAuth |
BasicAuthRequireTLS | ExchangeServer | ExternalAuthoritative>]
[-Banner Banner
]
[-BinaryMimeEnabled <$true | $false>]
[-Bindings Bindings
]
[-ChunkingEnabled <$true | $false >]
[-Comment Comment
]
[-Confirm <$true | $false >]
[-ConnectionInactivityTimeout TimeSpan
]
[-ConnectionTimeout TimeSpan
]
[-Custom <$true | $false >]
[-DefaultDomain DefaultDomain
]
[-DeliveryStatusNotificationEnabled <$true | $false>]
[-DomainController DCName
]
[-DomainSecureEnabled <$true | $false>]
[-EightBitMimeEnabled <$true | $false>]
[-EnableAuthGSSAPI <$true | $false>]
[-Enabled <$true | $false>]
[-EnhancedStatusCodesEnabled <$true | $false>]
[-Fqdn FQDN
]
[-LongAddressesEnabled <$true | $false>]
[-LiveCredentialEnabled <$true | $false>]
[-MaxAcknowledgementDelay MaxDelay
]
[-MaxHeaderSize MaxHeaderBytes
]
[-MaxHopCount MaxHops
]
[-MaxInboundConnection <MaxConn
| Unlimited>]
[-MaxInboundConnectionPercentagePerSource MaxPercentage
]
[-MaxInboundConnectionPerSource <MaxConnPerSource
| Unlimited>]
[-MaxLocalHopCount MaxHops
]
[-MaxLogonFailures MaxLogonFailures
]
[-MaxMessageSize MaxMessageSize
]
[-MaxProtocolErrors <MaxErrors
| Unlimited>]
[-MaxRecipientsPerMessage MaxRecipients
]
[-MessageRateLimit <RateLimit
| Unlimited>]
[-MessageRateSource <User | IPAddress | Both>]
[-OrarEnabled <$true | $false>]
[-PermissionGroups <None | AnonymousUsers | ExchangeUsers |
ExchangeServers | ExchangeLegacyServers | Partners | Custom >]
[-PipeliningEnabled < $true | $false>]
[-ProtocolLoggingLevel <None | Verbose>]
[-RemoteIPRanges IPRange1
, IPRange2
, . . .]
[-RequireEHLODomain <$true | $false>]
[-RequireTLS < $true | $false>]
[-Server Server
]
[-SizeEnabled <Disabled | Enabled | EnabledWithoutValue>]
[-SuppressXAnonymousTls < $true | $false>]
[-TarpitInterval TimeSpan
]
Usage
New-ReceiveConnector -Name "Custom Receive Connector"
-Usage "Custom" -Bindings "0.0.0.0:425"
-Fqdn "mailserver85.cpandl.com"
-RemoteIPRanges "0.0.0.0-255.255.255.255"
-Server "CORPSVR127"