Saturday, March 5, 2011

Exchange Server 2007 Email Routing


Exchange Server 2007 Email Routing

Message Flow Architecture

The Hub Transport server role is essential for each Exchange Server 2007 to route internal and external emails. The service running on these servers is the Exchange Transport Service (MSExchangeTransport.exe).
Inbound Email
Inbound email is email that is delivered from outside Exchange Server 2007, for example, from the Internet. We should have a gateway server implemented which can be an Edge Transport server role or Hub Transport server role. This depends on what internet connectivity and firewall structure is implemented. Best practice should be installing an Exchange Server 2007 Edge Transport server role residing in the perimeter network (also known as DMZ) without the need of Active Directory. This server then routes incoming messages into your Exchange Server 2007 organization.
Outbound Email
Outbound email means messages that are being sent from internal mailbox users to external recipients residing on the Internet. After a Hub Transport server has processed the mail and identified it as outbound mail, the server routes it to the Internet, either directly or again by passing a gateway server. This gateway server can be an Edge Server Transport server.
Local Email
Local mail flow refers to messages that are processed by a Hub Transport server in an Exchange Server 2007 organization and delivered to a mailbox on the same Active Directory Site.
Remote Email
Remote Email flow refers to messages that are processed by a Hub Transport server in an Exchange Server 2007 organization and delivered to a mailbox on a different Active Directory site from the source mailbox.

SMTP Connectors

SMTP connectors are Exchange Server 2007 components that support one-way SMTP connections. Due to this new restriction (based on earlier versions of Exchange Server) we need two connectors:
  • SMTP Receive Connectors
  • SMTP Send Connectors
An SMTP Receive connector is required for an Exchange Server 2007 server system to accept any SMTP connection. It is used to enable an Exchange Server Hub Transport role or Edge Transport server role to receive email from any other SMTP server on the Internet, other Exchange Server 2007 Hub Transport server roles, Edge Transport server roles or other Exchange Server 2007 environments. You can configure multiple SMTP Receive connectors with different parameters on a single Exchange Server due to implementation or high availability reasons. You do not have to create SMTP Receive connectors to route mail between Hub Transport server roles within the same forest.
An SMTP Send connector is required for an Exchange Server 2007 system to send any SMTP email. It is required to send email to any SMTP server on the internet or to any SMTP server within the same Exchange Server organization.
You can manage each of them using the Exchange Management Console or Exchange Management Shell. To manage connectors using the shell use the Set-ReceiveConnector and Set-SendConnector cmdlets.

Message Transport Components

To work with Exchange Server and troubleshoot message transport problems you should know the internal workings of Exchange message routing.
Messaging Components are:
  • Submission Queue
  • Store Driver
  • Microsoft Exchange Mail Submission Service
  • Pickup Directory
  • Categorizer
Messages from outside your Exchange organization enter the transport pipeline through an SMTP Receive Connector. Messages inside enter the pipeline through the Hub Transport server role.

Submission Queue

Each Transport server role (Hub or Edge Transport) has one submission queue that is created by the categorizer when Exchange Transport Service starts. It stores all messages on the local hard disk until they are processed by the categorizer for delivery. They are then finally removed from this queue.

Store Driver

Messages sent by a mailbox user enter the transport pipeline when they reach the sender’s outbox. The store driver on the Hub Transport retrieves it from the user’s Outbox and then transfers it to the submission queue. After the message has been successfully added to the submission queue, it is moved from the sender’s Outbox to the sender’s Sent Items. Messages are stored in MAPI format and must be converted to Summary Transport Neutral Encapsulation Format (S/TNEF) before being placed in the Submission Queue. This conversion is the job of the store driver, too. If this conversion is unsuccessful, a non-delivery report (NDR) is generated.

Microsoft Exchange Mail Submission Service

The Microsoft Exchange Mail Submission Service is a notification service that runs on Mailbox server roles. It notifies the Hub Transport server role to pick up the message from the sender’s Outbox. If there are multiple Hub Transport server roles on one Active Directory site, the Message Exchange Mail Submission service attempts to evenly distribute notifications between each transport role using static load balancing.

Pickup Directory

Each message that is transferred to the pickup directory has been successfully submitted to the submission queue via the categorizer. Messages placed in the Pickup Directory must be in the appropriate format and have read/write permissions configured. It allows you to take a properly formatted text file and have the Hub Transport server role process and deliver it. This can be very helpful when mail flow is being validated in the organization or relaying specific messages or returning to the transport pipeline. Even 3rd party applications may place messages in the Pickup directory rather than communicating directly with the Exchange Server.

Categorizer

The categorizer always picks the oldest message from the Submission queue and checks whether this message has to be routed internally in the Exchange organization or externally.
On each Hub Transport server the categorizer performs the following tasks:
  • Identification and verification of recipients
  • Expansion of distribution lists
  • Determination of routing paths
  • Conversion of content formats
  • Application of message policies

Implementation of Message Transports

Every time you install Hub Transport server roles in Exchange Server 2007 environments, message routing is enabled by default, but you may need to configure additional options on the Hub Transport server role. This process can look like this:
  • Configure server-specific settings
  • Configure authoritative domains and email address policies
  • Configure a postmaster mailbox
  • Configure Internet message flow
  • Configure messaging policies
  • Configure administrative permissions:
    • Exchange Organization Administrators
    • Exchange Server Administrators
    • Exchange View-Only Administrators
Each of these configuration settings are unique and need to be defined in a design document before the configuration for each company.
In the first part of my article we had a close look at Exchange Server 2007 Email Routing theoretical basics. Now we will have a look at how to configure Email routing within Exchange Server 2007 and how we can configure the routing topology to meet our plans.
The main Exchange Server 2007 routing topology features are:
  • No more routing groups
  • No more routing group connectors
  • Uses AD site links instead
  • Uses least cost routing based on network layer’s OSPF capabilities
  • Queues close to point of failure
  • Improved bifurcation algorithm
This means no link state routing like in Exchange Server 2003 anymore.

Role Based Setup

Before you begin setting up your Exchange Server 2007 environment you should make sure that your Active Directory Site structure is clear and does not contain any configuration errors. This means you should probably rethink your configuration and update it if necessary.
While setting up your Exchange Server 2007 machine, you have to choose which server role you want to implement. Exchange Server Hub Transport role is the basis of your routing structure. If you are running a one site Active Directory infrastructure, your design will be quite simple, but if you are hosting Active Directory within multiple sites, your Active Directory Site Links are the basis for your Exchange Routing Topology. This means your site link costs are based on calculating the best way to route messages between sites.
If you are installing Exchange Server 2007 in an existing forest, you will be prompted to choose which of your existing routing groups you will connect with. This is because all of your Exchange 2007 servers will exist in a special routing group that should only house Exchange 2007 servers. In an ideal world, your first Exchange 2007 server will be near one of your existing hub routing groups.

Understanding Intra-Organizational Mail Routing

Routing between two sites with only one Exchange Server 2007 in each site is quite easy.
http://www.msexchange.org/img/upl/Image0011177313136724.JPG
Figure 1: Routing between two Sites
In an environment with at least three sites in one chain we can see new behavior when an email is sent from the first to the third site. Compared to earlier versions of Exchange Server, Exchange 2007 will now try to route the message directly.
http://www.msexchange.org/img/upl/Image0021177313136756.JPG
Figure 2: Routing between three Sites
Exchange will now directly route the message to the third site, because use of the second site is only an extra cost and does not have any further advantages. The amount of WAN-Link would not decrease, but the site in between would have to use CPU and other resources for receiving and sending the message. In addition this mail would take more time.
http://www.msexchange.org/img/upl/Image0031177313136756.JPG
Figure 3: Routing between three Sites in case of failure
Now Exchange will queue the mail to site C at the server nearest to its destination server.
http://www.msexchange.org/img/upl/Image0041177313136771.JPG
Figure 4: Routing between three Sites in case of redundancy
In case of redundancy of site links, we always have the topology of routing with least costs.
After having understood how to configure intra-organizational email routing, we will now have a look at how to connect Exchange Server 2007 to the internet.

Configuring outgoing Email Transport

First, we will need to configure Exchange Server 2007 to accept outgoing email messages. This means we will have to create a new SMTP send connector in the organization configuration tab.
http://www.msexchange.org/img/upl/image0061176474747381.jpg
Figure 5: Configuring a New SMTP Send Connector
http://www.msexchange.org/img/upl/image0081176474747381.jpg
Figure 6: Adding an accepted Address Space
In this dialog box you will have to add all address spaces (or SMTP domains) your server should accept and reroute emails.
http://www.msexchange.org/img/upl/image0101176474906724.jpg
Figure 7: Configuring the Smarthost
In this dialog box you will have to configure the destination server (relay server) of your network environment. It is best to configure Exchange to use DNS MX records. This means that you will just have to change your DNS configuration if you are changing your servers IP addresses.
http://www.msexchange.org/img/upl/image0121176474906724.jpg
Figure 8: Configuring the local Hub Transport Server
Now we will have to add all source servers (formerly known as local bridgehead servers in Exchange 2003 Server) that are able to use this connector for outgoing email.
To finish your configuration you will just have to click NEXT, NEW and FINISH which will create the new connector.

Configuring incoming Email Transport

In Exchange Server 2007, the receive connector is a “receive listener”. This means that the Receive connector listens for incoming connections that match the settings of the receive connector. A receive connector listens for connections that are received through a particular port and from a specified IP address or IP address range. You can also set limits on the number of active connections that are supported by the receive connector. The receive connector is a feature of the Edge Server Role and can only be configured there.
If you would like your Exchange Server to accept emails from your Exchange Edge Server, you will have to configure a subscription (using a XML file) and import this into your Exchange Server 2007 organization.
To configure which email domains Exchange Server will accept, you will have to create an “Accepted Domain” Policy in Exchange System Manager in Organization Configuration under Hub Transport.
http://www.msexchange.org/img/upl/image0141176474906740.jpg
Figure 9: Configuring a new Accepted Domain
Exchange will allow handling of three options:
  • Authoritative Domain
  • Internal Relay Domain
  • External Relay Domain


Exchange Server 2007 Email Routing Using the Exchange Management Shell
How to configure Email routing in Exchange Server 2007 using the Powershell console.

Part 1 and Part 2 of this article discussed the design of Exchange Server 2007 Email Routing and how to configure it using the Graphical User Interface. Exchange Server 2007 also allows another management possibility – the Exchange Management Shell. Within this article we will have a look at how to configure Email routing in Exchange Server 2007 using the Powershell console.
Configuring Transport Server Properties
Transport Server is the server role that is responsible for message routing.
To view Transport Server configuration, you just have to use the Exchange Management Shell Command “get-transportserver”, to set any new configuration “set-transportserver” is your goal:
http://www.msexchange.org/img/upl/figure11181812781437.jpg
Figure 1: Viewing and Setting Transport Server Configuration
If a send connector is trying to send emails using external DNS lookup settings, it uses the external DNS setting configured on the transport server. This external DNS setting also applies to receive connectors for anti-spam agents like Sender ID or connection filter agents.
To configure this using the command prompt, enter the following:
http://www.msexchange.org/img/upl/figure21181813286046.jpg
Figure 2: Configuring External DNS Server Settings
To configure internal settings just replace the "external" string in the expressions above with “internal” and it works.
In general the cmdlet Set-TransportServer supports the following settings:
  • Outbound Connection failure retry interval in minutes
  • Transient failure retry interval in seconds
  • Transient failure retry attempts
  • Message expiration
  • Notifications
  • Connection Restrictions (maximum concurrent outbound connections & maximum concurrent outbound connections per domain)
Managing Accepted Domains
Accepted Domains are global settings for the Exchange organization and on Edge Servers. These settings define whether Exchange is responsible for an SMTP domain or not. It is recommended that you configure all accepted domains in these global settings and synchronize them to your Exchange Server holding the Edge Server Transport Role in the DMZ.
We sort the accepted domains into groups:
  • Authoritative Domains
  • Relay Domains:
    • Internal --> recipients in this domain do not have mailboxes in this Exchange organization but have contacts in the global address list (GAL)
    • External --> messages are relayed to an email server outside your Exchange organization by your Edge Transport server.
To create an accepted domain you will have to use the following commands:
http://www.msexchange.org/img/upl/figure31181813286046.jpg
Figure 3: Configuring Accepted Domains
To change an accepted domain type, you should use the following syntax:
http://www.msexchange.org/img/upl/figure41181813286046.jpg
Figure 4: Changing the accepted domain type
To remove an accepted domain you can use the following command:
http://www.msexchange.org/img/upl/figure51181813286077.jpg
Figure 5: Remove Accepted Domains
You should make sure that it is not your default, because this cannot be removed anyway.
In addition to this you can configure email policies with the command shell, too.
http://www.msexchange.org/img/upl/figure61181813286077.jpg
Figure 6: Set Email Address Policy
This command changes the primary email address assigned to receipients and keeps the existing email address as secondary.
Managing Connectors
A connector defines a logical connection between source and destination server. They describe how servers communicate. The default communication protocol is SMTP, all receive connectors accept only SMTP, but send connectors (e.g. to foreign email systems) accept SMTP, X.400, etc.
A receive connector defines:
  • Number of active connections
  • Maximum message size
  • Maximum recipients per message
  • And more...
To create a new send connector you will have to use the following command:
http://www.msexchange.org/img/upl/figure71181813286093.jpg
Figure 7: Creating new send connectors
In addition to this you can create a linked connector, which is a receive connector that is linked to a send connector. For linked connectors the general routing logic based on destination domain is overridden. In general, a linked connector can be used when sending messages to a 3rd party anti-spam or antivirus service for processing and then return it to Exchange for proper delivery.
To configure how Exchange receives email, we will now have a look at the receive connector configuration.
http://www.msexchange.org/img/upl/figure81181813412124.jpg
Figure 8: Creating a custom receive connector
If you now want to remote a receive connector, that is quite easy when working with the Exchange Server Management Shell.
http://www.msexchange.org/img/upl/figure91181813412124.jpg
Figure 9: Removing an existing receive connector
When considering security settings on your connectors you will have to choose between anonymous and secure relaying. As we all know relaying means receiving and sending emails, if ever possible we should configure each Exchange Server to only allow relaying on, e.g. specific IP-Addresses. This means that your Exchange Server box is configured to send emails only to the relay server and receives only from this one.
http://www.msexchange.org/img/upl/figure101181813412124.jpg
Figure 10: Configure Anonymous Relay for specific IP-Addresses
As you can see we now have to use two commands. The first was for creating the receive connector with anonymous relay restrictions; the second one was to configure the appropriate security settings in Active Directory.
Managing Queues
After having had a look at the configuration of Exchange Server and its connectors for sending and receiving messages, we will now have a look at the queue management functionalities of the Exchange Server Management Shell.
If you would like to retrieve special messages within your queue, this command should help you:
Get-Message –Server Servername.domain.tld –resultsize 500 –sortorder +FromAddress,-size
In addition to this you can start every task known from the Exchange Management Console within your Exchange Management Shell, likewise:
  • Suspending Queues
  • Resuming Queues
  • Remove Queues
  • Remove specific messages from Queues
  • Export Messages from Queues
  • Resubmit Messages from Queues
  • And more...


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)