From my investigations it appears that we need to create a Send Connector. Without one of these Send Connectors you will not be able to send mail to the Internet, so we better create one. Go to the Organization Configuration\Hub Transport node in the left pane for the console. Click on the Send Connectors tab in the middle pane of the console. Right click on an empty area in the middle pane and click New Send Connector.
Figure 1
On the New SMTP Send Connector page, put a name for the connector in the Name text box. In this example we will name it Internet bound Mail. From the Select the intended use for this Send connector drop down list, select Internet. Click Next.
Figure 2
On the Address Space page, click the Add button. In the Add Address Space dialog box, put an asterisk in the Domain text box. I put a checkmark in the Include all subdomains checkbox, although I do not know if this is required, since the wildcard tells the Exchange Server to send all mail to any domain through this SMTP connector (except for those domains that the Exchange Server is authoritative for) . Click OK in the Add Address Space dialog box.
Figure 3
You now see the wildcard domain listed and the type is smtp. Click Next.
Figure 4
We have several options to select from on the Network settings page. The default setting is to Use domain name system (DNS) “MX” records to route mail automatically. When this setting is enabled, it becomes the responsibility of the Exchange Server to look up the MX records for the destination domain and resolve those to an IP address.
Another option is to offload this responsibility to another SMTP server. When you offload the MX domain name resolution to another SMTP server, that other SMTP server is acting as a Smart Host. It is not uncommon to use the ISP’s SMTP server as a Smart Host. One of the advantages of this is that it is likely that there is a reverse DNS record for your ISP’s SMTP server, so you do not have to worry about reverse lookups at the destination DNS server. That is because the destination DNS server only looks at the name resolution for the last hop, not each hop the SMTP message may take on the way to its destination.
Another option on this page is to Use the External DNS Lookup settings on the transport server. By default, the Exchange Server will use the DNS server configured on its NIC to resolve the MX domain names. However, you might run an environment where you do not want internal machines to resolve Internet domain names (for example, you want the ISA Firewall to perform external name resolution, which forces clients to be Web proxy and/or Firewall clients). This is in general a more secure configuration and something recommended by world class security experts such as Tim Mullen (Thor).
When you select the Use the External DNS Lookup settings on the transport server option, you have the option to configure the SMTP “service” to use an alternate DNS server that can resolve Internet host names. In this way, you enable the SMTP “service” to resolve Internet MX domain names while preventing all other applications and services on the machine from resolving any Internet host name.
In this example, we will use the default setting, Use domain name system (DNS) “MX” records to route mail automatically. Click Next.
Figure 5
On the Source Server page, you will see that our Transport Server is already added to the list. Since we only have one, we do not need to add any more. Click Next.
Figure 6
Review the settings on the New Connector page and click the New button.
Figure 7
Click Finish on the Completion page.
Figure 8
Double click the Internet Bound Mail Send Connector that you created. This opens the Internet Bound Mail Properties dialog box. On the General tab, you need to make an entry in the Specify the FQDN this connector will provide in response to HELO or EHLO. This is an important setting if you are not using a Smart Host because the public IP address where outbound mail exits your organization must reverse resolve to the name you put here. If you are using a Smart Host this probably will not matter.
Figure 9
Click on the Server Configuration\Hub Transport node in the left pane of the Exchange console. Double click on the EXCH2007MB entry in the middle pane of the console.
In the EXHC2007 Properties dialog box, click on the External DNS Lookups tab. Here you have two options:
Use network card DNS settings This option allows you to use the DNS settings on the NIC installed on the Exchange Server. If you have multiple NICs on the Exchange Server, then you can choose the NIC from the drop down list. When you do so, you will see the DNS server address in the This adapter contains the following DNS server entries list.
Use these DNS servers - Choose this option when you want to use a DNS server that is not listed on any of the NICs installed on the Exchange Server.
In this example, we will use the DNS server address bound to the NIC, which is the IP address of the DNS server installed on the domain controller for this network.
Figure 10
There is one more thing we need to do to allow anonymous inbound connections to the Default receive connector on this Hub Transport Server. In general, you should not do this since you are allowing anonymous inbound connections to an Internet facing host located on the same security zone at the domain controller and mailbox server (in this example, the mailbox server is collocated on the Hub Transport Server). In a secure environment, you would use an inbound SMTP relay on an anonymous access DMZ. This could be an IIS SMTP server, or an Exchange Edge Server.
Double click on the Default EXCH2007MB Receive Connector in the middle pane on the Exchange Management console. On the Default EXCH2007MB Properties dialog box, click the Permission Groups tab. Put a checkmark in the Anonymous users checkbox and click OK.
Figure 11
0 comments:
Post a Comment