Changing the SMTP Banner Something else you might want to do in a scenario where inbound messages are directly routed to a Hub Transport server is to change the advertised FQDN sent in H
Trang 1Figure 6.39 List of Available Anti-Spam Agents
Of course, this solution allows all spam messages and other unwanted e-mail to enter your
internal network before it’s fi ltered, but most small shops should be able to live with that If not, you
might want to consider using a hygiene service such as Exchange Hosted Services (EHS), which
not only provides effi cient anti-spam fi ltering, but also virus protection and other interesting services You can read more about EHS at http://www.microsoft.com/exchange/services
Changing the SMTP Banner
Something else you might want to do in a scenario where inbound messages are directly routed to a
Hub Transport server is to change the advertised FQDN sent in HELO/EHLO commands in SMTP
This is done under the General tab of the Default Receive connector property page, as shown in
Figure 6.40
Trang 2Disabling the EdgeSync Service
Since the EdgeSync service on the Hub Transport server isn’t used, when you don’t have an Edge Transport server deployed in your perimeter network, it’s also a good idea to disable this service (Figure 6.41) in order to save a few system resources Just by simply running and not replicating with
an Edge Transport server, this service actually uses a little under 30 MB
Figure 6.40 The General Tab on the Default Receive Connector Properties Page
Trang 3Pointing the MX Record
to the Hub Transport Server
The fi nal thing you must do is point your domain’s MX record to the Hub Transport server This is done differently depending on your specifi c scenario, but typically you just need to redirect port 25
to the IP address of the Hub Transport server in your fi rewall If you’re publishing your messaging
environment using an ISA 2006 Server, this is done under the To tab on the Inbound SMTP
properties page, as shown in Figure 6.42
Figure 6.41 Disabling the EdgeSync Service
Trang 4Missed Features
There are a few drawbacks in choosing to have inbound messages go directly to a Hub Transport server instead of via an Edge Transport server in your perimeter network, as best practices tell us
Attachment Filter
Although the Hub Transport server does contain some attachment options, you won’t be able to scan the incoming MIME stream for malicious attachment types, and thereby reject them at the protocol layer However, you could get this functionality on a Hub Transport Server by installing an anti-virus
product such as Microsoft Forefront for Exchange Server.
Address Rewrite Agent
You also won’t be able to take advantage of the address rewrite functionality since the Address Rewrite agent can only be installed on an Edge Transport server An explanation of this feature is outside the scope of this chapter Instead, refer to Chapter 7
Figure 6.42 Redirect Inbound Mail on an ISA 2006 Server
Trang 5In this chapter, we started out taking a brief look at the changes made in regards to message
routing and architecture in Exchange Server 2007 We then went through the confi guration settings available on the Hub Transport server Next, we discussed how you can create journaling and
transport rules so your organization can navigate the ever-increasing complexity of government and industry regulations and compliance demands We also covered the purpose of Send and Receive
connectors, and how to control message size limits in your organization In addition, we took a look
at the different transport server–related tools such as Message Tracking, the Queue Viewer, and the
Exchange Mail Flow Troubleshooter tools Finally, we went through the steps necessary to confi gure a Hub Transport server as the Internet-facing transport server in your organization
Solutions Fast Track
Message Transport and Routing Architecture
in Exchange 2007
˛ A lot has changed in regards to transport and routing architecture in Exchange Server 2007 First, Exchange no longer uses the SMTP protocol stack included with Internet
Information Services (IIS), as was the case with previous versions of the product Instead,
the Exchange Product group has rewritten the SMTP transport stack in managed code,
resulting in a much more stable and secure protocol stack
˛ The new SMTP transport stack is now known as the Microsoft Exchange Transport service (MSExchangeTransport.exe), and because it’s no longer dependent on IIS, it is not located within IIS Manager
˛ With Exchange Server 2007, the Exchange routing topology is no longer based on separate Exchange routing groups Instead Exchange 2007 takes advantage of the existing site
topology in Active Directory Because Exchange 2007 is now dependent on Active Directory sites—that is, Hub Transport servers use Active Directory sites as well as the cost assigned to the Active Directory IP site link to determine the least-cost routing path to other Hub
Transport servers within the organization—all sites containing one or more Mailbox servers must also have at least one Hub Transport server
˛ Bear in mind that Mailbox and Hub Transport servers use RPC as the basis of communication, but that two Hub Transport servers use SMTP/TLS when exchanging messages
˛ Exchange Server 2007 is no longer dependent on Link State updates
Managing the Hub Transport Server
˛ All organizationwide Hub Transport settings are stored in Active Directory This means that any modifi cations or confi guration settings, except Receive connector specifi c settings, are refl ected on all Hub Transport servers in the organization