To route incoming messages through it, you need to point the organization’s MX or Mail Exchange records to this server, unless you’ve got another Internet-facing SMTP server in front of
Trang 1Pointing Your MX Records to the
Edge Transport Server
When the Edge Transport server has been fully deployed, the next step is to put it into production
by routing incoming as well as outgoing messages through this server To route incoming messages through it, you need to point the organization’s MX or Mail Exchange record(s) to this server, unless you’ve got another Internet-facing SMTP server in front of your Edge Transport server, in which case you should just confi gure your Internet-facing SMTP server to forward all messages to the Edge Transport server
To see the MX records for your domain, perform the following steps:
1 Open a Command Prompt window
2 Type Nslookup and press Enter.
3 Now type Set type=MX
4 Type your SMTP domain (such as domain.com) and press Enter.
This sequence of steps will list the MX records for your SMTP domain, similar to what is shown
in Figure 7.60
Figure 7.60 Pointing MX Records to the Edge Transport Server
You can also use a Web-based service such as www.checkdns.net or www.dnsreport.com to retrieve your MX record information
If you’ve got more than one MX record, the one with the lowest preference number is typically the one you should worry about, since any MX record with higher preference numbers are secondary
MX record servers for your domain (that is, servers that will receive any messages, whereas for some
reason your primary MX record doesn’t respond to an EHLO or HELO command).
Trang 2If you don’t have an SMTP server in front of the Edge Transport server, you will need to change the MX record to point to your new server This change will need to be done on the DNS server that hosts your SMTP domain (typically a DNS server located at your Internet service provider, or ISP)
TIP
In most cases, you make the MX record change yourself (via a Web-based
administration panel), but if you are in doubt about how to make this change,
ask your ISP/DNS provider to do it for you
Depending on how your specifi c setup has been confi gured, there’s also a chance that you simply need to change a rule in your ISA Server (or whatever fi rewall you
have deployed in your organization) so that the rule points to the external IP address
of the Edge Transport server
In Chapter 12, which covers how you publish the different Exchange 2007 services and protocols through an ISA 2006 Server, we’ll go through step-by-step instructions on how to publish your
Exchange 2007 Server SMTP protocol, which is the same procedure for both an Edge Transport and
a Hub transport server
Deploying Multiple Edge Transport Servers
in the Organization
If you’re a messaging administrator or consultant working for a relatively large organization, deploying one edge transport server in the parameter network (DMZ or screened subnet) might not be
suffi cient So your big question might be whether it’s possible to deploy multiple Exchange 2007
edge transport servers, and if it is, how is the data in the ADAM store replicated between each edge transport server? Luckily you can answer yes to both of these questions; this section explains how to
do exactly that
You can deploy additional Edge Transport servers in your organization by cloning the
confi guration from the server that has already been deployed in the perimeter network This is done
by copying and exporting the confi guration from an existing Edge Transport server (source server) to
an XML fi le using the ExportEdgeConfi g.ps1 script, which can be found in the Scripts directory
under C:\Program Files\Microsoft\Exchange
The ExportEdgeConfi g.ps1 script exports all user-confi gured settings as well as data (except the EdgeSync subscription settings and the certifi cates that are used by the Microsoft Exchange EdgeSync service) to the XML fi le
The confi guration then needs to be copied and imported from the XML fi le to the newly
installed edge transport server (target server), which is done using the ImportEdgeConfi g.ps1, also
found in the Scripts directory
When you import the XML fi le on a new Edge Transport server using the ImportEdgeConfi g
ps1, the script checks whether the confi guration information and data exported from the source
Trang 3server are valid for the target server If for some reason they aren’t valid, the script will write the invalid setting(s) to an answer fi le that you can modify to specify the target server information that is used during the import confi guration step
Although you export all the confi guration information except the EdgeSync subscription settings (including the confi guration data in ADAM) from the source server and import it on the target server, you still must run the EdgeSync service on each Edge Transport server, since confi guration data in ADAM cannot be replicated among the Edge Transport servers This means that you need to run the EdgeSync subscription process after you have imported the cloned confi guration
When you have multiple Edge Transport servers deployed in the perimeter network, you can network and load-balance network traffi c among the servers using the Domain Name System (DNS) round-robin mechanism To use the round-robin mechanism, you need to enable the feature on the DNS server that resolves the names of the edge transport servers When enabled, DNS uses round robin to rotate the order of resource record (RR) data returned in query answers where multiple records of the same type exist for a queried DNS domain name This means that should one edge transport server be down, the Hub Transport server or the external SMTP server that tries to deliver
an e-mail message to this Edge Transport server will retry, and then because of the rotation used by round robin, it will try to submit the e-mail message to another Edge Transport server in the perimeter network The round-robin mechanism is enabled by default on servers running either Windows Server 2003 SP1 or later and Windows Server 2003 R2
So to sum up, you need to perform the following steps in deploying additional Edge Transport servers in your perimeter network:
1 Install a clean edge transport server (following the guidelines in the beginning of this chapter)
2 Use the ExportEdgeConfi g.ps1 script to export the source server’s confi guration information to
an XML fi le You do this by opening the EMS, where you navigate to C:\Program Files\ Microsoft\Exchange Server\Scripts; typing \ExportEdgeConfi g.ps1 –CloneConfi gData:
“C:\CloneConfi gData.xml” ; and then pressing Enter (see Figure 7.61).
Figure 7.61 Cloning an Edge Transport Server
3 Now copy the CloneConfi gData.xml fi le to the target server.
4 Before importing the XML fi le, you need to validate it using the ImportEdgeConfi g.ps1
script To do so, open the EMS; navigate to C:\Program Files\Microsoft\Exchange Server\Scripts ; type \ImportEdgeConfi g.ps1 –CloneConfi gData:
“C:\CloneConfi gData.xml” -IsImport $false -CloneConfi gAnswer:
“C:\CloneConfi gAnswer.xml” ; and press Enter.
Trang 45 You will now be informed that the answer fi le has been created successfully Now open the
CloneConfi gAnswer.xml fi le in Notepad, and modify any settings that are reported
invalid for the target server
6 On the target server, use the ImportEdgeConfi g.ps1 script to import the XML fi le To do
so, open the EMS; navigate to C:\Program Files\Microsoft\Exchange Server\Scripts; type /ImportEdgeConfi g -CloneConfi gData:\“C:\CloneConfi gData.xml”
-IsImport $true -CloneConfi gAnswer: “C:\CloneConfi gAnswer.xml”; and press
Enter
You will now be informed that the import of the Edge confi guration information succeeded
The fi nal step is to set up the EdgeSync service so that relevant confi guration and recipient data are replicated from Active Directory to the ADAM store Since we already went through these steps earlier in this chapter (in the “Creating and Importing an Edge Subscription File” section), we won’t repeat them here
The Edge Transport Rules Agent
Part of the new E-Mail Policy and Compliance feature set in Exchange Server 2007 is the edge
transport rules agent, which is used to establish and enforce regulatory or corporate policies on e-mail messages sent to or received from the Internet
Just as with the Hub Transport server, the transport rules agent on the Edge Transport server is
capable of applying transport rules to messages fl owing into and out of the organization, but although the transport rules agent looks very similar for both types of server roles, don’t let it fool you
Although both server roles have a transport rules agent, several of the actions that are available for
each server role are different Actions such as applying message classifi cation, appending disclaimer
text, and sending bounced messages to senders with enhanced status code are all rules that are
available on the Hub Transport server but not on the Edge Transport server
For further information about the Hub Transport server-specifi c rules, see Chapter 6
Table 7.4 lists all the available action properties and Table 7.5 all available property sets
Table 7.4 Action Properties for Rules on the Edge Transport Server
Addresses Array of Simple Mail On an Edge Transport server,
Transfer Protocol Addresses accepts an array of
(SMTP) addresses SMTP addresses that are each
enclosed in double quotation
Classifi cation Single message Classifi cation accepts a single
Continued
Trang 5Table 7.4 Continued
Action Property Expected Format Description
Get-MessageClassifi cation
command For example, use the following command to apply
classifi cation to an action:
$Action.Classifi cation=
(Get-Message
Classifi
cation-ExCompanyInternal).
Identity
EnhancedStatusCode Single delivery status EnhancedStatusCode specifi es
notifi cation (DSN) the DSN code and related DSN
code of 5.7.1, or any message to display to the value between senders of messages that are 5.7.10 and 5.7.999 rejected by the RejectMessage
transport rule action The DSN message that is associated with
displayed in the user information portion of the NDR that is displayed to the sender The specifi ed DSN code must be an
existing default DSN code or a customized DSN status code that you can create using the
New-SystemMessage CMDlet.
EventMessage Single string EventMessage accepts a single string
that is displayed in an event log, which is added to the Application event log on the local computer
FallBackAction Single value with
the choices of Wrap, Ignore, or Reject
Font Single value with the Font specifi es the font of the
choices of Arial, disclaimer text when the text is
CourierNew, added to an e-mail message
the value in double quotation marks
FontColor Single value with the FontColor specifi es the color of
choices of Black, Blue, the font of the disclaimer text
Fuchsia, Gray, Green, when the text is added to an