Out of the box, Exchange Server 2010 will
neither send email outside the organization nor receive email from
outside. This is a big change from Exchange Server 2003, where outbound
email just worked out of the box and inbound email would work if you
got your DNS MX records right.
Many small and medium-sized businesses route their
email directly to a single Exchange server or to a single dedicated Hub
Transport server. Although this might not be the best approach for an
organization with thousands of mailboxes, it works well for small
businesses (fewer than 500 users). Figure 1 shows an organization that is using this simple configuration.
For the Exchange combined function server shown in Figure 1, your public MX record would need to point to a single Internet-facing host (such as mail1.somorita.com
shown in the figure), and the SPF record for your domain would need to
indicate the correct public-facing IP address as being authorized to
send mail for your domain.
You should two steps to allow this organization to
send mail to and from the Internet. First, you must configure the
server to accept anonymous connections from the Internet; second, you
must configure the server to know how to send mail to the Internet.
1. Configuring the Default Receive Connector
An Exchange 2010 Hub Transport server has two
receive connectors (Client and Default). You can think of the receive
connector as being something similar to the Exchange 2003 SMTP virtual
servers except the SMTP services in Exchange 2010 are handled by the
Microsoft Exchange Transport service (MSExchangeTransport) rather than
the IIS SMTP service.
The Client receive connector is intended to be used
by POP3 or IMAP clients; it listens on TCP port 587 and allows only
Exchange-enabled users to authenticate (yes, they must provide
credentials) to use this connector.
The Default receive connector is intended for use by
other SMTP servers, but out of the box it will not accept connections
from any SMTP client or other server that does not provide credentials.
You can find the Default receive connector for each Hub Transport by
using the EMC to navigate to Server Configuration 
Hub Transport, select the appropriate server in the details pane (the
middle pane), and then select the receive connector in the work pane.
Right-click on the receive connector and choose Properties.
On the Permission Groups tab (shown in Figure 2),
you can see who is allowed to connect to this particular receive
connector. The Anonymous Users check box is cleared by default and thus
will only allow authenticated connections.
For your Hub Transport server to accept mail from
the outside world or from a third-party message hygiene system, you
must check the Anonymous Users check box.
The General tab (shown in Figure 3)
for the Default receive connector has some additional options you might
want to consider setting. These include the protocol logging level
(either None or Verbose), the fully qualified domain name that remote
clients will see when connecting, and the maximum message size.
There are few items that we feel are noteworthy on
the General tab. The first, and probably the most useful, is the
protocol logging level. Sooner or later, you will have to diagnose a
problem when receiving inbound email from the outside. You will have to
enable protocol logging on each Hub Transport server that receives
inbound SMTP mail from outside your organization. You can view each Hub
Transport server's receive logging feature using the Get-TransportServer cmdlet; here is an example for server HNLEX05:
Get-TransportServer HNLEX05 | FL *receiveprotocol*
ReceiveProtocolLogMaxAge : 30.00:00:00
ReceiveProtocolLogMaxDirectorySize : 250 MB (262,144,000 bytes)
ReceiveProtocolLogMaxFileSize : 10 MB (10,485,760 bytes)
ReceiveProtocolLogPath : C:\Program Files\Microsoft
\Exchange Server\V14\TransportRoles\Logs\ProtocolLog\SmtpReceive
A maximum of 250 MB worth of logs are kept and the
log file sizes are no more than 10 MB. The receive log files are stored
in the C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\ProtocolLog\SmtpReceive folder, though you can change any of these using the Set-TransportServer cmdlet.
Next is the FQDN that will be returned when clients connect to this server. Note in Figure 3
that this is currently hnlcf01.ithicos.local; while this should not
cause any sort of mail delivery issues for you, it does expose your
internal server name and internal domain name. Here is an example of
the banner that is presented to a client when it connects to an
Exchange server:
220 HNLCF01.ithicos.local Microsoft ESMTP MAIL Service ready at Sun,
18 Oct 2009 00:18:10 -0700
The third feature that is interesting on
this page is the maximum message size that the receive connector will
support. The default is 10 MB, which is the same as the global message
size limit.
