Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

What are the optimal settings for Hub Transport Connectors on Exchange 2007 running on SBS 2008?

Posted on 2009-02-12
4
Medium Priority
?
776 Views
Last Modified: 2012-05-06
I have a fresh install of SBS 2008 with Exchange 2007. It is a mail server and I want to make sure that the send connectors and receive connectors, as well as all of the settings, are configured optimally.

In Exchange Management Console, under Organization Configuration, Hub Transport, then "Send Connectors", I have a "Windows SBS Internet Send <server name>" and also an "Internet Send Connector." Do both of those need to be there? Their properties pages appear identical, except that the one labeled "Internet Send Connector" has the "Network" tab with "Use domain name system (DNS) "MX" records to route mail automatically" selected, and at the bottom has "Use the External DNS Lookup settings on the transport server" checked. The other ("Windows SBS Internet Send <server name>") does NOT have the "Use the External DNS Lookup settings on the transport server" checked.

Also, both of these connectors have the same "FQDN" specified - our internet domain name with the default "remote" before it, so it reads "remote.<internet domain name>.com".

Next, under "Server Configuration", "Hub Transport", under the bottom pane's "Receive Connectors" tab, there are three connectors: "Default <server name>", "Windows SBS Fax Sharepoint Receive <server name>", and "Windows SBS Internet Receive <server name>".

The "Default <server name>" connector has the FDQN specified as "<server name>.<domain name>.local". On the "Network" tab, the "Receive mail from remote servers that have these IP addresses:" section has "192.168.2.0-192.168.2.0" and "192.168.2.2-192.168.2.255". The authentication tab has "Transport Layer Security (TLS)" checked, "Basic Authentication" checked, "Offer Basic Authentication only after starting TLS" checked, "Exchange Server Authentication" checked, and "Integrated Windows authentication" checked. Under "Permission Groups" tab, the following selections are checked: "Anonymous users, Exchange users, Exchange servers", and "Legacy Exchange Servers".

The "Windows SBS Internet Receive <server name>" connector's "General" tab has the FQDN specified as "<server name>.<domain name>.local". The "Network" tab's "Receive mail from remote servers that have these IP addresses:" section has "0.0.0.0-192.168.1.255", then "192.168.2.1-192.168.2.1", then 192.168.3.0-255.255.255.255". The "Authentication" tab has the following checked: "Transport Layer Security (TLS)", "Basic Authentication", and "Exchange Server Authentication". The "Permission Groups" tab as ALL settings checked.

In Exchange Management Console, under "Organiztion Configuration", "Hub Transport", then the "Accepted Domains" tab, there are three entries: "<domain name>.local", "remote.<internet domain name>.com", and "Windows SBS External Domain" (which has "<internet domain name>.com listed under the "Accepted Domain" column, and is listed as "True" for the "Default" column. All three of these are listed as "Authoritative".

Please let me know any suggestions for settings that would be best.

Thank you.



0
Comment
Question by:Praetereo
  • 2
  • 2
4 Comments
 
LVL 65

Expert Comment

by:Mestha
ID: 23624868
As this is SBS, the answer is quite easy.
Leave it alone.

Setup the server using the wizards and then leave everything it has set.

Having looked at how the SBS wizards configure Exchange from an Exchange point of view, I have seen nothing that needed to be changed. Certainly the server does not need to be secured in any way that I can see.

-M
0
 

Author Comment

by:Praetereo
ID: 23626143
Yes, it was set up mostly using the Wizards. This SBS2K8 box is also a mail server though, and had connectors set up to do that. I am mainly looking for information on what the best configurations are, such as reasons for allowing/disallowing authentications, etc... Scenarios where you would want certain settings on or off, etc... Something like a site listing what each setting is and explaining why you would or would not want to enable it would be great.

Thank you for any help.
0
 
LVL 65

Accepted Solution

by:
Mestha earned 750 total points
ID: 23626363
There is nothing such that you are looking for that I am aware of. Technet has extensive documentation, so if you want to learn about everything within Exchange 2007 you can spend some time in there. However SBS 2008 seems to have setup Exchange 2007 very well.

Most of the time you would be changing settings if you were using external antispam services or additional Exchange services, but they are very specific circumstances. There are many reasons for why you would change the settings, and with all due respect, I am not going to sit here and type them all out.

If you have no reason to think that you need to change them, leave them alone.

-M
0
 

Author Closing Comment

by:Praetereo
ID: 31546044
Thanks!
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
Exchange database can often fail to mount thereby halting the work of all users connected to it. Finding out why database isn’t mounting is crucial and getting the server back online. Stellar Phoenix Mailbox Exchange Recovery is a champion product t…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question