Link to home
Start Free TrialLog in
Avatar of Netcompany
NetcompanyFlag for Denmark

asked on

Receive connector for external SmartHost usage

One internal MS Exchange 2010 Edge Transport server named EDGESRV01
Two internal MS Exchange 2010 Hub transport servers named HUBSRV01 and HUBSRV01 and HUBSRV02
One external mail server named EXTMAILSRV01 with the IP Address

All internal servers are in the ”” domain that I’m managing.

What I want:
Make it possible for EXTMAILSRV01 to relay through EDGESRV01 with from-address and send to an external address or

The connection from EXTMAILSRV1 to EDGESRV01 has to be secured with password and encryption in some way and EXTMAILSRV should only be able to send with
It's kind of a SmartHost i want to create.

What know:
Restrict connections only from in a new receive connector. The authentication is set to MTLS and Basic Authentication after starting TLS. Permission Group is set to Anonymous users.

The receive connector will be linked to two send connectors designated to this setup. One send connector for recipients within the organization, which will use the internal Hub Transport servers as smart hosts, and one send connector for other recipients (external), which will use DNS to find the recipient mail server.

Where I’m stuck:
I don’t know how to secure the receive connector with a password (or username and password).  What to do?

How do I restrict what address EXTMAILSRV01 can send from?

Also I not sure if it’s wise to use MTLS between my Edge Transport and external servers?!

Please help :)
Avatar of Antonio Vargas
Antonio Vargas
Flag of United States of America image

Well you dont restrict a receive connector to accept only from one user. what you can do is:

1- create a receive connector and bind it only to the IP address of extmailsrv01
2- either use anonymous or autenticated users. then it's up to your extmailsrv01 config to configure a user to authenticate agains the receive connector or to dont fill in a username and password and therefore try to send e-mail unauthenticated

also be aware that if the extmailsrv01 is sending mail non authenticated, and you want him to also send e-mail outside the organization, the receive connector needs the "externally secured" option ticked on.

i was a little confuse about you having send connectors to send e-mail internally and with hub servers as smarthosts. that doesnt make any sense. internally you dont use the send connectors. the send connectors of one organization are used only to send e-mail outside that org.

but anyway the relevant information that you need to know is above.

hope it helps.
Avatar of Netcompany


Where do I set up user and password for authenticating with the receive connector? And can I bind the authentication to Domain Users?

About the inbound send connector: It’s necessary to have an inbound send connector, or else inbound mails won’t get to the hub transport servers.
Avatar of Antonio Vargas
Antonio Vargas
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Then how do the extmailsrv01 specify the domain credentials when sending to this Receive Connector?

About the Send Connector, an inbound Send Connector will be created when running New-EdgeSubscription: Take a look under "Automatically Create an Inbound Send Connector".
Well that's up to the configuration on the extmailsrv01. probably on the same section that you choose the ip address of the server to relay mail to, you should have a place to put in the user credentials and therefore authenticate. there should be an option to use credentials. either this is on the code of an application sending e-mails, on an appliance or any other software that does the same function.

and yes you are talking about specific edge to hub comunication send connectors.