Smarthost for Exchange 2010 - Send and Receive Connector?

I'm working to get a Smarthost appliance (currently in DMZ) setup to work with my Exchange 2010 server.
If you add the smarthost as the Send connector, do the Hub transport servers it automatically accept e-mails from it? Or do you still have to specify the IP of the smarthost in a receive connector?

because I have an existing smarthost that is our send connector, but it also receives inbound e-mail and has no issue going to our internal Exchange servers. However, I cannot find a receive connector on ant of my HT servers that allows the IP of that appliance to get mail through.    
Anonymous is not checked for the receive connector that allows entire IP range through, so I'm not sure where else to check.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MASEE Solution Guide - Technical Dept HeadCommented:
I suggest you create a receive connector and allow only that particular IP to receive.
Please check this
StuartTechnical Architect - CloudCommented:
Your receive connector defines if you allow email inbound from your 'smarthost'. By default all IPs are allowed on your default connector. You don't need to allow anonymous - have a read through this article it should get you working

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
garryshapeAuthor Commented:
Well for some reason on the new smarthost I added to dmz (but havent added to production for mail servers yet), telnet to 25 and try to send email to myself as a test and I never get it in my Exchange mailbox.
Wondering if that is down to firewall port issue at this point though.
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

StuartTechnical Architect - CloudCommented:
Doesn't sound like it if you can open a telnet connection to port 25.

If you telnet and do a helo command what does it reply as? This will help you distinguish which connector you are going to. It's also pretty easy to enable logging on that connector and review the connection logs if required
garryshapeAuthor Commented:
I telnet to the smarthost I mean, on port 25.

501 5.5.4 Domain name required

If I type helo followed by, it says

250 Hello [], pleased to meet you

I compose an SMTP message and it gives me

250 2.0.0 1x3eepg0rj-1 Message accepted for delivery

But then Exchange never receives it as I don't get it in my Outlook.
So I'm wondering if it's an inbound e-mail routing rule that the smarthost in DMZ can't communicate to our internal Exchange servers.
StuartTechnical Architect - CloudCommented:
Ok I understand, thought you meant you telnet from smart host to exchange. What are you using out of interest?
garryshapeAuthor Commented:
This will be a proofpoint appliance
StuartTechnical Architect - CloudCommented:
Ok I'm not that familiar with the proof point appliances, can you get access to the shell to attempt a telnet to Exchange?
garryshapeAuthor Commented:
It's a lot like Symantec Brightmail/Messaging Gateway just about 400x the cost and I think a bit more secure in e-mail handling.

I will try that telnet from the console.
The logs on the appliance don't give me much as to why it couldn't send. I may have to go deeper.
StuartTechnical Architect - CloudCommented:
Also increase logging on your connectors and review the logs -
garryshapeAuthor Commented:
I'm not sure how my current smartthost is being routed through my receive connector. it's really strange. I don't see anonymous access checked for any receive connectors that would include the IP (or range containing) of the smarthost.
garryshapeAuthor Commented:
I think I found the Server\Receive Connector that includes the IP range for the smarthost.

Its Permission Groups are:
• Exchange users
• Exchange servers
• Legacy Exchange Servers

So "Anonymous" is not needed to accept from a smarthost appliance?

Authentication is:
•Transport Layer Security (TLS)
• Externally Secured
StuartTechnical Architect - CloudCommented:
Most do require anonymous, but don't enable this on your default connectors. Create a new one and tie this down to the single IP
garryshapeAuthor Commented:
I'm trying to change the FQDN for HELO on recive connector to something unique so I can see if when I open telnet from other servers if I'm connected to the right receive connector.
Or is there a better way in the log to confirm which receive connector my test e-mail/smtp connection goes through?
garryshapeAuthor Commented:
Ok figured it out. Can use Set-ReceiveConnector "server\receiveconnector" -Banner "220 Name of receive connector here"  

Setting banner helped me identify the receive connector being used over the telnet smtp connection.
StuartTechnical Architect - CloudCommented:
Hi, you can also view/change this in the EMC but I prefer the shell cmdlet you posted
StuartTechnical Architect - CloudCommented:
Finally make sure the max message size on your new connector suits your needs

Get-ReceiveConnector | fl Identity,MaxMessageSize

Change with the following

Set-ReceiveConnector -Identity "connectorname" -MaxMessageSize 25MB
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.