How to Configure a Relay Connector for Exchange Server 2010

In most Exchange Server 2010 environments there will be the need to allow relaying for certain hosts, devices or applications to send email via the Exchange server.  This is common with multi-function devices such as network attached printer/scanners, or applications such as backup software that send email reports.

SMTP communication is handled by the Hub Transport server in an Exchange organization.  The transport service listens for SMTP connections on it’s default Receive Connector. However, this connector is secured by default to not allow anonymous connections (ie, the type of connection most non-Exchange systems will be making).

You can see this in effect if you telnet to the server on port 25 and try to initiate unauthenticated SMTP communications.

220 EX3.exchangeserverpro.local Microsoft ESMTP MAIL Service ready at Wed, 18 Au
g 2010 19:42:27 +1000
helo
250 EX3.exchangeserverpro.local Hello [192.168.0.9]
mail from: somebody@hotmail.com
530 5.7.1 Client was not authenticated

For some Hub Transport servers that are internet-facing, anonymous connections may already be enabled.  In those cases relay would still be denied but will behave differently than the first example.

220 EX3.exchangeserverpro.local Microsoft ESMTP MAIL Service ready at Wed, 18 Au
g 2010 20:01:44 +1000
helo
250 EX3.exchangeserverpro.local Hello [192.168.0.9]
mail from: somebody@hotmail.com
250 2.1.0 Sender OK
rcpt to: somebody@gmail.com
550 5.7.1 Unable to relay

You’ll note that relay is denied if I try to send from an @hotmail.com address to an @gmail.com address, because neither is a valid domain for the Exchange organization. But with Anonymous Users enabled on the Receive Connector I can send from an @hotmail.com address to a valid local address.

220 EX3.exchangeserverpro.local Microsoft ESMTP MAIL Service ready at Wed, 18 Au
g 2010 20:05:54 +1000
helo
250 EX3.exchangeserverpro.local Hello [192.168.0.9]
mail from: somebody@hotmail.com
250 2.1.0 Sender OK
rcpt to: alan.reid@exchangeserverpro.local
250 2.1.5 Recipient OK
data
354 Start mail input; end with .
test
.
250 2.6.0  [In
ternalId=2] Queued mail for delivery

However if I try to relay out to an external recipient, the Exchange server does not allow it.

220 EX3.exchangeserverpro.local Microsoft ESMTP MAIL Service ready at Wed, 18 Au
g 2010 20:11:27 +1000
helo
250 EX3.exchangeserverpro.local Hello [192.168.0.9]
mail from: backups@exchangeserverpro.net
250 2.1.0 Sender OK
rcpt to: alerts@managedserviceprovider.com
550 5.7.1 Unable to relay

To permit a non-Exchange server to relay mail we can create a new Receive Connector on the Hub Transport server. Launch the Exchange Management Console and navigate to Server Management, and then Hub Transport. Select the Hub Transport server you wish to create the new Receive Connector on, and from theActions pane of the console choose New Receive Connector.

Give the new connector a name such as “Relay ” and click Next to continue.

You can leave the local network settings as is, or optionally you can use a dedicated IP address for this connector if one has already been allocated to the server. Using dedicated IP addresses for each connector is sometimes required if you need to create connectors with different authentication settings, but for a general relay connector it is not necessary to change it.

Highlight the default IP range in the remote network settings and click the red X to delete it.

Now click the Add button and enter the IP address of the server you want to allow to relay through the Exchange server. Click OK to add it and then Next to continue.

Click the New button to complete the wizard.

The Receive Connector has now been created but is not yet ready to allow the server to relay through it.  Go back to the Exchange Management Console, right-click the newly created Receive Connector and choose properties.

Select the Permission Groups tab and tick the Exchange Servers box.

Select the Authentication Tab and tick the Externally Secured box.

Apply the changes and the Receive Connector is now ready for the server to relay through.

220 EX3.exchangeserverpro.local Microsoft ESMTP MAIL Service ready at Wed, 18 Au
g 2010 20:31:00 +1000
helo
250 EX3.exchangeserverpro.local Hello [192.168.0.9]
mail from: backups@exchangeserverpro.net
250 2.1.0 Sender OK
rcpt to: alerts@managedserviceprovider.com
250 2.1.5 Recipient OK
data
354 Start mail input; end with .
test
.
250 2.6.0 <924bab1e-0f07-4054-8700-d121577993b4@EX3.exchangeserverpro.local> [In
ternalId=3] Queued mail for delivery

Because the remote IP range has been secured to that single IP address, any other servers on different IP addresses still won’t be able to relay through the Exchange Server. From any other IP address not included in the remote IP range on the Receive Connector relay will be denied.

220 EX3.exchangeserverpro.local Microsoft ESMTP MAIL Service ready at Wed, 18 Au
g 2010 20:46:06 +1000
helo
250 EX3.exchangeserverpro.local Hello [192.168.0.2]
mail from: backups@exchangeserverpro.net
250 2.1.0 Sender OK
rcpt to: alerts@managedserviceprovider.com
550 5.7.1 Unable to relay

You can later add more IP addresses, IP ranges, subnets, or even add multiple IP addresses to the Receive Connector using a script if necessary.

Advertisements

Great new features in Exchange 2013

Exchange Administration Center: The EAC brings to mind the quote, “You’re riding it, dude!” Yes, I cannot help but think of the line from “Finding Nemo” whenever I think of the new admin console for Exchange. But seriously, the GUI-based EMC (Exchange Management Console) and the Web-based ECP (Exchange Control Panel) are being replaced by a single Web-based UI that is, frankly, my least favorite of all the new Exchange 2013 features. I don’t like Web-based consoles for administration; they always feel clunky and unfriendly. Plus, it has that Metro look, which leaves me cold. We’ll see if I can get used to it.

Exchange architecture revisions: Exchange 2007 and 2010 are broken into five server roles, mainly to address performance issues like CPU performance, which would suffer if Exchange were running as one monolothic application. But Microsoft has made progress on the performance side, so Exchange 2013 has just two roles: Client Access server role and Mailbox server role. The Mailbox server role includes all the typical server components (including unified messaging), and the Client Access server role handles all the authentication, redirection, and proxy services. You can deploy Exchange 2013 with an Exchange 2010 Edge Transport server role but a 2013 Edge role is planned post-RTM.

A new managed store: The store service has been completely rewritten in managed code (C#). Although this change bodes well in terms of higher availability and resiliency, it doesn’t mean the ESE (Extensible Storage Engine) database engine has been replaced with SQL, as many admins would like. Exchange 2013 continues to use ESE as the database engine. But now each database runs in its own dedicated worker process, so a hung process in one database will not cause problems in other databases. Fast Search (an add-on to SharePoint 2010) is also integrated into the managed store for improved search and indexing.

Modern public folders: Rather than just getting rid of public folders (something promised for future releases), Microsoft has embraced them once again. They are no longer managed through the separate Public Folder Management Console; instead, they are managed via the EAC. That makes them public folder mailboxes, which means they use regular mailbox databases. In turn, this means they can be made part of a database availability group for disaster recovery.

Lots o’ PowerShell cmdlets: Although 13 cmdlets have been removed (many having to do with the old public folder management), Exchange 2013 brims with 187 new PowerShell cmdlets. That may not be the final tally when the final version ships next year, but it shows that command-line management tools are still growing. I wasn’t kidding years back when I told everyone to learn PowerShell. It’s not going away.

DLP (data loss prevention): DLP is new in Exchange 2013’s transport rules, but it’s also a continuation of Mail Tips in that it warns users when they may be violating policies meant to prevent disclosure of sensitive data. Such disclosures are usually inadvertent, so the use of DLP-fired reminders lets users be aware when they are putting something like a credit card number or Social Security number in an email. The built-in DLP policies are based on regulatory standards like PCI.

Outlook Web App enhancements: The whole of OWA is redesigned — yay! One awesome feature is support for offline access, which lets users write messages in their browser when offline, then have the messages delivered when they connect to the Internet. OWA supports this feature in Microsoft’s Internet Explorer 10, Apple’s Safari 5, and Google’s Chrome 16 (or later), all of which support the HTML5 local data storage feature. There’s also a new set of UI layouts that users can choose from for desktop, tablet, and smartphone use — a smart approach.

Built-in antimalware: Exchange has had antispam capabilities for quite some time; as of Exchange 2007 you could even choose whether to turn on antispam in the Edge role or in the Hub Transport role. Exchange 2013 extends antispam to a broader set of antimalware capabilities, such as to block phishing attempts.

 

Finding Users Who Have “Out Of Office” Enabled In Exchange 2010

It might come in handy if you know how to get a list of users who have out of office message turned on. Exchange 2010 shell gives you that ability now.

You can even change the message, set the audience (internal or external), turn it off etc with the shell.

To get a list of users who have out of office scheduled, run the following command.

Get-Mailbox | Get-MailboxAutoReplyConfiguration | Where-Object { $_.AutoReplyState –eq “scheduled” }

The above command gives you much more than you need, including the actual message, start time, end time etc.

If you are only interested in the list of users, run

Get-Mailbox | Get-MailboxAutoReplyConfiguration | Where-Object { $_.AutoReplyState –eq “scheduled” } | fl identity

Find USers with oof scheduled

If you want to get the settings for a particular user (for example Rajith), run

Get-MailboxAutoReplyConfiguration –identity rajith

You can also change the out of office settings for a particular user with the Set-MailboxAutoReplyConfiguration cmdlet.

For example, to turn off the out of office for the user account “Rajith”, run

Set-MailboxAutoReplyConfiguration –identity “Rajith” –AutoreplyState disabled

Disable autoreply

Similarly, if you want to extend the out of office message for a user (change the end time), run

Set-MailboxAutoReplyConfiguration –identity “Rajith” –EndTime 01/12/2009 17:00:00

You can change the actual out of office message (internal and external) by running

Set-MailboxAutoReplyConfiguration –identity “Rajith” –InternalMessage “I won’t be around today guys” –ExternalMessage “I am out of the office today”

Top 10 Windows Server 2012 Features

1. Data Deduplication

One of the constants of technology and the IT industry is that data storage demands and requirements are increasing exponentially. From ballooning email inboxes to file shares overflowing with documents, just about every enterprise has a need for more efficient. That’s where the new data deduplication features in Windows Server 2012 come in handy.

It works like this: Say you have a large number of VHD (virtual hard disk) files that you need to move. Each of those VHDs has a lot of duplicate (yet identical) files and applications, like minesweeper, Windows calculator, and other accessory applications. Data deduplication removes all of the copies of those applications from those VHDs but one. It then records the redundant data in a separate location in System Volume Information (SVI) and points to the files that serves as the source template. This can free up tremendous amounts of space, especially when applied across thousands of files across your network. Data deduplication works across different computer networks and also across Windows 8 and Windows Server 2012 machines. If you have lots of files and data to store and not enough space – and who doesn’t – this could be the killer feature. For more information about what data deduplication is and what it does, check out Wesley David’s introduction to data deduplication.

2. GUI-less install options

There are plenty of times when you only want to install only the absolute minimum files and assets you need to run Windows Server, and Windows Server 2012 now includes a default installation option to install the GUI-less server core. You can also now install Windows Server 2012 with a minimal user interface, which means that you have even more ways than ever to install just the Windows Server files you need. This reduces disk space, saves on administration effort, and reduces your attack surface from hackers and other digital malcontents by restricting installed files to the absolute minimum. For more information about the Windows Server 2012 install process, check out the Petri IT Knowledgebase guide to installing Windows Server 2012.

3. Hyper-V 3.0

Windows Server 2012 is loaded with new features, but perhaps the feature that has gone through the most radical improvement is the Hyper-V virtualization feature set. Tired of playing catch-up to VMware on the feature front, Microsoft has loaded Hyper-V with an impressive list of improvements. Some of the highlights include support for up to 64 processors and 1TB of RAM per virtual machine, as well as support for up to 320 logical hardware processors and 4TB of RAM per host. VMware vSphere 5.1 evens the playing field in some areas, but the message is clear: Microsoft is doing everything it can to unseat VMware as the virtualization platform of choice in the enterprise. For more about the improvements in Windows Server 2012 Hyper-V, see Michael Otey’s article on Hyper-V 3.0 over at Windows IT Pro.

See Also: Microsoft Lync 2010 Adoption and Training Kit

4. IP Address Management (IPAM)

One of the biggest headaches for many IT professionals is keeping tabs on IP addresses used on their corporate networks. In a bid to end the time-honored practice of storing IP addresses in Excel spreadsheets, IPAM is a new feature in Windows Server 2012 that provides a new internal framework for locating and managing IP address spaces on networks. You can also manage and monitor servers running Domain Name Service (DNS) and Dynamic Host Configuration Protocol (DHCP). It also does automatic IP discovery and provides a host of other IP-related tasks focused on management, monitoring, and auditing. Check out thePetri IP Address Management forum topic for additional information about IPAM.

5. Network virtualization changes

One of the more problematic aspects of virtual machine management and provision is dealing with the rules and limitations of IP address management. Microsoft is making a raft of improvements to network virtualization in Windows Server 2012, all aimed at tackling problems related to IP addresses and virtual machines. This helps pave the way for private cloud adoption, and also removes barriers for more infrastructure as a service (IaaS) adoption easier for internal IT stakeholders and hosting customers to implement. John Savill over at Windows IT Pro break down all of the network virtualization changes in Windows Server 2012.

6. ReFS

The venerable NTFS file system format has been used for more than a decade by Microsoft. Recent demands from virtualization and private cloud computing have pushed NTFS as far as it could go, so Microsoft decided to add new features and revamp existing ones to NTFS. The result is an upgrade to NTFS dubbed Re-FS for resilient file system.

Re-FS adds a bumper crop of new storage features and improvements, with some of the highlights being increased support for larger file and directory sizes, disk scrubbing, data striping for improved performance, enhanced virtualization support, and it takes advantages of all the new storage pool and spaces features in Windows Server 2012. For more information, read Michael Simmons’ article that provides four reasons why ReFS is better than NTFS.

7. Shared nothing live migration

One of the more impressive new features of Hyper-V 3.0 is shared nothing live migration, which allows you to move VMs from one machine to another with the requirement of having shared storage before making the transfer. This feature can be a boon for smaller IT departments, and it makes it easy to move VMs around without expensive share storage. It one of the most impressive features in Windows Server 2012, and it will help small- to mid-size IT departments become even more agile and responsive to business and customer needs. For more information on the shared nothing live migration feature, read John Savill’s guide to Failover Clustering in Windows Server 2012.

8. Storage pools and spaces

Most IT departments have to contend with a dizzying assortment of storage hardware and medium types, from leading-edge SSD drives and spinning disks to removable drives and legacy magnetic reel tape. Making effective use of all those disparate storage formats can sometimes be a Herculean task, especially when you throw in the ever-increasing storage demands that today’s workplaces place on IT departments. Microsoft is hoping to help admins address that by introducing Storage Pools and Spaces, two storage abstractions concepts being introduced in Windows Server 2012.

Storage Pools aggregate these heterogeneous physical storage devices into cohesive units where it’s relatively easy to add storage capacity by adding additional storage. As mentioned previously, the devices in storage pools don’t have to be homogenous from the perspective of either device or storage size; you can mix and match devices and sizes here.

Storage Spaces takes that concept even further by allowing you to create virtual disks that have the same characteristics as physical devices: they can be attached, removed, backed up, and otherwise managed exactly the same as traditional physical disks. But Spaces have even more useful features and capabilities, including enhanced capabilities when combined with virtualization and private cloud solutions. They also have additional capabilities on the backup, recovery, and high-availability front, and improvement in the realm of thin provisioning as well. For more information, read Storage Spaces in Windows Server 2012 by Michael Simmons.

9. PowerShell 3.0

PowerShell has been steadily gaining in popularity over the last few years, and Microsoft pulled out all the stops for PowerShell support in Windows Server 2012. More than 2000 PowerShell cmdlets are now included, and the newly enhanced stable of commands allows IT professionals to automate and control more aspects of their Windows Server 2012 environment through the PowerShell command line that ever before. This latest update to PowerShell also included improved web access, the ability to schedule jobs, support for disconnected sessions, enhanced and editable help files, and dozens of other new features. For more information on this latest release of PowerShell, check out this interview with Jeffrey Snover, the lead architect for Windows Server 2012.

10. CHKDSK changes

Everyone reading this is probably already intimately familiar with the ubiquitous CHKDSK application, which has been in use in various forms since MS-DOS 1.0. We’ve all stepped out for a cup of coffee when the dreaded CHKDSK disk scan kicks off on a server or client equipped with large disk storage.

Microsoft has responded to this productivity killer by revamping CHKDSK in Windows Server 2012. Rather than spending vast amounts of time laboriously scanning through sectors on large disks, the new and improved CHKDSK now scans disks in two phases: An online phase that detects errors and logs defects (and which also can run in the background), and an actual repair phase that does the actual fixing of corrupted drive data.

I’ve seen time comparisons between the old and new CHKDSK, and the time differences are dramatic: Some scans that took more than 150 minutes to complete are done in less than 4 seconds. It’s a dramatic improvement, and something that every Windows system administrator should rejoice over. For more information on the revamped CHKDSK, read Kurt Mackie’s article over at Redmond Magazine about CHKDSK improvements in Windows Server 2012.