Subscribe to Windows IT Pro
July 28, 2008 12:00 AM

Deploy Exchange 2007 on a Single Server

By configuring the Hub Transport role to handle Internet email, you can run Exchange Server 2007 on one physical server
Damir Dizdarevic
Windows IT Pro
InstantDoc ID #99392
Rating: (2)

Configure Hub Transport to Receive Internet Email
To enable the Hub Transport server to receive messages from external sources, your first task is to configure an accepted domain for your Exchange organization. An accepted domain is any SMTP domain for which your Exchange server sends or receives email. Accepted domains include those domains for which the Exchange organization is authoritative (i.e., the server handles mail delivery for recipients in that domain) as well as domains for which the Exchange organization receives mail, then relays it to the external mail server. You must configure at least one accepted domain before you can use that SMTP namespace in an email address policy.

To configure the accepted domain, open EMC, navigate to Organization Configuration, open the Hub Transport node, and go to the Accepted Domains tab. Click New Accepted Domain in the Actions pane to start the wizard. On the first page, enter the domain’s name (this will probably be the name of your domain) and FQDN of the accepted domain. When you enter the accepted domain, you can use a wildcard character in the address space, to indicate that all subdomains of the SMTP address space are also accepted by the Exchange organization (e.g., *.microsoft.com will also accept all subdomains of Microsoft.com domain).

Next, select Authoritative Domain, which indicates that your server is responsible for mailboxes in that domain, and click New to create the new accepted domain. You can repeat this procedure for any domain that you want to accept messages for, but make sure that you configure MX records for these domains to point to your mail server.

Now you need to configure the Receive connector. The Hub Transport server has two default receive connectors, but both connectors require authentication. Because you want your Hub Transport server to accept messages directly from the Internet (not from the Edge Transport server), you’ll need to allow an anonymous connection. To do so, open the Server Configuration node, click Hub Transport, and in the middle pane right-click the Default ServerName connector and select Properties. Open the Permission Groups tab and click the Anonymous users check box. Leave the other check boxes as is. Click OK when you’re done.

Note that there’s one more Receive connector, the Client ServerName connector. That connector is configured to work on port 587 and is intended to be used by POP3 and IMAP4 clients for sending messages with TLS authentication. You can easily change this port number by editing the connector’s properties. Don’t allow anonymous connections on this connector.

Enable Antispam Functionality on Hub Transport
Since you aren’t using an Edge Transport server, you have to implement antispam protection on the Hub Transport server role. By default, antispam functionality isn’t installed on the Hub Transport server; you’ll need to use EMS commands to install it. To do so, open EMS, navigate to the folder in which you’ve installed Exchange Server (the default path is C:\Program Files\Microsoft\Exchange Server), then navigate to the Scripts subfolder. Now enter the following command: 

Install-AntispamAgents.ps1
This command adds antispam functionality to the Hub Transport server. Close EMC and reopen it, open the Organization Configuration node, and click Hub Transport, and you’ll notice a new Anti-spam tab. Click that tab, and you’ll see various features for anti-spam functionality, as Figure 3.

The first capability you should configure here is content filtering. Open the Content Filtering Properties page and click the Action tab. Here’s where you’ll configure actions for messages after they’re assigned a spam confidence level (SCL) value. Three actions are available: delete, reject, and quarantine. I suggest your initial configuration be to delete messages with an SCL of 9, reject messages with an SCL of 8, and quarantine messages with an SCL of 7. In this configuration, messages with an SCL of less than 7 will be delivered to user’s mailbox, as Figure 4. Since Exchange 2007’s built-in spam filter is intelligent and learns over time, after a while you’ll probably want to change those actions to values that better fit your needs.

On this page, you’ll also need to configure a spam mailbox—the mailbox that will hold all quarantined messages. It’s a good idea to create a mailbox solely for this purpose. The administrator should check this mailbox periodically and search for false positives—that is, quarantined messages that should be delivered to users.

Other options on Anti-spam tab let you configure IP allow and IP block lists, if you want to explicitly allow or block certain IP addresses from communicating with your mail server. You can also configure Exchange to receive allow and block lists from external service providers. Additionally, you can configure recipient and sender filtering and Sender ID and sender reputation options. Recipient filtering and sender filtering let you block a specific recipient or sender from receiving or sending messages. Sender ID seeks to verify that every email message originates from the Internet domain from which it claims to have been sent. This is accomplished by checking the address of the server sending the email against a registered list of servers that the domain owner has authorized to send mail. Sender reputation is an antispam functionality designed to block messages according to many sender characteristics. Sender reputation relies on persisted data about the sender to determine what action, if any, Exchange should take on an inbound message.

Ready for Email
Once you’ve verified that AD is working correctly and all Exchange services are functional, you’re ready to start using your Exchange 2007 server to send and receive email. As you’ve seen, installing Exchange 2007 on a single server is feasible if you know what steps to perform and are aware of the configuration differences in this setup as compared with a more typical multiserver Exchange 2007 environment. Although a single-server Exchange 2007 solution can be cost-effective and fully functional, the biggest concern about this type of setup is security, since certain resources, most notably the Mailbox role, are exposed to the Internet. If you’re going to set up a single-server Exchange solution, I also recommend that you implement more than one hard disk in your Exchange server as well as configure local continuous replication for high availability.

See associated listing

Related Content:

ARTICLE TOOLS

Comments
Add A Comment
  • Correa
    2 years ago
    Sep 27, 2010

    as it should configure my server to work outlook anywhere and active sync

    saludos desde chile

  • Damir
    3 years ago
    Oct 22, 2009

    Yes, you can. Send connector is created on Organization Configuration level, and it can be applied to any source transport server in organization. Since in this case only transport server is Hub Transport, connector is using it as a source for sending messages to Internet. On a General tab of connector properties you can easily set FQDN that server will provide in HELO/EHLO phase.

  • Ed
    3 years ago
    Oct 22, 2009

    I'm not convinced you can set the FQDN on a send connector in a single Exchange server environment.

You must log on before posting a comment.

Are you a new visitor? Register Here

advertisement

advertisement

Dev Pro Left-Brain SharePoint Pro SQL Server Pro SuperSite for Windows Windows IT Pro

© 2012 Penton Media, Inc.

Home About Us Advertise Customer Service Privacy Statement Subscribe/Renew Terms Of Use

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.