Creating the Send connector in PowerShell is relatively simple because it only requires a single command; however, you still need to make sure to provide the correct parameters. Below is the command to create the Send connector for sending mail to the Internet. Please note this command will create exactly the same connecter as the one we created using the console.
New-SendConnector -Name ‘To Internet’ -Usage ‘Custom’ -AddressSpaces ‘SMTP:*;1′ -IsScopedConnector $false -DNSRoutingEnabled $false -SmartHosts ‘[192.168.1.100]‘,’[192.168.1.101]‘ -SmartHostAuthMechanism ‘None’ -UseExternalDNSServersEnabled $false -SourceTransportServers ‘KEXCH’
Post-Creation Configuration
There are some important configurations which you should consider after creating your Send connectors; specifically, things like MaxMessageSize, SMTPMaxMEssagePerconnection and Protocollogging, etc. Adjusting these configurations on a Send connector is easy to do using the set-Sendconnector cmdlet:
St-Sendconnector -Name ‘To Internet’ -MaxMessageSize 20 MB -smtpmaxmessageperconnection 25
If you are not sure how your Send connector is configured, using the Get-Sendconnectorcmdlet will give you more information on the connectors in order to better understand them:
Get-senderconnector -name “Connector name” |format-List
Receive Connectors
As the name suggests, use this connector in order to receive incoming email from other Exchange servers, the Internet, partners, etc. Receive connectors are dependent on the Hub Transport Servers, and each Hub Transport server is created with two Receive connectors: a default Receive connector (for SMTP) and a client Receive connector (for POP3 and IMAP.)
Figure 8. The two default Receive connectors on the Hub Transport Server role.
Each of these connectors has a specific configuration that we will discuss shortly. You can also create custom Receive connectors on the Hub Transport servers to act as secure relays within your organization. Each connector is associated with a local IP address and port number. It’s also useful to define the IP address or range of IP addresses that a receive connector can accept connections and emails from, as well as the maximum message size, necessary authentication, and permissions, etc.
Initial Receive connectors on the Hub Transport Servers
As you can see in figure 8, each Hub Transport Server has two initial Receive connectors already in place: The default connector (for handling incoming SMTP email) and the client connector (for handling SMTP relay email). Both of these are configured by default to be secure, and it’s generally a good idea to keep them this way. Anonymous users’ permission is not enabled by default. Let’s take a closer look at these two connectors now:
Client [ServerName]
You create this connector when installing a Hub Transport server. It accepts email from non-MAPI clients for SMTP relay, and is configured to use port 587. It can accept messages from any IP address and has permission to accept mail from Exchange Users, as they are considered authenticated users. The available authentication methods for use with this connector include: Transport Layer Security (TLS), Basic authentication, Exchange Server authentication, and Integrated Windows authentication. Note: Only Exchange users have permission to use this connector.
Default [ServerName]
Also created upon server installation, this connector is configured to accept email from other Hub Transport servers as well as other servers on port 25 (the universal SMTP port). This connector accepts messages from any IP address and is configured with permissions for use by Exchange users, Exchange servers and legacy Exchange servers. The available authentication methods include: TLS, Basic authentication, and Integrated Windows authentication. Exchange users, Exchange Servers and Exchange Legacy Servers have permission to use this connector.
Custom Receive Connector
If you wanted a specific application server to be able to send email to an Exchange server, then you must create a custom receive connector that only accepts email from that particular application server. Configuring Receive connectors to accept email only from a specific server or port is very important from a security point of view. This step is necessary in order to prevent any other application (such as a malware application) to use Exchange servers to relay email. In order to understand the various configuration options, let us create a custom Receive connector that fulfills our security requirement.
First, access the Exchange Management console and navigate to Server Configuration > Hub Transport. Select the required Exchange Hub Transport Server from the upper result pane, and click on New Receive connector in the action pane Figure 9.
Figure 9: Starting the Receive connector creation process.
1) Specify the Intent of the Connector
As when creating a Send connector, provide a unique and appropriate name for the connector so that you have various options for the connector’s intended use: Custom, Internet, Internal, Client and Partner. Each configuration provides different options for how clients can authenticate and interact with the local network, port configuration, and the remote IP address range (which uses the Receive connector). Let us look at what each of the options provides:
- Custom: This selection provides the most flexible options for creating and configuring receive connectors. For example, select the Custom connector when you have specific application requirements for communicating with Exchange on a different port.
- Internet: This connector is open to messages from the Internet. The Internet setting provides options such as managing the connector’s local network IP addresses, ports and specific FQDNs, as well as providing anonymous and TLS authentication options.
- Internal: This option only allows you to restrict which local network IP addresses can use this connector. This setting also provides options for TLS and Exchange server authentication, as well as permissions for Exchange servers and legacy Exchange servers.
- Client: This setting only provides you with the option to change remote IP address settings. All Exchange users have permission to use this connector, and this setting also provides options for TLS, and also basic authentication with a TLS connection.
- Partner: Similar to the “Custom” setting, “Partner” enables you to manage the connector’s local IP addresses, FQDNs and ports, as well as the accepted remote IP address range. However, it is limited to providing permissions to partners. In addition, it provides TLS and enables domain security authentication.
Figure 10. Specifying the intent of the new Receive connector.
2) Modifying the Local Network Settings
The next step in creating the custom Receive connector is to modify the local Network settings with the connector’s IP address (es) and specified FQDN details. As you can see from the text in Figure 11, these settings control which IP addresses and ports the connector will use to receive mail.
Figure 11. Defining the connector’s local network settings.
3) Managing the Remote Network Settings.
The next step is to control the range of remote IP addresses that can use this connector:
Figure 12. Controlling the range of remote IP addresses from which the connector will receive mail.
4) Create the Receive Connector
Once you complete the configuration of your custom Receive connector, follow the final instructions of the connector creation wizard. You should be able to see the new connector alongside the others in the Exchange Management Console:
Figure 13. The newly created Receive Connector