SMTP Routing in Exchange 2010

7/29/2019 SMTP Routing in Exchange 2010

1/10

SMTP Routing in Exchange 2010

Starting with Exchange Server 2007 all SMTP traffic in Exchange Server is routed through

the Hub Transport Server. The reason behind this is compliancy. By routing all messagesthrough the Hub Transport Server it is always possible to track messages. It is also possible to

temporarily store these messages so when a disaster strikes Exchange can always (try to)

recover these messages from the Hub Transport Server such as, during a failover in a CCR

cluster or a Database Availability Group. In this series of articles Id like to explain a bit more

about the Hub Transport Server and the SMTP message flow within Exchange Server 2010.

Message flow

In Exchange Server 2010 all messages are always routed through the Hub Transport Server.

This is the case for:

Messages routed to and from the Internet, with and without an Edge Transport Server;

Messages routed to other Active Directory sites within the Exchange organization;

Messages between mailboxes on the same Mailbox Server, even mailboxes within the

same Mailbox Database;

Yes, you read that last one correct. If theres one Exchange 2010 Mailbox Server with only

two mailboxes on it, and the first mailbox sends a message to the second mailbox, it is routed

through the Hub Transport Server.

If the Hub Transport Server is not available, the message will not be sent and the message willnot leave the mailbox!

Transport internals

To get a better idea of the message transport in Exchange Server 2010 we have to identify

several services in the Exchange environment that play an important role in message routing.

1. Mail Submission Service when a message is created and the Send button is clicked,

the new message is placed in the mailbox outbox. Theres a service running on the

Mailbox Server role called the Exchange Mail Submission Service which notifiesthe Hub Transport Server that a new message is awaiting for processing. The Mailbox

Server has an internal list of Hub Transport Servers in the same Active Directory site

(the submission server list) which is updated every 10 minutes. This is done by the

server discovery process. A round robin mechanism is responsible for load balancing

the SMTP traffic across these Hub Transport Servers;

2. Store Drivers the Hub Transport Servers Store Driver retrieves the message from

the Outbox and puts it in the Submission Queue on the Hub Transport Server. The

Store Driver uses RPC to retrieve the message from the Mailbox Server. Theres no

traffic on port 25 (i.e. SMTP) between the Hub Transport Server and the Mailbox

Server;

3. Submission Queue this is a queue, located on the Hub Transport Server where allmessages are stored that need to be processed. Not only the Store drivers can store

1


2/10

messages in the submission queue, but this can also be done through a receive

connector or the pickup directory.

4. Categorizer the categorizer retrieves messages from the submission queue and

determines where the message needs to be sent to. This can be an internal Active

Directory recipient or an external recipient. The categorizer also expands distribution

groups and identifies alternative recipients or forwarding addresses.5. Pickup Directory this is a directory that is checked once every 5 seconds for new

messages. When a message is in the correct EML format it is picked up from this

directory and when the process is completed the file is deleted from the pickup

directory.

Figure 1: Overview of the Hub Transport Server Role

Queues

A queue is a temporary location where messages that are waiting for processing are stored.

The submission queue is already discussed, but there are more queues:

Mailbox Delivery Queue This queue stores messages that will be delivered to

mailboxes on a Mailbox Server. Again, communication between the Hub Transport

Server and the Mailbox Server for mailbox delivery is encrypted RPC. Note: a

mailbox delivery queue only exists on Hub Transport Servers and not on Edge

Transport Servers;

Remote Delivery Queue this is a queue where messages are stores that need to be

delivered remotely. Remote delivery queues can exists on Hub Transport Servers as

well as Edge Transport Servers. Theres a remote delivery queue for every domain the

Transport Server is sending messages to. So, if there are outbound messages sent to

for [email protected], then a remote delivery queue exists for the

domain hotmail.com. These remote delivery queues only exist for a small amount of

time. After successful delivering of the message to hotmail.com, the queue for this

2
mailto:[email protected]:[email protected]:[email protected]:[email protected]


3/10

domain is deleted, but only when no other messages are sent within a couple of

minutes. Besides a remote delivery queue for every external domain, theres also a

remote delivery queue for every Active Directory site that contains other Hub

Transport Servers;

Poison Message Queue There are specific messages that Exchange considers to be

harmful to the Exchange system after a server failure. If such messages areencountered then they are stored in the poison message queue. The poison message is

empty during normal operations and therefore it does not appear in the Queue viewer.

Unreachable Queue This queue contains messages that cannot be routed to their

original destination, for example after reconfiguring the routing infrastructure.

Queue Database Files

In Exchange 2003 and earlier the queues were stored on the local disk in the c:\mailroot\queue

directory, or a queue directory in the Exchange Server directory. Exchange Server 2007 and

Exchange Server 2010 store their queues in an ESE database. This database is located in theC:\Program Files\Microsoft\Exchange Server\TransportRoles\data\Queue directory. ESE

operations on this Queue Database file are similar to those of a normal ESE Mailbox Database

file. So transactions are stored to the log files first and later on are committed to the Queue

Database file. The checkpoint file keeps track of which transactions are already written to the

Queue Database file.

Log files of the Queue Database file circular logging are enabled by default. This means

that older log files are deleted when they are no longer needed. Because of this, it is not

possible to recover old data from the log files. Since the data in the Queue Database file is

volatile (i.e. it exists for a short period of time in the queue and the database) this is not an

issue.

The Queue Database consists of the following files:

Mail.que the actual Queue Database file;

Tmp.edb temporary file for Queue Database file operations;

Trn*.log the individual log files for storing Queue Database transactions;

Trn.chk the checkpoint file that keeps track which transactions are already

committed to the Queue Database;

Trnres00001.jrs and Trnres00002.jrs two reserved empty log files that are used when

the disk is full during normal log file operations.

3


4/10

Figure 2: The Queue directory on local disk. Already 2459 log files (99B hexadecimal) are

createdon this server.

We have seen the message transport in Exchange and services that play an important role in

message routing and went through the various queues of the Exchange database. In my next

article I will cover the communication between Exchange Hub Transport Servers in moredetail.

In Part I of this series I explained how SMTP messages are processed with an Exchange

Server, in particular how a Hub Transport Server processes messages from a Mailbox Server.

4


5/10

Figure 1: The SMTP "Transport Pipeline" in Exchange Server 2010

I already explained how a Hub Transport Server picks up a message from the Mailbox Server

to process it. There can be multiple Hub Transport Servers in an Active Directory site.

The Mail Submissions Service on the Exchange 2010 Mailbox Server notifies the Hub

Transport Server that a message is in the Outbox. The Store Driver on the Hub Transport

Server retrieves the message from the Mailbox Server. RPC is used for communication

between the Hub and the Mailbox Server.

After retrieval, the message is stored in the Submission Queue waiting for further processing.

The Categorizer picks up the message again and determines where to send it:

Back to the Mailbox Server;

To another Mailbox Server in the same Active Directory site. Again, RPC is used for

communication between the Hub Server and the other Mailbox Server;

To another Hub Transport Server in another Active Directory site. Communication

between Hub Transport Servers is via SMTP;

To the outside world. For sending messages to the outside world (i.e. the Internet)

SMTP is used as well.

5


6/10

You can have multiple Hub Transport Servers in one Active Directory site for redundancy

and scalability purposes. When you have multiple Hub Transport Servers in your Active

Directory site, the Mailbox Servers keeps an internal list of all these Hub Transport Servers.

The Mail Submission Service then Round Robins through this list as to notify a Hub

Transport Server and to pick up the message from the Outbox. This way the Mailbox Server

load balances between all available Hub Transport Servers in the Active Directory Site.

But, before we can send and receive SMTP message we first have to configure the Hub

Transport Server with a Send Connector (to send mail) and configure the Receive Connector

(to receive mail).

Send Connector

Right out of the box, Exchange 2010 doesnt have a way to send message to the Outside

world. Before you can send message you have to create a Send Connector:

1. Logon as an administrator on an Exchange 2010 Server and open the Exchange

Management Console. Navigate to the Organization Configuration and select Hub

Transport. In the results pane, select the Send Connector tab;

2. The New Send Connector wizard appears. Enter a name for the Send Connector and

select its usage (Internet) and follow the wizard. Enter * for the address space. This

way the Send Connector will be used for all SMTP domains, except for the internal

SMTP domains of course.

3. Next is to select whether you want to use a smart host (an SMTP server with your

provider for example) of whether you want to use DNS. In the latter case the Hub

Transport Server will be responsible to retrieve all MX records and send the outbound

messages accordingly. My personal preference is to use DNS, but you might havevalid reasons to use a smart host of course;

6


7/10

Figure 2

4. In the next Windows you have to select the Source Server. If you have multiple Hub

Transport Servers in your Active Directory site you can enter them here. These servers

all participate in the Send Connector. SMTP messages will automatically be load

balanced across all source servers in the Send Connector;

5. Finish the wizard and the Send Connector will be created.

The Hub Transport Server is now able to route messages to the Internet.

Receive Connector

By default, a Hub Transport Server will not accept anonymous connections. And connections

coming form the Internet are anonymous. Microsofts opinion is that you need to use the Edge

Transport Server (in your DMZ). The Edge Transport Server does accept anonymous

connections from the Internet, and communications between Edge Transport Server and Hub

Transport Server is secure. Ill get back to using an Edge Transport Server in one of the next

articles in this series.

But if you want to enable anonymous connections you have to enable this on the Default

Receive Connector. Open the Exchange Management Console, Navigate to the ServerConfiguration and select Hub Transport. In the results pane, select your Hub Transport

7


8/10

Server and in the low pane, select the Default Receive Connector and request its properties.

Click on the Permission Groups tab to see who is allowed to connect to this Receive

Connector. The Anonymous Users is not selected by default as shown in this screenshot:

Figure 3

Check theAnonymous users checkbox and click OK to close the window. The TransportServices needs to be restarted for this setting to take effect. Open an Exchange Management

Shell window and enter the Restart-Service MSExchangeTransport command.

We now have a Hub Transport Server that can send and receive SMTP messages to and from

the Internet.

Please note that when you use an appliance in your DMZ, for example a Barracuda, IronPort

or McAfee solution this is considered as anonymous from a Hub Transport Server point of

view.

Mail flow to the Internet

8


9/10

When a client creates a new message and clicks the Send button the message is placed in the

Outbox. A Hub Transport Server will pickup the message and will place it in the Submission

Queue on the Hub Transport Server. In this Submission Queue the message is safely stored on

the hard disk of the Hub Transport Server. The Hub Transport Server can crash and reboot,

but the message is still safe.

The Categorizer would pick up the message from the Submission Queue and check the To:

field in the message to determine the recipients. The routing component of the Categorizer

determines the final destination for the message. For Internet delivery, the message is

delivered to SMTP Out (part of the MSExchange Transport Service) which uses the Send

Connector that was created in the previous step. Depending on the address space a routing

decision is made.

A queue is created for every message that is sent. This is true for internal messages (back to a

mailbox server in the current Active Directory site as well as other Hub Transport Servers in

the Exchange organization) and for external messages.

You can view the queues using the Queue Viewer. Open the Exchange Management

Console and navigate to the Toolbox section. Select the Queue Viewer in the results pane.

Figure 4

You can see the individual queues, the status, the number of messages in the queue and when

there are some issues, the error is shown as well. Using the Queue Viewer you need toconnect to every Hub Transport Server so see messages in queues on other servers.

9


10/10

You can also use the Exchange Management Shell to get queue information using the Get-

Queue cmdlet. When combined with the Get-TransportServer cmdlet you can see all queues

on all Hub Transport Servers:

Figure 5

Whats a reasonable amount of messages in a queue and how long do they stay there? Thats

not an easy question to answer. Youll see quite a number of queues as a result of NDRs

(when spam is sent to non existing users) that cannot be delivered. Typically these queues

have only 1 or 2 messages. When there are problems using delivery on the other SMTP hosts,

the number of messages will increase. This is the time to start troubleshooting.

10

Documents

SMTP Routing in Exchange 2010