Microsoft KB Archive/319426

= How To Configure the SMTP Connector to Link to Internet Domains in Exchange =

Article ID: 319426

Article Last Modified on 12/3/2007

-

APPLIES TO


 * Microsoft Exchange Server 2003 Enterprise Edition
 * Microsoft Exchange Server 2003 Standard Edition
 * Microsoft Exchange 2000 Enterprise Server
 * Microsoft Windows Small Business Server 2003 Premium Edition
 * Microsoft Windows Small Business Server 2003 Standard Edition

-



This article was previously published under Q319426



IN THIS TASK
SUMMARY Requirements How to Plan the Connection Firewall and Security Issues How to Configure the SMTP Virtual Server How to Add and Configure the SMTP Connector How to Add DNS Records How to Confirm That You Configured the SMTP Connector Correctly How to Enable Protocol Logging
 * How to Enable Diagnostic Logging
 * How to Check DNS Records
 * How to Use Telnet

Troubleshooting REFERENCES



SUMMARY
For many organizations, internal and external e-mail connectivity is an essential business and communication tool. Microsoft Exchange provides the facilities to connect your internal mail networks to external organizations on the Internet. This step-by-step article describes how to plan and create a Simple Mail Transfer Protocol (SMTP) connector to enable your Exchange computer to deliver messages to and receive messages from external Internet domains.

back to the top

Requirements
The following list outlines the recommended hardware, software, network infrastructure, and service packs that you need:
 * Microsoft Windows 2000 Server with Service Pack 3 (SP3)
 * Active Directory
 * Exchange Server 2000 Service Pack 1 (SP1) or Exchange Server 2003
 * A means of connecting to the Internet by using an Internet Service Provider (ISP)

This article assumes that you are familiar with the following topics:
 * The Exchange Administrator console
 * DNS issues
 * The dial-up connection configuration

back to the top

How to Plan the Connection
To plan a connection to the Internet, consider the following factors:
 * You must understand the implications of having either a permanent (or fast dial-on-demand) link or a dial-up link. You can use the Internet Mail Service in Microsoft Exchange Server 5.5 to configure a dial-up connection that is dialed on a regular basis. Exchange 2000 and Exchange 2003 do not include this functionality. If you have a single computer that is running Exchange 2000 or Exchange 2003, ensure that the dial-up link to your ISP is connected when the SMTP connector attempts to collect and deliver mail. If you have a WinSock Proxy client computer or a Secure Network Address Translation (Secure NAT) client, such as the client that is included with Microsoft Internet Security and Acceleration (ISA) Server, use the WinSock Proxy client or the Secure NAT client to make the dial-up connection connect automatically whenever the SMTP connector needs to collect mail.
 * You must consider whether you are going to deliver messages either directly to the target domains or by using a smart host. Your decision depends on whether you have a dial-up connection or a permanent connection. If you use a dial-up connection, you can configure a smart host and send all of your messages to that server. If you do so, the smart host is responsible for delivery. If you try direct delivery on a dial-up connection and the target domain is unavailable, the mail is not delivered. However, if you deliver messages to a smart host, this server can retry the delivery while your dial-up link is not connected, which increases the chance that the message will be delivered and reduces dial-up costs.
 * You must plan how you are going to handle large messages. If you use the SMTP connector, you can set up a separate delivery schedule for large messages, for example, messages that are larger than 2 megabytes (MB). If you have a dial-up connection or low bandwidth permanent connection such as a 64 kilobytes per second (KBS) Kilostream link, you may want to hold back larger messages and send them only every two hours, which allows smaller messages to be delivered immediately.
 * You must consider how to prevent unsolicited commercial e-mail from being relayed.

back to the top

Firewall and Security Issues
To send and receive mail to and from external domains, you must allow a connection from your Exchange computer to the external domains over the SMTP port on &quot;TCP:25.&quot; You must allow connections from all Internet addresses to the internal Internet Protocol (IP) address of your Exchange computer in both directions.

If you are using ISA Server as your firewall, you can use the preconfigured protocol definitions (which you can use with protocol rules) and create packet filters to allow inbound and outbound SMTP connections. You can terminate these connections in the perimeter network or the boundary subnet.

To reduce the security risk of intrusion, configure one or more SMTP front-end servers, and then place these servers in your perimeter network. SMTP front-end servers are computers that are running Exchange that do not hold ordinary user mailboxes. These front-end servers relay messages to and from the main Exchange computer, which provides an extra level of defense against intrusion.

Note You can configure the SMTP service on Windows 2000 to act as an SMTP front-end server. However, this configuration is complex. It is easier to implement an Exchange SMTP front-end server.

back to the top

How to Configure the SMTP Virtual Server
Exchange uses virtual servers for SMTP and other common Internet messaging protocols. To configure an SMTP connector, either create a new SMTP virtual server or use the default virtual server. In most environments, you will use the default SMTP virtual server.  Click Start, point to Programs, point to Microsoft Exchange, and then click System Manager. Double-click on the Servers icon in the left pane. Click the server that you want to configure, and then expand Protocols. If you plan to use a new SMTP virtual server:  Right-click the SMTP protocol object, point to New, and then click SMTP Virtual Server. After the wizard starts, type a name for the SMTP virtual server, and then click Next.

Microsoft recommends that you use a name that describes the function of this virtual server, such as &quot;Client Access Virtual Server.&quot; Click the IP address to which this SMTP virtual server will bind, and then click Finish.</li></ol> </li> Right-click either the default SMTP virtual server or the virtual server that you just created, and then click Properties.</li> Click the Access tab, and then click Relay.</li> Confirm that Only the list below is selected and that the list is empty.

Optionally, you can clear the Allow all computers which successfully authenticate to relay, regardless of the list above check box, and then click OK.

Note If you have mail clients that are using a different protocol (for example, Post Office Protocol v.3 [POP3]) that use SMTP to deliver mail, Microsoft recommends that you create a separate SMTP virtual server for that purpose.</li> Click the Messages tab, and then reduce the number of recipients for the message from the default setting of 64,000 if appropriate.</li> Click the Delivery tab, and then click Advanced.</li> Click Configure to configure external DNS servers for this virtual server.

You must configure external DNS servers for this virtual server if you are running separate internal DNS servers for your Local Area Network (LAN). If you add one or more external Internet DNS servers, you enable your SMTP virtual servers to resolve and deliver to external domains. To add an external DNS server, click Add, type the IP address of the external DNS servers, and then click OK. Add a second DNS server for redundancy, and then click OK three times.</li></ol>

back to the top

How to Add and Configure the SMTP Connector
After you configure the SMTP virtual server, add and configure the SMTP connector: <ol> Click Start, point to Programs, point to Microsoft Exchange, and then click System Manager.</li> Expand the organizational tree in the left pane until you find the Connectors container.

Note The Connectors container may be in a different location, depending if the routing and administration groups are displayed at the organizational level.</li> Right-click the Connectors container, point to New, and then click SMTP Connector.</li> Type a name for the connector in the Name box.

Microsoft recommends that you use a descriptive name, such as &quot;Internet SMTP connector&quot; to distinguish this connector from other SMTP connectors that you may be using, for example, to connect to other Exchange Server routing groups.</li> If you are using a dial-up connection or you want to use the ISP's smart host to deliver your messages, click Forward all mail through this connector to the following smart hosts, and then type the fully qualified domain name (FQDN) of the smart host, for example:

mail.your_domain.com

.Note This setting overrides the smart host setting for a smart host on the SMTP virtual server.</li> Under Local Bridgeheads, click Add, click the virtual server that you configured in the &quot;How to Configure the SMTP Virtual Server&quot; section, and then click OK.

You can add multiple SMTP virtual servers for load balancing and redundancy purposes.</li> Click the Content Restrictions tab and confirm the message types that you can use by using this SMTP connector.

If you clear the System Messages option under Allowed Types, delivery and non-delivery reports (NDRs) are not sent through this connector. To configure a message size limit, click Only messages less than (KB) under Allowed sizes, and then type a size in kilobytes (KB).</li> Click the Delivery Options tab to configure times for normal and oversize mail delivery.

These settings depend on whether you want to have different time settings for messages over a particular size. Click either Specify when messages are sent through this connector or Queue mail for remote triggered delivery. It is unlikely that you will click Queue mail for remote triggered delivery unless another server is dialing in to pick up its messages.</li> Either click the time that you want you want the messages delivered in the Connection time box or click Customize.</li> <li>If you click Customize, either click a day in the left column, and then click a time on the top row or click and hold the mouse button as you sweep across the time slots to configure the update interval.

Note To configure the schedule to be displayed in hour slots or in 15-minute slots, click the appropriate option under Detail View.</li> <li>To send large messages at different times: <ol style="list-style-type: lower-alpha;"> <li>Click Use different delivery times for oversize messages, and then type a value for oversize messages.

Do not type a value that is larger than the value that you typed in the Allowed Sizes box on the Content Restrictions tab.</li> <li>Click a time in the Connection box or click Customize to enter the times manually (refer to step 10).</li></ol> </li> <li>If you receive mail directly from other domains, you do not have to configure any settings on the Advanced tab.

However, if you are collecting your mail from a store and a forward facility that is operated by your ISP (this facility is common with dial-up connections), Microsoft recommends that you contact your ISP to find out how to de-queue the stored mail to your mail server. Some servers de-queue automatically as soon as they detect an incoming connection from your domain and some servers accept extended TURN or TURN commands. Other servers use customized FINGER or DEQUEUE commands. If you are using a server that uses FINGER or DEQUEUE commands, you must run a script to connect to tell your ISP's mail server to start downloading messages.</li> <li>Click the Address Space tab, click Add, click SMTP, and then click OK.</li> <li>In the Internet Address Space Properties dialog box, confirm that you entered a wildcard character (*) so that messages to all domains are routed through this connector.

If you have only one SMTP connector, you can leave the cost value at 1. However, cost values represent the actual cost of using the SMTP connector. If you have an SMTP connector that is running across a dial-up link and one that is running on a permanent link, give the permanent link connector a cost value of 1 and the dial-up link a cost value of 50.</li> <li>Click OK to accept the e-mail domain and cost value settings.</li> <li>If your SMTP connector sends and receives mail from external domains, ignore the Connected Routing Groups tab.</li> <li>Click the Delivery Restrictions tab, and then add any addresses from which you either want to or do not want to receive mail.

Note that you can use this tab only to add entries that are already defined within Active Directory. Therefore, if you want to stop messages from arriving from an external recipient, you must define that person and their e-mail address as a contact in Active Directory. However, it is unlikely that you will want to set a restriction of this nature unless you are running this SMTP connector across an expensive link.</li> <li>After you finish configuring the SMTP connector, click OK to accept the changes.</li></ol>

back to the top

How to Add DNS Records
After you configure the SMTP virtual server and the SMTP connector, you can send outgoing mail. However, incoming and return messages are not able to be delivered to you until you (or your ISP) configure DNS. <ul> <li> If your ISP is managing your DNS and you have a dial-up connection, the ISP must create a Mail Exchanger (MX) record that points to their smart host. This record uses the following format: <pre class="fixed_text">  MX   <your_domain>.com smart host1.<isp_domain>.com   10 MX  <your_domain>.com     smart host2.<isp_domain>.com   10 The preference value is 10, which can be used for preferential delivery or load balancing (as in this scenario). The ISP also has A (Address) records for smart host1 and smart host2. </li> <li> If your ISP is managing your DNS records and you have a permanent link, the ISP adds the following record: <pre class="fixed_text"> MX    <your_domain>.com     exchange.<your_domain>.com    10 MX   <your_domain>.com     smart host1.<isp_domain>.com  20 MX   <your_domain>.com     smart host2.<isp_domain>.com  20 A exchange.<your_domain>.com   131.107.2.200 If your link is down, your messages are delivered to the ISP's smart hosts and you can pick up your messages from the smart host. Also note that the A record must be explicitly entered. </li> <li> If you are managing your own DNS records, add the following record: <pre class="fixed_text"> MX    <your_domain>.com     exchange.<your_domain>.com    10 A exchange.<your_domain>.com   131.107.2.200 However, you may enter an MX record for a smart host as well. </li> <li> If you have one or more SMTP front-end protocol servers, your DNS records look similar to the following record: <pre class="fixed_text"> MX    <your_domain>.com     smtp1.<your_domain>.com   10 MX   <your_domain>.com     smtp2.<your_domain>.com   10 A smtp1.<your_domain>.com  131.107.2.201 A smtp2.<your_domain>.com  131.107.2.202 Note If you are running your own DNS, your zone is mirrored on a secondary DNS server, possibly at another company location or with your ISP.

Note It typically takes 24 hours for Internet DNS records to roll over. </li></ul>

back to the top

How to Confirm That You Configured the SMTP Connector Correctly
To confirm that the SMTP connector works, try to send and receive mail from external Internet domains. If you find that messages are not being delivered and are building up in the queues, enable logging to help you troubleshoot the issue.

back to the top

How to Enable Protocol Logging

 * 1) Click Start, point to Programs, point to Microsoft Exchange, and then click System Manager.
 * 2) Double-click the Servers icon in the left pane.
 * 3) Click the server that you want to configure, and then click Protocols.
 * 4) Right-click default SMTP virtual server, and then click Properties.
 * 5) Select the Enable Logging check box, click W3C Extended Log File Format, and then click Properties.
 * 6) Type a value in the New Log Time Period box (Microsoft recommends that you use daily, the default setting), and then either change or accept the path in the Log file directory box.
 * 7) Click the Extended Properties tab, configure the appropriate settings, click OK, and then click OK.

back to the top

How to Enable Diagnostic Logging
You can use the Diagnostic Logging functionality to determine the root of a transport issue.
 * 1) Start Exchange System Manager, and then navigate to the server object.
 * 2) Right-click the server, and then click Properties.
 * 3) Click the Diagnostics Logging tab.
 * 4) Under Services, click MSExchangeTransport.
 * 5) Under Categories, click SMTP Protocol, and then click Maximum under Logging Level.

Diagnostics logging events are written to the Applications log in Microsoft Event Viewer.

Note The diagnostic logging level setting of Maximum is only suitable to use when you are troubleshooting SMTP connectivity issues. Disable or reduce the logging level to Minimum for typical operations.

back to the top

How to Check DNS Records
Use the Nslookup utility to confirm that you configured the DNS records correctly: <ol> <li>Type nslookup at a command prompt, and then press ENTER.</li> <li> Type ls -t mx .com, and then press ENTER.

You should receive the following output: <pre class="fixed_text">  > ls -t MX <your_domain>.com [testserver1.<your_domain>.com] <your_domain>.com. MX    10   testserver1.<your_domain>.com </li></ol>

You can also check for A records to ensure that there is an address record for the Exchange computer.

Note You must have a correctly configured reverse lookup zone for the subnet for the Nslookup utility to work.

back to the top

How to Use Telnet
If you are linked to the Internet by using a connection that is outside your firewall, confirm that you can start a Telnet session and connect to port 25: <ol> <li>Click Start, click Run, type telnet, and then press ENTER.</li> <li>At the Telnet command prompt, type open exchange. .com 25 .</li> <li> You receive a message that states &quot;Connecting to exchange. .com,&quot; and then the following output is displayed: <pre class="fixed_text">  220 exchange.<your_domain>.com Microsoft ESMTP MAIL Service, Version: 5.0.2195.2966 ready at Thu, 4 Oct 2001 21:15:16 +0100 This output demonstrates that you can connect to your SMTP virtual server from the Internet. </li></ol>

back to the top

Troubleshooting
Contact your ISP to ensure that they configured the MX and A records for your Exchange computer correctly. You may have difficulty persuading the ISP to support ETRN for mail collection. Make sure that your current ISP supports connections from Exchange.

back to the top

<div class="references_section">