Mail Flow
SMTP Services
One of the first changes we notice during setup is that the hub transport role is no longer available for installation. In fact, it has been divided into two services that run on all client access server and mailbox roles.
A new service, the Front-End Transport Service, runs on the Client Access Server (CAS). This component provides basic spam scanning for incoming messages, quickly forwarding them to the appropriate mailbox servers. It also relays outgoing e-mail to the Internet or, preferably, to smart hosts. This service does not host a message queue.
The Front-End Transport Service is not a replacement for the Edge transport service (but can certainly use the 2010 version of the relay), and despite the fact it seems to be for the outside world, it is not supposed to reside in the perimeter of the network. When a message is exchanged between internal Mailbox servers, the CAS Front-End Transport Service is not used.
A mailbox server now fully integrates SMTP mail flow components.[g1] In fact, that is where the core of e-mail flow happens. It contains different queues, and categorizers, pick-up directories, as well as other components that deliver e-mail to appropriate mailboxes. It is composed of two services:
· Mailbox transport delivery: This component allows the internal e-mail routing engine to appropriately forward an incoming e-mail to the user’s mailbox.
· Mail transport submission: This component routes the outgoing e-mail from a mailbox to the SMTP components to successfully deliver the e-mail to the next messaging server.
Malware and spam protection
Identifying viruses and threats is possible with Exchange Server 2013, as the malware protection component can be enabled for the organization. A message can be scanned for typical threats. This is a service that is now fully integrated into the architecture at no cost. However, it can also be paired with third-party products or Exchange Online Services.
Basic anti-spam filtering is also available in Exchange 2013 and is essentially the same engine as before. However, its configuration is no longer possible through the interface; it can only be done in PowerShell.
Data Loss Prevention
Data Loss Prevention (DLP) is part of the messaging compliance. It is now possible to look for specific patterns and keywords in messages to find confidential and sensitive information that could be outgoing. Combined with transport rules, DLP and appropriate policies it can help filter information and apply several policies that dictate how and what type of information can leave the organization.
Connectors
There is a change in the way connectors are pre-configured, following a typical installation. It affects the way back-end and front-end servers communicate; hence, the default connectors we see in the console are different from the ones seen in previous versions (primarily applicable to receive connectors).
The name changes can be somewhat confusing, so here is a summary of what is now available:
· Default frontend: This connector allows inbound e-mail to be processed by the CAS role. It works on port 25. By default, now anonymous users can use this connector. This is one of the default legacy connectors as well.
· Outbound proxy frontend: This connector running on the CAS is responsible for receiving e-mail from trusted mailbox servers in the organization. It uses port 717.
· Client frontend: This connector allows clients to send e-mail directly to the CAS server through port 587. It exists in previous versions of Exchange Server.
· Default: This connector installed on the mailbox role is used to exchange messages between mailbox servers. It uses port 25 if the mailbox and CAS are not on the same server. If the mailbox and CAS are on the same server, it uses port 2525.
· Client proxy: This connector allows the mailbox server to receive e-mail from the CAS. It uses port 465.
No comments:
Post a Comment