Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Questions with Transport Role during 03 to 07 upgrade

Status
Not open for further replies.

ECCOGuy

IS-IT--Management
Aug 31, 2006
33
US
A few months ago we started a rollout of exchange 07. We have one server that is running the mailbox, access, and transport rolls. It's only hosting a few room and equipment mailboxes right now.

When we first installed that server we found an odd issue. To our understanding, out-of-the-box 07 does not allow any external connections. Our 03 boxes are setup for both connection and relay to only allow specific IP addresses. But for some reason, our 03 servers' queue starting filling up with NDRs rapidly as soon as the 07 box was up. I checked that annyomous access was disabled on the 07 box (like I said, default install). I went into the SMTP server from the 03 ESM and added the filter rules like the 03 servers have and everything went back to normal.

So now we are wanting to finish the migration and decommission the 03 boxes. I'm trying to figure out how/where I make those changes in 07 EMC because I can't seem to find that list of IP addresses I entered. From what I thought I understood, they shoud be under the 'Recieve email from remote servers that have these addresses' area of the Recieve connector. But that is showing as the default (0.0.0.0-255.255.255.255).

What am I missing? Am I looking in the wrong area?

Thanks for the help!

Spencer
MCSE2k, MCSA2k, Net+, A+
 
Right. Thanks for the link. I've been through there before, but as I said, even in the default setup it still was seeming to recieve email (hence my queue was filling up with DNRs from spam) until I added the filters through the ESM for the new 07 box.

Now that it's later, I'm trying to find where those settings are located inside of the new EMC. Those articles refer to the recieve connector (which is where I was thinking it would be), but the article never addresses connection filtering, and I cannot find in EMC what I had setup in ESM.

Please more help!

Spencer
MCSE2k, MCSA2k, Net+, A+
 
If you enabled the anti-spam agents on the hub transport server, it would be under Organization Configuration>Hub Transport>Anti-spam

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
I just tried adding the anti-spam agents, it seemed like it would be right, but the information wasn't there. Attached is a screen shot of what is configured for the 07 server through the ESM.
I'm still just can't seem to find that information in EMC. It has to be somewhere. Perhaps it's only visible through the shell? If so, what would be the command (I know extremely little about the shell)?

I really do appreciate the help!

Spencer
MCSE2k, MCSA2k, Net+, A+
 
 http://files.openomy.com/public/sshiley/exchange%20connections.JPG
I'm trying to understand what you're doing there. When you add an '07 box, outbound email will go out through the '07 box. This is also true if you have an '03 box in the environment with no SMTP connector - mail will go to the '07 box and then out (generally).

In '07, you must configure a receive connector with anonymous access for it to receive inbound email from the Internet. You must also have a send connector to send to the Internet. Without both of these, mail is first going to queue, then bounce.

Additionally, you shouldn't be configuring anything on an '07 box from the '03 ESM. Only via EMC or EMS.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
If the 03 box is the bridgehead, you'd also have bidirectional connectors for intrasite comms.

Can you clarify what you are trying to achieve?

I wrote a blog article on 03 to 07 interop where 03 is the bridgehead. It is basically a couple of powershell lines to get the connectors running.
 
Additionally, you shouldn't be configuring anything on an '07 box from the '03 ESM. Only via EMC or EMS.

I think that's the biggest key. There are several places on the internet that say it's okay, but I don't think so. We're looking at three total servers, 07a, 03a, 03b (example):

03a and 03b have always had connection filters to only allow SMTP connections from certain IP addresses. So when we intalled 07a, it created a routing group to 03a (in same site). 03a also has routing group to 03b. The only accounts at the time on 07a were conference rooms used by accounts on 03a. So as long as 07a and 03a could talk, that's all we cared about. But, for some reason, without a recieve connector on 07a, the queue on 03a filled up with NDRs to external sites that were obvious spam. Another administrator said it was coming through 07a, and I told him it was impossible because we didn't have a recieve connected on 07a and the logs weren't showing any traffic. He pointed out that we didn't have any problem until we installed 07a. So I went into ESM on 03a and drilled to the SMTP vitrual server for 07a and added the filter elements. All the NDRs that were filling 03a's queue went away! I have no clue how or why, but they did.

So, fast forward to today. I need to start moving the rest of the accounts from 03a over to 07a. Before I do that, I created a send connector to the internet (before that, I couldn't send outside email). I went to go configure the recieve connectors, but wasn't finding how to setup the IP filtering.

So going strictly from 07a's EMC, how do I setup IP filtering for only addresses I specify? Do I add the IPs to the Allow List, and then put a * in the Block list and it will work?

Spencer
MCSE2k, MCSA2k, Net+, A+
 
No, just put the other boxes in the Allow and leave the block list blank.
 
But when I go to decommission '03a', and '07a' takes on recieving email from outside (via spamsoap) do I still leave the block blank? Is they like an implicit 'deny all' somewhere whenever I add external addressed to the allow list?

Thanks!

Spencer
MCSE2k, MCSA2k, Net+, A+
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top