Configure Microsoft Exchange for inbound mail

book

Article ID: 179089

calendar_today

Updated On:

Products

Email Security.cloud

Issue/Introduction

 

Resolution

To accept inbound mail, you need to configure a receive connector within Microsoft Exchange. This article covers Microsoft Exchange 2010, 2013, and 2016.

Exchange 2016

Use the EAC to create an Internet Receive connector on Mailbox servers

  1. In the EAC, go to Mail flow > Receive connectors, and then click Add ()
  2. The New receive connector wizard opens. On the first page, configure these settings:
    • Name: Type something descriptive. For example, Internet Receive Connector.
    • Role: Select Frontend Transport.
    • Type: Select Internet.
  3. Click Next.
  4. On the last page of the wizard, do one of these steps in the Network adapter bindings section:
    • If you're recreating an Internet Receive connector to replace the missing default Receive connector named Default Frontend on the Mailbox server, leave the default values of IP addresses: (All available IPv4) and Port: 25 (when you click Finish, you won't receive an error message).
    • If you're creating an Internet Receive connector while the default Receive connector named Default Frontend still exists on the Mailbox server, perform these steps:
      1. Select the default entry IP addresses: (All available IPv4) and Port: 25, and then click Edit ().
      2. In the Edit IP address dialog that opens, configure these settings:
        • Address: Select Specify an IPv4 address or an IPv6 address, and type in a valid local IP address to use for the connector.
        • Port: Leave the default value 25 selected.
      3. Click Save.

        Note: After you've created the new Internet Receive connector on the Mailbox server, be sure to modify the local IP address settings in the properties of the default Receive connector named Default Frontend . You'll need to go to Scoping > Network adapter bindings in the properties of the connector, and then select a different local IP address to replace the default IP addresses: (All available IPv4) and Port: 25 entry.
  5. Click Finish.

Exchange 2013

Use the EAC to create a Receive connector to receive messages from the Internet.

  1. In the EAC, navigate to Mail flow > Receive connectors.
  2. Click Add Add Icon to create a Receive connector.
  3. On the New receive connector page, specify a name for the Receive connector and then select Frontend transport for the Role. Since you are receiving mail from the Internet in this case, we recommend that you initially route mail to your Front End server or servers, to simplify and consolidate your mail flow.
  4. Choose Internet for the type. The Receive connector will receive mail from Internet senders.
  5. For the Network adapter bindings, observe that All available IPV4 is listed in the IP addresses list and the Port is 25. (Simple Mail Transer Protocol (SMTP) uses port 25.) This indicates that the connector listens for connections on all IP addresses assigned to network adapters on the local server.

    Note: If you have multiple network adapters, on this page you can add an IP address that is assigned to a specific network adapter on the local server, but this isn't required.
     
  6. Click Finish to create the connector.
    The Receive connector nbw appears in the Receive connector list.

Exchange 2010

Use the EMC to create a Receive Connector

  1. In the Exchange Management Console, do one of the following:
    • On a computer that has the Edge Transport server role installed, select Edge Transport. In the work pane, click the Receive Connectors tab.
    • To create a Receive connector on a Hub Transport server role, in the console tree, expand Server Configuration, and select Hub Transport. In the result pane, select the server on which you want to create the connector, and then click the Receive Connectors tab.
  2. In the action pane, click New Receive Connector. The New SMTP Receive Connector wizard starts.
  3. On the Introduction page, follow these steps:
    1. In the Name field, type a meaningful name for this connector. Specify a name for the Receive connector that helps you distinguish this Receive connector from other Receive connectors in your configuration.
    2. In the Select the intended use for this Receive connector field, select the usage type for this connector. The usage type determines the permissions granted to sessions that connect to the Receive connector and the supported authentication mechanisms. The following usage types are available:
      • Client: Client Receive connectors receive e-mail from users of Microsoft Exchange. This connector is configured to only accept client submissions from authenticated Microsoft Exchange users. The Client usage type is only available for Receive connectors configured on Hub Transport servers.
      • Custom: Select this option to create a customized connector that connects with systems that don't include servers running Exchange.
      • Internet: Internet Receive connectors receive e-mail from servers on the Internet. This connector is configured to accept connections from anonymous users.

        Note: Symantec strongly recommends against configuring Receive connectors to accept anonymous connections from unknown IPv6 addresses. If you configure a Receive connector to accept anonymous connections from unknown IPv6 addresses, the amount of spam that enters your organization is likely to increase. Currently, there is no broadly accepted industry standard protocol for looking up IPv6 addresses. Most IP Block list providers don't support IPv6 addresses. Therefore, if you allow anonymous connections from unknown IPv6 addresses on a Receive connector, you increase the chance that spam messages bypass IP Block list providers and are successfully delivered into your organization.
         
      • Internal: Internal Receive connectors are used to receive e-mail from servers within your Exchange organization. This connector is configured to only accept connections from Exchange servers.
      • Partner: Partner Receive connectors are used to receive e-mail from partner domains. This connector is configured to receive mail from domains included in the list of secure receive domains. You can add domains to this list by using the TLSReceiveDomainSecureList parameter in the Set-TransportConfig command. Mutually authenticated TLS connections are required for domains that are on this list.
  4. Click Next.
  5. On the Local network settings page, specify the IP addresses and port numbers on which this Receive connector listens for incoming mail. The Local network settings page appears only if you selected a usage type of Custom, Partner, or Internet in step 3. By default, all available local IP addresses are listed.

    The following options are available:
    • Add: To add a new IP address or port number, click Add and specify the following:
      • Use all IP addresses available on this server: Select this option to use all IP addresses associated with this computer. This is the recommended option.
      • Specify an IP address: Select this option to use a specific IP address associated with this computer.

        Note: You must specify a local IP address that's valid for the Hub Transport server or Edge Transport server on which the Receive connector is located. If you specify an invalid local IP address, the Microsoft Exchange Transport service may fail to start when the service is restarted.
         
      • Port: This field identifies the TCP port number on which this Receive connector listens for incoming mail. TCP port 25 is the default port used for message transmission between SMTP servers.
    • Edit   Click Edit to change an existing IP address or port.
    • Remove: Click the "X" to remove an existing IP address.
  6. In the Specify the FQDN this connector will provide in response to HELO or EHLO field, type the name advertised in response to the SMTP HELO or EHLO verb.

    Note: If you leave this field blank, the fully qualified domain name (FQDN) of the Hub Transport server or Edge Transport server is automatically added when the connector is created.
     
  7. Click Next.
  8. On the Remote network settings page, enter the IP address or IP address range of the remote servers from which the connector accepts incoming connections. The Remote network settings page appears only if you selected a usage type of Custom, Partner, Internal, or Client in step 3. To add the remote IP address or remote IP address range, use one of the following methods:
    • Add - IP Address: To enter an IP address without a subnet mask, or to specify the subnet mask by using Classless Interdomain Routing (CIDR) notation, click Add or the drop-down arrow next to Add and select IP Address. In the Add IP address(es) of Remote Servers dialog box, enter the IP address directly or specify a subnet using the CIDR notation. For example, if you enter 192.168.1.1, the Receive connector accepts messages from that host only, but if you specify 192.168.1.0/24, the Receive connector accepts messages from the entire class C subnet of 192.168.1.0.
    • Add - IP and Mask: To enter an IP address or subnet together with a subnet mask in dotted decimal notation, click the drop-down arrow next to Add and select IP and Mask. In the Add Remote Servers - IP and Mask dialog box, specify the IP address and the subnet mask.
    • Add - IP Range   To specify an IP address range by using the first IP address and the last IP address in the range, click the drop-down arrow next to Add and select IP Range. In the Add Remote Servers - IP Range dialog box, specify the start and end addresses of the IP range.
    • Edit: To edit an existing IP address range, select the IP address range, and then click Edit.
    • Remove: To remove an existing IP address range, select the IP address range, and then click "X".
  9. Click Next.
  10. On the New Connector page, review the configuration summary for the connector. If you want to modify the settings, click Back. To create the Receive connector by using the settings in the configuration summary, click New.
  11. On the Completion page, click Finish.

Verify that the Receive connector works

To verify that you have successfully created a Receive connector to receive messages from the Internet, test that you can send mail from an outside source and one of your users can receive it. If you can receive mail, you know that the configuration worked successfully.