Поделиться через

Exchange 2013 Mail Flow Demystified…Hopefully!

  • Статья

After installing Exchange 2013 for the first time I noticed some new changes in the architecture that made it confusing in regards to mail flow. One of the bigger changes in Exchange 2013 is the changes of Exchange server roles. In Exchange 2013 we now have just Mailbox and the CAS server role. There is no longer a standalone hub server role. The transport components that where traditionally on the hub role are now spread out on both the Exchange 2013 mailbox and CAS server roles. Let us first go ahead and talk about different transport services in Exchange 2013.         

  • FrontEnd Transport service - This service runs on all Client Access servers and acts as a stateless proxy for all inbound and outbound external SMTP traffic for the Exchange 2013 organization. The Front End Transport service doesn't inspect message content, only communicates with the Transport service on a Mailbox server, and doesn't queue any messages locally.
  • Transport service - This service runs on all Mailbox servers and is virtually identical to the Hub Transport server role in previous versions of Exchange. The Transport service handles all SMTP mail flow for the organization, performs message categorization, and performs message content inspection. Unlike previous versions of Exchange, the Transport service never communicates directly with mailbox databases. That task is now handled by the Mailbox Transport service. The Transport service routes messages between the Mailbox Transport service, the Transport service, and the Front End Transport service.
  • Mailbox Transport - This service runs on all Mailbox servers and consists of two separate services: the Mailbox Transport Submission service and Mailbox Transport Delivery service. The Mailbox Transport Delivery service receives SMTP messages from the Transport service on the local Mailbox server or on other Mailbox servers, and connects to the local mailbox database using an Exchange remote procedure call (RPC) to deliver the message. The Mailbox Transport Submission service connects to the local mailbox database using RPC to retrieve messages, and submits the messages over SMTP to the Transport service on the local Mailbox server, or on other Mailbox servers. The Mailbox Transport Submission service has access to the same routing topology information as the Transport service. Like the Front End Transport service, the Mailbox Transport service also doesn't queue any messages locally.

Next let’s talk about each of the ports mentioned above. Then finally we will discuss the flow of mail through this pipeline.

  • Port 25 – This port just like in previous versions of Exchange is used for SMTP. Used by both External SMTP into the Front End Transport Service (FET), SMTP with Exchange 2007\2010 hub servers, between MBX servers, and also from the FET to the Transport Service. There is a receive connector named Default Frontend <servername> that listens on this port.
  • Port 587 – This port just like previous versions of Exchange is used for Client Connections (POP\IMAP). The CAS Server has a receive connection listening on this port name Client Frontend <servername>.
  • Port 717 – used for outbound proxy connections from the Transport service to the FET Service. When you create a Send connection you have the option to send mail destined for the Internet directly from the Transport Service to the Internet\Smart Host or relay that mail through the Front End Transport Service. There is a receive connector named Outbound Proxy Frontend <servername> that listens on this port.
  • Port 465 – used to accept proxied connections that were received on port 587 by the FET service for client connections. There is a receive connector named Client Proxy <servername> that listens on this port.
  • Port 475 – the Mailbox Transport Delivery Service listens on this ports for connections either from the transport service SMTP Send connector or SMTP from the Transport Service on other Mailbox Servers that need to send mail to users on this server.
  • Port 2525 – if the CAS and MBX servers are collocated on the same server the SMTP Receive connection for the Transport service will listen on 2525 instead of 25. This is because two services (FET and Transport Service) can’t listen on the same port.

 

Here is a diagram that I put together to help me understand these 3 services and also what each of these ports are used for. Next we will discuss now mail flows through these services.

 

Now let’s talk about Exchange 2013 Mail Flow.

Sending Mail to both Internal\External recipients

Step 1: Mailbox Transport - This process starts with the user typing a message in Outlook\OWA and clicking the send button. In Exchange 2007\2010 it was the responsibility of the Store Driver in the Transport Service on the HT Server to send the message to the next hop. Now the Store Drive has been relocated to Mailbox Transport and split into two services (Submission and Delivery Services). The Mailbox Transport Submission service will pick up the message from the users Outbox, Run the Hub Selector process (in order to select the best Transport service which could be local or another server), and forward the message to the Default Receive connector in the Transport service (SMTP 25 or 2525).

Step 2: Transport Service - After the message has been accepted by the Transport service it will get put into the submissions queue. The submission queue will process the message and hand it off to the Categorizer which will do recipient resolution (expansion and bifurcation) and routing resolution. Next it will be place into the correct delivery queues. If the message is going to an external recipient it will use the correct send connector and either send directly to internet or proxy through the FET Service (Set-SendConnector <name> -FrontEndProxyEnabled $true). If the message targets an internal user the message will be send from the Transport Service to the Mailbox Transport Delivery service on the destination mailbox server. Once the Mailbox Transport Delivery service receives this message it will use local RPC to place the message in the users Inbox.

Receiving mail happens in the reverse order of Sending mail. Note that bifurcation always happens at the Transport Service level on the Mailbox Server. After bifurcation the message is sent via SMTP directly to the Mailbox Transport Delivery service over port 475 on the Mailbox Server where the mailbox of the recipient is currently mounted.

I hope this has been helpful in understanding how mail flow now happens in Exchange 2013. If you have any questions please feel free to contact me to discuss further.

Comments

  • Anonymous
    January 01, 2003
    No clues ?

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003

    k

  • Anonymous
    January 01, 2003
    @mray - when the hub selector runs it will determine the optimal transport server (actually it will select primary and secondary) and send it to the transport service on the primary server. This could be local or a remote server.There are a couple of reasons it will send it to a remote server but here is probably the most important. If for some reason the local transport service is having problems it can send it to another server so that mail flow doesn't halt on the local server.

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    I have a question - I have created a receive connector to receive emails from applications on my server and pass on the email to Exchange to be relayed to Internet (External emails, Internal Works perfect) and after reading all the post possible for "Error 550 5.7.1 Unable to relay" I am looking for any one who can assist.

  • Anonymous
    January 01, 2003
    @Yogesh - thanks :)

  • Anonymous
    January 01, 2003
    I have a question in article you mentioned that:

    "When you create a Send connection you have the option to send mail destined for the Internet directly from the Transport Service to the InternetSmart Host or relay that mail through the Front End Transport Service. There is a receive connector named Outbound Proxy Frontend that listens on this port."

    T route the email to internet directly from Transport services is a similiar what we did in Exchang2007/2010. But how about relay that mail through the Front End Transport Service, does in Send Connector we do specified the CAS IP address as smarthost instead InternetSmart Host relay

    Thank you

  • Anonymous
    January 01, 2003
    @Chicko Your mail will not be lost if you point incoming SMTP to CAS and I will explain why. Although the FET service on CAS doesn't queue mail it does smart proxy the connection to the transport service on the best mailbox server (optimal). The sending SMTP Server will not get a 250OK response until after the message gets processed by a MBX server and that message also gets shadowed to another server (shadow redundancy). If you pointed your external SMTP directly to the Transport service (receive connector) on MBX server you would not get this smart proxy that FET provides. Therefore you wouldn't have optimal message routing at all times. If you need any further explanation let me know. I don't get what you mean by "also if you have issues with mailbox(ruleslimits or who knows what other errors/delivery problems".

  • Anonymous
    January 01, 2003
    @Zoltan - all external mail should be routed through the FET service whether its on a standalone CAS server or collocated on the MBX Server. External traffic should never be routed directly to the MBX server.

  • Anonymous
    January 01, 2003
    Wasn't 587 the port traditionally used for client mail submission ? IMAP/IMAPS is by default using 143/993, while POP3/secure uses 110/995. Articles athttps://technet.microsoft.com/en-us/library/bb124489(v=exchg.150).aspx andhttps://technet.microsoft.com/en-us/library/bb124934(v=exchg.150).aspx.

  • Anonymous
    January 01, 2003
    @Albert - 587 is used by clients outgoing mail...110/995 and 143/993 are incoming.

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    March 13, 2013
    The comment has been removed

  • Anonymous
    March 14, 2013
    The comment has been removed

  • Anonymous
    March 15, 2013
    The comment has been removed

  • Anonymous
    May 27, 2013
    Hi I am in the middle of Exchange 2013 Migration from 2010. i setup Exchange 2013 server and i moved one mailbox from 2010 to 2013. unfortunately i mails are going only one direction ( From 2013 to 2010). more over i dont see any article that telling to create any send or receive connector between these two Exchange servers. i got Delivery delay mail " This message hasn't been delivered yet. Delivery will continue to be attempted. The server will keep trying to deliver this message for the next 1 days, 19 hours and 57 minutes. You'll be notified if the message can't be delivered by that time." could you please tell me how i can fix this issue.? should i add my Exchange 2010 server inside 2013 any receive connector?

  • Anonymous
    July 03, 2013
    In what cases will the mailbox transport submission service talk directly to the mailbox transport delivery service on another server rather than to the local transport service?

  • Anonymous
    July 08, 2013
    The comment has been removed

  • Anonymous
    August 10, 2013
    My prior comment should have been directed to "Unni", more coffee.

  • Anonymous
    October 07, 2013
    Hope this article gets published as technet article

  • Anonymous
    November 20, 2013
    Great article!  Is it safe to say that the mailbox server role will always connect to TCP port 717 when sending messages to client access servers (the outbound proxy frontend service)?   The reason I ask is in the past I've created receive connectors that are configured to allow private relaying.  If the subnet that the Exchange servers are on is specified in the 'relay' receive connector, the Exchange servers would start using that connector instead of the Default connector.  This would work for a while, but would eventually stop working causing messages between Exchange hub transport servers to build-up in the queue.   Seems to me that if the transport services on the mailbox servers use a different port to send mail to the CAS servers the scenario above wouldn't be an issue.   As an aside, to get around the issue in 2010, I modified the default receive connector to only accept email from other Exchange servers by entering in their IP addresses.  I then created another receive connector that was identical to the Default one, but included all subnets and allowed anonymous connections.   Thanks!  

  • Anonymous
    December 08, 2013
    The FET  is concept like Quest Software Mail Connector in Coexisting Manager for Lotus Notes?. Front End Transport service   This service runs on all Client Access servers and acts as a stateless proxy for all inbound and outbound external SMTP traffic for the Exchange 2013 organization.

  • Anonymous
    December 11, 2013
    The comment has been removed

  • Anonymous
    December 11, 2013
    @maxime - Yes if the roles are collocated then the only thing that changes is the Transport Server port changes from 25 to 2525. You can not deactivate this.

  • Anonymous
    December 12, 2013
    In a default Exchange 2013 environment with default receive connectors, it means that everybody in internal network can use Exchange SMTP gateway to send e-mail in the internal network perimeter ? Can i desactivate default connectors and create my own receive connector in order to deny that fact ? Thanks in advance ;)

  • Anonymous
    February 01, 2014
    The comment has been removed

  • Anonymous
    February 23, 2014
    The comment has been removed

  • Anonymous
    June 17, 2014
    The comment has been removed

  • Anonymous
    June 18, 2014
    The comment has been removed

  • Anonymous
    July 17, 2014
    The comment has been removed

  • Anonymous
    September 15, 2014
    I got issued with send/receive internal message after configured DAG already. Please help me about this.

  • Anonymous
    October 28, 2014
    Hi
    I am facing a issue in exchange 2013, whenever sending an external mail, getting a delivery delay message

    "This message hasn't been delivered yet. Delivery will continue to be attempted.

    The server will keep trying to deliver this message for the next 1 days, 19 hours and 57 minutes. You'll be notified if the message can't be delivered by that time."

    could you please tell me how i can fix this issue.?

  • Anonymous
    November 12, 2014
    The comment has been removed

  • Anonymous
    January 05, 2015
    clients not able to send mails... mails are stored in Draft folder

  • Anonymous
    January 08, 2015
    The comment has been removed

  • Anonymous
    January 14, 2015
    The comment has been removed

  • Anonymous
    April 23, 2015
    I have 2007 and 2013 servers co-existing at the moment, we're in the process of migrating all the mailboxes, but in the meantime, we have some mail routing issues in that outbound mail sent from 2013 is randomly choosing whether it goes out via 2013 or via 2007. If you send 10 messages to the same recipient one after the other, 5 will go out via 2013 and 5 will go via 2007

    I assume this is down to the "Hub Selector Process" is there any way to stop this happening and force mail out of just the 2013 server?

  • Anonymous
    May 14, 2015
    This is a great post. But i think it will be more complete with a post on how to troubleshoot each step.

  • Anonymous
    September 11, 2015
    @Rich: "If you send 10 messages to the same recipient one after the other, 5 will go out via 2013 and 5 will go via 2007" Set on the 2013 "set-receiveconnector -MessageRateLimit 100

  • Anonymous
    October 01, 2015
    We're running into some issues with mail flow between Exchange 2013 DAGs. All the servers are in the same site, on the same subnet and we're seeing the following error: There is currently no route to the mailbox database. This is causing us to be unable to expand our Exchange 2013 environment as messages are failing to deliver between recipients on the two DAGs. Any thoughts?

  • Anonymous
    October 12, 2015
    The comment has been removed

  • Anonymous
    October 30, 2015
    Hi, great article. So in a 2010>2013 Migration, if you had a receive connector on the 2010 HC server that does SMTP relay for multiple IPs, I want to add a new connector to the 2013 side and add the adapter binding IPs and remote network IPs to the new server to ensure mail delivery continues.

    Does it matter if the new SMTP relay connector goes on the CA or the MB servers? The concept of having multiple mailbox servers (x3) confuses the subject a little.

    Thanks

  • Anonymous
    January 19, 2016
    Why we need "Delivery groups" to send incoming mail in "Mailbox Transport service" if "Front End Transport service" choose and send incoming mail to best "Mailbox Transport service" of one of the mailbox servers itself ?

  • Anonymous
    January 25, 2016
    This is link throw down for items that we discussed in a Exchange 2013 workshop which I delivered in

  • Anonymous
    February 28, 2016
    The comment has been removed

  • Anonymous
    May 09, 2017
    Crush.

  • Anonymous
    November 02, 2017
    Nice :)