Exchange SMTP Relay Mechanism
What is SMTP Relay?
SMTP relay mechanism could be defined as a system that accepts incoming and outgoing messages through SMTP protocol & forwards them to the desired location. The relay machine doesn't store any kind of messages; it serves as a router that redirects the messages as per instruction.
The relay mechanism only accepts the mails directed to your personal domain only; for example emails sent to “mail.contoso.com” are thensent to the relay system which accepts the messages and routes them to the desired location. Location should be present inside the internal network as; the e-mails sent to domains which you are not hosting, are dropped by the relay mechanism.
|Inbound Relay Mechanism|
It also protects the system from potential virus or malware by acting as a screener that removes the potentially harmful attachments.The server can strip down the attachments and screen the outbound messages from your server. Some facts you should know before performing SMTP relay:
- Inbound SMTP relay is allowed only for the locally hosted domains
- No restrictions for Outbound SMTP relay.
- Remote users can forward mail to domains you do not host by authenticating with the SMTP relay mechanism.
|Outbound Relay Mechanism|
Microsoft Exchange Server Provides Two Types Of Relay Services:
Internal Relay: This feature provided users present inside the organization to send and receive emails within an organization through SMTP connection. By this feature, users present inside an organization could relay emails within premises.For example; you want to relay messages from support team to administrator or any other scenario could be resolved.
External Relay: With this feature users can relay the emails outside organization for purpose of safeguarding from spammers.Consider a scenario, where an organization has its server temporarily down and needs to receive the messages for the time being. There relaying the messages directed to the server would be beneficial as it would redirect emails sent to point A; to point B.
Where the Mechanism Should Be Configured?
The relay could be configured directly on the ISA server (firewall server) or separate IIS server .If we configure SMTP relay on separate IIS server then we could be safeguarded from Denial of Service attacks,which brings down the sever by shooting multiple queries at a particular instance.
Exchange Transport Layer Architecture and Working:
Client access server acts an intermediate to filter emails from outside the Exchange premise and also helps to route the emails from internal servers to the outside world. With this diagram you will be able to relate the working of Exchange transport layer.
The client access server acts as a front end transport service provider which is connecting the outside world with the internal organization. It helps to route the emails or information sent from within the organization to outside world.
The mailboxes server role hosts two services:
Transport Service:It helps to route emails within the organization and helps to establish connection between front end server & Mailbox transport service.
Mailbox Transport Service: It helps to move emails using the transport service and the mailbox databases.
- Configuring SMTP Relay For The Legacy Servers:
- Open Exchange System Manager and locate your SMTP virtual server at Administrator Groups ->Server Name -> Protocols
- Rightclick&open the virtual server properties command.
- Choose the Access tab
- Use the connections tab to specify inbound SMTP connections to particular addresses
- Use Relaying button to control SMTP relaying and use relaying restrictions to manage them properly.
“Only the list below”
- It turns off relaying from everywhere and allows relaying only from the list below.
Selective relaying from a group of computers or from a specific ID:
Use the Add button to add machine IP address or the blocks you want to relay.This feature also allows relaying using domain name instead of IP address.
Internal SMTP Relay Configuration:
The CAS is preconfigured with a receive connector named as “Default Frontend ServerName”. The connector is preconfigured to receive SMTP connections from outside resources and allow them to send emails to internal recipients.
To make internal SMTP relay available, applications should be provided with a DNS to establish connections. You can also use the Exchange Server installed with the client access sever role or create a generic host record in DNS for them to use.