Managing the Hub Transport Server Role • Chapter 6 367 Figure 6.39 List of Available Anti-Spam Agents Of course, this solution allows all spam messages and other unwanted e-mail to enter your internal network before it’s fi ltered, but most small shops should be able to live with that. If not, you might want to consider using a hygiene service such as Exchange Hosted Services (EHS), which not only provides effi cient anti-spam fi ltering, but also virus protection and other interesting services. You can read more about EHS at http://www.microsoft.com/exchange/services. Changing the SMTP Banner Something else you might want to do in a scenario where inbound messages are directly routed to a Hub Transport server is to change the advertised FQDN sent in HELO/EHLO commands in SMTP. This is done under the General tab of the Default Receive connector property page, as shown in Figure 6.40. 368 Chapter 6 • Managing the Hub Transport Server Role Disabling the EdgeSync Service Since the EdgeSync service on the Hub Transport server isn’t used, when you don’t have an Edge Transport server deployed in your perimeter network, it’s also a good idea to disable this service (Figure 6.41) in order to save a few system resources. Just by simply running and not replicating with an Edge Transport server, this service actually uses a little under 30 MB. Figure 6.40 The General Tab on the Default Receive Connector Properties Page Managing the Hub Transport Server Role • Chapter 6 369 Pointing the MX Record to the Hub Transport Server The fi nal thing you must do is point your domain’s MX record to the Hub Transport server. This is done differently depending on your specifi c scenario, but typically you just need to redirect port 25 to the IP address of the Hub Transport server in your fi rewall. If you’re publishing your messaging environment using an ISA 2006 Server, this is done under the To tab on the Inbound SMTP properties page, as shown in Figure 6.42. Figure 6.41 Disabling the EdgeSync Service 370 Chapter 6 • Managing the Hub Transport Server Role Missed Features There are a few drawbacks in choosing to have inbound messages go directly to a Hub Transport server instead of via an Edge Transport server in your perimeter network, as best practices tell us. Attachment Filter Although the Hub Transport server does contain some attachment options, you won’t be able to scan the incoming MIME stream for malicious attachment types, and thereby reject them at the protocol layer. However, you could get this functionality on a Hub Transport Server by installing an anti-virus product such as Microsoft Forefront for Exchange Server. Address Rewrite Agent You also won’t be able to take advantage of the address rewrite functionality since the Address Rewrite agent can only be installed on an Edge Transport server. An explanation of this feature is outside the scope of this chapter. Instead, refer to Chapter 7. Figure 6.42 Redirect Inbound Mail on an ISA 2006 Server Managing the Hub Transport Server Role • Chapter 6 371 Summary In this chapter, we started out taking a brief look at the changes made in regards to message routing and architecture in Exchange Server 2007. We then went through the confi guration settings available on the Hub Transport server. Next, we discussed how you can create journaling and transport rules so your organization can navigate the ever-increasing complexity of government and industry regulations and compliance demands. We also covered the purpose of Send and Receive connectors, and how to control message size limits in your organization. In addition, we took a look at the different transport server–related tools such as Message Tracking, the Queue Viewer, and the Exchange Mail Flow Troubleshooter tools. Finally, we went through the steps necessary to confi gure a Hub Transport server as the Internet-facing transport server in your organization. Solutions Fast Track Message Transport and Routing Architecture in Exchange 2007 ˛ A lot has changed in regards to transport and routing architecture in Exchange Server 2007. First, Exchange no longer uses the SMTP protocol stack included with Internet Information Services (IIS), as was the case with previous versions of the product. Instead, the Exchange Product group has rewritten the SMTP transport stack in managed code, resulting in a much more stable and secure protocol stack. ˛ The new SMTP transport stack is now known as the Microsoft Exchange Transport service (MSExchangeTransport.exe), and because it’s no longer dependent on IIS, it is not located within IIS Manager. ˛ With Exchange Server 2007, the Exchange routing topology is no longer based on separate Exchange routing groups. Instead Exchange 2007 takes advantage of the existing site topology in Active Directory. Because Exchange 2007 is now dependent on Active Directory sites—that is, Hub Transport servers use Active Directory sites as well as the cost assigned to the Active Directory IP site link to determine the least-cost routing path to other Hub Transport servers within the organization—all sites containing one or more Mailbox servers must also have at least one Hub Transport server. ˛ Bear in mind that Mailbox and Hub Transport servers use RPC as the basis of communication, but that two Hub Transport servers use SMTP/TLS when exchanging messages. ˛ Exchange Server 2007 is no longer dependent on Link State updates. Managing the Hub Transport Server ˛ All organizationwide Hub Transport settings are stored in Active Directory. This means that any modifi cations or confi guration settings, except Receive connector specifi c settings, are refl ected on all Hub Transport servers in the organization. . ever-increasing complexity of government and industry regulations and compliance demands. We also covered the purpose of Send and Receive connectors, and how to control message size limits in. routing and architecture in Exchange Server 2007. We then went through the confi guration settings available on the Hub Transport server. Next, we discussed how you can create journaling and transport. organization. Solutions Fast Track Message Transport and Routing Architecture in Exchange 2007 ˛ A lot has changed in regards to transport and routing architecture in Exchange Server 2007. First,