372 Chapter 6 • Managing the Hub Transport Server Role ˛ When you set a remote domain, you can control mail fl ow with more precision, specify message formatting and policy, and designate acceptable character sets for messages that are sent to, and received from, the remote domain. ˛ Under the Accepted Domains tab, we specify the SMTP domains for which our Exchange 2007 organization should either be authoritative, relay to an e-mail server in another Active Directory Forest within the organization, or relay to an e-mail server outside the respective Exchange organization. ˛ E-mail address policies were known as recipient policies back in Exchange 2000 and 2003. Exchange address policies defi ne the proxy addresses stamped onto recipient objects in the Exchange organization. ˛ With the increasing complexity of government and industry regulations, there’s a greater need for the effi cient management of internal message routing. Exchange 2007, or more specifi cally the Hub Transport Server role, includes a new transport rules agent that pro- vides easy and fl exible ways to set rules for internal message routing and content restriction throughout the Exchange organization. ˛ Exchange Server 2007 supports both Standard and Premium journaling (the latter requires Exchange 2007 Enterprise CALs). Standard journaling is similar to the journaling functionality we had in Exchange 2003 since it’s journaling per Mailbox database. Premium journaling is a Hub Transport server feature based on a new journaling agent that can be confi gured to match the specifi c needs of an organization. Premium journaling lets you create journal rules for single mailbox recipients or for entire groups within the organization. ˛ Send connectors are used to control how Hub Transport servers send messages using SMTP, and how connections are handled with other e-mail servers. This means that a Hub Transport server requires a Send connector in order to deliver messages to the next hop on the way to their destination. ˛ A Receive connector only listens for connections that match the settings confi gured on the respective connector—that is, connections that are received through a specifi c local IP address and port, and/or from a particular IP address range. Receive connectors are local to the Hub Transport server on which they’re created. This means a receive connector created on one Hub Transport server cannot be used by another Hub Transport server in the organization. Managing Message Size and Recipient Limits ˛ Like previous versions of Exchange, Exchange 2007 allows you to restrict the size of messages a user can send and receive. The message size limits can be set globally in the organization, or on a per-server, per-connector, or per-user basis. Message size and recipient limits can only be confi gured using the Exchange Management Shell. Managing the Hub Transport Server Role • Chapter 6 373 Message Tracking with Exchange Server 2007 ˛ When message tracking is enabled, the Simple Mail Transfer Protocol (SMTP) transport activity of all messages transferred to and from an Exchange 2007 computer that has the Hub Transport, Mailbox, or Edge Transport server role installed are recorded into a log that, by default, is located in the C:\Program Files\Microsoft\Exchange Server\TransportRoles\ Logs\MessageTracking directory. Message tracking logs can be used for message forensics, mail fl ow analysis, reporting, and troubleshooting. ˛ When message tracking is enabled (which is the case, by default), the maximum age for message tracking log fi les is 30 days. After 30 days, the oldest message tracking log fi les are deleted using circular logging. ˛ The Message Tracking directory, responsible for holding the message tracking log fi les, has a default size limit of 250 MB. ˛ The Message Tracking tool can be found in the Toolbox Work Center. Using the Exchange 2007 Queue Viewer ˛ With the Queue Viewer now an Exchange tool, and thus located under the Toolbox work center in the Exchange Management Console, you can view information about queues and examine the messages held within them. ˛ Exchange Server 2007 uses fi ve different types of queues, and the routing of a message determines which type of queue a particular message is stored in. ˛ With Exchange Server 2007, message queues are stored in the ESE database, unlike previous versions of Exchange where the messages (.EML fi les) were stored in a queue folder in NTFS. Introduction to the Exchange Mail Flow Troubleshooter Tool ˛ If you’re experiencing mail fl ow issues in your organization, you can also give the new Exchange Mail Flow Troubleshooter a try. It’s used by starting with mail fl ow symptoms and slowly moving customers through the correct troubleshooting path, providing easy access to various data sources required to troubleshoot problems with mail fl ow. Based on the collected data, it will present an analysis of the possible root causes and then suggest corrective actions as necessary. Confi guring the Hub Transport Server as an Internet-facing Transport Server ˛ If you’re an Exchange administrator in a small organization, or if you’re primarily doing Exchange consulting for small shops, chances are the IT budget may hinder you from 374 Chapter 6 • Managing the Hub Transport Server Role deploying an Edge Transport server in the perimeter network when transitioning to Exchange Server 2007 (especially if the environment will only consist of a single Exchange 2007 server). In this case, you can confi gure a Hub Transport server as the Internet-facing transport server in your organization. ˛ By default, no anti-spam fi ltering agents are installed on a Hub Transport server (since the Exchange Product group expects you to deploy an Edge Transport server in the perimeter network as a best practice). If you want to use the anti-spam agents on a Hub Transport server, you can install them by running the install-AntispamAgents.ps1 script located in the Exchange 2007 \scripts folder, which can be found, by default, under C:\Program Files\ Microsoft\Exchange Server. Managing the Hub Transport Server Role • Chapter 6 375 Frequently Asked Questions Q: What protocol is used when two internal Hub Transport servers exchange messages? A: Hub Transport servers use secure SMTP when exchanging messages internally. They use the industry standard SMTP Transport Layer Security (TLS), so that all traffi c between the Hub Transport servers are authenticated and encrypted. This will remove the capability for internal snooping. Q: What protocol is used when a Hub Transport server delivers a message to a mailbox on a Mailbox server? A: When a Hub Transport server communicates with a Mailbox server, it’s done using encrypted RPC. Again, this will remove the capability for internal snooping. Q: Is there no way to make use of the Exchange 2007 anti-spam agents if I don’t deploy an Edge Transport server in my organization’s perimeter network? A: Yes, you can install the anti-spam agents on a Hub Transport server by running the install-AntispamAgents.ps1 script located in the Exchange 2007 \scripts folder, found by default under C:\Program Files\Microsoft\Exchange Server. Q: I’ve deployed Exchange 2007 in my organization, but I cannot receive inbound messages from the Internet. Why? A: One of the design goals for Exchange 2007 was to be as secure as possible, by default—for example, the Hub Transport server has been confi gured in such a way that it only accepts messages from internal Exchange users, Exchange servers, and legacy Exchange servers. This means that the Hub Transport server doesn’t accept inbound messages sent from unauthenticated (untrusted) e-mail servers, which typically are external e-mail servers on the Internet. Instead it expects to receive inbound messages from the Internet via an Edge Transport server in the perimeter network. In order to be able to receive inbound messages from e-mail servers on the Internet, you must check to allow Anonymous users, located under the Permission Groups tab on the Default <servername> Receive connector property page. Q: I don’t see any Routing Groups in the Exchange Server 2007 Management Console? A: Routing groups have been discontinued in Exchange 2007. Instead, Exchange 2007 takes advantage of the existing site topology in Active Directory. Q: Since a Hub Transport server uses the SMTP protocol to exchange messages with internal transport servers and other e-mail servers on the Internet, I don’t understand why I shouldn’t install the Windows IIS SMTP component prior to installing the Exchange 2007 Hub Transport server role? A: Exchange 2007 no longer uses the SMTP protocol stack included with Internet Information Services (IIS), as was the case with previous versions of the product. Instead, the Exchange Product group has rewritten the SMTP transport stack in managed code, resulting in a much more stable and secure protocol stack. This page intentionally left blank . pro- vides easy and fl exible ways to set rules for internal message routing and content restriction throughout the Exchange organization. ˛ Exchange Server 2007 supports both Standard and Premium. fl ow with more precision, specify message formatting and policy, and designate acceptable character sets for messages that are sent to, and received from, the remote domain. ˛ Under the Accepted. Exchange 2000 and 2003. Exchange address policies defi ne the proxy addresses stamped onto recipient objects in the Exchange organization. ˛ With the increasing complexity of government and industry