452 Chapter 7 • Managing the Edge Transport Server Pointing Your MX Records to the Edge Transport Server When the Edge Transport server has been fully deployed, the next step is to put it into production by routing incoming as well as outgoing messages through this server. To route incoming messages through it, you need to point the organization’s MX or Mail Exchange record(s) to this server, unless you’ve got another Internet-facing SMTP server in front of your Edge Transport server, in which case you should just confi gure your Internet-facing SMTP server to forward all messages to the Edge Transport server. To see the MX records for your domain, perform the following steps: 1. Open a Command Prompt window. 2. Type Nslookup and press Enter. 3. Now type Set type=MX. 4. Type your SMTP domain (such as domain.com) and press Enter. This sequence of steps will list the MX records for your SMTP domain, similar to what is shown in Figure 7.60. Figure 7.60 Pointing MX Records to the Edge Transport Server You can also use a Web-based service such as www.checkdns.net or www.dnsreport.com to retrieve your MX record information. If you’ve got more than one MX record, the one with the lowest preference number is typically the one you should worry about, since any MX record with higher preference numbers are secondary MX record servers for your domain (that is, servers that will receive any messages, whereas for some reason your primary MX record doesn’t respond to an EHLO or HELO command). Managing the Edge Transport Server • Chapter 7 453 If you don’t have an SMTP server in front of the Edge Transport server, you will need to change the MX record to point to your new server. This change will need to be done on the DNS server that hosts your SMTP domain (typically a DNS server located at your Internet service provider, or ISP). TIP In most cases, you make the MX record change yourself (via a Web-based administration panel), but if you are in doubt about how to make this change, ask your ISP/DNS provider to do it for you. Depending on how your specifi c setup has been confi gured, there’s also a chance that you simply need to change a rule in your ISA Server (or whatever fi rewall you have deployed in your organization) so that the rule points to the external IP address of the Edge Transport server. In Chapter 12, which covers how you publish the different Exchange 2007 services and protocols through an ISA 2006 Server, we’ll go through step-by-step instructions on how to publish your Exchange 2007 Server SMTP protocol, which is the same procedure for both an Edge Transport and a Hub transport server. Deploying Multiple Edge Transport Servers in the Organization If you’re a messaging administrator or consultant working for a relatively large organization, deploying one edge transport server in the parameter network (DMZ or screened subnet) might not be suffi cient. So your big question might be whether it’s possible to deploy multiple Exchange 2007 edge transport servers, and if it is, how is the data in the ADAM store replicated between each edge transport server? Luckily you can answer yes to both of these questions; this section explains how to do exactly that. You can deploy additional Edge Transport servers in your organization by cloning the confi guration from the server that has already been deployed in the perimeter network. This is done by copying and exporting the confi guration from an existing Edge Transport server (source server) to an XML fi le using the ExportEdgeConfi g.ps1 script, which can be found in the Scripts directory under C:\Program Files\Microsoft\Exchange. The ExportEdgeConfi g.ps1 script exports all user-confi gured settings as well as data (except the EdgeSync subscription settings and the certifi cates that are used by the Microsoft Exchange EdgeSync service) to the XML fi le. The confi guration then needs to be copied and imported from the XML fi le to the newly installed edge transport server (target server), which is done using the ImportEdgeConfi g.ps1, also found in the Scripts directory. When you import the XML fi le on a new Edge Transport server using the ImportEdgeConfi g. ps1, the script checks whether the confi guration information and data exported from the source 454 Chapter 7 • Managing the Edge Transport Server server are valid for the target server. If for some reason they aren’t valid, the script will write the invalid setting(s) to an answer fi le that you can modify to specify the target server information that is used during the import confi guration step. Although you export all the confi guration information except the EdgeSync subscription settings (including the confi guration data in ADAM) from the source server and import it on the target server, you still must run the EdgeSync service on each Edge Transport server, since confi guration data in ADAM cannot be replicated among the Edge Transport servers. This means that you need to run the EdgeSync subscription process after you have imported the cloned confi guration. When you have multiple Edge Transport servers deployed in the perimeter network, you can network and load-balance network traffi c among the servers using the Domain Name System (DNS) round-robin mechanism. To use the round-robin mechanism, you need to enable the feature on the DNS server that resolves the names of the edge transport servers. When enabled, DNS uses round robin to rotate the order of resource record (RR) data returned in query answers where multiple records of the same type exist for a queried DNS domain name. This means that should one edge transport server be down, the Hub Transport server or the external SMTP server that tries to deliver an e-mail message to this Edge Transport server will retry, and then because of the rotation used by round robin, it will try to submit the e-mail message to another Edge Transport server in the perimeter network. The round-robin mechanism is enabled by default on servers running either Windows Server 2003 SP1 or later and Windows Server 2003 R2. So to sum up, you need to perform the following steps in deploying additional Edge Transport servers in your perimeter network: 1. Install a clean edge transport server (following the guidelines in the beginning of this chapter). 2. Use the ExportEdgeConfi g.ps1 script to export the source server’s confi guration information to an XML fi le. You do this by opening the EMS, where you navigate to C:\Program Files\ Microsoft\Exchange Server\Scripts; typing .\ExportEdgeConfi g.ps1 –CloneConfi gData: “C:\CloneConfi gData.xml”; and then pressing Enter (see Figure 7.61). Figure 7.61 Cloning an Edge Transport Server 3. Now copy the CloneConfi gData.xml fi le to the target server. 4. Before importing the XML fi le, you need to validate it using the ImportEdgeConfi g.ps1 script. To do so, open the EMS; navigate to C:\Program Files\Microsoft\Exchange Server\Scripts; type .\ImportEdgeConfi g.ps1 –CloneConfi gData: “C:\CloneConfi gData.xml” -IsImport $false -CloneConfi gAnswer: “C:\CloneConfi gAnswer.xml”; and press Enter. Managing the Edge Transport Server • Chapter 7 455 5. You will now be informed that the answer fi le has been created successfully. Now open the CloneConfi gAnswer.xml fi le in Notepad, and modify any settings that are reported invalid for the target server. 6. On the target server, use the ImportEdgeConfi g.ps1 script to import the XML fi le. To do so, open the EMS; navigate to C:\Program Files\Microsoft\Exchange Server\Scripts; type ./ImportEdgeConfi g -CloneConfi gData:\“C:\CloneConfi gData.xml” -IsImport $true -CloneConfi gAnswer: “C:\CloneConfi gAnswer.xml”; and press Enter. You will now be informed that the import of the Edge confi guration information succeeded. The fi nal step is to set up the EdgeSync service so that relevant confi guration and recipient data are replicated from Active Directory to the ADAM store. Since we already went through these steps earlier in this chapter (in the “Creating and Importing an Edge Subscription File” section), we won’t repeat them here. The Edge Transport Rules Agent Part of the new E-Mail Policy and Compliance feature set in Exchange Server 2007 is the edge transport rules agent, which is used to establish and enforce regulatory or corporate policies on e-mail messages sent to or received from the Internet. Just as with the Hub Transport server, the transport rules agent on the Edge Transport server is capable of applying transport rules to messages fl owing into and out of the organization, but although the transport rules agent looks very similar for both types of server roles, don’t let it fool you. Although both server roles have a transport rules agent, several of the actions that are available for each server role are different. Actions such as applying message classifi cation, appending disclaimer text, and sending bounced messages to senders with enhanced status code are all rules that are available on the Hub Transport server but not on the Edge Transport server. For further information about the Hub Transport server-specifi c rules, see Chapter 6. Table 7.4 lists all the available action properties and Table 7.5 all available property sets. Table 7.4 Action Properties for Rules on the Edge Transport Server Action Property Expected Format Description Addresses Array of Simple Mail On an Edge Transport server, Transfer Protocol Addresses accepts an array of (SMTP) addresses SMTP addresses that are each enclosed in double quotation marks. Classifi cation Single message Classifi cation accepts a single classifi cation message classifi cation object. object To specify a message classifi cation object, use the Continued 456 Chapter 7 • Managing the Edge Transport Server Table 7.4 Continued Action Property Expected Format Description Get-MessageClassifi cation command. For example, use the following command to apply the ExCompanyInternal message classifi cation to an action: $Action.Classifi cation= (Get-Message Classifi cation- ExCompanyInternal). Identity EnhancedStatusCode Single delivery status EnhancedStatusCode specifi es notifi cation (DSN) the DSN code and related DSN code of 5.7.1, or any message to display to the value between senders of messages that are 5.7.10 and 5.7.999 rejected by the RejectMessage transport rule action. The DSN message that is associated with the specifi ed DSN status code is displayed in the user information portion of the NDR that is displayed to the sender. The specifi ed DSN code must be an existing default DSN code or a customized DSN status code that you can create using the New-SystemMessage CMDlet. EventMessage Single string EventMessage accepts a single string that is displayed in an event log, which is added to the Application event log on the local computer. FallBackAction Single value with the choices of Wrap, Ignore, or Reject Font Single value with the Font specifi es the font of the choices of Arial, disclaimer text when the text is CourierNew, added to an e-mail message. or Verdana The default font is Arial. Enclose the value in double quotation marks. FontColor Single value with the FontColor specifi es the color of choices of Black, Blue, the font of the disclaimer text Fuchsia, Gray, Green, when the text is added to an . the following steps: 1. Open a Command Prompt window. 2. Type Nslookup and press Enter. 3. Now type Set type=MX. 4. Type your SMTP domain (such as domain.com) and press Enter. This sequence of. EdgeSync subscription settings and the certifi cates that are used by the Microsoft Exchange EdgeSync service) to the XML fi le. The confi guration then needs to be copied and imported from the XML. gAnswer.xml”; and press Enter. You will now be informed that the import of the Edge confi guration information succeeded. The fi nal step is to set up the EdgeSync service so that relevant confi guration and