Understanding Exchange Server Connectors

emailsymbolMicrosoft Exchange Server has used Connectors in various ways for many different product versions to date.  Exchange Server 2007 and Exchange Server 2010 both use the same types of Connectors in their organizations.

Even in simple organizations some people become confused by the variety of Connectors and their purposes.  Here is an explanation of each type of Connector for Exchange Server 2007 and 2010.

Send Connectors

Send Connectors are responsible for sending email to servers outside of the organization.  This might also include Edge Transport Servers, which are non-domain member servers usually located in a secure DMZ for sending and receiving internet email.

Send Connectors can be configured in a number of different ways.  The typical Send Connector for an organization sends all outbound email to a smart host or uses DNS to route the mail directly to the receiving party.

More specific Send Connectors can be used to send email destined for particular domains to different servers.  One example would be a Send Connector that routes email across a secure VPN to a partner domain rather than go via the internet.  Another example would be a Send Connector that has a larger message size limit than the default one, permitting very large files to be sent to partners or customers.

Send Connectors can be configured with authentication requirements when sending to a smart host, but when sending via DNS lookup have no authentication options to configure.  However, Exchange Server will honour the receiving server’s security or authentication requirements (such as TLS encryption) where possible.

Receive Connectors

Receive Connectors are responsible for receiving incoming email sent to a Transport server.  This includes mail sent from Mailbox Servers, POP3 and IMAP clients, and other hosts or applications sending via SMTP.

By default a Hub Transport server is configured with two Receive Connectors – one for clients (POP3 and IMAP) and one for SMTP.  Both are configured as secure by default and should be kept that way if possible.

Other common uses of Receive Connectors are for secure relays within an organization.  This is typically for devices such as scanners that scan to email, or application servers that send SMTP notifications.

Receive Connectors can be configured with a broad range of security options, such as restricting to certain IP addresses or subnets, requiring certain authentication methods, or by limiting connecting servers to only certain actions (eg only sending to internal addresses, allowing override of sender spoof checks, or allow override of size limits).

It is important not to expose unsecured Receive Connectors to the internet as this may cause the server to be exploited as an open relay.

Linked Connectors

A Linked Connector is a relationship between a Receive Connector and Send Connector that overrides the normal routing topology.  The common use of Linked Connectors is to route mail off to a smart host to perform spam and virus checks before it is sent on within the organization.

Large, complex organizations can make use of Linked Connectors to check emails that are sent from potentially insecure segments of the network before they are allowed to be routed throughout the organization.

Foreign Connectors

Foreign Connectors use a drop folder in the file system to route email to servers or applications that do not use SMTP.  These are commonly found with enterprise faxing applications.  Email messages that match the criteria of the Foreign Connector are dropped as individual files into a folder where they are picked up by the third party application for the next stage of their processing.

Routing Group Connectors

Routing Group Connectors are carried over from versions of Exchange prior to 2007.  The concept of a Routing Group no longer exists in Exchange Server 2007 and 2010, instead Exchange uses the Active Directory Site topology for message routing.

However, the Routing Group Connector is still available in Exchange Server 2007 and 2010 for co-existence scenarios with legacy Exchange versions, and handle routing of email messages between the different server versions.  Once an organization has no more legacy Exchange servers in the organization the last Routing Group Connectors are removed.

Written by Paul Cunningham

Paul lives in Brisbane, Australia and works as a technical consultant for a national IT services provider, specialising in Microsoft Exchange Server and related messaging systems.

3 Comments

  1. Some Recent Posts Elsewhere… | Exchange Server Pro · February 1, 2010

    […] Understanding Exchange Server Connectors […]

  2. Sigi · February 4, 2010

    Seems that you forgot the Delivery Agent Connector which is the replacement for the Foreign Connector and should be used in Exchange 2010 instead! The delivery agent connector is much more flexible and also can monitor successful delivery.

    Best
    Sigi

  3. Paul Cunningham · February 5, 2010

    Hi Sigi, thanks for point that out.

Leave A Reply