Exchange 2016 / 2013 Default Receive Connector Settings

KB ID 0001314 Dtd 27/05/17

Problem

Out of the box, Exchange 2016 (&2013) has five receive connectors. Three for the frontend transport service and two for the mailbox transport service.

  • Front End Transport Service: Does not alter, inspect, or queue mail. It is the first port of call for ALL mail coming into (and out of) the Exchange organisation. This service creates THREE receive connectors All are bound to 0.0.0.0 0.0.0.0, and all IPv6;
    • Client frontend {Server-Name} : listens on TCP 587 (Secure SMTP). It is generally only used for POP clients that are ‘Authenticated’, so are then able to send mail though the Exchange Org.
    • Default frontend {Server-Name}: Listens on TCP 25 (SMTP) and will allow Anonymous connections (by default). Note: Your  incoming mail, (from the public internet,) usually comes in through this connector.
    • Outbound proxy frontend {Server-name}: Confusingly this is actually a send connector and it’s only used if you have set your ‘send connector’ to proxy though one of your Exchange servers.
  • Mailbox Transport Service: Does NOT receive mail from clients it, (as the name implies),  routes mail from/to mailboxes from/to the frontend transport service. It is further broken down into;
    • Mailbox Transport Submission Service:
    • Mailbox Transport Delivery Service:
  • This creates two more receive connectors;
    • Client Proxy {Server-Name}: Listens on TCP 465.
    • Default {Server-Name}: Listens on TCP Port 25 (or 2525).

So what if someone ‘fiddles’ with them, or you are unsure if they are setup correctly?

 

Solution

Default Receive Connectors

Default Receive Connectors Settings

If you just want to check the settings in the Exchange Admin Center;

  • Client Frontend {Server-Name}
    • General Settings;
      • Name: Client Frontend {Server-name}
      • Connector Status: Enable
      • Protocol logging level: None
      • Maximum receive message limit size (MB): 36
      • Maximum hop local count: 12
      • Maximum hop count: 60
    • Security Settings;
      • Transport Layer Security (TLS)
      • Basic Authentication
        • Offer basic authentication only after starting TLS
      • Integrated Windows Authentication
    • Permission Groups;
      • Exchange Users
    • Scoping;
      • Remote network settings;
        • ::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
        • 0.0.0.0-255.255.255.255
      • Network adaptor bindings;
        • (All Available IPv6) Port 587
        • (All Available IPv4) Port 587
      • FQDN: {The internal FQDN of your server}
  • Client Proxy {Server-Name}
    • General Settings;
      • Name: Client Proxy {Server-name}
      • Connector Status: Enable
      • Protocol logging level: None
      • Maximum receive message limit size (MB): 36
      • Maximum hop local count: 12
      • Maximum hop count: 60
    • Security Settings;
      • Transport Layer Security (TLS)
      • Basic Authentication
        • Offer basic authentication only after starting TLS
      • Integrated Windows Authentication
      • Exchange Server Authentication
    • Permission Groups;
      • Exchange Servers
      • Exchange Users
    • Scoping;
      • Remote network settings;
        • ::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
        • 0.0.0.0-255.255.255.255
      • Network adaptor bindings;
        • (All Available IPv6) Port 465
        • (All Available IPv4) Port 465
      • FQDN: {The internal FQDN of your server}
  • Default {Server-Name}
    • General Settings;
      • Name: Default {Server-name}
      • Connector Status: Enable
      • Protocol logging level: None
      • Maximum receive message limit size (MB): 36
      • Maximum hop local count: 12
      • Maximum hop count: 60
    • Security Settings;
      • Transport Layer Security (TLS)
      • Basic Authentication
        • Offer basic authentication only after starting TLS
      • Integrated Windows Authentication
      • Exchange Server Authentication
    • Permission Groups;
      • Exchange Servers
      • Legacy Exchange Servers
      • Exchange Users
    • Scoping;
      • Remote network settings;
        • ::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
        • 0.0.0.0-255.255.255.255
      • Network adaptor bindings;
        • (All Available IPv6) Port 2525
        • (All Available IPv4) Port 2525
      • FQDN: {The internal FQDN of your server}
  • Default Frontend {Server-Name}
    • General Settings;
      • Name: Default Frontend {Server-name}
      • Connector Status: Enable
      • Protocol logging level: None
      • Maximum receive message limit size (MB): 36
      • Maximum hop local count: 12
      • Maximum hop count: 60
    • Security Settings;
      • Transport Layer Security (TLS)
        • Enable domain security (mutual Auth TLS)
      • Basic Authentication
        • Offer basic authentication only after starting TLS
      • Integrated Windows Authentication
      • Exchange Server Authentication
    • Permission Groups;
      • Exchange Servers
      • Legacy Exchange Servers
      • Anonymous
    • Scoping;
      • Remote network settings;
        • ::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
        • 0.0.0.0-255.255.255.255
      • Network adaptor bindings;
        • (All Available IPv6) Port 25
        • (All Available IPv4) Port 25
      • FQDN: {The internal FQDN of your server}
  • Outbound Proxy Frontend {Server-Name}
    • General Settings;
      • Name: Outbound Proxy Frontend {Server-name}
      • Connector Status: Enable
      • Protocol logging level: Verbose
      • Maximum receive message limit size (MB): 36
      • Maximum hop local count: 12
      • Maximum hop count: 60
    • Security Settings;
      • Transport Layer Security (TLS)
        • Enable domain security (mutual Auth TLS)
      • Basic Authentication
        • Offer basic authentication only after starting TLS
      • Integrated Windows Authentication
      • Exchange Server Authentication
    • Permission Groups;
      • Exchange Servers
    • Scoping;
      • Remote network settings;
        • ::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
        • 0.0.0.0-255.255.255.255
      • Network adaptor bindings;
        • (All Available IPv6) Port 717
        • (All Available IPv4) Port 717
      • FQDN: {The internal FQDN of your server}

Recreating Your Exchange Receive Connectors From Scratch

Note: We are talking about the default receive connectors here, if you have created any of you own, for mail relaying from a device for example, you would need to manually recreate these. Below we are going to delete all the default connectors, and recreate them with a PowerShell Script.

Download Recreate Default Exchange Receive Connectors Scripts

Optional: Take a backup of the default receive connectors settings to a text files. Run the ‘Backup-Connector-Settings.ps1‘ script. This will dump the settings to the root of the C: drive in ‘Current {Server-Name} {Connector-Name}.txt’ format.

Export Receive Connector Settings

You can now delete the default receive connectors (Warning: Notice I said default  receive connectors, this may or may not be all the connectors). 

Recreate the Default Receive Connectors: Run the  ‘Create-Default-Receive-Connectors.ps1‘ script. 

Recreate Default Exchange Connectors

Optional: You can now output the settings of the new connectors, (why? So you can compare them to your original settings.) Run the ‘AFTER-Connector-Settings.ps1’ script. This will dump the settings to the root of the C: drive in ‘Receive {Server-Name} {Connector-Name}.txt’ format.

Export Receive Connector settings after

You can now compare differences, the only differences are usually the creation date, and the GUID.

Compare Differences Receive Connectors

 

Related Articles, References, Credits, or External Links

NA

Author: PeteLong

Share This Post On

Submit a Comment

Your email address will not be published. Required fields are marked *