Exchange 2013 / 2016 / 2019 Default Receive Connector Settings

Default Receive Connectors KB ID 0001314 

Problem

Out of the box, Exchange 2016 (&2013) has five receive connectors. Three for the frontend transport service and two for the mailbox transport service.

  • Front End Transport Service: Does not alter, inspect, or queue mail. It is the first port of call for ALL mail coming into (and out of) the Exchange organisation. This service creates THREE receive connectors All are bound to 0.0.0.0 0.0.0.0, and all IPv6;
    • Client frontend {Server-Name} : listens on TCP 587 (Secure SMTP). It is generally only used for POP clients that are ‘Authenticated’, so are then able to send mail though the Exchange Org.
    • Default frontend {Server-Name}: Listens on TCP 25 (SMTP) and will allow Anonymous connections (by default). Note: Your  incoming mail, (from the public internet,) usually comes in through this connector.
    • Outbound proxy frontend {Server-name}: Confusingly this is actually a send connector and it’s only used if you have set your ‘send connector’ to proxy though one of your Exchange servers.
  • Mailbox Transport Service: Does NOT receive mail from clients it, (as the name implies),  routes mail from/to mailboxes from/to the frontend transport service. It is further broken down into;
    • Mailbox Transport Submission Service:
    • Mailbox Transport Delivery Service:
  • This creates two more receive connectors;
    • Client Proxy {Server-Name}: Listens on TCP 465.
    • Default {Server-Name}: Listens on TCP Port 25 (or 2525).

So what if someone ‘fiddles’ with them, or you are unsure if they are setup correctly?

 

Solution: Default Receive Connectors

Default Receive Connectors

Default Receive Connectors Settings

If you just want to check the settings in the Exchange Admin Center;

  • Client Frontend {Server-Name}
    • General Settings;
      • Name: Client Frontend {Server-name}
      • Connector Status: Enable
      • Protocol logging level: None
      • Maximum receive message limit size (MB): 36
      • Maximum hop local count: 12
      • Maximum hop count: 60
    • Security Settings;
      • Transport Layer Security (TLS)
      • Basic Authentication
        • Offer basic authentication only after starting TLS
      • Integrated Windows Authentication
    • Permission Groups;
      • Exchange Users
    • Scoping;
      • Remote network settings;
        • ::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
        • 0.0.0.0-255.255.255.255
      • Network adaptor bindings;
        • (All Available IPv6) Port 587
        • (All Available IPv4) Port 587
      • FQDN: {The internal FQDN of your server}
  • Client Proxy {Server-Name}
    • General Settings;
      • Name: Client Proxy {Server-name}
      • Connector Status: Enable
      • Protocol logging level: None
      • Maximum receive message limit size (MB): 36
      • Maximum hop local count: 12
      • Maximum hop count: 60
    • Security Settings;
      • Transport Layer Security (TLS)
      • Basic Authentication
        • Offer basic authentication only after starting TLS
      • Integrated Windows Authentication
      • Exchange Server Authentication
    • Permission Groups;
      • Exchange Servers
      • Exchange Users
    • Scoping;
      • Remote network settings;
        • ::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
        • 0.0.0.0-255.255.255.255
      • Network adaptor bindings;
        • (All Available IPv6) Port 465
        • (All Available IPv4) Port 465
      • FQDN: {The internal FQDN of your server}
  • Default {Server-Name}
    • General Settings;
      • Name: Default {Server-name}
      • Connector Status: Enable
      • Protocol logging level: None
      • Maximum receive message limit size (MB): 36
      • Maximum hop local count: 12
      • Maximum hop count: 60
    • Security Settings;
      • Transport Layer Security (TLS)
      • Basic Authentication
        • Offer basic authentication only after starting TLS
      • Integrated Windows Authentication
      • Exchange Server Authentication
    • Permission Groups;
      • Exchange Servers
      • Legacy Exchange Servers
      • Exchange Users
    • Scoping;
      • Remote network settings;
        • ::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
        • 0.0.0.0-255.255.255.255
      • Network adaptor bindings;
        • (All Available IPv6) Port 2525
        • (All Available IPv4) Port 2525
      • FQDN: {The internal FQDN of your server}
  • Default Frontend {Server-Name}
    • General Settings;
      • Name: Default Frontend {Server-name}
      • Connector Status: Enable
      • Protocol logging level: None
      • Maximum receive message limit size (MB): 36
      • Maximum hop local count: 12
      • Maximum hop count: 60
    • Security Settings;
      • Transport Layer Security (TLS)
        • Enable domain security (mutual Auth TLS)
      • Basic Authentication
        • Offer basic authentication only after starting TLS
      • Integrated Windows Authentication
      • Exchange Server Authentication
    • Permission Groups;
      • Exchange Servers
      • Legacy Exchange Servers
      • Anonymous
    • Scoping;
      • Remote network settings;
        • ::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
        • 0.0.0.0-255.255.255.255
      • Network adaptor bindings;
        • (All Available IPv6) Port 25
        • (All Available IPv4) Port 25
      • FQDN: {The internal FQDN of your server}
  • Outbound Proxy Frontend {Server-Name}
    • General Settings;
      • Name: Outbound Proxy Frontend {Server-name}
      • Connector Status: Enable
      • Protocol logging level: Verbose
      • Maximum receive message limit size (MB): 36
      • Maximum hop local count: 12
      • Maximum hop count: 60
    • Security Settings;
      • Transport Layer Security (TLS)
        • Enable domain security (mutual Auth TLS)
      • Basic Authentication
        • Offer basic authentication only after starting TLS
      • Integrated Windows Authentication
      • Exchange Server Authentication
    • Permission Groups;
      • Exchange Servers
    • Scoping;
      • Remote network settings;
        • ::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
        • 0.0.0.0-255.255.255.255
      • Network adaptor bindings;
        • (All Available IPv6) Port 717
        • (All Available IPv4) Port 717
      • FQDN: {The internal FQDN of your server}

Recreating Your Exchange Default Receive Connectors From Scratch

Note: We are talking about the default receive connectors here, if you have created any of you own, for mail relaying from a device for example, you would need to manually recreate these. Below we are going to delete all the default connectors, and recreate them with a PowerShell Script.

Download Recreate Default Exchange Receive Connectors Scripts

Optional: Take a backup of the default receive connectors settings to a text files. Run the ‘Backup-Connector-Settings.ps1‘ script. This will dump the settings to the root of the C: drive in ‘Current {Server-Name} {Connector-Name}.txt’ format.

Export Receive Connector Settings

You can now delete the default receive connectors (Warning: Notice I said default  receive connectors, this may or may not be all the connectors). 

Recreate the Default Receive Connectors: Run the  ‘Create-Default-Receive-Connectors.ps1‘ script. 

Recreate Default Exchange Connectors

Optional: You can now output the settings of the new connectors, (why? So you can compare them to your original settings.) Run the ‘AFTER-Connector-Settings.ps1’ script. This will dump the settings to the root of the C: drive in ‘Receive {Server-Name} {Connector-Name}.txt’ format.

Export Receive Connector settings after

You can now compare differences, the only differences are usually the creation date, and the GUID.

Compare Differences Receive Connectors

 

Related Articles, References, Credits, or External Links

NA

Author: PeteLong

Share This Post On

18 Comments

  1. Just awesome, thanks you for this

    Post a Reply
    • If I changed my URI to use external name (webmail.domain.com) should I change FQDN on default and client front end connector to use external name?

      Post a Reply
      • As long as that name can be resolved internally and externally, (to the internal/external ip as approriate) 🙂

        P

        Post a Reply
  2. Thanks a lot Pete.
    You saved our life.

    Post a Reply
    • Np Thanks for the feedback!

      Post a Reply
  3. Under Default (Server Name) the ports are listed as 2525 for both IPv4 and IPv6 – is this accurate? I’ve only seen it as port 25 (SMTP).

    Post a Reply
  4. Thank you!

    Is there a powershell to “re-bind” the default front end to 25? Our EXC2016 CU9 update failed, the server rolled back. Brought the server back online. However receiving externally is the only thing not working. Our emails being held at our Sonicwall screener for unable to relay

    thanks again!

    Post a Reply
    • The script posted does that?

      Post a Reply
  5. Thank you! I’d managed to delete all my receive connectors when troubleshooting a hybrid mail configuration.
    I was tearing my hair out for a couple of days as to why I was continually getting “451 4.7.0 Temporary server error. Please try again later. PRX5” errors.

    I stumbled on your article when looking to see why I was seeing errors on port 2525 – using your script recreated the connectors and everything kicked into life.

    Thanks

    Post a Reply
  6. It appears that the “Default Frontend ” keeps port 25 open and doesn’t require authentication to send mail to local users. Isn’t this a bit of a security concern? Am I missing something or is it required to be this way for some other reason?

    I’m by no means an Exchange pro, but shouldn’t SSL/TLS and authentication be required to send mail? I trust no one.

    Post a Reply
    • *Default Frontend ServerName

      Post a Reply
    • SMTP isn’t secure? What gave you that idea? where do you think most of your spam comes from?

      Post a Reply
  7. Thanks for this! Do you know which Receive Connector Exchange Online uses to connect to in a Hybrid Environment? Is it the “Default Frontend ServerName” connector, and would we have to check the “Partners” box beneath the Permissons group to get it working?

    Or does on-prem Exchange in the background use the same automagical connector creation during the hybrid config like Exchange online did ? 🙂

    Post a Reply
  8. Thanks a lot, accidently I deleted default connectors, but bcz of you now I can configure back

    Post a Reply
  9. I have recreated some of the receive connectors via the Web GUI but this did not work.
    So I just deleted all of them but the non standar ones.
    Your PS script just saved my b… Thank you very much for this!

    Post a Reply
  10. Your scripts saved me a lot of time. Thanks!!

    Post a Reply

Leave a Reply to PeteLong Cancel reply

Your email address will not be published. Required fields are marked *